public/New-VPASToken.ps1
|
<#
.Synopsis GET CYBERARK LOGIN TOKEN CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO AUTHENTICATE INTO CYBERARK VIA ONPREM/PCLOUD STANDARD (RADIUS, CYBERARK, WINDOWS, SAML, LDAP, AUTHTOKEN) OR ISPSS (CYBERARK, OAUTH, AUTHTOKEN) .LINK https://vpasmodule.com/commands/New-VPASToken .PARAMETER NoSSL If the environment is not set up for SSL, API calls will be made via HTTP not HTTPS (Not Recommended!) .PARAMETER PVWA The fully qualified domain name of the PVWA server for SelfHosted environments: server1.vman.com The baseURL for saas environments: MyCompany.privilegecloud.cyberark.cloud .PARAMETER AuthType What method of authentication will be used For saas environments, select the ispss options Possible values: cyberark, radius, windows, ldap, saml, authtoken, ispss_oauth, ispss_cyberark, ispss_authtoken .PARAMETER creds A credential object containing username and password .PARAMETER HideAscii To remove the VPasModule logo from appearing in the console .PARAMETER InitiateCookie Initiate a cookie variable that will be included in the header from call to call Very useful in situations where stickiness or persistency is not enabled on PVWA loadbalancer .PARAMETER HideWarnings Hide any warning outputs from the console during the API session .PARAMETER IDPLogin For SAML authentication, the URL of the external IDP users get routed to to complete the SAML authentication challenges .PARAMETER IdentityURL For saas environments, the tenant URL of Identity .PARAMETER EnableTroubleshooting Enable troubleshooting code that will attempt to fix failed commands (COMING SOON!) .PARAMETER IdentityOnly Authenticate into Identity only Useful when the account only has rights in Identity and NOT in PrivilegeCloud .PARAMETER AuthToken Provide login token generated externally .PARAMETER EnableTextRecorder Enable Text Recording feature which will log out every API command, return value, and general information that is generated during the token session The log file will be located in the current users AppData folder: C:\Users\{current_user}\AppData\Local\VPASModuleOutputs\APITextRecorder .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType radius .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType cyberark .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType windows .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ldap .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType authtoken -AuthToken {AuthToken VALUE} .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType saml -IDPLogin {IDPLogin URL} .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ispss_oauth -IdentityURL {IdentityURL URL} .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ispss_cyberark -IdentityURL {IdentityURL URL} .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ispss_cyberark -IdentityURL {IdentityURL URL} -EnableTextRecorder -IdentityOnly .EXAMPLE $token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ispss_authtoken -IdentityURL {IdentityURL URL} -AuthToken {AuthToken VALUE} .OUTPUTS If successful: { "IdentityURL": "AA12345.id.cyberark.cloud", "SubDomain": "vman", "AuditTimeStamp": "08-17-2024_00-23-58", "VaultVersion": "14.2.0", "session": false, "EnableTextRecorder": { "IsPresent": true }, "pvwa": "vman.privilegecloud.cyberark.cloud", "NoSSL": { "IsPresent": false }, "ISPSS": true, "token": "...1rcg33vtyly...", "AuthenticatedAs": "vman@cyberark.cloud.1234", "HeaderType": "Bearer ...1rcg33vtyly...", "HideWarnings": { "IsPresent": false } } --- $false if failed #> function New-VPASToken{ [OutputType('System.Collections.Hashtable',[bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter PVWA FQDN (for example: MyPVWAServer.vman.com)",Position=0)] [String]$PVWA, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter AuthenticationType (Cyberark, Radius, Windows, LDAP, Saml, AuthToken, ISPSS_OAuth, ISPSS_Cyberark, ISPSS_AuthToken)",Position=1)] [ValidateSet('cyberark','radius','windows','ldap','saml','authtoken','ispss_oauth','ispss_cyberark','ispss_authtoken')] [String]$AuthType, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [PSCredential]$creds, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [Switch]$HideAscii, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [Switch]$NoSSL, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [Switch]$InitiateCookie, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [String]$IDPLogin, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)] [String]$IdentityURL, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)] [String]$AuthToken, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)] [Switch]$EnableTextRecorder, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=10)] [Switch]$HideWarnings, #[Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=11)] #[Switch]$EnableTroubleshooting, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=11)] [Switch]$IdentityOnly ) Begin{ } process{ $EnableTroubleshooting = $false $output = @{} if($HideAscii){ #DO NOTHING } else{ Write-VPASOutput -str " __ _______ __ __ _ _ " -type G -Initialized Write-VPASOutput -str " \ \ / / __ \ | \/ | | | | | " -type G -Initialized Write-VPASOutput -str " \ \ / /| |__) |_ _ ___| \ / | ___ __| |_ _| | ___ " -type G -Initialized Write-VPASOutput -str " \ \/ / | ___/ _` / __| |\/| |/ _ \ / _` | | | | |/ _ \ " -type G -Initialized Write-VPASOutput -str " \ / | | | (_| \__ \ | | | (_) | (_| | |_| | | __/ " -type G -Initialized Write-VPASOutput -str " \/ |_| \__,_|___/_| |_|\___/ \__,_|\__,_|_|\___| " -type G -Initialized } if(([Net.SecurityProtocolType].GetEnumNames() -contains "Tls12" ) -and (-not ([System.Net.ServicePointManager]::SecurityProtocol -match "Tls12"))){ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } if($AuthType -ne "saml" -and $AuthType -ne "ispss_oauth" -and $AuthType -ne "ispss_cyberark" -and $AuthType -ne "ispss_authtoken" -and $AuthType -ne "authtoken"){ if($AuthType -eq "radius"){ Write-Verbose "RADIUS AUTHENTICATION SELECTED" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/auth/RADIUS/Logon" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/auth/RADIUS/Logon" } } if($AuthType -eq "cyberark"){ Write-Verbose "CYBERARK AUTHENTICATION SELECTED" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/auth/cyberark/Logon" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/auth/cyberark/Logon" } } if($AuthType -eq "windows"){ Write-Verbose "WINDOWS AUTHENTICATION SELECTED" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/auth/Windows/Logon" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/auth/Windows/Logon" } } if($AuthType -eq "ldap"){ Write-Verbose "LDAP AUTHENTICATION SELECTED" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/auth/LDAP/Logon" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/auth/LDAP/Logon" } } if(!$creds){ $creds = Get-Credential -Message 'ENTER CYBERARK CREDENTIALS' } $username = $creds.GetNetworkCredential().UserName $password = $creds.GetNetworkCredential().Password Write-Verbose "CYBERARK CREDENTIALS SET" #GET LOGIN TOKEN try{ $params = @{ username = $username; password = $password; concurrentSession = $true; } | ConvertTo-Json Write-Verbose "API PARAMETERS SET" if($InitiateCookie){ Write-Verbose "INITIATING COOKIE" $cookie = new-object system.net.cookie $cookie.name = "tos_accepted" $cookie.domain = "$PVWA" $session = new-object microsoft.powershell.commands.webrequestsession $session.cookies.add($cookie) $token = Invoke-RestMethod -Uri $uri -Method Post -Body $params -ContentType 'application/json' -WebSession $session Write-Verbose "RETURNING LOGIN TOKEN AND COOKIE SESSION" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } $output = @{ token = $token session = $session