cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
764
Views
0
Helpful
3
Replies

ISE1.4 and XenMobile API Request Changes?

Peter Lyttle
Level 1
Level 1

Hi,

 

Has anyone seen an issue with Cisco ISE 1.4 failing compliance checks with Citrix XenMobile 9.0 (patch 9996 & 9989 installed).  From decrypting the HTTPS sessions ISE 1.3 looks to have sent the request in the following format -

 

http://xenmobile.domain/zdm/ciscoise/devices/0/macaddress/<MAC>/all  - this would return 

  1. <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2. <ise_api>
  3. <name>attributes</name>
  4. <api_version>1</api_version>
  5. <paging_info>0</paging_info>
  6. <deviceList>
  7. <device>
  8. <macaddress><MAC></macaddress>
  9. <attributes>
  10. <register_status>true</register_status>
  11. <compliance>
  12. <status>false</status>
  13. <failure_reason>Device out of compliance</failure_reason>
  14. <remediation>Device out of compliance to policy... Please contact your Administrator</remediation>
  15. </compliance>
  16. <disk_encryption_on>true</disk_encryption_on>
  17. <pin_lock_on>false</pin_lock_on>
  18. <jail_broken>false</jail_broken>
  19. <manufacturer>Apple</manufacturer>
  20. <serial_number><SERIAL></serial_number>
  21. <os_version>iOS</os_version>
  22. <model>iPad</model>
  23. <phone_number />
  24. </attributes>
  25. </device>
  26. </deviceList>
  27. </ise_api>

 

However in Cisco ISE 1.4 it seems to send the format - http://xenmobile.domain/zdm/ciscoise/devices/0/compliance/false/all  which returns the following (if a device is compliant or not)

 

  1. <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2. <ise_api>
  3. <name>attributes</name>
  4. <api_version>1</api_version>
  5. <paging_info>0</paging_info>
  6. <deviceList>
  7. <device>
  8. <attributes> <compliance />
  9. </attributes>
  10. </device>
  11. </deviceList>
  12. </ise_api>

 

Has anyone seen this or got a fix for it?

 

Thanks,

Peter

3 Replies 3

Peter Lyttle
Level 1
Level 1

Citrix have advised that a patch will be required due to the changed format of the API request from Cisco ISE 1.4 to XenMobile.  I will update later with the patch number (likely a private patch)

FYI, private patch a_patch_900_9948.jar was issued by Citrix which looks to return values when a device is out of compliance now.

http://support.citrix.com/article/CTX201557