How to: Manage Access sessions using BIG-IP Next Central Manager¶
View Access session and session variables¶
With BIG-IP Next Access, you can choose to view all active sessions or get in-depth information for a specific session. Retrieving all Access sessions gives a summary of all sessions and can help create real-time utilization reports. Retrieving information for a particular session offers in-depth details of all session variables associated with the session.
Using BIG-IP Next Central Manager GUI¶
To retrieve information for active sessions using the BIG-IP Next Central Manager user interface, use the Access Dashboard.
Log in to BIG-IP Next Central Manager, click the Workspace icon, click Security, then Monitoring, and then Access Dashboard.
The list of currently active Access sessions opens.Locate the session you are interested in and then click on its Session ID.
The Details tab of the Session Summary page opens. The Policy Path at the bottom of this page provides information about the policy path used to create this session.To view details about how this session was authenticated, click Authentication.
To view details about the environment used to initiate this session, click Client.
To view details about the session variables that BIG-IP Next Central Manager created to support this session, click Session Variables.
Using BIG-IP Next Central Manager API¶
To use the BIG-IP Next Central Manager API to retrieve a list of all active sessions on all BIG-IP Next instances managed by this BIG-IP Next Central Manager, you send a Get to the /api/v1/spaces/default/instances/access-sessions endpoint.
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Send a Get to the
/api/v1/spaces/default/instances/access-sessionsendpoint.
GET https://{{big-ip_next_cm_mgmt_ip}}/api/v1/spaces/default/instances/access-sessions
No API body is needed for this call.
Retrieve session variables for the session¶
Retrieving information for a particular session offers in-depth details of all session variables associated with the session. The session data and the values that actions return are stored in session variables. A session variable contains a number or string representing a specific piece of information and is organized in a hierarchical arrangement.
Using Next Central Manager GUI¶
To use the Next Central Manager User Interface to retrieve session details for a specific session, you use the Access dashboard and drill down to the Session Details page for that session.
Log in to BIG-IP Next Central Manager, click the Workspace icon, click Security, then Monitoring, and then Access Dashboard.
The list of currently active Access sessions opens.Locate the session you are interested in and then click on its Session ID.
To view details about the session variables that BIG-IP Next Central Manager created to support this session, click Session Variables.
Using BIG-IP Next Central Manager API¶
To use the Next Central Manager API to retrieve session details for a specific session, first you retrieve the ID for the instance on which the session is running, and then you send a Get to the /api/v1/spaces/default/instances/<instance ID>/access-sessions/<session ID> endpoint. You include the instanceId and sessionId to get the variables for the particular session you want.
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Send a Get to the
/api/device/v1/inventoryendpoint to retrieve the ID for the instance on which the session is running.GET https://{{big-ip_next_cm_mgmt_ip}}/api/device/v1/inventory
Send a Get to the
/api/v1/spaces/default/instances/<instance ID>/access-sessions/<session ID>/variablesendpoint.GET https://{{big-ip_next_cm_mgmt_ip}}/api/v1/spaces/default/instances/<instance ID>/access-sessions/<session ID>/variables
No API body is needed for this call.
Delete an active session¶
Administrators may need to delete a BIG-IP Next Access user session before it has reached its timeout or the before the user logs out.
Using BIG-IP Next Central Manager GUI¶
To delete a currently active session using the BIG-IP Next Central Manager user interface:
Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, click Security, and then under Monitoring, click Access Dashboard.
Select the checkbox adjacent to the session you want to delete, and then click
Delete.
The session is closed and deleted.
Using BIG-IP Next Central Manager API¶
To delete a currently active session using the BIG-IP Next Central Manager API, you send a Delete to the /api/v1/spaces/default/instances/<instance ID>/access-sessions/<session ID> endpoint.
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Find the instance and session IDs for the session that you want to delete by sending a Get to the
/api/v1/spaces/default/instances/access-sessionsendpoint.GET https:// {{bigip_next_mgmt_ip}}/api/v1/spaces/default/instances/access-sessions
The API returns details about all active sessions. For example:
{ "_embedded": { "sessions": [ { "_links": { "self": { "href": "/api/v1/spaces/default/instances/9230a0a8-40e3-4f27-bd5e-eba449b35e5f/access-sessions/33817c19" } }, "clientIp": "172.18.2.127", "expirationTime": "2022-09-01T21:41:45Z", "instanceId": "9230a0a8-40e3-4f27-bd5e-eba449b35e5f", "policyName": "pol2", "sessionId": "33817c19", "startTime": "2022-09-01T21:26:16Z", "status": "established", "user": coyote@acme.com } ] }, "_links": { "self": { "href": "/v1/sessions" } } }
Make note of the Instance ID and Session ID from the API response.
Send a Delete to the
/api/v1/spaces/default/instances/<instance ID>/access-sessions/<session ID>endpoint using the instance ID and session ID from the previous step.DELETE https://{{big-ip_next_cm_mgmt_ip}}/api/v1/spaces/default/instances/<instance ID>/access-sessions/<session ID>
The session is deleted.