Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3008
Views
0
Helpful
5
Replies

EM API

jtsubram
Cisco Employee
Cisco Employee

‎11-09-2016 03:10 AM

The APIs accept application username and password and only the end user's ID this is not same as built in app in ipphone which accepts end users userid and pin.

Concern:

1.If the API doesn't ask for end user pin then it can be misused by anyone who knows the userid.

2.instead of app user credentials i can use end user's credentials but entering the password is difficult given it's complexity, pin would be easy to enter but in API there is no such option and i tried pin in <appCertificate> field and authentication fails

Labels:
0 Helpful
5 Replies 5

dstaudt
Cisco Employee
Cisco Employee

‎11-09-2016 03:59 PM

Your application can implement whatever secure method it wants to (including none - which as you mention is not very practical.)  If the user's PIN is present in LDAP or some other back-end data source then you can query/authenticate there.

One option is to use the CUCM AXL SOAP API <doAuthenticateUser> request, which allows authenticating a user via username+pin (in addition to username+password), e.g.:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">

   <soapenv:Header/>

   <soapenv:Body>

      <ns:doAuthenticateUser>

         <userid>dstaudt</userid>

         <pin>123456</pin>

      </ns:doAuthenticateUser>

   </soapenv:Body>

</soapenv:Envelope>

--------------------------

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

   <soapenv:Body>

      <ns:doAuthenticateUserResponse xmlns:ns="http://www.cisco.com/AXL/API/10.5">

         <return>

            <userAuthenticated>true</userAuthenticated>

            <code>0</code>

            <daysToExpiry>0</daysToExpiry>

         </return>

      </ns:doAuthenticateUserResponse>

   </soapenv:Body>

</soapenv:Envelope>

If you are already going to use AXL, then it may be convenient to go ahead and use the AXL <doDeviceLogin> request, which does essentially the same thing that the EMAPI login request does:

https://developer.cisco.com/site/axl/

https://developer.cisco.com/media/axl-schema-11-5/Files/AXLSoap_doAuthenticateUser.html#Link3FF

https://developer.cisco.com/media/axl-schema-11-5/Files/AXLSoap_doDeviceLogin.html#Link407

0 Helpful

jtsubram
Cisco Employee
Cisco Employee
In response to dstaudt

‎11-10-2016 01:05 AM

Thanks for the response,

1. Is there any AXL to set or change the PIN?

2. I tried login using the below xml, getting this error, ERROR: A character to numeric conversion process failed

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">

   <soapenv:Header/>

   <soapenv:Body>

      <ns:doDeviceLogin>

         <deviceName>MACADDRESS/UUID</deviceName>

         <userId>dstaudt</userId>

      </ns:doDeviceLogin>

   </soapenv:Body>

</soapenv:Envelope>

0 Helpful

dstaudt
Cisco Employee
Cisco Employee
In response to jtsubram

‎11-10-2016 02:25 PM

1. The AXL <updateUser> request can be used to change the pin:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">


   <soapenv:Header/>


   <soapenv:Body>


      <ns:updateUser>


         <userid>dstaudt</userid>


         <pin>123456</pin>


       </ns:updateUser>


   </soapenv:Body>


</soapenv:Envelope>

2. It looks like you are missing the <loginDuration> and <profileName> elements from the request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">


  <soapenv:Header/>


  <soapenv:Body>


      <ns:doDeviceLogin>


        <deviceName>IPCMRAEU5UCM5X7</deviceName>


        <loginDuration>60</loginDuration>


        <profileName>CIPC SCCP Device Profile</profileName>


        <userId>dstaudt</userId>


      </ns:doDeviceLogin>


  </soapenv:Body>


</soapenv:Envelope>
0 Helpful

jtsubram
Cisco Employee
Cisco Employee

‎11-24-2016 04:23 AM

Thanks for the response it was very helpful,

1. Iam looking for AXL SOAP request for getting the policy details so that i can send the response based on the policy during pin change, i.e. regarding length of the pin

2. is there any guide where i can get the details of the AXL SOAP requests and response?

0 Helpful

dstaudt
Cisco Employee
Cisco Employee
In response to jtsubram

‎11-28-2016 11:44 AM

It looks like the password/PIN settings can vary per user, and are stored in the 'credentials' table:

https://developer.cisco.com/media/ucm-dd-11-5/index.html#credential

and related tables, like 'credentialspolicy'

The main reference for AXL requests is the schema reference here:

https://developer.cisco.com/site/axl/documents/latest-version/axl-soap.gsp

however when dealing with individual table access via <executeSqlQuery>, you will want to refer to the Data Dictionary:

https://developer.cisco.com/site/axl/documents/latest-version/datadictionary11-5.gsp

0 Helpful
Customers Also Viewed These Support Documents