Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1759
Views
5
Helpful
4
Replies

Hoow to acees the External RESTful Services SDK

Go to solution
RichardAcolatse8417
Level 1
Level 1

‎05-04-2021 03:28 AM

Hi Everyone ,

I am try to access the   External RESTful Services SDK but I cant  access the resources . I want to if this is how you can access the SDK from the browser   https://ise-cscio:192.xxxxxxxx:9060/ers/sdk

 

Thank you ,

Richard 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎05-04-2021 03:50 AM

@RichardAcolatse8417 

Ensure ERS is enabled, refer to this link https://developer.cisco.com/docs/identity-services-engine/2.6/#!setting-up/enable-ers-port-9060

 

Once you have enabled the REST API in ISE, you may use any SuperAdmin, ERS Admin or ERS Operator group accounts to view the API SDK on your ISE PAN node at https://ise-pan:9060/ers/sdk. Replace "ise-pan" with your ISE node IP address or FQDN.

 

More information on using ISE ERS API.

https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎05-04-2021 03:50 AM

@RichardAcolatse8417 

Ensure ERS is enabled, refer to this link https://developer.cisco.com/docs/identity-services-engine/2.6/#!setting-up/enable-ers-port-9060

 

Once you have enabled the REST API in ISE, you may use any SuperAdmin, ERS Admin or ERS Operator group accounts to view the API SDK on your ISE PAN node at https://ise-pan:9060/ers/sdk. Replace "ise-pan" with your ISE node IP address or FQDN.

 

More information on using ISE ERS API.

https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623

0 Helpful

Go to solution
RichardAcolatse8417
Level 1
Level 1
In response to Rob Ingram

‎05-04-2021 04:14 AM

Hi @Rob Ingram 

Thank you for assistance . I  tried to write a script to create Internal User with for ISE but I got an error while my code 

 

This is the error  

Traceback (most recent call last):
File "C:\Users\ghibuser\Desktop\ISEInternalUserTest.py", line 37, in <module>
req_body_json = """{{
IndexError: Replacement index 8 out of range for positional args tuple

 

This my command for run the code 

python ISEInternalUserTest.py 192.198.1.1 ers-admin admin20! robert Robert Mensah Password1 rmensah@gha.com Employee 12/26/2021

 

This is my code

#!/usr/bin/python
import http.client
import base64
import ssl
import sys
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


print ("The no of command line arguments: ",len(sys.argv))
argv = sys.argv[1]
print ("The name of the script: ", sys.argv[0])
print ("The argument are: ", argv)
#parameters

id = sys.argv[4] # "B100"
userName = sys.argv[5] # "robert"
firstName = sys.argv[6] # "Robert"
lastName = sys.argv[7] # " Mensah"
password = sys.argv[8] # "Password1"
emailAddress = sys.argv[9] # "rmensah@ghanabank.co.uk
expiryDate = sys.argv[10] # “12/26/2022”
identityGroups = sys.argv[11] # “Employee”


# host and authentication credentials
host = sys.argv[1] # "192.198.1.1"
user = sys.argv[2] # “ers.admin”
password = sys.argv[3] # “admin20!”

conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLS))

creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))

req_body_json = """{{

\"InternalUser\" : {{

\"id"\ : "\{}\",

"userinfo":{{
\"Name\" : "\{}\",

\"description"\ : "\{}\",

"enabled" : true,

\"email\" : "\{}\",

\"password\" : "\{}\",

\"firstName\" : "\{}\",

\"lastName\" : "\{}\",

\"changePassword\" : true,

\"identityGroups\" : "\{}\",

"expiryDateEnabled" : false,
}},
"userAccessInfo" : {{

"expiryDate" : "\{}\",

"enablePassword" : "enablePassword",
}}

"customAttributes" : {

"key1" : "value1",

"key2" : "value3"

},

"passwordIDStore" : "Internal Users"

}

}}
}}""".format(id,userName,firstName,lastName,emailAddress,password,identityGroups,expiryDate)
headers = {
'accept': "application/json",
'content-type': "application/json",
'authorization': " ".join(("Basic",encodedAuth)),
'cache-control': "no-cache",
}
conn.request("POST", "/ers/config/internaluser/", headers=headers, body=req_body_json)

es = conn.getresponse()
data = res.read()

print("Status: {}".format(res.status))
print("Header:\n{}".format(res.headers))
print("Body:\n{}".format(data.decode("utf-8")))
print('-'*80)
print(req_body_json)
print('-'*80)

 

 

Any suggestions are welcomed 

 

Thank you

 

 

 

This my code 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to RichardAcolatse8417

‎05-04-2021 04:58 AM

@RichardAcolatse8417 

Not sure, I am not  so familar with python code. Is your IP address 192.198.1.1 correct, shouldn't it be 192.168.1.1

 

Cisco have provided a working example of creating an Internal user in ISE here.

https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623#toc-hId--524760982

 

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎05-04-2021 06:49 AM

Richard,

Many of your questions are answered in the document ISE ERS API Examples.

We also host the SDK in Cisco DevNet @ https://cs.co/ise-api

See https://cs.co/ise-resources for additional ISE documents including APIs

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents