Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Relative date (or just current date) in Role mapping rules

This thread has been viewed 1 times

  • 1.  Relative date (or just current date) in Role mapping rules

    Posted Sep 21, 2020 05:17 PM

    I want to use a role to trigger CPPM to send an e-mail warning our helpdesk of user certificates about to expire, so I have a role mapping policy where I check to see if Certificate::Not-Valid-After is LESS_THAN a date:

    msabin_0-1600722900710.png

    Is there a way to do this with a variable, like @Today or other way to make this not require me to change the date regularly?



  • 2.  RE: Relative date (or just current date) in Role mapping rules
    Best Answer

    EMPLOYEE
    Posted Sep 21, 2020 05:31 PM

    Hi,

     

    You may use the [Time Source] as an authorization source and derive your condition like,

     

    (Certificate:Not-Valid-After  LESS_THAN_OR_EQUALS  %{Authorization:[Time Source]:One Week DT})

     

    You can refer the available filters under Configuration >> Sources >> [Time Source] >> Attributes for one day, one week, etc,.

    Note: [Time Source] should be mapped as authorization source in the service.

     

     



  • 3.  RE: Relative date (or just current date) in Role mapping rules

    Posted Sep 21, 2020 05:46 PM

    I knew the community would have my answer!

     

    I'm trying to go back through services I wrote when we first deployed and making then better - sometimes I draw a blank.

     

    Thanks for the quick and direct solution.