Create CPM plugins for Web applications

This topic describes how to create CPM plugins for web applications.

Prerequisites

The prerequisites for testing and running CPM plugins for web applications on the development or CPM server are:

Supported browsers

 

CyberArk may choose not to provide maintenance and support services for Web applications for CPM with relation to any of the platforms and systems listed below which have reached their formal End-of-Life date, as published by their respective vendors from time to time. For more details, contact your CyberArk support representative.

The following browsers are supported:

Browser

Download info

Google Chrome (32-bit), version 100 or later

Click here to download this version

Microsoft Edge (32-bit), version 103 or later

Click here to download this version

To prevent incompatibility issues with the CPM Webapp infrastructure, with every new browser version update, make sure to also update the browser's driver with the same version. For example, when updating the Chrome browser to version 104, the Chrome driver on the server must also be updated to version 104.

Download and install the latest driver:

  • For Google Chrome, use this link to download the latest stable 32-bit (x86) driver.

  • For Microsoft Edge, use this link to download the latest stable 32-bit (x86) driver.

Copy the relevant downloaded exe file, Chromedriver.exe or msedgedriver.exe to the CPMbin folder.

Configure platforms for web applications

You can configure platforms for web applications based on a generic platform that is available in the Marketplace.

Create a CPM plugin for a web browser

Step 1: Create a user profile or user to run a browser

Depending on the type of environment that you have, hardened or non-hardened, to run a browser you must either create a user profile for the PluginManagerUser account or create a new local user.

Perform one of the following procedures according to the environment that you have.

To determine if the CPM environment is hardened or not, search for the specific users such as PasswordManagerUser that are created only in hardened environments. For more information on these users, see Creates Local Windows Service users and configures permissions.

Step 2: Add webform fields

Use webform fields to interact with DOM elements that support web actions or create conditional statements that enable you to create blocks of webform field actions.

Single webform field commands enable you to interact with DOM elements that support web actions such as input, focus on elements, iFrame, redirect and validation.

Specify the information listed below in the webform fields. Add the fields in a list of rows, using the following format:

CyberArk solutions as well as third-party products used by CyberArk solutions may contain digital signatures in files to ensure the files have not been altered and remain in their original state as shipped by CyberArk.

In order to ensure the integrity of the digital signatures, Certificate Revocation Lists (CRLs) published by the issuer of the signing certificates must be accessible to the system running the CyberArk solution. If access to the CRLs is prevented, this can result in a less secure environment since the signing certificate cannot be checked for revocation. It can also slow down the system as CyberArk or third-party products attempt to reach CRL distribution points that are unreachable, and the system has to wait for the timeout to complete its timeframe.

The conditional statements enable you to create blocks of webform field actions that will be executed based on the result of the conditional statement actions. You can form expressions ‘and’ ‘or’ conditional operators for different expression combinations. The language also supports nesting of conditional statements to create a complex control flow.

Each conditional statement must have both opening and closing commands to determine where the block of commands start and end.

Conditional statement opening and closing commands

The supported conditional statement opening and closing commands are described in the following table.

Opening command

Closing command

Usage

if ()

end-if

  • Each series of command blocks must begin with an if conditional statement.

  • Each if command determines the beginning of a new series of command blocks.

else-if ()

end-else-if

  • This conditional statement is optional in a series of command blocks.

  • Use the else-if command only in the following scenarios:

    • After an end-if command

    • After an end-else-if command (after a previous else-if command block)

  • Each series of block statements can contain one or more consecutive else-if command blocks.

  • You cannot use else-if after an else command.

else

end-else

  • Use the else command only in the following scenarios:

    • After an end-if command

    • After an end-else-if command (after a previous else-if command block)

  • Use only one else command in a series.

  • The else command does not require any conditions. It will always return a positive result.

  • The else command determines the end of a series of block commands.

Conditional operators usage

You can use the following conditional operators between conditions:

  • and

  • or

Command restrictions

Each condition must be surrounded by parenthesis.

Each conditional operator must be after the closing parenthesis that surrounds the previous condition, and before the opening parenthesis of the subsequent condition.

