3.2.2.4.3.2.5. Guest plugins

This section presents Guest plugins description and configuration.

../../../../../_images/guest_plugins.png


To enable plugins, use their corresponding flag and then click on the “engine” icon to open the configuration window.

3.2.2.4.3.2.5.1. manageTags

The manageTags plugin allows adding, updating, or deleting the tags associated with the user device that is being managed by the openNAC policy, remember that these tags include a TTL and can be modified through this process.

The following fields must be configured to set up the plugin:

../../../../../_images/managetags1.png


  • Tag to be added when active status: Tag to be added/updated when valid auth is produced. Multiple tags could be defined by Policy Custom Params.

  • Tag to be deleted when active status: Tag to be deleted when valid auth is produced. Multiple tags could be defined by Policy Custom Params.

  • Tag to be added when reject status: Tag to be added/updated when invalid auth is produced. Multiple tags could be defined by Policy Custom Params.

  • Tag to be deleted when reject status: Tag to be deleted when invalid auth is produced. Multiple tags could be defined by Policy Custom Params.

In case you are using the default name fields (addTag and delTag), some valid custom params would be: addTag, addTag1, addTag02, addTag38, delTag, delTag1, delTag02, delTag38.

Note

You can use the same “index” value to add and delete a TAG, if you want.

When “addTag” is used, the tag is associated with the user device, if this tag was previously associated, the timestamp is updated in order to manage the time to live (TTL) of this relationship and avoid being purged when this time is exceeded.

Note

The maximum number of tags to be managed by the plugin is 99 in total. If you exceed this number an error is produced in plugin execution and the user device tags won’t be updated.

3.2.2.4.3.2.5.2. sendHttpRequest

The sendHttpRequest plugin is used to send HTTP requests to a desired host every time a user device enters on corresponding policy. This is totally customizable; it can be sent every time there is a policy evaluation or only when it connects.

The following fields must be configured to set up the plugin:

../../../../../_images/sendhttprequest1.png


  • URL: Url where the information collected by the plugin will be sent.

  • Header Params: Header Params that will be sent in the HTTP Request generated by the plugin.

  • HTTP Method: Http method to be used, these can be GET or POST.

  • Request Params: Requested parameters collected by the Http Request.

  • Execute only on connection: Within this flag, we can determine if the plugin is executed every time a connection is established or every time the policy is evaluated.

3.2.2.4.3.2.5.3. tagsLogoutSync

The tagsLogoutSync plugin allows adding/updating or deleting the tags associated with the user device based only on LOGOUT events managed by the OpenNAC policy. Remember that these tags include a TTL and can be modified through this process.

../../../../../_images/tagslogoutsync.png


  • Tag to be added when logout status: Tag to be added/updated when a disconnection is produced. Multiple tags could be defined by Policy Custom Params.

  • Tag to be deleted when logout status: Tag to be deleted when a disconnection is produced. Multiple tags could be defined by Policy Custom Params.

If the plugin is active and correctly configured in a policy, when we receive a LOGOUT event that matches the configured policy, the plugin will be executed. As it’s a syncron, the LOGOUT event won’t finish until the plugin finishes its execution (add, update, or delete a tag for the user device). We can configure the default parameters in the plugins section (Configuration -> Conf vars -> Plugins -> tagsLogoutSync) or we can also configure the custom parameters in each policy where we configure the plugin.

  • Execution order: Determines the order in which sync plugins are executed, with higher priority assigned to lower numerical values (0 being the lowest priority). In situations where multiple plugins share the same execution order value, the execution order will follow an alphabetical arrangement.

To force the discover plugin execution when a logout happens, we need to add the tag ONC_FORCE_DISCOVER_FULL in the Tag to be added when logout status field.