Saturday 19 February 2022

Two ISE Development Import/Export Guest User

The existing ISE 2.2 is retiring and company has built a new ISE 3.0 patch 4 (verified working) for replacement. This article tells how to export existing guest accounts that are sponsored and import to the new ISE 

 

 

Creating API User on both 3.0 and 2.2 version

 

Machine generated alternative text: Cisco ISE Administration • Identity Management Identities Users Groups External Identity Sources Identity Source Sequences Network Access Users Latest Manual Network Scan Res... 62 Edit Settings Export + Add Status Enabled Enabled Change Status Username guest_api_user super-sponsor Import Description Duplicate O Delete v First Name Last Name Email Address A License Warning Selected 1 Total User Identity Grou... SponsorAlIAccount ALL_ACCOUNTS (defa

 

 

Adding it to Sponsor Group

 

 

Sponsor group enable API

Machine generated alternative text: Sponsor Can e e e Update guests' contact information (email, Mobile Number) View/print guests' passwords Send SMS notifications with guests' credentials Reset guests' account passwords Extend guest accounts Delete guests' accounts Suspend guests' accounts O Require sponsor to provide a reason Reinstate suspended guests' accounts Approve and view requests from self-registering guests O Any pending accounts Onl endin accounts assi ned to this s onsor Access Cisco ISE guest accounts using the programmatic interface (Guest REST API)

 

 

 

Export and import script:

 

 

Export user from existing ISE2.0

 

 

import http.client

import base64

import ssl

import sys

import json

import pandas as pd

 

 

# host and authentication credentials

host = "<SERVER_IP>"

user = "<USER_NAME>"

password = "<PASSWORD>"

 

 

conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))

 

creds = str.encode(':'.join((user, password)))

encodedAuth = bytes.decode(base64.b64encode(creds))

 

headers = {

    'accept': "application/json",

    'authorization': " ".join(("Basic",encodedAuth)),

    'cache-control': "no-cache",

    }

 

guestList = []

   

# How many pages of guest accounts exist. Find the number at “Manage Account” in ISE.

for pageNumber in range (1,7):

    # Maximum of searching users per page is 100

    conn.request("GET", "/ers/config/guestuser?size=100&page="+str(pageNumber), headers=headers) # 

    res = conn.getresponse()

    data = res.read()

    Rawjsondata = json.loads(data.decode("utf-8"))

    blob = Rawjsondata["SearchResult"]["resources"]

    for item in blob:

        # print (item["name"],",",end='') # print the guest username

        conn.request("GET", item["link"]["href"], headers=headers) #Fetch the guest details data

        res = conn.getresponse() 

        data = res.read()

        Rawjsondata = json.loads(data.decode("utf-8"))

        subblob = Rawjsondata["GuestUser"] # This is the Guest detail containing stuff we want

        dGuestList = {}

        dGuestList.update({"* First name:":subblob["guestInfo"]["firstName"]})

        dGuestList.update({"* Last name:":subblob["guestInfo"]["lastName"]})

        dGuestList.update({"* Email address:":subblob["guestInfo"]["emailAddress"]})

        dGuestList.update({"Mobile number:":'+55555555555'})

        dGuestList.update({"Company:":'NA'})    

        dGuestList.update({"Person being visited (email):":subblob["guestInfo"]["emailAddress"]})

        dGuestList.update({"Reason for visit:":'NA'})

        dGuestList.update({"Username:":subblob["guestInfo"]["userName"]})

        dGuestList.update({"password":subblob["guestInfo"]["password"]})

        dGuestList.update({"guestType":subblob["guestType"]})

        dGuestList.update({"status":subblob["status"]})

        dGuestList.update({"sponsorUserName":subblob["sponsorUserName"]})

        dGuestList.update({"sponsorUserId":subblob["sponsorUserId"]})

        dGuestList.update({"enabled":subblob["guestInfo"]["enabled"]})

        dGuestList.update({"notificationLanguage":subblob["guestInfo"]["notificationLanguage"]})

        dGuestList.update({"creationTime":subblob["guestInfo"]["creationTime"]})

        dGuestList.update({"validDays":subblob["guestAccessInfo"]["validDays"]})

        dGuestList.update({"fromDate":subblob["guestAccessInfo"]["fromDate"]})

        dGuestList.update({"toDate":subblob["guestAccessInfo"]["toDate"]})

        dGuestList.update({"location":subblob["guestAccessInfo"]["location"]})

        # dGuestList.update({"ssid":subblob["guestAccessInfo"]["ssid"]})

 

        guestList.append(dGuestList)

    print("page: " + str(pageNumber))

 

# print(guestList)

df = pd.DataFrame(guestList)

# df.drop(['id', 'link'], axis=1, inplace=True)

# df = pd.read_csv('all_guest.csv')

df = df[~df.status.str.contains("EXPIRED")]

 

locations = list(set(df['location'].tolist()))

 

# we export by filename of guest users’ location


for l in locations:  

    df.loc[df['location'] == l].to_csv(l+'.csv',index=False)

    print('Generating: ' + l +'.csv')

 

 

  

 

Exported sample CSV file:

A csv file with required fields such as username, password, valid date, from date and to Date. And it contains its original sponsor username.

 

 

  

Import users to new ISE 3.0

Let’s import the guest to the new ISE. Please be noted that we have to attempt an API call with sponsor’s username/fake password to create a shadow users, otherwise ISE will complaint the guest’s sponsor does not exist, so you will meet with a 501 error.

 

import http.client

import base64

import ssl

import sys

import json

import pandas as pd

import json

from time import sleep

from datetime import datetime, timedelta

 

host = "<SERVER_IP>"

user = "<USER_NAME>"

password = "<PASSWORD>"

 

portalId = "<SPONSOR_PORTAL_ID>"  # you will find this id by opening up the test url

 

 

conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))

 

creds = str.encode(':'.join((user, password)))

encodedAuth = bytes.decode(base64.b64encode(creds))

 

 

df = pd.read_csv("Costa Rica.csv")

 

 # Create a JSON 

for index, row in df.iterrows():

    date_format = "%m/%d/%Y %H:%M"

    fromDate = datetime.today().strftime(date_format)

    toDate = (datetime.strptime(fromDate, date_format) + timedelta(days=int(row['validDays']))).strftime(date_format)

    # toDate = datetime.strptime(str(toDate), date_format)

    # print(fromDate, toDate, str(row['validDays']))

    

      

    req_body_json = """  {{

       "GuestUser" : {{

        "guestType": "{}",

        "sponsorUserName": "{}",

        "reasonForVisit": "Business meetng",

        "portalId": "{}",

        "status": "ACTIVE",

        "guestInfo" : {{

             "userName": "{}",

               "firstName": "{}",

              "lastName": "{}",

               "password": "{}",

               "emailAddress": "{}",

               "enabled": true,

               "notificationLanguage": "English",

               "enabled": "true"

        }},

        "guestAccessInfo" : {{

             "validDays": "{}",

               "fromDate": "{}",

              "toDate": "{}",

               "location": "{}"

        }}

    }}

}}

""".format(

           row['guestType'],

           row['sponsorUserName'],

           portalId,

           row['Username:'],

           row['* First name:'],

           row['* Last name:'],

           row['password'],

           row['* Email address:'],

           row['validDays'],

           str(fromDate),

           str(toDate),

           row['location']

           )

    

    

    headers = {

        'accept': "application/json",

        'content-type': "application/json",

        'authorization': " ".join(("Basic",encodedAuth)),

        'cache-control': "no-cache",

        }

 

 

    # --------------- Fake - Sponsor call  to create shadow accounts (will fail)

 

    sponsorUserName = row['sponsorUserName']

    conn2 = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))

 

    creds2 = str.encode(':'.join((sponsorUserName, password)))

    encodedAuth2 = bytes.decode(base64.b64encode(creds2))

    

    headers2 = {

        'accept': "application/json",

        'content-type': "application/json",

        'authorization': " ".join(("Basic",encodedAuth2)),

        'cache-control': "no-cache",

        }

    conn2.request("POST", "/ers/config/guestuser/", headers=headers2, body=req_body_json)

        

      

# The followings are normal connection to create the guest

 

    conn.request("POST", "/ers/config/guestuser/", headers=headers, body=req_body_json)

 

    res = conn.getresponse()

    data = res.read()

    

    print('\nImporting-------->  '+row['Username:'] + '\n' + "Status: {}".format(res.status))

    print("Body:\n{}".format(data.decode("utf-8")))

    

    sleep(1) 

 

 

 

    

 

 

 

 

 

 

 

 

 

 
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)