From 5c2d9ff6d62d88af244188d3d5ccec9d13789768 Mon Sep 17 00:00:00 2001 From: Antoine Brun Date: Fri, 27 Mar 2026 16:07:29 +0100 Subject: [PATCH 1/6] OPSLAB-264: add API_FQDN to support separatioon between AUTH and API call FQDN --- .../rest_generic/rest_generic_connect.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/adapters/rest_generic/rest_generic_connect.php b/adapters/rest_generic/rest_generic_connect.php index 77375668..4df37aaf 100644 --- a/adapters/rest_generic/rest_generic_connect.php +++ b/adapters/rest_generic/rest_generic_connect.php @@ -16,7 +16,8 @@ class DeviceConnection extends GenericConnection public $auth_mode; public $auth_header; public $conn_timeout; - public $fqdn; + public $auth_fqdn; + public $api_fqdn; public $aws_sigv4; public $rest_json; public $json_path; @@ -151,8 +152,12 @@ public function send($origin, $rest_cmd) } } - if (isset($this->fqdn)) { - $ip_address = $this->fqdn; + if (isset($this->key) && isset($this->api_fqdn)) { + $ip_address = $this->api_fqdn; + } elseif (isset($this->key) && isset($this->auth_fqdn)) { + $ip_address = $this->auth_fqdn; + } elseif (!isset($this->key) && isset($this->auth_fqdn)) { + $ip_address = $this->auth_fqdn; } else { $ip_address = $this->sd_ip_config . ":" . $this->sd_management_port; } @@ -353,8 +358,12 @@ function rest_generic_connect($sd_ip_addr = null, $login = null, $passwd = null, $sms_sd_ctx->auth_mode = $auth_mode; if (isset($sd->SD_CONFIGVAR_list['AUTH_FQDN'])) { - $fqdn = trim($sd->SD_CONFIGVAR_list['AUTH_FQDN']->VAR_VALUE); - $sms_sd_ctx->fqdn = $fqdn; + $auth_fqdn = trim($sd->SD_CONFIGVAR_list['AUTH_FQDN']->VAR_VALUE); + $sms_sd_ctx->auth_fqdn = $auth_fqdn; + } + if (isset($sd->SD_CONFIGVAR_list['API_FQDN'])) { + $api_fqdn = trim($sd->SD_CONFIGVAR_list['API_FQDN']->VAR_VALUE); + $sms_sd_ctx->api_fqdn = $api_fqdn; } if (isset($sd->SD_CONFIGVAR_list['TOKEN_XPATH'])) { $token_xpath = trim($sd->SD_CONFIGVAR_list['TOKEN_XPATH']->VAR_VALUE); From 047b5e14c8e37133e156ffefd20ce84715d2a3da Mon Sep 17 00:00:00 2001 From: Antoine Brun Date: Fri, 27 Mar 2026 16:14:00 +0100 Subject: [PATCH 2/6] OPSLAB-264: update readme --- adapters/rest_generic/README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/adapters/rest_generic/README.md b/adapters/rest_generic/README.md index 0aa39449..45d8d4a8 100644 --- a/adapters/rest_generic/README.md +++ b/adapters/rest_generic/README.md @@ -9,9 +9,17 @@ The list of configuration that can we used is available below # Available configuration variables +## AUTH_FQDN +FQDN used for OAuth or token based authentication +ex: FortiSASE: customerapiauth.fortinet.com + +## API_FQDN +FQDN used for API calls +ex: FortiSASE: portal.prod.fortisase.com + ## REST_JSON -set to 1 when using JSON REST API Microservices. -By default the adapter will transform the API JSON formatted responses to XML. +Deprecated: set to 1 when using JSON REST API Microservices. +By default the adapter will support JSONPath for Microservice IMPORT based on HTTP header (if "application/json" is part of the header). ## PROTOCOL Use this configuration to select the protocol for the REST API requests From 5b1277d8f4420233b596f73e3d951e762cc05657 Mon Sep 17 00:00:00 2001 From: Antoine Brun Date: Fri, 27 Mar 2026 16:15:10 +0100 Subject: [PATCH 3/6] Update adapters/rest_generic/rest_generic_connect.php Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../rest_generic/rest_generic_connect.php | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/adapters/rest_generic/rest_generic_connect.php b/adapters/rest_generic/rest_generic_connect.php index 4df37aaf..997c00f0 100644 --- a/adapters/rest_generic/rest_generic_connect.php +++ b/adapters/rest_generic/rest_generic_connect.php @@ -152,14 +152,24 @@ public function send($origin, $rest_cmd) } } - if (isset($this->key) && isset($this->api_fqdn)) { - $ip_address = $this->api_fqdn; - } elseif (isset($this->key) && isset($this->auth_fqdn)) { - $ip_address = $this->auth_fqdn; - } elseif (!isset($this->key) && isset($this->auth_fqdn)) { - $ip_address = $this->auth_fqdn; + if (!empty($this->key)) { + // Post-authenticated requests: prefer API FQDN, then AUTH FQDN, then fall back to configured IP:port + if (!empty($this->api_fqdn)) { + $ip_address = $this->api_fqdn; + } elseif (!empty($this->auth_fqdn)) { + $ip_address = $this->auth_fqdn; + } else { + $ip_address = $this->sd_ip_config . ":" . $this->sd_management_port; + } } else { - $ip_address = $this->sd_ip_config . ":" . $this->sd_management_port; + // Pre-auth/BASIC requests: prefer AUTH FQDN, then fall back to API FQDN, then to