04-17-2023 04:35 PM - edited 04-18-2023 03:41 PM
Hello,
Trying to extend a guest account:
PUT https://ise.lab.com:443/ers/config/guestuser/f93d080d-adb3-425f-a647-6b0463c46b66
{
"GuestUser": {
"portalId" : "ac6b8399-ef91-4ef3-97d2-46eeaab82d42",
"guestType": "Contractor (default)",
"guestInfo": {
},
"guestAccessInfo": {
"validDays": 10,
"fromDate": "04/17/2023 09:10",
"toDate": "04/27/2023 09:10"
},
"customFields": {}
}
}
I get this error:
{
"ERSResponse": {
"operation": "PUT-update-guestuser",
"messages": [
{
"title": "Updating GuestUser By ID (f93d080d-adb3-425f-a647-6b0463c46b66) failed due to com.cisco.cpm.guestaccess.apiservices.exception.PortalValidationException: Your password does not meet the password policy requirements.",
"type": "ERROR",
"code": "CRUD operation exception"
}
I know the guest's password is valid. The same PUT request works on a guest that has been created by the system ("Created" / AWAITING_INITIAL_LOGIN state) but not after the guest has logged in for the first time and changed their password ("Active" state).
Any suggestion?
Thanks
05-04-2023 02:07 AM
Hi rodredrejo,
I can update guest user thru API(PUT https://{ise host}:9060/ers/config/guestuser/{id}) even after guest user change the login password.
here is how i form body data, you might use it as a template to test on your environment, just to change values accordingly. Most of these data can be retrieved from "Get-by-id" API, just to add "password" and "portalId":
===================================================
{
"GuestUser": {
"id": "4f6563ea-3eae-4a7a-82af-80ffdd275044",
"name": "gui_randome9rg37",
"guestType": "Contractor (default)",
"sponsorUserName": "ers_sponsor",
"sponsorUserId": "691892fa-9a64-4cae-a437-d7f3e3ade0f1",
"guestInfo": {
"userName": "gui_randome9rg37",
"password":"C1sco12345",
"creationTime": "05/04/2023 00:42",
"enabled": true,
"notificationLanguage": "ChineseSimplified"
},
"guestAccessInfo": {
"validDays": 93,
"fromDate": "05/04/2023 15:41",
"toDate": "08/05/2023 15:41",
"location": "San Jose"
},
"portalId": "b2fea183-da44-4cdb-923c-3abc1b854ff0"
}
}
===================================================
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.
You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
05-05-2023 04:27 PM
Hi,
Thanks for your suggestion. It works but the user password gets reset with this operation. The thing is, I just want to increase "valid days" for the user while leaving the password as it is. After a user has changed their password, the new password is not retrieved with "Get-by-id" anymore which is a good thing for security I guess but that means I can't even re-apply the same password. That's why I didn't include it in the PUT hoping it would keep the existing value.
05-05-2023 11:17 PM
Hi rodredrejo,
Since password is a required attribute for user update API, I don't think there is a way to bypass it until feature/API update on the product end. You might want to try the "Make a wish" feature to let Cisco development team know your request.
Aside from that, maybe you can put a disclaimer on login portal such as, "If you can not login with your current password, your account might be updated, please try {new password}." And tick the "Allow guests to change password after login" under login page settings.
05-08-2023 02:04 PM
Cisco ISE now supports PATCH request for ERS APIs as of version 3.2, so that only the attributes sent as part of the request are updated. Unfortunately it's still not working for me for "guestuser" (405 Method Not Allowed error) but hopefully it will get added soon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide