Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
959
Views
0
Helpful
5
Replies

ISE 3.1 API nonce validation failed

Go to solution
Ralf Fischer
Level 1
Level 1

‎06-20-2023 07:15 AM

Hi all, 

I want to add new Endpoints via API. I'm using this endpoint: 

POST /ers/config/endpoint

The system needs a X-CSRF-TOKEN header. I get this Token before sending the POST Request via GET /ers/config/endpoint with the following headers: 

        'Accept''application/json',
        'Content-Type''application/json',
        'X-CSRF-TOKEN''fetch'
 
I get a proper Token within the response. If I use this token for my POST request i get a 403 forbidden response with the following response body:  
CSRF nonce validation failed
 
Thank you for your help in advance!
Best,
Ralf

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
poongarg
Cisco Employee
Cisco Employee
In response to Ralf Fischer

‎06-20-2023 08:58 PM

Can you please confirm if in the POST request, you are passing the session cookie along with token to tie the sessions together.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎06-20-2023 07:52 AM - edited ‎06-20-2023 07:52 AM

How are you sending the request?  Postman, CURL, etc.?
What do you mean you are sending a POST via GET?  Those are two different requests.

To use `curl` you would send
curl --include --insecure --location \
--header 'Content-Type:application/json' \
--header 'Accept: application/json' \
--user $ise_username:$ise_password \
--request POST https://$ise_address/ers/config/endpoint \
--data '
{
  "ERSEndPoint" : {
    "name" : "MyEndpoint",
    "description" : "MyEndpoint",
    "mac" : "11:22:33:44:55:66",
    "groupId" : "aa13bb40-8bff-11e6-996c-525400b48521",
    "staticGroupAssignment" : true
  }
}
 
Visit https://cs.co/ise-api for more information

 

0 Helpful

Go to solution
Ralf Fischer
Level 1
Level 1

‎06-20-2023 08:05 AM

Hi Charlie, 

I'm using postman for my first draft, it is planned to use Azure LogicApps for production.

I send two requests (POSTMAN Pre-Request Script:)

 

 

pm.sendRequest({
    url: "https://ISE-URL/ers/config/endpoint",
    method: 'GET',
    header: {   
        'Accept': 'application/json',
        'Content-Type': 'application/json',
        'X-CSRF-TOKEN': 'fetch'
    }
    },
function (err, response) {
    var responseHeaderXCSRFTOKEN =  response.headers.get('X-CSRF-TOKEN');
    pm.environment.set("ISE-X-CSRF-TOKEN", responseHeaderXCSRFTOKEN );
}
);

 

than i use the Token within my POST request:
with this header: 
X-CSRF-TOKEN = {{ISE-X-CSRF-TOKEN}}
 
And i get this response: 
code 403 
CSRF nonce validation failed

 

 

0 Helpful

Go to solution
poongarg
Cisco Employee
Cisco Employee
In response to Ralf Fischer

‎06-20-2023 08:58 PM

Can you please confirm if in the POST request, you are passing the session cookie along with token to tie the sessions together.

0 Helpful

Go to solution
Ralf Fischer
Level 1
Level 1

‎06-20-2023 11:24 PM

Yes I can confirm that i pass two cookies along with my token:

APPSESSIONID=6E19EB596609FC58E304064CFF5C4AA3; JSESSIONIDSSO=B7BF6BC8BD33A0C8E6F331445B01EAB8
0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-23-2023 08:21 PM

@Ralf Fischer See this old post Solved: Re: X-CSRF-TOKEN handling - Cisco Community

0 Helpful
Customers Also Viewed These Support Documents