public/Add-VPASApplicationAuthentication.ps1
|
<#
.Synopsis ADD APPLICATION ID AUTHENTICATION METHOD CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO ADD AN AUTHENTICATION METHOD TO AN EXISTING APPLICATION ID .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER AppID Unique ApplicationID (or Application Name) that will be used by the credential provider(s) to retrieve credentials .PARAMETER AuthType Define the type of the target authentication Possible values: Path, Hash, OSUser, machineAddress, certificateSerialNumber .PARAMETER AuthValue Value to be added to the target AppID .PARAMETER HideWarnings Suppress any warning output to the console .PARAMETER IsFolder Define if the AuthValue is a folder if using an authentication type: path .PARAMETER AllowInternalScripts Define if internal scripts have permission to pull credentials if using an authentication type: path .EXAMPLE $AddApplicationAuthenticationStatus = Add-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType {AUTHTYPE VALUE} -AuthValue {AUTHVALUE VALUE} .OUTPUTS $true if successful $false if failed #> function Add-VPASApplicationAuthentication{ [OutputType([bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target AppID to add Authentication Method to (for example: TestAppID1)",Position=0)] [String]$AppID, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter Authentication Method type (Path, Hash, OSUser, Address, Certificate)",Position=1)] [ValidateSet('Path','Hash','OSUser','machineAddress','certificateSerialNumber')] [String]$AuthType, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter Authentication Method value",Position=2)] [String]$AuthValue, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [Switch]$IsFolder, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [Switch]$AllowInternalScripts, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [hashtable]$token, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [Switch]$HideWarnings ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED APPID VALUE" Write-Verbose "SUCCESSFULLY PARSED AUTHTYPE VALUE" Write-Verbose "SUCCESSFULLY PARSED AUTHVALUE" $AuthTrigger = 0 Write-Verbose "SETTING APPLICATION AUTHENTICATION TYPE" $authtypelower = $AuthType.ToLower() if($authtypelower -eq "path"){ $AuthTrigger = 1 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE PATH WAS SELECTED" } elseif($authtypelower -eq "hash"){ $AuthTrigger = 2 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE HASH WAS SELECTED" } elseif($authtypelower -eq "osuser"){ $AuthTrigger = 3 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE OSUSER WAS SELECTED" } elseif($authtypelower -eq "machineaddress"){ $AuthTrigger = 4 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE MACHINE ADDRESS WAS SELECTED" } elseif($authtypelower -eq "certificateserialnumber"){ $AuthTrigger = 5 Write-Verbose "APPLICATION AUTHENTICATION OF TYPE CERTIFICATE SERIAL NUMBER WAS SELECTED" } if($AuthTrigger -eq 1){ if(!$IsFolder){ if(!$HideWarnings){ Write-VPASOutput -str "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M } Write-Verbose "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" $isfolderflag = $false } elseif($IsFolder){ Write-Verbose "ISFOLDER SPECIFIED, SETTING VALUE: TRUE" $isfolderflag = $true } if(!$AllowInternalScripts){ Write-Verbose "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" if(!$HideWarnings){ Write-VPASOutput -str "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M } $allowinternalscriptsflag = $false } elseif($AllowInternalScripts){ Write-Verbose "ALLOWINTERNALSCRIPTS SPECIFIED, SETTING VALUE: TRUE" $allowinternalscriptsflag = $true } Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "path"; AuthValue = $AuthValue; IsFolder = $isfolderflag; AllowInternalScripts = $allowinternalscriptsflag; } } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json } if($AuthTrigger -eq 2){ Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "hash"; AuthValue = $AuthValue; Comment = $comment } } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json } if($AuthTrigger -eq 3){ Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "osuser"; AuthValue = $AuthValue; } } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json } if($AuthTrigger -eq 4){ Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "machineAddress"; AuthValue = $AuthValue; } } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json } if($AuthTrigger -eq 5){ Write-Verbose "SETTING PARAMETERS FOR API CALL" $params = @{ authentication = @{ AuthType = "certificateserialnumber"; AuthValue = $AuthValue; Comment = $comment; } } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json } try{ Write-Verbose "MAKING API CALL TO CYBERARK" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING TRUE" $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC return $true }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO ADD APPLICATION AUTHENTICATION METHOD" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |