'get-user-by-id.sh' Script Source Code
#!/bin/bash
###########################################################################
# get-user-by-id.sh #
# This script demonstrates how to use the ISE ERS Get ById Internal User #
# API , by executing a curl Linux command. #
# #
# USAGE: #
# 'get-user-by-id.sh <username> <password> <ise-ip-address> <user-id>' #
# #
# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION! #
# The curl -k switch allows connections to SSL sites without trusting #
# the server certificates. #
# For production, it is required to add certificate check. #
###########################################################################
if [ $# -ne 4 ]
then
echo "Missing Arguments, Expected: get-user-by-id.sh <username> <password>\
<ise-ip-address> <user-id>"
exit
fi
echo "getting internal user by id: "$4 "from server: "$3" username: " $1
curl -v -k -X GET -H 'ACCEPT: application/vnd.com.cisco.ise.identity.internaluser.1.2+xml' \
'https://'$1':'$2'@'$3':9060/ers/config/internaluser/'$4
Script Execution
get-user-by-id.sh ers password 10.56.52.187 aac4ebc0-d1c9-11e2-a70b-005056a43a36
getting internal user by id: aac4ebc0-d1c9-11e2-a70b-005056a43a36 from server: 10.56.52.187 username: ers
* About to connect() to 10.56.52.187 port 9060
* Trying 10.56.52.187... connected
* Connected to 10.56.52.187 (10.56.52.187) port 9060
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Request CERT (13):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /CN=pmbu-dev-vm47.cisco.com
* start date: 2013-06-02 10:19:58 GMT
* expire date: 2014-06-02 10:19:58 GMT
* common name: pmbu-dev-vm47.cisco.com (does not match '10.56.52.187')
* issuer: /CN=pmbu-dev-vm47.cisco.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'ers'
> GET /ers/config/internaluser/aac4ebc0-d1c9-11e2-a70b-005056a43a36 HTTP/1.1
> Authorization: Basic ZXJzOmRlZmF1bHQxQQ==
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 10.56.52.187:9060
> ACCEPT: application/vnd.com.cisco.ise.identity.internaluser.1.2+xml
>
< HTTP/1.1 200 OK
< Pragma: No-cache
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 UTC
< Set-Cookie: JSESSIONIDSSO=EF65A511605467389E588DB317EB762B; Path=/; Secure
< Set-Cookie: JSESSIONID=96EA88B86FAB4B91CB6363CE22775A70; Path=/ers; Secure
< Date: Tue, 11 Jun 2013 19:32:24 GMT
< Content-Type: application/vnd.com.cisco.ise.identity.internaluser.1.2+xml
< Content-Length: 610
< Server:
Connection #0 to host 10.56.52.187 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:internaluser
xmlns:ns2 = "ers.ise.cisco.com"
xmlns:ns3 = "identity.ers.ise.cisco.com"
name = "userB"
id = "aac4ebc0-d1c9-11e2-a70b-005056a43a36"
description = "BBB">
<link
type = "application/xml"
href = "https://10.56.52.187:9060/ers/config/internaluser/aac4ebc0-d1c9-11e2-a70b-005056a43a36"
rel = "self"/>
<changePassword>true</changePassword>
<customAttributes/>
<email></email>
<enablePassword>*******</enablePassword>
<enabled>true</enabled>
<firstName>FNB</firstName>
<identityGroups>6d2f96c0-cb25-11e2-879d-005056bf2f0a</identityGroups>
<lastName>LNB</lastName>
<password>*******</password>
<passwordIDStore>Internal Users</passwordIDStore>
<expiryDateEnabled>false</expiryDateEnabled>
<expiryDate>2016-05-03</expiryDate>
</ns3:internaluser>