Pspas module problem with pcloud

nawazsarwar124 commented 1 year ago

Good Morning

I am trying to use the pspas module to connect to the pCloud solution with the following command:

New-PASSession -TenantSubdomain $identityTenantId

So my command becomes:

New-PASSession -TenantSubdomain Aav111

I logged in successfully, but when I call the module, for example, Get-PASAccount, I receive an error. I tried to investigate the error and what I understood is that the module is calling the URL https://$identitytenantid.privilegecloud.cyberark.cloud/PasswordVault/API/Accounts/. However, CyberArk uses two different URLs: one with an ID and the other with a hostname, which the client selects for their tenant. For example: https://aav111.privilegecloud.cyberark.cloud/PasswordVault/API/Accounts/ (API does not work) https://hostname.privilegecloud.cyberark.cloud/PasswordVault/API/Accounts (API works)

to resolve this issue we added TenantBase parameter

and a new variable

and then if TenantBase parameter is not null or empty we assign this value to the Script scope variable $Uri

so we can logon with the first url (TenantSubdomain) and execute the action with the other url (TenantBase) without changing the other functions

After making this change, it started working correctly.

do you have another way to do this correctly or do we keep the fix?

Thanks, NS

nawazsarwar124 commented 1 year ago

Hello,

can you please help me ?

Thanks, NS

pspete commented 1 year ago

P Cloud support is not yet fully fledged in psPAS

pspete commented 1 year ago

@nawazsarwar124 Do you have 'hostname' (per your example) configured as a tenant url for the Identity portal?

pspete commented 1 year ago

Where the Identity and Privilege Cloud portals do not share an identical subdomain, in the latest psPAS release 5.6.135, these can now be specified independently: https://pspas.pspete.dev/docs/authentication/#shared-services-authentication

pspete / psPAS