search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
291 stars 91 forks source link

Update Invoke-PASRestMethod.ps1 #371

Closed zamothh closed 3 years ago

zamothh commented 3 years ago

Summary

I was trying to debug as I have issues with SAML authentication ... and I found difficult to retrieve what exactly was sent to the backend API. By adding those few line, you should now see the invoke-webrequest sent variables. To a certain extent, this can help converting any PsPas Command to direct API calls, and to also to increase debug speed. I use -verbose a lot in my own modules, each time I want to understand what is happening. note on write-verbose ($PSBoundParameters | out-string -Width ($host.UI.RawUI.BufferSize.Width -2 )) The -width help fixing extra new lines with this kind of use of write-verbose, and should be kept

Test Plan

Example :

PS C:\> New-PASSession -BaseURI "https://cpim.#######.com" -SAMLAuth -SAMLResponse $C.access_token -Verbose
VERBOSE: Performing the operation "Logon" on target "https://cpim.#######.com/PasswordVault/api/auth/SAML/Logon".
VERBOSE: *********** BoundParameters *************
VERBOSE:
Key                   Value
---                   -----
UseDefaultCredentials False
SessionVariable       PASSession
Method                POST
URI                   https://cpim.#######.com/PasswordVault/api/auth/SAML/Logon
Body                  {apiUse, SAMLResponse}
ContentType           application/x-www-form-urlencoded
UseBasicParsing       True

VERBOSE: ******* End of PSBoundParameters ********
VERBOSE: POST https://cpim.#######.com/PasswordVault/api/auth/SAML/Logon with -1-byte payload
Invoke-PASRestMethod : [400] Authentication failure. Please contact your Administrator.
At line:445 char:19
+                 $PASSession = Invoke-PASRestMethod @LogonRequest
+                               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: ({"ErrorCode":"P...dministrator."}:ErrorRecord) [Invoke-PASRestMethod], Exception
    + FullyQualifiedErrorId : PASWS035E,Invoke-PASRestMethod

Closes issues

Fixes # nothing

Closes # nothing

pspete commented 3 years ago

Pull Requests are not accepted against the master branch. Code to debug an issue should not be included in any published version of the module. Effort to remove verbose/debug output which could contain secret data has already been undertaken.

zamothh commented 3 years ago

oups, sorry, meant to push it on the dev. Didn't know there had already been a talk on verbose/debug content. Thanks