public/VAddApplicationAuthentication.ps1
|
<#
.Synopsis ADD APPLICATION ID AUTHENTICATION METHOD CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO ADD AN AUTHENTICATION METHOD TO AN EXISTING APPLICATION ID .EXAMPLE $AddApplicationAuthenticationStatus = VAddApplicationAuthentication -token {TOKEN VALUE} -AppID {APPID VALUE} -AuthType {AUTHTYPE VALUE} -AuthValue {AUTHVALUE VALUE} .OUTPUTS $true if successful $false if failed #> function VAddApplicationAuthentication{ [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=0)] [hashtable]$token, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=1)] [String]$AppID, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=2)] [ValidateSet('Path','Hash','OSUser','Address','Certificate')] [String]$AuthType, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=3)] [String]$AuthValue, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [Switch]$IsFolder, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [Switch]$AllowInternalScripts, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [Switch]$NoSSL, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)] [Switch]$HideWarnings ) Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED APPID VALUE" Write-Verbose "SUCCESSFULLY PARSED AUTHTYPE VALUE" Write-Verbose "SUCCESSFULLY PARSED AUTHVALUE" $AuthTrigger = 0 Write-Verbose "SETTING APPLICATION AUTHENTICATION TYPE" $authtypelower = $AuthType.ToLower() if($authtypelower -eq "path"){ $AuthTrigger = 1 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE PATH WAS SELECTED" } elseif($authtypelower -eq "hash"){ $AuthTrigger = 2 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE HASH WAS SELECTED" } elseif($authtypelower -eq "osuser"){ $AuthTrigger = 3 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE OSUSER WAS SELECTED" } elseif($authtypelower -eq "address"){ $AuthTrigger = 4 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE ADDRESS WAS SELECTED" } elseif($authtypelower -eq "certificate"){ $AuthTrigger = 5 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE CERTIFICATE WAS SELECTED" } if($AuthTrigger -eq 1){ if(!$IsFolder){ if(!$HideWarnings){ Vout -str "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M } Write-Verbose "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" $isfolderflag = $false } elseif($IsFolder){ Write-Verbose "ISFOLDER SPECIFIED, SETTING VALUE: TRUE" $isfolderflag = $true } if(!$AllowInternalScripts){ Write-Verbose "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" if(!$HideWarnings){ Vout -str "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M } $allowinternalscriptsflag = $false } elseif($AllowInternalScripts){ Write-Verbose "ALLOWINTERNALSCRIPTS SPECIFIED, SETTING VALUE: TRUE" $allowinternalscriptsflag = $true } Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "path"; AuthValue = $AuthValue; IsFolder = $isfolderflag; AllowInternalScripts = $allowinternalscriptsflag; } } | ConvertTo-Json } if($AuthTrigger -eq 2){ Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "hash"; AuthValue = $AuthValue; Comment = $comment } } | ConvertTo-Json } if($AuthTrigger -eq 3){ Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "osuser"; AuthValue = $AuthValue; } } | ConvertTo-Json } if($AuthTrigger -eq 4){ Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "machineAddress"; AuthValue = $AuthValue; } } | ConvertTo-Json } if($AuthTrigger -eq 5){ Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "certificateserialnumber"; AuthValue = $AuthValue; Comment = $comment; } } | ConvertTo-Json } try{ $tokenval = $token.token $sessionval = $token.session $PVWA = $token.pvwa $Header = $token.HeaderType $ISPSS = $token.ISPSS Write-Verbose "MAKING API CALL TO CYBERARK" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/" } if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING JSON OBJECT" return $true }catch{ Write-Verbose "UNABLE TO ADD APPLICATION AUTHENTICATION METHOD" Vout -str $_ -type E return $false } } |