Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Multiple Strip Username Rules Not Working

This thread has been viewed 7 times

  • 1.  Multiple Strip Username Rules Not Working

    Posted Jun 01, 2018 03:05 PM

    I'm trying to strip both the host/ prefix as well as @FQDN from an EAP-TLS authentication and I cannot extract just the username from the request. I have tried multiple variation of the strip username rules:

    /:user,user:@

    user:@,/:user

     

    The engine doesn't appear to be honoring both rules. If I apply the first variation, the resulting username is host/user. If I apply the second variation, the resulting username is user@FQDN. I cannot get just the user no matter how I alter the syntax. What am I missing?



  • 2.  RE: Multiple Strip Username Rules Not Working

    EMPLOYEE
    Posted Jun 01, 2018 03:09 PM
    You should not be stripping host. It’s only designed to strip realms. You should use a different service for machine vs user authentications.


  • 3.  RE: Multiple Strip Username Rules Not Working

    Posted Jun 01, 2018 03:13 PM

    We are using a different service, but we need the username for authorization. We're getting a 201 error: authentication failure, user not found.