public/Update-VPASAuthenticationMethod.ps1
|
<#
.Synopsis UPDATE AUTHENTICATION METHOD CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO UPDATE AUTHENTICATION METHOD INTO CYBERARK .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER DisplayName Display value of the AuthenticationMethod .PARAMETER Enabled Specify if the AuthenticationMethod will be enabled AuthenticationMethod will NOT appear if set to disabled Possible values: TRUE, FALSE .PARAMETER MobileEnabled Allow the AuthenticationMethod to be visible on mobile Possible values: TRUE, FALSE .PARAMETER LogoffURL Redirect link that EndUsers will funnel through on logoff .PARAMETER SecondFactorAuth Enable a second factor authentication Possible values: cyberark, radius, ldap .PARAMETER SignInLabel Visual title of the AuthenticationMethod This is what EndUsers will see .PARAMETER UsernameFieldLabel Visual tag for the Username box This is what EndUsers will see .PARAMETER PasswordFieldLabel Visual tag for the Password box This is what EndUsers will see .PARAMETER AuthMethodSearch Search string to find the target AuthenticationMethod .PARAMETER AuthMethodID Unique ID that maps to the target AuthenticationMethod Supply AuthMethodID to skip any querying for target AuthenticationMethod .EXAMPLE $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -AuthMethodID {AUTH METHOD ID VALUE} -UsernameFieldLabel {NEW USERNAME FIELD LABEL VALUE} .OUTPUTS If successful: { "id": "vpasradius", "displayName": "vpasradius", "enabled": false, "logoffUrl": "", "secondFactorAuth": null, "signInLabel": "", "usernameFieldLabel": "NewUserbox", "passwordFieldLabel": "NewPassbox" } --- $false if failed #> function Update-VPASAuthenticationMethod{ [OutputType('System.Object',[bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)] [String]$DisplayName, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [ValidateSet('TRUE','FALSE')] [String]$Enabled, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [ValidateSet('TRUE','FALSE')] [String]$MobileEnabled, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [String]$LogoffURL, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [ValidateSet('cyberark','radius','ldap')] [String]$SecondFactorAuth, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [String]$SignInLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [String]$UsernameFieldLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)] [String]$PasswordFieldLabel, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)] [String]$AuthMethodSearch, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)] [String]$AuthMethodID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=10)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" try{ if([String]::IsNullOrEmpty($AuthMethodID)){ Write-Verbose "NO AUTH METHOD ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE AUTH METHOD ID BASED ON SPECIFIED PARAMETERS" $AuthMethodID = Get-VPASAuthenticationMethodIDHelper -token $token -AuthenticationMethodSearch $AuthMethodSearch Write-Verbose "RETURNING AUTH METHOD ID" } else{ Write-Verbose "AUTH METHOD ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } Write-Verbose "RECEIVED JSON OBJECT" $tempDisplayName = $response.displayName $tempEnabled = $response.enabled $tempMobileEnabled = $response.mobileEnabled $tempLogoffURL = $response.logoffUrl $tempSecondFactorAuth = $response.secondFactorAuth $tempSignInLabel = $response.signInLabel $tempUsernameFieldLabel = $response.usernameFieldLabel $tempPasswordFieldLabel = $response.passwordFieldLabel $params = @{} if([String]::IsNullOrEmpty($DisplayName)){ $params += @{ displayName = $tempDisplayName } } else{ $params += @{ displayName = $DisplayName } } write-verbose "HANDLED DISPLAY NAME" if([String]::IsNullOrEmpty($LogoffURL)){ $params += @{ logoffUrl = $tempLogoffURL } } else{ $params += @{ logoffUrl = $LogoffURL } } Write-Verbose "HANDLED LOGOFF URL" if([String]::IsNullOrEmpty($SecondFactorAuth)){ $params += @{ secondFactorAuth = $tempSecondFactorAuth } } else{ $params += @{ secondFactorAuth = $SecondFactorAuth } } Write-Verbose "HANDLED SECOND FACTOR AUTH" if([String]::IsNullOrEmpty($SignInLabel)){ $params += @{ signInLabel = $tempSignInLabel } } else{ $params += @{ signInLabel = $SignInLabel } } Write-Verbose "HANDLED SIGN IN LABEL" if([String]::IsNullOrEmpty($UsernameFieldLabel)){ $params += @{ usernameFieldLabel = $tempUsernameFieldLabel } } else{ $params += @{ usernameFieldLabel = $UsernameFieldLabel } } Write-Verbose "HANDLED USERNAME FIELD LABEL" if([String]::IsNullOrEmpty($PasswordFieldLabel)){ $params += @{ passwordFieldLabel = $tempPasswordFieldLabel } } else{ $params += @{ passwordFieldLabel = $PasswordFieldLabel } } Write-Verbose "HANDLED PASSWORD FIELD LABEL" if([String]::IsNullOrEmpty($Enabled)){ $params += @{ enabled = $tempEnabled } } else{ if($Enabled -eq "TRUE"){ $params += @{ enabled = $true } } else{ $params += @{ enabled = $false } } } Write-Verbose "HANDLED ENABLED" if([String]::IsNullOrEmpty($MobileEnabled)){ $params += @{ mobileEnabled = $tempMobileEnabled } } else{ if($MobileEnabled -eq "TRUE"){ $params += @{ mobileEnabled = $true } } else{ $params += @{ mobileEnabled = $false } } } Write-Verbose "HANDLED MOBILE ENABLED" $params = $params $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "PUT" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" } $outputlog = $response $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN Write-Verbose "UPDATES MADE, RECEIVED JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET AUTHENTICATION METHODS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |