Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

web-server (Services)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 12.3X48-D30.

Description

Specify the name of the webserver configuration on the SRX Series device used for the user query integrated ClearPass authentication and enforcement function. The webserver is the ClearPass server to which the SRX Series device connects to request authentication and identity information for an individual user.

When information for the individual user is not posted to the SRX Series device by ClearPass through Web API POST request messages, the SRX Series device can request this information from the ClearPass Policy Manager (CPPM) under certain circumstances. You must enable the user query function by configuring it.

address- Configure for the integrated ClearPass authentication and enforcement feature the address of the ClearPass webserver that the SRX Series device communicates with. The SRX Series device requests user authentication and identity information for an individual user from the ClearPass webserver whose address is configured. If you configure the user query function, the SRX Series device can obtain this information for a specific user when it does not receive it from the ClearPass Policy Manager through Web API POST requests.

connect-method- Configure the application protocol used for the SRX Series device connection to the ClearPass Policy Manager (CPPM) for user query requests. You identify the connection protocol as part of the configuration that identifies the CPPM server. The user query function allows the SRX Series device to request from the CPPM user authentication and identity information for an individual user.

port- Configure the port on the Juniper Identity Management Service server that the SRX Series device uses to connect to the server.

Options

server-nameSpecify the Web server name.
addressSpecify the IP address or hostname of web server.
httpConfigure HTTP as the connection protocol to use for the SRX Series integrated ClearPass authentication and enforcement feature’s connection to the ClearPass Policy Manager (CPPM) webserver for individual user authentication queries. You can identify the connection protocol as part of the configuration that identifies the CPPM webserver (mutually exclusive with HTTPS).

If the SRX Series devices does not find an authentication entry for a user in its local ClearPass authentication table, it can query the Aruba ClearPass webserver for this information.

httpsConfigure HTTPS as the connection protocol used for the SRX Series connection to the ClearPass Policy Manager (CPPM) for user query requests. You identify the connection protocol as part of the configuration that identifies the CPPM webserver.

The integrated ClearPass authentication and enforcement user query function allows the SRX Series device to request from the CPPM user authentication and identity information for an individual when the SRX Series ClearPass authentication table does not contain that information.

The http and https configuration assumes that aruba-clearpass is specified as the authentication source.

The Web API process, acting as an HTTP server, exposes to the Aruba ClearPass Policy Manager (CPPM) an API that allows the CPPM, acting as a client, to send POST request messages to it. The CPPM, which serves as the authentication source, initiates the session to the SRX Series device and sends it user authentication and identity information.

Default: https—The connect-method configuration is optional. If it is not configured, HTTPS is assumed.

portSpecify the Web server port number.

Default: 443

Range: 1 through 65535

Required Privilege Level

  • services—To view this statement in the configuration.

  • services-control—To add this statement to the configuration.