Cisco Identity Services Engine API Reference Guide, Release 1.2
Using the Change of Authorization REST APIs
Download this chapter
Using the Change of Authorization REST APIsUsing the Change of Authorization REST APIs
Download the complete book
Full Book PDFFull Book PDF (PDF - 1 MB)
 Feedback

Table Of Contents

Using Change of Authorization REST APIs

Using Reauth API Calls

Reauth API Call Schema File

Invoking a Reauth API Call

Reauth API Call Data

Using Disconnect API Calls

Disconnect API Call Schema File

Invoking a Disconnect API Call

Disconnect API Call Data


Using Change of Authorization REST APIs

Change of Authorization (CoA) calls send commands to a specified session on a targeted Monitoring node to perform the following:

Session reauthentication (using a Reauth API call)

Session disconnection (using a Disconnect API call).

The following sections describe each type of CoA API call as well as provide schema file examples, procedures for issuing each call, and a sample of the data returned:

Using Reauth API Calls

Using Disconnect API Calls

Using Reauth API Calls

A Reauth API call sends a reauthentication command to a specified session. Each session has an associated value and can be one of the following:

0—REAUTH_TYPE_DEFAULT

1—REAUTH_TYPE_LAST

2—REAUTH_TYPE_RERUN

Reauth API Call Schema File 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

  <xs:element name="remoteCoA" type="coAResult"/>

<xs:complexType name="coAResult">

    <xs:sequence>

      <xs:element name="results" type="xs:boolean" minOccurs="0"/>

    </xs:sequence>

    <xs:attribute name="requestType" type="xs:string"/>

  </xs:complexType>

</xs:schema>

Invoking a Reauth API Call

Note Make sure that you have verified that the target node is a valid Monitoring node. To verify the persona of a node, see Verifying a Monitoring Node.

Step 1 Log in to the target Monitoring node.

For example, when you initially log in to a Monitoring node with the hostname acme123, the following URL address field is displayed: 

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 2 Enter the Reauth API call in the URL address field of the target node by replacing the "/admin/" component with the API call component (/ise/mnt/CoA/<specific-api-call>/<macaddress>/
<reauthtype>/<nasipaddress>/<destinationipaddress>): 

https://acme123/ise/mnt/CoA/Reauth/server12/00:26:82:7B:D2:51/2/10.10.10.10

Note You must carefully enter each API call in the URL Address field of a target node because the calls are case sensitive. The use of "mnt" in the API call convention represents a Monitoring node.

Step 3 Press Enter to issue the API call.

Reauth API Call Data

A Reauth API call returns one of the following results:

True, which indicates that the command was successfully executed.

False, which means that the command was not executed. 

This XML file does not appear to have any style information associated with it. The 
document tree is shown below.

-

<remoteCoA requestType="reauth">

<results>true</results>

</remoteCoA>

Using Disconnect API Calls

A Disconnect API call sends a disconnect command to a specified session and port. Each port has an associated value and can be one of the following:

0—DYNAMIC_AUTHZ_PORT_DEFAULT

1—DYNAMIC_AUTHZ_PORT_BOUNCE

2—DYNAMIC_AUTHZ_PORT_SHUTDOWN

Disconnect API Call Schema File 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

  <xs:element name="remoteCoA" type="coAResult"/>

  <xs:complexType name="coAResult">

    <xs:sequence>

      <xs:element name="results" type="xs:boolean" minOccurs="0"/>

    </xs:sequence>

    <xs:attribute name="requestType" type="xs:string"/>

  </xs:complexType>

</xs:schema>

Invoking a Disconnect API Call

Note Make sure that the target node to which you are issuing an API call is a valid Monitoring node. To verify the persona of a node, see Verifying a Monitoring Node.

Step 1 Log in to the target Monitoring node.

For example, when you initially log in to a Monitoring node with the hostname acme123, the following URL address field is displayed: 

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 2 Enter the Disconnect API call in the URL address field of the target node by replacing the "/admin/" component with the API call component (/ise/mnt/CoA/<Disconnect>/<serverhostname>/
<macaddress>/<portoptiontype>/<nasipaddress>/<destinationipaddress>): 

https://acme123/ise/mnt/CoA/Disconnect/server12/ 
00:26:82:7B:D2:51/2/10.10.10.10

Note You must carefully enter each API call in the URL address field of a target node because the calls are case sensitive. The use of "mnt" in the API call convention represents a Monitoring node.

Step 3 Press Enter to issue the API call.

Disconnect API Call Data

A Disconnect API call returns one of the following results:

True, which indicates that the command was successfully executed.

False, which means that the command was not executed. 

This XML file does not appear to have any style information associated with it. The 
document tree is shown below.

-

<remoteCoA requestType="reauth">

<results>true</results>

</remoteCoA>