</uid-message>
The PaP uploads this XML file to the endpoint:
The endpoint is the Panorama listener that dispatches the incoming User-ID API “set” request to the target firewall specified in the target parameter.
Here is the step by step flow:
Login to OpenAM as demo via curl:
The Post Authentication Plugin creates the API payload and upload it to the Panorama endpoint specifying the target managed firewall.
The User-ID API “punches” an access-grant into the virtualized firewall as shown here. This access-grant happens to never expire in our demo, however, it could be time bounded.
The user logs out via CURL as shown here:
The request is sent to the same target:
The user access, previously granted is now unblocked as shown here.
That sums up this simple demo.
This article was first published on the OpenAM Wiki Confluence site: