Photo by Ahmed M Elpahwee on Unsplash
Creating a Universal iDRAC CyberArk PSM Connector with if-else Conditional Statements
With the version 13.2 release of the Secure Web Application Connectors Framework for the CyberArk Privileged Session Manager, if-else
conditional statements can be used in WebForm fields which can be used to build more resilient connectors and allow a single PSM connector to be used for different versions of an application that have different web elements.
Using if-else
conditional statements, we will build a PSM connector that will cover both iDRAC versions 8 and 9.
The Framework's Conditional Statements
The documentation for conditional statements in the Secure Web Application Connectors Framework is pretty comprehensive, if not a bit overwhelming in parts.
It offers the standard conditional statements found in other programming languages (if
, else-if
, else
) as well as conditional operators (or
, and
) that can be used between conditions.
It allows the following actions:
Exists - verifies if an element exists on the page with operators
true
andfalse
.Count - counts how many elements exist on the page with operators
eq
,ne
,gt
,ge
,lt
, andle
.Placeholder - allows for usage of account properties or Preconnect return values with the single operator
eq
.
Using a conditional statement in WebFormFields
would look something like:
if ( (Login > (Condition) (searchby=text) (exists eq true)) )
username > {Username}
password > {password}
submit > (Click)
if-end
(Condition)
is similar to (Click)
, (Validation)
, and {accountProperty}
in that it informs the Framework on how to interpret the statement.
Creating a Universal iDRAC PSM Connector
A Universal iDRAC PSM connector makes for a simple example of using conditional statements but is also practical as iDRACs can be upgraded without CyberArk administrators being informed and while an account can be assigned a platform with PSM connectors for all possible iDRAC versions, it may not be known to the end user which one to use.
Our Universal iDRAC PSM Connector will work for versions 8 and 9 and due to the nature of iDRACs (being a part of enterprise-grade, physical hardware), you may not have all or any of the versions available so we will use publically exposed (!) iDRAC interfaces:
iDRAC8 -> https://103.215.176.114/
iDRAC9 -> https://www.deos.lr.tudelft.nl
These are not iDRACs we have access to and therefore we do not have valid credentials for but it is enough for us to build our PSM connector. We will know if our Universal iDRAC connector works or not because we will not receive any messages about elements not being found but rather error messages that the login or password is invalid.
Connectors for each version iDRAC version
As the point is to use conditional statements, we will assume we already have a functioning PSM connector for both iDRAC versions and that all we need to do is to combine them into a single one.
If you don't have working PSM connectors for each version, you can import from the Marketplace or use the following WebFormFields (taken from the Marketplace connectors minus validations) when creating your own:
iDRAC8
user > {username}(searchby=id)
password > {password}(searchby=id)
submit_lbl > (Button)(searchby=id)
iDRAC9
username > {username}(searchby=name)
(wait=2)
password > (Button)(searchby=name)
password > {password}(searchby=name)
cux-button > (Button)(searchby=class)
Creating the Universal iDRAC Connector
Before defining our WebFormFields using the if-else
statements, we need to determine the logic we will use.
As we are only considering two versions, we need only a single if
statement to identify a specific iDRAC version and an else
statement to handle the other. We only need to develop a condition for the if
statement as else
does not take one.
Version 8 of iDRAC uses a lot of JavaScript that updates the DOM and elements may not be found by the Framework so we will build a condition for our if
statement that identifies version 9 of iDRAC and if
the condition is not met, assume version 8 in our else
section.
In addition, versions 8 and 9 of iDRAC have different paths for their login forms (8: /login.html
, 9: /restgui/start.html
) so when the if
condition is not met and the version is 8, we need to first navigate to the correct path in our else
section.
With all the above considered, the WebFormFields for our Universal iDRAC connector looks like:
if ( (Integrated Dell Remote Access Controller 9 > (Condition) (searchby=text) (exists eq true)) )
username > {username}(searchby=name)
(wait=2)
password > (Button)(searchby=name)
password > {password}(searchby=name)
cux-button > (Button)(searchby=class)
end-if
else
(Navigate=https://{address}/login.html)
user > {username}(searchby=id)
password > {password}(searchby=id)
submit_lbl > (Button)(searchby=id)
end-else
The condition for our if
statement is simple: we search for the text Integrated Dell Remote Access Controller 9
and if found, treat it as iDRAC version 9. If not, treat it as version 8 but navigate to the version 8-specific login form first.
After cloning the PSM-DellDRAC9
PSM connector, setting a unique PSM connector ID and appropriate connector display name, RunValidations
to No
under Client Specific Target Settings and EnforceCertificateValidation
to No
in Web Form Settings, we can set the above as the WebFormFields
value.
Testing the Universal iDRAC Connector
I've onboarded two accounts both with the username and password test
but with different addresses: 103.215.176.114
(iDRAC8) and www.deos.lr.tudelft.nl
(iDRAC9). Both have the same platform with only our Universal iDRAC Connector.
Connecting to 103.215.176.114
, the result is an iDRAC error message indicating the username and password are invalid -- a success in our case!
And with www.deos.lr.tudelft.nl
is the same situation.
The conditional statements introduced as part of version 13.2 PSM and CPM web application Frameworks are a nice addition. They provide flexibility that is both beneficial to CyberArk administrators and end users.