Class: MistApi::OrgSettingMistNac

Inherits:

BaseModel

• Object
• CoreLibrary::BaseModel
• BaseModel
• MistApi::OrgSettingMistNac

Defined in:

lib/mist_api/models/org_setting_mist_nac.rb

Overview

OrgSettingMistNac Model.

Instance Attribute Summary

• #allow_teap_machine_auth_only ⇒ TrueClass | FalseClass

  allow clients to connect even when the user cert failed.

• #cacerts ⇒ Array[String]

  List of PEM-encoded ca certs.

• #default_idp_id ⇒ String

  use this IDP when no explicit realm present in the incoming username/CN OR when no IDP is explicitly mapped to the incoming realm.

• #disable_rsae_algorithms ⇒ TrueClass | FalseClass

  to disable RSAE_PSS_SHA256, RSAE_PSS_SHA384, RSAE_PSS_SHA512 from server side.

• #eap_ssl_security_level ⇒ Integer

  eap ssl security level, see www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html #DEFAULT-CALLBACK-BEHAVIOUR.

• #eu_only ⇒ TrueClass | FalseClass

  By default, NAC POD failover considers all NAC pods available around the globe, i.e.

• #fingerprinting ⇒ OrgSettingMistNacFingerprinting

  Allows customer to enable client fingerprinting for policy enforcement.

• #idp_machine_cert_lookup_field ⇒ IdpMachineCertLookupFieldEnum

  allow customer to choose the EAP-TLS client certificate’s field to use for IDP Machine Groups lookup.

• #idp_user_cert_lookup_field ⇒ IdpUserCertLookupFieldEnum

  allow customer to choose the EAP-TLS client certificate’s field.

• #idps ⇒ Array[OrgSettingMistNacIdp]

  allow customer to choose the EAP-TLS client certificate’s field.

• #mdm ⇒ OrgSettingMistNacMdm

  MDM (Mobile Device Management) CoA configuration.

• #server_cert ⇒ OrgSettingMistNacServerCert

  radius server cert to be presented in EAP TLS.

• #use_ip_version ⇒ OrgSettingMistNacIpVersionEnum

  by default, NAS devices(switches/aps) and proxies(mxedge) are configured to reach mist-nac via IPv4.

• #use_ssl_port ⇒ TrueClass | FalseClass

  By default, NAS devices (switches/aps) and proxies(mxedge) are configured to use port TCP2083(RadSec) to reach mist-nac.

• #usermac_expiry ⇒ Integer

  Allow customer to configure an expiry time for usermacs by attaching a Quarantine label to those which have been inactive for the configured period of time (in days).

Class Method Summary

• .from_hash(hash) ⇒ Object

  Creates an instance of the object from a hash.

• .names ⇒ Object

  A mapping from model property names to API property names.

• .nullables ⇒ Object

  An array for nullable fields.

• .optionals ⇒ Object

  An array for optional fields.

Instance Method Summary

• #initialize(allow_teap_machine_auth_only = false, cacerts = SKIP, default_idp_id = SKIP, disable_rsae_algorithms = false, eap_ssl_security_level = 2, eu_only = false, fingerprinting = SKIP, idp_machine_cert_lookup_field = IdpMachineCertLookupFieldEnum::AUTOMATIC, idp_user_cert_lookup_field = IdpUserCertLookupFieldEnum::AUTOMATIC, idps = SKIP, mdm = SKIP, server_cert = SKIP, use_ip_version = OrgSettingMistNacIpVersionEnum::V4, use_ssl_port = false, usermac_expiry = 0) ⇒ OrgSettingMistNac constructor

  A new instance of OrgSettingMistNac.

• #inspect ⇒ Object

  Provides a debugging-friendly string with detailed object information.

• #to_s ⇒ Object

  Provides a human-readable string representation of the object.

Methods inherited from BaseModel

#check_for_conflict, #process_additional_properties, #process_array, #process_basic_value, #process_hash, #to_hash, #to_json

Constructor Details

#initialize(allow_teap_machine_auth_only = false, cacerts = SKIP, default_idp_id = SKIP, disable_rsae_algorithms = false, eap_ssl_security_level = 2, eu_only = false, fingerprinting = SKIP, idp_machine_cert_lookup_field = IdpMachineCertLookupFieldEnum::AUTOMATIC, idp_user_cert_lookup_field = IdpUserCertLookupFieldEnum::AUTOMATIC, idps = SKIP, mdm = SKIP, server_cert = SKIP, use_ip_version = OrgSettingMistNacIpVersionEnum::V4, use_ssl_port = false, usermac_expiry = 0) ⇒ OrgSettingMistNac

Returns a new instance of OrgSettingMistNac.

