Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1804
Views
3
Helpful
2
Replies

ISE & SQL

Go to solution
Joe Montes
Cisco Employee
Cisco Employee

‎07-12-2017 09:01 PM

Hi everyone,

We are working on a customer  who have developed their own app for BYOD and guest access.  They are currently using Clearpass to provide their authentication and using an SQL database.   The historical reason they went for Clearpass a couple of years ago, was because ISE did not support an external identity store using SQL.  Based on the customer's email they would like to know whether ISE can support it, based on the current flows:

From customer’s email:

L2 Authentication.

            Controller Radius request from Clearpass. Clearpass request from App MYSQL for the following information

1.    User approve / Deny

2.    End time

3.    VLAN

Clearpass return the values back to Controller

L3 Authentication

            Device connect to Controller and L2 authentication fails. Controller will redirect to App web site. App web site provides Device mac address in QR.

Customer uses App to scan QR. App send Device MAC address to App server. App server update Database MAC address. Add user in Clearpass Guest account. Redirect Device back to controller. Device use the username and password from App server to authenticate with controller. Controller send Radius request to Clearpass for guest authentication. Using username and password provided by App. Clearpass approves access for the device and device redirected to company web site.

With the above process there will be integration between App and ISE.

1.    ISE request information for example User approve / Deny, End time and VLAN from App MYSQL server. ISE will reply controller request with information.

2.    App will add / Remove and modify guest user in  ISE. Guest user information includes Username and password. And expire date time

3.    L3 Authentication involve controller request ISE for access to internet with username and password. And ISE will allow (if username and password matched) or deny if username and password does not matched.

Just need feedback from the community whether ISE can achieve the same as per what Clearpass does based on the above authentication flow.  I have not done any SQL integration with ISE and just wondering if anyone can point out any gotchas or possible issues.

Thanks and regards,

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-13-2017 09:22 AM

Configure ISE 2.2 for integration with MySQL server, contributed by a Cisco TAC engineer, should be able to get you started.

The data types supported are String, Boolean and Integer. I can't tell what it expected for "End time" from your post.

Screen Shot 2017-07-13 at 9.19.56 AM.png

I have not learned any ISE integration with QR codes but it might be done by a custom application that uses the ERS APIs available from ISE.

View solution in original post

2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-13-2017 09:22 AM

Configure ISE 2.2 for integration with MySQL server, contributed by a Cisco TAC engineer, should be able to get you started.

The data types supported are String, Boolean and Integer. I can't tell what it expected for "End time" from your post.

Screen Shot 2017-07-13 at 9.19.56 AM.png

I have not learned any ISE integration with QR codes but it might be done by a custom application that uses the ERS APIs available from ISE.

Go to solution
Joe Montes
Cisco Employee
Cisco Employee
In response to hslai

‎07-23-2017 04:07 PM

Thanks  Hsing!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents