|
1 | 1 | ## Overview |
2 | 2 |
|
3 | | -The Clearpass AnyCA Gateway REST plugin extends the capabilities of Aruba Clearpass Onboard to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies: |
| 3 | +The Clearpass AnyCA Gateway REST plugin extends the capabilities of Aruba Clearpass Onboard to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies : |
4 | 4 | * CA Sync: |
5 | 5 | * Download all certificates issued to the customer by the Clearpass CA. |
6 | 6 | * Certificate enrollment for the Clearpass products listed in the manifest file: |
7 | | - * Support certificate enrollment (new keys/certificate). [see disclaimer] |
| 7 | + * Support certificate enrollment (new keys/certificate) |
8 | 8 | * Support certificate re-issuance/renewal (new public/private keys with the same or different domain names). |
9 | 9 | * Certificate revocation: |
10 | 10 | * Request revocation of a previously issued certificate. |
11 | 11 |
|
| 12 | +## Requirements |
| 13 | + |
| 14 | +# ClearPass Onboard: Setting Up an API Client |
| 15 | + |
| 16 | +## Step 1: Access ClearPass Admin Console |
| 17 | +1. **Login** to the ClearPass Admin console using your administrator credentials. |
| 18 | +2. Navigate to **Administration** > **API Services** > **API Clients**. |
| 19 | + |
| 20 | +## Step 2: Create a New API Client |
| 21 | +1. Click on the **Add API Client** button to create a new API client. |
| 22 | + |
| 23 | +## Step 3: Configure the API Client |
| 24 | + |
| 25 | +- **Client ID**: |
| 26 | + - Enter some value such as `Client1` in the **Client ID** field. |
| 27 | + - This is the value you will use in the OAuth2 `client_id` parameter. |
| 28 | + |
| 29 | +- **Description**: |
| 30 | + - You can provide a description for this API client, such as "Sample API client for testing purposes," in the **Description** field. |
| 31 | + |
| 32 | +- **Enabled**: |
| 33 | + - Ensure the **Enabled** checkbox is selected. This means the API client will be active and able to make API calls. |
| 34 | + |
| 35 | +- **Operating Mode**: |
| 36 | + - Select **ClearPass REST API - Client will be used for API calls to ClearPass** from the **Operating Mode** dropdown. |
| 37 | + |
| 38 | +- **Operator Profile**: |
| 39 | + - Select **Network Administrator** from the **Operator Profile** dropdown. |
| 40 | + - This profile will provide the API client with the necessary permissions to interact with ClearPass. |
| 41 | + |
| 42 | +- **Grant Type**: |
| 43 | + - Select **Client credentials (`grant_type=client_credentials`)** from the **Grant Type** dropdown. |
| 44 | + - This means the API client will authenticate using its client credentials. |
| 45 | + |
| 46 | +- **Client Secret**: |
| 47 | + - Since this is a non-public client, ensure the **Generate a new client secret** checkbox is selected. |
| 48 | + - The system will generate a new client secret. For example, `FFFDDDCCCRRR4444DDDDDDDDDDD`. |
| 49 | + - **Note:** The client secret is used in the OAuth2 `client_secret` parameter and will be encrypted once stored, so be sure to copy it securely. |
| 50 | + |
| 51 | +## Step 4: Set Token Lifetimes |
| 52 | + |
| 53 | +- **Access Token Lifetime**: |
| 54 | + - Enter `8` in the **Access Token Lifetime** field. |
| 55 | + - Select **hours** from the dropdown. This means the access token will be valid for 8 hours. |
| 56 | + |
| 57 | + |
| 58 | +## Step 5: Save the API Client |
| 59 | +1. Once all fields are configured, click the **Create API Client** button to save the new API client. |
| 60 | +2. If you need to cancel, click the **Cancel** button. |
| 61 | + |
| 62 | +## Step 6: Use the API Client |
| 63 | +- Use the **Client ID** (`Client1`) and **Client Secret** (`FFFDDDCCCRRR4444DDDDDDDDDDD`) in your Gateway Configuration Settings. |
| 64 | + |
| 65 | + |
0 commit comments