Last active
January 9, 2020 23:30
-
-
Save darrenjrobinson/5138a9d4203e3d552b4f243f2d29b96e to your computer and use it in GitHub Desktop.
SailPoint IdentityNow Security Configuration Report. Associated Blog Post https://blog.darrenjrobinson.com/sailpoint-identitynow-security-configuration-report/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import-module SailPointIdentityNow | |
Get-IdentityNowOrg | |
Set-IdentityNowOrg -orgName 'yourOrgName' | |
# Document IdentityNow Security Configuration | |
$orgName = (Get-IdentityNowOrg).'Organisation Name' | |
# Output Path and Image | |
$reportImagePath = "C:\Reports\SailPoint IdentityNow 240px.png" | |
$ReportOutputPath = "C:\Reports\IdentityNowConfigReports" | |
$utime = [int][double]::Parse((Get-Date -UFormat %s)) | |
# IWA | |
$IWAConfig = Invoke-IdentityNowRequest -uri "https://$($orgName).api.identitynow.com/cc/api/org/getSSOSettings?_dc=$($utime)&config=kerberos" -method Get -headers Headersv3 | |
# Service Provider | |
$ssoSP = Invoke-IdentityNowRequest -uri "https://$($orgName).api.identitynow.com/cc/api/org/getSSOSettings?_dc=$($utime)&config=saml2-hosted-sp" -method get -headers Headersv3 | |
$ssoIDP = Invoke-IdentityNowRequest -uri "https://$($orgName).api.identitynow.com/cc/api/org/getSSOSettings?_dc=$($utime)&config=saml2-remote-idp" -method get -headers Headersv3 | |
# oAuth API Clients | |
$oAuthClients = Get-IdentityNowOAuthAPIClient | |
# v2 Clients | |
$apiClients = Get-IdentityNowAPIClient | |
# Global Security Config Settings | |
$globalSecurityConfig = Invoke-IdentityNowRequest -uri "https://$($orgName).api.identitynow.com/cc/api/org/get?_dc=$($utime)" -method get -headers Headersv3_JSON | |
try { | |
$ImageData = [Convert]::ToBase64String((Get-Content $reportImagePath -Encoding Byte)) | |
$ImageFile = Get-Item $reportImagePath | |
$ImageType = $ImageFile.Extension.Substring(1) #strip off the leading . | |
$ImageTag = "<Img src='data:image/$ImageType;base64,$($ImageData)' Alt='$($ImageFile.Name)' width='240' height='82' hspace=10>" | |
} | |
catch { | |
Write-Error "Report Image Path/Filename not found" | |
break | |
} | |
$reportDate = get-date -format "dd-MMM-yyyy HH-mm" | |
# Create Folder for Output in Path provided above with Report Date | |
$dir = "$($ReportOutputPath)\$($reportDate)" | |
if (!(Test-Path -Path $dir )) { | |
New-Item -ItemType directory -Path $dir | |
} | |
# Build up the HTML Report | |
$htmlFragments = @() | |
# Headings and Title | |
$top = @" | |
<center> | |
<h1>SailPoint IdentityNow Security Settings Configuration Report</h1> | |
<h2>Organisation - `'$($orgName.ToUpper())`'</h2> | |
<b><center>$ImageTag</center></b> | |
</center> | |
"@ | |
$htmlFragments += $top | |
$h2Text = "IdentityNow Security Settings Configuration" | |
$div = $h2Text.Replace(" ", "_") | |
$htmlFragments += "<center><a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><h2>$h2Text</h2></a><div id=""$div""><a href='javascript:toggleAll();' title=' Click to toggle all sections'>+ / -</a></center>" | |
if ($globalSecurityConfig) { | |
# Global Security Settings | |
Write-host -ForegroundColor Blue " Global Security Configuration" | |
# Output template to File | |
$globalSecurityConfig | Export-Clixml -Path "$($dir)\$($orgName)-Global-SecurityConfig-Details-$($reportDate).xml" | |
$H3Text = "Global Security Settings Details" | |
$div = $H3Text.Replace(" ", "_") | |
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">" | |
$htmlFragments += "<center>" | |
$attrObjects = $globalSecurityConfig | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object | |
foreach ($attrObj in $attrObjects) { | |
$attrName = $attrObj.name | |
$globalSecurityConfig.$attrName = $globalSecurityConfig.$attrName | convertto-json | |
} | |
$htmlFragments += $globalSecurityConfig | ConvertTo-Html -As LIST | |
$htmlFragments += "</center>" | |
$htmlFragments += "</div>" | |
} | |
if ($IWAConfig) { | |
# IWA Config | |
Write-host -ForegroundColor Blue " IWA Configuration" | |
# Output template to File | |
$IWAConfig | Export-Clixml -Path "$($dir)\$($orgName)-IWA-Details-$($reportDate).xml" | |
$H3Text = "IWA Configuration Details" | |
$div = $H3Text.Replace(" ", "_") | |
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">" | |
$htmlFragments += "<center>" | |
$attrObjects = $IWAConfig | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object | |
foreach ($attrObj in $attrObjects) { | |
$attrName = $attrObj.name | |
#$eTemplate.$attrName = $eTemplate.$attrName -join ',' | |
$IWAConfig.$attrName = $IWAConfig.$attrName | convertto-json | |
} | |
$htmlFragments += $IWAConfig | ConvertTo-Html -As LIST | |
$htmlFragments += "</center>" | |
$htmlFragments += "</div>" | |
} | |
if ($ssoSP) { | |
# SSO SP Config | |
Write-host -ForegroundColor Blue " SSO SP Configuration" | |
# Output template to File | |
$ssoSP | Export-Clixml -Path "$($dir)\$($orgName)-SSO-SP-Details-$($reportDate).xml" | |
# Template Details | |
$H3Text = "SSO SP Configuration Details" | |
$div = $H3Text.Replace(" ", "_") | |
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">" | |
$htmlFragments += "<center>" | |
$attrObjects = $ssoSP | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object | |
foreach ($attrObj in $attrObjects) { | |
$attrName = $attrObj.name | |
#$eTemplate.$attrName = $eTemplate.$attrName -join ',' | |
$ssoSP.$attrName = $ssoSP.$attrName | convertto-json | |
} | |
$htmlFragments += $ssoSP | ConvertTo-Html -As LIST | |
$htmlFragments += "</center>" | |
$htmlFragments += "</div>" | |
} | |
if ($ssoIDP) { | |
# SSO IDP Config | |
Write-host -ForegroundColor Blue " SSO IDP Configuration" | |
# Output template to File | |
$ssoIDP | Export-Clixml -Path "$($dir)\$($orgName)-SSO-IDP-Details-$($reportDate).xml" | |
# Template Details | |
$H3Text = "SSO IDP Configuration Details" | |
$div = $H3Text.Replace(" ", "_") | |
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">" | |
$htmlFragments += "<center>" | |
$attrObjects = $ssoIDP | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object | |
foreach ($attrObj in $attrObjects) { | |
$attrName = $attrObj.name | |
#$eTemplate.$attrName = $eTemplate.$attrName -join ',' | |
$ssoIDP.$attrName = $ssoIDP.$attrName | convertto-json | |
} | |
$htmlFragments += $ssoIDP | ConvertTo-Html -As LIST | |
$htmlFragments += "</center>" | |
$htmlFragments += "</div>" | |
} | |
if ($oAuthClients) { | |
# oAuth Clients | |
Write-host -ForegroundColor Blue " oAuth Clients Configuration" | |
# Output template to File | |
$oAuthClients | Export-Clixml -Path "$($dir)\$($orgName)-oAuth-Clients-Details-$($reportDate).xml" | |
foreach ($oAuthClient in $oAuthClients) { | |
$H3Text = "oAuth $($oAuthClient.name) Details" | |
$div = $H3Text.Replace(" ", "_") | |
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">" | |
$htmlFragments += "<center>" | |
