Configuration API Guide Dell Networking W-ClearPass Policy Manager
Copyright Information © 2014 Aruba Networks, Inc. Aruba Networks trademarks include the Aruba Networks logo, Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners.
Contents Overview 4 Structure of XML Data 4 Filter Elements 5 API Methods 6 Entity Names Supported in ClearPass Configuration API 6 Authentication 8 API Examples 9 Retrieving a Guest User Value 9 Retrieving a Local User Value 9 Adding a Guest User Value 10 Updating a Guest User Value 10 Removing a Guest User 11 Using the Contains Match Operator 12 Error Handling 12 Other API Methods 14 NameList 14 Reorder 14 Status Change 15 Advanced Match Operations 16 Best Practices
Chapter 1 Overview The Dell Networking W-ClearPass Policy Manager Configuration Application Programming Interface (API) is used to read and write a number of configuration elements (known as Entities) either programmatically or using a script. ClearPass configuration API allows you to configure or modify the entities in ClearPass without logging into the admin User Interface (UI). For example, when you create a new user in database, you may want to create a guest user automatically.
Figure 2: Structure of XML Data - XML Response Filter Elements Use the Filter element to fetch a list of objects of a specific entity. You can use a filter to perform the Read and Delete operations. A filter contains a Criteria element that includes the following: l fieldname – Specifies the name of the field present in XML that needs to be filtered. l filterString – Specifies the string that is used to match the filter during a match of the filter. l match – Specifies the operator to be used.
Chapter 2 API Methods The Dell Networking W-ClearPass Policy Manager Configuration API is modeled similar to a Representational State Transfer (REST) API, where each method is represented by a URL. For each operation, XML request is posted to a different URL identified by the following methods: l Read –The Read method gets one or more filter elements and returns a unified list of Entity objects. The URL for the Read method is https:///tipsapi/config/read/.
Table 1: Supported Entity Names in Configuration API (Continued) API Entity Name Settings Description AuditPosture Specifies the Audit Posture servers such as NMAP and Nessus. EnforcementPolicy Specifies the Enforcement Policy that applies conditions (roles, health, and time attributes) against specific values associated with those attributes to determine the Enforcement Profile.
Table 1: Supported Entity Names in Configuration API (Continued) API Entity Name Settings Description TagDefinition Specifies the Entity Tag Definitions. GuestUser Specifies the Guest accounts managed by ClearPass Guest module. OnboardDevice Specifies the Onboard devices managed by ClearPass Onboard module. The source attribute with the value Guest must be used for the GuestUser and OnboardDevice entity types. For other entity types, do not need to include the source attribute.
Chapter 3 API Examples This section provides the examples of XML request and response used to perform the following tasks: l Retrieving a Guest User Value l Retrieving a Local User Value l Adding a Guest User Value l Updating a Guest User Value l Removing a Guest User l Using the Contains Match Operator Retrieving a Guest User Value Post the XML request to the URL https:///tipsapi/config/read/GuestUser.
startTime="2010-09-29 12:26:08.28" sponsorName="admin" guestType="USER" password="avenda123#" name="kang"> For other entity types, do not need to include the source attribute.
The following is an example of the XML response:
2. Extract the element-Ids and post the XML request to the URL https:///tipsapi/config/delete/ as described in the following example: PAGE 13 Failure InvalidFetchCriteria Invalid FieldName. 'macaddress' is not a field of Endpoint entity The source attribute with the value Guest must be used for the GuestUser and OnboardDevice entity types.
Chapter 4 Other API Methods The following other API methods are available in the ClearPass Configuration API: l NameList l Reorder l Status Change NameList The NameList method returns the list of names for all objects created for an Entity type. The XML request contains an EntityNameList request passed in the entity-type. Multiple EntityNameList requests can be passed for different Entity types. In the XML response, EntityNameList is populated with the entity-names.
The following is an example of the XML response for the Reorder method: PAGE 16Advanced Match Operations When multiple filters are specified, the result can be a combination of the list of elements of all of the filter criteria. For Match All criteria, specify the nested criteria as MoreFilterConditions. For Match any criteria, multiple Filters with criteria can be specified for the entity type. If a criteria is not specified, then the Advanced Match operation fetches all objects of the entity type.
Chapter 5 Best Practices This chapter describes the best practices to be followed to use the Dell Networking W-ClearPass Policy Manager Configuration API. Presently, the support for paged results for entities is not available. This can impact the system when the API query for entities with more than 50 entries. For example, a bulk query to get all Endpoints or ClearPass Guest accounts when there are hundreds of entries present in the system is challenging.