Bug fixes (#499)
* Add Certificates to External Identity Source Signed-off-by: Dimitar Milov <dmilov@vmware.com> * Add Credential parameter to Connect-SsoAdminServer Signed-off-by: Dimitar Milov <dmilov@vmware.com>
This commit is contained in:
dmilov
GitHub
@@ -24,6 +24,9 @@ function Connect-SsoAdminServer {
|
||||
.PARAMETER Password
|
||||
Specifies the password you want to use for authenticating with the server.
|
||||
|
||||
.PARAMETER Credential
|
||||
Specifies a PSCredential object to for authenticating with the server.
|
||||
|
||||
.PARAMETER SkipCertificateCheck
|
||||
Specifies whether server Tls certificate validation will be skipped
|
||||
|
||||
@@ -46,7 +49,8 @@ function Connect-SsoAdminServer {
|
||||
Mandatory = $true,
|
||||
ValueFromPipeline = $false,
|
||||
ValueFromPipelineByPropertyName = $false,
|
||||
HelpMessage = 'User name you want to use for authenticating with the server')]
|
||||
HelpMessage = 'User name you want to use for authenticating with the server',
|
||||
ParameterSetName = 'UserPass')]
|
||||
[string]
|
||||
$User,
|
||||
|
||||
@@ -54,11 +58,21 @@ function Connect-SsoAdminServer {
|
||||
Mandatory = $true,
|
||||
ValueFromPipeline = $false,
|
||||
ValueFromPipelineByPropertyName = $false,
|
||||
HelpMessage = 'Password you want to use for authenticating with the server')]
|
||||
HelpMessage = 'Password you want to use for authenticating with the server',
|
||||
ParameterSetName = 'UserPass')]
|
||||
[VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
|
||||
[SecureString]
|
||||
$Password,
|
||||
|
||||
[Parameter(
|
||||
Mandatory = $true,
|
||||
ValueFromPipeline = $false,
|
||||
ValueFromPipelineByPropertyName = $false,
|
||||
HelpMessage = 'PSCredential object to use for authenticating with the server',
|
||||
ParameterSetName = 'Credential')]
|
||||
[PSCredential]
|
||||
$Credential,
|
||||
|
||||
[Parameter(
|
||||
Mandatory = $false,
|
||||
HelpMessage = 'Skips server Tls certificate validation')]
|
||||
@@ -73,13 +87,24 @@ function Connect-SsoAdminServer {
|
||||
|
||||
$ssoAdminServer = $null
|
||||
try {
|
||||
$ssoAdminServer = New-Object `
|
||||
'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
|
||||
-ArgumentList @(
|
||||
$Server,
|
||||
$User,
|
||||
$Password,
|
||||
$certificateValidator)
|
||||
if ($PSBoundParameters.ContainsKey('Credential')) {
|
||||
$ssoAdminServer = New-Object `
|
||||
'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
|
||||
-ArgumentList @(
|
||||
$Server,
|
||||
$Credential.UserName,
|
||||
$Credential.Password,
|
||||
$certificateValidator)
|
||||
} else {
|
||||
$ssoAdminServer = New-Object `
|
||||
'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
|
||||
-ArgumentList @(
|
||||
$Server,
|
||||
$User,
|
||||
$Password,
|
||||
$certificateValidator)
|
||||
}
|
||||
|
||||
}
|
||||
catch {
|
||||
Write-Error (FormatError $_.Exception)
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
RootModule = 'VMware.vSphere.SsoAdmin.psm1'
|
||||
|
||||
# Version number of this module.
|
||||
ModuleVersion = '1.3.5'
|
||||
ModuleVersion = '1.3.6'
|
||||
|
||||
# Supported PSEditions
|
||||
# CompatiblePSEditions = @()
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -24,5 +24,7 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
|
||||
public string FailoverUrl { get; set; }
|
||||
public string UserBaseDN { get; set; }
|
||||
public string GroupBaseDN { get; set; }
|
||||
|
||||
public System.Security.Cryptography.X509Certificates.X509Certificate2[] Certificates {get ;set;}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1232,32 +1232,34 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
var domains = authorizedInvocationContext.
|
||||
var identitySources = authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.GetDomainsAsync(
|
||||
_ssoAdminBindingClient.GetAsync(
|
||||
new ManagedObjectReference
|
||||
{
|
||||
type = "SsoAdminDomainManagementService",
|
||||
Value = "domainManagementService"
|
||||
type = "SsoAdminIdentitySourceManagementService",
|
||||
Value = "identitySourceManagementService"
|
||||
})).Result;
|
||||
|
||||
if (domains != null)
|
||||
if (identitySources != null)
|
||||
{
|
||||
var localos = new LocalOSIdentitySource();
|
||||
localos.Name = domains.localOSDomainName;
|
||||
localos.Name = identitySources.localOS.name;
|
||||
yield return localos;
|
||||
|
||||
var system = new SystemIdentitySource();
|
||||
system.Name = domains.systemDomainName;
|
||||
yield return system;
|
||||
foreach (var systemDomain in identitySources.system.domains) {
|
||||
var system = new SystemIdentitySource();
|
||||
system.Name = systemDomain.name;
|
||||
yield return system;
|
||||
}
|
||||
|
||||
if (domains.externalDomains != null && domains.externalDomains.Length > 0)
|
||||
|
||||
if (identitySources.ldaps != null && identitySources.ldaps.Length > 0)
|
||||
{
|
||||
foreach (var externalDomain in domains.externalDomains)
|
||||
foreach (var externalDomain in identitySources.ldaps)
|
||||
{
|
||||
var extIdentitySource = new ActiveDirectoryIdentitySource();
|
||||
extIdentitySource.Name = externalDomain.name;
|
||||
extIdentitySource.Alias = externalDomain.alias;
|
||||
extIdentitySource.Type = externalDomain.type;
|
||||
extIdentitySource.AuthenticationType = externalDomain.authenticationDetails?.authenticationType;
|
||||
extIdentitySource.AuthenticationUsername = externalDomain.authenticationDetails?.username;
|
||||
@@ -1266,6 +1268,14 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
extIdentitySource.FailoverUrl = externalDomain.details?.failoverUrl;
|
||||
extIdentitySource.GroupBaseDN = externalDomain.details?.groupBaseDn;
|
||||
extIdentitySource.UserBaseDN = externalDomain.details?.userBaseDn;
|
||||
if (externalDomain.details?.certificates != null && externalDomain.details?.certificates.Length > 0) {
|
||||
var certificatesList = new List<X509Certificate2>();
|
||||
foreach (var cert in externalDomain.details?.certificates) {
|
||||
certificatesList.Add(new X509Certificate2(Encoding.ASCII.GetBytes(cert)));
|
||||
}
|
||||
extIdentitySource.Certificates = certificatesList.ToArray();
|
||||
}
|
||||
|
||||
yield return extIdentitySource;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,6 +45,26 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
|
||||
$global:DefaultSsoAdminServers | Should -Contain $actual
|
||||
}
|
||||
|
||||
It 'Connect-SsoAdminServer connects the server with PSCredential object' {
|
||||
# Act
|
||||
$securePassword = ConvertTo-SecureString -AsPlainText -Force -String $Password
|
||||
$credential = New-Object `
|
||||
-TypeName System.Management.Automation.PSCredential `
|
||||
-ArgumentList $User, $securePassword
|
||||
$actual = Connect-SsoAdminServer `
|
||||
-Server $VcAddress `
|
||||
-Credential $credential `
|
||||
-SkipCertificateCheck
|
||||
|
||||
# Assert
|
||||
$actual | Should -Not -Be $null
|
||||
$actual.GetType().FullName | Should -Be 'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer'
|
||||
$actual.IsConnected | Should -Be $true
|
||||
$actual.Name | Should -Be $VcAddress
|
||||
$global:DefaultSsoAdminServers | Should -Contain $actual
|
||||
}
|
||||
|
||||
|
||||
It 'Connect-SsoAdminServer throws error on invalid password' {
|
||||
# Act
|
||||
# Assert
|
||||
|
||||
Reference in New Issue
Block a user