The Cisco Secure Access Control System (ACS) is a policy-based access control system and an integration point for network access control and identity management.
ACS 5.1 provides web services and command-line interface (CLI) commands that allow software developers and system integrators to programmatically access some ACS features and functions. ACS 5.1 also provides you access to the Monitoring and Report Viewer database that you can use to create custom applications to monitor and troubleshoot ACS.
You can use these web service and CLI commands to:
•Integrate external applications directly with ACS.
•View and modify the information stored in ACS.
The User Change Password (UCP) web service allows users, defined in the ACS internal database, to first authenticate and then change their own password. ACS exposes the UCP web service to allow you to create custom web-based applications that you can deploy in your enterprise.
The Monitoring and Report Viewer web services allow you to create custom applications to track and troubleshoot events in ACS.
The scripting interface in ACS allows you to perform create, read, update, and delete (CRUD) operations on ACS objects. You can create an automated shell script to perform bulk operations.
ACS allows you to export data from the Monitoring and Report Viewer database. You can use this data to create custom reporting applications. "Monitoring and Report Viewer Database Schema" in this document contains the Monitoring and Report Viewer database schema to help you create your custom application.
ACS 5.1 provides:
•UCP web service to perform the following operations:
–Change User Password
•Monitoring and Report Viewer web services that provide:
–Monitoring and Report Viewer version
–Monitoring and Report Viewer web services version
–Authentication status of a user by date
–Authentication status of a user by time
–A list of failure reason records
–A list of RADIUS accounting records
•CLI commands to perform bulk operations on ACS objects for the following functions:
You can perform bulk operations on the following ACS objects—users, hosts, network devices, identity groups, network device groups (NDGs), downloadable access control lists (DACLs), and command sets.
Before you begin to use the ACS web services and CLI commands in scripts, you must have working knowledge of:
•Web Services Description Language (WSDL) File
•Web Services Tools
This chapter contains the following sections:
•Understanding Web Services
Understanding Web Services
Web services are a subset of web-based applications that use the XML protocol to exchange data between the client and the server. Web services use:
•Hypertext Transfer Protocol Secure (HTTPS)—Transports messages between client applications and the web service server.
•Simple Object Access Protocol (SOAP)—Encodes messages in a common XML format so that they can be understood at either end (web service consumer and web service server) of a network connection. SOAP standardizes the format of the requests to the web service server; any client application can interface with the ACS web server using SOAP over HTTPS.
•WSDL file—Describes the web service, its location, and its operations. ACS 5.1 exposes the following WSDL files:
–Monitoring and Report Viewer WSDL
The Web Services Definition Language (WSDL) is an XML format that describes network services as a collection of ports that operate on messages. WSDL is extensible to allow the description of endpoints and their messages regardless of the message formats or network protocols that you use.
For more information on WSDL documentation and software downloads, refer to the World Wide Web Consortium website.
Note You can use any third-party applications to transform your WSDL file.