Functions/Applications/Add-PASApplicationAuthenticationMethod.ps1
|
function Add-PASApplicationAuthenticationMethod { <# .SYNOPSIS Adds an authentication method to an application. .DESCRIPTION Adds a new authentication method to a specific application iin the vault. The "Manage Users" permission is required to be held by the user running the function. .PARAMETER AppID The name of the application for which a new authentication method is being added. .PARAMETER AuthType The tye of authentication. Valid Values are machineAddress, osUser, path, hashValue .PARAMETER AuthValue The content of the authentication. .PARAMETER IsFolder Boolean value denoting if path is a folder. Only relevant for "Path Authentication". .PARAMETER AllowInternalScripts Boolean value denoting if internal scripts are allowed. Only relevant for "Path Authentication". .PARAMETER Comment Note Property only relevant for hash authentication. .PARAMETER sessionToken Hashtable containing the session token returned from New-PASSession .PARAMETER WebSession WebRequestSession object returned from New-PASSession .PARAMETER BaseURI PVWA Web Address Do not include "/PasswordVault/" .PARAMETER PVWAAppName The name of the CyberArk PVWA Virtual Directory. Defaults to PasswordVault .EXAMPLE $token | Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType machineAddress -AuthValue AppServer1.domain.com Adds a Machine Address application authentication mechanism to NewApp .EXAMPLE $token | Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType osUser -AuthValue Domain\SomeUser Adds an osUSer application authentication mechanism to NewApp .EXAMPLE $token | Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType path -AuthValue SomePath Adds path application authentication mechanism to NewApp .EXAMPLE $token | Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType certificateserialnumber -AuthValue 040000000000FA3DEFE9A9 -Comment "DEV Cert" Adds certificateserialnumber application authentication mechanism to NewApp .INPUTS All parameters can be piped by property name .OUTPUTS None .NOTES Function uses dynamicparameters. Dynamic Parameters IsFolder, AllowInternalScripts & Comment do not accept input from the pipeline. .LINK #> [CmdletBinding()] param( [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateNotNullOrEmpty()] [string]$AppID, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateSet("path", "hash", "osUser", "machineAddress", "certificateserialnumber")] [string]$AuthType, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] #[ValidateScript({<#[0-9a-fA-F]+CertSerialnumberValidation#>})] [string]$AuthValue, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateNotNullOrEmpty()] [hashtable]$sessionToken, [parameter( ValueFromPipelinebyPropertyName = $true )] [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [string]$BaseURI, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string]$PVWAAppName = "PasswordVault" ) DynamicParam { #Create a RuntimeDefinedParameterDictionary $Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary #Add dynamic parameters to $dictionary if($AuthType -eq "path") { #parameters only relevant to path authentication New-DynamicParam -Name IsFolder -DPDictionary $Dictionary -Type boolean New-DynamicParam -Name AllowInternalScripts -DPDictionary $Dictionary -Type boolean } if(($AuthType -eq "hash") -or ($AuthType -eq "certificateserialnumber")) { #add comment parmater New-DynamicParam -Name Comment -DPDictionary $Dictionary } #return RuntimeDefinedParameterDictionary $Dictionary } BEGIN {}#begin PROCESS { $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Applications/$($AppID | Get-EscapedString)/Authentications" $Body = @{ "authentication" = $PSBoundParameters | Get-PASParameter } | ConvertTo-Json Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession }#process END {}#end } |