Calling the Directory Connector API Manually
The "User Notification API" is an app running on the NGFW that allows external sources, like an Active Directory Server, to tell the NGFW that a user has logged in on a specific IP address.
This API can be called:
- manually from any web browser on the local network
- via the User Notification Login Script (UNLS)
- via the Active Directory Server Login Monitor Agent(ADLM)
- via any custom script or external program
The API lives at http://InternalIP/userapi/registration on the NGFW and can be called with any combination of the following arguments:
NOTE: The table above has been color coded to illustrate how to build the URL using the arguments in as clear a manner as possible. The matching argument usage in the URL's below will be the same color. The order that the arguments are declared is arbitrary, so the example below will not be in the same order as the table above.
You have the NGFW configured with an internal IP address of 192.168.1.1. The Directory Connector is not set with any Shared Secret. You now want to associate the username "testuser", on a local computer named "Test-PC", to the IP address 192.168.1.100.
There are 4 arguments that need to be passed in the API call for this to work:
The resulting URL that you would enter into your browser to call the API would look like this:
To remove the association for that username mapping and simulate when that client logs out, you only need to specify the action and the IP. Since this information is stored in the Host Table on the NGFW the IP is the only piece of information needed to identify which entry to remove.
The URL to remove the association we added above would look like this:
Please sign in to leave a comment.