cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1409
Views
0
Helpful
3
Replies

'Create internal user' Python script

Richie20
Level 1
Level 1

Hi Everyone

 I  would like to create internal  users using Python script.  I have installed 3.9.2 Python and saved the .py file and run the execution using ERS SDK guide for ISE

 

I got this error while run the code through  command line 


ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)

 

 

This is my code 

 

#!/usr/bin/env python

import http.client
import base64
import ssl
import sys
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

#parameters
name = sys.argv[4] # "chris"
first = sys.argv[5] # "Chris"
last = sys.argv[6] # "Colombus"
passwd = sys.argv[7] # "Password1"
email = sys.argv[8] # "chris@gh.com"
expiry_date = sys.argv[9] # "2021-12-30"

# host and authentication credentials
host = sys.argv[1] # "192.168.31.15"
user = sys.argv[2] # "ersad"
password = sys.argv[3] # "oFlPRrne1"


conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))

creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))

req_body_json = """ {{
"InternalUser" : {{
"name" : "{}",
"enabled" : true,
"email" : "{}",
"password" : "{}",
"firstName" : "{}",
"lastName" : "{}",
"changePassword" : true,
"expiryDateEnabled" : true,
"expiryDate" : "{}",
"enablePassword" : "{}",
"customAttributes" : {{
}},
"passwordIDStore" : "Internal Users"
}}
}}
""".format(name,email,passwd,first,last,expiry_date,passwd)

headers = {
'accept': "application/json",
'content-type': "application/json",
'authorization': " ".join(("Basic",encodedAuth)),
'cache-control': "no-cache",
}

conn.request("POST", "/ers/config/internaluser/", headers=headers, body=req_body_json)

res = conn.getresponse()
data = res.read()

print("Status: {}".format(res.status))
print("Header:\n{}".format(res.headers))
print("Body:\n{}".format(data.decode("utf-8")))

 

Any help would appreciated  

 

3 Replies 3

thomas
Cisco Employee
Cisco Employee

You are most likely using an untrusted, self-signed certificate on your ISE node and the Python SSL library does not like that. Also you seem to be explicitly trying to use ssl.PROTOCOL_TLSv1 and perhaps your ISE node has TLS 1.0 disabled for security reasons? I don't know why you want to specifically use TLS 1.0 in your script but make sure you have enabled it:image.png

the TLS 1.0 is already enabled in the ISE node but I still get the same error as  well 

Richie20
Level 1
Level 1

the TLS 1.0 is already enabled in the ISE node but I still get the same error as  well 

 

Any help is welcomed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: