Functions/Authentication/New-PASSharedSession.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
function New-PASSharedSession {
    <#
.SYNOPSIS
Authenticates a user to CyberArk Vault.

.DESCRIPTION
Authenticates a user to a CyberArk Vault using shared authentication.

.PARAMETER SkipVersionCheck
If the SkipVersionCheck switch is specified, Get-PASServer will not be called after
successfully authenticating.

.PARAMETER SessionVariable
After successfully execution of this function, and authentication to the Vault, a WebSession
object, that contains information about the connection and the request, including cookies,
will be created and passed back in the return object.
This can be passed to subsequent requests to ensure websessions are persistant when the
PAS Web Service exists accross PVWA servers behind a load balancer.

.PARAMETER BaseURI
A string containing the base web address to send te request to.
Pass the portion the PVWA HTTP address.
Do not include "/PasswordVault/"

.PARAMETER PVWAAppName
The name of the CyberArk PVWA Virtual Directory.
Defaults to PasswordVault

.EXAMPLE
$token = New-PASSharedSession -BaseURI https://PVWA.domain.com

Gets authorisation token by authenticating to a CyberArk Vault using shared authentication.

.INPUTS
A PSCredential Object can be piped to this function.

.OUTPUTS
CyberArk Session token; This token identifies the session with the vault, and
is supplied to every other web service request in the same session.
A WebSession object; This contains information about the connection and the request,
including cookies. Can be supplied to other web service requests.
baseURI; this is the URL provided as an input to this function, it can be piped to
other functions from this return object.
ExternalVersion; The External Version number retrieved from CyberArk.

.NOTES

.LINK
#>

    [CmdletBinding(SupportsShouldProcess)]
    param(

        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false
        )]
        [switch]$SkipVersionCheck,

        [parameter(
            Mandatory = $false
        )]
        [string]$SessionVariable = "PASSession",

        [parameter(
            Mandatory = $true,
            ValueFromPipeline = $false
        )]
        [string]$BaseURI,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$PVWAAppName = "PasswordVault"
    )

    BEGIN {

        #Construct URL for request
        $URI = "$baseURI/$PVWAAppName/WebServices/auth/Shared/RestfulAuthenticationService.svc/Logon"

    }#begin

    PROCESS {

        $Body = @{} | ConvertTo-Json

        if($PSCmdlet.ShouldProcess("$baseURI/$PVWAAppName", "Logon Using Shared Authentication")) {

            #Send Logon Request
            $PASSession = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -SessionVariable $SessionVariable

            #If Logon Result
            If($PASSession) {

                #Format Authentication token
                $SessionToken = @{"Authorization" = [string]$($PASSession.CyberArkLogonResult)}

                #WebSession Object
                $WebSession = $PASSession | Select-Object -ExpandProperty WebSession

                #Initial Value for Version variable
                [System.Version]$Version = "0.0"

                if( -not ($SkipVersionCheck)) {

                    Try {

                        #Get CyberArk ExternalVersion number, assign to Version variable.
                        [System.Version]$Version = Get-PASServer -sessionToken $SessionToken -WebSession $WebSession `
                            -BaseURI $BaseURI -PVWAAppName $PVWAAppName -ErrorAction Stop |
                            Select-Object -ExpandProperty ExternalVersion

                    } Catch {Write-Warning "Could Not Determine CyberArk Version"}

                }

                #Return Object
                [pscustomobject]@{

                    #Authentication Token - required for all subsequent Web Service Calls
                    "sessionToken"    = $SessionToken

                    #WebSession
                    "WebSession"      = $WebSession

                    #The Web Service URL the request was sent to
                    "BaseURI"         = $BaseURI

                    #PVWA Application Name/Virtual Directory
                    "PVWAAppName"     = $PVWAAppName

                    #ExternalVersion
                    "ExternalVersion" = $Version

                    #Set default properties to display in output
                } | Add-ObjectDetail -DefaultProperties sessionToken, BaseURI

            }

        }

    }#process

    END {}#end
}