Instantly share code, notes, and snippets.

Embed
What would you like to do?
Using PowerShell to leverage the SailPoint IdentityNow API's
# * ----- Variables
# IdentityNow Orgname
$orgname = "yourIdentityNowOrgName"
# URI's
$logoutURI = "https://$($orgname).identitynow.com/logout"
$adminDashboardURI = "https://$($orgname).identitynow.com/ui/admin#admin:dashboard:overview"
$adminStrongAuthURI = "https://$($orgname).identitynow.com/api/user/strongAuthn"
# IdentityNow API Client ID
$clientID = 'yourIdentityNowAPIClientID'
# IdentityNow API Client Secret
$clientSecret = 'yourIdentityNowAPISecret'
# Basic Auth
$Bytes = [System.Text.Encoding]::utf8.GetBytes("$($clientID):$($clientSecret)")
$encodedAuth = [Convert]::ToBase64String($Bytes)
# IDN Admin Username
$adminUSR = [string]"YourIdentityNowAdminName".ToLower()
# * -----
# Call Logout in case there is an existing session
$logout = Invoke-RestMethod -Method Get $logoutURI
$IDN = $null
# Login to IDN Portal
# Get the Login URI and Request using Chrome Developer Tools
$idnPortal = "PASTE IN THE LOGIN PS COMMAND HERE" -SessionVariable IDN
# it should then look like below
#$idnPortal = Invoke-WebRequest -Uri "https://stg01-uswest2-sso.identitynow.com/sso/login" -Method "POST" -Headers @{"Cache-Control" = "max-age=0"; "Origin" = "https://$($orgName).identitynow.com"; "Upgrade-Insecure-Requests" = "1"; "User-Agent" = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"; "Accept" = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"; "Referer" = "https://$($orgName).identitynow.com/login/login?prompt=true"; "Accept-Encoding" = "gzip, deflate, br"; "Accept-Language" = "en-US,en;q=0.9"; "Cookie" = "_ga=GA1.2.125452778.1536379726; _gid=GA1.2.136027524.1538440258"} -ContentType "application/x-www-form-urlencoded" -Body "service=profile-1066&encryption=hash&IDToken1=$($adminUSR)&IDToken2=f2dbeb5a897abeeecafc9deee1234567823456789&realm=$($orgName)&goto=https%3A%2F%2F$($orgName).identitynow.com%2Fui&gotoOnFail=https%3A%2F%2F$($orgName).identitynow.com%2Flogin%2Ffail%2Fdefault%2F&openam.session.persist_am_cookie=true" -SessionVariable IDN
# Check to see if login successful and redirect to Dashboard
if ($idnPortal.BaseResponse.ResponseUri.LocalPath.Equals("/ui/d/dashboard")) {
# Successful Login to base Portal. Load Admin Portal Login Screen
$admPortal = Invoke-WebRequest -Uri $adminDashboardURI -Method Get -WebSession $IDN
if ($admPortal.BaseResponse.ResponseUri.AbsolutePath.Equals("/ui/admin")) {
# Get CSRF Token
$csrfraw = $admPortal.Content.Substring($admPortal.Content.IndexOf("SLPT.globalContext.csrf ="))
$csrf = $csrfraw.Substring(0, $csrfraw.IndexOf(";"))
$csrf = $csrf.Replace("SLPT.globalContext.csrf = '","")
$csrf = $csrf.Replace("'", "")
write-host -ForegroundColor Green "CSRFToken = $($csrf)"
# Login to Admin IDN Portal
# BELOW is the WebRequest to Authenticate to the Admin section of the IdentityNow Portal
# Replace with your WebRequest with your credentials then update to use the CSRF token retreived above "X-CSRF-Token" = $($csrf). $orgname references are optional
$admPortalAuthN = Invoke-WebRequest -Uri $adminStrongAuthURI -Method "POST" -Headers @{"Origin" = "https://$($orgName).identitynow.com"; "Accept-Encoding" = "gzip, deflate, br"; "X-CSRF-Token" = $($csrf); "Accept-Language" = "en-US,en;q=0.9"; "User-Agent" = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"; "Accept" = "*/*"; "Referer" = "https://$($orgname).identitynow.com/ui/admin"; "X-Requested-With" = "XMLHttpRequest"} -ContentType "application/x-www-form-urlencoded; charset=UTF-8" -Body "password=f2dbeb5a897abeeecafc9deee1234567892345678942" -WebSession $IDN
If ($admPortalAuthN.BaseResponse.StatusCode -eq ('OK')) {
# Load ADMIN Dashboard
$admPortal2 = Invoke-WebRequest -Method Get -URI $adminDashboardURI -WebSession $IDN
if ($admPortal2.RawContent.Contains("SLPT.globalContext.api")) {
$TokensRaw = $admPortal2.RawContent.Substring($admPortal2.RawContent.IndexOf("SLPT.globalContext.api") + 26)
$TokensRaw = $TokensRaw.Substring(0, $TokensRaw.IndexOf("};"))
$Tokens = $TokensRaw.Split(",")
foreach ($token in $Tokens) {
if ($token.Contains("accessToken")) {$accessToken = $token.Replace("`"", ""); $accessToken = $accessToken.Replace("accessToken:", ""); write-host -ForegroundColor Green "$($accessToken)" }
}
}
# Check that it loaded
if ($admPortal2.BaseResponse.ResponseUri.AbsolutePath.Equals("/ui/admin")) {
$cookies = $IDN.Cookies.GetCookies($adminDashboardURI)
foreach ($cookie in $cookies) {
if ($cookie.name.Equals("CCSESSIONID")) {
Write-Host -ForegroundColor green "$($cookie.name) = $($cookie.value)"
$ccsessionID = $cookie.Value
}
}
}
}
if ($ccsessionID -and $csrf -and $accessToken -and $encodedAuth) {
write-host -ForegroundColor Green "Successfully Authenticated to IdentityNow Admin Portal"
write-host -ForegroundColor Yellow "Adding JWT Bearer Token for API Access"
# Basic Auth Header
#$IDN.Headers.Add('Authorization', "Basic $($encodedAuth)")
# JWT oAuth Bearer Token
$IDN.Headers.Add('Authorization', "Bearer $($accessToken)")
}
}
}
else {
write-host -ForegroundColor Red "Login was unsuccessful. Check Username/Password and/or Internet connectivity"
}
# Test a few different API's
if ($IDN.Headers.Authorization.Contains("Bearer")) {
# Old API
$transforms = Invoke-RestMethod -Uri "https://$($orgName).identitynow.com/api/transform/list" -WebSession $IDN
$transforms.items
# cc API's require the JWT Bearer Token
# Roles
$roles = Invoke-RestMethod -Uri "https://$($orgName).api.identitynow.com/cc/api/role/list" -WebSession $IDN
$roles.items
# BASIC Auth APIs
# Remove JWT Bearer Auth
$IDN.Headers.Remove('Authorization')
# Add Basic Auth
$IDN.Headers.Add('Authorization', "Basic $($encodedAuth)")
$groups = Invoke-RestMethod -Uri "https://$($orgName).api.identitynow.com/v2/workgroups" -WebSession $IDN
$groups
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment