After some of our customers demanded for creating a couple of XML and being able to push them via the RESTful APIs in ISE, I decided to write this post in order to throw light into the SDN-related components of Cisco ISE!

First things first

1.You should enable the ERS APIs on GUI

The ERS APIs are disabled by default for security reasons so you MUST enable it manually

• 1. Login to your ISE PAN

• 2. Navigate to Administration > System > Settings and select ERS Settings from the left panel.

• 3. Enable the ERS APIs by selecting Enable ERS for Read/Write

• 4. Select Save to save your changes.

The first thing I need to do is to enable the REST API in ISE. In order to do so, navigate to Administration>System>Settings and choose the radio button for Enable ERS for Read/Write

Second step:

Creating an ERS admin who is part of the ERS Admin group.

Navigate to Administration>System>Admin Access>Admin Users and click on Add>Create Admin User.

There you can create the following user:

After the creation of Ers-Admin, you should be able to test the ERS API by opening POSTMAN software.

You can also use the following API testers as alternative:

• Paw 3 (Link : https://paw.cloud/ )

• API Fortress (Link: http://apifortress.com/)

• Kat (Link : https://www.producthunt.com/posts/kat )

• Swagger inspector (Link : https://inspector.swagger.io/builder )

ISE supports basic authentication method as it is defined in Postmann by navigating to : Authorization > Type and choose Basic Auth from the scroll down list

Enter your credentials:

Click on Headers and then add an Accept header with the following.

Sample Request for Get Version Internal Users API

Method:GET

URI:

https://<ise-url>/ers/config/internaluser/versioninfo:9060/ers/config/internaluser/versioninfo

HTTP Accept header:

application/vnd.com.cisco.ise.identity.internaluser.1.0+xml

Get Version Sample Response

HTTP Status: 200 (OK)

Content:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<ns2:versionInfo xmlns:ns2="ers.ise.cisco.com">

<currentServerVersion>2.4</currentServerVersion>

<link type="application/xml" href="link" rel="self"/>

<supportedVersions>2.2,2.3</supportedVersions>

</ns2:versionInfo>

Well done! You just got the ERS API working and got Version of ISE via API !

In order to warm up let’s do one more example :

This time using cURL

Get Endpoint Information by Resource ID

Get endpoint info by its Resource ID

curl -k 'https://www.linkedin.com/redir/invalid-link-page?url=https%3A%2F%2Fers-admin%3Aers-password%40192%2e168%2e50%2e33%3A9060%2Fers%2Fconfig%2Fendpoint%2F046f1250-bc6e-11e4-9baf-000c2916b229' -H 'Accept: application/vnd.com.cisco.ise.identity.endpoint.1.0+xml'

ISE Response :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<ns3:endpoint xmlns:ns2="ers.ise.cisco.com" xmlns:ns3="identity.ers.ise.cisco.com" id="046f1250-bc6e-11e4-9baf-000c2916b229">

<link type="application/xml" href="https:// https://www.linkedin.com/redir/invalid-link-page?url=192%2e168%2e50%2e33%3A9060%2Fers%2Fconfig%2Fendpoint%2F046f1250-bc6e-11e4-9baf-000c2916b229" rel="self"/>=

<groupId>04f15020-f42f-11e2-bd54-005056bf2f0a</groupId>

<identityStore></identityStore>

<identityStoreId></identityStoreId>

<mac>11:22:33:44:55:66</mac><portalUser></portalUser>

<profileId>36c0ee30-f42f-11e2-bd54-005056bf2f0a</profileId>

<staticGroupAssignment>true</staticGroupAssignment>

<staticProfileAssignment>true</staticProfileAssignment>

</ns3:endpoint>

Disclaimer and Legal Notice:

All product related titles and entities are registered trademarks of Cisco Systems, Inc.

This article and contents herein, is not associated or endorsed by Cisco or Dimension Data.

#Cisco #ISE #API #RESTAPI #Authentication #Security#MikeGhahremani

#Cisco #ISE #RESTAPI #API #Authentication #SDN #CyberSecurity #security #MikeGhahremani