cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2581
Views
0
Helpful
3
Replies

Internal User Password Expiration Date

jerrymatson1
Level 4
Level 4

Does anyone know of a way to expose the internal user database password expiration date? It seems it should be trivial but not easily found. One use case for this request has to do with a number of "service" accounts with the same email. The password expiration just indicates an account password will expire, but with no way to know which one. It seems it should be easy to find users who are locked out or print out a list of password expiration dates... ?

 

-- Jerry Matson

HDR Inc.

1 Accepted Solution

Accepted Solutions

You are correct, Jerry, ISE does not expose that information, unfortunately.

I've sent it to one of our product managers as an enhancement.

View solution in original post

3 Replies 3

Mike.Cifelli
VIP Alumni
VIP Alumni

Have you considered relying on the ISE ERS APIs? 

Here are two curl commands you could use (first one returns all internal users with unique ID; second one returns the expiryDate for specific user ID)

1: curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user:pass> --request GET https://isepan:9060/ers/config/internaluser

2: curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user:pass> --request GET https://isepan:9060/ers/config/internaluser/uniqueID

 

See more:  ISE ERS API Examples - Cisco Community 

https://isepan:9060/ers/sdk#

I have used Postman to query that same location but it only shows if the user account is set to expire and that expiration date. Unfortunately, nothing about the password expiration date.

You are correct, Jerry, ISE does not expose that information, unfortunately.

I've sent it to one of our product managers as an enhancement.