Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1911
Views
0
Helpful
7
Replies

ISE REST API - modify InternalUser identityGroups

dlavor
Level 1
Level 1

‎04-27-2021 11:19 PM - edited ‎04-28-2021 05:29 AM

Hi,

 

I need to modify InternalUser identityGroups field via REST API but looks Im missing something. If I send JSON e.g.

 

{
    "InternalUser": {
        "id": "<uid>"
        "identityGroups": "<gid>,<gid>"
    }
}

I get 200 response
 
{
    "UpdatedFieldsList": {
        "updatedField": []
    }
}

with no changes at all. How can I change user's groups?
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎04-28-2021 01:20 AM

here is the reference for modification :

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216543-ise-identity-group-user-creation-and-mo.html#anc5

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dlavor
Level 1
Level 1
In response to balaji.bandi

‎04-28-2021 01:36 AM 

"identityGroups": "<ID of Identity Group, which user will be part of and can be received as described in step 2>"

 

Thats exactly what I am sending. Works fine for creation, group is assigned correctly but not when sending modify request. I believe it might be a bug. Using ISE 2.7.0.356

0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-28-2021 05:02 AM

Not sure if I have all the info, but it seems that you are missing required fields in your payload.  If you look at the online SDK via https://<isepan>:9060/ers/sdk# you can see examples + required syntax for certain API consumption.  Based on that to modify (update) and internal user's identity group it looks like the json payload should be like this:

 

{
  "InternalUser" : {
    "id" : "036f1cd7-560f-4f27-897d-1374efbb36d0",
    "name" : "name",
    "description" : "description",
    "enabled" : true,
    "email" : "email@domain.com",
    "password" : "password",
    "firstName" : "firstName",
    "lastName" : "lastName",
    "changePassword" : true,
    "identityGroups" : "identityGroups",
    "expiryDateEnabled" : false,
    "expiryDate" : "2016-12-11",
    "enablePassword" : "enablePassword",
    "customAttributes" : {
      "key1" : "value1",
      "key2" : "value3"
    },
    "passwordIDStore" : "Internal Users"
  }
}

Good luck & HTH!

0 Helpful

dlavor
Level 1
Level 1
In response to Mike.Cifelli

‎04-28-2021 05:21 AM - edited ‎04-28-2021 05:22 AM

I removed those fields on purpose because they are not relevant. There are only few required ones (name, id, changePassword and enabled) according to SDK.

Anyway, here is my test payload

{
    "InternalUser": {
        "id": "fcc9cdb1-9409-459c-81b5-e91d80d67062",
        "name": "test1",
        "description": "test1 desc",
        "enabled": true,
        "email": "test1@mail.com",
        "firstName": "test1 Name change",
        "lastName": "test1 Last Name",
        "changePassword": false,
        "identityGroups": "a1740510-8c01-11e6-996c-525400b48521",
        "expiryDateEnabled": false,
        "customAttributes": {},
        "passwordIDStore": "Internal Users"
    }
}

and again no luck

{
    "UpdatedFieldsList": {
        "updatedField": [
            {
                "field": "firstName",
                "oldValue": "test1 Name",
                "newValue": "test1 Name change"
            }
        ]
    }
}

Note that the test user does not have a group yet. GET response

{
    "InternalUser": {
        "id": "fcc9cdb1-9409-459c-81b5-e91d80d67062",
        "name": "test1",
        "description": "test1 desc",
        "enabled": true,
        "email": "test1@mail.com",
        "password": "*******",
        "firstName": "test1 Name change",
        "lastName": "test1 Last Name",
        "changePassword": false,
        "expiryDateEnabled": false,
        "enablePassword": "*******",
        "customAttributes": {},
        "passwordIDStore": "Internal Users",
        "link": {
            "rel": "self",
            "href": "https://192.168.127.150:9060/ers/config/internaluser/fcc9cdb1-9409-459c-81b5-e91d80d67062",
            "type": "application/json"
        }
    }
}
0 Helpful

Marcelo Morais
VIP
VIP

‎04-28-2021 05:33 AM

Hi @dlavor

 an example that works:

{
  "InternalUser" : {
    "id" : "91234567-7123-4123-b123-2123456789ab",
    "name" : "marcelo_morais",
    "description" : "Internal Account",
    "enabled" : false,
    "firstName" : "Marcelo",
    "lastName" : "Morais",
    "changePassword" : false,
    "identityGroups" : "a1234567-8123-1123-9123-5123456789ab,a7654321-8321-1321-9321-5ba987654321",
    "expiryDateEnabled" : false,
    "customAttributes" : { },
    "passwordIDStore" : "Internal Users"
  }
}

the result:

{
  "UpdatedFieldsList" : {
    "updatedField" : [ {
      "field" : "identityGroups",
      "oldValue" : "[a1234567-8123-1123-9123-5123456789ab]",
      "newValue" : "[a7654321-8321-1321-9321-5ba987654321, a1234567-8123-1123-9123-5123456789ab]"
    } ]
  }
}

 

Hope this helps !!!

0 Helpful

dlavor
Level 1
Level 1
In response to Marcelo Morais

‎04-28-2021 05:40 AM

Well then it looks I have a trouble with my installation. Which version do you use?

0 Helpful

Marcelo Morais
VIP
VIP
In response to dlavor

‎04-28-2021 07:56 AM

Hi @dlavor,

 ISE 2.7 P3.

0 Helpful
Customers Also Viewed These Support Documents