Creating a Universal iDRAC CyberArk PSM Connector with if-else Conditional Statements

With the version 13.2 release of the Secure Web Application Connectors Framework for the CyberArk Privileged Session Manager, if-else conditional statements can be used in WebForm fields which can be used to build more resilient connectors and allow a single PSM connector to be used for different versions of an application that have different web elements.

Using if-else conditional statements, we will build a PSM connector that will cover both iDRAC versions 8 and 9.

💡
Version 13.2 of the Web Application CPM Plugin Framework offers the same functionality.

The Framework's Conditional Statements

The documentation for conditional statements in the Secure Web Application Connectors Framework is pretty comprehensive, if not a bit overwhelming in parts.

It offers the standard conditional statements found in other programming languages (if, else-if, else) as well as conditional operators (or, and) that can be used between conditions.

It allows the following actions:

  • Exists - verifies if an element exists on the page with operators true and false.

  • Count - counts how many elements exist on the page with operators eq, ne, gt,ge, lt, and le.

  • Placeholder - allows for usage of account properties or Preconnect return values with the single operator eq.

Using a conditional statement in WebFormFields would look something like:

if ( (Login > (Condition) (searchby=text) (exists eq true)) )
    username > {Username}
    password > {password}
    submit > (Click)
if-end

(Condition) is similar to (Click), (Validation), and {accountProperty} in that it informs the Framework on how to interpret the statement.

Creating a Universal iDRAC PSM Connector

A Universal iDRAC PSM connector makes for a simple example of using conditional statements but is also practical as iDRACs can be upgraded without CyberArk administrators being informed and while an account can be assigned a platform with PSM connectors for all possible iDRAC versions, it may not be known to the end user which one to use.

Our Universal iDRAC PSM Connector will work for versions 8 and 9 and due to the nature of iDRACs (being a part of enterprise-grade, physical hardware), you may not have all or any of the versions available so we will use publically exposed (!) iDRAC interfaces:

These are not iDRACs we have access to and therefore we do not have valid credentials for but it is enough for us to build our PSM connector. We will know if our Universal iDRAC connector works or not because we will not receive any messages about elements not being found but rather error messages that the login or password is invalid.

Connectors for each version iDRAC version

As the point is to use conditional statements, we will assume we already have a functioning PSM connector for both iDRAC versions and that all we need to do is to combine them into a single one.

If you don't have working PSM connectors for each version, you can import from the Marketplace or use the following WebFormFields (taken from the Marketplace connectors minus validations) when creating your own:

iDRAC8

user > {username}(searchby=id)
password > {password}(searchby=id)
submit_lbl > (Button)(searchby=id)

iDRAC9

username > {username}(searchby=name)
(wait=2)
password > (Button)(searchby=name)
password > {password}(searchby=name)
cux-button > (Button)(searchby=class)

Creating the Universal iDRAC Connector

Before defining our WebFormFields using the if-else statements, we need to determine the logic we will use.

As we are only considering two versions, we need only a single if statement to identify a specific iDRAC version and an else statement to handle the other. We only need to develop a condition for the if statement as else does not take one.

Version 8 of iDRAC uses a lot of JavaScript that updates the DOM and elements may not be found by the Framework so we will build a condition for our if statement that identifies version 9 of iDRAC and if the condition is not met, assume version 8 in our else section.

In addition, versions 8 and 9 of iDRAC have different paths for their login forms (8: /login.html, 9: /restgui/start.html ) so when the if condition is not met and the version is 8, we need to first navigate to the correct path in our else section.

With all the above considered, the WebFormFields for our Universal iDRAC connector looks like:

if ( (Integrated Dell Remote Access Controller 9 > (Condition) (searchby=text) (exists eq true)) )
    username > {username}(searchby=name)
    (wait=2)
    password > (Button)(searchby=name)
    password > {password}(searchby=name)
    cux-button > (Button)(searchby=class)
end-if
else
    (Navigate=https://{address}/login.html)
    user > {username}(searchby=id)
    password > {password}(searchby=id)
    submit_lbl > (Button)(searchby=id)
end-else

The condition for our if statement is simple: we search for the text Integrated Dell Remote Access Controller 9 and if found, treat it as iDRAC version 9. If not, treat it as version 8 but navigate to the version 8-specific login form first.

After cloning the PSM-DellDRAC9 PSM connector, setting a unique PSM connector ID and appropriate connector display name, RunValidations to No under Client Specific Target Settings and EnforceCertificateValidation to No in Web Form Settings, we can set the above as the WebFormFields value.

Testing the Universal iDRAC Connector

I've onboarded two accounts both with the username and password test but with different addresses: 103.215.176.114 (iDRAC8) and www.deos.lr.tudelft.nl (iDRAC9). Both have the same platform with only our Universal iDRAC Connector.

Connecting to 103.215.176.114, the result is an iDRAC error message indicating the username and password are invalid -- a success in our case!

And with www.deos.lr.tudelft.nl is the same situation.

The conditional statements introduced as part of version 13.2 PSM and CPM web application Frameworks are a nice addition. They provide flexibility that is both beneficial to CyberArk administrators and end users.

💡
Looking for more content around CyberArk PSM Web application connectors? Check out my other post Creating a CyberArk Privileged Session Manager connection component for a web application.