cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1593
Views
7
Helpful
2
Replies

ISE 1.3/1.4 - REST API for Active Session

musultan
Cisco Employee
Cisco Employee

Hello Experts,


I am working on an issue where we want to run the below REST API to monitor the active sessions.

We followed the documentation and created the 2 users under Administration > System > Admin Access > Administrators > Admin Users 

"ersadmin1” with the “Admin Groups” = “ERS Admin”

"admin1” with the “Admin Groups” = “Super Admin”

When, we run the REST API with the user “ersadmin1”, we are getting the below error always;

    Status Code: 401 Unauthorized

    Cache-Control: private

    Content-Length: 1027

    Content-Type: text/html;charset=utf-8

    Date: Wed, 03 Feb 2016 19:56:37 GMT

    Expires: Wed, 31 Dec 1969 18:00:00 CST

    Unauthorized: 401

    X-Frame-Options: SAMEORIGIN

When, we run the REST API with the user “admin1”, we are getting the below success message;

    Status Code: 200 OK

    Cache-Control: private

    Content-Length: 467

    Content-Type: application/xml;charset=UTF-8

    Date: Wed, 03 Feb 2016 19:53:25 GMT

    Expires: Wed, 31 Dec 1969 18:00:00 CST

    Set-Cookie: JSESSIONIDSSO=F139B62117617AC2D5A9835F288914A1; Path=/; Secure; HttpOnly

    JSESSIONID=53EDE72CFC828190EAAA2A3E9BA5BC36; Path=/admin/; Secure; HttpOnly

    X-Frame-Options: SAMEORIGIN

I looks like a buggy behavior and I tested on ISE 1.3 and 1.4 both. What are your comments on it?

1 Accepted Solution

Accepted Solutions

That is expected -- ISE Monitoring REST API is not ERS API and it pre-dates ERS API.

Before 2.0, only internal "Super Admin" allows to run ISE Monitoring REST API (non-EPS ones). ISE 2.0 allows SUPER_ADMIN,SYSTEM_ADMIN,MNT_ADMIN.

PS: I just logged a new doc bug -- CSCuy13846

View solution in original post

2 Replies 2

musultan
Cisco Employee
Cisco Employee

REST API Query is;

https://<ISE-IPAddress>/admin/API/mnt/Session/ActiveList

That is expected -- ISE Monitoring REST API is not ERS API and it pre-dates ERS API.

Before 2.0, only internal "Super Admin" allows to run ISE Monitoring REST API (non-EPS ones). ISE 2.0 allows SUPER_ADMIN,SYSTEM_ADMIN,MNT_ADMIN.

PS: I just logged a new doc bug -- CSCuy13846

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: