cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1219
Views
2
Helpful
3
Replies

GET Networkdevice by ID, hidden Secrets

m.rainer
Level 1
Level 1

Hello,

I am using ISE 2.1 and 2.2 REST API. (tested on both version)

I am requesting a networkdevice by ID with method GET:

https://<ISE-ADMIN-NODE>:9060/ers/config/networkdevice/{id}

In the response all the "sharedSecrets" (RADIUS and TACACS) are hidden:

<radiusSharedSecret>******</radiusSharedSecret>

But as per all documentations I found so far, the response should be clear text.

Can anybody tell me how to avoid hiding the shared secrets in the networkdevice response?

Thanks a lot

Markus

3 Replies 3

j656
Level 1
Level 1

Marcus,

I'm seeing the same thing, ever get this resolved?

Jason

thomas
Cisco Employee
Cisco Employee

I just tested with ISE 2.3.0.298 and I successfully retrieved a NetworkDevice's radiusSharedSecret in cleartext and not hidden.

The account I was using is a member of the ERS Operator RBAC group for GET-only operations.

Administration > System > Admin Access > Administrators > Admin Users:

Please verify the RBAC permissions of your account you are using for the REST APIs does not have any other RBAC limits that might prevent you from seeing the network device password.

Thanks for the reply Thomas,

I'm running 2.2.0.470 Patch 1.  And I've tried an account setup as both ERS Admin, and ERS Operator, but I'm still getting the output below:

    <authenticationSettings>

        <enableKeyWrap>false</enableKeyWrap>

        <keyInputFormat>ASCII</keyInputFormat>

        <networkProtocol>RADIUS</networkProtocol>

        <radiusSharedSecret>******</radiusSharedSecret>

    </authenticationSettings>

I'm assuming its a 2.2 thing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: