#!/bin/bash
###########################################################################
# get-all-users.sh #
# This script demonstrates how to use the ISE ERS GET Internal User API #
# by executing a curl Linux command. #
# #
# USAGE: #
# 'get-all-users.sh <username> <password> <ise-ip-address>' #
# #
# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION! #
# The curl -k switch allows connections to SSL sites without trusting #
# the server certificates. #
# For production, it is required to add certificate check. #
###########################################################################
if [ $# -ne 3 ]
then
echo "Missing Arguments, Expected: get-all-users.sh <username> <password> <ise-ip-address> "
exit
fi
echo "getting all internalusers from server: "$3" username: " $1
curl -v -k -X GET -H 'ACCEPT: application/vnd.com.cisco.ise.identity.internaluser.1.2+xml' \
'https://'$1':'$2'@'$3':9060/ers/config/internaluser'
Script Execution
>get-all-users.sh ers password 10.56.52.187
getting all internalusers from server: 10.56.52.187 username: ers
* About to connect() to 10.56.52.187 port 9060
* Trying 10.56.52.187... connected
* Connected to 10.56.52.187 (10.56.52.187) port 9060
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Request CERT (13):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /CN=pmbu-dev-vm47.cisco.com
* start date: 2013-06-02 10:19:58 GMT
* expire date: 2014-06-02 10:19:58 GMT
* common name: pmbu-dev-vm47.cisco.com (does not match '10.56.52.187')
* issuer: /CN=pmbu-dev-vm47.cisco.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'ers'
> GET /ers/config/internaluser HTTP/1.1
> Authorization: Basic ZXJzOmRlZmF1bHQxQQ==
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 10.56.52.187:9060
> ACCEPT: application/vnd.com.cisco.ise.identity.internaluser.1.2+xml
>
< HTTP/1.1 200 OK
< Pragma: No-cache
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 UTC
< Set-Cookie: JSESSIONIDSSO=F443ED5E89C8F2DFA9DB8E04920EF9E5; Path=/; Secure
< Set-Cookie: JSESSIONID=F4E869A5100CF7EC315AA8834CDAE1BC; Path=/ers; Secure
< Date: Tue, 11 Jun 2013 19:24:57 GMT
< Content-Type: application/vnd.com.cisco.ise.ers.searchresult.1.0+xml
< Content-Length: 842
< Server:
Connection #0 to host 10.56.52.187 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:searchResult xmlns:ns2 = "ers.ise.cisco.com" total = "3">
<resources>
<resource
name = "userA"
id = "24688ba0-d1a0-11e2-a70b-005056a43a36"
description = "AAA">
<link
type = "application/xml"
href = "https://10.56.52.187:9060/ers/config/internaluser/24688ba0-d1a0-11e2-a70b-005056a43a36"
rel = "self"/>
</resource>
<resource
name = "userB"
id = "aac4ebc0-d1c9-11e2-a70b-005056a43a36"
description = "BBB">
<link
type = "application/xml"
href = "https://10.56.52.187:9060/ers/config/internaluser/aac4ebc0-d1c9-11e2-a70b-005056a43a36"
rel = "self"/>
</resource>
<resource
name = "userC"
id = "571cd6e0-d0fc-11e2-a70b-005056a43a36"
description = "CCC">
<link
type = "application/xml"
href = "https://10.56.52.187:9060/ers/config/internaluser/571cd6e0-d0fc-11e2-a70b-005056a43a36"
rel = "self"/>
</resource>
</resources>
</ns2:searchResult>