I've been trying to write myself a custom action (editting a working one slightly at first, before getting fancy) and have a puzzle.
I copied the PA Firewall "Send Login Info" action and edited the XML
before:
<uid-message><version>1.0</version><type>update</type><payload><login><entry name="%{user}" ip="%{ip}"/></login></payload></uid-message>
after:
<uid-message><version>1.0</version><type>update</type><payload><login><entry name="GO\%{user}" ip="%{ip}"/></login></payload></uid-message>
What I added was the Windows domain name "GO" and a backslash in front of the "user" attribute. It had the desired result, of updating the PA UserID table with the AD username as I'd hoped.
I have since further edited the action and keep getting the first edit's string sent to the PA. At first I thought it was a caching issue on the firewall, but now I think it's a caching issue on the CPPM side.
In debug mode on the PA, I have the XML string it received from CPPM:
[2018/07/05 14:57:02] user=6018746638718639
XML Api Request
<request cmd='op' cookie='6018746638718639' target-vsys='vsys1' vsys='vsys1'><operations xml='yes'><set><user-id><data><![CDATA[
<uid-message><version>1.0</version><type>update</type><payload><login><entry ip="10.10.6.128" name="GO\matthew.sabin" /></login></payload></uid-message>
]]></data></user-id></set></operations></request>
[2018/07/05 14:57:02] user=6018746638718639
XML Api Request End
My edit currently says name="iPhone\{%user}" yet the domain of GO is still getting sent.
Where is this cached, and how do I clear it?