Solved: PxGrid API for getAssets not working

AK9751 · ‎08-05-2019

Hi,

I am trying-out PxGrid, and trying to use the PxGrid client both to Publish and Subscribe to endpoint assets.

I am following these resources -

For context-in code - https://developer.cisco.com/docs/pxgrid/#!pxgrid-context-in

For getting info on all assets - https://d1nmyq4gcgsfi5.cloudfront.net/fileMedia/ea02ce59-2668-441a-601d-0c6ca59d8bf4/CiscopxGrid20_je.pdf [Page 127]

I am successfully able to publish endpoint information and to subscribe to it as well. However, my initial use-case goes like this-

"Create a PxGrid client and a pub-sub service which publishes endpoint asset information; create a subscription to this service and retrieve newly created endpoints; Use the [restBaseURL]/getAssets to get the info on already present assets for first time use."

I am doing the following -

1. Create a PxGrid client and a publisher to publish Endpoint Asset information - Successful

Sample code for publisher service-

sessionProperties.put("wsPubsubService", "com.cisco.ise.pubsub");
sessionProperties.put("assetTopic", "/topic/com.cisco.endpoint.asset");
sessionProperties.put("restBaseUrl", "https://" + config.getHostnames()[0] + ":8910/pxgrid/ind/asset/");
ServiceRegisterResponse response = control.serviceRegister("com.cisco.endpoint.asset", sessionProperties);

2. Create a PxGrid client and subscribe to the above and get information on endpoint asset as it is published - Successful

Sample code -

executor.scheduleWithFixedDelay(() -> {
    try {
        endpoint.subscribe(new StompSubscription("/topic/com.cisco.endpoint.asset", new EndpointAssetHandler()));
    } catch (IOException e) {
        logger.error("Publish failure");
    }
}, 0, 5, TimeUnit.SECONDS);

With this, as I said, I am successfully able to get info on the NEW assets.

3. However, imagine that I have endpoint assets which are pre-registered in ISE. So I do something like -

Service[] services = https.serviceLookup("com.cisco.endpoint.asset");

Service service = services[0];
String url = service.getProperties().get("restBaseUrl") + "getAssets";
logger.info("url={}", url);

// pxGrid AccesssSecret for the node
String secret = https.getAccessSecret(service.getNodeName());

//SessionQueryRequest request = new SessionQueryRequest();
//request.startTimestamp = startTimestamp;
SampleHelper.postObjectAndPrint(url, config.getNodeName(), secret, config.getSSLContext().getSocketFactory(), "");

I am getting the following error -

12:34:50.186 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountCreate request={"nodeName":"macSub"}
12:34:50.504 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountCreate response={"nodeName":"macSub","password":"MKrcmgdnWHErLG25","userName":"macSub"}
Password: MKrcmgdnWHErLG25
12:34:50.511 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate request={}
12:34:50.690 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate response={"accountState":"PENDING","version":"2.0.0.13"}
12:35:50.695 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate request={}
12:35:50.714 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate response={"accountState":"ENABLED","version":"2.0.0.13"}
12:35:50.714 [main] INFO com.cisco.pxgrid.samples.ise.SessionQueryAll - pxGrid controller version=2.0.0.13
12:35:50.722 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - ServiceLookup request={"name":"com.cisco.endpoint.asset"}
12:35:50.748 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - ServiceLookup response={"services":[{"name":"com.cisco.endpoint.asset","nodeName":"mac1","properties":{"wsPubsubService":"com.cisco.ise.pubsub","restBaseUrl":"https://<ISE_IP>:8910/pxgrid/ind/asset/","assetTopic":"/topic/com.cisco.endpoint.asset"}}]}
12:36:11.727 [main] INFO com.cisco.pxgrid.samples.ise.SessionQueryAll - url=https://<ISE_IP>:8910/pxgrid/ind/asset/getAssets
12:36:40.250 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret request={"peerNodeName":"mac1"}
12:36:40.486 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret response={"secret":"95v8KD3EF86RI1eA"}
12:37:04.589 [main] INFO com.cisco.pxgrid.samples.ise.SampleHelper - postData=""
12:37:04.716 [main] INFO com.cisco.pxgrid.samples.ise.SampleHelper - Response status=401
Content: <h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p>
<b>Message</b> No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken</p>
<p><b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3></h3></body></html>

The error says - 401 Unauthorized, however, I have correctly retrieved the secret for the publishing service and the peerNodeName and used that for authentication.

Also, I can, as I said, subscribe, and get the newly published endpoint assets.

I know that I can get the existing endpoint asset information directly from the ISE API, however, since the above is advocated as the NEW way of doing things, and to maintain consistency by using ONLY ONE set of API's, it would be great to know where I am going wrong.

Thanks.

jeppich · ‎08-06-2019

Hi,

Please email me directly.

Thanks,

John

jeppich@cisco.com

View solution in original post

hslai · ‎08-06-2019

I would suggest you to try using a certificate to authenticate. And, will also ask John to take a look.

PS: I moved your discussion to the security developer support forum for DevNet.

jeppich · ‎08-06-2019

Hi,

Please email me directly.

Thanks,

John

jeppich@cisco.com