public/Update-VPASAuthenticationMethod.ps1
<#
.Synopsis UPDATE AUTHENTICATION METHOD CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO UPDATE AUTHENTICATION METHOD INTO CYBERARK .LINK https://vpasmodule.com/commands/Update-VPASAuthenticationMethod .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER DisplayName Display value of the AuthenticationMethod .PARAMETER Enabled Specify if the AuthenticationMethod will be enabled AuthenticationMethod will NOT appear if set to disabled Possible values: TRUE, FALSE .PARAMETER MobileEnabled Allow the AuthenticationMethod to be visible on mobile Possible values: TRUE, FALSE .PARAMETER LogoffURL Redirect link that EndUsers will funnel through on logoff .PARAMETER SecondFactorAuth Enable a second factor authentication Possible values: cyberark, radius, ldap .PARAMETER SignInLabel Visual title of the AuthenticationMethod This is what EndUsers will see .PARAMETER UsernameFieldLabel Visual tag for the Username box This is what EndUsers will see .PARAMETER PasswordFieldLabel Visual tag for the Password box This is what EndUsers will see .PARAMETER AuthMethodSearch Search string to find the target AuthenticationMethod .PARAMETER AuthMethodID Unique ID that maps to the target AuthenticationMethod Supply AuthMethodID to skip any querying for target AuthenticationMethod .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -AuthMethodID {AUTH METHOD ID VALUE} -UsernameFieldLabel {NEW USERNAME FIELD LABEL VALUE} .EXAMPLE $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -AuthMethodSearch {AUTH METHOD SEARCH VALUE} -UsernameFieldLabel {NEW USERNAME FIELD LABEL VALUE} .EXAMPLE $InputParameters = @{ AuthMethodSearch = "TargetAuthmethodSearch" DisplayName = "DisplayName" Enabled = "TRUE"|"FALSE" MobileEnabled = "TRUE"|"FALSE" LogoffURL = "LogoffURL" SecondFactorAuth = "cyberark"|"radius"|"ldap" SignInLabel = "SignInLabel" UsernameFieldLabel = "UsernameLabel" PasswordFieldLabel = "PasswordLabel" } $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ AuthMethodID = "saml" DisplayName = "DisplayName" Enabled = "TRUE"|"FALSE" MobileEnabled = "TRUE"|"FALSE" LogoffURL = "LogoffURL" SecondFactorAuth = "cyberark"|"radius"|"ldap" SignInLabel = "SignInLabel" UsernameFieldLabel = "UsernameLabel" PasswordFieldLabel = "PasswordLabel" } $UpdateAuthenticationMethodJSON = Update-VPASAuthenticationMethod -InputParameters $InputParameters .OUTPUTS If successful: { "id": "vpasradius", "displayName": "vpasradius", "enabled": false, "logoffUrl": "", "secondFactorAuth": null, "signInLabel": "", "usernameFieldLabel": "NewUserbox", "passwordFieldLabel": "NewPassbox" } --- $false if failed #> function Update-VPASAuthenticationMethod{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Searchquery to find target authentication method (for example: saml)")] [String]$AuthMethodSearch, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique authentication method ID of the target authentication method (for example: samlv3)")] [String]$AuthMethodID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [String]$DisplayName, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [ValidateSet('TRUE','FALSE')] [String]$Enabled, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [ValidateSet('TRUE','FALSE')] [String]$MobileEnabled, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [String]$LogoffURL, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [ValidateSet('cyberark','radius','ldap')] [String]$SecondFactorAuth, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [String]$SignInLabel, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [String]$UsernameFieldLabel, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [String]$PasswordFieldLabel, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("AuthMethodSearch","DisplayName","Enabled","MobileEnabled","LogoffURL","SecondFactorAuth","SignInLabel","UsernameFieldLabel","PasswordFieldLabel") MandatoryKeys = @("AuthMethodSearch") } set2 = @{ AcceptableKeys = @("AuthMethodID","DisplayName","Enabled","MobileEnabled","LogoffURL","SecondFactorAuth","SignInLabel","UsernameFieldLabel","PasswordFieldLabel") MandatoryKeys = @("AuthMethodID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE AUTHENTICATION METHOD" Write-VPASOutput -str $_ -type E return $false } try{ if([String]::IsNullOrEmpty($AuthMethodID)){ Write-Verbose "NO AUTH METHOD ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE AUTH METHOD ID BASED ON SPECIFIED PARAMETERS" $AuthMethodID = Get-VPASAuthenticationMethodIDHelper -token $token -AuthenticationMethodSearch $AuthMethodSearch Write-Verbose "RETURNING AUTH METHOD ID" } else{ Write-Verbose "AUTH METHOD ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } Write-Verbose "RECEIVED JSON OBJECT" $tempDisplayName = $response.displayName $tempEnabled = $response.enabled $tempMobileEnabled = $response.mobileEnabled $tempLogoffURL = $response.logoffUrl $tempSecondFactorAuth = $response.secondFactorAuth $tempSignInLabel = $response.signInLabel $tempUsernameFieldLabel = $response.usernameFieldLabel $tempPasswordFieldLabel = $response.passwordFieldLabel $params = @{} if([String]::IsNullOrEmpty($DisplayName)){ $params += @{ displayName = $tempDisplayName } } else{ $params += @{ displayName = $DisplayName } } write-verbose "HANDLED DISPLAY NAME" if([String]::IsNullOrEmpty($LogoffURL)){ $params += @{ logoffUrl = $tempLogoffURL } } else{ $params += @{ logoffUrl = $LogoffURL } } Write-Verbose "HANDLED LOGOFF URL" if([String]::IsNullOrEmpty($SecondFactorAuth)){ $params += @{ secondFactorAuth = $tempSecondFactorAuth } } else{ $params += @{ secondFactorAuth = $SecondFactorAuth } } Write-Verbose "HANDLED SECOND FACTOR AUTH" if([String]::IsNullOrEmpty($SignInLabel)){ $params += @{ signInLabel = $tempSignInLabel } } else{ $params += @{ signInLabel = $SignInLabel } } Write-Verbose "HANDLED SIGN IN LABEL" if([String]::IsNullOrEmpty($UsernameFieldLabel)){ $params += @{ usernameFieldLabel = $tempUsernameFieldLabel } } else{ $params += @{ usernameFieldLabel = $UsernameFieldLabel } } Write-Verbose "HANDLED USERNAME FIELD LABEL" if([String]::IsNullOrEmpty($PasswordFieldLabel)){ $params += @{ passwordFieldLabel = $tempPasswordFieldLabel } } else{ $params += @{ passwordFieldLabel = $PasswordFieldLabel } } Write-Verbose "HANDLED PASSWORD FIELD LABEL" if([String]::IsNullOrEmpty($Enabled)){ $params += @{ enabled = $tempEnabled } } else{ if($Enabled -eq "TRUE"){ $params += @{ enabled = $true } } else{ $params += @{ enabled = $false } } } Write-Verbose "HANDLED ENABLED" if([String]::IsNullOrEmpty($MobileEnabled)){ $params += @{ mobileEnabled = $tempMobileEnabled } } else{ if($MobileEnabled -eq "TRUE"){ $params += @{ mobileEnabled = $true } } else{ $params += @{ mobileEnabled = $false } } } Write-Verbose "HANDLED MOBILE ENABLED" $params = $params $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "PUT" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" } $outputlog = $response $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN Write-Verbose "UPDATES MADE, RECEIVED JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET AUTHENTICATION METHODS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |