Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
9
Replies

Cisco ISE and guest user API error

trondaker
Level 3
Level 3

‎09-05-2024 05:19 AM

Trying to get all guest users listed in an API-call, but the API responds with: com.cisco.cpm.guestaccess.apiservices.exception.PortalSystemException: Sponsor users sponsor groups are not available any more"

The API-call that throws me this error is:

host = "1.1.1.1"
user = "user"
password = "passord"

conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))

creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))

headers = {
'accept': "application/json",
'content-type': "application/json",
'authorization': " ".join(("Basic",encodedAuth)),
'cache-control': "no-cache",
}

conn.request("GET", "/ers/config/guestuser", headers=headers)

res = conn.getresponse()
data = res.read()

print(data)

Running 3.1 patch 9 - same issue here:

https://community.cisco.com/t5/network-access-control/ise-2-4-guest-api-error/td-p/4129662

According to the API-doc this should work?

Labels:
0 Helpful
9 Replies 9

trondaker
Level 3
Level 3

‎09-05-2024 05:22 AM

Ops, wrong category

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to trondaker

‎09-05-2024 05:53 AM

 

  - @trondaker I moved it to the correct group , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

bigevilbeard
VIP
VIP

‎09-05-2024 06:20 AM

@trondaker there is an example here https://developer.cisco.com/docs/identity-services-engine/latest/get-all-guest-users/#execution - if you share the error message this would help narrow down your issue.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

trondaker
Level 3
Level 3
In response to bigevilbeard

‎09-05-2024 10:38 AM

Ran the exact same code as the link above, replaced username/pass/host and got the following:

Body:
{
"ERSResponse" : {
"operation" : "GET-getAll-guestuser",
"messages" : [ {
"title" : "com.cisco.cpm.guestaccess.apiservices.exception.PortalSystemException: Sponsor user's sponsor groups are not available any more",
"type" : "ERROR",
"code" : "CRUD operation exception"
} ],
"link" : {
"rel" : "related",
"href" : "https://x.x.x.x:9060/ers/config/guestuser/",
"type" : "application/xml"
}
}
}

0 Helpful

bigevilbeard
VIP
VIP
In response to trondaker

‎09-05-2024 12:51 PM

@trondaker It looks like the script executed successfully, but the response from the server indicates an error, as you see. 

It looks like server is indicating that the sponsor user's sponsor groups are no longer available, which is preventing the retrieval of guest users. You may need to investigate why the sponsor groups are no longer available or update the script to handle this error scenario.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

trondaker
Level 3
Level 3

‎09-09-2024 11:32 PM

Hi again @bigevilbeard !
I logged on to the sponsor portal and checked the sponsor-field, and it is empty for all accounts. This might be what the API is referring to, but im kind of lost as to how to retrieve all guest users when this field is empty? There seems to be no other way then theGET", "/ers/config/guestuser"-path. I tried to iterate through all users to set the sponsor-field, but i cant see a way to it. Any tips? Is there a way to delete all users, to start fresh? From the portal i would have to delete 10 users at a time, that would take forever. 

0 Helpful

bigevilbeard
VIP
VIP
In response to trondaker

‎09-10-2024 02:12 AM

@trondaker hmm so i guess you could update sponsor field for each guest user through the sponsor portal, however, as you mentioned, this can be a time consuming process.. I think you might be able to do this with the API, try he PUT /ers/config/guestuser/{id} and update a guest users information, which should include the sponsor field, your code will  need to iterate through each guest user and update the sponsor field here.

I dont know if there is a bulk delete endpoint in the ISE API. I would use the DELETE /ers/config/guestuser/{id} and delete individual guest users this way using a script to iterate through each guest user and delete them one by one, again this would still be a time consuming process, but it might be faster than doing it manually through the portal.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

trondaker
Level 3
Level 3
In response to bigevilbeard

‎09-10-2024 03:09 AM

Thanks, ill try - but when iterating over the ids, is there any way to get those ids besides the call that doesnt work? 

0 Helpful

bigevilbeard
VIP
VIP
In response to trondaker

‎09-10-2024 03:32 AM

You might try and use the API endpoint to retrieve a list of all users (not just guest users) and then filter out the non-guest users? It might not be affected by the PortalSystemException since it's not specific to guest users too, but thats a guess here.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful
Customers Also Viewed These Support Documents