Ok, I followed the cylance integration guide - but it omits the details regarding where to link it with your services.
If I try to use it as the authorization source on my Onboarding Aruba Application Auth - it fails with;
2019-12-04 11:44:10,651 | [RequestHandler-1-0x7f248f5fa700 r=W00000017-01-5de70f6a h=4287929 c=W00000017-01-5de70f6a] INFO Core.PETaskScheduler - ** Completed PETaskAuthSourceRestriction ** |
2019-12-04 11:44:10,663 | [HttpModule-ThreadPool-20-0x7f250d2d2700 r=W00000017-01-5de70f6a h=146] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =?macAddress=%{Connection:Client-Mac-Address-Hyphen}, error=No values for param=Connection:Client-Mac-Address-Hyphen |
2019-12-04 11:44:10,663 | [HttpModule-ThreadPool-20-0x7f250d2d2700 r=W00000017-01-5de70f6a h=146] ERROR Http.HttpAutzSession - queryAutzAttributes: Failed to construct path from ?macAddress=%{Connection:Client-Mac-Address-Hyphen} |
2019-12-04 11:44:10,663 | [HttpModule-ThreadPool-20-0x7f250d2d2700 r=W00000017-01-5de70f6a h=146] ERROR Http.HttpAutzSession - Failed to get value for attributes=Host Name, Is Found, OS Version] |
2019-12-04 11:44:10,664 | [RequestHandler-1-0x7f248f5fa700 h=4287931 c=W00000017-01-5de70f6a] INFO Core.PETaskRoleMapping - Roles: Other], User Authenticated] |
If I try to use it as the authorization source on my Radius authenication I get the error;
2019-12-04 11:26:38,792 | [RequestHandler-1-0x7f248f5fa700 r=R0002bebc-01-5de70b4e h=4283947 c=R0002bebc-01-5de70b4e] INFO Core.PETaskScheduler - ** Completed PETaskAuthSourceRestriction ** |
2019-12-04 11:26:38,793 | [HttpModule-ThreadPool-4-0x7f2519910700 r=R0002bebc-01-5de70b4e h=130] ERROR Http.HttpAutzSession - HTTP attribute query returned error=404 |
I've enabled DEBUG logging in the extension, but nothing is generated in the logging;
[2019-12-03T13:38:31.210] [INFO] cylance - SSL Verification Enabled. (Config: "verifySSLCerts": true)
[2019-12-03T13:38:31.220] [INFO] cylance - Server listening on port 80
[2019-12-04T09:46:55.388] [DEBUG] cylance - Settings:
[2019-12-04T09:46:55.393] [DEBUG] cylance - {
"logLevel": "DEBUG",
"verifySSLCerts": true,
"cylanceSubDomain": "protectapi",
"cylanceTenantId": "*****",
"cylanceApplicationId": "*****",
"cylanceApplicationSecret": "**********",
"enableEndpointCache": false,
"cppmUserName": "<<ClearPass User Name>>",
"cppmPassword": "**********",
"enableEndpointFullSync": false,
"endpointSyncDelayMinutes": 10080,
"includeThreatSummary": false,
"fullSyncOnStart": false
}
[2019-12-04T09:46:55.394] [INFO] cylance - SSL Verification Enabled. (Config: "verifySSLCerts": true)
[2019-12-04T09:46:55.394] [DEBUG] cylance - The API Url for CPPM is https://172.17.0.1/api.
[2019-12-04T09:46:55.400] [INFO] cylance - Server listening on port 80
Anyone successfully implemented this?