Functions/Monitoring/Connect-PASPSMSession.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
function Connect-PASPSMSession {
    <#
.SYNOPSIS
Connect to Live PSM Sessions

.DESCRIPTION
Returns connection data necessary to monitor an active PSM session.

.PARAMETER SessionId
The unique ID of the PSM Live Session.

.PARAMETER ConnectionMethod
The expected parameters to be returned, either RDP or PSMGW.

.PARAMETER sessionToken
Hashtable containing the session token returned from New-PASSession

.PARAMETER WebSession
WebRequestSession object returned from New-PASSession

.PARAMETER BaseURI
PVWA Web Address
Do not include "/PasswordVault/"

.PARAMETER PVWAAppName
The name of the CyberArk PVWA Virtual Directory.
Defaults to PasswordVault

.PARAMETER ExternalVersion
The External CyberArk Version, returned automatically from the New-PASSession function from version 9.7 onwards.
If the minimum version requirement of this function is not satisfied, execution will be halted.
Omitting a value for this parameter, or supplying a version of "0.0" will skip the version check.

.EXAMPLE
$token | Connect-PASPSMSession -LiveSessionId $SessionUUID -ConnectionMethod RDP

Returns parameters to connect to Live PSM Session via RDP.

.EXAMPLE
$token | Connect-PASPSMSession -LiveSessionId $SessionUUID -ConnectionMethod PSMGW

Returns parameters to connect to Live PSM Session via HTML5 GW.

.INPUTS

.OUTPUTS

.NOTES
Minimum CyberArk Version 10.5

.LINK

#>

    [CmdletBinding()]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [string]$SessionId,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateSet("RDP", "PSMGW")]
        [string]$ConnectionMethod,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [hashtable]$sessionToken,

        [parameter(
            ValueFromPipelinebyPropertyName = $true
        )]
        [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$BaseURI,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$PVWAAppName = "PasswordVault",

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [System.Version]$ExternalVersion = "0.0"

    )

    BEGIN {
        $MinimumVersion = [System.Version]"10.5"
    }#begin

    PROCESS {

        Assert-VersionRequirement -ExternalVersion $ExternalVersion -RequiredVersion $MinimumVersion

        #Create URL for Request
        $URI = "$baseURI/$PVWAAppName/API/LiveSessions/$($SessionId | Get-EscapedString)/monitor"

        $Header = $sessionToken

        #if a connection method is specified
        If($PSBoundParameters.ContainsKey("ConnectionMethod")) {

            #The information needs to passed in the header
            if($PSBoundParameters["ConnectionMethod"] -eq "RDP") {

                #RDP accept "application/json" response
                $Accept = "application/json"

            } elseif($PSBoundParameters["ConnectionMethod"] -eq "PSMGW") {

                #PSMGW accept * / * response
                $Accept = "* / *"

            }

            #add detail to header
            $Header["Accept"] = $Accept

        }

        #send request to PAS web service
        $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $Header -WebSession $WebSession

        If($result) {

            $result

        } #process

    }

    END {}#end

}