Security

We've been writing some apps to talk to clearpass via the API set on CPPM 6.6.8 and can break it  at will. Although the policy manager component still works and we can restart the server that way, trying to access the clearpass guest page fails with the browser eventually timing out.

Attempting other API queries also fail 

our endpoints db has about 85K entries and we have a locally defined attribute called UoY_VLAN

were trying to do an 

API call for GET /endpoint with filter: {"attributes":{"$contains":"UoY_Vlan"}}

... and things die!

Can I restart clearpass guest from the CLI or is this a real server reboot thing ?

had a look at server list and there;s nothing there that immediately springs out as being associagted with clearpass guest

A

1. You cannot currently filter by endpoint attributes in the API
2. Guest is not a separate entity and cannot be restarted independently

o.k. so guess there's a bug that stops the clearpass guest web interface .instead of just saying "can't do that" 

BTW service restart cpass-admin-server seems to get you back.

The plan is for our IPAM system to set the value of locall attrribute "UoY_VLAN" which is then use in our enforcement policy. Colleague was just trying to get a list of current UoY_VLAN  values

A

Something is obviously up.  Even if you work around it you should open a TAC case so a proper customer-initiated engineering ticket can be opened.

Already done that :-)