public/Update-VPASAuthenticationMethod.ps1

<#
.Synopsis
   UPDATE AUTHENTICATION METHOD
   CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO UPDATE AUTHENTICATION METHOD INTO CYBERARK
.LINK
   https://vpasmodule.com/commands/Update-VPASAuthenticationMethod
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER DisplayName
   Display value of the AuthenticationMethod
.PARAMETER Enabled
   Specify if the AuthenticationMethod will be enabled
   AuthenticationMethod will NOT appear if set to disabled
   Possible values: TRUE, FALSE
.PARAMETER MobileEnabled
   Allow the AuthenticationMethod to be visible on mobile
   Possible values: TRUE, FALSE
.PARAMETER LogoffURL
   Redirect link that EndUsers will funnel through on logoff
.PARAMETER SecondFactorAuth
   Enable a second factor authentication
   Possible values: cyberark, radius, ldap
.PARAMETER SignInLabel
   Visual title of the AuthenticationMethod
   This is what EndUsers will see
.PARAMETER UsernameFieldLabel
   Visual tag for the Username box
   This is what EndUsers will see
.PARAMETER PasswordFieldLabel
   Visual tag for the Password box
   This is what EndUsers will see
.PARAMETER AuthMethodSearch
   Search string to find the target AuthenticationMethod
.PARAMETER AuthMethodID
   Unique ID that maps to the target AuthenticationMethod
   Supply AuthMethodID to skip any querying for target AuthenticationMethod
.PARAMETER InputParameters
   HashTable of values containing the parameters required to make the API call
.EXAMPLE
   $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -AuthMethodID {AUTH METHOD ID VALUE} -UsernameFieldLabel {NEW USERNAME FIELD LABEL VALUE}
.EXAMPLE
   $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -AuthMethodSearch {AUTH METHOD SEARCH VALUE} -UsernameFieldLabel {NEW USERNAME FIELD LABEL VALUE}
.EXAMPLE
   $InputParameters = @{
        AuthMethodSearch = "TargetAuthmethodSearch"
        DisplayName = "DisplayName"
        Enabled = "TRUE"|"FALSE"
        MobileEnabled = "TRUE"|"FALSE"
        LogoffURL = "LogoffURL"
        SecondFactorAuth = "cyberark"|"radius"|"ldap"
        SignInLabel = "SignInLabel"
        UsernameFieldLabel = "UsernameLabel"
        PasswordFieldLabel = "PasswordLabel"
   }
   $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -InputParameters $InputParameters
.EXAMPLE
   $InputParameters = @{
        AuthMethodID = "saml"
        DisplayName = "DisplayName"
        Enabled = "TRUE"|"FALSE"
        MobileEnabled = "TRUE"|"FALSE"
        LogoffURL = "LogoffURL"
        SecondFactorAuth = "cyberark"|"radius"|"ldap"
        SignInLabel = "SignInLabel"
        UsernameFieldLabel = "UsernameLabel"
        PasswordFieldLabel = "PasswordLabel"
   }
   $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -InputParameters $InputParameters
.OUTPUTS
   If successful:
   {
        "id": "vpasradius",
        "displayName": "vpasradius",
        "enabled": false,
        "logoffUrl": "",
        "secondFactorAuth": null,
        "signInLabel": "",
        "usernameFieldLabel": "NewUserbox",
        "passwordFieldLabel": "NewPassbox"
   }
   ---
   $false if failed
#>

function Update-VPASAuthenticationMethod{
    [OutputType('System.Object',[bool])]
    [CmdletBinding(DefaultParameterSetName='Set1')]
    Param(
        [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Searchquery to find target authentication method (for example: saml)")]
        [String]$AuthMethodSearch,

        [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique authentication method ID of the target authentication method (for example: samlv3)")]
        [String]$AuthMethodID,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [String]$DisplayName,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [ValidateSet('TRUE','FALSE')]
        [String]$Enabled,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [ValidateSet('TRUE','FALSE')]
        [String]$MobileEnabled,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [String]$LogoffURL,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [ValidateSet('cyberark','radius','ldap')]
        [String]$SecondFactorAuth,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [String]$SignInLabel,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [String]$UsernameFieldLabel,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [String]$PasswordFieldLabel,

        [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")]
        [hashtable]$InputParameters,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    process{
        try{
            if($PSCmdlet.ParameterSetName -eq "InputParameters"){
                $KeyHash = @{
                    set1 = @{
                        AcceptableKeys = @("AuthMethodSearch","DisplayName","Enabled","MobileEnabled","LogoffURL","SecondFactorAuth","SignInLabel","UsernameFieldLabel","PasswordFieldLabel")
                        MandatoryKeys = @("AuthMethodSearch")
                    }
                    set2 = @{
                        AcceptableKeys = @("AuthMethodID","DisplayName","Enabled","MobileEnabled","LogoffURL","SecondFactorAuth","SignInLabel","UsernameFieldLabel","PasswordFieldLabel")
                        MandatoryKeys = @("AuthMethodID")
                    }
                }
                $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash

                if(!$CheckSet){
                    $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC
                    Write-Verbose "FAILED TO FIND TARGET PARAMETER SET"
                    Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E
                    $examples = Write-VPASExampleHelper -CommandName $CommandName
                    return $false
                }
                else{
                    foreach($key in $InputParameters.Keys){
                        Set-Variable -Name $key -Value $InputParameters.$key
                    }
                }
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO RETRIEVE AUTHENTICATION METHOD"
            Write-VPASOutput -str $_ -type E
            return $false
        }

        try{

            if([String]::IsNullOrEmpty($AuthMethodID)){
                Write-Verbose "NO AUTH METHOD ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE AUTH METHOD ID BASED ON SPECIFIED PARAMETERS"
                $AuthMethodID = Get-VPASAuthenticationMethodIDHelper -token $token -AuthenticationMethodSearch $AuthMethodSearch
                Write-Verbose "RETURNING AUTH METHOD ID"
            }
            else{
                Write-Verbose "AUTH METHOD ID SUPPLIED, SKIPPING HELPER FUNCTION"
            }


            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/"
            }

            write-verbose "MAKING API CALL TO CYBERARK"

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
            }
            Write-Verbose "RECEIVED JSON OBJECT"

            $tempDisplayName = $response.displayName
            $tempEnabled = $response.enabled
            $tempMobileEnabled = $response.mobileEnabled
            $tempLogoffURL = $response.logoffUrl
            $tempSecondFactorAuth = $response.secondFactorAuth
            $tempSignInLabel = $response.signInLabel
            $tempUsernameFieldLabel = $response.usernameFieldLabel
            $tempPasswordFieldLabel = $response.passwordFieldLabel

            $params = @{}

            if([String]::IsNullOrEmpty($DisplayName)){
                $params += @{ displayName = $tempDisplayName }
            }
            else{
                $params += @{ displayName = $DisplayName }
            }
            write-verbose "HANDLED DISPLAY NAME"

            if([String]::IsNullOrEmpty($LogoffURL)){
                $params += @{ logoffUrl = $tempLogoffURL }
            }
            else{
                $params += @{ logoffUrl = $LogoffURL }
            }
            Write-Verbose "HANDLED LOGOFF URL"

            if([String]::IsNullOrEmpty($SecondFactorAuth)){
                $params += @{ secondFactorAuth = $tempSecondFactorAuth }
            }
            else{
                $params += @{ secondFactorAuth = $SecondFactorAuth }
            }
            Write-Verbose "HANDLED SECOND FACTOR AUTH"

            if([String]::IsNullOrEmpty($SignInLabel)){
                $params += @{ signInLabel = $tempSignInLabel }
            }
            else{
                $params += @{ signInLabel = $SignInLabel }
            }
            Write-Verbose "HANDLED SIGN IN LABEL"

            if([String]::IsNullOrEmpty($UsernameFieldLabel)){
                $params += @{ usernameFieldLabel = $tempUsernameFieldLabel }
            }
            else{
                $params += @{ usernameFieldLabel = $UsernameFieldLabel }
            }
            Write-Verbose "HANDLED USERNAME FIELD LABEL"

            if([String]::IsNullOrEmpty($PasswordFieldLabel)){
                $params += @{ passwordFieldLabel = $tempPasswordFieldLabel }
            }
            else{
                $params += @{ passwordFieldLabel = $PasswordFieldLabel }
            }
            Write-Verbose "HANDLED PASSWORD FIELD LABEL"

            if([String]::IsNullOrEmpty($Enabled)){
                $params += @{ enabled = $tempEnabled }
            }
            else{
                if($Enabled -eq "TRUE"){
                    $params += @{ enabled = $true }
                }
                else{
                    $params += @{ enabled = $false }
                }
            }
            Write-Verbose "HANDLED ENABLED"

            if([String]::IsNullOrEmpty($MobileEnabled)){
                $params += @{ mobileEnabled = $tempMobileEnabled }
            }
            else{
                if($MobileEnabled -eq "TRUE"){
                    $params += @{ mobileEnabled = $true }
                }
                else{
                    $params += @{ mobileEnabled = $false }
                }
            }
            Write-Verbose "HANDLED MOBILE ENABLED"

            $params = $params
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/"
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "PUT" -token $token -LogType METHOD
            write-verbose "MAKING API CALL TO CYBERARK"

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json"
            }
            $outputlog = $response
            $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN
            Write-Verbose "UPDATES MADE, RECEIVED JSON OBJECT"

            return $response
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO GET AUTHENTICATION METHODS"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}