Ad hoc connect using PSM

This method allows you to connect through PSM without using an existing account, by returning settings that can be used with an RDP client application or for the HTML5 gateway.

You must enable Privileged Session Monitoring and ad-hoc connection via PVWA configuration. For more details, see Configure ad hoc connections.

URL

 

https://<IIS_Server_Ip>/PasswordVault/API/Accounts/AdHocConnect/

The following mandatory value is required in the URL:

Parameter	AccountID
Type	String
Description	The unique ID of the account to retrieve and use to connect to the target system through PSM.

Resource information

HTTP method	POST
Content type	application/json

Body parameters

{ "UserName":"<User Name>", "Secret":"<password>", "Address":"<Address>", "PlatformId":"<Secure Connect Platform>", "extraFields": { "LogonDomain": "<>" }, "PSMConnectPrerequisites": { "ConnectionComponent":"<Connection Component ID>" "ConnectionType":"<Connection Type> } }

 

Parameter	UserName
Type	String
Description	The target account user name.
Parameter	Secret
Type	String
Description	The target account password.
Parameter	Address
Type	String
Description	The target account address.
Parameter	PlatformId
Type	String
Description	A configured secure connect platform.
Parameter	extraFields
Type	List of strings
Description	Additional needed parameters for the various connection components.
Parameter	LogonDomain
Type	String
Description	The domain where the account will be used.
PSMConnectPrerequisites	Parameter ConnectionComponent Type String Description The name of the connection component to connect with as defined in configuration. Parameter ConnectionType Type String Description The connection type, RDPFile or PSMGW If this parameter is not specified, the response is based on the PSM configuration. Parameter reason Type String Description Required reason to request access. Parameter ticketingSystemName Type String Description The name of the ticketing system used in the request. Parameter ticketId Type String Description The ticket ID of the ticketing system.

Result

Response header

Parameter	ConnectionMethod
Type	Boolean
Description	The method set in the ConnectionType parameter in the body parameters.
Valid Values	PSMGW RDPFile

Response body

There are two possible responses, depending on the connection method.

RDP file

full address:s:<address> server port:i:<port> username:s:<username> alternate shell:s:<username> desktopwidth:i:<number> desktopheight:i:<number> screen mode id:i:<number> redirectdrives:i:<number> drivestoredirect:s:<string> redirectsmartcards:i:<number> EnableCredSspSupport:i:<number> redirectcomports:i:<number> remoteapplicationmode:i:<number> use multimon:i:<number> span monitors:i:<number>

In order to use the RDP file response, insert the response body into an RDP file or RDP client and start the session.

PSMGW

{ "PSMGWURL": "<URL>", "PSMGWRequest": "<Base64 Encoded Data>" }

 

Parameter	PSMGWURL
Type	String
Description	The full URL of the web server that serves the HTML5 service
Parameter	PSMGWRequest
Type	String
Description	Base64 encoded data that is passed to the web server and is essential for the actual web server HTML5 connection. This data is passed through the web server HTTP Post request.

After receiving the PSMGW response, you can start a monitoring session via the PSM Gateway by sending a POST request to the URL specified in the response, in the PSMGWURL field.

Template:

{ "PSMGWRequest":"<Base64Response>" }

The body of the POST request must contain the PSMGWRequest field obtained from the response.

Here is an example in two parts:

1. After obtaining the following response from PSMConnect,
   

{ "PSMGWURL":"https://<PSM gateway FQDN>:8443/guac/direct", "PSMGWRequest":"eyJ1k2VybmFtZSI6IlBTTUkb...00tUkRQIn0=" }

2. The following POST request to https://<PSM gateway FQDN>:8443/guac/direct can be used to connect to the PSM Gateway.

{ "PSMGWRequest":"eyJ1k2VybmFtZSI6IlBTTUkb...00tUkRQIn0=" }

Return codes

For a complete list of return codes, see Return Codes.