Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now


This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Posts: 172
Registered: ‎09-09-2015
Posts: 78

Hi there,

In this post I’m going to review session, login and logout templates. Do not copy/past templates from the post, they may not work. Download templates attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.

Session template does not require a detailed description. All parameters are described in the NIOS administrator guide


Template Comments
 "name": "Rapid7 Session",
 "version": "2.0",
 "type": "REST_ENDPOINT",
 "comment": "no comments",
 "vendor_identifier": "Rapid7",
 "path": "/api/1.1/xml",

Version must be set to  “2.0”

 "login_template": "Rapid7_Login",
 "logout_template": "Rapid7_Logout",

Login_template, Logout_template must contains exact template names (defined in a template itself, it is not a file name)

 "logout_only_at_template_end": true,

 "step_execution_limit": 100,
 "inactivity_interval": 100000,

 "keepalive": true,
 "override_path": true,

 "rate_limit": 0,
 "rate_limit_requests": 10,
 "rate_limit_interval": 1000,
 "rate_limit_reset": 1000,
 "retry": 0,
 "retry_template": 0,
 "timeout": 10,

 "logout_any_condition": true,
 "logout_regexp": "asd.*",
 "logout_status_code": 34

“Step_execution_limit” defines maximum loop iteration. If you system has more than 100 sites or more 100 “real” assets per site increase this number up to a desired value (it is required only for delete operation).


Rapid7_Login template is used for authentication because Rapid7 Nexpose doesn’t support basic authentication.

Template Comments
   "vendor_identifier": "Rapid7",
   "version": "2.0",
   "name": "Rapid7_Login",
   "content_type": "text/xml",
   "quoting": "XMLA",
   "type": "REST_EVENT",
   "event_type": ["SESSION"],

“version” must be set to “2.0”

“event_type” should be set to [“Session”]

XMLA quoting is used by default.

   "steps": [
         "name": "login: remove basic auth headers",
         "body": "${XC:ASSIGN:{H:Authorization}:{S:}}",
         "operation": "NOP"

Rapid7 Nexpose does not allow to login if basic authorisation headers contains correct credentials, so set the header variable H:Authorization to empty value

         "name": "login: request",
         "parse": "XMLA",
         "operation": "POST",
         "no_connection_debug": false,
         "body_list": [

Authenticate on Rapid7 Nexpose using LoginRequest method

         "name": "login: errorcheck",
         "operation": "CONDITION",
         "condition": {
            "statements": [
                  "op": "!=",
                  "right": "${P:A:PARSE[[name]]}",
                  "left": "LoginResponse"
                  "op": "!=",
                  "right": "1",
                  "left": "${P:A:PARSE{{success}}}"
            "condition_type": "AND",
            "else_eval": "${XC:COPY:{S:SESSID}:{P:PARSE{{session-id}}}}",
            "error": true

Check that the authentication was successful and copy the session id to S: SESSID variable.

S: SESSID should be used in all API requests send to Rapid7 Nexpose.

Rapid7_Logout template is used to terminate a session

Template Comments
   "vendor_identifier": "Rapid7",
   "version": "2.0",
   "name": "Rapid7_Logout",
   "content_type": "text/xml",
   "quoting": "XMLA",
   "type": "REST_EVENT",
   "event_type": ["SESSION"],

“version” must be set to “2.0”

“event_type” should be set to [“Session”]

XMLA quoting will be used by default.

   "steps": [
         "name": "logout: request",
         "parse": "XMLA",
         "operation": "POST",
         "no_connection_debug": false,
         "body_list": [
         "operation": "CONDITION",
         "name": "logout: errorcheck",
         "condition": {
            "statements": [
                  "op": "!=",
                  "right": "${P:A:PARSE[[name]]}",
                  "left": "LogoutResponse"
                  "op": "!=",
                  "right": "1",
                  "left": "${P:A:PARSE{{success}}}"

            "condition_type": "AND",
            "error": true

Send a LogoutRequest.

S: SESSID is used to identify a session. Response is analysed for errors.



Any feedback and/or questions are appreciated and very welcome.


Vadim Pavlov

Showing results for 
Search instead for 
Did you mean: