public/Add-VPASAuthenticationMethod.ps1
|
<#
.Synopsis ADD AUTHENTICATION METHOD CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO ADD AUTHENTICATION METHOD INTO CYBERARK .PARAMETER DisplayName Display value of the AuthenticationMethod .PARAMETER Enabled Specify if the AuthenticationMethod will be enabled AuthenticationMethod will NOT appear if set to disabled Possible values: TRUE, FALSE .PARAMETER MobileEnabled Allow the AuthenticationMethod to be visible on mobile Possible values: TRUE, FALSE .PARAMETER LogoffURL Redirect link that EndUsers will funnel through on logoff .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER SecondFactorAuth Enable a second factor authentication Possible values: cyberark, radius, ldap .PARAMETER SignInLabel Visual title of the AuthenticationMethod This is what EndUsers will see .PARAMETER UsernameFieldLabel Visual tag for the Username box This is what EndUsers will see .PARAMETER PasswordFieldLabel Visual tag for the Password box This is what EndUsers will see .PARAMETER AuthenticationMethodID Unique ID that will be used to map to this AuthenticationMethod .EXAMPLE $AddAuthenticationMethodJSON = Add-VPASAuthenticationMethod -AuthenticationMethodID (AUTHENTICATION METHOD IS VALUE} .OUTPUTS If successful: { "id": "radius", "displayName": "vpasradius", "enabled": false, "logoffUrl": "", "secondFactorAuth": null, "signInLabel": "", "usernameFieldLabel": "usernameHere", "passwordFieldLabel": "passwordHere" } --- $false if failed #> function Add-VPASAuthenticationMethod{ [OutputType('System.Object',[bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter unique ID of new Authentication Method (for example: Samlv2)",Position=0)] [String]$AuthenticationMethodID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [String]$DisplayName, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [ValidateSet('TRUE','FALSE')] [String]$Enabled, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [ValidateSet('TRUE','FALSE')] [String]$MobileEnabled, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [String]$LogoffURL, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [ValidateSet('cyberark','radius','ldap')] [String]$SecondFactorAuth, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [String]$SignInLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)] [String]$UsernameFieldLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)] [String]$PasswordFieldLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED AUTHENTICATION METHOD ID: $AuthenticationMethodID" try{ Write-Verbose "INITIALIZING PARAMETERS" $params = @{ id = $AuthenticationMethodID } if([String]::IsNullOrEmpty($DisplayName)){ Write-Verbose "NO DISPLAY NAME PASSED...SKIPPING" } else{ $params += @{ displayName = $DisplayName } } if([String]::IsNullOrEmpty($LogoffURL)){ Write-Verbose "NO LOGOFF URL PASSED...SKIPPING" } else{ $params += @{ logoffUrl = $LogoffURL } } if([String]::IsNullOrEmpty($SecondFactorAuth)){ Write-Verbose "NO SECOND FACTOR AUTH PASSED...SKIPPING" } else{ $params += @{ secondFactorAuth = $SecondFactorAuth } } if([String]::IsNullOrEmpty($SignInLabel)){ Write-Verbose "NO SIGN IN LABEL PASSED...SKIPPING" } else{ $params += @{ signInLabel = $SignInLabel } } if([String]::IsNullOrEmpty($UsernameFieldLabel)){ Write-Verbose "NO USERNAME FIELD LABEL PASSED...SKIPPING" } else{ $params += @{ usernameFieldLabel = $UsernameFieldLabel } } if([String]::IsNullOrEmpty($PasswordFieldLabel)){ Write-Verbose "NO PASSWORD FIELD LABEL PASSED...SKIPPING" } else{ $params += @{ passwordFieldLabel = $PasswordFieldLabel } } if([String]::IsNullOrEmpty($Enabled)){ Write-Verbose "ENABLED FLAG NOT PASED...SETTING DEFAULT DISABLED" $params += @{ enabled = $false } } else{ if($Enabled -eq "TRUE"){ Write-Verbose "ENABLED FLAG SET TO TRUE" $params += @{ enabled = $true } } else{ Write-Verbose "ENABLED FLAG SET TO FALSE" $params += @{ enabled = $false } } } if([String]::IsNullOrEmpty($MobileEnabled)){ Write-Verbose "MOBILE ENABLED FLAG NOT PASED...SETTING DEFAULT DISABLED" $params += @{ mobileEnabled = $false } } else{ if($MobileEnabled -eq "TRUE"){ Write-Verbose "MOBILE ENABLED FLAG SET TO TRUE" $params += @{ mobileEnabled = $true } } else{ Write-Verbose "MOBILE ENABLED FLAG SET TO FALSE" $params += @{ mobileEnabled = $false } } } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json Write-Verbose "FINALIZING PARAMETERS" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/Configuration/AuthenticationMethods/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/Configuration/AuthenticationMethods/" } write-verbose "MAKING API CALL TO CYBERARK" $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" } Write-Verbose "SUCCESSFULLY ADDED AUTHENTICAT METHOD ID: $AuthenticationMethodID" Write-Verbose "RETURNING JSON OBJECT" $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO ADD AUTHENTICATION METHOD ID" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |