GET Networkdevice by ID, hidden Secrets

m.rainer · ‎01-09-2017

Hello,

I am using ISE 2.1 and 2.2 REST API. (tested on both version)

I am requesting a networkdevice by ID with method GET:

https://<ISE-ADMIN-NODE>:9060/ers/config/networkdevice/{id}

In the response all the "sharedSecrets" (RADIUS and TACACS) are hidden:

But as per all documentations I found so far, the response should be clear text.

Can anybody tell me how to avoid hiding the shared secrets in the networkdevice response?

Thanks a lot

Markus

j656 · ‎08-23-2017

Marcus,

I'm seeing the same thing, ever get this resolved?

Jason

thomas · ‎08-23-2017

I just tested with ISE 2.3.0.298 and I successfully retrieved a NetworkDevice's radiusSharedSecret in cleartext and not hidden.

The account I was using is a member of the ERS Operator RBAC group for GET-only operations.

Administration > System > Admin Access > Administrators > Admin Users:

Please verify the RBAC permissions of your account you are using for the REST APIs does not have any other RBAC limits that might prevent you from seeing the network device password.

j656 · ‎08-24-2017

Thanks for the reply Thomas,

I'm running 2.2.0.470 Patch 1. And I've tried an account setup as both ERS Admin, and ERS Operator, but I'm still getting the output below:

<enableKeyWrap>false</enableKeyWrap>

<keyInputFormat>ASCII</keyInputFormat>

<networkProtocol>RADIUS</networkProtocol>

</authenticationSettings>

I'm assuming its a 2.2 thing.