Private/Send-RADIUSResponse.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
Function Send-RADIUSResponse { <# .SYNOPSIS Sends RADIUS challenge response as part of PAS logon process .DESCRIPTION psPAS helper function. Sends (RADIUS) logon request to Invoke-PASRestMethod, if response indicates RADIUS challenge, prompts for input. .PARAMETER LogonRequest The required parameters for PAS logon as defined in New-PASSession .PARAMETER Message An optional message to display as a prompt detailing the RADIUS challenge criteria .PARAMETER OTP An optional OTP value to provide as challenge response. .EXAMPLE Send-RADIUSResponse -LogonRequest $LogonRequest -Message "Some Message" #> [CmdletBinding()] param( [parameter( Mandatory = $true, ValueFromPipelineByPropertyName = $true)] [hashtable]$LogonRequest, [parameter( Mandatory = $false, ValueFromPipelineByPropertyName = $true)] [string]$Message, [parameter( Mandatory = $false, ValueFromPipelineByPropertyName = $true)] [string]$OTP ) Begin { #Default value for the Read-Host prompt. $Prompt = 'Enter OTP' } Process { #OTP value has not yet been provided. #Initial RADIUS auth attempt will trigger notification of OTP for user to provide. #?"passcode" remains an option for backward compatibility. If ((-not ($PSBoundParameters.ContainsKey('OTP'))) -or ($PSBoundParameters['OTP'] -match 'passcode')) { If ($null -ne $Message) { #*The message from the exception containing challenge instructions from the RADIUS server. $Prompt = $Message } #Prompt user for OTP or Challenge Response $OTP = $(Read-Host -Prompt $Prompt) } #Construct Request Body with $OTP value as RADIUS response $Body = $LogonRequest['Body'] | ConvertFrom-Json $Body.Password = $OTP $LogonRequest['Body'] = $Body | ConvertTo-Json try { #Respond to RADIUS challenge Invoke-PASRestMethod @LogonRequest } catch { if ($PSItem.FullyQualifiedErrorId -notmatch 'ITATS542I') { #Throw all errors not related to ITATS542I throw $PSItem } Else { #ITATS542I indicates further challenge required #pass $LogonRequest and challenge message back into this function Send-RADIUSResponse -LogonRequest $LogonRequest -Message "$($PSItem.Exception.Message)" } } } End {} } |