Bug fixes (#499)
* Add Certificates to External Identity Source Signed-off-by: Dimitar Milov <dmilov@vmware.com> * Add Credential parameter to Connect-SsoAdminServer Signed-off-by: Dimitar Milov <dmilov@vmware.com>
This commit is contained in:
dmilov
GitHub
@@ -24,6 +24,9 @@ function Connect-SsoAdminServer {
|
|||||||
.PARAMETER Password
|
.PARAMETER Password
|
||||||
Specifies the password you want to use for authenticating with the server.
|
Specifies the password you want to use for authenticating with the server.
|
||||||
|
|
||||||
|
.PARAMETER Credential
|
||||||
|
Specifies a PSCredential object to for authenticating with the server.
|
||||||
|
|
||||||
.PARAMETER SkipCertificateCheck
|
.PARAMETER SkipCertificateCheck
|
||||||
Specifies whether server Tls certificate validation will be skipped
|
Specifies whether server Tls certificate validation will be skipped
|
||||||
|
|
||||||
@@ -46,7 +49,8 @@ function Connect-SsoAdminServer {
|
|||||||
Mandatory = $true,
|
Mandatory = $true,
|
||||||
ValueFromPipeline = $false,
|
ValueFromPipeline = $false,
|
||||||
ValueFromPipelineByPropertyName = $false,
|
ValueFromPipelineByPropertyName = $false,
|
||||||
HelpMessage = 'User name you want to use for authenticating with the server')]
|
HelpMessage = 'User name you want to use for authenticating with the server',
|
||||||
|
ParameterSetName = 'UserPass')]
|
||||||
[string]
|
[string]
|
||||||
$User,
|
$User,
|
||||||
|
|
||||||
@@ -54,11 +58,21 @@ function Connect-SsoAdminServer {
|
|||||||
Mandatory = $true,
|
Mandatory = $true,
|
||||||
ValueFromPipeline = $false,
|
ValueFromPipeline = $false,
|
||||||
ValueFromPipelineByPropertyName = $false,
|
ValueFromPipelineByPropertyName = $false,
|
||||||
HelpMessage = 'Password you want to use for authenticating with the server')]
|
HelpMessage = 'Password you want to use for authenticating with the server',
|
||||||
|
ParameterSetName = 'UserPass')]
|
||||||
[VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
|
[VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
|
||||||
[SecureString]
|
[SecureString]
|
||||||
$Password,
|
$Password,
|
||||||
|
|
||||||
|
[Parameter(
|
||||||
|
Mandatory = $true,
|
||||||
|
ValueFromPipeline = $false,
|
||||||
|
ValueFromPipelineByPropertyName = $false,
|
||||||
|
HelpMessage = 'PSCredential object to use for authenticating with the server',
|
||||||
|
ParameterSetName = 'Credential')]
|
||||||
|
[PSCredential]
|
||||||
|
$Credential,
|
||||||
|
|
||||||
[Parameter(
|
[Parameter(
|
||||||
Mandatory = $false,
|
Mandatory = $false,
|
||||||
HelpMessage = 'Skips server Tls certificate validation')]
|
HelpMessage = 'Skips server Tls certificate validation')]
|
||||||
@@ -73,13 +87,24 @@ function Connect-SsoAdminServer {
|
|||||||
|
|
||||||
$ssoAdminServer = $null
|
$ssoAdminServer = $null
|
||||||
try {
|
try {
|
||||||
$ssoAdminServer = New-Object `
|
if ($PSBoundParameters.ContainsKey('Credential')) {
|
||||||
'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
|
$ssoAdminServer = New-Object `
|
||||||
-ArgumentList @(
|
'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
|
||||||
$Server,
|
-ArgumentList @(
|
||||||
$User,
|
$Server,
|
||||||
$Password,
|
$Credential.UserName,
|
||||||
$certificateValidator)
|
$Credential.Password,
|
||||||
|
$certificateValidator)
|
||||||
|
} else {
|
||||||
|
$ssoAdminServer = New-Object `
|
||||||
|
'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
|
||||||
|
-ArgumentList @(
|
||||||
|
$Server,
|
||||||
|
$User,
|
||||||
|
$Password,
|
||||||
|
$certificateValidator)
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Error (FormatError $_.Exception)
|
Write-Error (FormatError $_.Exception)
|
||||||
|
|||||||
@@ -12,7 +12,7 @@
|
|||||||
RootModule = 'VMware.vSphere.SsoAdmin.psm1'
|
RootModule = 'VMware.vSphere.SsoAdmin.psm1'
|
||||||
|
|
||||||
# Version number of this module.
|
# Version number of this module.
|
||||||
ModuleVersion = '1.3.5'
|
ModuleVersion = '1.3.6'
|
||||||
|
|
||||||
# Supported PSEditions
|
# Supported PSEditions
|
||||||
# CompatiblePSEditions = @()
|
# CompatiblePSEditions = @()
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -24,5 +24,7 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
|
|||||||
public string FailoverUrl { get; set; }
|
public string FailoverUrl { get; set; }
|
||||||
public string UserBaseDN { get; set; }
|
public string UserBaseDN { get; set; }
|
||||||
public string GroupBaseDN { get; set; }
|
public string GroupBaseDN { get; set; }
|
||||||
|
|
||||||
|
public System.Security.Cryptography.X509Certificates.X509Certificate2[] Certificates {get ;set;}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1232,32 +1232,34 @@ namespace VMware.vSphere.SsoAdminClient
|
|||||||
var authorizedInvocationContext =
|
var authorizedInvocationContext =
|
||||||
CreateAuthorizedInvocationContext();
|
CreateAuthorizedInvocationContext();
|
||||||
|
|
||||||
var domains = authorizedInvocationContext.
|
var identitySources = authorizedInvocationContext.
|
||||||
InvokeOperation(() =>
|
InvokeOperation(() =>
|
||||||
_ssoAdminBindingClient.GetDomainsAsync(
|
_ssoAdminBindingClient.GetAsync(
|
||||||
new ManagedObjectReference
|
new ManagedObjectReference
|
||||||
{
|
{
|
||||||
type = "SsoAdminDomainManagementService",
|
type = "SsoAdminIdentitySourceManagementService",
|
||||||
Value = "domainManagementService"
|
Value = "identitySourceManagementService"
|
||||||
})).Result;
|
})).Result;
|
||||||
|
|
||||||
if (domains != null)
|
if (identitySources != null)
|
||||||
{
|
{
|
||||||
var localos = new LocalOSIdentitySource();
|
var localos = new LocalOSIdentitySource();
|
||||||
localos.Name = domains.localOSDomainName;
|
localos.Name = identitySources.localOS.name;
|
||||||
yield return localos;
|
yield return localos;
|
||||||
|
|
||||||
var system = new SystemIdentitySource();
|
foreach (var systemDomain in identitySources.system.domains) {
|
||||||
system.Name = domains.systemDomainName;
|
var system = new SystemIdentitySource();
|
||||||
yield return system;
|
system.Name = systemDomain.name;
|
||||||
|
yield return system;
|
||||||
|
}
|
||||||
|
|
||||||
if (domains.externalDomains != null && domains.externalDomains.Length > 0)
|
|
||||||
|
if (identitySources.ldaps != null && identitySources.ldaps.Length > 0)
|
||||||
{
|
{
|
||||||
foreach (var externalDomain in domains.externalDomains)
|
foreach (var externalDomain in identitySources.ldaps)
|
||||||
{
|
{
|
||||||
var extIdentitySource = new ActiveDirectoryIdentitySource();
|
var extIdentitySource = new ActiveDirectoryIdentitySource();
|
||||||
extIdentitySource.Name = externalDomain.name;
|
extIdentitySource.Name = externalDomain.name;
|
||||||
extIdentitySource.Alias = externalDomain.alias;
|
|
||||||
extIdentitySource.Type = externalDomain.type;
|
extIdentitySource.Type = externalDomain.type;
|
||||||
extIdentitySource.AuthenticationType = externalDomain.authenticationDetails?.authenticationType;
|
extIdentitySource.AuthenticationType = externalDomain.authenticationDetails?.authenticationType;
|
||||||
extIdentitySource.AuthenticationUsername = externalDomain.authenticationDetails?.username;
|
extIdentitySource.AuthenticationUsername = externalDomain.authenticationDetails?.username;
|
||||||
@@ -1266,6 +1268,14 @@ namespace VMware.vSphere.SsoAdminClient
|
|||||||
extIdentitySource.FailoverUrl = externalDomain.details?.failoverUrl;
|
extIdentitySource.FailoverUrl = externalDomain.details?.failoverUrl;
|
||||||
extIdentitySource.GroupBaseDN = externalDomain.details?.groupBaseDn;
|
extIdentitySource.GroupBaseDN = externalDomain.details?.groupBaseDn;
|
||||||
extIdentitySource.UserBaseDN = externalDomain.details?.userBaseDn;
|
extIdentitySource.UserBaseDN = externalDomain.details?.userBaseDn;
|
||||||
|
if (externalDomain.details?.certificates != null && externalDomain.details?.certificates.Length > 0) {
|
||||||
|
var certificatesList = new List<X509Certificate2>();
|
||||||
|
foreach (var cert in externalDomain.details?.certificates) {
|
||||||
|
certificatesList.Add(new X509Certificate2(Encoding.ASCII.GetBytes(cert)));
|
||||||
|
}
|
||||||
|
extIdentitySource.Certificates = certificatesList.ToArray();
|
||||||
|
}
|
||||||
|
|
||||||
yield return extIdentitySource;
|
yield return extIdentitySource;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -45,6 +45,26 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
|
|||||||
$global:DefaultSsoAdminServers | Should -Contain $actual
|
$global:DefaultSsoAdminServers | Should -Contain $actual
|
||||||
}
|
}
|
||||||
|
|
||||||
|
It 'Connect-SsoAdminServer connects the server with PSCredential object' {
|
||||||
|
# Act
|
||||||
|
$securePassword = ConvertTo-SecureString -AsPlainText -Force -String $Password
|
||||||
|
$credential = New-Object `
|
||||||
|
-TypeName System.Management.Automation.PSCredential `
|
||||||
|
-ArgumentList $User, $securePassword
|
||||||
|
$actual = Connect-SsoAdminServer `
|
||||||
|
-Server $VcAddress `
|
||||||
|
-Credential $credential `
|
||||||
|
-SkipCertificateCheck
|
||||||
|
|
||||||
|
# Assert
|
||||||
|
$actual | Should -Not -Be $null
|
||||||
|
$actual.GetType().FullName | Should -Be 'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer'
|
||||||
|
$actual.IsConnected | Should -Be $true
|
||||||
|
$actual.Name | Should -Be $VcAddress
|
||||||
|
$global:DefaultSsoAdminServers | Should -Contain $actual
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
It 'Connect-SsoAdminServer throws error on invalid password' {
|
It 'Connect-SsoAdminServer throws error on invalid password' {
|
||||||
# Act
|
# Act
|
||||||
# Assert
|
# Assert
|
||||||
|
|||||||
Reference in New Issue
Block a user