public/Add-VPASAuthenticationMethod.ps1

<#
.Synopsis
   ADD AUTHENTICATION METHOD
   CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO ADD AUTHENTICATION METHOD INTO CYBERARK
.LINK
   https://vpasmodule.com/commands/Add-VPASAuthenticationMethod
.PARAMETER DisplayName
   Display value of the AuthenticationMethod
.PARAMETER Enabled
   Specify if the AuthenticationMethod will be enabled
   AuthenticationMethod will NOT appear if set to disabled
   Possible values: TRUE, FALSE
.PARAMETER MobileEnabled
   Allow the AuthenticationMethod to be visible on mobile
   Possible values: TRUE, FALSE
.PARAMETER LogoffURL
   Redirect link that EndUsers will funnel through on logoff
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER SecondFactorAuth
   Enable a second factor authentication
   Possible values: cyberark, radius, ldap
.PARAMETER SignInLabel
   Visual title of the AuthenticationMethod
   This is what EndUsers will see
.PARAMETER UsernameFieldLabel
   Visual tag for the Username box
   This is what EndUsers will see
.PARAMETER PasswordFieldLabel
   Visual tag for the Password box
   This is what EndUsers will see
.PARAMETER AuthenticationMethodID
   Unique ID that will be used to map to this AuthenticationMethod
.PARAMETER InputParameters
   HashTable of values containing the parameters required to make the API call
.EXAMPLE
   $AddAuthenticationMethodJSON = Add-VPASAuthenticationMethod -AuthenticationMethodID (AUTHENTICATION METHOD IS VALUE}
.EXAMPLE
   $InputParameters = @{
        AuthenticationMethodID = "NewAuthMethod"
        DisplayName = "NewAuthMethod"
        Enabled = "TRUE"|"FALSE"
        MobileEnabled = "TRUE"|"FALSE"
        LogoffURL = "https://logoffURLHere.vman.com"
        SecondFactorAuth = "cyberark"|"radius"|"ldap"
        SignInLabel = "NewAuthMethod"
        UsernameFieldLabel = "UsernameFieldHere"
        PasswordFieldLabel = "PasswordFieldHere"
   }
   $AddAuthenticationMethodJSON = Add-VPASAuthenticationMethod -InputParameters $InputParameters
.OUTPUTS
   If successful:
   {
        "id": "radius",
        "displayName": "vpasradius",
        "enabled": false,
        "logoffUrl": "",
        "secondFactorAuth": null,
        "signInLabel": "",
        "usernameFieldLabel": "usernameHere",
        "passwordFieldLabel": "passwordHere"
   }
   ---
   $false if failed
#>

function Add-VPASAuthenticationMethod{
    [OutputType('System.Object',[bool])]
    [CmdletBinding(DefaultParameterSetName='Set1')]
    Param(

        [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter unique ID of new Authentication Method (for example: Samlv2)")]
        [String]$AuthenticationMethodID,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$DisplayName,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [ValidateSet('TRUE','FALSE')]
        [String]$Enabled,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [ValidateSet('TRUE','FALSE')]
        [String]$MobileEnabled,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$LogoffURL,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [ValidateSet('cyberark','radius','ldap')]
        [String]$SecondFactorAuth,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$SignInLabel,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$UsernameFieldLabel,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$PasswordFieldLabel,

        [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")]
        [hashtable]$InputParameters,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        try{
            if($PSCmdlet.ParameterSetName -eq "InputParameters"){
                $KeyHash = @{
                    set1 = @{
                        AcceptableKeys = @("AuthenticationMethodID","DisplayName","Enabled","MobileEnabled","LogoffURL","SecondFactorAuth","SignInLabel","UsernameFieldLabel","PasswordFieldLabel")
                        MandatoryKeys = @("AuthenticationMethodID")
                    }
                }
                $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash

                if(!$CheckSet){
                    $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC
                    Write-Verbose "FAILED TO FIND TARGET PARAMETER SET"
                    Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E
                    $examples = Write-VPASExampleHelper -CommandName $CommandName
                    return $false
                }
                else{
                    foreach($key in $InputParameters.Keys){
                        Set-Variable -Name $key -Value $InputParameters.$key
                    }
                }
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO CREATE AUTHENTICATION METHOD"
            Write-VPASOutput -str $_ -type E
            return $false
        }

        try{

            Write-Verbose "INITIALIZING PARAMETERS"
            $params = @{
                id = $AuthenticationMethodID
            }

            if([String]::IsNullOrEmpty($DisplayName)){ Write-Verbose "NO DISPLAY NAME PASSED...SKIPPING" }
            else{
                $params += @{ displayName = $DisplayName }
            }

            if([String]::IsNullOrEmpty($LogoffURL)){ Write-Verbose "NO LOGOFF URL PASSED...SKIPPING" }
            else{
                $params += @{ logoffUrl = $LogoffURL }
            }

            if([String]::IsNullOrEmpty($SecondFactorAuth)){ Write-Verbose "NO SECOND FACTOR AUTH PASSED...SKIPPING" }
            else{
                $params += @{ secondFactorAuth = $SecondFactorAuth }
            }

            if([String]::IsNullOrEmpty($SignInLabel)){ Write-Verbose "NO SIGN IN LABEL PASSED...SKIPPING" }
            else{
                $params += @{ signInLabel = $SignInLabel }
            }

            if([String]::IsNullOrEmpty($UsernameFieldLabel)){ Write-Verbose "NO USERNAME FIELD LABEL PASSED...SKIPPING" }
            else{
                $params += @{ usernameFieldLabel = $UsernameFieldLabel }
            }

            if([String]::IsNullOrEmpty($PasswordFieldLabel)){ Write-Verbose "NO PASSWORD FIELD LABEL PASSED...SKIPPING" }
            else{
                $params += @{ passwordFieldLabel = $PasswordFieldLabel }
            }

            if([String]::IsNullOrEmpty($Enabled)){
                Write-Verbose "ENABLED FLAG NOT PASED...SETTING DEFAULT DISABLED"
                $params += @{ enabled = $false }
            }
            else{
                if($Enabled -eq "TRUE"){
                    Write-Verbose "ENABLED FLAG SET TO TRUE"
                    $params += @{ enabled = $true }
                }
                else{
                    Write-Verbose "ENABLED FLAG SET TO FALSE"
                    $params += @{ enabled = $false }
                }
            }

            if([String]::IsNullOrEmpty($MobileEnabled)){
                Write-Verbose "MOBILE ENABLED FLAG NOT PASED...SETTING DEFAULT DISABLED"
                $params += @{ mobileEnabled = $false }
            }
            else{
                if($MobileEnabled -eq "TRUE"){
                    Write-Verbose "MOBILE ENABLED FLAG SET TO TRUE"
                    $params += @{ mobileEnabled = $true }
                }
                else{
                    Write-Verbose "MOBILE ENABLED FLAG SET TO FALSE"
                    $params += @{ mobileEnabled = $false }
                }
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json
            Write-Verbose "FINALIZING PARAMETERS"

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/PasswordVault/API/Configuration/AuthenticationMethods/"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/PasswordVault/API/Configuration/AuthenticationMethods/"
            }

            write-verbose "MAKING API CALL TO CYBERARK"
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json"
            }
            Write-Verbose "SUCCESSFULLY ADDED AUTHENTICAT METHOD ID: $AuthenticationMethodID"
            Write-Verbose "RETURNING JSON OBJECT"
            $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN
            return $response
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO ADD AUTHENTICATION METHOD ID"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}