VpasModule

10.10

Public/VAddApplicationAuthentication.ps1

                                <#

.Synopsis

   ADD APPLICATION ID AUTHENTICATION METHOD

   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com

.DESCRIPTION

   USE THIS FUNCTION TO ADD AN AUTHENTICATION METHOD TO AN EXISTING APPLICATION ID

.EXAMPLE

   $AddApplicationAuthenticationStatus = VAddApplicationAuthentication -PVWA {PVWA VALUE} -token {TOKEN VALUE} -AppID {APPID VALUE} -AuthType {AUTHTYPE VALUE} -AuthValue {AUTHVALUE VALUE}

.OUTPUTS

   $true if successful

   $false if failed

#>

function VAddApplicationAuthentication{

    [CmdletBinding()]

    Param(

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=0)]

        [String]$PVWA,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=1)]

        [String]$token,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=2)]

        [String]$AppID,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=3)]

        [ValidateSet('Path','Hash','OSUser','Address','Certificate')]

        [String]$AuthType,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=4)]

        [String]$AuthValue,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)]

        [Switch]$IsFolder,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)]

        [Switch]$AllowInternalScripts,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)]

        [Switch]$NoSSL

    )

    Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE"

    Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE"

    Write-Verbose "SUCCESSFULLY PARSED APPID VALUE"

    Write-Verbose "SUCCESSFULLY PARSED AUTHTYPE VALUE"

    Write-Verbose "SUCCESSFULLY PARSED AUTHVALUE"

    $AuthTrigger = 0

    Write-Verbose "SETTING APPLICATION AUTHENTICATION TYPE"

    $authtypelower = $AuthType.ToLower()

    if($authtypelower -eq "path"){

        $AuthTrigger = 1

        Write-Verbose "APPLICATION AUTHENTICATION OF TYPE PATH WAS SELECTED"

    }

    elseif($authtypelower -eq "hash"){

        $AuthTrigger = 2

        Write-Verbose "APPLICATION AUTHENTICATION OF TYPE HASH WAS SELECTED"

    }

    elseif($authtypelower -eq "osuser"){

        $AuthTrigger = 3

        Write-Verbose "APPLICATION AUTHENTICATION OF TYPE OSUSER WAS SELECTED"

    }

    elseif($authtypelower -eq "address"){

        $AuthTrigger = 4

        Write-Verbose "APPLICATION AUTHENTICATION OF TYPE ADDRESS WAS SELECTED"

    }

    elseif($authtypelower -eq "certificate"){

        $AuthTrigger = 5

        Write-Verbose "APPLICATION AUTHENTICATION OF TYPE CERTIFICATE WAS SELECTED"

    }

    if($AuthTrigger -eq 1){

        if(!$IsFolder){

            Vout -str "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M

            Write-Verbose "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE"

            $isfolderflag = $false

        }

        elseif($IsFolder){

            Write-Verbose "ISFOLDER SPECIFIED, SETTING VALUE: TRUE"

            $isfolderflag = $true

        }

        if(!$AllowInternalScripts){

            Write-Verbose "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE"

            Vout -str "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M

            $allowinternalscriptsflag = $false

        }

        elseif($AllowInternalScripts){

            Write-Verbose "ALLOWINTERNALSCRIPTS SPECIFIED, SETTING VALUE: TRUE"

            $allowinternalscriptsflag = $true

        }

        Write-Verbose "SETTING PARAMETERS FOR API CALL"

        $params = @{

            authentication = @{

                AuthType = "path";

                AuthValue = $AuthValue;

                IsFolder = $isfolderflag;

                AllowInternalScripts = $allowinternalscriptsflag;

            }

        } | ConvertTo-Json

    }

    if($AuthTrigger -eq 2){

        Write-Verbose "SETTING PARAMETERS FOR API CALL"        

        $params = @{

            authentication = @{

                AuthType = "hash";

                AuthValue = $AuthValue;

                Comment = $comment

            }

        } | ConvertTo-Json

    }

    if($AuthTrigger -eq 3){

        Write-Verbose "SETTING PARAMETERS FOR API CALL"

        $params = @{

            authentication = @{

                AuthType = "osuser";

                AuthValue = $AuthValue;

            }

        } | ConvertTo-Json

    }

    if($AuthTrigger -eq 4){

        Write-Verbose "SETTING PARAMETERS FOR API CALL"

        $params = @{

            authentication = @{

                AuthType = "machineAddress";

                AuthValue = $AuthValue;

            }

        } | ConvertTo-Json

    }

    if($AuthTrigger -eq 5){

        Write-Verbose "SETTING PARAMETERS FOR API CALL"

        $params = @{

            authentication = @{

                AuthType = "certificateserialnumber";

                AuthValue = $AuthValue;

                Comment = $comment;

            }

        } | ConvertTo-Json

    }

    try{

        Write-Verbose "MAKING API CALL TO CYBERARK"

        if($NoSSL){

            Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"

            $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/"

        }

        else{

            Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"

            $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/"

        }

        $response = Invoke-RestMethod -Headers @{"Authorization"=$token} -Uri $uri -Body $params -Method POST -ContentType 'application/json'

        Write-Verbose "PARSING DATA FROM CYBERARK"

        Write-Verbose "RETURNING JSON OBJECT"

        return $true

    }catch{

        Write-Verbose "UNABLE TO ADD APPLICATION AUTHENTICATION METHOD"

        Vout -str $_ -type E

        return $false

    }

}