Security

Reply
Highlighted
New Contributor

Guest API - user creation/pach does not use password provided

Hi,

 

For context, I use ClearPass Guest 6.7.8.109113.

 

I am trying to manage guests account via REST API.

Almost everything works as expected but I gt an issue with guest's password :

 - if I submit it at account creation (POST request), it is not taken and the guest does not get a password ;

 - if I update (PATCH request) the account, the existing password is simply deleted.

 

In both cases I got HTTP 200 returned. An examle is following.

 

I don't know if I missed something, but if you have clues I gladely take them.

 

Regards.

 

 

Example :

JSON submitted for POST request on

https://clearpass.myplace.com/api/guest

{
"do_expire": 1,
"create_time": null,
"current_state": null,
"email": "mail@example.com",
"enabled": true,
"expire_time": 1580597999,
"id": null,
"mac": null,
"notes": "No note",
"password": "9xdc2vuz",
"role_id": 2,
"simultaneous_use": 5,
"sponsor_email": "sponsor-mail@example.net",
"sponsor_name": "Sponsor",
"start_time": 1580488657,
"username": "testUsername",
"visitor_company": "Company",
"visitor_name": "Visitor name"
}

=> returns HTTP 200

=> In Guests / Manage guests :

 

clearpass 1.png

 

If I reset the password in tis interface :

 

clearpass 2.png

 

Then the password become visible (and printable on receipt which was not before) :

 

clearpass 3.png

 

Then if I PATCH via the API with this JSON submitted to

https://clearpass.myplace.com/api/guest/3077

{"password":"yop10yop"}

=> It returns HTTP 200

And if I go back to the web interface, the account does not have a password anymore

 

 

clearpass 4.png

 


Accepted Solutions
Highlighted

Re: Guest API - user creation/pach does not use password provided

If you want to see passwords you need Password Display: set within Configuration > Guest Manager.

View solution in original post


All Replies
Highlighted

Re: Guest API - user creation/pach does not use password provided

I have had this API working. I think the following should work. I believe username and possibly sponsor_name are expected to be email addresses. 

 

{
"visitor_name": "Visitor name",
"username": "mail@example.com",
"sponsor_name": "sponsor-mail@example.net",
"expire_time": 1580597999,
"do_expire": 1,
"enabled": true,
"role_id": 2,
"password": "9xdc2vuz"
}


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

Re: Guest API - user creation/pach does not use password provided

What you are seeing is expected behavior.  We do not default to allowing you to see existing passwords.  You can only see passwords when they were just generated (or about to be generated in Reset).

 

If you want to see passwords you need Password Display: set within Configuration > Guest Manager, and the Operator Profile being used needs Guest Manager > View Passwords.  We generally do not recommend these, though it does ahve use in some specific cases.  If any workflow allows people to write or change their own passwords you really do not want this on.

Highlighted
New Contributor

Re: Guest API - user creation/pach does not use password provided

Thank you for your answer.

 

But it did not work password is still unaccessible, behavior is the same.

 

Regards.

Highlighted
New Contributor

Re: Guest API - user creation/pach does not use password provided

Hi, thank you for your answer.

 

First, I forgot to say that the profile used has the right to read password fields (which I definitely wants, and nobody can change/choose its password).

 

clearpass 5.png

 

But even with that, I am neither able to display passwords, nor send receipts wih passwords on them (and this is the most important). 

 

Did I forget anything in configuration ?

 

Regards.


 

Highlighted

Re: Guest API - user creation/pach does not use password provided

If you want to see passwords you need Password Display: set within Configuration > Guest Manager.

View solution in original post

Highlighted
New Contributor

Re: Guest API - user creation/pach does not use password provided

Thank you so much !

 

I missed this tick box.

Regards.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: