REST API Deauth a particular user

Forum|Forum|7 years ago
February 22, 2019
1 reply
13258 views

I can list all of the authenticated users to my vdom using https://10.40.100.1/api/v2/monitor/user/firewall/?vdom=Students, and I can deauth all of them using

https://10.40.100.1/api/v.../deauth/?vdom=Students

However, how do I deauth only one particular user? Is this possible via the API?

neonbit

New Member

Yes you can deauth a single user. I'd recommend signing up to the fndn (https://fndn.fortinet.net) as it has all the proper documentation and the new version gives sample code. {

"user_type": "string",

"id": "string",

"ip": "string",

"ip_version": "string",

"method": "string",

"all": "string",

"users": "string"

} {

user_typestring

User type [proxy|firewall]. Required for both proxy and firewall users.

idstringUser ID. Required for both proxy and firewall users. ipstringUser IP address. Required for both proxy and firewall users. ip_versionstring

IP version [ip4|ip6]. Only required if user_type is firewall.

methodstring

allstringSet to true to deauthenticate all users. Other parameters will be ignored. usersstringArray of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties.

rpelletierAuthor

New Member

Thank you. Found the documentation.

rpelletierAuthor

New Member

I have been unable to get this to work either using powershell or PHP. I want to be able to automate deauthenticating users for a system I am building. I will start by giving my powershell example:

$password = Read-Host -assecurestring "Please enter your password"
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
$fwaddress = "10.10.40.4"
$postParams = @{username='admin';secretkey=$password}
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/logincheck" -SessionVariable fgtSession -Method POST -Body $postParams
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Accept','application/json')
$headers.Add('Content-Type','application/json')
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/monitor/user/firewall/select/?vdom=Students" -WebSession $fgtSession -Method GET

$authUsers = $(ConvertFrom-Json -InputObject $request.Content).results
#$authUsers

$username = 'student@student.domain.edu'

$authUser = $authUsers | where { $_.username -eq $username }

$postParams = @{user_type='firewall';id=$authUser.id;ip=$authUser.ipaddr;method=$authUser.method;ip_version=$authUser.src_type} 
$postParams 
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/monitor/user/firewall/deauth/?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams

an example of the dataset I am using:

{
"type": "auth_logon",
"username": "student@student.domain.edu",
"usergroup": "Captive Portal",
"id": 0,
"duration": "538 seconds",
"duration_secs": 538,
"auth_type": 3,
"ipaddr": "192.168.147.152",
"src_type": "ip4",
"expiry": "5470 seconds",
"expiry_secs": 5470,
"method": "Firewall"
}

This command returns a 403 HTTP status.

Authentication and retrieval of all the authenticated users works great. Deauthing the single user gives me an error. Any thoughts would be greatly appreciated.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded