This article will describe how you can trigger a Philips Hue Light bulb with Aruba ClearPass Policy Manager based on authentication events. I will focus on the connection to the Hue bridge and the enforcement itself. Neither the basic setup of ClearPass, the Hue bridge nor the authentication or device profiling will be covered.
Prequesits
- ClearPass Policy Manager with configured authentication services
- Philips Hue Bridge with a light bulb or LED strip added to it
- Network Access Device e.g. Access Point, Switch (a device where you authenticate your endpoints)
Add User to Philips Hue Bridge
Access the API interface of your Philips Hue Bridge with the following URL:
http://<ip-of-your-bridge>/debug/clip.html
Follow these steps to create a new user:
- Enter the following:
- URL: /api
- Message Body: {„devicetype“:“ClearPassPolicyManager“}
- Press the link button on top of your Philips Hue Bridge
- Press POST on the API Interface
You should receive a username as a response. In my case it is:
LSfbkS8lw97C0sbcv4GTJ5DC1KlKyMZQkMhVHGxn
Take a note of it and save it for the next steps.
Get ID of Philips Hue light
http://<ip-of-your-bridge>/debug/clip.html
Follow these steps to create a new user:
- Enter the following:
- URL: /api/<user created in previous step>/lights
- Press GET on the API Interface
You should receive details for the connected lights. We need to extract the ID/name of the light. In my case it is:
1
Take a note of it and save it for the next steps.
Add Context Server to ClearPass Policy Manager
Now open the Web-Interface and move to:
Administration » External Servers » Endpoint Context Servers
Follow these steps to create a new Endpoint Context Server:
- Click Add
- Select Server Type: Generic HTTP Context Server
- Enter the following:
- Server Name: <ip-of-your-bridge>
- Server Base URL: http://<ip-of-your-bridge>/api/<user created in previous step>
- I used http instead of https (not recommended for production environments)
- Click Save
Add Context Server Action on ClearPass Policy Manager
To make sure the light is not switched on forever, we need to create two actions. In this case I’ll show the steps to configure the action for:
- switching on the light, green
- switching off the light after ten seconds
Move to:
Administration » Dictionaries » Context Server Actions
Light on
- Click Add
- Select Server Type: Generic HTTP Context Server
- Select Server Name: IP of your Hue Bridge
- Enter an Action Name: e.g. Hue light green
- Select HTTP Metod: PUT
- Enter URL: /lights/<ID or Name of your light>/state
Move to the Tab Content.
- Select Content-Type: JSON
- Enter Content: {„on“:“true“, „sat“:254, „bri“:50, „hue“:25500}
- For different colors, replace the 25500 – there are tons of tables in the internet for different color codes
- Click Save
Light off after 10 sec
- Click Add
- Select Server Type: Generic HTTP Context Server
- Select Server Name: IP of your Hue Bridge
- Enter an Action Name: e.g. Hue off 10sec
- Select HTTP Metod: POST
- Enter URL: /schedules
Move to the Tab Content.
- Select Content-Type: JSON
- Enter Content:
{
"name": "lights out",
"description": "lights out in 10 sec",
"command": {
"address": "/api/<hue username>/groups/<hue light id>/action",
"method": "PUT",
"body": {
"on": false
}
},
"localtime": "PT00:00:10"
}- Click Save
Add Enforcement Profile to ClearPass Policy Manager
Now we have to tie our actions into enforcement profiles. Again one to switch the light on and one to switch it off.
Move to:
Configuration » Enforcement » Profiles
Light on
- Click Add
- Select Template: HTTP Based Enforcement
- Enter Name: e.g. Hue green
Move to the Tab Attributes.
- Choose Target Server Value: <Hue Bridge IP>
- Choose Action Value: <Name of the Content Server Action>
- Click Save
Light off after 10 sec
- Click Add
- Select Template: HTTP Based Enforcement
- Enter Name: e.g. Hue off
Move to the Tab Attributes.
- Choose Target Server Value: <Hue Bridge IP>
- Choose Action Value: <Name of the Content Server Action>
- Click Save
Add your Enforcements Profiles to your Enforcement Policy
Last but not least, make sure to add both Profiles to your Enforcement Policy. Start with the on to switch the light on, followed by the one to switch the light off after 10 Seconds