Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 2759 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change OTP token's user via API

Ondřej Valentík

Hello,

I want to change users of all OTP tokens on all of our firewalls because of domain change. Users with new domain already exists on the firewalls and I can change them manually via web GUI, but as we are talking about hundreds of tokens here, I prefer to use the script and XML API.

I have tried it with the following request, but it ends with  <Status code="500">Operation could not be performed on Entity.</Status>

xxxxx:4444/.../APIController operation="update"><OTPTokens transactionid=""><tokenid>d5b3a69c988b43b08811070c214c75b6</tokenid><user>user@domain.com</user></OTPTokens></Set></Request>

Unfortunately, the API manual is not much detailed and I don’t know if <tokened> tag is enough for token identification or I have to fulfil aditional information too.

 

I'm testing it on XG210 (SFOS 19.0.1 MR-1-Build365).

Have you anybody experience with this API?

Thank you,

Ondrej



This thread was automatically locked due to age.
Parents
  • 0

    Try to do a get first. Check which data is released by the firewall and then adapt your entries with a set. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So you mean I have to use all tags/data from GET (not only tokenid), change the <user> only and send it back with SET?

  • +1 in reply to Ondřej Valentík

    Something like that should work. This is the best approach to any API, to simply check, what the product is giving you and alter the data and send it back. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    OK. The <secret> is the main identificator of the token, not <tokenid>. No other tags are needed if you don't want to change them.

    Thank you for showing me the way.

  • 0 in reply to LuCar Toni

    Sorry. My mistake - it's not working. There is no error code returned now, but also the operation itself is not proceeded. I'm unable to even change the comment of OTP token, which should be the easiest operation.

    Actually there is no <OTPTokens> part in response at all when I use <secret> tag in request:

    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1900.1" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    </Response>

    When don't use <secret> tag in request, there is an error code 500:

    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1900.1" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <OTPTokens transactionid="">
    <Status code="500">Operation could not be performed on Entity.</Status>
    </OTPTokens>
    </Response>

  • 0 in reply to Ondřej Valentík

    I think secret and tokenid both required. Please check with them.
    Example: 
    <Set><OTPTokens><tokenid>d5b3a69c988b43b08811070c214c75b6</tokenid><secret>12345678912345678912345678912344</secret><user>user@domain.com</user></OTPTokens></Set>

Reply Children
Unfiltered HTML