Security

 View Only

  • 1.  Clearpass SAML SP SSO

    Posted 22 days ago

    In my homelab I installed Authentik as SAML IdP for Clearpass SAML SP single sign-on. 

    A few question regarding this setup.,

    1) Say my Authentik fails, does Clearpass fall back to the TACACS+ service with internal users? Is this possible to configure?
    2) SAML SSO provides for example Application:SSO:http://schemas.xmlsoap.org/claims/Group with all the configured user groups. How do I use this in a service to limit access to a specific group?



    -------------------------------------------


  • 2.  RE: Clearpass SAML SP SSO
    Best Answer

    Posted 21 days ago
    1. No, it doesn't fallback to the internal users. If needed you can reset / delete the SSO via the CLI
    2. You can add the SSO claim to the SSO Dictionary. After this, the claim can directly be used in the Role Mapping / Enforcement policy. (Type Application:SSO)


    ------------------------------
    Willem Bargeman
    Systems Engineer Aruba
    ACEX #125
    ------------------------------



Related Content