Skip to content

Instantly share code, notes, and snippets.

@infamousjoeg
Last active November 15, 2022 15:13
Show Gist options
  • Save infamousjoeg/b44faa299ec3de65bdd1d3b8474b0649 to your computer and use it in GitHub Desktop.
Save infamousjoeg/b44faa299ec3de65bdd1d3b8474b0649 to your computer and use it in GitHub Desktop.
An example of how to authenticate CyberArk PAS REST API using SAML **CUSTOMER CONTRIBUTED & UNTESTED**
try {
$webresp = Invoke-WebRequest "https://pvwa.example.com/PasswordVault/auth/saml/" -MaximumRedirection 0 -ErrorAction SilentlyContinue -UseBasicParsing
} catch {
$_.Exception.Response.StatusCode.Value__
}
try {
$samlresp = Invoke-WebRequest -Uri ($webresp.links.href) -MaximumRedirection 1 -UseDefaultCredentials -UseBasicParsing
} catch {
$_.Exception.Response.StatusCode.Value__
}
if ($samlresp.InputFields[0].name -eq "SAMLResponse"){
$SamlToken = $samlresp.InputFields[0].value
Write-Host $SamlToken
## This Base64-encoded SamlToken is what to place as SAMLResponse URL parameter value in
## https://pvwa.example.com/PasswordVault/api/auth/saml/logon?concurrentSession=false&apiUse=true&SAMLResponse={SAMLToken}
## API Documentation: https://cybr.rocks/RESTAPI#e5e62e2a-b68b-48ad-ab08-245bb68e5764
Write-Host ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($SamlToken)))
} Else {
Write-Host "That request did not work !"
$samlresp
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment