05-19-2021 04:38 AM
Hi Everyone
I would like to create internal users using Python script. I have installed 3.9.2 Python and saved the .py file and run the execution using ERS SDK guide for ISE
I got this error while run the code through command line
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)
This is my code
#!/usr/bin/env python
import http.client
import base64
import ssl
import sys
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
#parameters
name = sys.argv[4] # "chris"
first = sys.argv[5] # "Chris"
last = sys.argv[6] # "Colombus"
passwd = sys.argv[7] # "Password1"
email = sys.argv[8] # "chris@gh.com"
expiry_date = sys.argv[9] # "2021-12-30"
# host and authentication credentials
host = sys.argv[1] # "192.168.31.15"
user = sys.argv[2] # "ersad"
password = sys.argv[3] # "oFlPRrne1"
conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))
creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))
req_body_json = """ {{
"InternalUser" : {{
"name" : "{}",
"enabled" : true,
"email" : "{}",
"password" : "{}",
"firstName" : "{}",
"lastName" : "{}",
"changePassword" : true,
"expiryDateEnabled" : true,
"expiryDate" : "{}",
"enablePassword" : "{}",
"customAttributes" : {{
}},
"passwordIDStore" : "Internal Users"
}}
}}
""".format(name,email,passwd,first,last,expiry_date,passwd)
headers = {
'accept': "application/json",
'content-type': "application/json",
'authorization': " ".join(("Basic",encodedAuth)),
'cache-control': "no-cache",
}
conn.request("POST", "/ers/config/internaluser/", headers=headers, body=req_body_json)
res = conn.getresponse()
data = res.read()
print("Status: {}".format(res.status))
print("Header:\n{}".format(res.headers))
print("Body:\n{}".format(data.decode("utf-8")))
Any help would appreciated
05-19-2021 07:39 AM
You are most likely using an untrusted, self-signed certificate on your ISE node and the Python SSL library does not like that. Also you seem to be explicitly trying to use ssl.PROTOCOL_TLSv1 and perhaps your ISE node has TLS 1.0 disabled for security reasons? I don't know why you want to specifically use TLS 1.0 in your script but make sure you have enabled it:
05-19-2021 08:18 AM - edited 05-20-2021 06:25 AM
the TLS 1.0 is already enabled in the ISE node but I still get the same error as well
05-21-2021 03:20 AM
the TLS 1.0 is already enabled in the ISE node but I still get the same error as well
Any help is welcomed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: