Using Cisco ISE APIs( External RESTful Services Calls )

August 6, 2018

 

After some of our customers demanded for creating a couple of XML and being able to push them via the RESTful APIs in ISE, I decided to write this post in order to throw light into the SDN-related components of Cisco ISE!

 

First things first

 

      1.You should enable the ERS APIs on GUI

 

The ERS APIs are disabled by default for security reasons so you MUST enable it manually

  • 1.       Login to your ISE PAN

  • 2.       Navigate to Administration > System > Settings and select ERS Settings from the left panel.

  • 3.       Enable the ERS APIs by selecting Enable ERS for Read/Write

  • 4.       Select Save to save your changes.

 

The first thing I need to do is to enable the REST API in ISE. In order to do so, navigate to Administration>System>Settings and choose the radio button for Enable ERS for Read/Write

 

 

 

Second step:

Creating an ERS admin who is part of the ERS Admin group.

Navigate to Administration>System>Admin Access>Admin Users and click on Add>Create Admin User.

 

There you can create the following user:

 

 

After the creation of Ers-Admin, you should be able to test the ERS API by opening POSTMAN software.

You can also use the following API testers as alternative:

  • Paw 3 (Link : https://paw.cloud/ ) 

  • API Fortress (Link: http://apifortress.com/)

  • Kat (Link : https://www.producthunt.com/posts/kat )

  • Swagger inspector (Link : https://inspector.swagger.io/builder )

ISE supports basic authentication method as it is defined in Postmann by navigating to : Authorization > Type and choose Basic Auth from the scroll down list

 

Enter your credentials:

 

 

 

Click on Headers and then add an Accept header with the following.

Sample Request for Get Version Internal Users API

 

Method:GET

URI:

https://<ise-url>/ers/config/internaluser/versioninfo:9060/ers/config/internaluser/versioninfo

 

HTTP Accept header:

 

application/vnd.com.cisco.ise.identity.internaluser.1.0+xml

 

Get Version Sample Response

 

HTTP Status: 200 (OK)

Content:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<ns2:versionInfo xmlns:ns2="ers.ise.cisco.com">

<currentServerVersion>2.4</currentServerVersion>

<link type="application/xml" href="link" rel="self"/>

<supportedVersions>2.2,2.3</supportedVersions>

</ns2:versionInfo>

 

Well done! You just got the ERS API working and got Version of ISE via API !

In order to warm up let’s do one more example :

This time using cURL 

Get Endpoint Information by Resource ID

 

Get endpoint info by its Resource ID

 

curl -k 'https://www.linkedin.com/redir/invalid-link-page?url=https%3A%2F%2Fers-admin%3Aers-password%40192%2e168%2e50%2e33%3A9060%2Fers%2Fconfig%2Fendpoint%2F046f1250-bc6e-11e4-9baf-000c2916b229' -H 'Accept: application/vnd.com.cisco.ise.identity.endpoint.1.0+xml'

 

ISE Response :

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<ns3:endpoint xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com" id="046f1250-bc6e-11e4-9baf-000c2916b229">

 <link type="application/xml" href="https:// https://www.linkedin.com/redir/invalid-link-page?url=192%2e168%2e50%2e33%3A9060%2Fers%2Fconfig%2Fendpoint%2F046f1250-bc6e-11e4-9baf-000c2916b229" rel="self"/>=

 <groupId>04f15020-f42f-11e2-bd54-005056bf2f0a</groupId>

 <identityStore></identityStore>

 <identityStoreId></identityStoreId>

 <mac>11:22:33:44:55:66</mac><portalUser></portalUser>

 <profileId>36c0ee30-f42f-11e2-bd54-005056bf2f0a</profileId>

 <staticGroupAssignment>true</staticGroupAssignment>

 <staticProfileAssignment>true</staticProfileAssignment>

</ns3:endpoint>

 

 

Disclaimer and Legal Notice:

All product related titles and entities are registered trademarks of Cisco Systems, Inc.

This article and contents herein, is not associated or endorsed by Cisco or Dimension Data.

#Cisco #ISE  #API #RESTAPI #Authentication #Security#MikeGhahremani

 

Please reload

Follow us:

  • Google play
  • Twitter
  • Pheniix bootique

©2020 Pheniix All Rights Reserved – Privacy Policy- Terms of Service , TRADEMARK LEGAL NOTICE