Subscribe to Session Directory Topics
The pxGrid client subscribes to the session topic so the authenticated endpoints session information occurs in real-time. To view the available session attributes, please visit: Session Directory Topic
You can also subscribe to the Session Directory All Topic. The sessionTopicAll is similar to the sessionTopic but with a key difference. The sessionTopicAll also publishes events for sessions without IP addresses.
Code Step-Through
The //Subscribe handler class this will print the contents of the session that is opened by STOMP.
Main parses the SampleConfiguration config file. The sample config object contains the pxGrid client connection parameters such as the pxGrid hostname, identity filename (.jks file) and trusted keystore filesname (.jks file) or pre-share keys if implemented.
For //Account Activate, we wait 60 seconds for the account to be enabled. The ISE admin need to approve the pxGrid client account. We retrieve the pxGrid controller version.
For // pxGrid ServiceLookup for session service, we lookup the session service, com.cisco.ise.session, since we are interested in obtaining the session information. This returns a list of the ISE nodes that are publishing the restBaseURL that will be used for WebSockets REST API calls.
For // Use first service. Note that ServiceLookup randomize ordering of services. The pubsub service provides a list of ISE pxGrid nodes, if you have Active/Active.
For example if you have (3) ISE pxGrid nodes, the value is randomized so you will only connect to one pxGrid node. However the service will be shared across all three ISE pxGrid nodes, this distributes the load.
We get the properties for “wsPubService” and “sessionTopic” service names. All the services use WebSockets Pubsub service name, “com.cisco.ise.pubsub” and here we interested in the sessionTopic, “/topic/com.cisco.ise.session”.
For //pxGrid service Lookup for pubsub service, this provides us with the ISE pxgrid node the publishes the session service
For //Use first service, we get pubsub service which resturns the “wsUrl” or WebSockets URL value
For //pxGrid get AccessSecret, we get the accessecret from the ISE pxGrid node containing the pubsub service.
For //WebSocket config, we get the credentials
For //WebSocket connect, we first make a WebSockets connection and then create a STOMP over WebSockets connection
For //Stompconnect, the pxGrid client connects
For //Subscribe, the pxGrid client subscribes to the session topic over STOMP
For //Give time for connection to establish before prompt disconnect. Once the endpoint disconnects, the ID “ID-123”, which can be any value, provides a receipt. The ISE pxGrid node will send back an acknowledgement to say that the pxGrid client has disconnected.
In the code snippet below, you can change "sessionTopic" to "sessionTopicAll" wherever applicable.
Complete Java SampleCode
package com.cisco.pxgrid.samples.ise;
import java.net.URI;
import org.apache.commons.cli.ParseException;
import org.glassfish.tyrus.client.ClientManager;
import org.glassfish.tyrus.client.ClientProperties;
import org.glassfish.tyrus.client.SslEngineConfigurator;
import org.glassfish.tyrus.client.auth.Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.cisco.pxgrid.samples.ise.model.AccountState;
import com.cisco.pxgrid.samples.ise.model.Service;
/**
* Demonstrates how to subscribe to ISE SessionDirectory
*/
public class SessionSubscribe {
private static Logger logger = LoggerFactory.getLogger(SessionSubscribe.class);
// Subscribe handler class
private static class SessionHandler implements StompSubscription.Handler {
@Override
public void handle(StompFrame message) {
logger.info("Content={}", new String(message.getContent()));
}
}
public static void main(String[] args) throws Exception {
// Parse arguments
SampleConfiguration config = new SampleConfiguration();
try {
config.parse(args);
} catch (ParseException e) {
config.printHelp("SessionSubscribe");
System.exit(1);
}
// AccountActivate
PxgridControl control = new PxgridControl(config);
while (control.accountActivate() != AccountState.ENABLED) {
Thread.sleep(60000);
}
logger.info("pxGrid controller version={}", control.getControllerVersion());
// pxGrid ServiceLookup for session service
Service[] services = control.serviceLookup("com.cisco.ise.session");
if (services.length == 0) {
logger.info("Session service unavailabe");
return;
}
// Use first service. Note that ServiceLookup randomize ordering of services
Service sessionService = services[0];
String wsPubsubServiceName = sessionService.getProperties().get("wsPubsubService");
// if you are interested in sessionTopicAll, comment the below line.
String sessionTopic = sessionService.getProperties().get("sessionTopic")
// if you are interested in sessionTopicAll, uncomment the below line
// String sessionTopic = sessionService.getProperties().get("sessionTopicAll");
logger.info("wsPubsubServiceName={} sessionTopic={}", wsPubsubServiceName, sessionTopic);
// pxGrid ServiceLookup for pubsub service
services = control.serviceLookup(wsPubsubServiceName);
if (services.length == 0) {
logger.info("Pubsub service unavailabe");
return;
}
// Use first service
Service wsPubsubService = services[0];
String wsURL = wsPubsubService.getProperties().get("wsUrl");
logger.info("wsUrl={}", wsURL);
// pxGrid get AccessSecret
String secret = control.getAccessSecret(wsPubsubService.getNodeName());
// WebSocket config
ClientManager client = ClientManager.createClient();
SslEngineConfigurator sslEngineConfigurator = new SslEngineConfigurator(config.getSSLContext());
client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);
client.getProperties().put(ClientProperties.CREDENTIALS,
new Credentials(config.getNodeName(), secret.getBytes()));
// WebSocket connect
StompPubsubClientEndpoint endpoint = new StompPubsubClientEndpoint();
URI uri = new URI(wsURL);
javax.websocket.Session session = client.connectToServer(endpoint, uri);
// STOMP connect
endpoint.connect(uri.getHost());
// Subscribe
StompSubscription subscription = new StompSubscription(sessionTopic, new SessionHandler());
endpoint.subscribe(subscription);
// Give time for connection to establish before prompt
Thread.sleep(1000);
SampleHelper.prompt("press <enter> to disconnect...");
// STOMP disconnect
endpoint.disconnect("ID-123");
// Wait for disconnect receipt
Thread.sleep(3000);
// Websocket close
session.close();
}
}
Sample Output
16:44:10.070 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret request={"peerNodeName":"ise-pubsub-ise24fc3"}
16:44:10.137 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret response={"secret":"Sq8FCacT7FYHlIGF"}
16:44:11.770 [Grizzly(1)] INFO com.cisco.pxgrid.samples.ise.StompPubsubClientEndpoint - WS onOpen
16:44:11.789 [main] INFO com.cisco.pxgrid.samples.ise.StompPubsubClientEndpoint - STOMP CONNECT host=ise24fc3.lab10.com
16:44:11.793 [main] INFO com.cisco.pxgrid.samples.ise.StompPubsubClientEndpoint - STOMP SUBSCRIBE topic=/topic/com.cisco.ise.session
16:44:11.795 [Grizzly(1)] INFO com.cisco.pxgrid.samples.ise.StompPubsubClientEndpoint - STOMP CONNECTED version=1.2
press <enter> to disconnect...
16:46:11.726 [Grizzly(1)] INFO com.cisco.pxgrid.samples.ise.SessionSubscribe - Content={"sessions":[{"timestamp":"2018-08-25T20:46:10Z","state":"DISCONNECTED","userName":"D8:B1:90:AB:AB:0C","callingStationId":"D8:B1:90:AB:AB:0C","calledStationId":"50:3D:E5:C4:05:85","auditSessionId":"0A0000010000000000012513","ipAddresses":["192.168.1.1"],"macAddress":"D8:B1:90:AB:AB:0C","nasIpAddress":"192.168.1.3","nasPortId":"GigabitEthernet1/0/5","nasPortType":"Ethernet","endpointProfile":"Cisco-Device","endpointOperatingSystem":"Cisco Adaptive Security Appliance (PIX OS 8.4)","adNormalizedUser":"D8:B1:90:AB:AB:0C","providers":["None"],"endpointCheckResult":"none","identitySourcePortStart":0,"identitySourcePortEnd":0,"identitySourcePortFirst":0,"serviceType":"Call Check","networkDeviceProfileName":"Cisco","radiusFlowType":"WiredMAB","ssid":"50-3D-E5-C4-05-85","mdmRegistered":false,"mdmCompliant":false,"mdmDiskEncrypted":false,"mdmJailBroken":false,"mdmPinLocked":false},{"timestamp":"2018-08-
What you see in ISE
Select Administration->pxGrid services
Select Web Clients , You should see the pxGrid client mac05 suscribed to the SessionTopic
