Hello,

I have a "quick" question regarding python and ISE API:

When using my browser, with this URL : https://10.1.23.14/admin/API/mnt/CoA/Reauth/ise24/"Mac@"/2, it does "RERUN" reauth as expected for the specified Mac@ in ISE.

When I perform the same request in a python script, nothing happen, even if I receive a 200 status code

   resp1 = requests.get(base_url_coa + endpoint_details['mac'] + '/2', headers=headers, auth=auth, verify=False)

resp1 ==> <Response [200]>

resp1.headers : 

{'Cache-Control': 'private', 'Expires': 'Thu, 01 Jan 1970 00:00:00 GMT', 'Set-Cookie': 'JSESSIONIDSSO=DE4FD9CCD4A2F3C459D639E000220DAD; Path=/; Secure; HttpOnly, APPSESSIONID=21CBAC5A1C6A545BE4B2BFC3264BE15C; Path=/admin; Secure; HttpOnly', 'X-Frame-Options': 'SAMEORIGIN', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;", 'X-XSS-Protection': '1; mode=block', 'Content-Type': 'text/html;charset=UTF-8', 'Content-Length': '0', 'Date': 'Fri, 20 Aug 2021 13:03:41 GMT', 'Server': ''}

Any idea ?

Hello, I know and it is configured.
The point here is that when I use  a browser and send 

https://10.1.23.14/admin/API/mnt/CoA/Reauth/ise24/00:22:BD:F7:39:21/2
it works (it does what it is expected, it does the reauth)

but when I generate the same
get.requests in my python script, I receive the code 200, and nothing happen.
(requests.get(base_url_coa + endpoint_details['mac'] + '/2', headers=headers, auth=auth, verify=False))
The URL is OK (I print it to check), but it does nothing( no reauth)

I don't know where I can troubleshoot that in ISE

Rgds,
Cyril

Hello,

It does work with the URL from a browser, and using cURL : 

$ curl -v https://10.1.23.14/admin/API/mnt/CoA/Reauth/ise24/00:22:BD:F7:39:21/2 -u "admin:1SEC1sc0123&"

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.1.23.14...

* TCP_NODELAY set

* Connected to 10.1.23.14 (10.1.23.14) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

*   CAfile: /etc/ssl/cert.pem

  CApath: none

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

} [205 bytes data]

* TLSv1.2 (IN), TLS handshake, Server hello (2):

{ [81 bytes data]

* TLSv1.2 (IN), TLS handshake, Certificate (11):

{ [1425 bytes data]

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

{ [333 bytes data]

* TLSv1.2 (IN), TLS handshake, Server finished (14):

{ [4 bytes data]

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

} [70 bytes data]

* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

} [1 bytes data]

* TLSv1.2 (OUT), TLS handshake, Finished (20):

} [16 bytes data]

* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):

{ [1 bytes data]

* TLSv1.2 (IN), TLS handshake, Finished (20):

{ [16 bytes data]

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

* ALPN, server did not agree to a protocol

* Server certificate:

*  subject: C=Fr; ST=IdF; L=Paris; O=Cisco; OU=IoT; CN=ise24.iot-fr.local

*  start date: May 11 12:33:42 2020 GMT

*  expire date: May 11 12:33:42 2022 GMT

*  subjectAltName: host "10.1.23.14" matched cert's IP address!

*  issuer: DC=local; DC=iot-fr; CN=iot-fr-WIN-AD-IND-CA

*  SSL certificate verify ok.

* Server auth using Basic with user 'admin'

> GET /admin/API/mnt/CoA/Reauth/ise24/00:22:BD:F7:39:21/2 HTTP/1.1

> Host: 10.1.23.14

> Authorization: Basic YWRtaW46MVNFQzFzYzAxMjMm

> User-Agent: curl/7.64.1

> Accept: */*

> 

< HTTP/1.1 200 OK

< Cache-Control: private

< Expires: Thu, 01 Jan 1970 00:00:00 GMT

< Set-Cookie: JSESSIONIDSSO=F750302ADB5975D8A065A0B71AFE6D55; Path=/; Secure; HttpOnly

< Set-Cookie: APPSESSIONID=F8BD31AEB87E9D979EA664C1690BE3C1; Path=/admin; Secure; HttpOnly

< X-Frame-Options: SAMEORIGIN

< Strict-Transport-Security: max-age=31536000; includeSubDomains

< X-Content-Type-Options: nosniff

< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;

< X-XSS-Protection: 1; mode=block

< Date: Tue, 24 Aug 2021 09:38:43 GMT

< Content-Type: application/xml;charset=UTF-8

< Content-Length: 122

< Server:  

{ [122 bytes data]

100   122  100   122    0     0    622      0 --:--:-- --:--:-- --:--:--   619

* Connection #0 to host 10.1.23.14 left intact

* Closing connection 0

From my script

....
base_url_coa = 'https://' + ISE_instance + '/admin/API/mnt/CoA/Reauth/ise24/'
headers = {
'Accept': 'application/json'
}
auth = (ISE_username, ISE_password)
s = requests.session()
resp1 = s.get(base_url_coa + endpoint_details['mac'] + '/2', headers=headers, auth=auth, verify=False)

That is not a full script...

Anyhow... https://github.com/petermoorey/cisco-ise has ise-coa.py which is doing what you're trying here.
Also, take a look at (Cisco Community) ISE MNT APIs and Python 

the headers was :

headers = {
'Accept': 'application/json'
}

While the request sends back :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><remoteCoA requestType="reauth"><results>true</results></remoteCoA>

So it is XML content and not json