An example of how to authenticate CyberArk PAS REST API using SAML **CUSTOMER CONTRIBUTED & UNTESTED**

samlAuthn.ps1

try {
    $webresp = Invoke-WebRequest "https://pvwa.example.com/PasswordVault/auth/saml/" -MaximumRedirection 0 -ErrorAction SilentlyContinue -UseBasicParsing
} catch {
    $_.Exception.Response.StatusCode.Value__
}
try {
    $samlresp = Invoke-WebRequest -Uri ($webresp.links.href) -MaximumRedirection 1 -UseDefaultCredentials -UseBasicParsing
} catch {
    $_.Exception.Response.StatusCode.Value__
}
 
if ($samlresp.InputFields[0].name -eq "SAMLResponse"){
    $SamlToken = $samlresp.InputFields[0].value
 
    Write-Host $SamlToken
    ## This Base64-encoded SamlToken is what to place as SAMLResponse URL parameter value in
    ## https://pvwa.example.com/PasswordVault/api/auth/saml/logon?concurrentSession=false&apiUse=true&SAMLResponse={SAMLToken}
    ## API Documentation: https://cybr.rocks/RESTAPI#e5e62e2a-b68b-48ad-ab08-245bb68e5764
    Write-Host ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($SamlToken)))
} Else {
    Write-Host "That request did not work !"
    $samlresp
}