Change of Authorization REST APIs
This chapter provides examples and describes how to use the following individual Change of Authorization (CoA) REST API calls that are supported in this release of Cisco Identity Services Engine.
Introduction
The CoA API calls provide the means for sending session authentication and session disconnect commands to a specified Cisco Monitoring ISE node in your Cisco ISE deployment.
CoA Session Management API Calls
The CoA session management API calls allow you to send reauthentication and disconnect commands to a specified session on a target Cisco Monitoring ISE node in your Cisco ISE deployment:
Session Reauthentication API Call
The Session Reauthentication API Call constitutes the following types:
Reauth API Output Schema
This sample schema file is the output of the Reauth API call after sending it to a specified session on the target Cisco Monitoring ISE node:
Invoking the Reauth API Call
Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).
Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.
Step 3 Click Login or press Enter.
For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:
Step 4 Enter the Reauth API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/CoA/<specific-api-call>/<macaddress>/
<reauthtype>:
Note You must carefully enter each API call in the URL Address field of a target node because these calls are case-sensitive. The use of “mnt” in the API call convention represents a Cisco Monitoring ISE node.
Step 5 Press Enter to issue the API call.
Sample Data Returned from the Reauth API Call
The following example illustrates the data returned when you invoke a Reauth API call on a target Cisco Monitoring ISE node. Two possible results can be returned from invoking this command:
- True indicates that the command was successfully executed.
- False means that the command was not executed (due to a variety of conditions).
Session Disconnect API Call
The Session Disconnect API call constitutes the following disconnect port option types:
Disconnect API Output Schema
This sample schema file is the output of the Disconnect API call after sending it to a specified session on the target Cisco Monitoring ISE node:
Invoking the Disconnect API Call
Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).
Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.
Step 3 Click Login or press Enter.
For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:
Step 4 Enter the Disconnect API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/CoA/<Disconnect>/<serverhostname>/
<macaddress>/<portoptiontype>/<nasipaddress>/<destinationipaddress>:
Note You must carefully enter each API call in the URL Address field of a target node because these calls are case-sensitive. The use of “mnt” in the API call convention represents a Cisco Monitoring ISE node.
Step 5 Press Enter to issue the API call.
Sample Data Returned from the Disconnect API Call
The following example illustrates the data returned when you invoke a Disconnect API call on a target Cisco Monitoring ISE node. Two possible results can be returned by invoking this command:
- True indicates that the command was successfully executed.
- False means that the command was not executed (due to a variety of conditions).