RANT:
Okay, so finally got my python script to work to add new devices to ISE with TACACS using the ERS API. So that is cool (thanks for anyone that helped in a previous post), and I decide to turn on CSRF Tokens for added security because you know security is important and what not (Also seemed like a good challenge to enhance my coding knowledge).
WELL:
I was able to get the CSRF token and have python parse for it and pass it from the dictionary into a variable. I used this variable to pass it in the HTTP header when using POST, because CUD(POST, UPDATE, DELETE) requires you to have the CSRF token to push the code to prevent a CSRF attack. Well turns out that this can't even work on the release we are on, and in fact Cisco does not even have a fix for the bug yet! Bug: CSCvp22075. This is now the second time where Cisco's API documentation was meh and it shows, but at least someone else ran into the bug on the community forms.
So that begs the question, when will Cisco get good with their ISE API? Oh well, I'll just use the script I originally made and turn off the CSRF option in ISE for ERS until the bug is addressed and a new patch comes out. On to automating some Nexus API stuff (God help me, the NX-OS API better be good) :)
For now, I am going to go get a slurpee and back to my NP Route studies..... Damn you Cisco for taking the satisfaction away from me.
No comments:
Post a Comment