The Cisco Secure Access Control System (ACS) is a policy-based access control system and an integration point for network access control and identity management.
ACS 5.5 provides web services and command-line interface (CLI) commands that allow software developers and system integrators to programmatically access some ACS features and functions. ACS 5.5 also enables you to access to the Monitoring and Report Viewer database that you can use to create custom applications to monitor and troubleshoot ACS.
You can use these web service and CLI commands to:
- Integrate external applications directly with ACS.
- View and modify the information stored in ACS.
The User Change Password (UCP) web service allows users, defined in the ACS internal database, to first authenticate and then change their own password. ACS exposes the UCP web service to allow you to create custom web-based applications that you can deploy in your enterprise.
The Monitoring and Report Viewer web services allow you to create custom applications to track and troubleshoot events in ACS.
ACS REST web services allows you to manage the entities such as users, identity groups, hosts, network devices, network device groups, network device group types, and maximum user sessions on your own management applications and use ACS PI to transfer these entities into ACS. This allows you to define these entities and use them on your own systems and on ACS.
The scripting interface in ACS allows you to perform create, read, update, and delete (CRUD) operations on ACS objects. You can create an automated shell script to perform bulk operations.
ACS allows you to export data from the Monitoring and Report Viewer database. You can use this data to create custom reporting applications. Appendix A, “Monitoring and Report Viewer Database Schema” in this document contains the Monitoring and Report Viewer database schema to help you create your custom application.
ACS 5.5 provides:
- UCP web service to perform the following operations:
– Authenticate User
– Change User Password
- Monitoring and Report Viewer web services that provide:
– Monitoring and Report Viewer version
– Monitoring and Report Viewer web services version
– Authentication status of a user by date
– Authentication status of a user by time
– A list of records that give the reasons for failures
– A list of RADIUS accounting records
- Configuration web services to perform the following operations:
– Create, read, update and delete objects, including creating and removing any associations to the objects
– Get a list of objects of the same type (For example, a list of all Users)
– Retrieve associated objects, including filtering capabilities
– Execute queries
- CLI commands to perform bulk operations on ACS objects for the following functions:
You can perform bulk operations on the following ACS objects—users, hosts, network devices, identity groups, network device groups (NDGs), downloadable access control lists (DACLs), and command sets.
Before you begin to use the ACS web services and CLI commands in scripts, you must have a working knowledge of:
- Web Services Description Language (WSDL) File
- Web Application Description Language (WADL) File
- Web Services Tools
This chapter contains the following sections:
Understanding Web Services
Web services are a subset of web-based applications that use the XML protocol to exchange data between the client and the server. Web services use:
- Hypertext Transfer Protocol Secure (HTTPS)—Transports messages between client applications and the web service server.
- Simple Object Access Protocol (SOAP)—Encodes messages in a common XML format so that they can be understood at either end (web service consumer and web service server) of a network connection. SOAP standardizes the format of the requests to the web service server. Any client application can interface with the ACS web server using SOAP over HTTPS.
- WSDL file—Describes the web service, its location, and its operations. ACS 5.5 exposes the following WSDL files:
– UCP WSDL
– Monitoring and Report Viewer WSDL
- Representational State Transfer (REST)—REST is a software architecture style for distributed systems. ACS Configuration web services are built using the REST architecture. This service provides a uniform set of operations for all resources.
RESTful web services typically map the four main HTTP methods; POST, GET, PUT, and DELETE to common operations; that is, create, retrieve, update, and delete, respectively.
- WADL file—Describes the REST interface. This includes description of objects and methods for the REST interface.
The Web Services Description Language (WSDL) is an XML format that describes network services as a collection of ports that operate on messages. WSDL is extensible to allow the description of endpoints and their messages, regardless of the message formats or network protocols that you use.
For more information on WSDL documentation and software downloads, refer to the World Wide Web Consortium website.
Note You can use any third-party applications to transform your WSDL file.
The Web Application Description Language (WADL) file describes REST Interface schema (object structure), HTTP methods, and URLs that are available for each object to invoke REST request.
The WADL files are designed to provide a machine processable description of HTTP based web applications. They are supplemented with XML schema for XML based data formats. ACS also provides XSD files that describe the objects structure. You can generate object classes out of XSD files, using third party tools.