11-09-2016 03:10 AM
The APIs accept application username and password and only the end user's ID this is not same as built in app in ipphone which accepts end users userid and pin.
Concern:
1.If the API doesn't ask for end user pin then it can be misused by anyone who knows the userid.
2.instead of app user credentials i can use end user's credentials but entering the password is difficult given it's complexity, pin would be easy to enter but in API there is no such option and i tried pin in <appCertificate> field and authentication fails
11-09-2016 03:59 PM
Your application can implement whatever secure method it wants to (including none - which as you mention is not very practical.) If the user's PIN is present in LDAP or some other back-end data source then you can query/authenticate there.
One option is to use the CUCM AXL SOAP API <doAuthenticateUser> request, which allows authenticating a user via username+pin (in addition to username+password), e.g.:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">
<soapenv:Header/>
<soapenv:Body>
<ns:doAuthenticateUser>
<userid>dstaudt</userid>
<pin>123456</pin>
</ns:doAuthenticateUser>
</soapenv:Body>
</soapenv:Envelope>
--------------------------
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns:doAuthenticateUserResponse xmlns:ns="http://www.cisco.com/AXL/API/10.5">
<return>
<userAuthenticated>true</userAuthenticated>
<code>0</code>
<daysToExpiry>0</daysToExpiry>
</return>
</ns:doAuthenticateUserResponse>
</soapenv:Body>
</soapenv:Envelope>
If you are already going to use AXL, then it may be convenient to go ahead and use the AXL <doDeviceLogin> request, which does essentially the same thing that the EMAPI login request does:
https://developer.cisco.com/site/axl/
https://developer.cisco.com/media/axl-schema-11-5/Files/AXLSoap_doAuthenticateUser.html#Link3FF
https://developer.cisco.com/media/axl-schema-11-5/Files/AXLSoap_doDeviceLogin.html#Link407
11-10-2016 01:05 AM
Thanks for the response,
1. Is there any AXL to set or change the PIN?
2. I tried login using the below xml, getting this error, ERROR: A character to numeric conversion process failed
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">
<soapenv:Header/>
<soapenv:Body>
<ns:doDeviceLogin>
<deviceName>MACADDRESS/UUID</deviceName>
<userId>dstaudt</userId>
</ns:doDeviceLogin>
</soapenv:Body>
</soapenv:Envelope>
11-10-2016 02:25 PM
1. The AXL <updateUser> request can be used to change the pin:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">
<soapenv:Header/>
<soapenv:Body>
<ns:updateUser>
<userid>dstaudt</userid>
<pin>123456</pin>
</ns:updateUser>
</soapenv:Body>
</soapenv:Envelope>
2. It looks like you are missing the <loginDuration> and <profileName> elements from the request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">
<soapenv:Header/>
<soapenv:Body>
<ns:doDeviceLogin>
<deviceName>IPCMRAEU5UCM5X7</deviceName>
<loginDuration>60</loginDuration>
<profileName>CIPC SCCP Device Profile</profileName>
<userId>dstaudt</userId>
</ns:doDeviceLogin>
</soapenv:Body>
</soapenv:Envelope>
11-24-2016 04:23 AM
Thanks for the response it was very helpful,
1. Iam looking for AXL SOAP request for getting the policy details so that i can send the response based on the policy during pin change, i.e. regarding length of the pin
2. is there any guide where i can get the details of the AXL SOAP requests and response?
11-28-2016 11:44 AM
It looks like the password/PIN settings can vary per user, and are stored in the 'credentials' table:
https://developer.cisco.com/media/ucm-dd-11-5/index.html#credential
and related tables, like 'credentialspolicy'
The main reference for AXL requests is the schema reference here:
https://developer.cisco.com/site/axl/documents/latest-version/axl-soap.gsp
however when dealing with individual table access via <executeSqlQuery>, you will want to refer to the Data Dictionary:
https://developer.cisco.com/site/axl/documents/latest-version/datadictionary11-5.gsp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide