Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
1
Replies

How to fetch info about users via the ERS API

Kamil Ciemniewski
Level 1
Level 1

‎10-29-2019 06:32 AM - edited ‎10-29-2019 06:32 AM

Hello,

I'm trying to fetch the user's data for given endpoints via the ERS API by the device's MAC address.

As the first step I'm querying for the endpoint:

c GET https://<my-domain>:9060/ers/config/endpoint/<endpoint-id> Content-Type:"application/json" Accept:"application/json" --user "<user>:<password>" | bat -l json

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONIDSSO=<...>; Path=/; Secure; HttpOnly
Set-Cookie: APPSESSIONID=<...>; Path=/ers; Secure; HttpOnly
Pragma: no-cache
ETag: "<...>"
Date: Tue, 29 Oct 2019 13:21:40 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 697
Server:

   1   │ {
   2   │   "ERSEndPoint" : {
   3   │     "id" : "<id>",
   4   │     "name" : "<mac>",
   5   │     "description" : "TEST -work laptop",
   6   │     "mac" : "<mac>",
   7   │     "profileId" : "<profile-id>",
   8   │     "staticProfileAssignment" : false,
   9   │     "groupId" : "<group-id>",
  10   │     "staticGroupAssignment" : true,
  11   │     "portalUser" : "<user-name>",
  12   │     "identityStore" : "",
  13   │     "identityStoreId" : "<identity-store-id>"
  19   │   }
  20   │ }

This gives me the "portalUser" and "profileId" but there doesn't seem to be any way to get the data I can see about this user when I log into the Cisco ISE admin in the browser. I can e. g. see the first and last names of the user in there but not in the API. I've tried different ERS API routes - internalusers, guestusers etc but the user was simply not there.

Could anyone please shed some light on what can be done with the "profileId" and where can I potentially look for the info about users?

Thank you,

Kamil

0 Helpful
1 Reply 1

howon
Cisco Employee
Cisco Employee

‎10-30-2019 09:46 AM

profileId: It would be ID of profiling policy applied to the endpoint. You will need to use another API call to find out the readable profiling policy name that matches the profileId

portalUser: If the user was authenticated via external means such as AD, LDAP, SAML, etc then you would need to look up the external identity store for the user name mapped to MAC address

0 Helpful
Customers Also Viewed These Support Documents