cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1632
Views
0
Helpful
7
Replies

ISE REST API - modify InternalUser identityGroups

dlavor
Level 1
Level 1

Hi,

 

I need to modify InternalUser identityGroups field via REST API but looks Im missing something. If I send JSON e.g.

 

{
    "InternalUser": {
        "id": "<uid>"
        "identityGroups": "<gid>,<gid>"
    }
}

I get 200 response
 
{
    "UpdatedFieldsList": {
        "updatedField": []
    }
}

with no changes at all. How can I change user's groups?
7 Replies 7

"identityGroups": "<ID of Identity Group, which user will be part of and can be received as described in step 2>"

 

Thats exactly what I am sending. Works fine for creation, group is assigned correctly but not when sending modify request. I believe it might be a bug. Using ISE 2.7.0.356

Mike.Cifelli
VIP Alumni
VIP Alumni

Not sure if I have all the info, but it seems that you are missing required fields in your payload.  If you look at the online SDK via https://<isepan>:9060/ers/sdk# you can see examples + required syntax for certain API consumption.  Based on that to modify (update) and internal user's identity group it looks like the json payload should be like this:

 

{
  "InternalUser" : {
    "id" : "036f1cd7-560f-4f27-897d-1374efbb36d0",
    "name" : "name",
    "description" : "description",
    "enabled" : true,
    "email" : "email@domain.com",
    "password" : "password",
    "firstName" : "firstName",
    "lastName" : "lastName",
    "changePassword" : true,
    "identityGroups" : "identityGroups",
    "expiryDateEnabled" : false,
    "expiryDate" : "2016-12-11",
    "enablePassword" : "enablePassword",
    "customAttributes" : {
      "key1" : "value1",
      "key2" : "value3"
    },
    "passwordIDStore" : "Internal Users"
  }
}

Good luck & HTH!

I removed those fields on purpose because they are not relevant. There are only few required ones (name, id, changePassword and enabled) according to SDK.

Anyway, here is my test payload

{
    "InternalUser": {
        "id": "fcc9cdb1-9409-459c-81b5-e91d80d67062",
        "name": "test1",
        "description": "test1 desc",
        "enabled": true,
        "email": "test1@mail.com",
        "firstName": "test1 Name change",
        "lastName": "test1 Last Name",
        "changePassword": false,
        "identityGroups": "a1740510-8c01-11e6-996c-525400b48521",
        "expiryDateEnabled": false,
        "customAttributes": {},
        "passwordIDStore": "Internal Users"
    }
}

and again no luck

{
    "UpdatedFieldsList": {
        "updatedField": [
            {
                "field": "firstName",
                "oldValue": "test1 Name",
                "newValue": "test1 Name change"
            }
        ]
    }
}

Note that the test user does not have a group yet. GET response

{
    "InternalUser": {
        "id": "fcc9cdb1-9409-459c-81b5-e91d80d67062",
        "name": "test1",
        "description": "test1 desc",
        "enabled": true,
        "email": "test1@mail.com",
        "password": "*******",
        "firstName": "test1 Name change",
        "lastName": "test1 Last Name",
        "changePassword": false,
        "expiryDateEnabled": false,
        "enablePassword": "*******",
        "customAttributes": {},
        "passwordIDStore": "Internal Users",
        "link": {
            "rel": "self",
            "href": "https://192.168.127.150:9060/ers/config/internaluser/fcc9cdb1-9409-459c-81b5-e91d80d67062",
            "type": "application/json"
        }
    }
}

Hi @dlavor

 an example that works:

{
"InternalUser" : {
"id" : "91234567-7123-4123-b123-2123456789ab",
"name" : "marcelo_morais",
"description" : "Internal Account",
"enabled" : false,
"firstName" : "Marcelo",
"lastName" : "Morais",
"changePassword" : false,
"identityGroups" : "a1234567-8123-1123-9123-5123456789ab,a7654321-8321-1321-9321-5ba987654321",
"expiryDateEnabled" : false,
"customAttributes" : { },
"passwordIDStore" : "Internal Users"
}
}

the result:

{
"UpdatedFieldsList" : {
"updatedField" : [ {
"field" : "identityGroups",
"oldValue" : "[a1234567-8123-1123-9123-5123456789ab]",
"newValue" : "[a7654321-8321-1321-9321-5ba987654321, a1234567-8123-1123-9123-5123456789ab]"
} ]
}
}

 

Hope this helps !!!

Well then it looks I have a trouble with my installation. Which version do you use?

Hi @dlavor,

 ISE 2.7 P3.