Forum Discussion

Jonathan_Wingfi's avatar
Jonathan_Wingfi
Icon for Altostratus rankAltostratus
Jun 03, 2016

APM Integration with MobileIron Using V2 of the API

Has anyone had any experience integrating APM with MobileIron using version two of the MobileIron API? Specifically I'm looking to query the compliance status of Apple devices using the devices UDID. Any assistance with the iRule code to perform this query would be greatly appreciated. Thanks.

 

14 Replies

  • Dear Matthieu ;

     

    Thank you for this iApps devellopement. I have few questions for you

     

    1- On IOS-10, it seems the iApps is not able to retrieve mobile variables content - The APM receives this message from the mobile client : “session.client.platform is unknown”. Could someone at F5 update the iApps in order to support IOS10 and Windows 10

     

    2- It is mandatory to use the F5 Edge Client app (from AppStore) on the mobile in order to help the APM to retreive variable content ? if yes, over all plateforms ?

     

    3- Are you aware about other prerequisites ?

     

    Thank you very much Matthieu. Have a good day.

     

    • Jonathan_Wingfi's avatar
      Jonathan_Wingfi
      Icon for Altostratus rankAltostratus

      I ran into the iOS10 issue, and the fix is pretty simple. Modify the f5_mobileiron_vpn_mobileiron_apm_support irule and look for this section:

                      switch -glob [ACCESS::session data get "session.client.platform_version"] {
                              "7.*" -
                              "8.*" -
                              "9.*"{
      

      Change it to: switch -glob [ACCESS::session data get "session.client.platform_version"] { "7." - "8." - "9." - "10."{ Keep the asterisks after the period. The post keeps removing them for some reason.

      From my understanding it is necessary for the Edge client to retrieve the UUID. For other platforms you should only need the client components, but it is highly recommended to use the Edge client to avoid potential issues with Chrome and Firefox. Hope this helps.

    • LB_Admin_133366's avatar
      LB_Admin_133366
      Icon for Nimbostratus rankNimbostratus

      Hi,

       

      We download the iapp template for mobileiron api v2 from above link. we created the iAPP using the temaplate and it created successfuly.

       

      then followed the steps to attach the irules and Access policy to include the irule events.

       

      Now when we access the VIP which ha sthe access policy, the polciy kick start at the irule event for pull details with irule even id "mi_device_details" we get TCL error.

       

      TCL error: /Common/mdmprd.app/mdmprd_mobileiron_apm_support - can't read "static::mdmprd_mi_virtual_name": no such variable while executing "connect -timeout 1500 -idle 30 -status conn_status $static::mdmprd_mi_virtual_name" ("mi_device_details" arm line 6) invoked from within "switch [ACCESS::policy agent_id] { "mi_device_details" { Call 1 to retrieve UUID - unique ID from MobileIron

       

      Do you have any idea why i am running into this issue.

       

      Thank you.

       

  • Hi Matt,

     

    We are using the iapp version 2.2 on F5 apm version 11.6.1 and Mobileiron version 9.5, the api v1 call to retrieve the device details using UUID were all working fine. Our Mobileiron MDM team upgraded their Mobileiron version from 9.5 to 9.6.0.1 build 8. after this Mobileiron MDM version upgrade the api v1 call (to retrieve the device details using UUID) is failing throwing 400 bad request.

     

    "api_v1 recv_data is : HTTP/1.1 400 Bad Request Date: Fri, 29 Dec 2017 16:39:45 GMT Server: server Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 //DTD HTML 2.0; 400 Bad Request

     

    Bad Request

    Your browser sent a request that this server could not understand.

     

     

    server Server at xyz.abc.org Port 443 "

     

    Please let us know your thoughts.

     

    • Matt_Dierick's avatar
      Matt_Dierick
      Icon for Employee rankEmployee

      Hi,

       

      I suppose MI has stopped their API v1 in 9.6. If it is the case (please ask to MI), we will need to upgrade the iApp. But I don't know if we can retrieve everything with the v2.0.

       

      It was not feasible when I updated the iApp on last year.

       

  • Hi Guys, You might have figured this out by now, but the MI upgrade has changed the way Tomcat is processing the send data. In the iRule for the iApp, the send data looks like this:

               set send_data {
            GET /api/v2/devices?adminDeviceSpaceId=1&fields=common.uuid%2Ccommon.status&query=\%22${conn_method}\%22%3D\%22${conn_mac}\%22AND%22common.status%22%3D%22Active%22 HTTP/1.1
            Accept: text/html, application/xhtml+xml, */*
            User-Agent: F5-APM-sideband/1.0
            Host: ${static::iAPP_NAME_mi_host}
            Connection: Keep-Alive
            Authorization: Basic [b64encode "${static::iAPP_NAME_mi_apiuser}:${static::iAPP_NAME_mi_apipassword}"]
    

    (The iRule might actually be still on v1, I can't remember). But the issue is with the above formatting. Tomcat actually rejects that initial line feed after the

    send_data {
    . So, you need to reformat the above request as follows:

    set send_data {GET /api/v2/devices?adminDeviceSpaceId=1&fields=common.uuid%2Ccommon.status&query=\%22${conn_method}\%22%3D\%22${conn_mac}\%22AND%22common.status%22%3D%22Active%22 HTTP/1.1\r\nAccept: text/html, application/xhtml+xml, */*\r\nUser-Agent: F5-APM-sideband/1.0.......and on and on...\r\n\r\n}
    

    Basically, the request needs to all be on one line with no preceding line feeds. This works with 9.6 and 9.7 that we know of.

    (You also need to change what you are looking for in the returned data as MI has changed that with the v2 API)