New-PASSession connectionNumber not working on 10.5 - Githubissues

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API

https://pspas.pspete.dev

MIT License

296 stars 91 forks source link

New-PASSession connectionNumber not working on 10.5 #119

Closed 27560 closed 5 years ago

27560 commented 5 years ago

PowerShell Version: 5.0.10586.117
psPAS Branch & Version: latest
CyberArk Version: Version 10.5.0 (10.5.0.48)

Expected Behaviour

Obtain a PASSession

Current Behaviour

Not obtaining PASSession

Possible Solution

Does connectionNumber work for version 10.5? Is there an alternative method for having multiple sessions?

Steps to Reproduce (for bug reports)

New-PASSession -BaseUri $BaseURI -UseDefaultCredentials -connectionNumber 47

Sample Output

New-PASSession : Parameter set cannot be resolved using the specified named parameters.

Context

Obtain a PASSession and have multiple sessions

pspete commented 5 years ago

Hi,

ConnectionNumber is not a valid parameter for logon with the 10.x API.

You can confirm this on your system here: https://pvwa/PasswordVault/swagger/ui/index#!/Auth/Auth_Logon

27560 commented 5 years ago

How does one allow multiple sessions in 10.x API?

pspete commented 5 years ago

You can attempt to use the legacy version of the API by specifying the -UseV9API switch on the New-PASSession function

27560 commented 5 years ago

New-PASSession -UseV9API -BaseUri $BaseURI -UseDefaultCredentials -connectionNumber 47 New-PASSession : Parameter set cannot be resolved using the specified named parameters.

It yields same error message

pspete commented 5 years ago

The "legacy" API only supports CyberArk, LDAP or RADIUS (and SAML) auth; there is no support for Windows authentication (so UseDefaultCredentials is superfluous). The v10 API does support Windows auth (UseDefaultCredentials is valid here), with the caveat that ConnectionNumber cannot be specified.

pspete commented 5 years ago

get-help new-passession clearly shows the valid parameter combinations.

27560 commented 5 years ago

I need to use windows / usedefaultcredentials, but I also need the ability to have multiple connections. Is there any solution I can use? Any clue if connectionNumber was replaced with an alternative method?

pspete commented 5 years ago

Not that I know of - I think shared logon authentication is the only alternative, but its not windows auth.

pspete commented 5 years ago

@27560 there is literally nothing I can incorporate into the module to support your requirement. The only possibility would be if connectionNumber gets introduced as a parameter on the part of the API which supports windows auth. If you have not already, I would log an enhancement request with the vendor.