05-12-2010 09:13 AM
I'm working with the new LDAP User-ID XML API and things are going fairly well except for getting the response back from the agent after I make my updates. Looking in the "Monitor" section of the agent and the Palo Alto itself, it is clear that my updates are working properly. I just don't get the response message back across the HTTPS connection immediately after my update - it seems to take 10 minutes (the timeout for no data coming in) before I see the <uid-response> message.
I've tried in .NET code with the standard HttpWebRequest and HttpWebResponse classes. My authentication program sync program is actually written in .NET and pulls the login/logout infromation that is in a SQL database populated by an enterprise-wide login script in our AD. Then I broken down and started sending various web requests with Fiddler so I could try different tweaks to the request to see if anything would make the request come back immediately.
I've tried using "PUT", "POST", specifying the "Connection: Close" header, HTTP versions 1, 1.1, and 0.9. I tried some other headers like "Content-type: text/xml", etc., and appending a "\r\n\r\n" to my data and it didn't have any effect.
I even tried the exact XML message from DOC-1348 just to make sure it wasn't something I had overlooked in the way I was formatting the message. The 3 login IDs are now on my agent, but I still didn't get the reply back immediately.
So my question is what is the trick? Are you guys able to use Fiddler to send a request and get the response message back immediately?
Thanks in advance,
Greg
05-12-2010 04:38 PM
Our LDAP User-ID engineer explains the following:
"The User-ID API will send the response immediately after it receives a complete <uid-message>....</uid-message>; however, the User-ID API uses the simple SSL connection, not the https protocol; if using the https, you may wait for the https response and timeout. If you use .NET, you can use the SSlStream class to implement the ssl connection."
05-13-2010 11:24 PM
Thanks for the response. I'll use an SSLStream and see if that gets me what I need.
05-18-2010 01:46 PM
Yep. SSLStream works great and I'm getting the response back immediately now. My application is humming along now. Thank you guys for providing this API to supply our own user data - it's exactly what we needed.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
