Security

I am trying to leverage the ClearPass APIs to update endpoints on a separate ClearPass cluster.  I am able to issue the API request using API explorer or even from my system's command line using curl.

I setup the configuration in the following way, please let me know if I'm missing something.

1. Create an API client under ClearPass Guest -> Administration -> API Services -> API Clients
   1. Setup grant type to client credentials
2. Create Endpoint Context Server (Generic HTTP)
   1. Use Client Id and Secret from previous step
   2. OAuth2 Resource URL /api/oauth
3. Create Endpoint Context Server Action
   1. Reference Server from step 2
   2. Configure HTTP Method, URL, Headers and Content based on infromation from API Explorer
4. Create an Enforcement Profile (HTTP)
   1. Target Server from step 2
   2. Action from step 3
5. Create Enforcement Policy Rule applying enforcement profile created in step 4

Looking in access tracker the enforcement profile I created is being triggered, however I never see the API request being made on the other system.  I can validate the server in step 2 sucessfully, and I see a log message in the application log that a access token was created when I validate.  Also took a packet capture and I do not see any tcp/443 traffic between the two systems.

Any help would be appreciated.

I wanted to start simple so my API call right now is just updating the description of an endpoint on another Clearpass instance.

I can trigger it from access tracker or endpoints and it works as expected.  However when I create a rule in my enforcement policy to call the action from an enforcement profile, nothing happnes.  Access tracker makes it look like it is, but if I look at the application log no API is made.

No the payload to update a description is basically just a string.

Here are screenshots from my endpoint context server configuration.

I already have a TAC case open, awaiting feedback.