This guide demonstrates how to authenticate to CyberArk's Self-Hosted Privileged Access Management (PAM) REST API using PingFederate SAML authentication with PowerShell.
The script implements a complete SAML authentication flow that:
| function New-SAMLInteractive { | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Mandatory = $true)] | |
| [string] $LoginIDP | |
| ) | |
| Begin { | |
| # Regular expression to extract SAML Response | |
| $RegEx = '(?i)name="SAMLResponse"(?: type="hidden")? value=\"(.*?)\"(?:.*)?\/>' |
Overview:
This documentation demonstrates how to use GitHub's OpenID Connect (OIDC) as an authentication method in Conjur Cloud & Self-Hosted Enterprise using the authn-jwt authenticator. The process involves configuring the JWT authenticator, mapping claims from the GitHub OIDC token to annotations in Conjur Cloud, and finally authenticating a workload.
| # Import the AWS module | |
| Import-Module AWSPowerShell.NetCore | |
| # Define the region | |
| $region = "YOUR_AWS_REGION" | |
| # Function to get temporary security credentials from EC2 instance's IAM role | |
| function Get-TemporaryCredentials { | |
| param ( | |
| [string]$region |
To send data from a flat-file log on a server to QRadar, you need to set up a log source in QRadar to collect and process the logs. Here’s a step-by-step guide to accomplish this:
WinCollect is a Windows-based agent provided by IBM for QRadar to collect logs. Here are the steps to install and configure it:
To use a custom version of the cyberark/conjur provider in Terraform, you would follow a similar procedure to what was previously described but tailored specifically for this provider. Here are the detailed steps to set up the cyberark/conjur provider that has been compiled from source:
Compile the Provider: Start by ensuring you have the source code for the CyberArk Conjur provider. You can typically find this on GitHub under the CyberArk organization. After obtaining the code, compile it using Go. Navigate to the directory containing the provider's source code and run:
go build
This command compiles the provider into an executable binary.
Create the Directory Structure: You need to place the compiled provider binary in a specific directory structure that Terraform recognizes. The path should be structured as follows:
| # Import PowerShell module psPAS, if it doesn't exist, install it | |
| Import-Module psPAS -ErrorAction SilentlyContinue | |
| if ($LASTEXITCODE -ne 0) { | |
| Install-Module psPAS -Force | |
| Import-Module psPAS | |
| } | |
| # Import PowerShell module IdentityCommand, if it doesn't exist, install it | |
| Import-Module IdentityCommand -ErrorAction SilentlyContinue | |
| if ($LASTEXITCODE -ne 0) { |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: admin-service-account-issuer-discovery | |
| subjects: | |
| - kind: User | |
| name: admin@example.com # Replace this with your actual admin username | |
| apiGroup: rbac.authorization.k8s.io | |
| roleRef: | |
| kind: ClusterRole |
| ## USER VARIABLES | |
| ################# | |
| # Specify the path to your .pfx file and its password | |
| $pfxPath = "/Users/joe.garcia/OneDrive - CyberArk Ltd/Software/Certificates/ccp_clientcert_bundle.pfx" | |
| # Define the URI for the CCP API | |
| $uri = "https://cyberark.joegarcia.dev/AIMWebService/api/Accounts" | |
| $appId = "Test" | |
| $safe = "TestSafe" |
| - hosts: all | |
| gather_facts: no | |
| tasks: | |
| - block: | |
| - name: Retrieve Password from CyberArk | |
| cyberark.pas.cyberark_credential: | |
| api_base_url: "{{ ccp_base_url }}" | |
| app_id: "{{ ccp_app_id }}" |