Search This Blog

Wednesday, February 13, 2019

ClearPass API E-mail notifications


In the following post I will explain how to create an e-mail message from the ClearPass system for successful authentication (Authentication notification) or for failed authentication (Authentication alert).

First let's create our actions, for sending emails, using ClearPass API and JSON,
Go to Administration » Dictionaries » Context Server Actions, and click Add:

 

For Authentication Notification message:





And here is the content of the JSON:

{
            "to": ["jhon@dow.com"],
            "subject": "Succesful Authentication Connection",
            "message": "The following user has been authenticated at: \n%{Date:Date-Time} \nMAC Address: %{Connection:Client-Mac-Address-Colon} \nUser Name: %{Radius:IETF:User-Name} \nNAS-Identifier: %{Radius:IETF:NAS-Identifier} \nNAS-IP Address: %{Connection:NAD-IP-Address}, \nPort: %{Radius:IETF:NAS-Port-Id}, \nDevice Type: %{Authorization:[Endpoints Repository]:Device Name}"
}

Replace the To email address for relevant address, also note that you can add any information, from the RADIUS request, the this message.
In the end click Save.

For Authentication Alert message:




Next thing is to make sure that your ClearPass system is configured with messaging services, go to Administration » External Servers » Messaging Setup and fill the required information:


Note that in my lab I'm using Gmail for mail delivery (and how to configure Gmail is out of the scope for this post).

Now go to Configuration » Enforcement » Profiles and click Add:

  
Configure a new enforcement profile using HTTP Based Enforcement template, name it and enter some description:


On Target server select localhost and as action select the relevant endpoint context server that you have created earlier:


Click Save

Now use this enforcement profile for any service/enforcement policy you like in order to notify, via email, about an event

For example, for my secure wireless connection, where I'm using EAP-TLS/EAP-PEAP I have added the following notifications:


Were as the authentication status match user or machine, I'm sending authentication notification and where the authentication status is none, failed or authentication source is unavailable I'm sending failed authentication notification.

Email example:

The following user has been authenticated at:
2019-02-13 19:22:25
MAC Address: 00:35:44:31:74:2a
User Name: talm
NAS-Identifier: MLAB ArubaMC-VA-01
NAS-IP Address: 10.100.110.201,
Port: %{Radius:IETF:NAS-Port-Id},
Device Type: xiaomi NE-520G

There are plenty of e-mail messages you can configure for different scenarios using the following method.

Great thanks to Derin Mellor, from Aruba Networks, for the right guidance on this one.