Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2233
Views
0
Helpful
5
Replies

ISE API Create Internal User 415 Error

Go to solution
brianpocock2
Level 1
Level 1

‎04-26-2016 08:23 AM - edited ‎03-10-2019 11:42 PM

Hey, 

Has anyone had any luck using the ISE REST API to create users?

I'm making the following request:

POST /ers/config/internaluser HTTP/1.1
Host: x.x.x.x:9060
Authorization: Basic xxxxxxx
Accept: application/vnd.com.cisco.ise.identity.internaluser.1.1+xml
with this XML:
<?xml version="1.0" encoding="utf-8" standalone="yes"?> 
<ns3:inernaluser xmlns:ns2=“ers.ise.cisco.com” xmlns:ns3=“identity.ers.ise.cisco.com” name=“username”>
 <changePassword>true</changePassword>
 <customAttribute/>
 <enabled>true</enabled> 
 <firstName>first</firstName>
 <lastName>last</lastName> 
 <password>cisco</password> 
</ns3:internaluser>
However I get a 415 response:
<?xml version="1.0" encoding="utf-8" standalone="yes"?><ns3:ersResponse operation="POST-create-internaluser" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns3="ers.ise.cisco.com"><link rel="related" href="https://x.x.x.x:9060/ers/config/internaluser" type="application/xml"/><messages><message type="ERROR" code="Resource media type exception"><title>The specified content-type is not supported. check the resource name in the request URI or the media type specified in the 'Accept' header.</title></message></messages></ns3:ersResponse>

Can anyone spot the issue here?

Cheers

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jan.nielsen
Level 7
Level 7

‎04-26-2016 10:21 AM

Don't know where you got your example from, but there are some errors in the xml, and also in the headers you are sending.

Your header : accept: xxxxx changed to

Content-Type: application/vnd.com.cisco.ise.identity.internaluser.1.0+xml

I made this xml, i marked the things i changed from the cisco api guide example in bold :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<ns3:internaluser description="description" name="testuser" id="id" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com">

<changePassword>true</changePassword>

<customAttributes></customAttributes>

<email>email@example.com</email>

<enabled>true</enabled>

<firstName>John</firstName>

<identityGroups>10a42820-6d90-11e5-978e-005056bf2f0a</identityGroups><lastName>Doe</lastName>

<password>Gld45Fvcx</password>

</ns3:internaluser>

Remember the password has to follow the password requirements set for internal users in ise, the customattributes section is mandatory, even thought there are none set. Identity group is also mandatory, the id can be found with another api call.

Everything is described here :http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/api_ref_guide/api_ref_book/ise_api_ref_ers2.html

View solution in original post

0 Helpful
5 Replies 5

Go to solution
jan.nielsen
Level 7
Level 7

‎04-26-2016 09:40 AM

What ISE version are you running?

0 Helpful

Go to solution
brianpocock2
Level 1
Level 1
In response to jan.nielsen

‎04-26-2016 09:56 AM

2.0.0.306

Cheers

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7

‎04-26-2016 10:21 AM

Don't know where you got your example from, but there are some errors in the xml, and also in the headers you are sending.

Your header : accept: xxxxx changed to

Content-Type: application/vnd.com.cisco.ise.identity.internaluser.1.0+xml

I made this xml, i marked the things i changed from the cisco api guide example in bold :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<ns3:internaluser description="description" name="testuser" id="id" xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com">

<changePassword>true</changePassword>

<customAttributes></customAttributes>

<email>email@example.com</email>

<enabled>true</enabled>

<firstName>John</firstName>

<identityGroups>10a42820-6d90-11e5-978e-005056bf2f0a</identityGroups><lastName>Doe</lastName>

<password>Gld45Fvcx</password>

</ns3:internaluser>

Remember the password has to follow the password requirements set for internal users in ise, the customattributes section is mandatory, even thought there are none set. Identity group is also mandatory, the id can be found with another api call.

Everything is described here :http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/api_ref_guide/api_ref_book/ise_api_ref_ers2.html

0 Helpful

Go to solution
brianpocock2
Level 1
Level 1
In response to jan.nielsen

‎04-26-2016 12:38 PM

Thanks, that sorted it.  I was getting confused between when using accept and content type headers between gets and posts.  Also missing the identity groups attribute.

Cheers!

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7
In response to brianpocock2

‎04-26-2016 01:03 PM

No problem, the documentation can be a little confusing when it comes to the request headers, also they changed from ISE 1.x to 2.0

0 Helpful
Customers Also Viewed These Support Documents