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 142

def initialize(
  allow_teap_machine_auth_only = false, cacerts = SKIP,
  default_idp_id = SKIP, disable_rsae_algorithms = false,
  eap_ssl_security_level = 2, eu_only = false, fingerprinting = SKIP,
  idp_machine_cert_lookup_field = IdpMachineCertLookupFieldEnum::AUTOMATIC,
  idp_user_cert_lookup_field = IdpUserCertLookupFieldEnum::AUTOMATIC,
  idps = SKIP, mdm = SKIP, server_cert = SKIP,
  use_ip_version = OrgSettingMistNacIpVersionEnum::V4, use_ssl_port = false,
  usermac_expiry = 0
)
  unless allow_teap_machine_auth_only == SKIP
    @allow_teap_machine_auth_only =
      allow_teap_machine_auth_only
  end
  @cacerts = cacerts unless cacerts == SKIP
  @default_idp_id = default_idp_id unless default_idp_id == SKIP
  @disable_rsae_algorithms = disable_rsae_algorithms unless disable_rsae_algorithms == SKIP
  @eap_ssl_security_level = eap_ssl_security_level unless eap_ssl_security_level == SKIP
  @eu_only = eu_only unless eu_only == SKIP
  @fingerprinting = fingerprinting unless fingerprinting == SKIP
  unless idp_machine_cert_lookup_field == SKIP
    @idp_machine_cert_lookup_field =
      idp_machine_cert_lookup_field
  end
  unless idp_user_cert_lookup_field == SKIP
    @idp_user_cert_lookup_field =
      idp_user_cert_lookup_field
  end
  @idps = idps unless idps == SKIP
  @mdm = mdm unless mdm == SKIP
  @server_cert = server_cert unless server_cert == SKIP
  @use_ip_version = use_ip_version unless use_ip_version == SKIP
  @use_ssl_port = use_ssl_port unless use_ssl_port == SKIP
  @usermac_expiry = usermac_expiry unless usermac_expiry == SKIP
end

Instance Attribute Details

#allow_teap_machine_auth_only ⇒ TrueClass | FalseClass

allow clients to connect even when the user cert failed. TEAP authenticates both Machine Cert and User Cert. When enabled, clients who only succeed Machine Cert authentication will be accepted.

Returns:

• (TrueClass | FalseClass)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 16

def allow_teap_machine_auth_only
  @allow_teap_machine_auth_only
end

#cacerts ⇒ Array[String]

List of PEM-encoded ca certs

Returns:

• (Array[String])

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 20

def cacerts
  @cacerts
end

#default_idp_id ⇒ String

use this IDP when no explicit realm present in the incoming username/CN OR when no IDP is explicitly mapped to the incoming realm.

Returns:

• (String)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 25

def default_idp_id
  @default_idp_id
end

#disable_rsae_algorithms ⇒ TrueClass | FalseClass

to disable RSAE_PSS_SHA256, RSAE_PSS_SHA384, RSAE_PSS_SHA512 from server side. see www.openssl.org/docs/man3.0/man1/openssl-ciphers.html

Returns:

• (TrueClass | FalseClass)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 30

def disable_rsae_algorithms
  @disable_rsae_algorithms
end

#eap_ssl_security_level ⇒ Integer

eap ssl security level, see www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html #DEFAULT-CALLBACK-BEHAVIOUR

Returns:

• (Integer)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 36

def eap_ssl_security_level
  @eap_ssl_security_level
end

#eu_only ⇒ TrueClass | FalseClass

By default, NAC POD failover considers all NAC pods available around the globe, i.e. EU, US, or APAC based, failover happens based on geo IP of the originating site. For strict GDPR compliance NAC POD failover would only happen between the PODs located within the EU environment, and no authentication would take place outside of EU. This is an org setting that is applicable to WLANs, switch templates, mxedge clusters that have mist_nac enabled

Returns:

• (TrueClass | FalseClass)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 46

def eu_only
  @eu_only
end

#fingerprinting ⇒ OrgSettingMistNacFingerprinting

Allows customer to enable client fingerprinting for policy enforcement

Returns:

• (OrgSettingMistNacFingerprinting)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 50

def fingerprinting
  @fingerprinting
end

#idp_machine_cert_lookup_field ⇒ IdpMachineCertLookupFieldEnum

allow customer to choose the EAP-TLS client certificate’s field to use for IDP Machine Groups lookup. enum: ‘automatic`, `cn`, `dns`

