Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1897
Views
2
Helpful
0
Comments

C++ LibCurl ERS Examples

paul
Level 10
Level 10

on ‎07-06-2017 08:10 PM

I don't know if anyone does C++ REST coding but I had to put a self-contained DOS executable together put a MAC address into a static endpoint identity group.  I used libcurl and JSON to do the ERS calls to ISE.  Not going to show all the C++ code but wanted to show the libcurl calls.

First I define the base URL for the rest calls:

curl_url_base = "https://" + rest_user + ":" + rest_password + "@" + ise_admin + ":9060/ers/config/";

So the base URL could end up looking like:

https://rest_admin:TempPass@1.1.1.1:9060/ers/config/

Next Init Curl and setup the headers and options.  I turn off SSL verification and set the timeout to 10 seconds.

curl = curl_easy_init();

curl_headers = curl_slist_append(curl_headers, "Content-type: application/json");

curl_headers = curl_slist_append(curl_headers, "Accept: application/json");

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);

curl_easy_setopt(curl, CURLOPT_HTTPHEADER, curl_headers);

curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10);

In order to save the HTTP response you need to setup a call back function.  You can find examples in the libcurl documentation.  I am putting all the data into a string called httpData.

curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, callback);

curl_easy_setopt(curl, CURLOPT_WRITEDATA, &httpData);

Now with the CURL headers and options set it is time to check to see if the MAC address exists in the ISE endpoint datbase:

curl_url = curl_url_base + "endpoint?filter=mac.EQ." + my_mac_address;

curl_easy_setopt(curl, CURLOPT_URL, curl_url.c_str());

curl_result = curl_easy_perform(curl);


Once I get the HTTP result back back from ISE it will be in JSON format and have a format similar to this:


{

  "SearchResult" : {

    "total" : 1,

    "resources" : [ {

      "id" : "dc2227f0-6293-11e7-889a-024261069971",

      "name" : "11:22:33:44:55:66",

      "link" : {

        "rel" : "self",

        "href" : "https://10.89.80.34:9060/ers/config/endpoint/dc2227f0-6293-11e7-889a-024261069971",

        "type" : "application/xml"

      }

    } ]

  }

}

I parse the JSON looking for the "id:" line.  If it exists I copy the MAC ID into a string of not I know the MAC address doesn't exist.

Next I need to make a call to get the Endpoint Group ID from ISE.

httpData.clear();

curl_url = curl_url_base + "endpointgroup?filter=name.EQ." + identity_group;

curl_easy_setopt(curl, CURLOPT_URL, curl_url.c_str());

curl_result = curl_easy_perform(curl);

The JSON return will look something like this:

{

  "SearchResult" : {

    "total" : 1,

    "resources" : [ {

      "id" : "cabb7fc0-5d4d-11e7-b01c-024226b23b4f",

      "name" : "Test",

      "description" : "",

      "link" : {

        "rel" : "self",

        "href" : "https://10.89.80.34:9060/ers/config/endpointgroup/cabb7fc0-5d4d-11e7-b01c-024226b23b4f",

        "type" : "application/xml"

      }

    } ]

  }

}

Now I have the MAC ID and Group ID.  If the MAC exists I need to perform a PUT call to ISE with JSON to update the MAC address.  The JSON is in this format:

{

  "ERSEndPoint" : {

    "groupId" : "cabb7fc0-5d4d-11e7-b01c-024226b23b4f",

    "mac" : "11:22:33:44:55:66",

    "staticGroupAssignment" : true

  }

}

I put this data into a string and issue the PUT to ISE.

httpData.clear();

sendData = "{\n\"ERSEndPoint\" : {";

sendData = sendData + "\"groupId\" : \"" + group_id_value + "\",";

sendData = sendData + "\"mac\" : \"" + my_mac_address + "\",";

sendData = sendData + "\"staticGroupAssignment\" : true\n}\n}";

curl_url = curl_url_base + "endpoint/" + mac_id_value;

curl_easy_setopt(curl, CURLOPT_URL, curl_url.c_str());

curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT");

curl_easy_setopt(curl, CURLOPT_POSTFIELDS, sendData.c_str());

curl_result = curl_easy_perform(curl);

If things works work you get a 200 code back with JSON that looks similar to this:

{

  "UpdatedFieldsList" : {

    "updatedField" : [ {

      "field" : "groupId",

      "oldValue" : "aa000c30-8bff-11e6-996c-525400b48521",

      "newValue" : "cabb7fc0-5d4d-11e7-b01c-024226b23b4f"

    } ]

  }

}

If the MAC address doesn't exist in ISE you issue a POST with the same JSON format as the PUT:

sendData = "{\n\"ERSEndPoint\" : {";

sendData = sendData + "\"groupId\" : \"" + group_id_value + "\",";

sendData = sendData + "\"mac\" : \"" + my_mac_address + "\",";

sendData = sendData + "\"staticGroupAssignment\" : true\n}\n}";

curl_url = curl_url_base + "endpoint";

curl_easy_setopt(curl, CURLOPT_URL, curl_url.c_str());

curl_easy_setopt(curl, CURLOPT_POSTFIELDS, sendData.c_str());

curl_result = curl_easy_perform(curl);

If the MAC address add is successful the HTML code returned is 201.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents