search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
286 stars 90 forks source link

OAuth/SAML #470

Closed grvs1404 closed 11 months ago

grvs1404 commented 1 year ago

Cyberark Cloud Version: 13.1.0

Hey Pete, Its me again, So I was working with Cyberark Support andthe suggested to use the Get-IdentityHeader Module they developed. Unfortunately, they dont support the option to pass SAML into that module so in the meantime they suggested we use OAuth. So they gave me this code to implement:

$body = @{
"grant_type" = "client_credentials"
"client_id" = “[oauthuser@cyberark.cloud.5555](mailto:oauthuser@cyberark.cloud.5555)”
"client_secret" = "xxxxx"
}

$response = Invoke-RestMethod '[https://aal5555.my.idaptive.app/oauth2/platformtoken'](https://aal5555.my.idaptive.app/oauth2/platformtoken%27) -Method 'POST' -Body $body
$response | ConvertTo-Json
$IdentityUserName = “OauthUser”
$PCloudTenantAPIURL = “https://xxxx.privilegecloud.cyberark.cloud/passwordvault”
$header = New-Object System.Collections.Generic.Dictionary"[String,string]"
$header.add("Authorization","Bearer $($response.access_token)")
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
$session.Headers = $header

$PSPASToken = [PSCustomObject]@{
User            = $IdentityUserName
BaseURI         = $PCloudTenantAPIURL
ExternalVersion = "12.6.0"
WebSession      = $session
} | Add-ObjectDetail -TypeName psPAS.CyberArk.Vault.Session

use-pASSession $PSPASToken
Get-PASLoggedOnUser | Format-list

Weve gotten this to all work until we get to the last command get-PASLoggedOnUser When running that we get this error:

'PS C:\Windows\system32> Get-PASLoggedOnUser |Format-list
Exception calling ".ctor" with "4" argument(s): "Cannot process argument because the value of argument "exception" is null. Change the value of argument "exception" to a non-null value."
At line:325 char:4
            $PSCmdlet.ThrowTerminatingError(
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    FullyQualifiedErrorId : PSArgumentNullException'

As a side note we also had to import wftools to use the add-objectdetail command

Thanks for your support its greatly appreciated!

grvs1404 commented 12 months ago

Turns out this was a permissions issue, not sure if that can be identified within your PS modules?

pspete commented 11 months ago

Hi @grvs1404 - if you share steps to be able to reproduce the permissions issue, or steps you took to resolve, we can possibly see if the particular error can be caught and dealt with appropriately.

pspete commented 11 months ago

Hi @grvs1404 - if you share steps to be able to reproduce the permissions issue, or steps you took to resolve, we can possibly see if the particular error can be caught and dealt with appropriately.

Closing, no update. If you want to share the steps - add them on here to reopen, or log a new issue/feature request with the required detail.