'is-user-member-of.py' Source Code

#!/usr/bin/env python

###########################################################################
#                                                                         #
# This script demonstrates how to use the ISE ERS Active Directory        #
# API  by executing a Python script.                                      #
#                                                                         #
# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION!                #
# The script allows connections to SSL sites without trusting             #
# the server certificates.                                                #
# For production, it is required to add certificate check.                #
#                                                                         #
# Usage: is-user-member-of.py <ISE host> <ERS user> <ERS password>        #
#  <join point ID> <AD username> <group IDs>                              #
###########################################################################

import http.client
import base64
import ssl
import sys

# params

join_point_id = sys.argv[4]  # "4ed8aa40-b6ef-11e6-8c86-0242d54b863b"
username = sys.argv[5]  # "acsadmin"
groupsids = sys.argv[6]  # "r1.dom/S-1-5-32-548,r1.dom/S-1-5-32-555,r1.dom/S-1-5-32-511"

# host and authentication credentials
host = sys.argv[1] # "10.20.30.40"
user = sys.argv[2] # "ersad"
password = sys.argv[3] # "Password1"


conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))

creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))

req_body_json = """  {{
   "OperationAdditionalData" : {{
       "additionalData" : [ {{
               "name" : "username",
               "value" : "{}"
       }},
        {{
               "name" : "groupsids",
               "value" : "{}"

        }}]
   }}
}}
""".format(username,groupsids)

headers = {
   'accept': "application/json",
   'authorization': " ".join(("Basic",encodedAuth)),
   'content-type': "application/json; charset=utf-8",
   'cache-control': "no-cache",
   }

conn.request("PUT", "/ers/config/activedirectory/{}/isUserMemberOf".format(join_point_id), headers=headers, body=req_body_json)

res = conn.getresponse()
data = res.read()

print("Status: {}".format(res.status))
print("Header:\n{}".format(res.headers))
print("Body:\n{}".format(data.decode("utf-8")))

Execution

python is-user-member-of.py 10.20.30.40 ersad Password1 4ed8aa40-b6ef-11e6-8c86-0242d54b863b acsadmin r1.dom/S-1-5-32-548,r1.dom/S-1-5-32-555,r1.dom/S-1-5-32-511

Status: 200 (OK)
Header:
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONIDSSO=9AC2ED8FD98FC9F87DD2E4FD89CB3C2F; Path=/; Secure; HttpOnly
Set-Cookie: APPSESSIONID=E4338D53F0AB4F76B6DD0C5C67CA18A2; Path=/ers; Secure; HttpOnly
Pragma: no-cache
Date: Thu, 01 Dec 2016 18:23:10 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 236
Server: 


Body:
{
 "ERSActiveDirectoryGroups" : {
   "groups" : [ {
     "name" : "R1.dom/Builtin/Administrators",
     "sid" : "r1.dom/S-1-5-32-548",
     "type" : "GLOBAL"
   }, {
     "name" : "R1.dom/Company Employees",
     "sid" : "r1.dom/S-1-5-32-555",
     "type" : "GLOBAL"
   } ]
 }
}