Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1446
Views
0
Helpful
3
Replies

'Create internal user' Python script

Richie20
Level 1
Level 1

‎05-19-2021 04:38 AM

Hi Everyone

 I  would like to create internal  users using Python script.  I have installed 3.9.2 Python and saved the .py file and run the execution using ERS SDK guide for ISE

 

I got this error while run the code through  command line 


ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)

 

 

This is my code 

 

#!/usr/bin/env python

import http.client
import base64
import ssl
import sys
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

#parameters
name = sys.argv[4] # "chris"
first = sys.argv[5] # "Chris"
last = sys.argv[6] # "Colombus"
passwd = sys.argv[7] # "Password1"
email = sys.argv[8] # "chris@gh.com"
expiry_date = sys.argv[9] # "2021-12-30"

# host and authentication credentials
host = sys.argv[1] # "192.168.31.15"
user = sys.argv[2] # "ersad"
password = sys.argv[3] # "oFlPRrne1"


conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))

creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))

req_body_json = """ {{
"InternalUser" : {{
"name" : "{}",
"enabled" : true,
"email" : "{}",
"password" : "{}",
"firstName" : "{}",
"lastName" : "{}",
"changePassword" : true,
"expiryDateEnabled" : true,
"expiryDate" : "{}",
"enablePassword" : "{}",
"customAttributes" : {{
}},
"passwordIDStore" : "Internal Users"
}}
}}
""".format(name,email,passwd,first,last,expiry_date,passwd)

headers = {
'accept': "application/json",
'content-type': "application/json",
'authorization': " ".join(("Basic",encodedAuth)),
'cache-control': "no-cache",
}

conn.request("POST", "/ers/config/internaluser/", headers=headers, body=req_body_json)

res = conn.getresponse()
data = res.read()

print("Status: {}".format(res.status))
print("Header:\n{}".format(res.headers))
print("Body:\n{}".format(data.decode("utf-8")))

 

Any help would appreciated  

 

0 Helpful
3 Replies 3

thomas
Cisco Employee
Cisco Employee

‎05-19-2021 07:39 AM

You are most likely using an untrusted, self-signed certificate on your ISE node and the Python SSL library does not like that. Also you seem to be explicitly trying to use ssl.PROTOCOL_TLSv1 and perhaps your ISE node has TLS 1.0 disabled for security reasons? I don't know why you want to specifically use TLS 1.0 in your script but make sure you have enabled it:image.png

0 Helpful

Richie20
Level 1
Level 1
In response to thomas

‎05-19-2021 08:18 AM - edited ‎05-20-2021 06:25 AM

the TLS 1.0 is already enabled in the ISE node but I still get the same error as  well 

0 Helpful

Richie20
Level 1
Level 1

‎05-21-2021 03:20 AM

the TLS 1.0 is already enabled in the ISE node but I still get the same error as  well 

 

Any help is welcomed

0 Helpful
Customers Also Viewed These Support Documents