VpasModule

13.1.1

public/Add-VPASApplicationAuthentication.ps1

<#
.Synopsis
   ADD APPLICATION ID AUTHENTICATION METHOD
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO ADD AN AUTHENTICATION METHOD TO AN EXISTING APPLICATION ID
.PARAMETER NoSSL
   If the environment is not set up for SSL, API calls will be made via HTTP not HTTPS (Not Recommended!)
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER AppID
   Unique ApplicationID (or Application Name) that will be used by the credential provider(s) to retrieve credentials
.PARAMETER AuthType
   Define the type of the target authentication
   Possible values: Path, Hash, OSUser, Address, Certificate
.PARAMETER AuthValue
   Value to be added to the target AppID
.PARAMETER HideWarnings
   Suppress any warning output to the console
.PARAMETER IsFolder
   Define if the AuthValue is a folder if using an authentication type: path
.PARAMETER AllowInternalScripts
   Define if internal scripts have permission to pull credentials if using an authentication type: path
.EXAMPLE
   $AddApplicationAuthenticationStatus = Add-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType {AUTHTYPE VALUE} -AuthValue {AUTHVALUE VALUE}
.OUTPUTS
   $true if successful
   $false if failed
#>
function Add-VPASApplicationAuthentication{
    [OutputType([bool])]
    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target AppID to add Authentication Method to (for example: TestAppID1)",Position=0)]
        [String]$AppID,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter Authentication Method type (Path, Hash, OSUser, Address, Certificate)",Position=1)]
        [ValidateSet('Path','Hash','OSUser','Address','Certificate')]
        [String]$AuthType,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter Authentication Method value",Position=2)]
        [String]$AuthValue,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        [Switch]$IsFolder,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)]
        [Switch]$AllowInternalScripts,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)]
        [hashtable]$token,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)]
        [Switch]$NoSSL,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)]
        [Switch]$HideWarnings

    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL = Get-VPASSession -token $token
    }
    process{

        Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE"
        Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE"
        Write-Verbose "SUCCESSFULLY PARSED APPID VALUE"
        Write-Verbose "SUCCESSFULLY PARSED AUTHTYPE VALUE"
        Write-Verbose "SUCCESSFULLY PARSED AUTHVALUE"

        $AuthTrigger = 0

        Write-Verbose "SETTING APPLICATION AUTHENTICATION TYPE"
        $authtypelower = $AuthType.ToLower()
        if($authtypelower -eq "path"){
            $AuthTrigger = 1
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE PATH WAS SELECTED"
        }
        elseif($authtypelower -eq "hash"){
            $AuthTrigger = 2
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE HASH WAS SELECTED"
        }
        elseif($authtypelower -eq "osuser"){
            $AuthTrigger = 3
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE OSUSER WAS SELECTED"
        }
        elseif($authtypelower -eq "address"){
            $AuthTrigger = 4
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE ADDRESS WAS SELECTED"
        }
        elseif($authtypelower -eq "certificate"){
            $AuthTrigger = 5
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE CERTIFICATE WAS SELECTED"
        }

        if($AuthTrigger -eq 1){
            if(!$IsFolder){
                if(!$HideWarnings){
                    Write-VPASOutput -str "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M
                }
                Write-Verbose "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE"
                $isfolderflag = $false
            }
            elseif($IsFolder){
                Write-Verbose "ISFOLDER SPECIFIED, SETTING VALUE: TRUE"
                $isfolderflag = $true
            }

            if(!$AllowInternalScripts){
                Write-Verbose "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE"
                if(!$HideWarnings){
                    Write-VPASOutput -str "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M
                }
                $allowinternalscriptsflag = $false
            }
            elseif($AllowInternalScripts){
                Write-Verbose "ALLOWINTERNALSCRIPTS SPECIFIED, SETTING VALUE: TRUE"
                $allowinternalscriptsflag = $true
            }

            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "path";
                    AuthValue = $AuthValue;
                    IsFolder = $isfolderflag;
                    AllowInternalScripts = $allowinternalscriptsflag;
                }
            } | ConvertTo-Json
        }
        if($AuthTrigger -eq 2){
            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "hash";
                    AuthValue = $AuthValue;
                    Comment = $comment
                }
            } | ConvertTo-Json
        }
        if($AuthTrigger -eq 3){
            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "osuser";
                    AuthValue = $AuthValue;
                }
            } | ConvertTo-Json
        }
        if($AuthTrigger -eq 4){
            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "machineAddress";
                    AuthValue = $AuthValue;
                }
            } | ConvertTo-Json
        }
        if($AuthTrigger -eq 5){
            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "certificateserialnumber";
                    AuthValue = $AuthValue;
                    Comment = $comment;
                }
            } | ConvertTo-Json
        }

        try{

            Write-Verbose "MAKING API CALL TO CYBERARK"

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/"
            }

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json"
            }
            Write-Verbose "PARSING DATA FROM CYBERARK"
            Write-Verbose "RETURNING JSON OBJECT"
            return $true
        }catch{
            Write-Verbose "UNABLE TO ADD APPLICATION AUTHENTICATION METHOD"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{

    }
}