Occasional Contributor II

Use "time source" in a policy.

I'm trying to add time source so I can look for soon expiring onboard certs and captive portal the users to the re-registration page.

A few concerns...I don't have an authorization tab....I compute my TIPS roles based on certificate source and on my enforcement tab...I have some other logic.  

Can I use time source on the enforcement tab?   Or do I need to use it in the TIPs role mapping...then use that on the enforcement tab later?

I'm worried about adding an authorization tab if I don't need to.


Guru Elite

Re: Use

Yes, you can use it on the enforcement, but you need to enable authorization. Why are you concerned?


| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Use

I guess my concern was all the other authentication sources that are listed too...and now they are in the authorization tab as well.  But looking at won't matter unless I use that authorization data in my enforcement I guess I'm relaxing more.


Occasional Contributor II

Re: Use I've bit the bullet and I'm good there...I've started working on my policy

I see timesource is returning an epoch date...which I get.

I created a timesource + 300 which is 1453213996 - or Jan 19, 2016

I picked 300 days because I wanted to test a particular user.   I'll bring that 300 days down to something more reasonable.

That's what the clauase in my enforcement ruls look like

(Authorization:[Time Source]:Now Plus 300 days  GREATER_THAN  %{Certificate:Not-Valid-After}).   I'm also matching the username to grab this one client.



For this auth

Certificate:Not-Valid-After  2015-07-16 21:25:28

I'm not hitting...clearly Jan 2016 is greater than July 2015.   But I'm comparing an Epoch date with a Calendar date.  Do I need to do anything different?


Search Airheads
Showing results for 
Search instead for 
Did you mean: