Verifying the User Query Connection from an SRX Series Device

Before you begin, you need the following information:

The port number on the JIMS server for receiving HTTPS requests (by default, port 443)
The client ID to obtain an OAuth token from the JIMS server for user queries
The client secret to obtain an OAuth token from the JIMS server for user queries

To verify that the Web API connection and user queries and responses between the SRX Series device and Juniper Identity Management Service are working properly:

If there are no entries in the authentication table and the status of the Query State on Juniper Identity Management Service is Inactive, do the following:
- Check if traffic is allowed between Juniper Identity Management Service and the SRX Series device on the configured port (by default, port 443).
- Check the client ID and client secret for OAuth authentication configured on the SRX Series device and on Juniper Identity Management Service and verify that these values match.
- Perform a packet capture on the JIMS server.
- Switch to the HTTP protocol to view cleartext messages.

If the status of the Query State on Juniper Identity Management Service is Active, display in the trace log any error messages generated by the user query function using the following commands:

The SRX Series device creates a new log named cp_query under /var/log. Check for an XML post similar to the following:

Juniper Identity Management Service replies in JavaScript Object Notation (JSON) format. Look for any error messages in the output.

When you are done, disable the trace logging.

Verifying the User Query Connection from an SRX Series Device

Related Documentation