Solved: How to BULK DeleteById GuestUsers on ISE 2.4

Artemio Romero · ‎11-26-2018

Hello:

I am trying to BULK delete by id using ISE API but SDK documentation does not specify how to do it. I tested BULK create and I could do it successfully, mainly following SDK documentation.

I am trying to do it using XML, the problem must be somewhere on the BODY of my PUT request. I am attaching captures for better understanding.

At the end I receive the error "invalid bulk request - Illeagal operation - DeleteById" but this is supposed to be supported, right?

Surendra · ‎11-28-2018

Try this :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:guestUserBulkRequest operationType="delete" resourceMediaType="vnd.com.cisco.ise.identity.guestuser.2.0+xml" xmlns:ns6="sxp.ers.ise.cisco.com" xmlns:ns5="trustsec.ers.ise.cisco.com" xmlns:ns8="network.ers.ise.cisco.com" xmlns:ns7="anc.ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com"><idList><id>f9fd2080-f302-11e8-a838-ba07e7fa50c9</id></idList></ns4:guestUserBulkRequest>

You can put upto 5000 ids.

View solution in original post

Nidhi · ‎11-27-2018

Checking with SME on this.

meanwhile, I hope you have looked into this link here - https://community.cisco.com/t5/security-documents/ise-guest-sponsor-api-tips-amp-tricks/ta-p/3636773#toc-hId--2098450997

Artemio Romero · ‎11-27-2018

Hi Nidhi:

Thanks for the link!, unfortunately there are no examples on how to bulk Delete so I have not been able to do it. Hopefully someone has experience with it on this forum.

Thanks and regards!

Jason Kunst · ‎11-27-2018

We are working on a solution.

Surendra · ‎11-28-2018

Try this :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:guestUserBulkRequest operationType="delete" resourceMediaType="vnd.com.cisco.ise.identity.guestuser.2.0+xml" xmlns:ns6="sxp.ers.ise.cisco.com" xmlns:ns5="trustsec.ers.ise.cisco.com" xmlns:ns8="network.ers.ise.cisco.com" xmlns:ns7="anc.ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com"><idList><id>f9fd2080-f302-11e8-a838-ba07e7fa50c9</id></idList></ns4:guestUserBulkRequest>

You can put upto 5000 ids.

Artemio Romero · ‎11-28-2018

Hi Surendra:

Yes, that made it work, I tried it with 5000 ids and it deleted 2500 +- successfully, the other 2500+- failed: rootCause="getAttribute: Session already invalidated"

It took 2:30 minutes to delete 2,500 ids, is there a session timer that I can adjust to be able to delete 5,000 ? I have not found it yet on ISE.

I will continue my testing.

THANKS!

Artemio Romero · ‎11-29-2018

After further testing these are my results when trying to Bulk delete guest users with ISE 2.4:

5,000 first try: 2,500 users failed to delete
5,000 second try: 3,500 users failed to delete
2,500 : 1000 failed to delete

Error is the same for each case:

“rootCause="getAttribute: Session already invalidated"

Apparently only when you bulk delete 1000++ users is when Bulk delete works fine.

Any information that can help here?

hslai · ‎07-13-2019

“rootCause="getAttribute: Session already invalidated"

If anyone running into this, I would suggest to try setting the cookies and sending the request with them. If that not helping, we should file a bug.