Security

Reply
MVP

Context Sever Action - cached action?

I've been trying to write myself a custom action (editting a working one slightly at first, before getting fancy) and have a puzzle.

I copied the PA Firewall "Send Login Info" action and edited the XML

before:

<uid-message><version>1.0</version><type>update</type><payload><login><entry name="%{user}" ip="%{ip}"/></login></payload></uid-message>

after:

<uid-message><version>1.0</version><type>update</type><payload><login><entry name="GO\%{user}" ip="%{ip}"/></login></payload></uid-message>

What I added was the Windows domain name "GO" and a backslash in front of the "user" attribute. It had the desired result, of updating the PA UserID table with the AD username as I'd hoped.

I have since further edited the action and keep getting the first edit's string sent to the PA. At first I thought it was a caching issue on the firewall, but now I think it's a caching issue on the CPPM side.

In debug mode on the PA, I have the XML string it received from CPPM:

[2018/07/05 14:57:02] user=6018746638718639
XML Api Request
 <request cmd='op' cookie='6018746638718639' target-vsys='vsys1' vsys='vsys1'><operations xml='yes'><set><user-id><data><![CDATA[
<uid-message><version>1.0</version><type>update</type><payload><login><entry ip="10.10.6.128" name="GO\matthew.sabin" /></login></payload></uid-message>
]]></data></user-id></set></operations></request>

[2018/07/05 14:57:02] user=6018746638718639
XML Api Request End

My edit currently says name="iPhone\{%user}" yet the domain of GO is still getting sent.

Where is this cached, and how do I clear it?

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: