Going through ISE documentation, I am exploring some errors in the python examples which won't work for ISE 2.3. I will be posting the corrections while I am exploring them.
The first one was in "get-all-internal-users.py" example.
ISE 2.3 doesn't support TLS 1.0 by default. Instead it supports TLS 1.2.
The default script:
#!/usr/bin/env python
###########################################################################
# #
# This script demonstrates how to use the ISE ERS internal users #
# API by executing a Python script. #
# #
# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION! #
# The script allows connections to SSL sites without trusting #
# the server certificates. #
# For production, it is required to add certificate check. #
# #
# Usage: get-all-internal-users.py #
###########################################################################
import http.client
import base64
import ssl
import sys
# host and authentication credentials
host = sys.argv[1] # "10.20.30.40"
user = sys.argv[2] # "ersad"
password = sys.argv[3] # "Password1"
conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))
creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))
.........
This won't work due to SSL version mismatch
The correct version is:
###########################################################################
# #
# This script demonstrates how to use the ISE ERS internal users #
# API by executing a Python script. #
# #
# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION! #
# The script allows connections to SSL sites without trusting #
# the server certificates. #
# For production, it is required to add certificate check. #
# #
# Usage: get-all-internal-users.py #
# #
# The script should be modified to use SSL TLS v1.2 instead of TLS v1.0 #
# This is required for ISE 2.3 #
###########################################################################
import http.client
import base64
import ssl
import sys
# host and authentication credentials
host = sys.argv[1] # "10.20.30.40"
user = sys.argv[2] # "ersad"
password = sys.argv[3] # "Password1"
conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))
creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))
.......
No comments:
Post a Comment