Dell Powerconnect W-ClearPass Hardware Appliances W-ClearPass Policy Manager 6 - Page 346

Attribute Name Values Issuer-DN, Issuer-DC, Issuer-UID, Issuer-CN, Issuer-GN, IssuerSN, Issuer-C, Issuer-L, Issuer-ST, Issuer-O, Issuer-OU, IssueremailAddress Attributes associated with the issuer (Certificate Authorities or the enterprise CA). Not all of these fields are populated in a certificate. Subject-AltName-Email, Subject-AltName-DNS, SubjectAltName-URI, Subject-AltName-DirName, Subject-AltNameIPAddress, Subject-AltName-RegisterdID, Subject-AltNamemsUPN Attributes associated with the subject (user or machine, in this case) alternate name. Not all of these fields are populated in a certificate. Certificate namespace appears in the following editing contexts: n Role mapping policies l Tips Namespace - Tips namespace has two pre-defined attributes: Role and Posture. Values are assigned to these attributes at run-time after Policy Manager evaluates role mapping and posture related policies. The value for the Role attribute is a set of roles assigned by the either the role mapping policy or the post-audit policy. The value value of the Role attribute can also be a dynamically fetched "Enable as role" attribute from the authorization source. The value for the Posture attribute is one of HEALTHY, CHECKUP, TRANSITION, QUARANTINE, INFECTED or UNKNOWN. The posture value is computed after Policy Manager evaluates internal posture policies, gets posture status from posture servers or audit servers. Tips namespace appears in the following editing contexts: n Enforcement policies l Host Namespace - Host namespace has a number of pre-defined attributes: Name, OSType, FQDN, UserAgent, CheckType, UniqueID, AgentType and InstalledSHAs. Host:Name, Host:OSType, Host:FQDN, Host:AgentType, Host:InstalledSHAs are only populated when request is originated by a Microsot NAP-compatible agent. UserAgent and CheckType are present when Policy Manager acts as a Web authentication portal. l Endpoint Namespace - Endpoint namespace has the following attributes: Disabled By, Disabled Reason, Enabled By, Enabled Reason, Info URL. Use these attributes look for attributes of authenticating endpoints (present in the Policy Manager endpoints list). l Device Namespace - Device namespace has the attributes associated with the network device that originated the request. Device namespace has four pre-defined attributes: Location, OS-Version, Device-Type and DeviceVendor. Custom attributes also appear in the attribute list if they are defined as custom tags for the device. Note that these attribtues can be used only if you have pre-populated the values for these attributes when a network device is configured in Policy Manager. l LocalUser Namespace - LocalUser namespace has the attributes associated with the local user (resident in the Policy Manager local user database) who authenticated in this session. As the name suggests, this namespace is only applicable if a local user authenticated. LocalUser namespace has four pre-defined attributes: Phone, Email, Sponsor and Designation. Custom attributes also appear in the attribute list if they are defined as custom tags for the local user. Note that these attribtues can be used only if you have pre-populated the values for these attributes when a local user is configured in Policy Manager. l GuestUser Namespace - GuestUser namespace has the attributes associated with the guest user (resident in the Policy Manager guest user database) who authenticated in this session. As the name suggests, this namespace is only applicable if a guest user authenticated. GuestUser namespace has six pre-defined attributes: CompanyName, Location, Phone, Email, Sponsor and Designation. Custom attributes also appear in the attribute list if they are defined as custom tags for the guest user. Note that these attribtues can be used only if you have prepopulated the values for these attributes when a guest user is configured in Policy Manager. 346 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide