Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1406
Views
0
Helpful
3
Replies

Invoke ISE RestAPI example through Linux cURL

Go to solution
leis2
Cisco Employee
Cisco Employee

‎01-25-2018 12:33 AM

Hi ISE Experts,


Can anybody show me an example of using Linux cURL to invoke ISE “Authenticated Sessions List” RESTAPI?

One of my customer wants to retrieve a list of all currently active authenticated sessions using ISE “Authenticated Sessions List” REST API. Since they’re operating this action in a 3rd party device based on Linux, one of the workaround is to use cURL. We find no examples to show what is the correct Curl format so we just try:

$curl https://acme123/admin/API/mnt/Session/AuthList/null/null

And following error messages show:

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

* Closing connection #0

curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Is this format incorrect or I need to enable RestAPI function in ISE or I need to add some parameters to curl command? How can I add authentication username/password to curl command?


Many Thanks,

Lei

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎01-25-2018 06:20 AM

You may need to ensure that the certs are trusted and signed.  In my less secure example, I am bypassing the cert validation via -k.  There are additional curl options for setting TLS and other values as needed.  This worked in my lab:

# curl -k -u admin:password https://<mnt>/admin/API/mnt/Session/AuthList/null/null

I also had to escape special characters in my password by preceding them with "\".  There are other more secure ways to embed the credentials with curl, such as retrieving them from a file so not exposing them in the script or CLI.

Craig

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Craig Hyps
Level 10
Level 10

‎01-25-2018 06:20 AM

You may need to ensure that the certs are trusted and signed.  In my less secure example, I am bypassing the cert validation via -k.  There are additional curl options for setting TLS and other values as needed.  This worked in my lab:

# curl -k -u admin:password https://<mnt>/admin/API/mnt/Session/AuthList/null/null

I also had to escape special characters in my password by preceding them with "\".  There are other more secure ways to embed the credentials with curl, such as retrieving them from a file so not exposing them in the script or CLI.

Craig

0 Helpful

Go to solution
leis2
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎01-25-2018 04:56 PM

Many Thanks Craig.

I will let customer try this and feedback later.

Lei

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-25-2018 05:09 PM

The protocol error indicated your cURL client defaulted to SSLv2 or v3. You might need to upgrade your cURL. More recent ISE releases accept only TLS 1.1 and 1.2 and the cURL options for those are (per curl man page):

       --tlsv1.1

              (TLS) Forces curl to use TLS version 1.1 when connecting to a remote TLS server.

              Added in 7.34.0.

       --tlsv1.2

              (TLS) Forces curl to use TLS version 1.2 when connecting to a remote TLS server.

              Added in 7.34.0.

0 Helpful
Customers Also Viewed These Support Documents