Security

Hi,

 

has anyone tried to do the integration with XenMobile 10.x. The Soap API wich is default in Clearpass - external servers is depracted.

So you would have to do a Generic HTTP integration to a REST API with JSON. Has anyone done this yet? (So I can save a little bit of work ;-) )

 

Best, Johnny

Joahnn,

 

We have a native integration with Citrix Xenmobile.... take a look at my MDM TechNote, find it here.....Tech Note: ClearPass Enterprise Mobility Management Integration V5 

Hi Danny,

 

thank you for your reply. I know the native integration and the document. But it is now longer valid with XenMobile  versions > 10, because the interface was depracted. What remains is a Rest API.

 

See the attachments.

 

Best regards, 

Johnny

 

So I've just verified CPPM integration between CPPM 6.6.3 and Xenmobile 10.4. It took me a few days to get my environment back on online sorry for the delay.

I have always tried to cennect on port 4443. Just reverted to 443. Now it works.

 

Thank you for your help!

 

Johnny

Can you provide the exact server url you are using to connect to the xenmobile server?  I am setting up CPPM 6.5.7 to Xenmobile 10.4 for the first time and I can't seem to pass the credentials correctly using the xenmobile context server setup dialog in cppm.

Hi, attached is a screenshot of those settings. I am using Clearpass 6.6.3.

Thanks!  The admin changed the instance name to zdmt instead of zdm so I edited the the url in your screenshot and I am able to poll now.  Thank you.

I am glad that you had success.

Please can you let us know permission required in XenMobile for account used in Clearpass?

XenMobile User Guide: "The web services APIs are designed to connect over
HTTP(S) and require an administrator account for authentication"

XenMobile User Guide: "The web services APIs are designed to connect over
HTTP(S) and require an administrator account for authentication"

Hi Bhavesh,

 

I had to use full administrative rights = the default admin role. I tried a role with API only rights but did not have success.

 

Regards, Johann

I concur that in my XEN 10.4 / CPPM environment the account I use is an ADMIN level account.

 

HTH.

 

I'm working on a new deployment for a customer and trying to integrate XenMobile 10.7 with ClearPass 6.6.8.  The XenMobile deployment is an on-prem solution.  I've added their XenMobile server / URL and I'm getting the error message "Failed to fetch Endpoint details...  Error code: 500 Verify Proxy settings, Server credentials and retry".  I'm able to use the same credentials to log into their portal so I know the username and password are correct.  The attached images show the current settings.  I've tried removing the 4443 port indicator to no avail.  Curious if something has changed with how these two solutions integrate.

I'm running 10.4, I've just reached out to Citrix to get my tenant upgraded, then I can confirm functionality. 

 

In respect of on-prem it should work and we've not ever seen or heard of issues with on-prem to cloud not working.

 

Let me get 10.7 deployed and verify that first.

Note, did you see in my MDM TechNote the reference for Xenprise on-prem specifically?

 

https://<IP or FQDN>/zdm/nac

I concur. Try running ist on https port 443 instead of 4443. 

Please verify that your xenmobile instance is named zdm. Otherwise you have to change that too

 

Regards

Johnny

I've tried both of those and I've verified that the instance name is correct and still no dice.

Attached are the settings and error messages I'm seeing.

Does your svcNAC user have full admin rights in xenmobile ?

It does, per my customer.

Issue appears to be resolved.  It would appear that the server name and the server url need to match on the settings page.  I also removed the :4443 port setting and left this as https://<server_ip>/zdm/nac and triggered a poll and all is working correctly now.