Security

 View Only

Context Sever Action - cached action?

This thread has been viewed 0 times
  • 1.  Context Sever Action - cached action?

    Posted Jul 05, 2018 05:16 PM

    I've been trying to write myself a custom action (editting a working one slightly at first, before getting fancy) and have a puzzle.

    I copied the PA Firewall "Send Login Info" action and edited the XML

    before:

    <uid-message><version>1.0</version><type>update</type><payload><login><entry name="%{user}" ip="%{ip}"/></login></payload></uid-message>

    after:

    <uid-message><version>1.0</version><type>update</type><payload><login><entry name="GO\%{user}" ip="%{ip}"/></login></payload></uid-message>

    What I added was the Windows domain name "GO" and a backslash in front of the "user" attribute. It had the desired result, of updating the PA UserID table with the AD username as I'd hoped.

    I have since further edited the action and keep getting the first edit's string sent to the PA. At first I thought it was a caching issue on the firewall, but now I think it's a caching issue on the CPPM side.

    In debug mode on the PA, I have the XML string it received from CPPM:

    [2018/07/05 14:57:02] user=6018746638718639
    XML Api Request
     <request cmd='op' cookie='6018746638718639' target-vsys='vsys1' vsys='vsys1'><operations xml='yes'><set><user-id><data><![CDATA[
    <uid-message><version>1.0</version><type>update</type><payload><login><entry ip="10.10.6.128" name="GO\matthew.sabin" /></login></payload></uid-message>
    ]]></data></user-id></set></operations></request>
    
    [2018/07/05 14:57:02] user=6018746638718639
    XML Api Request End

    My edit currently says name="iPhone\{%user}" yet the domain of GO is still getting sent.

    Where is this cached, and how do I clear it?