Add application authentication method

This method adds a new authentication method to a specific application in the Vault.

The user who adds this authentication method requires Manage Users permissions in the Vault.

 

To add application authentication using the PVWA, see the section about adding applications and application authentication in the Secrets Manager Credential Providers online help.

URL

  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

 

  
https://<IIS_Server_Ip>/PasswordVault/WebServices/PIMServices.svc/Applications/{AppID}/Authentications/

The following mandatory value is required in the URL:

Parameter

AppID

Type

String

Description

The name of the application for which the user is adding a new authentication method

Resource information

HTTP method

POST

Content type

application/json

Header parameter

Parameter

Description

Authorization

The token that identifies the session, encoded in BASE 64. See Authentication.

Type: String

Mandatory: Yes

Default value: None

Body parameters

The web service parameters depend on the type of authentication specified in the URL.

For Path authentication:

  
{
  "authentication":{
    "AuthType":"path",
    "AuthValue":"<Path string>",
    "IsFolder":<true/false>,
    "AllowInternalScripts":<true/false>
    }
}

 

Parameter

AuthType (mandatory)

Type

String

Description

The type of authentication

Valid values

path

Parameter

AuthValue (mandatory)

Type

String

Description

The content of the authentication

Valid values

-

Parameter

IsFolder

Type

Boolean

Description

Relevant for Path authentication only

Valid values

true/false

Default

false

Parameter

AllowInternalScripts

Type

Boolean

Description

Relevant for Path authentication only

Valid values

true/false

Default

false

 

For Hash authentication:

0 
{
  "authentication":{
    "AuthType":"hash",
    "AuthValue":"<Hash string>",
   "Comment":"<Comment>"
    }
}

 

Parameter

AuthType (mandatory)

Type

String

Description

The type of authentication

Valid values

hash

Parameter

AuthValue (mandatory)

Type

String

Description

The content of the authentication

Valid values

-

Parameter

Comment

Type

String

Description

Relevant for Hash authentication only

Valid values

Text

For OS user authentication:

  
{
  "authentication":{
    "AuthType":"osUser",
    "AuthValue":"<OS User Name>"
    }
}

 

Parameter

AuthType (mandatory)

Type

String

Description

The type of authentication

Valid values

osUser

Parameter

AuthValue (mandatory)

Type

String

Description

The content of the authentication

Valid values

-

For Address authentication (allowed machines):

  
{
  "authentication":{
    "AuthType":"machineAddress",
    "AuthValue":"<machine address>"
    }
}

 

Parameter

AuthType (mandatory)

Type

String

Description

The type of authentication

Valid values

machineAddress

Parameter

AuthValue (mandatory)

Type

String

Description

The content of the authentication

Valid values

IP subnet in CIDR IPv4 format

For Certificate Serial Number authentication:

  
{

  "authentication":{

    "AuthType":"certificateserialnumber",

    "AuthValue":"<certificateSerialNumberString>",

    "Comment":"<comment>"

  }

}

For example:

  
{   
"authentication":{
     "AuthType":"certificateserialnumber",
     "AuthValue":"‎12000000048c29e0c72cebf820000000000004"
   } 
}

 

Parameter

AuthType (mandatory)

Type

String

Description

The type of authentication

Valid values

certificateserialnumber

Parameter

AuthValue (mandatory)

Type

String

Example: 12000000048c29e0c72cebf820000000000004

Description

The content of the authentication

Valid values

Valid positive or negative hex value

Note: No spaces allowed

Parameter

Comment

Type

String

Description

Any comment about this logon

Valid values

Text

For Certificate Attributes authentication:

  
{
  "authentication":{
   "AuthType":"certificateattr",
   "Issuer":["<IssuerAttribute>=<value>","<IssuerAttribute>=<value>"],
   "Subject":["<SubjectAttribute>=<value>","<SubjectAttribute>=<value>"],
   "SubjectAlternativeName":["<SubjectAlternativeNameAttribute>=<value>","<SubjectAlternativeNameAttribute>=<value>"],

"Comment":"<comment>"

    }
}

For example:

  
{
  "authentication": 
  {
    "AuthType": "certificateattr",
    "Issuer": ["CN=Thawte RSA CA 2018","OU=www.digicert.com"],
    "Subject": ["CN=yourcompany.com","OU=IT","C=IL"],
    "SubjectAlternativeName": ["DNS Name=www.example.com","IP Address=1.2.3.4"]
  }
}

 

Parameter

AuthType (mandatory)

Type

String

Description

The type of authentication.

Valid values

certificateattr

Parameter

Subject

Type

String

Description

The content of the subject attribute.

Valid values

SubjectAttribute: alphabetic string

value: printable string

Parameter

Issuer

Type

String

Description

The content of the issuer attribute

Valid values

IssuerAttribute: alphabetic string

value: printable string

Parameter

SubjectAlternativeName

Type

String

Description

The content of the subject alternative name attribute

Valid values

SubjectAlternativeNameAttribute: "DNS Name"/ "IP Address"/ "URI" / "RFC822 Name"

value: IA5String
 
  • You must enter at least one value (Subject, Issuer or Subject Alternative Name).

  • The order of the attributes in the Subject, Issuer and SubjectAlternativeName must be the same as represented in the certificate.

Result

None

Return codes

For a complete list of return codes, see Return Codes.