You are following the published document from https://arubanetworks.com/clearpassdocs? The context server configuration allows for a username transformation and doesn't use the usual parameter notation.
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Jun 05, 2024 10:26 AM
From: Eric Dresser
Subject: PAN Clearpass Integration - Valid Variables?
<uid-message><version>1.0</version><type>update</type><payload><login><entry name="%{user}" ip="%{ip}"/></login></payload></uid-message>
Where is Clearpass pulling the values user and ip from? These are not formatted like most variables used in Enforcement Profiles.
I would potentially like to send a certificate SAN instead of the CN to Palo Firewalls.
Is there any documentation on this?
I'm hoping that doing a post-auth Enforcement Update will get Clearpass to update the username in the Access Tracker and thus the POST, but if the API only pulls the original name from the auth then that work out.