If you are a good student, you will have already learnt how to authenticate Meridian users via ClearPass in the first episode of this trilogy).
Now, what I want to share with you is how to add value to the "integration". This means adding some custom parameters for the Meridian user who authenticates, parameters we'll use later to deliver specific content (in the last chapter of this series).
We stopped earlier at the point where, when the user authenticates in Meridian, we can get a token associated with the user. With this token, we'll be able to ask for additional parameters and then use these as we want.
Just a quick reminder of the current flow:
Let's now configure ClearPass for additional parameters:
ClearPass configuration
In my example, I want to associate a web page displaying a specific agenda for the guest who connects into the Merdian App. To do this, the plan is to use an "Agenda ID" which will be generated during the guest creation (self-registration or pre-registration, we don't already know ).
- Fist I need to add this parameter in the ClearPass guest fields (I named it "visitor_agenda"):
- Then we need to add this field to the guest registration form:
- And finally we add this parameter in the enforcement profile we created earlier (in the first blog) and which is associated with the Meridian authentication.
In the snapshot above we can see some attributes. Let's explain these:
- agenda: this is the agenda ID (associated with the guest field visitor_agenda) we'll use later to generate custom agenda web page
- info, name, badge and image: these are specific Meridian attributes which are used in the Account details of the Meridian App (you'll see at the end of this blog a snapshot showing this)
- email and Sales Account: are fields I planned to use for statistics / reporting
As you certainly understood, in this enforcement profile we can use both static attributes (such as "B10 Guest" associated to info attributes) or dynamic ones (in this example we use guest attributes for all the other fields: "%{GuestUse:Email}" for example means "the Email associated with the guest").
I can give another example which uses parameters coming from an AD Authentication source:
Finally, the real detailed flow is the following:
Test it!
As we did for the basic authentication, let's now verify everything is working.
- We created a guest vader@starwars.com and associated some parameters (such as agenda id for example) in the guest management
- First, we can test using HTTPIE command line tool (or CURL, or the fantastic Chrome App: Postman).
We use two lines to simulates this:- One command to ask for a token:
http –verify=no POST https://meridian@/api/oauth grant_type=password username= password=
- Another one to get custom attributes (using the token):http –verify=no POST https:///api/oauth/me Authorization:"Bearer "
- One command to ask for a token:
We can see all our attributes.
- And we can see also the info in ClearPass:
- And finally a real test:
Finally, we have all the custom information we need in order to deliver custom content. We can already see custom data in the account details, but that's not enough. I said, "I want to display custom agenda for each user who authenticates in my Meridian App".
So we now need to be able to use the famous "Agenda ID" in order to generate dynamic / custom web page. This will be part of the final chapter of this trilogy so stay tuned.
