03-23-2018 01:39 PM
I'm trying to apply an ANC policy using the ERS API URI of "/ers/config/ancendpoint/apply" but ISE only returns an HTTP 404 error. Other ERS API calls work wonderfully so it's not header or authorization problem.
ISE is on 2.3
Solved! Go to Solution.
03-30-2018 05:48 PM
This is due to CSRF validation. Please read the section on this in ISE 2.3 Release Notes, API Documentation from the ERS Online SDK.
03-23-2018 01:59 PM
Please turn DEBUG on ers and watch ise-psc.log, which should give you some clues what's missing.
If not, please post a complete request sample.
Below works for me:
curl -X PUT -k -H 'Content-Type: application/json' -H 'Accept: application/json' -i 'https://myAdminUser:myPassword@myISE:9060/ers/config/ancendpoint/apply' --data '{
"OperationAdditionalData" : {
"additionalData" : [
{ "name" : "macAddress", "value" : "02:00:00:00:00:01" },
{ "name" : "policyName", "value" : "testANC-Q01"}
]
}
}'
03-26-2018 07:20 AM
Specifically, ISE is on version 2.3.0.298
It looks like the URI PATH is not being parsed, it's showing as null. Here's a snippet:
Working GET request:
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- #### MaxThreadsFilter.doFilter --> getPathInfo=/ancendpoint/
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- #### MaxThreadsFilter.doFilter --> getMethod=GET
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- #### MaxThreadsFilter.doFilter --> getRequestURL=https://10.101.0.10:9060/ers/config/ancendpoint/
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- #### MaxThreadsFilter.doFilter --> getRemoteHost=192.168.255.10
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- ## RateLimitFilter Servlet => Continue with the ERS Request, The current bucket count is: 49
cpm.ers.app.web.PICFilter -::::- #### PICFilter.doFilter --> getPathInfo=/ancendpoint/
cpm.ers.app.web.PICFilter -::::- #### PICFilter.doFilter --> getMethod=GET
cpm.ers.app.web.PICFilter -::::- #### PICFilter.doFilter --> getRequestURL=https://10.101.0.10:9060/ers/config/ancendpoint/
cpm.ers.app.web.PICFilter -::::- #### PICFilter.doFilter --> getRemoteHost=192.168.255.10
cpm.ers.app.web.PAPFilter -::::- #### PAPFilter.doFilter --> getPathInfo=/ancendpoint/
cpm.ers.app.web.PAPFilter -::::- #### PAPFilter.doFilter --> getMethod=GET
cpm.ers.app.web.PAPFilter -::::- #### PAPFilter.doFilter --> getRequestURL=https://10.101.0.10:9060/ers/config/ancendpoint/
cpm.ers.app.web.PAPFilter -::::- #### PAPFilter.doFilter --> getRemoteHost=192.168.255.10
cpm.ers.app.web.PAPFilter -::::- #### PAPFilter.doFilter --> passing the filter!
cpm.ers.app.web.AtnAtzFilter -::::- #### AtnAtzFilter.doFilter --> getPathInfo=/ancendpoint/
cpm.ers.app.web.AtnAtzFilter -::::- #### AtnAtzFilter.doFilter --> getMethod=GET
cpm.ers.app.web.AtnAtzFilter -::::- #### AtnAtzFilter.doFilter --> getRequestURL=https://10.101.0.10:9060/ers/config/ancendpoint/
cpm.ers.app.web.AtnAtzFilter -::::- #### AtnAtzFilter.doFilter --> getRemoteHost=192.168.255.10
Failing PUT request:
cpm.ers.app.impl.ERSConfigurationListener -::::- Registering ERS Configuration Listener
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- #### MaxThreadsFilter.doFilter --> getPathInfo=null
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- #### MaxThreadsFilter.doFilter --> getMethod=PUT
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- #### MaxThreadsFilter.doFilter --> getRequestURL=https://10.101.0.10:9060/ers/custom_error_page.jsp
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- #### MaxThreadsFilter.doFilter --> getRemoteHost=192.168.255.10
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- ## RateLimitFilter Servlet => Continue with the ERS Request, The current bucket count is: 49
cpm.ers.app.web.SponsorSessionAttributesFilter -::::- #### SponsorSessionAttributesFilter.doFilter --> getPathInfo=null
cpm.ers.app.web.SponsorSessionAttributesFilter -::::- #### SponsorSessionAttributesFilter.doFilter --> getMethod=PUT
cpm.ers.app.web.SponsorSessionAttributesFilter -::::- #### SponsorSessionAttributesFilter.doFilter --> getRequestURL=https://10.101.0.10:9060/ers/custom_error_page.jsp
cpm.ers.app.web.SponsorSessionAttributesFilter -::::- #### SponsorSessionAttributesFilter.doFilter --> getRemoteHost=192.168.255.10
cpm.ers.app.web.SponsorSessionAttributesFilter -::::- #### SponsorSessionAttributesFilter.doFilter, it is not a sponosr , it will not perform in SponsorSessionAttributeFilter !
cpm.ers.app.web.MaxThreadsLimiterFilter -::::- ## RateLimitFilter Servlet => Continue with the ERS Response, The current bucket count is: 49
api.services.persistance.dao.DistributionDAO -::::- In DAO getRepository method for HostConfig Type: MNT
Postman screenshot of request with your test data