Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
3
Replies

Help with ISE 3.2 API powershell scripting

James Vale
Level 1
Level 1

‎02-04-2025 08:29 AM

Hi guys.

New to this API call scripting malarky and need some assistance..  Basically im trying to change the access code on an ISE 3.2 guest portal.   I can pull the necesary varibles with the script below,  look at them,  convernt them to json etc, but as soon as I go to change them back I get a 400 error..    

Im sure its something insanely basic so if someone can tell me where I am going wrong I would be greatful
Script below:

$ISEServer = "https://fqdn.of.server"
$Username = "ERSUser"
$Password = "XXXXXX"
$PortalID = "04f0e934-8d39-471d-bbb0-d24505e995e9"
$NewAccessCode = "NewPassword"

# Encode Credentials for Basic Authentication
$AuthHeader = @{
Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("$Username`:$Password"))
"Content-Type" = "application/json"
Accept = "application/json"
}

# Get the existing portal configuration
$GetPortalUrl = "$ISEServer/ers/config/portal/$PortalID"
$CurrentPortal = Invoke-RestMethod -Uri $GetPortalUrl -Headers $AuthHeader -Method Get


$CurrentPortal.ERSPortal.aupPageAccessCode | Write-Output
$CurrentPortal.ERSPortal.aupPageAccessCode = $NewAccessCode
$CurrentPortal.ERSPortal.aupPageAccessCode | Write-Output

$CurrentPortal | Convertto-Json

$UpdatedPortalJson = $CurrentPortal | Convertto-Json

$Response = Invoke-RestMethod -Uri $GetPortalUrl -Headers $AuthHeader -Method Put -Body $UpdatedPortalJson

 

0 Helpful
3 Replies 3

Arne Bier
VIP
VIP

‎02-05-2025 01:08 PM

I'm not a Powershell coder myself, but I have dabbled a bit with Postman, curl and some python libraries.  I would look for things like:

  • Does your python request enforce a certificate check when speaking with the ISE server?  Ideally, you should provide the CA chain to your script to validate/establish that trust. Failing that, enable a switch/parameter to force the security check off.
  • Are you pointing the URL to the PAN on port 443?
  • Test the concept in curl first (the python script has too many moving parts) - some calls must be made to the MNT, and not the PAN

 

e.g. when using curl, I can cheat by using the '--insecure' parameter to ignore cert checks

curl --insecure --netrc-file ~/.secrets/.netrc -X 'GET' 'https://rnolabise01.rnlab.local:443/ers/config/portala486c6ef-6c77-4bc1-bf6d-4e479b3aeae88'  -H 'accept: application/json'


{
  "ERSPortal" : {
    "id" : "a486c6ef-6c77-4bc1-bf6d-4e479b3aeae8",
    "name" : "ISE Portal (default)",
    "description" : "Ise Portal for saml based feature purpose",
    "portalType" : "GUEST",
    "link" : {
      "rel" : "self",
      "href" : "https://rnolabise01.rnlab.local/ers/config/portal/a486c6ef-6c77-4bc1-bf6d-4e479b3aeae8",
      "type" : "application/json"
    }
  }
}

 

0 Helpful

James Vale
Level 1
Level 1

‎02-05-2025 01:13 PM

Thanks.

I found the problem in the end..   Slight script modifications converting BASH to Powershell via ChatGPT but the main cause was the fact that /ers/config/portal does not permit PUT or PATCH.   I had to use /ers/config/hotspotportal instead.

Code below for anyone else looking to achieve the same using Powershell

# Variables
$NewAccessCode = "XXXX"						#Guest Portal Access Password Change this Weekly

$ISEServer = "XXXX"						#ISE Server URL
$Username = "ERSAdmin"						#ERS User
$Password = "XXXXXXXXXXX"					#ERS User Password
$PortalID = "XXXXXXXXDXXXXXXXXXXXXXXXXXXXXXXX"  		#ISE Portal ID


# Encode Credentials for Basic Authentication
$AuthHeader = @{
    Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("$Username`:$Password"))
    "Content-Type" = "application/json"
    Accept = "application/json"
}

$url = "https://$ISEServer/ers/config/hotspotportal/$PortalID"	#ISE API Portal URL 


$body = @{
    "HotspotPortal" = @{
        "settings" = @{
            "aupSettings" = @{
                "accessCode" = "NewPassword"
            }
        }
    }
} | ConvertTo-Json -Depth 10


try {
    Invoke-RestMethod -Uri $url -Method Patch -Headers $AuthHeader -Body $body
    Write-Output "Hotspot portal access code updated successfully."
} catch {
    Write-Output "Error Response (PUT Request):"
    Write-Output $_.Exception.Message
    Write-Output "Press Enter to exit..."
    Read-Host
    break
}

 

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎02-05-2025 01:43 PM

The API endpoint you are using '/ers/config/portal' only supports GET methods as per the documentation. You cannot use this API endpoint to make changes.
https://developer.cisco.com/docs/identity-services-engine/latest/portal/

To make updates to an existing portal, try using the PUT method with the '/ers/config/sponsoredguestportal/{portal-id}' API endpoint.
https://developer.cisco.com/docs/identity-services-engine/latest/sponsoredguestportal/

 

0 Helpful
Customers Also Viewed These Support Documents