https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3758727#M541953 <P>You can use Internal User API for this.You can do following operations-&nbsp;</P> <UL id="anchors"> <LI><A href="https://192.168.1.104:9060/ers/sdk#Get-By-Id" target="_blank">Get-By-Id</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#Update" target="_blank">Update</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#Delete" target="_blank">Delete</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#Create" target="_blank">Create</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#Get-All" target="_blank">Get-All</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#version" target="_blank">Get Version</A></LI> </UL> <P>a sample output of the Get request is as below-&nbsp;</P> <PRE id="response_content_Get-By-Id" class="prettyprint prettyprinted"><SPAN class="pln">XML </SPAN><SPAN class="pun">&lt;?</SPAN><SPAN class="pln">xml version</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"1.0"</SPAN><SPAN class="pln"> encoding</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"UTF-8"</SPAN><SPAN class="pun">?&gt;</SPAN> <SPAN class="pun">&lt;</SPAN><SPAN class="pln">ns0</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">internaluser xmlns</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">ns0</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"identity.ers.ise.cisco.com"</SPAN><SPAN class="pln"> xmlns</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">xs</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"http://www.w3.org/2001/XMLSchema"</SPAN><SPAN class="pln"> xmlns</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">ns1</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"ers.ise.cisco.com"</SPAN><SPAN class="pln"> xmlns</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">ers</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"ers.ise.cisco.com"</SPAN><SPAN class="pln"> description</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"description"</SPAN><SPAN class="pln"> id</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"id"</SPAN><SPAN class="pln"> name</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"name"</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;changePassword&gt;</SPAN><SPAN class="kwd">true</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">changePassword</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;customAttributes&gt;</SPAN> <SPAN class="str">&lt;entry&gt;</SPAN> <SPAN class="str">&lt;key&gt;</SPAN><SPAN class="pln">key1</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">key</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;value&gt;</SPAN><SPAN class="pln">value1</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">value</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="pun">&lt;/</SPAN><SPAN class="pln">entry</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;entry&gt;</SPAN> <SPAN class="str">&lt;key&gt;</SPAN><SPAN class="pln">key2</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">key</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;value&gt;</SPAN><SPAN class="pln">value3</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">value</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="pun">&lt;/</SPAN><SPAN class="pln">entry</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="pun">&lt;/</SPAN><SPAN class="pln">customAttributes</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;email&gt;</SPAN><SPAN class="pln">email@domain</SPAN><SPAN class="pun">.</SPAN><SPAN class="pln">com</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">email</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;enablePassword&gt;</SPAN><SPAN class="pln">enablePassword</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">enablePassword</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;enabled&gt;</SPAN><SPAN class="kwd">true</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">enabled</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;expiryDate&gt;</SPAN><SPAN class="lit">2016</SPAN><SPAN class="pun">-</SPAN><SPAN class="lit">12</SPAN><SPAN class="pun">-</SPAN><SPAN class="lit">11</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">expiryDate</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;expiryDateEnabled&gt;</SPAN><SPAN class="kwd">false</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">expiryDateEnabled</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;firstName&gt;</SPAN><SPAN class="pln">firstName</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">firstName</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;identityGroups&gt;</SPAN><SPAN class="pln">identityGroups</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">identityGroups</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;lastName&gt;</SPAN><SPAN class="pln">lastName</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">lastName</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;password&gt;</SPAN><SPAN class="pln">password</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">password</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;passwordIDStore&gt;</SPAN><SPAN class="typ">Internal</SPAN> <SPAN class="typ">Users</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">passwordIDStore</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="pun">&lt;/</SPAN><SPAN class="pln">ns0</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">internaluser</SPAN><SPAN class="pun">&gt;</SPAN><SPAN class="pln"> JSON </SPAN><SPAN class="pun">{</SPAN> <SPAN class="str">"InternalUser"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="pun">{</SPAN> <SPAN class="str">"id"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"id"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"name"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"name"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"description"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"description"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"enabled"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="kwd">true</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"email"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"email@domain.com"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"password"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"password"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"firstName"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"firstName"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"lastName"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"lastName"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"changePassword"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="kwd">true</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"identityGroups"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"identityGroups"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"expiryDateEnabled"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="kwd">false</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"expiryDate"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"2016-12-11"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"enablePassword"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"enablePassword"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"customAttributes"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="pun">{</SPAN> <SPAN class="str">"key1"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"value1"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"key2"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"value3"</SPAN> <SPAN class="pun">},</SPAN> <SPAN class="str">"passwordIDStore"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"Internal Users"</SPAN> <SPAN class="pun">}</SPAN> <SPAN class="pun">}</SPAN></PRE> <P>&nbsp;</P> Thu, 06 Dec 2018 06:25:14 GMT Nidhi 2018-12-06T06:25:14Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3758685#M541952 <P>Hi Experts,</P> <P>&nbsp;</P> <P>Customer is doing&nbsp;a customzied&nbsp;web page programing for changing ISE internal user password, but they cannot find API to support checking internal user password before&nbsp;this user tried to change the password. Any suggestion realize this code, thank you in advance!</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>DL</P> Mon, 11 Mar 2019 08:53:00 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3758685#M541952 yongwli 2019-03-11T08:53:00Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3758727#M541953 <P>You can use Internal User API for this.You can do following operations-&nbsp;</P> <UL id="anchors"> <LI><A href="https://192.168.1.104:9060/ers/sdk#Get-By-Id" target="_blank">Get-By-Id</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#Update" target="_blank">Update</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#Delete" target="_blank">Delete</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#Create" target="_blank">Create</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#Get-All" target="_blank">Get-All</A></LI> <LI><A href="https://192.168.1.104:9060/ers/sdk#version" target="_blank">Get Version</A></LI> </UL> <P>a sample output of the Get request is as below-&nbsp;</P> <PRE id="response_content_Get-By-Id" class="prettyprint prettyprinted"><SPAN class="pln">XML </SPAN><SPAN class="pun">&lt;?</SPAN><SPAN class="pln">xml version</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"1.0"</SPAN><SPAN class="pln"> encoding</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"UTF-8"</SPAN><SPAN class="pun">?&gt;</SPAN> <SPAN class="pun">&lt;</SPAN><SPAN class="pln">ns0</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">internaluser xmlns</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">ns0</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"identity.ers.ise.cisco.com"</SPAN><SPAN class="pln"> xmlns</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">xs</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"http://www.w3.org/2001/XMLSchema"</SPAN><SPAN class="pln"> xmlns</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">ns1</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"ers.ise.cisco.com"</SPAN><SPAN class="pln"> xmlns</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">ers</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"ers.ise.cisco.com"</SPAN><SPAN class="pln"> description</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"description"</SPAN><SPAN class="pln"> id</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"id"</SPAN><SPAN class="pln"> name</SPAN><SPAN class="pun">=</SPAN><SPAN class="str">"name"</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;changePassword&gt;</SPAN><SPAN class="kwd">true</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">changePassword</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;customAttributes&gt;</SPAN> <SPAN class="str">&lt;entry&gt;</SPAN> <SPAN class="str">&lt;key&gt;</SPAN><SPAN class="pln">key1</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">key</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;value&gt;</SPAN><SPAN class="pln">value1</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">value</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="pun">&lt;/</SPAN><SPAN class="pln">entry</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;entry&gt;</SPAN> <SPAN class="str">&lt;key&gt;</SPAN><SPAN class="pln">key2</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">key</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;value&gt;</SPAN><SPAN class="pln">value3</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">value</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="pun">&lt;/</SPAN><SPAN class="pln">entry</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="pun">&lt;/</SPAN><SPAN class="pln">customAttributes</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;email&gt;</SPAN><SPAN class="pln">email@domain</SPAN><SPAN class="pun">.</SPAN><SPAN class="pln">com</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">email</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;enablePassword&gt;</SPAN><SPAN class="pln">enablePassword</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">enablePassword</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;enabled&gt;</SPAN><SPAN class="kwd">true</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">enabled</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;expiryDate&gt;</SPAN><SPAN class="lit">2016</SPAN><SPAN class="pun">-</SPAN><SPAN class="lit">12</SPAN><SPAN class="pun">-</SPAN><SPAN class="lit">11</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">expiryDate</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;expiryDateEnabled&gt;</SPAN><SPAN class="kwd">false</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">expiryDateEnabled</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;firstName&gt;</SPAN><SPAN class="pln">firstName</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">firstName</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;identityGroups&gt;</SPAN><SPAN class="pln">identityGroups</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">identityGroups</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;lastName&gt;</SPAN><SPAN class="pln">lastName</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">lastName</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;password&gt;</SPAN><SPAN class="pln">password</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">password</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="str">&lt;passwordIDStore&gt;</SPAN><SPAN class="typ">Internal</SPAN> <SPAN class="typ">Users</SPAN><SPAN class="pun">&lt;/</SPAN><SPAN class="pln">passwordIDStore</SPAN><SPAN class="pun">&gt;</SPAN> <SPAN class="pun">&lt;/</SPAN><SPAN class="pln">ns0</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln">internaluser</SPAN><SPAN class="pun">&gt;</SPAN><SPAN class="pln"> JSON </SPAN><SPAN class="pun">{</SPAN> <SPAN class="str">"InternalUser"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="pun">{</SPAN> <SPAN class="str">"id"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"id"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"name"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"name"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"description"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"description"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"enabled"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="kwd">true</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"email"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"email@domain.com"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"password"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"password"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"firstName"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"firstName"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"lastName"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"lastName"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"changePassword"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="kwd">true</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"identityGroups"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"identityGroups"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"expiryDateEnabled"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="kwd">false</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"expiryDate"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"2016-12-11"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"enablePassword"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"enablePassword"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"customAttributes"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="pun">{</SPAN> <SPAN class="str">"key1"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"value1"</SPAN><SPAN class="pun">,</SPAN> <SPAN class="str">"key2"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"value3"</SPAN> <SPAN class="pun">},</SPAN> <SPAN class="str">"passwordIDStore"</SPAN> <SPAN class="pun">:</SPAN> <SPAN class="str">"Internal Users"</SPAN> <SPAN class="pun">}</SPAN> <SPAN class="pun">}</SPAN></PRE> <P>&nbsp;</P> Thu, 06 Dec 2018 06:25:14 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3758727#M541953 Nidhi 2018-12-06T06:25:14Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3758729#M541954 Customer told us the password showed like this “<PASSWORD> ******* ” with GET, so cannot be used for checking password.<BR /><BR />DL<BR /><BR />-------------------------------------------------------------------------------<BR />GC Security BOX folder:<BR /><A href="https://cisco.box.com/s/j38g1c58jom2va76icsap17zr09w1l1c" target="_blank">https://cisco.box.com/s/j38g1c58jom2va76icsap17zr09w1l1c</A><BR />-------------------------------------------------------------------------------<BR /><BR /><BR /></PASSWORD> Thu, 06 Dec 2018 06:32:29 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3758729#M541954 yongwli 2018-12-06T06:32:29Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3759800#M541955 <P>This is expected. ISE admin users should not be allowed to read the user password, due to privacy concern, I think. See&nbsp;CSCvk59290.</P> <P>On the other hand, ISE ERS API for internal users would allow to change the user passwords without knowing the existing ones. Please note&nbsp;CSCvm01627 with the doc bug&nbsp;CSCvn22448.</P> Fri, 07 Dec 2018 20:36:20 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3759800#M541955 hslai 2018-12-07T20:36:20Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3759816#M541956 <P><SPAN>CSCvk59290 is not public facing.&nbsp;<BR /><BR />While unrelated to the user accounts, I have noticed that LDAP connector credentials are plain text, you can inspect the element in chrome and get the configured password for&nbsp;the username.</SPAN></P> Fri, 07 Dec 2018 21:03:44 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3759816#M541956 Damien Miller 2018-12-07T21:03:44Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3768144#M542056 <P>That bug is junked as it expected behavior. The other issue is under investigation.</P> Sat, 22 Dec 2018 04:11:52 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3768144#M542056 hslai 2018-12-22T04:11:52Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3908432#M542057 <P>Hi&nbsp;<BR />I am trying to solve the same problem but with Java Servlet<BR /><BR />any idea how to authorize internal user without creating ERSClient object which requires Admin user name and password?&nbsp;<BR /><BR /></P><PRE>// Get an instance of Rest Client ERSClient ersClient = new ERSClient("admin", "adminpassword", host); //then /** * * Use this method to change the password * @param user * @param password * @return */ public boolean changeUserPassword(ERSClient ersClient,String userid , String password){ InternalUser user = null; try { user = searchUserByName(ersClient, userid); if(user != null){ user.setPassword(password); System.out.println("Password Changed Successfully"); } return true; } catch(Exception e) { System.out.println("Something went wrong changing the password " + e.getMessage() ); return false; } }</PRE><P>&nbsp;Here I am missing something, I just need to verify the users current password so to make sure user who is changing password is authorized user.&nbsp;<BR />Is there any api which can verify internal user's password? Thanks</P> Thu, 15 Aug 2019 01:03:21 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3908432#M542057 MilanArdeshana 2019-08-15T01:03:21Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3937806#M542058 Well, I don't know of a way to do this through the rest-api,<BR /><BR />but thinking out-of-the-box, you can still use a command-line utility, maybe pam / radius enabled webserver checking access to your PW management webtool which issues a radius access request against ISE for the given user.<BR /><BR />This will check the password provided you have a policy rule allowing all users for this request.<BR />Depending on the scripting language you use, it may even have a plugin to support issuing radius access requests.<BR /><BR />Regards. Wed, 09 Oct 2019 10:43:09 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3937806#M542058 Michael Weller 2019-10-09T10:43:09Z https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3937859#M542059 <P>Thanks Michael for your response,<BR />Seems like java lib isnt great help to self service password reset portal.<BR /><BR />Later with great help of our network sec. engineer, we used python and used&nbsp;<SPAN>TACACS+&nbsp;lib to create the web portal for users to change their password as self service and created reminders for users to reset their password before it expires.&nbsp;</SPAN></P> Wed, 09 Oct 2019 12:30:21 GMT https://community.cisco.com/t5/network-access-control/ise-api-change-password/m-p/3937859#M542059 MilanArdeshana 2019-10-09T12:30:21Z