cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

390
Views
0
Helpful
3
Replies
Peter Lyttle
Beginner

ISE1.4 and XenMobile API Request Changes?

Hi,

 

Has anyone seen an issue with Cisco ISE 1.4 failing compliance checks with Citrix XenMobile 9.0 (patch 9996 & 9989 installed).  From decrypting the HTTPS sessions ISE 1.3 looks to have sent the request in the following format -

 

http://xenmobile.domain/zdm/ciscoise/devices/0/macaddress/<MAC>/all  - this would return 

  1. <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2. <ise_api>
  3. <name>attributes</name>
  4. <api_version>1</api_version>
  5. <paging_info>0</paging_info>
  6. <deviceList>
  7. <device>
  8. <macaddress><MAC></macaddress>
  9. <attributes>
  10. <register_status>true</register_status>
  11. <compliance>
  12. <status>false</status>
  13. <failure_reason>Device out of compliance</failure_reason>
  14. <remediation>Device out of compliance to policy... Please contact your Administrator</remediation>
  15. </compliance>
  16. <disk_encryption_on>true</disk_encryption_on>
  17. <pin_lock_on>false</pin_lock_on>
  18. <jail_broken>false</jail_broken>
  19. <manufacturer>Apple</manufacturer>
  20. <serial_number><SERIAL></serial_number>
  21. <os_version>iOS</os_version>
  22. <model>iPad</model>
  23. <phone_number />
  24. </attributes>
  25. </device>
  26. </deviceList>
  27. </ise_api>

 

However in Cisco ISE 1.4 it seems to send the format - http://xenmobile.domain/zdm/ciscoise/devices/0/compliance/false/all  which returns the following (if a device is compliant or not)

 

  1. <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2. <ise_api>
  3. <name>attributes</name>
  4. <api_version>1</api_version>
  5. <paging_info>0</paging_info>
  6. <deviceList>
  7. <device>
  8. <attributes> <compliance />
  9. </attributes>
  10. </device>
  11. </deviceList>
  12. </ise_api>

 

Has anyone seen this or got a fix for it?

 

Thanks,

Peter

3 REPLIES 3
Peter Lyttle
Beginner

Citrix have advised that a patch will be required due to the changed format of the API request from Cisco ISE 1.4 to XenMobile.  I will update later with the patch number (likely a private patch)

FYI, private patch a_patch_900_9948.jar was issued by Citrix which looks to return values when a device is out of compliance now.

http://support.citrix.com/article/CTX201557 

Content for Community-Ad