Returns:

• (IdpMachineCertLookupFieldEnum)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 55

def idp_machine_cert_lookup_field
  @idp_machine_cert_lookup_field
end

#idp_user_cert_lookup_field ⇒ IdpUserCertLookupFieldEnum

allow customer to choose the EAP-TLS client certificate’s field. To use for IDP User Groups lookup. enum: ‘automatic`, `cn`, `email`, `upn`

Returns:

• (IdpUserCertLookupFieldEnum)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 60

def idp_user_cert_lookup_field
  @idp_user_cert_lookup_field
end

#idps ⇒ Array[OrgSettingMistNacIdp]

allow customer to choose the EAP-TLS client certificate’s field. To use for IDP User Groups lookup. enum: ‘automatic`, `cn`, `email`, `upn`

Returns:

• (Array[OrgSettingMistNacIdp])

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 65

def idps
  @idps
end

#mdm ⇒ OrgSettingMistNacMdm

MDM (Mobile Device Management) CoA configuration

Returns:

• (OrgSettingMistNacMdm)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 69

def mdm
  @mdm
end

#server_cert ⇒ OrgSettingMistNacServerCert

radius server cert to be presented in EAP TLS

Returns:

• (OrgSettingMistNacServerCert)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 73

def server_cert
  @server_cert
end

#use_ip_version ⇒ OrgSettingMistNacIpVersionEnum

by default, NAS devices(switches/aps) and proxies(mxedge) are configured to reach mist-nac via IPv4. enum: ‘v4`, `v6`

Returns:

• (OrgSettingMistNacIpVersionEnum)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 78

def use_ip_version
  @use_ip_version
end

#use_ssl_port ⇒ TrueClass | FalseClass

By default, NAS devices (switches/aps) and proxies(mxedge) are configured to use port TCP2083(RadSec) to reach mist-nac. Set ‘use_ssl_port`==`true` to override that port with TCP43 (ssl), This is an org level setting that is applicable to wlans, switch_templates, and mxedge_clusters that have mist-nac enabled

Returns:

• (TrueClass | FalseClass)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 86

def use_ssl_port
  @use_ssl_port
end

#usermac_expiry ⇒ Integer

Allow customer to configure an expiry time for usermacs by attaching a Quarantine label to those which have been inactive for the configured period of time (in days). 0 means no expiry

Returns:

• (Integer)

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 92

def usermac_expiry
  @usermac_expiry
end

Class Method Details

.from_hash(hash) ⇒ Object

Creates an instance of the object from a hash.

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 179

def self.from_hash(hash)
  return nil unless hash

  # Extract variables from the hash.
  allow_teap_machine_auth_only =
    hash['allow_teap_machine_auth_only'] ||= false
  cacerts = hash.key?('cacerts') ? hash['cacerts'] : SKIP
  default_idp_id =
    hash.key?('default_idp_id') ? hash['default_idp_id'] : SKIP
  disable_rsae_algorithms = hash['disable_rsae_algorithms'] ||= false
  eap_ssl_security_level = hash['eap_ssl_security_level'] ||= 2
  eu_only = hash['eu_only'] ||= false
  fingerprinting = OrgSettingMistNacFingerprinting.from_hash(hash['fingerprinting']) if
    hash['fingerprinting']
  idp_machine_cert_lookup_field =
    hash['idp_machine_cert_lookup_field'] ||= IdpMachineCertLookupFieldEnum::AUTOMATIC
  idp_user_cert_lookup_field =
    hash['idp_user_cert_lookup_field'] ||= IdpUserCertLookupFieldEnum::AUTOMATIC
  # Parameter is an array, so we need to iterate through it
  idps = nil
  unless hash['idps'].nil?
    idps = []
    hash['idps'].each do |structure|
      idps << (OrgSettingMistNacIdp.from_hash(structure) if structure)
    end
  end

  idps = SKIP unless hash.key?('idps')
  mdm = OrgSettingMistNacMdm.from_hash(hash['mdm']) if hash['mdm']
  server_cert = OrgSettingMistNacServerCert.from_hash(hash['server_cert']) if
    hash['server_cert']
  use_ip_version =
    hash['use_ip_version'] ||= OrgSettingMistNacIpVersionEnum::V4
  use_ssl_port = hash['use_ssl_port'] ||= false
  usermac_expiry = hash['usermac_expiry'] ||= 0

  # Create object from extracted values.
  OrgSettingMistNac.new(allow_teap_machine_auth_only,
                        cacerts,
                        default_idp_id,
                        disable_rsae_algorithms,
                        eap_ssl_security_level,
                        eu_only,
                        fingerprinting,
                        idp_machine_cert_lookup_field,
                        idp_user_cert_lookup_field,
                        idps,
                        mdm,
                        server_cert,
                        use_ip_version,
                        use_ssl_port,
                        usermac_expiry)
end

.names ⇒ Object

A mapping from model property names to API property names.

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 95

def self.names
  @_hash = {} if @_hash.nil?
  @_hash['allow_teap_machine_auth_only'] = 'allow_teap_machine_auth_only'
  @_hash['cacerts'] = 'cacerts'
  @_hash['default_idp_id'] = 'default_idp_id'
  @_hash['disable_rsae_algorithms'] = 'disable_rsae_algorithms'
  @_hash['eap_ssl_security_level'] = 'eap_ssl_security_level'
  @_hash['eu_only'] = 'eu_only'
  @_hash['fingerprinting'] = 'fingerprinting'
  @_hash['idp_machine_cert_lookup_field'] =
    'idp_machine_cert_lookup_field'
  @_hash['idp_user_cert_lookup_field'] = 'idp_user_cert_lookup_field'
  @_hash['idps'] = 'idps'
  @_hash['mdm'] = 'mdm'
  @_hash['server_cert'] = 'server_cert'
  @_hash['use_ip_version'] = 'use_ip_version'
  @_hash['use_ssl_port'] = 'use_ssl_port'
  @_hash['usermac_expiry'] = 'usermac_expiry'
  @_hash
end

.nullables ⇒ Object

An array for nullable fields

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 138

def self.nullables
  []
end

.optionals ⇒ Object

An array for optional fields

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 117

def self.optionals
  %w[
    allow_teap_machine_auth_only
    cacerts
    default_idp_id
    disable_rsae_algorithms
    eap_ssl_security_level
    eu_only
    fingerprinting
    idp_machine_cert_lookup_field
    idp_user_cert_lookup_field
    idps
    mdm
    server_cert
    use_ip_version
    use_ssl_port
    usermac_expiry
  ]
end

Instance Method Details

#inspect ⇒ Object

Provides a debugging-friendly string with detailed object information.

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 247

def inspect
  class_name = self.class.name.split('::').last
  "<#{class_name} allow_teap_machine_auth_only: #{@allow_teap_machine_auth_only.inspect},"\
  " cacerts: #{@cacerts.inspect}, default_idp_id: #{@default_idp_id.inspect},"\
  " disable_rsae_algorithms: #{@disable_rsae_algorithms.inspect}, eap_ssl_security_level:"\
  " #{@eap_ssl_security_level.inspect}, eu_only: #{@eu_only.inspect}, fingerprinting:"\
  " #{@fingerprinting.inspect}, idp_machine_cert_lookup_field:"\
  " #{@idp_machine_cert_lookup_field.inspect}, idp_user_cert_lookup_field:"\
  " #{@idp_user_cert_lookup_field.inspect}, idps: #{@idps.inspect}, mdm: #{@mdm.inspect},"\
  " server_cert: #{@server_cert.inspect}, use_ip_version: #{@use_ip_version.inspect},"\
  " use_ssl_port: #{@use_ssl_port.inspect}, usermac_expiry: #{@usermac_expiry.inspect}>"
end

#to_s ⇒ Object

Provides a human-readable string representation of the object.

# File 'lib/mist_api/models/org_setting_mist_nac.rb', line 234

def to_s
  class_name = self.class.name.split('::').last
  "<#{class_name} allow_teap_machine_auth_only: #{@allow_teap_machine_auth_only}, cacerts:"\
  " #{@cacerts}, default_idp_id: #{@default_idp_id}, disable_rsae_algorithms:"\
  " #{@disable_rsae_algorithms}, eap_ssl_security_level: #{@eap_ssl_security_level}, eu_only:"\
  " #{@eu_only}, fingerprinting: #{@fingerprinting}, idp_machine_cert_lookup_field:"\
  " #{@idp_machine_cert_lookup_field}, idp_user_cert_lookup_field:"\
  " #{@idp_user_cert_lookup_field}, idps: #{@idps}, mdm: #{@mdm}, server_cert:"\
  " #{@server_cert}, use_ip_version: #{@use_ip_version}, use_ssl_port: #{@use_ssl_port},"\
  " usermac_expiry: #{@usermac_expiry}>"
end