public/Update-VPASAuthenticationMethod.ps1
|
<#
.Synopsis UPDATE AUTHENTICATION METHOD CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO UPDATE AUTHENTICATION METHOD INTO CYBERARK .PARAMETER NoSSL If the environment is not set up for SSL, API calls will be made via HTTP not HTTPS (Not Recommended!) .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER DisplayName Display value of the AuthenticationMethod .PARAMETER Enabled Specify if the AuthenticationMethod will be enabled AuthenticationMethod will NOT appear if set to disabled Possible values: TRUE, FALSE .PARAMETER MobileEnabled Allow the AuthenticationMethod to be visible on mobile Possible values: TRUE, FALSE .PARAMETER LogoffURL Redirect link that EndUsers will funnel through on logoff .PARAMETER SecondFactorAuth Enable a second factor authentication Possible values: cyberark, radius, ldap .PARAMETER SignInLabel Visual title of the AuthenticationMethod This is what EndUsers will see .PARAMETER UsernameFieldLabel Visual tag for the Username box This is what EndUsers will see .PARAMETER PasswordFieldLabel Visual tag for the Password box This is what EndUsers will see .PARAMETER AuthMethodSearch Search string to find the target AuthenticationMethod .PARAMETER AuthMethodID Unique ID that maps to the target AuthenticationMethod Supply AuthMethodID to skip any querying for target AuthenticationMethod .EXAMPLE $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -AuthMethodID {AUTH METHOD ID VALUE} -UsernameFieldLabel {NEW USERNAME FIELD LABEL VALUE} .OUTPUTS JSON Object (AuthenticationMethod) if successful $false if failed #> function Update-VPASAuthenticationMethod{ [OutputType('System.Object',[bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)] [String]$DisplayName, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [ValidateSet('TRUE','FALSE')] [String]$Enabled, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [ValidateSet('TRUE','FALSE')] [String]$MobileEnabled, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [String]$LogoffURL, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [ValidateSet('cyberark','radius','ldap')] [String]$SecondFactorAuth, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [String]$SignInLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [String]$UsernameFieldLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)] [String]$PasswordFieldLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)] [String]$AuthMethodSearch, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)] [String]$AuthMethodID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=10)] [hashtable]$token, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=11)] [Switch]$NoSSL ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL = Get-VPASSession -token $token } process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" try{ if([String]::IsNullOrEmpty($AuthMethodID)){ Write-Verbose "NO AUTH METHOD ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE AUTH METHOD ID BASED ON SPECIFIED PARAMETERS" if($NoSSL){ $AuthMethodID = Get-VPASAuthenticationMethodIDHelper -token $token -AuthenticationMethodSearch $AuthMethodSearch -NoSSL } else{ $AuthMethodID = Get-VPASAuthenticationMethodIDHelper -token $token -AuthenticationMethodSearch $AuthMethodSearch } Write-Verbose "RETURNING AUTH METHOD ID" } else{ Write-Verbose "AUTH METHOD ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } Write-Verbose "RECEIVED JSON OBJECT" $tempDisplayName = $response.displayName $tempEnabled = $response.enabled $tempMobileEnabled = $response.mobileEnabled $tempLogoffURL = $response.logoffUrl $tempSecondFactorAuth = $response.secondFactorAuth $tempSignInLabel = $response.signInLabel $tempUsernameFieldLabel = $response.usernameFieldLabel $tempPasswordFieldLabel = $response.passwordFieldLabel $params = @{} if([String]::IsNullOrEmpty($DisplayName)){ $params += @{ displayName = $tempDisplayName } } else{ $params += @{ displayName = $DisplayName } } write-verbose "HANDLED DISPLAY NAME" if([String]::IsNullOrEmpty($LogoffURL)){ $params += @{ logoffUrl = $tempLogoffURL } } else{ $params += @{ logoffUrl = $LogoffURL } } Write-Verbose "HANDLED LOGOFF URL" if([String]::IsNullOrEmpty($SecondFactorAuth)){ $params += @{ secondFactorAuth = $tempSecondFactorAuth } } else{ $params += @{ secondFactorAuth = $SecondFactorAuth } } Write-Verbose "HANDLED SECOND FACTOR AUTH" if([String]::IsNullOrEmpty($SignInLabel)){ $params += @{ signInLabel = $tempSignInLabel } } else{ $params += @{ signInLabel = $SignInLabel } } Write-Verbose "HANDLED SIGN IN LABEL" if([String]::IsNullOrEmpty($UsernameFieldLabel)){ $params += @{ usernameFieldLabel = $tempUsernameFieldLabel } } else{ $params += @{ usernameFieldLabel = $UsernameFieldLabel } } Write-Verbose "HANDLED USERNAME FIELD LABEL" if([String]::IsNullOrEmpty($PasswordFieldLabel)){ $params += @{ passwordFieldLabel = $tempPasswordFieldLabel } } else{ $params += @{ passwordFieldLabel = $PasswordFieldLabel } } Write-Verbose "HANDLED PASSWORD FIELD LABEL" if([String]::IsNullOrEmpty($Enabled)){ $params += @{ enabled = $tempEnabled } } else{ if($Enabled -eq "TRUE"){ $params += @{ enabled = $true } } else{ $params += @{ enabled = $false } } } Write-Verbose "HANDLED ENABLED" if([String]::IsNullOrEmpty($MobileEnabled)){ $params += @{ mobileEnabled = $tempMobileEnabled } } else{ if($MobileEnabled -eq "TRUE"){ $params += @{ mobileEnabled = $true } } else{ $params += @{ mobileEnabled = $false } } } Write-Verbose "HANDLED MOBILE ENABLED" $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" } Write-Verbose "UPDATES MADE, RECEIVED JSON OBJECT" return $response }catch{ Write-Verbose "UNABLE TO GET AUTHENTICATION METHODS" Write-VPASOutput -str $_ -type E return $false } } End{ } } |