cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1950
Views
0
Helpful
5
Replies

Add multiple endpoints to a specific Cisco ISE Identity Group via API using Bulk CREATE call

Would anyone from Cisco be able to explain how to do the following?

 

I tried to BULK create endpoints, but noticed this operation doesn't support groupId? So, I can create an endpoint using its MAC, description, MDM attributes, portalUser, profileId, make profile and group assignment static, but when I add

 

<groupId>resource_id</groupId>

 

API returns validation error :(

{
"ERSResponse": {
"operation": "PUT-executeBulk-endpoint",
"messages": [
{
"title": "XML Schema Validation Failed :: at line 7, column 22 : cvc-complex-type.2.4.a: Invalid content was found starting with element 'groupId'. One of '{profileId, staticGroupAssignment}' is expected.",
"type": "ERROR",
"code": "Schema validation exception"
}
],
"link": {
"rel": "related",
"href": "https://lab-ise-2x-1.w1.lab:9060/ers/config/endpoint/bulk/submit",
"type": "application/xml"
}
}
}

 

We really need to be able to add endpoints into certain group.

This is possible when endpoints are created one by one. How can I do this with BULK create operation?

 

I refuse to believe that API is less capable than GUI

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee

I believe this time the ordering of the fields matters.

Below is a sample body of two endpoints I tried and worked against my ISE 2.2 standalone in the lab:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:endpointBulkRequest operationType="create" resourceMediaType="vnd.com.cisco.ise.identity.endpoint.1.0+xml" xmlns:ns4="identity.ers.ise.cisco.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns4:resourcesList>
 <ns4:endpoint>
  <groupId>c337e0a0-a67e-11e9-92cd-024294667a96</groupId>
  <mac>11:22:33:00:00:01</mac>
  <staticGroupAssignment>true</staticGroupAssignment>
  <staticProfileAssignment>false</staticProfileAssignment>
 </ns4:endpoint>
 <ns4:endpoint>
  <groupId>c337e0a0-a67e-11e9-92cd-024294667a96</groupId>
  <mac>11:22:33:00:00:02</mac>
  <staticGroupAssignment>true</staticGroupAssignment>
  <staticProfileAssignment>false</staticProfileAssignment>
 </ns4:endpoint>
</ns4:resourcesList>
</ns4:endpointBulkRequest>

View solution in original post

5 REPLIES 5
hslai
Cisco Employee

I believe this time the ordering of the fields matters.

Below is a sample body of two endpoints I tried and worked against my ISE 2.2 standalone in the lab:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:endpointBulkRequest operationType="create" resourceMediaType="vnd.com.cisco.ise.identity.endpoint.1.0+xml" xmlns:ns4="identity.ers.ise.cisco.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns4:resourcesList>
 <ns4:endpoint>
  <groupId>c337e0a0-a67e-11e9-92cd-024294667a96</groupId>
  <mac>11:22:33:00:00:01</mac>
  <staticGroupAssignment>true</staticGroupAssignment>
  <staticProfileAssignment>false</staticProfileAssignment>
 </ns4:endpoint>
 <ns4:endpoint>
  <groupId>c337e0a0-a67e-11e9-92cd-024294667a96</groupId>
  <mac>11:22:33:00:00:02</mac>
  <staticGroupAssignment>true</staticGroupAssignment>
  <staticProfileAssignment>false</staticProfileAssignment>
 </ns4:endpoint>
</ns4:resourcesList>
</ns4:endpointBulkRequest>

Thanks. This worked! Lesson learned - if something doesn't work in Cisco API using XML calls - try re-ordering items :)

 

Anyway, I will mark this as resolved. Regards

Above xml worked for submitting bulk endpoints.
How can i get the bulk id after submitting the request ?

The ID will be returned with the '202 Accepted' response. If you're using Postman, you need for the Location value in the Headers tab.

See an example request/response here - https://developer.cisco.com/docs/identity-services-engine/v1/#!bulk-requests/bulk-requests

 

I don't think this is a complete answer @Greg Gibbs . This post discusses Bulk operations.

Bulk operation return Bulk Operation Status ID in its response (as you've said it is in Location header).

Once returned, one has to use this ID to request Bulk Operation Status, which returns IDs for each processed item, and status of operation for each item.

 

GET: https://{{Hostname}}:9060/ers/config/endpoint/bulk/{{BulkOperationId}}

SAMPLE RESPONSE BODY:

 
{
    "BulkStatus": {
        "bulkId": "1644833364104",
        "mediaType": "vnd.com.cisco.ise.identity.endpoint.1.0+xml",
        "executionStatus": "COMPLETED",
        "operationType": "create",
        "startTime": "Mon Feb 14 10:09:24 GMT 2022",
        "resourcesCount": 2,
        "successCount": 2,
        "failCount": 0,
        "resourcesStatus": [
            {
                "id": "2f6078d0-8d7e-11ec-8284-e6f10543d6b0",
                "description": "john iphone 1",
                "resourceExecutionStatus": "SUCCESS",
                "status": "SUCCESS"
            },
            {
                "id": "2f6078d2-8d7e-11ec-8284-e6f10543d6b0",
                "description": "john iphone 2",
                "resourceExecutionStatus": "SUCCESS",
                "status": "SUCCESS"
            }
        ]
    }
}
 
Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube