Hi,
I am trying to create admin user from an xml file. The load worked fine, but POST returns error 405 "Method Exception Not Supported". I could not find an alternative to work around this problem. :(
Below are the python scripts for user creation and the framework used for the xml file.
import http.client
import base64
import ssl
import sys
host = "X.X.X.X"
user = "ers-admin"
password = "password"
r = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))
credentials = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(credentials))
headers = {
'accept': "application/xml",
'authorization': " ".join(("Basic",encodedAuth)),
'content-type': "application/xml; charset=utf-8",
'cache-control': "no-cache"
}
print(open('admin.xml').read())
r.request("POST", "/ers/config/adminuser/", open('admin.xml').read(), headers=headers)
res = r.getresponse()
data = res.read()
print("Status: {}".format(res.status))
print("Header:\n{}".format(res.headers))
print("Body:\n{}".format(data.decode("utf-8")))XML:
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<ns4:adminuser description="test" name="superAdmin" xmlns:ers="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com">
<adminGroups>Super Admin</adminGroups>
<changePassword>false</changePassword>
<customAttributes>
<entry>
<key>Email</key>
<value>test@migration.com</value>
</entry>
<entry>
<key>Empresa</key>
<value>xxxxx</value>
</entry>
<entry>
<key>Nome</key>
<value>superAdmin</value>
</entry>
<entry>
<key>CR</key>
<value>xxxxxx</value>
</entry>
<entry>
<key>Matr_cula</key>
<value>9999999</value>
</entry>
</customAttributes>
<enabled>true</enabled>
<externalUser>false</externalUser>
<inactiveAccountNeverDisabled>false</inactiveAccountNeverDisabled>
<includeSystemAlarmsInEmail>false</includeSystemAlarmsInEmail>
<password>test@123</password>
</ns4:adminuser>Any help at all would be greatly appreciated.
Regards,
Gabriele
Accepted Solutions
But, Is there another way to import a list of administrators into ISE? Instead of creating one by one in the GUI.
Your best bet would be to use an external ID source (AD or LDAP or ODBC) as the primary ID source for admin authentication instead of using the internal admin users. If we import internal users (network access users) via CSV, we would still need to add them individually as admin users and assign them with admin groups.
Here are the basic steps to use Active Directory as the admin auth ID source:
- Verify ISE Joined to the Active Directory.
- Access ISE Active Directory configuration page by navigating to Administration > Identity Management > External Identity Sources and select Active Directory from the left-hand pane.
- Click the hyperlink under the Joint Point Name column.
- In the connection page, skip to the next section of the exercise if the ISE node status is Operational.
- If ISE node not joined to AD, tick þthe checkbox next to ISE node and then click Join.
- In Join Domain pop-up window, fill in AD user credentials
- Click OKto start the join operation.
- A window Join Operation Statuswill pop up. Wait until the node status turns Completed, and then click Close
- Click on the tab [ Groups ] and configure the AD groups to use for ISE admin or other ISE policies.
- Go to Administrations> System> Admin Access> Authenticationand tab Authentication Method on the right-hand pane. Click on the Identity Source drop-down and select AD object. Then, Save.
- Go to Administrations> System> Admin Access> Administrators> Admin Groups.
- Click on the hyperlink for an admin group (e.g. Read Only Admin)
- Select Type [V] External and select an AD group to be mapped to this admin group.
- Click Save.
But, Is there another way to import a list of administrators into ISE? Instead of creating one by one in the GUI.
Your best bet would be to use an external ID source (AD or LDAP or ODBC) as the primary ID source for admin authentication instead of using the internal admin users. If we import internal users (network access users) via CSV, we would still need to add them individually as admin users and assign them with admin groups.
Here are the basic steps to use Active Directory as the admin auth ID source:
- Verify ISE Joined to the Active Directory.
- Access ISE Active Directory configuration page by navigating to Administration > Identity Management > External Identity Sources and select Active Directory from the left-hand pane.
- Click the hyperlink under the Joint Point Name column.
- In the connection page, skip to the next section of the exercise if the ISE node status is Operational.
- If ISE node not joined to AD, tick þthe checkbox next to ISE node and then click Join.
- In Join Domain pop-up window, fill in AD user credentials
- Click OKto start the join operation.
- A window Join Operation Statuswill pop up. Wait until the node status turns Completed, and then click Close
- Click on the tab [ Groups ] and configure the AD groups to use for ISE admin or other ISE policies.
- Go to Administrations> System> Admin Access> Authenticationand tab Authentication Method on the right-hand pane. Click on the Identity Source drop-down and select AD object. Then, Save.
- Go to Administrations> System> Admin Access> Administrators> Admin Groups.
- Click on the hyperlink for an admin group (e.g. Read Only Admin)
- Select Type [V] External and select an AD group to be mapped to this admin group.
- Click Save.
