Session Query for All Authenticated Sessions

The pxGrid client queries the session topic for all authenticated sessions. To view the available seession attributes, please visit: Session Directory Topic

Code Step-Through

The references that are applicable to pxGrid 2.0 are highlighhted

The public class SessionQueryAll calls timestamp

The private static void downloadUsingAccessSecret calls the SampleConfigurationObject. Ths SampleConfig object is parsed for pxGrid hostnames, pxGrid client certificates, identity keystore filename and password, truststore filename and password, and password if pre-shared keys are used for the initial connection.

We get the pxGrid client configuration account which contains the approved pxGrid client account and registered and connected to the ISE pxGrid node via access secret.

For // pxGrid ServiceLookup for session service, we lookup the session service, com.cisco.ise.session, since we are interested in obtaining the session information. The session service can be found:Github. This returns a list of the ISE nodes that are publishing the restBaseURL that will be used for WebSockets REST API calls.

For // Use first service. Note that ServiceLookup randomize ordering of services. The pubsub service provides a list of ISE pxGrid nodes, if you have Active/Active.
For example if you have (3) ISE pxGrid nodes, the value is randomized so you will only connect to one pxGrid node. However the service will be shared across all three ISE pxGrid nodes, this distributes the load.

For //Account Activate, we wait 60 seconds for the account to be enabled. The ISE admin need to approve the pxGrid client account. We retrieve the pxGrid controller version.

For //pxGrid AccessSecret for the node we retrieve the accesssecret from the iSE pxGrid node and make a SessionQueryRequest and include the startTimestamp

Main parses the SampleConfiguration config file. The sample config object contains the pxGrid client connection parameters such as the pxGrid hostname, identity filename (.jks file) and trusted keystore filesname (.jks file) or pre-share keys if implemented.

For //Account Activate, we wait 60 seconds for the account to be enabled. The ISE admin need to approve the pxGrid client account. We retrieve the pxGrid controller version.

For //pxGrid get AccessSecret, we receive all authenticated sessions

Complete Java SampleCode

 /**
 * Demonstrates how to query all sessions from ISE Session Directory service
 */
public class SessionQueryAll {
    private static Logger logger = LoggerFactory.getLogger(SessionQueryAll.class);
    
    private static class SessionQueryRequest {
        OffsetDateTime startTimestamp;
    }
    private static void downloadUsingAccessSecret(SampleConfiguration config)  s{
        OffsetDateTime startTimestamp = SampleHelper.promptDate("Enter start time (ex. '2015-01-31T13:00:00-07:00' or <enter> 		for no start time): ");
        
        PxgridControl https = new PxgridControl(config);
    
        // pxGrid ServiceLookup for session service
        Service[] services = https.serviceLookup("com.cisco.ise.session");
        if (services == null || services.length == 0) {
            logger.warn("Service unavailabe");
            return;
        }
        
    // Use first service
        Service service = services[0];
        String url = service.getProperties().get("restBaseUrl") + "/getUserGroups";
        logger.info("url={}", url);
        
        // pxGrid AccesssSecret for the node
        String secret = https.getAccessSecret(service.getNodeName());

        SessionQueryRequest request = new SessionQueryRequest();
        request.startTimestamp = startTimestamp;
        SampleHelper.postObjectAndPrint(url, config.getNodeName(), secret,     config.getSSLContext().getSocketFactory(), request);
    }
    
    public static void main(String [] args) throws Exception {
        // Parse arguments
        SampleConfiguration config = new SampleConfiguration();
        try {
            config.parse(args);
        } catch (ParseException e) {
            config.printHelp("SessionQueryAll");
            System.exit(1);
        }

        // AccountActivate
        PxgridControl control = new PxgridControl(config);
        while (control.accountActivate() != AccountState.ENABLED)
            Thread.sleep(60000);
        logger.info("pxGrid controller version={}", control.getControllerVersion());

        downloadUsingAccessSecret(config);
    }
}

Sample Output

------ config ------
  hostname = ise24fc3.lab10.com
  hostname = 192.168.1.244
  nodename = mac05
  password = (not specified)
  description = (not specified)
  keystorefilename = /Applications/master_rest_samples/sw1.jks
  keystorepassword = Cisco123
  truststorefilename = /Applications/master_rest_samples/sw1root.jks
  truststorepassword = Cisco123
--------------------
13:43:42.049 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate request={}
13:43:42.666 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate response={"accountState":"ENABLED","version":"2.0.0.13"}
13:43:42.666 [main] INFO com.cisco.pxgrid.samples.ise.SessionQueryAll - pxGrid controller version=2.0.0.13
Enter start time (ex. '2015-01-31T13:00:00-07:00' or <enter> for no start time): 

13:43:53.149 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - ServiceLookup request={"name":"com.cisco.ise.session"}
13:43:53.218 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - ServiceLookup response={"services":[{"name":"com.cisco.ise.session","nodeName":"ise-mnt-ise24fc3","properties":{"sessionTopic":"/topic/com.cisco.ise.session","groupTopic":"/topic/com.cisco.ise.session.group","wsPubsubService":"com.cisco.ise.pubsub","restBaseURL":"https://ise24fc3.lab10.com:8910/pxgrid/mnt/sd","restBaseUrl":"https://ise24fc3.lab10.com:8910/pxgrid/mnt/sd"}}]}
13:43:53.218 [main] INFO com.cisco.pxgrid.samples.ise.SessionQueryAll - url=https://ise24fc3.lab10.com:8910/pxgrid/mnt/sd/getUserGroups
13:43:53.268 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret request={"peerNodeName":"ise-mnt-ise24fc3"}
13:43:53.292 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret response={"secret":"KqTveOWQ5rphYUof"}
13:43:54.048 [main] INFO com.cisco.pxgrid.samples.ise.SampleHelper - postData={}
13:43:54.231 [main] INFO com.cisco.pxgrid.samples.ise.SampleHelper - Response status=200
Content: {"userGroups":[{"userName":"74:26:AC:5A:82:23","groups":[{"name":"Profiled","type":"IDENTITY"}]},{"userName":"pxgrid1@lab10.com","groups":[{"name":"Unknown","type":"IDENTITY"},{"name":"lab10.com/S-1-5-32-544","type":"EXTERNAL"},{"name":"lab10.com/S-1-5-32-545","type":"EXTERNAL"},{"name":"S-1-5-21-177647356-1841791530-1710780700-572","type":"EXTERNAL"},{"name":"S-1-5-21-177647356-1841791530-1710780700-519","type":"EXTERNAL"},{"name":"S-1-5-21-177647356-1841791530-1710780700-512","type":"EXTERNAL"},{"name":"S-1-5-21-177647356-1841791530-1710780700-513","type":"EXTERNAL"}]},{"userName":"host/win7-pc3","groups":[{"name":"Unknown","type":"IDENTITY"}]},{"userName":"pxgrid1","groups":[{"name":"Unknown","type":"IDENTITY"},{"name":"lab10.com/S-1-5-32-544","type":"EXTERNAL"},{"name":"lab10.com/S-1-5-32-545","type":"EXTERNAL"},{"name":"S-1-5-21-177647356-1841791530-1710780700-572","type":"EXTERNAL"},{"name":"S-1-5-21-177647356-1841791530-1710780700-519","type":"EXTERNAL"},{"name":"S-1-5-21-177647356-1841791530-1710780700-512","type":"EXTERNAL"},{"name":"S-1-5-21-177647356-1841791530-1710780700-513","type":"EXTERNAL"}]}

What you see in ISE

Select Administration->pxGrid services