Security

 Hello,

first time poster. I’m using the REST API to create guest accounts. Lately I wanted to use the random_password feature but with no success:

( user is Super Administrator )

• I create a guest account from the admin panel then view it and can read its password - All GOOD.
• I create a guest using the API. The guest is created ( server answers 201 ). No password field is specified. When accessing the admin panel I get “Error decrypting string” if the show password options is selected.

This is my user when calling /guest in POST

{

  "create_time": "",

  "current_state": "",

  "do_expire": 0,

  "email": "test.testgmail.com",

  "enabled": true,

  "expire_time": "",

  "mac": "",

  "notes": "",

  "role_id": 2,

  "simultaneous_use": 0,

  "sponsor_email": "test1.test@gmail.com",

  "sponsor_name": "test",

  "start_time": "",

  "username": "test.test@gmail.com",

  "visitor_company": "visitor company",

  "visitor_name": "visitor name"

}

The error message is attached herewith.

I would like that a password would be randomly generated for every account and was visible from the admin panel in the “Manage Guest Accounts” section. I’d also like to know if it were possible to use your API to generate a random password.

Thank you for your support,

Best Regards,

Christopher Lacapra

You can use the POST /random-password API call to generate a random password, then you can pass that value into your guest creation call.

Just tried and got 

{"The remote server returned an error: (422) Unprocessable Entity."}

By sending an empty json. Is there some configuration I must send in that json? like random_password_length or random_password_method?

Thanks

No, you shouldn't have to send those as it will use the default guest config:

winux@CAPPY-SP4:/mnt/c$ curl -X POST -H "Authorization: Bearer <redacted>" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '' "https://<redacted/api/random-password"

{"password":"977076"}

Still no luck. Is it possible that the method is not available in my API due to some user restrictions for the user the api has beed created for?

My request is:

POST http://clearpass-ip-address/api/random-password HTTP/1.1
Content-Type: application/json
Cache-Control: no-cache
Bearer my-awesome-token
Host: clearpass-ip-address
Content-Length: 0

I get this answer:

HTTP/1.1 302 Found
Date: Tue, 17 Jan 2017 16:21:24 GMT
Server: Apache
Vary: X-Forwarded-For
X-Powered-By: PHP/5.6.25
Location: https://clearpass-ip-address/api/random-password
Content-Length: 0
Content-Type: text/html; charset=UTF-8

ClearPass Guest 6.6.2.33301 on CP-SW-EVAL platform

Can't find that method in the api explorer. :(

Sorry, this was added in 6.6.3.

Thank you!

Updating Clearpass solved my problem!

Flagging thread as solved.