Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1772
Views
5
Helpful
5
Replies

ISE Sponsored Guest Accounts List via a report

Go to solution
Scott Gillies
Level 1
Level 1

‎09-01-2019 05:48 AM

Is it not possible to get a list/report of all sponsor created guest accounts from ISE?

I don't want passwords just a list that includes usefull info like account expiration date.

 

I can't imagine that this is not useful for companies auditing purposes.

 

I note there are some ideas around enabling a REST API etc. but this requires programming knowledge etc. and also ensuring that certain port numbers are accessible on the ISE Admin IP Address and is certainly not for the faint hearted.

 

Surely not beyound the capabilities of the ISE team to provide such a simple report.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎09-01-2019 09:07 AM

Hi Scott,

 

We have an enhancement filed for this request:
ENH: Export Guest Accounts Configured in ISE
CSCty82007

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCty82007/?reffering_site=dumpcr

 

REST API is a request and response method that doesn't necessarily require advanced programming skills.

Here is a post that might be helpful:

https://community.cisco.com/t5/policy-and-access/cisco-ise-2-3-export-guest-account/td-p/3363740


Regards,

Dinesh Moudgil

 

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Go to solution
Scott Gillies
Level 1
Level 1
In response to Dinesh Moudgil

‎09-04-2019 01:27 AM

Hi

 

Thanks. After adding some corrections etc. I now have a Python script that obtains all the Guest data into a CSV file.

 

The only issue is that you have to ensure you can access port 9060 via https so if you have firewalls etc. then ensure they allow the traffic.

 

Thanks every one.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎09-01-2019 09:07 AM

Hi Scott,

 

We have an enhancement filed for this request:
ENH: Export Guest Accounts Configured in ISE
CSCty82007

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCty82007/?reffering_site=dumpcr

 

REST API is a request and response method that doesn't necessarily require advanced programming skills.

Here is a post that might be helpful:

https://community.cisco.com/t5/policy-and-access/cisco-ise-2-3-export-guest-account/td-p/3363740


Regards,

Dinesh Moudgil

 

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Dinesh Moudgil

‎09-03-2019 12:34 PM

Right and I have asked for the ISE Export guest list functionality. Please reach out to http://cs.co/ise-feedback and provide the request
0 Helpful

Go to solution
Scott Gillies
Level 1
Level 1
In response to Dinesh Moudgil

‎09-04-2019 01:27 AM

Hi

 

Thanks. After adding some corrections etc. I now have a Python script that obtains all the Guest data into a CSV file.

 

The only issue is that you have to ensure you can access port 9060 via https so if you have firewalls etc. then ensure they allow the traffic.

 

Thanks every one.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Scott Gillies

‎09-04-2019 05:05 AM

If you can share the script that will help us out
0 Helpful

Go to solution
Scott Gillies
Level 1
Level 1
In response to Jason Kunst

‎09-05-2019 07:51 AM

This is useful link.

https://developer.cisco.com/docs/identity-services-engine/#!setting-up/cisco-ise

 

Try this

 

import http.client
import base64
import ssl
import sys
import json
import sys
import getpass

 


# host and authentication credentials
host = "<IP Address>"
user = "<Admin username - remember to add the 'ERS Admin' group to the Admin User account and enable the 'Access Cisco ISE guest accounts using the programmatic interface (Guest REST API)' on the appropriate Sponsor Group.>"
password = "<Password>"

# OR Challenge the user for the appropriate
#host = input("Host IP:")
#user = input("Username:")
#password = getpass.getpass()

conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))

creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))

headers = {
'accept': "application/json",
'authorization': " ".join(("Basic",encodedAuth)),
'cache-control': "no-cache",
}

conn.request("GET", "/ers/config/guestuser/", headers=headers)

#conn.request("GET", "/ers/config/adminuser/", headers=headers)

res = conn.getresponse()
print(res.status, res.reason)
data = res.read()

if res.status ==401:
print("Connection unauthorised - Exit")
sys.exit()
elif res.status == 200:
Rawjsondata = json.loads(data.decode("utf-8"))
blob = Rawjsondata["SearchResult"]["resources"]
print("Guest Entry Count = " +str(len(blob)))
for item in blob:
print(item["name"],",",end='')# print the guest username
conn.request("GET", item["link"]["href"], headers=headers) #Fetch the guest details data
res = conn.getresponse()
data = res.read()
Rawjsondata = json.loads(data.decode("utf-8"))
subblob = Rawjsondata["GuestUser"] # This is the Guest detail containing stuff we want
print(subblob["guestType"],",",end='') # Guest Type
print(subblob["status"],",",end='') # Guest account status
print(subblob["guestInfo"]["lastName"],",",end='') # Last name
print(subblob["guestInfo"]["firstName"],",",end='') # First name
print(subblob["guestInfo"]["emailAddress"],",",end='') # Login username - this is the final item
print(subblob["guestAccessInfo"]["validDays"],",",end='') # Valid Days
print(subblob["guestAccessInfo"]["fromDate"],",",end='') # From
print(subblob["guestAccessInfo"]["toDate"],",",end='') # To

 

 

0 Helpful
Customers Also Viewed These Support Documents