Skip to content

Instantly share code, notes, and snippets.

@Sarafian
Created April 10, 2017 07:44
Show Gist options
  • Save Sarafian/2eff5b72d035e73bda980822a4f279e6 to your computer and use it in GitHub Desktop.
Save Sarafian/2eff5b72d035e73bda980822a4f279e6 to your computer and use it in GitHub Desktop.
Access ISHCM from PowerShell
Function Get-ISHCMWebSession {
param (
[Parameter(Mandatory=$true)]
[string]$DeploymentName,
[Parameter(Mandatory=$false)]
[PSCredential]$Credential=$null
)
$deployment=Get-ISHDeployment -Name $DeploymentName
$deploymentParameters=Get-ISHDeploymentParameters -ISHDeployment $DeploymentName
$ishCMURL="https://$($deployment.AccessHostName)/$($deployment.WebAppNameCM)/"
$ishWSURL="https://$($deployment.AccessHostName)/$($deployment.WebAppNameWS)/"
$issuerwstrustmexurl=$deploymentParameters |Where-Object -Property Name -EQ "issuerwstrustmexurl"|Select-Object -ExpandProperty Value
$issuerwstrustendpointurl=$deploymentParameters |Where-Object -Property Name -EQ "issuerwstrustendpointurl"|Select-Object -ExpandProperty Value
$importer=New-WcfWsdlImporter -Endpoint $issuerwstrustmexurl
$newSecurityTokenHash=@{
Endpoint=$importer|New-WcfServiceEndpoint -Endpoint $issuerwstrustendpointurl
AppliesTo=$ishCMURL
Bearer=$true
}
if($Credential)
{
$newSecurityTokenHash.Credential=$Credential
}
$token=New-SecurityToken @newSecurityTokenHash
$validFrom = $token.ValidFrom.ToString("O");
$validTo = $token.ValidTo.ToString("O");
$tokenXML=$token.TokenXml.OuterXml
$saml11Response='
<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">$validFrom</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">$validTo</wsu:Expires>
</t:Lifetime>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>$ishCMURL</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<t:RequestedSecurityToken>$tokenXML</t:RequestedSecurityToken>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
</t:RequestSecurityTokenResponse>
'
$saml11Response=$saml11Response.Replace('$validFrom',$validFrom)
$saml11Response=$saml11Response.Replace('$validTo',$validTo)
$saml11Response=$saml11Response.Replace('$ishCMURL',$ishCMURL)
$saml11Response=$saml11Response.Replace('$tokenXML',$tokenXML)
$fields=@{
wa="wsignin1.0"
wresult=$saml11Response
}
Remove-Variable -Name ishCMSession -ErrorAction SilentlyContinue
$response=Invoke-WebRequest -Uri $ishCMURL -Method POST -Body $fields -SessionVariable ishCMSession
$ishCMSession
}
@Sarafian
Copy link
Author

The cmdlet should allow using direct urls instead of the deployment name that queries the deployment locally with ISHDeploy
Example

$ishCMWebSession=Get-ISHCMWebSession 
$aspUrl=""
$content=Invoke-WebRequest -WebSession $ishCMWebSession -Uri $aspUrl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment