Get details of a specific Active Client Session.

Published on Oct 27, 2025

2 minute read

Get

/session-info/{distinguished-name}

Get the details of a specific Active Client Session from all Gateways. This API makes the Controller to query very Gateway in the system to collect the session data. The operation may take long if one or more Gateways take long to respond.

Security

HTTP

Type bearer

Path parameters

distinguished-name

stringRequired

Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>'

ExampleCN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

Responses

200

Details of an Active Client Session per Gateway. Disconnected Clients disappear after 5 minutes. When a Client fails over to another Gateway, the API may return the Client on multiple Gateways until during this period.

Expand All

object

deviceId

string (uuid)

The device ID, same as the one in the Distinguished Name.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc

username

string

The username, same as the one in the Distinguished Name.

Exampleuser

providerName

string

The provider name of the user, same as the one in the Distinguished Name.

Exampleldap

data

object

The session details per Gateway. The key is the Appliance name and the value contains the Active Client Session details.

property*

object additionalProperties

Session Details reported by the Gateway.

userClaims

object

Example{ "username": "admin", "groups": [ "CN=test,OU=unit,DC=company,DC=com", "CN=finance,OU=unit,DC=company,DC=com" ] }

deviceClaims

object

Example{ "os": { "name": "Microsoft Windows 10 Pro", "platform": "x64", "type": "desktop" }, "isUserAdmin": true, "language": "en-us" }

systemClaims

object

Example{ "connectTime": "2018-11-16T13:25:15.672Z", "tunIPv4": "15.0.0.24", "clientSrcIP": "192.168.111.184" }

entitlementInfos

object

Entitlement information reported by the Gateway. The key is the Entitlement name.

property*

object additionalProperties

Entitlement details.

access

boolean

Whether the Entitlement is accessible or not.

conditionLogic

string

Whether all the Conditions must succeed to have access to this Entitlement or just one.

Valid values[ "and", "or" ]

conditionResults

object

Current results of the Condition evaluations. Entitlement access is decided according to these results. The key is the Condition name.

Example{ "MFASuccess": true, "InternalNetwork": false }

property*

boolean additionalProperties

firewallRules

Array of object

Current Firewall Rules assigned after evaluating all the Entitlements, Conditions and Name Resolvers.

object

Firewall Rule.

name

string

Name of the rule.

Exampleentitlement-1

protocol

string

The protocol for the Firewall Rule.

Exampletcp

direction

string

The direction of the Firewall Rrule.

Exampleup

action

string

The action for the Firewall Rule.

Exampleallow

subnets

Array of string

The subnets the Firewall Rule applies to.

string

Example172.31.4.105

urls

Array of string

The URLs the Firewall Rule applies to in case of http_up subtype.

string

Examplehttps://server.company.com/test

ports

Array of string

The ports the Firewall Rule applies to.

string

Example443

types

Array of string

The ICMP types the Firewall Rule applies to. Valid for ICMP.

string

Example0-255

policyNames

Array of string

Names of the Policies that has granted this Entitlement.

string

ExampleFinance

primarySite

string

The name of the primary Site if this entitlements is currently active as part of backup Site feature.

ExampleAWS Site

domainEntitlement

boolean

Whether the Entitlement has only domain:// type actions. When that is the case, the firewallRules being empty is a normal scenario.

vpn

object

VPN details of the session

site

string

The Site name for the Gateway.

ExampleAWS Site

401

Token error. Login again.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

403

Insufficient permissions to access this resource.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

404

The requested resource can not be found.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

406

Invalid 'Accept' header.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

500

Unexpected server side error.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

Was this article helpful?