cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2785
Views
0
Helpful
19
Replies

ISE with API

jiyoung Kim
Level 1
Level 1

Hi, I'm testing ISE API call with getting all endpoints.

When I try it with POSTMAN on chrome, I got this error.

This seems to be like an error connecting to

https://10.10.10.50:9060/ers/config/internaluser

. The response status was 0.

Check out the

W3C XMLHttpRequest Level 2 spec for more details about when this happens.

I enabled ERS services, created ERS admin and I do not know what I should do more.

has anyone tried and succeed to use API ?

ISE version is 1.2.0.899 with patch 4

19 Replies 19

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

I just turned this on and I had some issues  authenticating with an external (AD) account. Did you try authenticating  the the sdk portal? https://ise:9060/ers/sdk? I checked there first  before trying the chrome plugin. Also for that operation are you setting  the following header?

Accept: application/vnd.com.cisco.ise.identity.internaluser.1.0+xml

Tarik Admani
*Please rate helpful posts*

Hi, I was able to get into sdk portal, and I used right accept header.

When u log into sdk portal, you should use ers admin account in ise internal identity store. I created one and used it.

Sent from Cisco Technical Support iPhone App

Do you have any internal user accounts in ISE? I got the same response but once I added a user account I then got the record, I was also able to delete the record also. I am stuck on trying to create the user account and hope to get that completed once I get around to it.

What I noticed was that when I tried to point to the external active directory group for ERS admin it didnt seem like it was using it, however I only tried a couple times.

Tarik Admani
*Please rate helpful posts*

I will try with a new internal account.

Sent from Cisco Technical Support iPhone App

I found out that I had to use FQDN for http request header.

What I ultamately wanted to use is get all endpoints, but it seems like it's not supported.

I could get endpoint ID and URL for something I dont know, but could not get mac-addresses.

You should be able to pull all the endpoints, did you try these params?

Method: GET
URI: https://ISEFQDN:9060/ers/config/endpoint
HTTP Accept header:
application/vnd.com.cisco.ise.identity.endpoint.1.0+xml                                                                                                                                                              
Request Content:

Thanks,

Tarik Admani
*Please rate helpful posts*

I tried it.

and in the API Guide, get all endpoints does not present mac address.

I dont know if its going to be or not...

I see what you are running into. I am going to open a tac case but in the meantime I am going to install patch 5 on my lab and see if anything changes.

Tarik Admani
*Please rate helpful posts*

I have applied patch 5. I hope you can hear something from cisco tac.

Thank you.

anoy
Cisco Employee
Cisco Employee

Hi,

Seems like trust was not established.

Postman client dosnt know to handle SSL.
you should open a session with ISE GUI first in another tab. this will force chrome to download and trust the server certificate.

Thanks

Amir

Amir,

The issue is not with the trust, since my postman pops up a display asking if I want to deny or allow. The issue is with the API SDK documentation which shows the query for all endpoints should retreive the mac addresses along with the ID. It seems as if the documentation or API needs further explanation. I have a tac case open and the engineer I am working with is working with the BU.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

Cisco engineer has confirmes with the BU that this is a bug. Once I get more details I will have them up.

Sent from Cisco Technical Support Android App

You mean the mac address supposed to pop up when I call the API ?!

That would make my life so easy !

Sent from Cisco Technical Support iPhone App

Hi Jiyoung,

As per the document it should populate the name of the end point i.e. Mac Address, description and id of end point.

Currently there is a defect  CSCum49249 for this issue.

As a workaround you can make use of "Get by ID" method to get the name of the end point from the id retrieved from method "list".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: