RSSO from clearpass to Fortigate firewall

Hi Everyone,

I have a client who has Aruba wireless solution, we have configured ClearPass to send radius accounting to the Fortigate firewall for BYOD wireless users and i do see the radius info on the firewall (user wireless username and IP address). However the users does not match any of the RSSO firewall groups i have created.

Herewith the config:

    edit "RSSO_Agent_CPPM"         set timeout 5         set radius-coa disable         set h3c-compatibility disable         set username-case-sensitive disable         set password-renewal disable         set password-encoding auto         set rsso enable         set rsso-radius-server-port 1813         set rsso-radius-response enable         set rsso-validate-request-secret enable         set rsso-secret ENC 3NiaXtXYFFMccGnSky0v0BS9dbwputkWWIz4yNvMQ/MdOtpZ0hSv8Dpwx5pMs/pBtltGOA5VJL79wtaHU0TvzYHT1PDk9fDqMlHIcgstlVnoJGvkle+HKA6Pnuv5upMT6i3U/KEDMGPlBiYqp0BypUOIiB6tZsfQ/33ZDCTtw5YnkbKB8kQnKvcETyEwoXkM1CmRWQ==         set rsso-endpoint-attribute User-Name         unset rsso-endpoint-block-attribute         set sso-attribute Filter-Id         set sso-attribute-key ''         set sso-attribute-value-override enable         set rsso-context-timeout 28800         set rsso-log-period 0         set rsso-log-flags protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other         set rsso-flush-ip-session disable         set rsso-ep-one-ip-only disable     next end config user group     edit "RSSO-SG-FG-AdvancedAuthenticated" <---         set group-type rsso         set authtimeout 0         set sso-attribute-value "SG-FG-ADVANCEDAUTHENTICATED"     next     edit "RSSO-SG-FG-ExcoAuthenticated" <---         set group-type rsso         set authtimeout 0         set sso-attribute-value "SG-FG-EXCOAUTHENTICATED"     next end