upsertIdentityServicesEngine
The upsertIdentityServicesEngine operation handles configuration related to IdentityServicesEngine model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| name | True | string | Name of the Identity Services Engine (ISE) configuration | |||
| description | False | string | A small description of the Identity Service Engine configuration Field level constraints: length must be between 0 and 200 (inclusive), must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| ftdCertificate | True | object | The internal certificate that the system must provide to Identity Services Engine (ISE) when connecting to ISE or when performing bulk downloads Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [InternalCertificate] |
|||
| pxGridCertificate | True | object | The trusted CA certificate for the pxGrid framework. If your deployment includes a primary and a secondary pxGrid node, the CA certificates for both nodes must be signed by the same certificate authority Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [ExternalCACertificate] |
|||
| mntCertificate | True | object | The trusted CA certificate for the MNT server in the Identity Services Engine (ISE) deployment. If your deployment includes a primary and a secondary MNT node, the CA certificates for both nodes must be signed by the same certificate authority Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [ExternalCACertificate] |
|||
| iseNetworkFilters | False | [object] | An optional list of network objects. If you define a network filter, Identity Services Engine (ISE) reports user activity on the specified networks only. The system receives no information from ISE for any other networks Allowed types are: [NetworkObject, NetworkObjectGroup] |
|||
| enabled | True | boolean | A boolean that specifies whether the Identity Services Engine (ISE) configuration is enabled. Values are true(enabled) or false(disabled) Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| subscribeToSessionDirectoryTopic | True | boolean | Toggles subscription to SessionDirectory pxGrid topic, handling user sessions. If no value is given, the subscription will be enabled by default Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| subscribeToSxpTopic | True | boolean | Toggles subscription to SXP pxGrid topic, handling SGT bindings. If no value is given, the subscription will be disabled by default Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| secondaryIseServer | False | string | If you are using a high availability (HA) configuration for the primary Identity Services Engine (ISE) server, the address of the secondary Identity Services Engine (ISE) server | |||
| primaryIseServer | False | string | The address of the primary Identity Services Engine (ISE) server | |||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| type | True | string | identityservicesengine | |||
Query Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| filter | False | string | The criteria used to filter the models you are requesting. It should have the following format: {key}{operator}{value}[;{key}{operator}{value}]. Supported operators are: "!"(not equals), ":"(equals), "~"(similar). Supported keys are: "name", "fts". The "fts" filter cannot be used with other filters. Default filtering for Upsert operation is done by name. | |||
Example
- name: Execute 'upsertIdentityServicesEngine' operation
ftd_configuration:
operation: "upsertIdentityServicesEngine"
data:
version: "{{ version }}"
name: "{{ name }}"
description: "{{ description }}"
ftdCertificate: "{{ ftd_certificate }}"
pxGridCertificate: "{{ px_grid_certificate }}"
mntCertificate: "{{ mnt_certificate }}"
iseNetworkFilters: "{{ ise_network_filters }}"
enabled: "{{ enabled }}"
subscribeToSessionDirectoryTopic: "{{ subscribe_to_session_directory_topic }}"
subscribeToSxpTopic: "{{ subscribe_to_sxp_topic }}"
secondaryIseServer: "{{ secondary_ise_server }}"
primaryIseServer: "{{ primary_ise_server }}"
id: "{{ id }}"
type: "{{ type }}"
query_params:
filter: "{{ filter }}"