pvwa = $PVWA HeaderType = "$token" ISPSS = $false EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = "N/A" EnableTroubleshooting = $EnableTroubleshooting } $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output -APIUsername $username $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $token" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } else{ $token = Invoke-RestMethod -Uri $uri -Method Post -Body $params -ContentType 'application/json' Write-Verbose "RETURNING LOGIN TOKEN" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } $output = @{ token = $token pvwa = $PVWA HeaderType = "$token" ISPSS = $false EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = "N/A" EnableTroubleshooting = $EnableTroubleshooting } $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output -APIUsername $username $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $token" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } }catch{ Write-VPASOutput -str $_ -type E -Initialized return $false } } elseif($AuthType -eq "saml"){ if([String]::IsNullOrEmpty($IDPLogin)){ Write-VPASOutput -str "SAML SELECTED BUT NO IDPLogin PROVIDED, PLEASE ENTER IDPLogin URL (Example: https://auth.vman.com/app/vman_cyberark/lkadjlk67843HJdkJ/sso/saml): " -type Y -Initialized $IDPLogin = Read-host } try{ if($HideAscii){ #DO NOTHING } else{ Write-VPASOutput -str "NOTE - WEB FORM MAY OPEN BEHIND YOUR ACTIVE POWERSHELL WINDOW, PLEASE CONFIRM AND CONTINUE THROUGH THE PROCESS" -type M -Initialized } $targetExp = '(?i)name="SAMLResponse"(?: type="hidden")? value=\"(.*?)\"(?:.*)?\/>' Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Web $LoginForm = New-Object Windows.Forms.Form $LoginForm.StartPosition = [System.Windows.Forms.FormStartPosition]::CenterScreen; $LoginForm.Width = 640 $LoginForm.Height = 700 $LoginForm.showIcon = $false $LoginForm.Topmost = $true $InitializeWeb = New-Object Windows.Forms.WebBrowser $InitializeWeb.Size = $LoginForm.ClientSize $InitializeWeb.Anchor = "Left,Top,Right,Bottom" $InitializeWeb.ScriptErrorsSuppressed = $true $LoginForm.Controls.Add($InitializeWeb) $InitializeWeb.Navigate($IDPLogin) $InitializeWeb.add_Navigating({ if($InitializeWeb.DocumentText -match "SAMLResponse"){ $_.cancel = $true if($InitializeWeb.DocumentText -match $targetExp){ $LoginForm.Close() $Script:SAMLToken = $(($Matches[1] -replace '+', '+') -replace '=', '=') } } }) if($LoginForm.ShowDialog() -ne "OK"){ if($null -ne $Script:SAMLToken){ $LoginForm.Close() } else{ throw "SAMLResponse not matched" } } $LoginForm.Dispose() if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/auth/SAML/Logon" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/auth/SAML/Logon" } $params = @{ concurrentSession='true' apiUse='true' SAMLResponse=$SAMLToken } Write-Verbose "API PARAMETERS SET" if($InitiateCookie){ Write-Verbose "INITIATING COOKIE" $cookie = new-object system.net.cookie $cookie.name = "tos_accepted" $cookie.domain = "$PVWA" $session = new-object microsoft.powershell.commands.webrequestsession $session.cookies.add($cookie) $token = Invoke-RestMethod -Uri $uri -Method Post -body $params -ContentType 'application/x-www-form-urlencoded' Write-Verbose "RETURNING LOGIN TOKEN AND COOKIE SESSION" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } $output = @{ token = $token session = $session pvwa = $PVWA HeaderType = "$token" ISPSS = $false EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = "N/A" EnableTroubleshooting = $EnableTroubleshooting } $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output -APIUsername $username $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $tokenval" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } else{ $token = Invoke-RestMethod -Uri $uri -Method Post -body $params -ContentType 'application/x-www-form-urlencoded' Write-Verbose "RETURNING LOGIN TOKEN" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } $output = @{ token = $token pvwa = $PVWA HeaderType = "$token" ISPSS = $false EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = "N/A" EnableTroubleshooting = $EnableTroubleshooting } $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output -APIUsername $username $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $tokenval" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } }catch{ Write-VPASOutput -str $_ -type E -Initialized return $false } } elseif($AuthType -eq "ispss_oauth"){ if([String]::IsNullOrEmpty($IdentityURL)){ Write-VPASOutput -str "ISPSS OUATH SELECTED BUT NO IdentityURL PROVIDED, PLEASE ENTER IdentityURL (Example: AAT1234.id.cyberark.cloud): " -type Y -Initialized $IdentityURL = Read-host } $IdentityURL = $IdentityURL -replace "https://","" $IdentityURL = $IdentityURL -replace "http://","" try{ if(!$creds){ $creds = Get-Credential -Message 'ENTER OAUTH CREDENTIALS' } $username = $creds.GetNetworkCredential().UserName $password = $creds.GetNetworkCredential().Password Write-Verbose "OAUTH CREDENTIALS SET" $params = @{ concurrentSession='true' grant_type = "client_credentials" client_id = $username client_secret = $password } Write-Verbose "API PARAMETERS SET" if($NoSSL){ $uri = "http://$IdentityURL/oauth2/platformtoken" } else{ $uri = "https://$IdentityURL/oauth2/platformtoken" } if($InitiateCookie){ Write-Verbose "INITIATING COOKIE" $cookie = new-object system.net.cookie $cookie.name = "tos_accepted" $cookie.domain = "$IdentityURL" $session = new-object microsoft.powershell.commands.webrequestsession $session.cookies.add($cookie) $response = Invoke-RestMethod -Uri $uri -Method Post -Body $params $tokenval = $response.access_token Write-Verbose "RETURNING LOGIN TOKEN AND COOKIE SESSION" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($IdentityOnly){ $VaultVersion = "N/A" $SubDomain = "N/A" $PVWA = "Identity_Only" Write-VPASOutput -str "***IdentityOnly selected, only Identity related api calls will work***" -type M -Initialized } else{ if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } $SubDomain = ($PVWA.split("."))[0] } $output = @{ token = $tokenval session = $session pvwa = $PVWA HeaderType = "Bearer $tokenval" ISPSS = $true IdentityURL = $IdentityURL EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = $SubDomain EnableTroubleshooting = $EnableTroubleshooting } if($IdentityOnly){ $outputCurUser = $username } else{ $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output } $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $tokenval" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } else{ $response = Invoke-RestMethod -Uri $uri -Method Post -Body $params $tokenval = $response.access_token Write-Verbose "RETURNING LOGIN TOKEN" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($IdentityOnly){ $VaultVersion = "N/A" $SubDomain = "N/A" $PVWA = "Identity_Only" Write-VPASOutput -str "***IdentityOnly selected, only Identity related api calls will work***" -type M -Initialized } else{ if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } $SubDomain = ($PVWA.split("."))[0] } $output = @{ token = $tokenval pvwa = $PVWA HeaderType = "Bearer $tokenval" ISPSS = $true IdentityURL = $IdentityURL EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion session = $false HideWarnings = $HideWarnings SubDomain = $SubDomain EnableTroubleshooting = $EnableTroubleshooting } if($IdentityOnly){ $outputCurUser = $username } else{ $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output } $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $tokenval" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } }catch{ Write-VPASOutput -str $_ -type E -Initialized return $false } } elseif($AuthType -eq "ispss_cyberark"){ $output = @{} if([String]::IsNullOrEmpty($IdentityURL)){ Write-VPASOutput -str "ISPSS CYBERARK SELECTED BUT NO IdentityURL PROVIDED, PLEASE ENTER IdentityURL (Example: AAT1234.id.cyberark.cloud): " -type Y -Initialized $IdentityURL = Read-host } $IdentityURL = $IdentityURL -replace "https://","" $IdentityURL = $IdentityURL -replace "http://","" try{ if(!