Occasional Contributor I

Splitting/filtering Clearpass %{Authorization attributes?

I'm trying to return user's AD groups to Fortigate firewall using Fortigate-Group-Name attribute. If I select %{Authorization:Contoso_AD:Groups} as the value, and user has three groups the return values is for example


"Fortigate-Group-Name: Exchange_Users, SSLVPN_Marketing, SomeOtherGroup"


Is it possible to either filter these so that CPPM would return only groups starting with SSLVPN or is it possible to have CPPM to return three attributes, one group per returned attribute? Either would work with Fortigate



Guru Elite

Re: Splitting/filtering Clearpass %{Authorization attributes?

No, you cannot.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Splitting/filtering Clearpass %{Authorization attributes?

Hmm I guess I need to figure some workaround then. Either script this so that when ever our helpdesk adds new SSLVPN* group it gets created on CPPM with roles to match.


Or maybe I could create another authentication source and have a filter there that would only take SSLVPN* groups from AD

Search Airheads
Showing results for 
Search instead for 
Did you mean: