01-25-2018 12:33 AM
Hi ISE Experts,
Can anybody show me an example of using Linux cURL to invoke ISE “Authenticated Sessions List” RESTAPI?
One of my customer wants to retrieve a list of all currently active authenticated sessions using ISE “Authenticated Sessions List” REST API. Since they’re operating this action in a 3rd party device based on Linux, one of the workaround is to use cURL. We find no examples to show what is the correct Curl format so we just try:
$curl https://acme123/admin/API/mnt/Session/AuthList/null/null
And following error messages show:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Is this format incorrect or I need to enable RestAPI function in ISE or I need to add some parameters to curl command? How can I add authentication username/password to curl command?
Many Thanks,
Lei
Solved! Go to Solution.
01-25-2018 06:20 AM
You may need to ensure that the certs are trusted and signed. In my less secure example, I am bypassing the cert validation via -k. There are additional curl options for setting TLS and other values as needed. This worked in my lab:
# curl -k -u admin:password https://<mnt>/admin/API/mnt/Session/AuthList/null/null
I also had to escape special characters in my password by preceding them with "\". There are other more secure ways to embed the credentials with curl, such as retrieving them from a file so not exposing them in the script or CLI.
Craig
01-25-2018 06:20 AM
You may need to ensure that the certs are trusted and signed. In my less secure example, I am bypassing the cert validation via -k. There are additional curl options for setting TLS and other values as needed. This worked in my lab:
# curl -k -u admin:password https://<mnt>/admin/API/mnt/Session/AuthList/null/null
I also had to escape special characters in my password by preceding them with "\". There are other more secure ways to embed the credentials with curl, such as retrieving them from a file so not exposing them in the script or CLI.
Craig
01-25-2018 04:56 PM
Many Thanks Craig.
I will let customer try this and feedback later.
Lei
01-25-2018 05:09 PM
The protocol error indicated your cURL client defaulted to SSLv2 or v3. You might need to upgrade your cURL. More recent ISE releases accept only TLS 1.1 and 1.2 and the cURL options for those are (per curl man page):
--tlsv1.1
(TLS) Forces curl to use TLS version 1.1 when connecting to a remote TLS server.
Added in 7.34.0.
--tlsv1.2
(TLS) Forces curl to use TLS version 1.2 when connecting to a remote TLS server.
Added in 7.34.0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide