From 81394c8294626e63edeab6e69221e4b7d8d6f0de Mon Sep 17 00:00:00 2001 From: "Prabha S (ps)" Date: Wed, 20 Mar 2024 22:58:34 -0700 Subject: [PATCH 1/4] Added the custom platform script for Wikipedia. --- SampleScripts/HTTP/CustomWikipedia.json | 228 ++++++++++++++++++++++++ 1 file changed, 228 insertions(+) create mode 100644 SampleScripts/HTTP/CustomWikipedia.json diff --git a/SampleScripts/HTTP/CustomWikipedia.json b/SampleScripts/HTTP/CustomWikipedia.json new file mode 100644 index 0000000..1b18c57 --- /dev/null +++ b/SampleScripts/HTTP/CustomWikipedia.json @@ -0,0 +1,228 @@ +{ + "Id": "CustomWikipedia", + "BackEnd": "Scriptable", + "Meta": { + "Author": "Prabha S, One Identity", + "ScriptVersion": "1.0", + "Last Updated": "2024-03-18", + "Description": "Platform script to support Wikipedia web application, this is tested with SPP version 7.5 and above." + }, + "CheckPassword": { + "Parameters": [ + { "Timeout": { "Type": "Integer", "Required": false, "DefaultValue": 30 } }, + { "AccountUserName": { "Type": "String", "Required": true } }, + { "AccountPassword": { "Type": "Secret", "Required": true } }, + { "AssetName": { "Type": "String", "Required": false, "DefaultValue": "Wikipedia" } }, + { "HttpProxyAddress": { "Type": "String", "Description": "HTTP Proxy Address", "Required": false } }, + { "HttpProxyPort": { "Type": "Integer", "Description": "HTTP Proxy Port", "Required": false, "DefaultValue": 443 } }, + { "HttpProxyUserName": { "Type": "String", "Description": "HTTP Proxy UserName", "Required": false } }, + { "HttpProxyPassword": { "Type": "Secret", "Description": "HTTP Proxy Password", "Required": false } } + ], + "Do": [ + { "Status": { "Type": "Checking", "Percent": 10, "Message": { "Name": "VerifyingPassword", "Parameters": [ "%AssetName%", "%AccountUserName%" ] } } }, + { "Function": { "Name": "Login", "ResultVariable": "IsLoggedIn" } }, + { "Condition": { + "If": "!IsLoggedIn", "Then": + [ + { "Log": { "Text": "Unsuccessful Login" } } + ] + } + }, + { "Return": { "Value": "%IsLoggedIn%" } } + ] + }, + "ChangePassword": { + "Parameters": [ + { "Timeout": { "Type": "Integer", "Required": false, "DefaultValue": 30 } }, + { "AccountUserName": { "Type": "String", "Required": true } }, + { "AccountPassword": { "Type": "Secret", "Required": true } }, + { "NewPassword": { "Type": "Secret", "Required": true } }, + { "AssetName": { "Type": "String", "Required": false, "DefaultValue": "Wikipedia" } }, + { "HttpProxyAddress": { "Type": "String", "Description": "HTTP Proxy Address", "Required": false } }, + { "HttpProxyPort": { "Type": "Integer", "Description": "HTTP Proxy Port", "Required": false, "DefaultValue": 443 } }, + { "HttpProxyUserName": { "Type": "String", "Description": "HTTP Proxy UserName", "Required": false } }, + { "HttpProxyPassword": { "Type": "Secret", "Description": "HTTP Proxy Password", "Required": false } } + ], + "Do": [ + { "Status": { "Type": "Changing", "Percent": 20, "Message": { "Name": "ChangingPassword", "Parameters": [ "%AccountUserName%" ] } } }, + { "Condition": { + "If": "AccountPassword.Equals(NewPassword)", "Then": + [ + { "Status": { "Type": "Changing", "Percent": 80, "Message": { "Name": "CurrentAndNewPasswordsAreIdentical", "Parameters": [ "%AccountUserName%" ] } } }, + { "Log": { "Text": "Current and New Password are Identical" } }, + { "Return": { "Value": false } } + ] + } + }, + { "Status": { "Type": "Changing", "Percent": 20, "Message": { "Name": "LoggingInToService" } } }, + { "Function": { "Name": "Login", "ResultVariable": "LoginResult" } }, + { "Condition": { + "If": "!LoginResult", "Then": + [ + { "Status": { "Type": "Changing", "Percent": 70, "Message": { "Name": "LoggingInWithAccountFailed", "Parameters": [ "%AssetName%", "%AccountUserName%" ] } } }, + { "Return": { "Value": false } } + ] + } + }, + { "Function": { "Name": "ChangeUserPassword", "ResultVariable": "CheckResult" } }, + { "Return": { "Value": "%CheckResult%" } } + ] + }, + "Functions": [ + { + "Name": "Login", + "Do": [ + { "BaseAddress": { "Address": "https://en.wikipedia.org" } }, + { "NewHttpRequest": { "ObjectName": "Global:SystemRequest" } }, + { "Request": { + "Verb": "Get", + "Url": "w/api.php?action=query&meta=tokens&type=login&format=json", + "RequestObjectName": "SystemRequest", + "ResponseObjectName": "Global:LoginTokenResponse", + "AllowRedirect": false, + "ProxyIp": "%HttpProxyAddress%", + "ProxyPort": "%HttpProxyPort%", + "ProxyUser": "%HttpProxyUserName%", + "ProxyPassword": "%HttpProxyPassword%" + } + }, + { "ExtractJsonObject": { "JsonObjectName": "LoginTokenResponse", "Name": "LoginTokenJson" } }, + { "SetItem": { "Name": "LoginToken", "Value": "%{ LoginTokenJson.query.tokens.logintoken.Value }%" } }, + { "Condition": { + "If": "string.IsNullOrEmpty(LoginToken)", "Then": + [ + { "Log": { "Text": "Error, Login Token not found" } }, + { "Return": { "Value": false } } + ] + } + }, + { "UrlEncode": { + "Source": "%LoginToken%", + "ResultVariable": "EncodedLoginToken" + } + }, + { "UrlEncode": { + "Source": "%AccountPassword%", + "ResultVariable": "EncodedPassword", + "IsSecret": true + } + }, + { "UrlEncode": { + "Source": "%AccountUserName%", + "ResultVariable": "EncodedUserName" + } + }, + { "SetItem": { "Name": "RequestBody", "Value": "lgpassword=%{EncodedPassword}%&lgtoken=%{EncodedLoginToken}%" , "IsSecret": true } }, + { "Request": { + "Verb": "Post", + "Url": "w/api.php?action=login&lgname=%{EncodedUserName}%&format=json", + "SubstitutionInUrl": true, + "RequestObjectName": "SystemRequest", + "ResponseObjectName": "Global:LoginPostResponse", + "AllowRedirect": false, + "Content": { + "ContentObjectName": "RequestBody", + "ContentType": "application/x-www-form-urlencoded" + }, + "ProxyIp": "%HttpProxyAddress%", + "ProxyPort": "%HttpProxyPort%", + "ProxyUser": "%HttpProxyUserName%", + "ProxyPassword": "%HttpProxyPassword%" + } + }, + { "ExtractJsonObject": { "JsonObjectName": "LoginPostResponse", "Name": "LoginResultJson" } }, + { "Condition": { + "If": "!LoginResultJson.login.result.Value.Equals(\"Success\")", "Then": + [ + { "Log": { "Text": "Unsuccessful Login" } }, + { "Return": { "Value": false } } + ] + } + }, + { "Condition": { + "If": "LoginResultJson.login.result.Value.Equals(\"Success\")", "Then": + [ + { "Log": { "Text": "Authentication successful" } }, + { "Return": { "Value": true } } + ] + } + }, + { "Status": { "Type": "Checking", "Percent": 80, "Message": { "Name": "LoggingInWithAccountFailed", "Parameters": [ "%AccountUserName%" ] } } }, + { "Return": { "Value": false } } + ] + }, + { + "Name": "ChangeUserPassword", + "Do": [ + { "Request": { + "Verb": "Get", + "Url": "w/api.php?action=query&meta=tokens&format=json", + "RequestObjectName": "SystemRequest", + "ResponseObjectName": "Global:CsrfTokenResponse", + "AllowRedirect": false, + "ProxyIp": "%HttpProxyAddress%", + "ProxyPort": "%HttpProxyPort%", + "ProxyUser": "%HttpProxyUserName%", + "ProxyPassword": "%HttpProxyPassword%" + } + }, + { "ExtractJsonObject": { "JsonObjectName": "CsrfTokenResponse", "Name": "CsrfTokenJson" } }, + { "SetItem": { "Name": "CsrfToken", "Value": "%{ CsrfTokenJson.query.tokens.csrftoken.Value }%" } }, + { "Condition": { + "If": "!(CsrfToken.Length > 2)", "Then": + [ + { "Log": { "Text": "Error, Csrf Token not found" } }, + { "Throw": { "Value": "Error, Csrf Token not found" } } + ] + } + }, + { "UrlEncode": { + "Source": "%CsrfToken%", + "ResultVariable": "EncodedCsrfToken" + } + }, + { "UrlEncode": { + "Source": "%NewPassword%", + "ResultVariable": "EncodedNewPassword", + "IsSecret": true + } + }, + { "SetItem": { "Name": "RequestBody", "Value": "changeauthtoken=%{EncodedCsrfToken}%&password=%EncodedNewPassword%&retype=%EncodedNewPassword%" , "IsSecret": true} }, + { "Request": { + "Verb": "Post", + "Url": "w/api.php?action=changeauthenticationdata&changeauthrequest=MediaWiki%5CAuth%5CPasswordAuthenticationRequest&format=json", + "RequestObjectName": "SystemRequest", + "ResponseObjectName": "Global:ChangePasswordPostResponse", + "AllowRedirect": false, + "Content": { + "ContentObjectName": "RequestBody", + "ContentType": "application/x-www-form-urlencoded" + }, + "ProxyIp": "%HttpProxyAddress%", + "ProxyPort": "%HttpProxyPort%", + "ProxyUser": "%HttpProxyUserName%", + "ProxyPassword": "%HttpProxyPassword%" + } + }, + { "ExtractJsonObject": { "JsonObjectName": "ChangePasswordPostResponse", "Name": "PasswordResponseJson" } }, + { "Condition": { + "If": "PasswordResponseJson.ToString().Contains(\"changeauthenticationdata\") && PasswordResponseJson.ToString().Contains(\"success\")", "Then": + [ + { "Log": { "Text": "Password changed successfully" } }, + { "Return": { "Value": true } } + ] + } + }, + { "Condition": { + "If": "PasswordResponseJson.ToString().Contains(\"error\")", "Then": + [ + { "Log": { "Text": "%{ PasswordResponseJson.error.code.Value }%" } }, + { "Return": { "Value": false } } + ] + } + }, + { "Return": { "Value": false } } + ] + } + ] +} From 228192ee07fd46c99a5a978a0f5e6c91c0e36acd Mon Sep 17 00:00:00 2001 From: "Prabha S (ps)" Date: Thu, 28 Mar 2024 04:38:07 -0700 Subject: [PATCH 2/4] Feature 449943 Safeguard Custom Platform Script for Wikipedia.com This script is for including Wikipedia as a new custom platform in SPP. --- SampleScripts/HTTP/CustomWikipedia.json | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/SampleScripts/HTTP/CustomWikipedia.json b/SampleScripts/HTTP/CustomWikipedia.json index 1b18c57..8569ddb 100644 --- a/SampleScripts/HTTP/CustomWikipedia.json +++ b/SampleScripts/HTTP/CustomWikipedia.json @@ -21,13 +21,6 @@ "Do": [ { "Status": { "Type": "Checking", "Percent": 10, "Message": { "Name": "VerifyingPassword", "Parameters": [ "%AssetName%", "%AccountUserName%" ] } } }, { "Function": { "Name": "Login", "ResultVariable": "IsLoggedIn" } }, - { "Condition": { - "If": "!IsLoggedIn", "Then": - [ - { "Log": { "Text": "Unsuccessful Login" } } - ] - } - }, { "Return": { "Value": "%IsLoggedIn%" } } ] }, @@ -44,17 +37,17 @@ { "HttpProxyPassword": { "Type": "Secret", "Description": "HTTP Proxy Password", "Required": false } } ], "Do": [ - { "Status": { "Type": "Changing", "Percent": 20, "Message": { "Name": "ChangingPassword", "Parameters": [ "%AccountUserName%" ] } } }, + { "Status": { "Type": "Changing", "Percent": 10, "Message": { "Name": "ChangingPassword", "Parameters": [ "%AccountUserName%" ] } } }, { "Condition": { "If": "AccountPassword.Equals(NewPassword)", "Then": [ { "Status": { "Type": "Changing", "Percent": 80, "Message": { "Name": "CurrentAndNewPasswordsAreIdentical", "Parameters": [ "%AccountUserName%" ] } } }, - { "Log": { "Text": "Current and New Password are Identical" } }, + { "Log": { "Text": "The current and new password are identical." } }, { "Return": { "Value": false } } ] } }, - { "Status": { "Type": "Changing", "Percent": 20, "Message": { "Name": "LoggingInToService" } } }, + { "Status": { "Type": "Changing", "Percent": 20, "Message": { "Name": "LoggingInToService", "Parameters": [ "%AssetName%", "%AccountUserName%" ] } } }, { "Function": { "Name": "Login", "ResultVariable": "LoginResult" } }, { "Condition": { "If": "!LoginResult", "Then": @@ -112,7 +105,7 @@ "ResultVariable": "EncodedUserName" } }, - { "SetItem": { "Name": "RequestBody", "Value": "lgpassword=%{EncodedPassword}%&lgtoken=%{EncodedLoginToken}%" , "IsSecret": true } }, + { "SetItem": { "Name": "RequestBody", "Value": "lgpassword=%EncodedPassword%&lgtoken=%EncodedLoginToken%" , "IsSecret": true } }, { "Request": { "Verb": "Post", "Url": "w/api.php?action=login&lgname=%{EncodedUserName}%&format=json", @@ -134,7 +127,8 @@ { "Condition": { "If": "!LoginResultJson.login.result.Value.Equals(\"Success\")", "Then": [ - { "Log": { "Text": "Unsuccessful Login" } }, + { "Log": { "Text": "%{ LoginResultJson.login.reason.Value }%" } }, + { "Status": { "Type": "Checking", "Percent": 80, "Message": { "Name": "LoggingInWithAccountFailed", "Parameters": [ "%AccountUserName%" ] } } }, { "Return": { "Value": false } } ] } @@ -187,7 +181,7 @@ "IsSecret": true } }, - { "SetItem": { "Name": "RequestBody", "Value": "changeauthtoken=%{EncodedCsrfToken}%&password=%EncodedNewPassword%&retype=%EncodedNewPassword%" , "IsSecret": true} }, + { "SetItem": { "Name": "RequestBody", "Value": "changeauthtoken=%EncodedCsrfToken%&password=%EncodedNewPassword%&retype=%EncodedNewPassword%", "IsSecret": true} }, { "Request": { "Verb": "Post", "Url": "w/api.php?action=changeauthenticationdata&changeauthrequest=MediaWiki%5CAuth%5CPasswordAuthenticationRequest&format=json", @@ -216,8 +210,7 @@ { "Condition": { "If": "PasswordResponseJson.ToString().Contains(\"error\")", "Then": [ - { "Log": { "Text": "%{ PasswordResponseJson.error.code.Value }%" } }, - { "Return": { "Value": false } } + { "Log": { "Text": "%{ PasswordResponseJson.error.code.Value }%" } } ] } }, From 88538af26199439344f44560f69581f82d1fefd9 Mon Sep 17 00:00:00 2001 From: "Prabha S (ps)" Date: Thu, 28 Mar 2024 07:08:22 -0700 Subject: [PATCH 3/4] Feature 449943 Safeguard Custom Platform Script for Wikipedia.com This script is for including Wikipedia as a new custom platform in SPP. --- SampleScripts/HTTP/CustomWikipedia.json | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/SampleScripts/HTTP/CustomWikipedia.json b/SampleScripts/HTTP/CustomWikipedia.json index 8569ddb..5cf4299 100644 --- a/SampleScripts/HTTP/CustomWikipedia.json +++ b/SampleScripts/HTTP/CustomWikipedia.json @@ -52,7 +52,6 @@ { "Condition": { "If": "!LoginResult", "Then": [ - { "Status": { "Type": "Changing", "Percent": 70, "Message": { "Name": "LoggingInWithAccountFailed", "Parameters": [ "%AssetName%", "%AccountUserName%" ] } } }, { "Return": { "Value": false } } ] } @@ -124,15 +123,6 @@ } }, { "ExtractJsonObject": { "JsonObjectName": "LoginPostResponse", "Name": "LoginResultJson" } }, - { "Condition": { - "If": "!LoginResultJson.login.result.Value.Equals(\"Success\")", "Then": - [ - { "Log": { "Text": "%{ LoginResultJson.login.reason.Value }%" } }, - { "Status": { "Type": "Checking", "Percent": 80, "Message": { "Name": "LoggingInWithAccountFailed", "Parameters": [ "%AccountUserName%" ] } } }, - { "Return": { "Value": false } } - ] - } - }, { "Condition": { "If": "LoginResultJson.login.result.Value.Equals(\"Success\")", "Then": [ @@ -141,7 +131,8 @@ ] } }, - { "Status": { "Type": "Checking", "Percent": 80, "Message": { "Name": "LoggingInWithAccountFailed", "Parameters": [ "%AccountUserName%" ] } } }, + { "Log": { "Text": "%{ LoginResultJson.ToString() }%" } }, + { "Status": { "Type": "Checking", "Percent": 80, "Message": { "Name": "LoggingInWithAccountFailed", "Parameters": [ "%AssetName%", "%AccountUserName%" ] } } }, { "Return": { "Value": false } } ] }, @@ -207,13 +198,7 @@ ] } }, - { "Condition": { - "If": "PasswordResponseJson.ToString().Contains(\"error\")", "Then": - [ - { "Log": { "Text": "%{ PasswordResponseJson.error.code.Value }%" } } - ] - } - }, + { "Log": { "Text": "%{ PasswordResponseJson.ToString() }%" } }, { "Return": { "Value": false } } ] } From cfa10f1453969e682e094ad993efbeb6a386ef91 Mon Sep 17 00:00:00 2001 From: "Prabha S (ps)" Date: Thu, 28 Mar 2024 08:21:49 -0700 Subject: [PATCH 4/4] Feature 449943 Safeguard Custom Platform Script for Wikipedia.com This feature includes Wikipedia as a new custom platform in SPP. "SupportedScripts" Folder is added which contains CustomWikipedia.json and a ReadMe file in it. --- .../HTTP => SupportedScripts}/CustomWikipedia.json | 0 SupportedScripts/README.md | 12 ++++++++++++ 2 files changed, 12 insertions(+) rename {SampleScripts/HTTP => SupportedScripts}/CustomWikipedia.json (100%) create mode 100644 SupportedScripts/README.md diff --git a/SampleScripts/HTTP/CustomWikipedia.json b/SupportedScripts/CustomWikipedia.json similarity index 100% rename from SampleScripts/HTTP/CustomWikipedia.json rename to SupportedScripts/CustomWikipedia.json diff --git a/SupportedScripts/README.md b/SupportedScripts/README.md new file mode 100644 index 0000000..8b64007 --- /dev/null +++ b/SupportedScripts/README.md @@ -0,0 +1,12 @@ +These custom platform scripts have been tested and verified by One Identity to work with the specified version of Safeguard for Privileged Passwords, and to work against the target platform at the time of authoring. + +To better understand the content of these sample scripts, read the wiki documentation. + +For information on creating and adding a custom platforms, search for these topics in the SPP [Administration Guide](https://support.oneidentity.com/technical-documents/one-identity-safeguard/administration-guide): + - Custom Platforms + - Adding a custom platform
+ +For information on assets, search for these topics in the SPP [Administration Guide](https://support.oneidentity.com/technical-documents/one-identity-safeguard/administration-guide): + - Assets + - Adding an asset + - Connection tab (add asset) \ No newline at end of file