The following examples show both the correct syntax to use as well as incorrect syntax.

if ( ( <condition> ) )

if ( ( <condition> ) and ( <condition> ) )

if ((( <condition> ) and ( <condition> ) ) or ( <condition> ) )

Example 1: This example shows invalid syntax using the conditional operator.

if ( ( <condition> ) ( <condition> ) )

if ((( <condition> ) and ( <condition> ) ) ( <condition> ) )

Example 2: This example shows invalid syntax using the parenthesis.

if ( ( <condition> and ( <condition> ) )

if ((( <condition> ) and <condition> ) ))

Example 3: This example shows invalid syntax using the underscore character (_).

if ( ( <condition> ) _ and ( <condition> ) )

if ((( <condition> ) and _ ( <condition> ) ))

Webform field conditional statement actions

if/else conditional statement example

%Identifier% > %Input Value% (SearchBy=Text\id\name\class)(sendslow=0.5)
if ((%Identifier% > (Condition) (SearchBy=Text\id\name\class) ( Exists [eq] %True\False% )) [and\or] ({myAccountParameter} > (Condition) ( Placeholder eq myAssumedAccountParameterValue )))
    %Identifier% > %Input Value% (SearchBy=Text\id\name\class)
    %Identifier% > (%Button\Click\Verification\Validation\Iframe%) (SearchBy=Text\id\name\class)
end-if
else-if ((%Identifier%> (Condition) (SearchBy=Text\id\name\class) ( Count [eq\ne\gt\ge\lt\le] %Numeric-value% )))
    %Identifier% > %Input Value% (SearchBy=Text\id\name\class)
    %Identifier% > (%Button\Click\Verification\Validation\Iframe%) (SearchBy=Text\id\name\class)
    %Identifier% > (Validation)(SearchBy=Text\id\name\class)
end-else-if
else
    %Identifier% > %Input Value% (SearchBy=Text\id\name\class)
    %Identifier% > (%Button\Click\Verification\Validation\Iframe%) (SearchBy=Text\id\name\class)
end-else
%Identifier% > (Validation)(SearchBy=Text\id\name\class)

if/else conditional statement example explanation

Command

Explanation

if (
(%Identifier% > (Condition) (SearchBy=Text\id\name\class) ( Exists [eq] %True\False% )) [and\or]({myAccountParameter} > (Condition) ( Placeholder eq myAssumedAccountParameterValue )))
  • Conditions: Searches for elements by the given SearchBy option, looking for %Identifier%.

    • Exists: Checks if the element corresponds to the given Boolean value.

  • Conditional operators:

    • And: All conditions must be true for the condition to be positive.

    • Or: One of the conditions must be true for the condition to be positive.

  • If the conditional statement is positive, the current command block is executed and all the following command blocks will be filtered and not executed.

  • If the entire condition is negative, the current command block will be filtered and not executed.

end-if

Determines the end of the current if command block.

else-if ((%Identifier%> (Condition) (SearchBy=Text\id\name\class) ( Count [eq\ne\gt\ge\lt\le] %Numeric-value% )))
  • Condition: Searches for elements by the given SearchBy option, looking for %Identifier%.

  • Checks if the number of elements corresponds to the numeric value of the given conditional operator.

  • If the conditional statement is positive, the current command block is executed and all the following command blocks will be filtered and not executed.

  • If the entire condition is negative, the current command block will be filtered and not executed.

end-else-if

Determines the end of the current else-if command block.

else
  • This condition always returns a positive result.

  • If this conditional statement is reached, and it was not filtered by previous commands, the command block will always be executed.

end-else

Determines the end of the current else command block.

CPM Verify example

[Verify]
identifierLink > (Button) (searchby=id)
identifierId > {username} (searchby=id)
identifierNext > (Button) (searchby=id)
password > {password} (searchby=name)
if((conditionElementId1 > (Condition) (searchby=id)(exists eq true)))
    nextPasswordBtn123 > (Button) (searchby=id)
end-if
else-if((conditionElementClass2 > (Condition) (searchby=class)(count gt 3)))
    nextPasswordBtnXYZ > (Button) (searchby=id)
end-else-if
gb > (Validation) (searchby=class)
gbq1> (Validation) (searchby=class)

Step 3: Test the plugin

Before you integrate the plugin into a PAM - Self-Hosted environment for an end-to-end test, you can invoke the new plugin manually. This enables you to test the plugin more easily and quickly.

Before you begin testing the plugin, review the Prerequisites.

Create a user.ini file to simulate parameters

To simulate the parameters sent to the plugin by the CPM, create a user.ini file in the format described in the following sections.

 

The Credentials Management .NET SDK has a sample project that contains a sample user.ini file that you can use.