Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

No Authorization Attributes Returned using userPrincipleName

This thread has been viewed 13 times

  • 1.  No Authorization Attributes Returned using userPrincipleName

    Posted Feb 27, 2020 01:46 PM

    I changed our AD query in AD authentication source to look for userPrincipleName rather than samAccountName and now I can authenticate successfully with the UPN as username. However, none of the authorization attributes are being returned after authentication. The "Authorization Attributes" section of the access tracker input tab is missing and the user is not assigned the correct role.

    I can manually browse the LDAP tree manually with the UPN as the filter query.

    Has anyone seen this before



  • 2.  RE: No Authorization Attributes Returned using userPrincipleName

    Posted Feb 27, 2020 02:48 PM
    Do you have AD as an authorization source ?



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: No Authorization Attributes Returned using userPrincipleName

    Posted Feb 27, 2020 04:47 PM

    Yes, AD is the authentication source and I believe it is used for authorization by default. This all works for existing services using the samAccountName just not for my new service using userPrincipleName.



  • 4.  RE: No Authorization Attributes Returned using userPrincipleName
    Best Answer

    Posted Mar 02, 2020 04:36 AM

    I discovered a workaround, I am not sure if it is expected behaviour. I had setup a second authentication source to a different AD source to test this change. When I changed the filter query in the production AD authentication source then the authorization attributes were returned. I guess that Clearpass isn't happy authorising different services against different AD sources.