addIdentityServicesEngine - Firepower Threat Defense API v6.2 (FTD v7.2)

Description

The addIdentityServicesEngine operation handles configuration related to IdentityServicesEngine model.
This API call is not allowed on the standby unit in an HA pair.

HTTP request

POST /api/fdm/v6/integration/identityservicesengine

Data Parameters

Parameter	Required	Type	Description
name	True	string	Name of the Identity Services Engine (ISE) configuration
description	False	string	A small description of the Identity Service Engine configuration Field level constraints: length must be between 0 and 200 (inclusive), must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
ftdCertificate	True	object	The internal certificate that the system must provide to Identity Services Engine (ISE) when connecting to ISE or when performing bulk downloads Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [InternalCertificate]
pxGridCertificate	True	object	The trusted CA certificate for the pxGrid framework. If your deployment includes a primary and a secondary pxGrid node, the CA certificates for both nodes must be signed by the same certificate authority Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [ExternalCACertificate]
mntCertificate	True	object	The trusted CA certificate for the MNT server in the Identity Services Engine (ISE) deployment. If your deployment includes a primary and a secondary MNT node, the CA certificates for both nodes must be signed by the same certificate authority Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [ExternalCACertificate]
iseNetworkFilters	False	[object]	An optional list of network objects. If you define a network filter, Identity Services Engine (ISE) reports user activity on the specified networks only. The system receives no information from ISE for any other networks Allowed types are: [NetworkObject, NetworkObjectGroup]
enabled	True	boolean	A boolean that specifies whether the Identity Services Engine (ISE) configuration is enabled. Values are true(enabled) or false(disabled) Field level constraints: cannot be null. (Note: Additional constraints might exist)
subscribeToSessionDirectoryTopic	True	boolean	Toggles subscription to SessionDirectory pxGrid topic, handling user sessions. If no value is given, the subscription will be enabled by default Field level constraints: cannot be null. (Note: Additional constraints might exist)
subscribeToSxpTopic	True	boolean	Toggles subscription to SXP pxGrid topic, handling SGT bindings. If no value is given, the subscription will be disabled by default Field level constraints: cannot be null. (Note: Additional constraints might exist)
secondaryIseServer	False	string	If you are using a high availability (HA) configuration for the primary Identity Services Engine (ISE) server, the address of the secondary Identity Services Engine (ISE) server
primaryIseServer	False	string	The address of the primary Identity Services Engine (ISE) server
type	True	string	identityservicesengine

Example

curl -X POST \
    --header "Accept: application/json" \
    --header "Authorization: Bearer ${ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    -d '{
        "description": "string",
        "enabled": true,
        "ftdCertificate": {
            "id": "string",
            "name": "string",
            "type": "string",
            "version": "string"
        },
        "id": "string",
        "iseNetworkFilters": [],
        "mntCertificate": {
            "id": "string",
            "name": "string",
            "type": "string",
            "version": "string"
        },
        "name": "string",
        "primaryIseServer": "string",
        "pxGridCertificate": {
            "id": "string",
            "name": "string",
            "type": "string",
            "version": "string"
        },
        "secondaryIseServer": "string",
        "subscribeToSessionDirectoryTopic": true,
        "subscribeToSxpTopic": true,
        "type": "identityservicesengine",
        "version": "string"
    }' \
    "https://${HOST}:${PORT}/api/fdm/v6/integration/identityservicesengine"

from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient


def get_client(host, token):
    http_client = RequestsClient()
    http_client.ssl_verify = False
    http_client.set_api_key(
        host,
        "Bearer {}".format(token),
        param_name="Authorization",
        param_in="header"
    )
    return SwaggerClient.from_url(
        "https://{}/apispec/ngfw.json".format(host),
        http_client=http_client,
        config={
            "validate_responses": False,
            "validate_swagger_spec": False
        }
    )


def add_identity_services_engine(client, body):
    return client.IdentityServicesEngine.addIdentityServicesEngine(
        body=body
    ).response().result


if __name__ == "__main__":
    host = "ftd.example.com"
    token = "access_token"
    client = get_client(host, token)

    body = {'description': 'string',
 'enabled': True,
 'ftdCertificate': {'id': 'string',
                    'name': 'string',
                    'type': 'string',
                    'version': 'string'},
 'iseNetworkFilters': [],
 'mntCertificate': {'id': 'string',
                    'name': 'string',
                    'type': 'string',
                    'version': 'string'},
 'name': 'string',
 'primaryIseServer': 'string',
 'pxGridCertificate': {'id': 'string',
                       'name': 'string',
                       'type': 'string',
                       'version': 'string'},
 'secondaryIseServer': 'string',
 'subscribeToSessionDirectoryTopic': True,
 'subscribeToSxpTopic': True,
 'type': 'identityservicesengine'}

    add_identity_services_engine(client, body)