configured IP:port + if (!empty($this->auth_fqdn)) { + $ip_address = $this->auth_fqdn; + } elseif (!empty($this->api_fqdn)) { + $ip_address = $this->api_fqdn; + } else { + $ip_address = $this->sd_ip_config . ":" . $this->sd_management_port; + } } $aws_sigv4 = ""; From e850444d7ea2c9e74c74cb4769a2e65f3b5a327a Mon Sep 17 00:00:00 2001 From: Antoine Brun Date: Fri, 27 Mar 2026 16:25:22 +0100 Subject: [PATCH 4/6] OPSLAB-264: update readme / add TOKEN_JSONPATH --- adapters/rest_generic/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/adapters/rest_generic/README.md b/adapters/rest_generic/README.md index 45d8d4a8..e638e6c8 100644 --- a/adapters/rest_generic/README.md +++ b/adapters/rest_generic/README.md @@ -64,6 +64,10 @@ The Generic REST adapter will handle JSON response by transforming the JSON stri The transformation to XML will be triggered if the Content-Type HTTP header is set to application/json * default: //root/token +## TOKEN_JSONPATH +The JSON Path to get the token +By default: $.token + ## HTTP_HEADER Use this to list the HTTP header to pass to the API HTTP requests. This configuration should be specified as a | separated list of "key: value" From 94e57646d892aaa411aa6c2557e63df84d04c61f Mon Sep 17 00:00:00 2001 From: Antoine Brun Date: Fri, 27 Mar 2026 16:27:13 +0100 Subject: [PATCH 5/6] Update adapters/rest_generic/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- adapters/rest_generic/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adapters/rest_generic/README.md b/adapters/rest_generic/README.md index e638e6c8..236c9cef 100644 --- a/adapters/rest_generic/README.md +++ b/adapters/rest_generic/README.md @@ -19,7 +19,7 @@ ex: FortiSASE: portal.prod.fortisase.com ## REST_JSON Deprecated: set to 1 when using JSON REST API Microservices. -By default the adapter will support JSONPath for Microservice IMPORT based on HTTP header (if "application/json" is part of the header). +By default, when importing from a JSON REST API, responses are converted to XML and processed using XPath. When `REST_JSON` is set to `1`, the adapter keeps responses as JSON and enables JSONPath for Microservice IMPORT (when "application/json" is part of the HTTP header). ## PROTOCOL Use this configuration to select the protocol for the REST API requests From 993d6945f40d77faf7e669acedd12e107992341c Mon Sep 17 00:00:00 2001 From: Antoine Brun Date: Fri, 27 Mar 2026 16:27:40 +0100 Subject: [PATCH 6/6] Update adapters/rest_generic/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- adapters/rest_generic/README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/adapters/rest_generic/README.md b/adapters/rest_generic/README.md index 236c9cef..cd2a4275 100644 --- a/adapters/rest_generic/README.md +++ b/adapters/rest_generic/README.md @@ -10,13 +10,18 @@ The list of configuration that can we used is available below # Available configuration variables ## AUTH_FQDN -FQDN used for OAuth or token based authentication -ex: FortiSASE: customerapiauth.fortinet.com +FQDN used for OAuth or token based authentication. + +* Format: `host` or `host:port` (no scheme). Do **not** prefix the value with `http://` or `https://`; the adapter will prepend the protocol automatically based on the `PROTOCOL` setting, building URLs as `{$protocol}://{$fqdn}{$rest_path}`. +* Non‑default ports: when you need a non‑default port while using `AUTH_FQDN`, include it directly in this value (for example `customerapiauth.fortinet.com:8443`). When `AUTH_FQDN` is set, the `MANAGEMENT_PORT` value is **not** appended to it. +* Example: FortiSASE: `customerapiauth.fortinet.com` ## API_FQDN -FQDN used for API calls -ex: FortiSASE: portal.prod.fortisase.com +FQDN used for API calls. +* Format: `host` or `host:port` (no scheme). Do **not** prefix the value with `http://` or `https://`; the adapter will prepend the protocol automatically based on the `PROTOCOL` setting, building URLs as `{$protocol}://{$fqdn}{$rest_path}`. +* Non‑default ports: when you need a non‑default port while using `API_FQDN`, include it directly in this value (for example `portal.prod.fortisase.com:8443`). When `API_FQDN` is set, the `MANAGEMENT_PORT` value is **not** appended to it. +* Example: FortiSASE: `portal.prod.fortisase.com` ## REST_JSON Deprecated: set to 1 when using JSON REST API Microservices. By default, when importing from a JSON REST API, responses are converted to XML and processed using XPath. When `REST_JSON` is set to `1`, the adapter keeps responses as JSON and enables JSONPath for Microservice IMPORT (when "application/json" is part of the HTTP header).