Custom PSCredential object to log into o365 powershell

Welcome Forums General PowerShell Q&A Custom PSCredential object to log into o365 powershell

This topic contains 4 replies, has 2 voices, and was last updated by

 
Participant
1 year, 1 month ago.

  • Author
    Posts
  • #82297
    Jon

    Participant
    Points: 25
    Rank: Member

    A little background...we have a PAM (privileged access management) solution called Cyberark that rotates our admin credentials and provides a secure portal for RDP, SSH etc. I am programmatically trying to check out the password through the rest request and pass those creds into the custom PS object so I can log into O365.

    $url = "https://cyberark/vault/mycredslocation"
    $response = Invoke-RestMethod -uri $url
    
    $password = ConvertTo-SecureString $response.content -AsPlainText -Force
    
    $cred = New-Object System.Management.Automation.PSCredential($response.UserName + "@domain.com", $password)
    
    Set-ExecutionPolicy RemoteSigned
    
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/?proxymethod=rps -Credential $cred -Authentication Basic -AllowRedirection
    Import-PSSession $Session -AllowClobber
    

    Error message is:
    New-PSSession : The WinRM client cannot process the request. Requests must include user name and password when Basic or Digest authentication mechanism is used. Add the user name and password or change the
    authentication mechanism and try the request again.
    At C:\Scripts\users\aim2.ps1:13 char:12
    + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (https://outlook...proxymethod=rps:Uri) [New-PSSession], PSInvalidOperationException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed,Microsoft.PowerShell.Commands.NewPSSessionCommand

    Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for the argument, and then try running the command again.
    At C:\Scripts\users\aim2.ps1:14 char:18
    + Import-PSSession $Session -AllowClobber
    + ~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand

    I have tried the different types of authentication mechanisms and still get various errors. I have verified the proper username and password are being checked out. I have also used this code to connect to other servers and it works fine.

  • #82300
    Jon

    Participant
    Points: 25
    Rank: Member

    I tried the other various O365 services (connect-msol, and skype) and got this error with Skype:
    You must specify a user principal name in the format of User@Domain.Com.

    So this might be an issue with the way I am appending the domain name to the username

    • #82306

      Participant
      Points: 0
      Rank: Member

      I think you're right in regards to the username build. I would check the value of your "$cred" variable to confirm what is actually being passed through. Additionally, it may help to separate the build:

      $url = "https://cyberark/vault/mycredslocation"
      $response = Invoke-RestMethod -uri $url
      
      $password = ConvertTo-SecureString $response.content -AsPlainText -Force
      $username = "$($response.username)@domain.com"
      
      $cred = New-Object System.Management.Automation.PSCredential($username, $password)
      
  • #82336
    Jon

    Participant
    Points: 25
    Rank: Member

    That worked!

    Can you explain to me what the $ in front of "$($response.username)@domain.com" is?

    • #82339

      Participant
      Points: 0
      Rank: Member

      In this case, the first "$" is being used as part of a sub-expression operator that allows us to define the expanded string that is '$response.username'+ '@domain'. I like to think of it like defining a new variable made up of multiple parts. Here is some more info about it:

      PowerShell: Using Subexpressions Within Strings

The topic ‘Custom PSCredential object to log into o365 powershell’ is closed to new replies.