martohla
1 Copper

CAS Authentication using Powershell's Invoke-RestMethod

Jump to solution

Hi,

I need some assistance with the RESTful API using the new Powershell cmdlet Invoke-RestMethod.

The helpfile gives examples on authenticating using cURL and PERL but I would like to use PowerShell?

It was tricky to connect in the first instance due to some issue with self signed certs and the new cmdlet (more here) but I managed to implement the workaround.

Many thanks,

Martin

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
8 Krypton

Re: CAS Authentication using Powershell's Invoke-RestMethod

Jump to solution

Hello Martin,

Thanks for asking.  You have given me a good reason to take a closer look at PowerShell 3.  Because we use CAS authentication, you'll first need to authenticate with ProSphere using the invoke-webrequest cmdlet.  Once you do that, you can use the web session with the invoke-restmethod cmdlet to retrieve the data of interest to you.

Here's a quick function I put together that will authenticate with ProSphere and return the session variable.

function Get-ProSphereSession {

    param(  

    ## ProSphere virtual machine FQDN

    [string] $psfqdn = "",

    ## ProSphere username

    [string] $username = "appadmin",

    ## ProSphere username

    [string] $password = "Changeme1!"

    )

    #Get a web session variable for the ProSphere instance

    [string] $loginuri = "https://" + $psfqdn + "/cas-server/login"

    $request = Invoke-WebRequest -Uri $loginuri -SessionVariable ps

    #Login to the CAS server

    $form = $request.Forms[0]

    $form.Fields["username"] = $username

    $form.Fields["password"] = $password

    $request = Invoke-WebRequest -Uri $loginuri -WebSession $ps -Method POST -Body $form.Fields

    #Return the authenticated web session variable

    $ps

}

What I did next was dot source the function so I could use it from the PowerShell prompt.  Here's how to get an authenticated session (no need to provide the username and password if you are still using the default).

$session = Get-ProSphereSession pstest.lss.emc.com -username appadmin -password Changeme1!

Next, you can run the invoke-restmethod cmdlet using $session.

$request = Invoke-RestMethod -uri https://pstest.lss.emc.com/srm/topology/msa/types/Host/instances -WebSession $session

Sending $request to get-member you can see it is an XmlElement:

$request | get-member

   TypeName: System.Xml.XmlElement#http://www.w3.org/2005/Atom#entry

Which you can then do with as you please:

$request.content.Host | Where-Object {$_.Displayname -match "2950prem"} | format-list DisplayName,ipaddress,fqdn,createdby

DisplayName : 2950prem2-ecc

IPAddress   : 10.192.165.133

FQDN        : 2950prem2-ecc.workgroup

CreatedBy   : Discovery

DisplayName : 2950prem4-ecc

IPAddress   : 10.192.164.27

FQDN        : 2950prem4-ecc.emc.pri

CreatedBy   : Discovery

DisplayName : 2950prem5-ecc

IPAddress   : 10.192.164.28

FQDN        : 2950prem5-ecc.emc.pri

CreatedBy   : Discovery

I hope this is enough to get you started!

Ryan H.

4 Replies
Highlighted
8 Krypton

Re: CAS Authentication using Powershell's Invoke-RestMethod

Jump to solution

Hello Martin,

Thanks for asking.  You have given me a good reason to take a closer look at PowerShell 3.  Because we use CAS authentication, you'll first need to authenticate with ProSphere using the invoke-webrequest cmdlet.  Once you do that, you can use the web session with the invoke-restmethod cmdlet to retrieve the data of interest to you.

Here's a quick function I put together that will authenticate with ProSphere and return the session variable.

function Get-ProSphereSession {

    param(  

    ## ProSphere virtual machine FQDN

    [string] $psfqdn = "",

    ## ProSphere username

    [string] $username = "appadmin",

    ## ProSphere username

    [string] $password = "Changeme1!"

    )

    #Get a web session variable for the ProSphere instance

    [string] $loginuri = "https://" + $psfqdn + "/cas-server/login"

    $request = Invoke-WebRequest -Uri $loginuri -SessionVariable ps

    #Login to the CAS server

    $form = $request.Forms[0]

    $form.Fields["username"] = $username

    $form.Fields["password"] = $password

    $request = Invoke-WebRequest -Uri $loginuri -WebSession $ps -Method POST -Body $form.Fields

    #Return the authenticated web session variable

    $ps

}

What I did next was dot source the function so I could use it from the PowerShell prompt.  Here's how to get an authenticated session (no need to provide the username and password if you are still using the default).

$session = Get-ProSphereSession pstest.lss.emc.com -username appadmin -password Changeme1!

Next, you can run the invoke-restmethod cmdlet using $session.

$request = Invoke-RestMethod -uri https://pstest.lss.emc.com/srm/topology/msa/types/Host/instances -WebSession $session

Sending $request to get-member you can see it is an XmlElement:

$request | get-member

   TypeName: System.Xml.XmlElement#http://www.w3.org/2005/Atom#entry

Which you can then do with as you please:

$request.content.Host | Where-Object {$_.Displayname -match "2950prem"} | format-list DisplayName,ipaddress,fqdn,createdby

DisplayName : 2950prem2-ecc

IPAddress   : 10.192.165.133

FQDN        : 2950prem2-ecc.workgroup

CreatedBy   : Discovery

DisplayName : 2950prem4-ecc

IPAddress   : 10.192.164.27

FQDN        : 2950prem4-ecc.emc.pri

CreatedBy   : Discovery

DisplayName : 2950prem5-ecc

IPAddress   : 10.192.164.28

FQDN        : 2950prem5-ecc.emc.pri

CreatedBy   : Discovery

I hope this is enough to get you started!

Ryan H.

martohla
1 Copper

Re: CAS Authentication using Powershell's Invoke-RestMethod

Jump to solution

Hi Ryan,

Great, that's exactly what I needed to get me started.

I can confirm that it works well and would like to suggest that this is included in the REST API helpfile in addition to the cURL and PERL examples.

Many thanks!

Martin

0 Kudos
8 Krypton

Re: CAS Authentication using Powershell's Invoke-RestMethod

Jump to solution

I received another question related to the Get-ProSphereSession function this week.  A user was trying to execute the function, but was receiving the following error message,

Could not establish trust relationship for the SSL/TLS secure channel.

When I was doing my testing of this function, I was using a ProSphere instance that already has a valid SSL X.509 certificate imported.  So the most secure answer to the above error, is to request a certificate from the Certificate Authority used by your organization.  This process is documented in emc275428.

A less secure approach is to import the ProSphere self-signed certificate on the host where you are running PowerShell, per the instructions in the following Microsoft blog (be sure to use the * suggestion in step 6).  These instructions are for Vista, but work just as well for Windows 7.  NOTE:  For Windows 7, right click the Internet Explorer icon and choose "Run as administrator"

Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

As soon as you have the certificate imported, you should find the function works as advertised.

0 Kudos
mkari
1 Copper

Re: CAS Authentication using Powershell's Invoke-RestMethod

Jump to solution

Hi,

Thanks for sharing the script we are using same script It is very nice post,  it working fine but the issue is it works only when we have short name of  the host it does not work when we specify long name or ip in host name. as shown below.

Works fine

$request = Invoke-RestMethod -uri https://pstest123/instances -WebSession $session

$request = Invoke-RestMethod -uri https://pstest123.emc.corp.com/instances -WebSession $session

Not works

$request = Invoke-RestMethod -uri https://pstest123.lss.emc.com/instances -WebSession $session

$request = Invoke-RestMethod -uri https://Xxx.XX.XX.XX/instances -WebSession $session


It would be great help if you can you can help?

Thanks in advance.

0 Kudos