$attrObjects = $oAuthClient | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object | |
foreach ($attrObj in $attrObjects) { | |
$attrName = $attrObj.name | |
#$eTemplate.$attrName = $eTemplate.$attrName -join ',' | |
$oAuthClient.$attrName = $oAuthClient.$attrName | convertto-json | |
} | |
$htmlFragments += $oAuthClient | ConvertTo-Html -As LIST | |
$htmlFragments += "</center>" | |
$htmlFragments += "</div>" | |
} | |
} | |
if ($apiClients) { | |
# API Clients | |
Write-host -ForegroundColor Blue " API Clients Configuration" | |
# Output template to File | |
$apiClients | Export-Clixml -Path "$($dir)\$($orgName)-API-Clients-Details-$($reportDate).xml" | |
$i = 0 | |
foreach ($apiClient in $apiClients) { | |
if ($apiClient.description) { | |
$H3Text = "API $($apiClient.description) Details" | |
} else { | |
$i++ | |
$H3Text = "API $($i) Details" | |
} | |
$div = $H3Text.Replace(" ", "_") | |
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">" | |
$htmlFragments += "<center>" | |
$attrObjects = $apiClient | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object | |
foreach ($attrObj in $attrObjects) { | |
$attrName = $attrObj.name | |
#$eTemplate.$attrName = $eTemplate.$attrName -join ',' | |
$apiClient.$attrName = $apiClient.$attrName | convertto-json | |
} | |
$htmlFragments += $apiClient | ConvertTo-Html -As LIST | |
$htmlFragments += "</center>" | |
$htmlFragments += "</div>" | |
} | |
} | |
# Footer | |
$htmlFragments += "<center><p class='footer'>Report Generated $($reportDate)</p></center>" | |
# Header | |
$head = @" | |
<Title>SailPoint IdentityNow Security Settings Report - $($orgName.ToUpper())</Title> | |
<style> | |
body {background-color:#ffffff; font:70%/1.5em Lato,sans-serif; padding:10px } | |
td,th {padding-left:8px} | |
th {color:black; background-color:cornflowerblue;} | |
table {border-spacing:1px; border-collapse:collapse; background:#F7F6F6; border-radius:6px; overflow:hidden; max-width:480px; width:70%; margin:0 auto; position:relative;} | |
table, tr, td, th {padding: 10px; margin: 0px ;white-space:pre; word-break:break-all; width:70%;} | |
tr:nth-child(even) {background-color:#dae5f4;} | |
tr:nth-child(odd) {background:#b8d1f3;} | |
thead tr {height:60px;background:#367AB1;color:#F5F6FA;font-size:1.2em;font-weight:700;text-transform:uppercase} | |
tbody tr {height:35px;border-bottom:1px solid #367AB1; word-break:break-all; text-transform:capitalize; font-size:1em;} | |
h1 {font-family:Tahoma;color:#A9A9A9;} | |
h2 {font-family:Tahoma;color:#6D7B8D;} | |
h3 {font-family:Tahoma;color:#6D7B8D;} | |
.alert {color: red;} | |
.footer {color:green; margin-left:10px; font-family:Tahoma; font-size:8pt; font-style:italic;} | |
.transparent {background-color:#ffffff;} | |
</style> | |
<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js'> | |
</script> | |
<script type='text/javascript'> | |
function toggleDiv(divId) { | |
`$("#"+divId).toggle(); | |
} | |
function toggleAll() { | |
var divs = document.getElementsByTagName('div'); | |
for (var i = 0; i < divs.length; i++) { | |
var div = divs[i]; | |
`$("#"+div.id).toggle(); | |
} | |
} | |
</script> | |
"@ | |
# Output the Report | |
$convertParams = @{ | |
head = $head | |
body = $htmlFragments | |
} | |
convertto-html @convertParams | out-file -FilePath "$($dir)\$($orgName)-SecurityConfigReport-$($reportDate).html" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment