Closed begunrom closed 4 years ago
The module requires certain variables to be set in the module scope; your initial Invoke-WebRequest
happens outside of the module scope, so will not affect any subsequent module commands.
Windows + RADIUS is not a logic flow present in the module, only Windows auth alone:
New-PASSession -UseDefaultCredentials -BaseURI $url
Now supported & available in psPAS 3.5 - from the master branch, github release & PowerShell Gallery.
.EXAMPLE
New-PASSession -Credential $cred -BaseURI https://PVWA -type Windows -OTP 123456 -OTPMode Challenge
Perform initial Windows authentication and respond to secondary RADIUS challenge
.EXAMPLE
New-PASSession -Credential $cred -BaseURI https://PVWA -type Windows -OTP passcode -OTPMode Challenge
Perform initial authentication and then get prompted to supply OTP value for RADIUS challenge.
I was trying to login using the latest PsPas version on CyberArk 11.2, but failed to do so.
The current setup requires windows authentication to access the PCWA website. We are using passtrue authentication for this. Once authenticated you cannot change the login name any more in PVWA. It is fixed. Then we use radius authentication with OTP to login.
I can use
Invoke-WebRequest -URI "https://pam.test.org/PasswordVault/api/Auth/Windows/Logon" -Method POST -UseDefaultCredentials
to authenticate the pvwa. Result :StatusCode : 200 StatusDescription : OK Content : {"AdditionalInfo":"","UserName":"test"} RawContent : HTTP/1.1 200 OK Pragma: no-cache api-supported-versions: 11.0 Cache-Control: no-cache, no-store, must-revalidate Content-Type: application/json; charset=utf-8 Expires: -1 Set-Cookie: CA22222=; p... Forms : {} Headers : {[Pragma, no-cache], [api-supported-versions, 11.0], [Cache-Control, no-cache, no-store, must-revalidate], [Content-Type, application/json; charset=utf-8]...} Images : {} InputFields : {} Links : {} ParsedHtml : mshtml.HTMLDocumentClass RawContentLength : 39
Then I tried:
New-PASSession -Credential $cred -BaseURI https://pam.test.org -type RADIUS -OTP 123456 -OTPMode Challenge
The error I get is `VERBOSE: POST https://pam.test.org/PasswordVault/api/Auth/RADIUS/Logon with 0-byte payload Invoke-PASRestMethod : [403] Authentication failure. At C:\Users\test\temp\Powershell\CyberArkTest_radius.ps1:25 char:15
Can you help?