cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1061
Views
0
Helpful
3
Replies

ISE 3.0 and SecureX Orchestrations

I am running ISE 3.0 Patch.  I have a SecureX Remote gateway deployed into my environment to be able to facilitate connections from SecureX.  I installed the latest Workflows from the My Exchange in SecureX Orchestration, specifically the ISE - Quarantine Endpoint, ISE - Add Endpoint to Identity Group and  ISE - Remove Endpoint from Identity Group.  On my ISE deployment,  under ERS settings, I have Enable ERS for Read/Write, ERS Setting for All Other Nodes set to enable ERS for Read and under CSRF Check USE CSRF Check for Enhanced Security (I have tried to disable it as well and both fail).  I created a local Admin User and set groups Super Admin and ERS Admin to that user.  In data access privileges, I made sure that the groups have full access.  In SecureX I added the requisite Targets, Keys, remote, added the identity group ID, etc.  When I run the Add Endpoint to Identity Group (using the mac copied from ISE as the observable_value and mac_address as the observable_type), everything runs green until it gets to the ATOMIC action of ISE - ERS - Endpoint - Update Identity Group.

In the Error Message I see this:

id: 0226MDL7OM8Y24rKeO3fE3MrmVEuoSXVUUb, wf_instance_id: 0226MDKWO57Q779kC0Sn6TBE2amOHuZrc8H, error: Failed to update the requested endpoint's identity group assignment

Status code: 403
Response body: CSRF nonce validation failed<!DOCTYPE html>
<html lang="en">
<head>

</head>
<body>
<div class="container">
<h1>[ 403 ] </h1>
<p></p>
<p></p>
</div>
</body>
</html>

 

In the JSON Output I see this:

{
"output": {
"error": {
"code": "400",
"message": "id: 0226MDL7OM8Y24rKeO3fE3MrmVEuoSXVUUb, wf_instance_id: 0226MDKWO57Q779kC0Sn6TBE2amOHuZrc8H, error: Failed to update the requested endpoint's identity group assignment\n\nStatus code: 403\nResponse body: CSRF nonce validation failed<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n \n </head>\n <body>\n <div class=\"container\">\n <h1>[ 403 ] </h1>\n <p></p>\n\t <p></p>\n </div>\n </body>\n</html>"
},
"response": {
"01RMCDATE1A2H444G3ntxJXCm2xMm8Fo5DK": "",
"elapsed_time": 0.670128775,
"end_time": "2022-12-16T22:03:33.699Z",
"instance_id": "0226MDKWO57Q779kC0Sn6TBE2amOHuZrc8H",
"start_time": "2022-12-16T22:03:33.029Z",
"started_by": "0226MDJO3OMQD2PTHwOJbcS8C74XNfFN3b4",
"succeeded": false
}
}
}
 
What am I missing?
3 Replies 3

hslai
Cisco Employee
Cisco Employee