search

darrenjrobinson / powershell_module_identitynow

SailPoint IdentityNow PowerShell Module
https://blog.darrenjrobinson.com/sailpoint-identitynow/
MIT License
47 stars 15 forks source link

Unable To Set Credentials Using New Reference #31

Closed bama19942000 closed 4 years ago

bama19942000 commented 4 years ago

I am unable to set credentials using the new reference you posted.

$orgName = "mypartnerorg" Set-IdentityNowOrg -orgName $orgName

# IdentityNow Admin User
$adminUSR = "my account"
$adminPWD = 'my pwd'
$adminCreds = [pscredential]::new($adminUSR, ($adminPWD | ConvertTo-SecureString -AsPlainText -Force))

# IdentityNow Org v3 API Creds generated from the Security Settings => API Management section of the IdentityNow Admin Portal 
$clientIDv3 = "de5d668b-7a6d-475d-ba4c-cc336ca220b6"
$clientSecretv3 = "f731e2c0d0c3ae14143422647c07d9474349ed28e4f0d4b19e6b3816bf7ff829"
$v3Creds = [pscredential]::new($clientIDv3, ($clientSecretv3 | ConvertTo-SecureString -AsPlainText -Force))

# IdentityNow Personal Access Token
$personalAccessToken = New-IdentityNowPersonalAccessToken -name "IDN Automation" 
$patCreds = [pscredential]::new("$($personalAccessToken.id)", ($personalAccessToken.secret | ConvertTo-SecureString -AsPlainText -Force))

Set-IdentityNowCredential -AdminCredential $adminCreds -v3APIKey $v3Creds -PersonalAccessToken $patCreds # -v2APIKey $v2Creds
Save-IdentityNowConfiguration

Here is the error output

Invoke-RestMethod : {"error":"invalid_grant","error_description":"Bad Credentials"} At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:241 char:20

Write-Verbose : Cannot bind argument to parameter 'Message' because it is null. At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:277 char:19

New-IdentityNowPersonalAccessToken : Authentication Failed. Check your AdminCredential and v3 API ClientID and ClientSecret. At line:15 char:28

ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null. At line:16 char:98

Exception calling ".ctor" with "2" argument(s): "Cannot process argument because the value of argument "userName" is not valid. Change the value of the "userName" argument and run the operation again." At line:16 char:40

darrenjrobinson commented 4 years ago

It looks like I missed a step in the doco. Before generating the Personal Access Token (and after creating the $adminCreds and $v3Creds credential sets), set the credentials so that they can be used.

Set-IdentityNowCredential -AdminCredential $adminCreds -v3APIKey $v3Creds

Then generate the Personal Access Token

# IdentityNow Personal Access Token
$personalAccessToken = New-IdentityNowPersonalAccessToken -name "IDN Automation" 
$patCreds = [pscredential]::new("$($personalAccessToken.id)", ($personalAccessToken.secret | ConvertTo-SecureString -AsPlainText -Force))

Set them and then save them all to the config

Set-IdentityNowCredential -AdminCredential $adminCreds -v3APIKey $v3Creds -PersonalAccessToken $patCreds 
Save-IdentityNowConfiguration
bama19942000 commented 4 years ago

Darren,

The same issue is happening. I confirmed it with another colleague that is trying it as well using another tenant.

Invoke-RestMethod : {"error":"invalid_grant","error_description":"Bad Credentials"} At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:241 char:20

Write-Verbose : Cannot bind argument to parameter 'Message' because it is null. At C:\Program Files\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.2\scripts\Get-IdentityNowAuth.ps1:277 char:19

New-IdentityNowPersonalAccessToken : Authentication Failed. Check your AdminCredential and v3 API ClientID and ClientSecret. At C:\THIS\partner004oauthnewmatttotty1.ps1:15 char:28

ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null. At C:\THIS\myscript.ps1:16 char:98

Exception calling ".ctor" with "2" argument(s): "Cannot process argument because the value of argument "userName" is not valid. Change the value of the "userName" argument and run the operation again." At C:\THIS\partner004oauthnewmatttotty1.ps1:16 char:40

darrenjrobinson commented 4 years ago

Are you sure you have your correct Admin Account UserID and Password and v3 Credentials configured?

Invoke-RestMethod : {"error":"invalid_grant","error_description":"**Bad Credentials**"}

Keep in mind also, depending on your Account Lockout configuration (if it is default) the auth process and cmdlets such as Test-IdentityNowCredentials can quickly lockout your account if you have the incorrect account/password, clientID/secret.

darrenjrobinson commented 4 years ago

Update, I've finally been able to reproduce the error. I'm looking into the root cause and a fix.

darrenjrobinson commented 4 years ago

v1.1.3 published to the PS Gallery here Update to that version and you should be all good. My apologies for the bug.