Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

is it possible to prepend variables such as %{LocalUser:attribute}?

This thread has been viewed 1 times

  • 1.  is it possible to prepend variables such as %{LocalUser:attribute}?

    Posted Apr 13, 2020 09:33 PM

    Is it possible to prepend variables such as %{LocalUser:attribute}?

     

    I want to be able to store attributes for a user, but not use the user details for login.

     

    Is it possible to use something like my_%{LocalUser:attribute} ?

     

    ie. if the user logging = fred, then if I have a my_fred localuser that can I pull attributes from?

     



  • 2.  RE: is it possible to prepend variables such as %{LocalUser:attribute}?

    EMPLOYEE
    Posted Apr 14, 2020 04:41 AM
      |   view attached

    I don't appreciate your ultimate want and I have never tried this with LocalUser. If the LocalUser:<attribute> is appearing in the AccessTracker's Input field, usually you'll see these in the Computed Attribute section, then you can use use if in post authentication - eg assign to RESTful API, update an Endpoint or update a guest user...

    For example within the matching EnformcementProfile's Condition you can apply an Profile to update an Endpoint attribute. Create the Profile using the "ClearPass Entity Update Enforcement" template - see attached.