diff --git a/adapters/rest_generic/README.md b/adapters/rest_generic/README.md index 0aa39449..cd2a4275 100644 --- a/adapters/rest_generic/README.md +++ b/adapters/rest_generic/README.md @@ -9,9 +9,22 @@ The list of configuration that can we used is available below # Available configuration variables +## AUTH_FQDN +FQDN used for OAuth or token based authentication. + +* Format: `host` or `host:port` (no scheme). Do **not** prefix the value with `http://` or `https://`; the adapter will prepend the protocol automatically based on the `PROTOCOL` setting, building URLs as `{$protocol}://{$fqdn}{$rest_path}`. +* Non‑default ports: when you need a non‑default port while using `AUTH_FQDN`, include it directly in this value (for example `customerapiauth.fortinet.com:8443`). When `AUTH_FQDN` is set, the `MANAGEMENT_PORT` value is **not** appended to it. +* Example: FortiSASE: `customerapiauth.fortinet.com` + +## API_FQDN +FQDN used for API calls. + +* Format: `host` or `host:port` (no scheme). Do **not** prefix the value with `http://` or `https://`; the adapter will prepend the protocol automatically based on the `PROTOCOL` setting, building URLs as `{$protocol}://{$fqdn}{$rest_path}`. +* Non‑default ports: when you need a non‑default port while using `API_FQDN`, include it directly in this value (for example `portal.prod.fortisase.com:8443`). When `API_FQDN` is set, the `MANAGEMENT_PORT` value is **not** appended to it. +* Example: FortiSASE: `portal.prod.fortisase.com` ## REST_JSON -set to 1 when using JSON REST API Microservices. -By default the adapter will transform the API JSON formatted responses to XML. +Deprecated: set to 1 when using JSON REST API Microservices. +By default, when importing from a JSON REST API, responses are converted to XML and processed using XPath. When `REST_JSON` is set to `1`, the adapter keeps responses as JSON and enables JSONPath for Microservice IMPORT (when "application/json" is part of the HTTP header). ## PROTOCOL Use this configuration to select the protocol for the REST API requests @@ -56,6 +69,10 @@ The Generic REST adapter will handle JSON response by transforming the JSON stri The transformation to XML will be triggered if the Content-Type HTTP header is set to application/json * default: //root/token +## TOKEN_JSONPATH +The JSON Path to get the token +By default: $.token + ## HTTP_HEADER Use this to list the HTTP header to pass to the API HTTP requests. This configuration should be specified as a | separated list of "key: value" diff --git a/adapters/rest_generic/rest_generic_connect.php b/adapters/rest_generic/rest_generic_connect.php index 77375668..997c00f0 100644 --- a/adapters/rest_generic/rest_generic_connect.php +++ b/adapters/rest_generic/rest_generic_connect.php @@ -16,7 +16,8 @@ class DeviceConnection extends GenericConnection public $auth_mode; public $auth_header; public $conn_timeout; - public $fqdn; + public $auth_fqdn; + public $api_fqdn; public $aws_sigv4; public $rest_json; public $json_path; @@ -151,10 +152,24 @@ public function send($origin, $rest_cmd) } } - if (isset($this->fqdn)) { - $ip_address = $this->fqdn; + if (!empty($this->key)) { + // Post-authenticated requests: prefer API FQDN, then AUTH FQDN, then fall back to configured IP:port + if (!empty($this->api_fqdn)) { + $ip_address = $this->api_fqdn; + } elseif (!empty($this->auth_fqdn)) { + $ip_address = $this->auth_fqdn; + } else { + $ip_address = $this->sd_ip_config . ":" . $this->sd_management_port; + } } else { - $ip_address = $this->sd_ip_config . ":" . $this->sd_management_port; + // Pre-auth/BASIC requests: prefer AUTH FQDN, then fall back to API FQDN, then to configured IP:port + if (!empty($this->auth_fqdn)) { + $ip_address = $this->auth_fqdn; + } elseif (!empty($this->api_fqdn)) { + $ip_address = $this->api_fqdn; + } else { + $ip_address = $this->sd_ip_config . ":" . $this->sd_management_port; + } } $aws_sigv4 = ""; @@ -353,8 +368,12 @@ function rest_generic_connect($sd_ip_addr = null, $login = null, $passwd = null, $sms_sd_ctx->auth_mode = $auth_mode; if (isset($sd->SD_CONFIGVAR_list['AUTH_FQDN'])) { - $fqdn = trim($sd->SD_CONFIGVAR_list['AUTH_FQDN']->VAR_VALUE); - $sms_sd_ctx->fqdn = $fqdn; + $auth_fqdn = trim($sd->SD_CONFIGVAR_list['AUTH_FQDN']->VAR_VALUE); + $sms_sd_ctx->auth_fqdn = $auth_fqdn; + } + if (isset($sd->SD_CONFIGVAR_list['API_FQDN'])) { + $api_fqdn = trim($sd->SD_CONFIGVAR_list['API_FQDN']->VAR_VALUE); + $sms_sd_ctx->api_fqdn = $api_fqdn; } if (isset($sd->SD_CONFIGVAR_list['TOKEN_XPATH'])) { $token_xpath = trim($sd->SD_CONFIGVAR_list['TOKEN_XPATH']->VAR_VALUE);