Hot!REST API Deauth a particular user

Author
rpelletier
New Member
  • Total Posts : 9
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/08/06 07:43:29
  • Status: offline
2019/02/22 11:28:28 (permalink)
0

REST API Deauth a particular user

I can list all of the authenticated users to my vdom using https://10.40.100.1/api/v2/monitor/user/firewall/?vdom=Students, and I can deauth all of them using 
https://10.40.100.1/api/v.../deauth/?vdom=Students
 
However, how do I deauth only one particular user? Is this possible via the API?
#1

11 Replies Related Threads

    neonbit
    Expert Member
    • Total Posts : 511
    • Scores: 65
    • Reward points: 0
    • Joined: 2013/07/02 21:39:52
    • Location: Dark side of the moon
    • Status: offline
    Re: REST API Deauth a particular user 2019/02/23 04:54:55 (permalink)
    0
    Yes you can deauth a single user. I'd recommend signing up to the fndn (https://fndn.fortinet.net) as it has all the proper documentation and the new version gives sample code.

    {
    "user_type": "string",
    "id": "string",
    "ip": "string",
    "ip_version": "string",
    "method": "string",
    "all": "string",
    "users": "string"
    }

    {
    user_typestringUser type [proxy|firewall]. Required for both proxy and firewall users.

    idstringUser ID. Required for both proxy and firewall users.
    ipstringUser IP address. Required for both proxy and firewall users.
    ip_versionstringIP version [ip4|ip6]. Only required if user_type is firewall.

    methodstringAuthentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest]. Only required if user_type is firewall.

    allstringSet to true to deauthenticate all users. Other parameters will be ignored.
    usersstringArray of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties.
    }
    #2
    rpelletier
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/06 07:43:29
    • Status: offline
    Re: REST API Deauth a particular user 2019/02/23 06:33:38 (permalink)
    0
    Thank you. Found the documentation.
    post edited by rpelletier - 2019/02/23 06:40:03
    #3
    rpelletier
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/06 07:43:29
    • Status: offline
    Re: REST API Deauth a particular user 2019/03/07 04:09:52 (permalink)
    0
    I have been unable to get this to work either using powershell or PHP. I want to be able to automate deauthenticating users for a system I am building. I will start by giving my powershell example:
     
    $password = Read-Host -assecurestring "Please enter your password"
    $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
    $fwaddress = "10.10.40.4"
    $postParams = @{username='admin';secretkey=$password}
    $request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/logincheck" -SessionVariable fgtSession -Method POST -Body $postParams
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add('Accept','application/json')
    $headers.Add('Content-Type','application/json')
    $request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/monitor/user/firewall/select/?vdom=Students" -WebSession $fgtSession -Method GET

    $authUsers = $(ConvertFrom-Json -InputObject $request.Content).results
    #$authUsers

    $username = 'student@student.domain.edu'

    $authUser = $authUsers | where { $_.username -eq $username }

    $postParams = @{user_type='firewall';id=$authUser.id;ip=$authUser.ipaddr;method=$authUser.method;ip_version=$authUser.src_type}
    $postParams
    $request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/monitor/user/firewall/deauth/?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams

     
     
    an example of the dataset I am using:
     
    {
    "type": "auth_logon",
    "username": "student@student.domain.edu",
    "usergroup": "Captive Portal",
    "id": 0,
    "duration": "538 seconds",
    "duration_secs": 538,
    "auth_type": 3,
    "ipaddr": "192.168.147.152",
    "src_type": "ip4",
    "expiry": "5470 seconds",
    "expiry_secs": 5470,
    "method": "Firewall"
    }

    This command returns a 403 HTTP status.
     
    Authentication and retrieval of all the authenticated users works great. Deauthing the single user gives me an error. Any thoughts would be greatly appreciated.
    #4
    hakim
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/03/19 00:42:55
    • Status: offline
    Re: REST API Deauth a particular user 2019/03/19 00:48:20 (permalink)
    0
    Hi, I am having the same problem. Any luck to get this function working properly?
    #5
    rpelletier
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/06 07:43:29
    • Status: offline
    Re: REST API Deauth a particular user 2019/03/27 03:50:06 (permalink)
    0
    No luck at all, I am actually thinking it might be because this functionality is paid, but I have not received an answer from our fortinet rep.
    #6
    Jordan_Thompson_FTNT
    optimizzz
    • Total Posts : 463
    • Scores: 16
    • Reward points: 0
    • Joined: 2011/10/17 21:30:20
    • Location: Canada
    • Status: offline
    Re: REST API Deauth a particular user 2019/03/27 09:43:27 (permalink)
    0
    rpelletier
    No luck at all, I am actually thinking it might be because this functionality is paid, but I have not received an answer from our fortinet rep.




    Please try with the HTTP body in the following format:
     
    {"users": [...]}
     
    Where [...] is a list of users that you'd like to deauthenticate. The "id=0" in your standalone user example is also a problem. This will be ignored.
     
    Can you include httpsd debug output during the request? "diag debug app httpsd -1"
     
     
    #7
    rpelletier
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/06 07:43:29
    • Status: offline
    Re: REST API Deauth a particular user 2019/04/12 07:15:39 (permalink)
    0
    My apologies, I had not seen that anyone had replied.
    I ran the test, but I do not see any output from the debug command. I have also been trying this command which should be more straightforward and I am having the same errors.
     
    $ip = '192.168.144.31'
    $name = 'Test1'
    $address = $ip + " 255.255.255.255"
    $postParams = @{name=$name;type='ipmask';subnet=$address}

     

    Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/cmdb/firewall/address?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams

     
     
    again, there is not output from the debug command
    #8
    alagoutte
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/05/26 00:42:41
    • Status: offline
    Re: REST API Deauth a particular user 2019/05/06 14:22:15 (permalink)
    0
    rpelletier
    My apologies, I had not seen that anyone had replied.
    I ran the test, but I do not see any output from the debug command. I have also been trying this command which should be more straightforward and I am having the same errors.
     
    $ip = '192.168.144.31'
    $name = 'Test1'
    $address = $ip + " 255.255.255.255"
    $postParams = @{name=$name;type='ipmask';subnet=$address}

     

    Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/cmdb/firewall/address?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams

     
     
    again, there is not output from the debug command


    Hi,
     
    You can look PowerFGT there is already support of Address
    #9
    rpelletier
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/06 07:43:29
    • Status: offline
    Re: REST API Deauth a particular user 2019/05/07 10:08:49 (permalink)
    0
    Thank you, this is an amazing project. We use VDOMs, which the functions do not natuvely supprt yet, but I went ahead and added them mysqlf and was able to add an addresses. I am going to work on seeing if I can build a function to deauth using starting from this great project. Thanks. 
    #10
    alagoutte
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/05/26 00:42:41
    • Status: offline
    Re: REST API Deauth a particular user 2019/05/07 11:41:18 (permalink)
    0
    rpelletier
    Thank you, this is an amazing project. We use VDOMs, which the functions do not natuvely supprt yet, but I went ahead and added them mysqlf and was able to add an addresses. I am going to work on seeing if I can build a function to deauth using starting from this great project. Thanks. 


    the (experimentall) support of VDOM is planned for next release :-) -> https://github.com/FortiPower/PowerFGT/pull/47
    #11
    alagoutte
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/05/26 00:42:41
    • Status: offline
    Re: REST API Deauth a particular user 2019/05/17 09:46:04 (permalink)
    0
    rpelletier
    Thank you, this is an amazing project. We use VDOMs, which the functions do not natuvely supprt yet, but I went ahead and added them mysqlf and was able to add an addresses. I am going to work on seeing if I can build a function to deauth using starting from this great project. Thanks. 


    The vdom support is available with release 0.3.0 => https://www.powershellgal...ackages/PowerFGT/0.3.0
    #12
    Jump to:
    © 2019 APG vNext Commercial Version 5.5