06-12-2018 02:34 PM
Interesting dilemma.
This particular use case is a web-based form that takes input from a guest, including the email address of their sponsor. it will look up that email address against the internal users in ISE, and if it finds a match, it will generate the guest account, and assign it to the sponsor based on the email match.
I need to create a local user in ISE, and that user's internal email address is internal only (in this case, "employee@demo.local"). Since this is not a valid TLD, during the creation of the local account, it complains, and does not allow me to enter this email account.
In order to bypass this, I created a custom attribute, InternalEmail, and entered the "employee@demo.local" string there, hoping to use that as a condition to search for, instead of the email address field (which is now invalid, since it will not allow the .local TLD). Unfortunately, I am getting messages from ISE that custom attributes cannot be used as filter conditions in API calls.
{
"ERSResponse": {
"operation": "GET-getAll-internaluser",
"messages": [
{
"title": "The filter field 'customAttributes' is not supported",
"type": "ERROR",
"code": "Query string validation exception"
}
],
"link": {
"rel": "related",
"href": "https://[REDACTED]/ers/config/internaluser?filter=customAttributes.InternalEmail.CONTAINS.em",
"type": "application/xml"
}
}
}
Based on what I need to do, any particular recommendations on how to get around this?
Thanks!
Bob
Solved! Go to Solution.
06-13-2018 07:14 PM
That is expected. For Get-All of Internal User, only these fields can be filtered:
[firstName, lastName, identityGroup, name, description, email, enabled]
I supposed demo.local is what you are using in the lab but you should be able to setup your mail server to accept emails from some non-local domains.
06-13-2018 02:33 AM
Checking with SME jakunst
06-13-2018 04:17 AM
Bob please share the api call
Likely this is not going to work with custom attribute but will check with developers
Also have you checked using a different email address? Perhaps you can check with a dCloud demo spun up and use its services?
06-13-2018 05:50 AM
Jason,
The API call is:
https://[REDACTED]/ers/config/internaluser?filter=customAttributes.InternalEmail.CONTAINS.em
(the InternalEmail field is where I put "employee@demo.local" email address)
The issue lies in the fact that the input field of the Internal User email field validates the email, and limits the extensions. Since I need to use a different domain extension, i need to store that information somewhere, and it appears as though customAttributes cannot be used in searches.
Here is the actual user information:
{
"InternalUser": {
"id": "5e83a381-d727-4d0d-babe-8e41a2595cf4",
"name": "employee",
"enabled": true,
"email": "employee@demo.com",
"password": "*******",
"changePassword": false,
"identityGroups": "a1740510-8c01-11e6-996c-525400b48521",
"expiryDateEnabled": false,
"enablePassword": "*******",
"customAttributes": {
"InternalEmail": "emplyee@demo.local"
},
"passwordIDStore": "DEMO_AD_DOMAIN",
"link": {
"rel": "self",
"href": "https://[REDACTED]:9060/ers/config/internaluser/5e83a381-d727-4d0d-babe-8e41a2595cf4",
"type": "application/xml"
}
}
}
Any help is appreciated!
Thanks,
Bob
06-13-2018 07:14 PM
That is expected. For Get-All of Internal User, only these fields can be filtered:
[firstName, lastName, identityGroup, name, description, email, enabled]
I supposed demo.local is what you are using in the lab but you should be able to setup your mail server to accept emails from some non-local domains.
06-13-2018 09:36 PM
Is there a different call I can use that will give me access to customAttributes as well? Also, is it possible to get all guest user details, including password, for printing?
Thanks!
06-19-2018 10:11 AM
When you create account you should be able to grab this
Check out the tips here
https://communities.cisco.com/docs/DOC-71891
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide