search

darrenjrobinson / powershell_module_identitynow

SailPoint IdentityNow PowerShell Module
https://blog.darrenjrobinson.com/sailpoint-identitynow/
MIT License
47 stars 15 forks source link

Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null #56

Closed clyates4 closed 3 months ago

clyates4 commented 2 years ago

Each time a command is executed, the following error is displayed before the command runs:

Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null. Parameter name: s" At C:\Users\cyates\OneDrive - Company Energy\Documents\WindowsPowerShell\Modules\SailPointIdentityNow\1.1.5\scripts\Get-IdentityNowAuth.ps1:167 char:5

Here is the code referenced in the error:

Generate the account hash

$hashUser = Get-HashString $adminUSR.ToLower() 
$adminPWD = Get-HashString "$($adminPWDClear)$($hashUser)"  

$clientSecretv3 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($IdentityNowConfiguration.v3.Password))

Here is the org configuration

$orgName = "our-org" Set-IdentityNowOrg -orgName $orgName

# IdentityNow Admin User
$adminUSR = "identityNow_admin_User"
$adminPWD = 'idnAdminUserPassword'
$adminCreds = [pscredential]::new($adminUSR, ($adminPWD | ConvertTo-SecureString -AsPlainText -Force))

# IdentityNow Personal Access Token as generated through the IdentityNow Portal and your personal identity profile preferences
$patClientID = 'd3d1f84bb7112212b26e59cd02242a50'
$patClientSecret = '60132a77b0b64959dbcea23ace211f3afb4f11ab8aae92fe4fcdabe0a8379a88'
$patCreds = [pscredential]::new("$($patClientID)", ($patClientSecret | ConvertTo-SecureString -AsPlainText -Force))

Set-IdentityNowCredential -AdminCredential $adminCreds -PersonalAccessToken $patCreds
Save-IdentityNowConfiguration
darrenjrobinson commented 2 years ago

I've gone through and setup a new machine with the module using PowerShell 5.1. I then tested the creds using Test-IdentityNowCredentials I only set it up using a personal access token (v3 creds) so the v2 creds did fail as expected. 

    $orgName = "myOrg"
    Set-IdentityNowOrg -orgName $orgName

    # IdentityNow Admin User
    $adminUSR = "identityNow_admin_User"
    $adminPWD = "idnAdminUserPassword"
    $adminCreds = [pscredential]::new($adminUSR, ($adminPWD | ConvertTo-SecureString -AsPlainText -Force))

    # IdentityNow Personal Access Token as generated through the IdentityNow Portal and your personal identity profile preferences
    $patClientID = "yourClientID"
    $patClientSecret = "yourClientSecret"
    $patCreds = [pscredential]::new("$($patClientID)", ($patClientSecret | ConvertTo-SecureString -AsPlainText -Force))

    Set-IdentityNowCredential -AdminCredential $adminCreds -PersonalAccessToken $patCreds
    Test-IdentityNowCredentials

image

I can't reproduce your error. Can you test/validate your credentials using Test-IdentityNowCredentials

clyates4 commented 1 year ago

Classification: DCL-Internal

I added $patClientID and $patClientSecret to the org setup file, but I did not add values for $adminUSR and $adminPWD. Then I ran get-identitynowauth before running the following:

PS C:\temp\powershell\IdentityNow> Test-IdentityNowCredentials

APIv2 credentials not stored in IdentityNow Configuration. APIv3 credentials not stored in IdentityNow Configuration. Validated Personal Access Token. PS C:\temp\powershell\IdentityNow>

Maybe it is because I need values for $adminUSR and $adminPWD?

Thanks for your help

From: Darren Robinson @.> Sent: Monday, May 23, 2022 8:36 PM To: darrenjrobinson/powershell_module_identitynow @.> Cc: Chris Yates @.>; Author @.> Subject: [EXTERNAL] Re: [darrenjrobinson/powershell_module_identitynow] Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null (Issue #56)

I've gone through and setup a new machine with the module using PowerShell 5.1. I then tested the creds using Test-IdentityNowCredentials I only set it up using a personal access token (v3 creds) so the v2 creds did fail as expected.

$orgName = "myOrg"

Set-IdentityNowOrg -orgName $orgName

# IdentityNow Admin User

$adminUSR = "identityNow_admin_User"

$adminPWD = "idnAdminUserPassword"

$adminCreds = [pscredential]::new($adminUSR, ($adminPWD | ConvertTo-SecureString -AsPlainText -Force))

# IdentityNow Personal Access Token as generated through the IdentityNow Portal and your personal identity profile preferences

$patClientID = "yourClientID"

$patClientSecret = "yourClientSecret"

$patCreds = [pscredential]::new("$($patClientID)", ($patClientSecret | ConvertTo-SecureString -AsPlainText -Force))

Set-IdentityNowCredential -AdminCredential $adminCreds -PersonalAccessToken $patCreds

Test-IdentityNowCredentials

[image]https://urldefense.proofpoint.com/v2/url?u=https-3A__user-2Dimages.githubusercontent.com_384733_169930406-2Dd587b531-2Db989-2D4cc4-2Dbb2a-2D0c7c5f257577.png&d=DwMCaQ&c=M7nMI6M-Uv3ihEfN-QJ3_sQdVexoO64eU4Ftr4lnVk0&r=4FccT72olMQ5-sl17o1hoSJbgd3j_D33DS4sHpjj_XM&m=xwqqsT_F5fJzhmCuqEQ_fp3L83Z45TWonWA4XGcplQJ_LI9BUid5u86Z2mxsa4Zl&s=6awb1HB0bk96pTsbJlPKyMBfDYX_PNdvEU1aXdmQqMo&e=

I can't reproduce your error. Can you test/validate your credentials using Test-IdentityNowCredentials

- Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_darrenjrobinson_powershell-5Fmodule-5Fidentitynow_issues_56-23issuecomment-2D1135305137&d=DwMCaQ&c=M7nMI6M-Uv3ihEfN-QJ3_sQdVexoO64eU4Ftr4lnVk0&r=4FccT72olMQ5-sl17o1hoSJbgd3j_D33DS4sHpjj_XM&m=xwqqsT_F5fJzhmCuqEQ_fp3L83Z45TWonWA4XGcplQJ_LI9BUid5u86Z2mxsa4Zl&s=k830wZ7eu7jOVcQvP7o0P6DRC_IZ3Oc3CLCwGmFTxPc&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AZIFFKE2ZCWYRDBBSICS52LVLQXA7ANCNFSM5WPN43XQ&d=DwMCaQ&c=M7nMI6M-Uv3ihEfN-QJ3_sQdVexoO64eU4Ftr4lnVk0&r=4FccT72olMQ5-sl17o1hoSJbgd3j_D33DS4sHpjj_XM&m=xwqqsT_F5fJzhmCuqEQ_fp3L83Z45TWonWA4XGcplQJ_LI9BUid5u86Z2mxsa4Zl&s=ZTWKs6lo66YWuAnXGivT5gkF7_fIOFGq1Xa0lhqoinc&e=. You are receiving this because you authored the thread.Message ID: @.**@.>>

This email (and attachments if any) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is confidential or privileged and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by return email and destroy all copies of the email (and attachments if any).

darrenjrobinson commented 1 year ago

Hi @clyates4 v1.1.6 of the module addresses this error. It is currently in this branch which you can download an manually update your environment with. https://github.com/darrenjrobinson/powershell_module_identitynow/tree/V3API-CMDLET-Options

It also includes a number of other enhancements for changes to the IDN APIs. I'll be looking to finalise that version in the next week, merge it with Main and publish v.1.1.6 to the PowerShell Gallery.

clyates4 commented 1 year ago

Classification: DCL-Internal

Thanks Darren!

Sent from a mobile device.

From: Darren Robinson @.> Sent: Tuesday, October 11, 2022 2:26:09 PM To: darrenjrobinson/powershell_module_identitynow @.> Cc: Chris Yates @.>; Mention @.> Subject: [EXTERNAL] Re: [darrenjrobinson/powershell_module_identitynow] Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null (Issue #56)

Hi @clyates4https://urldefense.com/v3/__https://github.com/clyates4__;!!NMiH8OWLS8U!WK6WlxDWTsmUWydqmWxuODSia2rvAExcB10-qB_szPh0I3JTcKrZhwjrXVxofOieOGx6UboBrmjAdOPG-D0jhxvp$ v1.1.6 of the module addresses this error. It is currently in this branch which you can download an manually update your environment with. https://github.com/darrenjrobinson/powershell_module_identitynow/tree/V3API-CMDLET-Optionshttps://urldefense.com/v3/__https://github.com/darrenjrobinson/powershell_module_identitynow/tree/V3API-CMDLET-Options__;!!NMiH8OWLS8U!WK6WlxDWTsmUWydqmWxuODSia2rvAExcB10-qB_szPh0I3JTcKrZhwjrXVxofOieOGx6UboBrmjAdOPG-L7ZMMzZ$

It also includes a number of other enhancements for changes to the IDN APIs. I'll be looking to finalise that version in the next week, merge it with Main and publish v.1.1.6 to the PowerShell Gallery.

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/darrenjrobinson/powershell_module_identitynow/issues/56*issuecomment-1275170279__;Iw!!NMiH8OWLS8U!WK6WlxDWTsmUWydqmWxuODSia2rvAExcB10-qB_szPh0I3JTcKrZhwjrXVxofOieOGx6UboBrmjAdOPG-DisQGg9$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AZIFFKFDKIYLM4R27QIIZKLWCW5NDANCNFSM5WPN43XQ__;!!NMiH8OWLS8U!WK6WlxDWTsmUWydqmWxuODSia2rvAExcB10-qB_szPh0I3JTcKrZhwjrXVxofOieOGx6UboBrmjAdOPG-C2XDWo5$. You are receiving this because you were mentioned.Message ID: @.***>

This email (and attachments if any) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is confidential or privileged and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by return email and destroy all copies of the email (and attachments if any).