Security

I'm trying to build a search function against the Endpoints database leveraging the API. If I specify macAddress or a device attribute I get results, but I cannot seem to filter on any other endpoint field names, such as hostname.

In an effort to make this a more global search option, I also want to be able to specify multiple attributes in a "match any" capacity. I have read this can be done by specifying multiple filter criteria (http://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/B%20ClearPass%20Configuration%20API/API_overview.htm), however when I specify multiple search criteria, I get no results even when one of the search criteria returns data.

The XML API is being deprecated and will not receive any new development going forward. I would suggest that you take a look at the REST API. The API is self-documenting and can be accessed directly through the ClearPass UI by browsing to https://CPPM/api-docs. There is a technote on the support site (ClearPass REST APIs.pdf) that provides additional information.

For your particular use case, you could issue a query similar to this:

curl -X GET \
-H "Accept: application/json" \
-H "Authorization: Bearer b84ab84ab8a4b453a8bd5d5d58bba8" \
'https://CPPM/api/endpoint?filter=%7B%22%24or%22%3A%5B%20%7B%22status%22%3A%22Known%22%7D%2C%20%7B%22mac_address%22%3A%7B%22%24contains%22%3A%220000%22%7D%7D%20%5D%7D&sort=%2Bid&offset=0&limit=10&calculate_count=false'

The filter query is a urlencoded version of this:

filter={"$or":[{"status":"Known"},{"mac_address":{"$contains":"0000"}}]}

See the api-docs for all the various filter constructs you can use.

Thank you - I took a look at the REST API and have it working with your curl example, but translating the same into Perl/LWP is giving me a 403 error. I know the bearer token is valid as the curl works - below is the Perl code snippet.

my $base_url = "https://[CPPM]/api/endpoint?filter=";

my $filter = '{"$or":[{"status":"Known"},{"mac_address":{"$contains":"00:00:00"}}]}';

my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 1 });

my $request = HTTP::Request->new('GET',$base_url.$filter);

$request->header('Accept' => 'application/json', 'Authorization' => 'Bearer: [token]');

my $response = $ua->request($request);

print Dumper $response;

The output from the above script:

$VAR1 = bless( {
                 '_protocol' => 'HTTP/1.1',
                 '_content' => '{"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html","title":"Forbidden","status":403,"detail":"Forbidden"}',
                 '_rc' => '403',
                 '_headers' => bless( {
                                        'connection' => 'close',
                                        'x-powered-by' => 'PHP/5.6.30',
                                        'client-response-num' => 1,
                                        'date' => 'Thu, 29 Jun 2017 14:38:29 GMT',
                                        'vary' => 'X-Forwarded-For',
                                        'client-ssl-cert-issuer' => '[REDACTED]',
                                        'client-ssl-cipher' => 'AES128-SHA',
                                        'client-peer' => '[CPPM-IP]:443',
                                        'content-length' => '119',
                                        '::std_case' => {
                                                          'client-date' => 'Client-Date',
                                                          'x-powered-by' => 'X-Powered-By',
                                                          'client-response-num' => 'Client-Response-Num',
                                                          'client-ssl-cert-subject' => 'Client-SSL-Cert-Subject',
                                                          'client-ssl-cert-issuer' => 'Client-SSL-Cert-Issuer',
                                                          'client-ssl-cipher' => 'Client-SSL-Cipher',
                                                          'client-peer' => 'Client-Peer',
                                                          'client-ssl-socket-class' => 'Client-SSL-Socket-Class'
                                                        },
                                        'client-date' => 'Thu, 29 Jun 2017 14:38:29 GMT',
                                        'content-type' => 'application/problem+json',
                                        'client-ssl-cert-subject' => '[REDACTED]',
                                        'server' => 'Apache',
                                        'client-ssl-socket-class' => 'IO::Socket::SSL'
                                      }, 'HTTP::Headers' ),
                 '_msg' => 'Forbidden',
                 '_request' => bless( {
                                        '_content' => '',
                                        '_uri' => bless( do{\(my $o = 'https://[CPPM]/api/endpoint?filter=%7B%22$or%22:[%7B%22status%22:%22Known%22%7D,%7B%22mac_address%22:%7B%22$contains%22:%2200:00:00%22%7D%7D]%7D')}, 'URI::https' ),
                                        '_headers' => bless( {
                                                               'user-agent' => 'libwww-perl/6.26',
                                                               'accept' => 'application/json',
                                                               '::std_case' => {
                                                                                 'if-ssl-cert-subject' => 'If-SSL-Cert-Subject'
                                                                               },
                                                               'authorization' => 'Bearer: [token]'
                                                             }, 'HTTP::Headers' ),
                                        '_method' => 'GET',
                                        '_uri_canonical' => bless( do{\(my $o = 'https://[CPPM]/api/endpoint?filter=%7B%22$or%22:[%7B%22status%22:%22Known%22%7D,%7B%22mac_address%22:%7B%22$contains%22:%2200:00:00%22%7D%7D]%7D')}, 'URI::https' )
                                      }, 'HTTP::Request' )
               }, 'HTTP::Response' );