$creds){ $creds = Get-Credential -Message 'ENTER CYBERARK CREDENTIALS' } $username = $creds.GetNetworkCredential().UserName $password = $creds.GetNetworkCredential().Password Write-Verbose "CYBERARK CREDENTIALS SET" $params = @{ TenantId = $IdentityTenantID User = $username Version = "1.0" } | ConvertTo-Json Write-Verbose "API PARAMETERS SET" if($NoSSL){ $uri = "http://$IdentityURL/Security/StartAuthentication" } else{ $uri = "https://$IdentityURL/Security/StartAuthentication" } if($InitiateCookie){ Write-Verbose "INITIATING COOKIE" $cookie = new-object system.net.cookie $cookie.name = "tos_accepted" $cookie.domain = "$IdentityURL" $session = new-object microsoft.powershell.commands.webrequestsession $session.cookies.add($cookie) $output += @{ session = $session } } else{ $output += @{ session = $false } } $response = Invoke-RestMethod -Uri $uri -Method Post -Body $params -ContentType 'application/json' $SessionID = $response.Result.SessionId $AllTasks = $response.Result.Challenges $ChallengeMatrix = @{} $AmtTasks = $AllTasks.Count for($j = 0; $j -lt $AmtTasks; $j++){ $tempcount = $j + 1 $count = 1 $authMethod = @{} foreach($challenge in $AllTasks[$j].Mechanisms){ $ChallangeParams = @{ AnswerType = $challenge.AnswerType Name = $challenge.Name PromptMechChosen = $challenge.PromptMechChosen PromptSelectMech = $challenge.PromptSelectMech MechanismId = $challenge.MechanismId Enrolled = $challenge.Enrolled } $authMethod += @{ "Challenge$count" = $ChallangeParams } $count += 1 } $ChallengeMatrix += @{ "Task$tempcount" = $authMethod } } $AmtTasks = $ChallengeMatrix.Keys.Count for($i = 1; $i -lt $AmtTasks + 1; $i++){ $challengeCounter = 1 $AmtChallenges = $ChallengeMatrix."Task$i".Count Write-VPASOutput -str "MUST COMPLETE ONE OF THE CHALLENGES BELOW TO PROCEED:" -type M -Initialized for($j = 1; $j -lt $AmtChallenges + 1; $j++){ $ChallengeType = $ChallengeMatrix."Task$i"."Challenge$j".PromptSelectMech Write-VPASOutput -str "Challenge$j : $ChallengeType" -type G -Initialized } Write-VPASOutput -str "SELECT CHALLENGE NUMBER: " -type Y -Initialized $selChallenger = Read-Host while(!$ChallengeMatrix."Task$i"."Challenge$selChallenger"){ Write-VPASOutput -str "INVALID CHOICE" -type E -Initialized Write-VPASOutput -str "SELECT CHALLENGE NUMBER: " -type Y -Initialized $selChallenger = Read-Host } Write-VPASOutput -str "Starting Challenge..." -type C -Initialized $curAnswerType = $ChallengeMatrix."Task$i"."Challenge$selChallenger".AnswerType $curName = $ChallengeMatrix."Task$i"."Challenge$selChallenger".Name $curPromptMechChosen = $ChallengeMatrix."Task$i"."Challenge$selChallenger".PromptMechChosen $curPromptSelectMech = $ChallengeMatrix."Task$i"."Challenge$selChallenger".PromptSelectMech $curMechanismID = $ChallengeMatrix."Task$i"."Challenge$selChallenger".MechanismId $curEnrolled = $ChallengeMatrix."Task$i"."Challenge$selChallenger".Enrolled if($curAnswerType -eq "StartTextOob"){ $curAction = "StartOOB" $params = @{ TenantID = $IdentityTenantID SessionId = $SessionID MechanismId = $curMechanismID Action = $curAction } | ConvertTo-Json } elseif($curAnswerType -eq "Text"){ $curAction = "Answer" if($curName -eq "UP"){ $curAnswer = $password } else{ $tempAnswer = Read-Host "$curPromptMechChosen" -AsSecureString $curBSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tempAnswer) $curAnswer = ([System.Runtime.InteropServices.Marshal]::PtrToStringAuto($curBSTR)) } $params = @{ TenantID = $IdentityTenantID SessionId = $SessionID MechanismId = $curMechanismID Action = $curAction Answer = $curAnswer } | ConvertTo-Json } $uri = "https://$IdentityURL/Security/AdvanceAuthentication" $AnswerToChallenge = Invoke-RestMethod -Uri $uri -Method Post -Body $params -ContentType "application/json" while($AnswerToChallenge.Result.Summary -eq "OobPending") { Write-VPASOutput -str "Waiting for email/push/other action to complete" -type M -Initialized Start-Sleep -Seconds 4 $param = @{ TenantID = $IdentityTenantId SessionId = $SessionId MechanismId = $curMechanismID Action = "Poll" } | ConvertTo-Json $AnswerToChallenge = Invoke-RestMethod -Uri $uri -Method Post -Body $param -ContentType "application/json" -TimeoutSec 5 } } if($AnswerToChallenge.success){ $tokenval = $AnswerToChallenge.Result.Token Write-Verbose "RETURNING LOGIN TOKEN" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($IdentityOnly){ $VaultVersion = "N/A" $SubDomain = "N/A" $PVWA = "Identity_Only" Write-VPASOutput -str "***IdentityOnly selected, only Identity related api calls will work***" -type M -Initialized } else{ if($session){ if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } } else{ if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } } $SubDomain = ($PVWA.split("."))[0] } $output += @{ token = $tokenval pvwa = $PVWA HeaderType = "Bearer $tokenval" ISPSS = $true IdentityURL = $IdentityURL EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = $SubDomain EnableTroubleshooting = $EnableTroubleshooting } if($IdentityOnly){ $outputCurUser = $username } else{ $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output } $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $tokenval" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } else{ Write-VPASOutput -str "FAILED TO PASS CHALLENGES...RETURNING FALSE" -type E -Initialized return $false } }catch{ Write-VPASOutput -str $_ -type E -Initialized return $false } } elseif($AuthType -eq "ispss_authtoken"){ if([String]::IsNullOrEmpty($IdentityURL)){ Write-VPASOutput -str "ISPSS AUTHTOKEN SELECTED BUT NO IdentityURL PROVIDED, PLEASE ENTER IdentityURL (Example: AAT1234.id.cyberark.cloud): " -type Y -Initialized $IdentityURL = Read-host } $IdentityURL = $IdentityURL -replace "https://","" $IdentityURL = $IdentityURL -replace "http://","" if([String]::IsNullOrEmpty($AuthToken)){ Write-VPASOutput -str "ISPSS AUTHTOKEN SELECTED BUT NO AuthToken PROVIDED, PLEASE ENTER AuthToken (Example: eyJhbGc....Q0IyNE): " -type Y -Initialized $AuthToken = Read-host } try{ Write-Verbose "AuthToken PROVIDED...SKIPPING CREDENTIAL SECTION" if($InitiateCookie){ Write-Verbose "INITIATING COOKIE" $cookie = new-object system.net.cookie $cookie.name = "tos_accepted" $cookie.domain = "$IdentityURL" $session = new-object microsoft.powershell.commands.webrequestsession $session.cookies.add($cookie) $tokenval = $AuthToken Write-Verbose "RETURNING LOGIN TOKEN AND COOKIE SESSION" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($IdentityOnly){ $VaultVersion = "N/A" $SubDomain = "N/A" $PVWA = "Identity_Only" Write-VPASOutput -str "***IdentityOnly selected, only Identity related api calls will work***" -type M -Initialized } else{ if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } $SubDomain = ($PVWA.split("."))[0] } $output = @{ token = $tokenval session = $session pvwa = $PVWA HeaderType = "Bearer $tokenval" ISPSS = $true IdentityURL = $IdentityURL EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = $SubDomain EnableTroubleshooting = $EnableTroubleshooting } if($IdentityOnly){ $outputCurUser = "UNKNOWN" } else{ $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output } $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $tokenval" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } else{ $tokenval = $AuthToken Write-Verbose "RETURNING LOGIN TOKEN" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($IdentityOnly){ $VaultVersion = "N/A" $SubDomain = "N/A" $PVWA = "Identity_Only" Write-VPASOutput -str "***IdentityOnly selected, only Identity related api calls will work***" -type M -Initialized } else{ if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="Bearer $tokenval"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } $SubDomain = ($PVWA.split("."))[0] } $output = @{ token = $tokenval pvwa = $PVWA HeaderType = "Bearer $tokenval" ISPSS = $true IdentityURL = $IdentityURL EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion session = $false HideWarnings = $HideWarnings SubDomain = $SubDomain EnableTroubleshooting = $EnableTroubleshooting } if($IdentityOnly){ $outputCurUser = "UNKNOWN" } else{ $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output } $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $tokenval" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } }catch{ Write-VPASOutput -str $_ -type E -Initialized return $false } } elseif($AuthType -eq "authtoken"){ try{ Write-Verbose "AuthToken PROVIDED...SKIPPING CREDENTIAL SECTION" if($InitiateCookie){ Write-Verbose "INITIATING COOKIE" $cookie = new-object system.net.cookie $cookie.name = "tos_accepted" $cookie.domain = "$PVWA" $session = new-object microsoft.powershell.commands.webrequestsession $session.cookies.add($cookie) $token = $AuthToken Write-Verbose "RETURNING LOGIN TOKEN AND COOKIE SESSION" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" -WebSession $session $VaultVersion = $response.ExternalVersion } $output = @{ token = $token session = $session pvwa = $PVWA HeaderType = "$token" ISPSS = $false EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = "N/A" EnableTroubleshooting = $EnableTroubleshooting } $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output -APIUsername $username if([String]::IsNullOrEmpty($outputCurUser)){ $outputCurUser = "UNKNOWN" } $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $token" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } else{ $token = $AuthToken Write-Verbose "RETURNING LOGIN TOKEN" $AuditTimeStamp = Get-Date -Format "MM-dd-yyyy_HH-mm-ss" if($NoSSL){ $uriVaultVersion = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } else{ $uriVaultVersion = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Server" $response = Invoke-RestMethod -Headers @{"Authorization"="$token"} -Uri $uriVaultVersion -Method GET -ContentType "application/json" $VaultVersion = $response.ExternalVersion } $output = @{ token = $token pvwa = $PVWA HeaderType = "$token" ISPSS = $false EnableTextRecorder = $EnableTextRecorder AuditTimeStamp = $AuditTimeStamp NoSSL = $NoSSL VaultVersion = $VaultVersion HideWarnings = $HideWarnings SubDomain = "N/A" EnableTroubleshooting = $EnableTroubleshooting } $outputCurUser = Get-VPASCurrentEPVUserDetailsHelper -token $output -APIUsername $username if([String]::IsNullOrEmpty($outputCurUser)){ $outputCurUser = "UNKNOWN" } $output += @{ AuthenticatedAs = $outputCurUser } $Script:VPAStoken = $output Set-Variable -Name VPAStoken -Value $output -Scope Script if($EnableTextRecorder){ $log = Write-VPASTextRecorder -inputval "NEW API SESSION STARTED..." -NewFile -token $output -LogType MISC if($outputCurUser){ $log = Write-VPASTextRecorder -inputval "AUTHENTICATING INTO APIS AS: $outputCurUser" -token $output -LogType MISC } $log = Write-VPASTextRecorder -inputval "API TOKEN = $token" -token $output -LogType MISC $log = Write-VPASTextRecorder -inputval "New-VPASToken" -token $output -LogType DIVIDER } if($EnableTroubleshooting){ Write-VPASOutput -str "NOTE - EnableTroublshooting mode will try to capture errors and provide solutions, but it is almost impossible to capture every error..." -type M -Initialized Write-VPASOutput -str "If you encounter an error that is not picked up by the troubleshooter, please let vpasmodule@gmail.com know so it can be included in the next release...thank you!" -type M -Initialized } return $output } }catch{ Write-VPASOutput -str $_ -type E -Initialized return $false } } } End{ } } |