search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
295 stars 91 forks source link

psPAS CRLF Error after Authenticating #441

Closed Joostie155 closed 1 year ago

Joostie155 commented 1 year ago

Hello,

I recently started working with CyberArk Privilege Cloud. Now I want to start using the PowerShell module PsPAS which seems very useful. The problem is that I can't seem to get authenticated via powershell. Because we are using SAML, I use the PS-SAML-Interactive module to get authenticated.

Everything seems to be going well with logging in. But when I try to use a command, for example

Get-PASLoggedOnUser

I get the following error:

Invoke-WebRequest : Specified value has invalid CRLF characters.
Parameter name: value
At line:216 char:19
+ ... $APIResponse = Invoke-WebRequest u/PSBoundParameters -ErrorAction Stop
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Invoke-WebRequest], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

As I am not that experienced yet with CyberArk, I am not sure how to solve the issue.

Info:

PsPAS Module: 5.4.94 PowerShell Version: 5.1 CyberArk Privilege Cloud: 12.7

This is the script that I run:

Import-Module -Name "D:\User\Documents\PS-SAML-Interactive.psm1"

$LoginURL = "https://account.activedirectory.windowsazure.com/applications/signin/######"
$baseURL = "https://COMPANY.privilegecloud.cyberark.com/PasswordVault/v10/logon/cyberark"

$loginResponse = New-SAMLInteractive -LoginIDP $loginURL

New-PASSession -SAMLAuth -concurrentSession $true -BaseURI $baseURL -SAMLResponse $loginResponse

The LoginURL comes from https://myapps.microsoft.com/ because I authenticate to CyberArk using my Company Microsoft Account.

The BaseURL is url that of the PVWA.

Also, when I run the script, as shown on the Github of PS-SAML-Interactive, I do get a SAML Response returned.

Any help is appreciated.

pspete commented 1 year ago

Hi @Joostie155 ,

Using this module it is not required to specify the "PasswordVault" portion of the URL when authenticating to the API. There is a basic example to follow here: https://pspas.pspete.dev/docs/authentication/#saml-authentication

pspete commented 1 year ago

No update for some time. closing