All Activity
- Today
-
We would like to have script that will do SSH key rotation. Also is there option to link password record with SSH key to privileged account credentials?
- Yesterday
-
EWU joined the community
- Last week
-
TSW joined the community
-
Mourad joined the community
-
Mark van Wijngaerde started following Announcements
-
Mark van Wijngaerde joined the community
-
NTLM Blocking breaks Remote Session Launcher
support replied to RobertRo's topic in Community Support
Hello Robert, Yes, we have information in the following manual - just search for kerberos - https://www.clickstudios.com.au/downloads/version9/Passwordstate_Remote_Session_Management_Manual.pdf Regards Click Studios -
Hello, i'm implementing Passwordstate in a customer environment which is hardened. specifically, the security setting: Local Policies\Security Options\Network security: Restrict NTLM: Incoming NTLM traffic is set to "Deny All Accounts" on all servers. This breaks the Remote Session Launcher: "The authentication Username or Password appears to be incorrect, or the Host is not available. This window will now close when you click the "OK" button, and you will need to correct your login credentials." Switching this setting to "Allow All" immediately makes the launcher work, but this is not desired in this environment. Any chance the gateway can be told to talk kerberos correctly?
-
RobertRo joined the community
-
+1 A roadmap would be great, even if you cannot promise any timelines.
-
API - Getting details of entries without the password
Ralph K replied to Ralph K's topic in Community Support
Thank you Sarge. This might be an option, but not for all of our passwords lists. Because in other scripts we need to retrieve the password over API calls, just not in this export. Therefore the way with the "?ExcludePasswords=true" is the better solution for me. KR Ralph -
API - Getting details of entries without the password
Ralph K replied to Ralph K's topic in Community Support
Thank you for the quick reply. It works perfectly. Didn't see that option in the help. KR Ralph -
Ralph K reacted to a post in a topic: API - Getting details of entries without the password
-
CalDom joined the community
-
This API script in Powershell is designed to update the Field IDs for any password records with a matching URL. It designed as a quick way to bulk update multiple records that are used with the Browser extension, instead of manually updating every record you have in the system. This will help with the autofill feature in the browser extensions. The script will return all shared passwords in the system, and filter only the records with the URL of your choice. It will then update those records with the Field ID value of your choice. You only need to modify the first four lines in the script. Line 1 is your Passwordstate URL Line 2 is your System Wide API key which can be found/generated under Administration -> System Settings -> API tab Line 3 is the value of the URL in any password records that you want to update Line 4 is the value of the FieldID that you will be updating any password record with -------------------------------------------------------------------------------------------------------------------------------------------------------- $PasswordstateURL = "https://passwordstate.clickdemo.com" $APIKey = "5347c386f9bad2edc2ef9563a874b33e" $MatchingURL = "amazon.com" $FieldValue = "ap_email" $QueryAllPasswordsURL = "$PasswordstateURL/api/passwords/?QueryAll&PreventAuditing=false" $passwords = Invoke-Restmethod -Method GET -Uri $QueryAllPasswordsURL -Header @{ "APIKey" = $APIKey } foreach ($password in $passwords) { $passwordID = $password.PasswordID $URL = $password.URL if ($URL -match $MatchingURL) { $Body = @{ PasswordID = $passwordID WebUser_ID = $FieldValue } # Convert Array to Json $jsonData = $Body | ConvertTo-Json $UpdateURL = "$PasswordstateURL/api/passwords" $result = Invoke-Restmethod -Method Put -Uri $UpdateURL -ContentType "application/json" -Body $jsonData -Header @{ "APIKey" = $APIKey } } } -------------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Support
-
API - Getting details of entries without the password
support replied to Ralph K's topic in Community Support
-
API - Getting details of entries without the password
Sarge replied to Ralph K's topic in Community Support
Configure the API on the affected password list to return a blank value instead of the actual password. List Administrator Actions > Edit Password List Properties > API Key & Settings > (tick) Return blank Password value -
Issue: There are a couple of pages in Passwordstate where you can turn on debugging, to help troubleshoot issues. Leaving this turned on will increase the size of your database, so best practice is to turn this off if not using the feature. You can also purge all debugging data to clean up your database. Below are the areas you can turn off debugging: Main Passwordstate Security Groups: On this page turn the debugging off, and purge the data is desired: Password Reset Portal Security Groups - This is an additional module that you may not have purchased: Regards, Support
-
Creation of new ssh keypair in password list SSH Account
MTU replied to Brian Carlsen's topic in Feature Requests
+1 -
Ralph K started following API - Getting details of entries without the password
-
Hello all. I need to export some details of the entries we have in specific password lists, e.g. User Name, Description, Expiry Date,... I use the "searchpasswords" function for this. In the exported data are also the passwords of the accounts. But I don't need and want to see the passwords. Is there a way to exclude the password field when retrieving the entries? Currently I filter the data in PowerShell and clean the variable asap afterwards. But it would be better, if the script wouldn't get the password at all. Thank you in advanced. KR Ralph
-
NiklasIlves started following Restore on new installed machine
-
Hi, I am trying to do a restore based on backups created like this - Passwordstate Automatic Backups and Upgrades (clickstudios.com.au) - This is a disaster recovery or BMR, wich means that there is no old server just 3 zip files from my backups - db, files and keys. I think that security adminstator guide is not comlpete. i follw the restore process there. - did new install of windows with same hostname and ip - installed prereqs for passwordstate - installed sqlexpress (like before) - restored database to sqlexpress - installed passwordstate - configured SSL Certificate Now there is some issues... since i need old web.config to connect passwordstate to database. and i cant use that since the file is encrypted, and as for security i can only decrypt it on old server. i am only getting to /setup page... i have tried - modified connectionstring and secret keys from key.zip - copied files from files.zip to initpub/passwordstate - restarted service and iisreset.
-
NiklasIlves joined the community
-
duyle126 joined the community
-
Magda joined the community
- Earlier
-
Creation of new ssh keypair in password list SSH Account
BCoole replied to Brian Carlsen's topic in Feature Requests
+1 -
Support for recording web based sessions to HTTPS pages
BCoole replied to support's topic in Feature Requests
+1 -
Native Authentication options in browser extension
BCoole replied to fecton.ernst.meinhart's topic in Feature Requests
+1 -
We are looking to present Passwordstate via a differrent URLs to our internal & external users External users proxied via a browser based VPN), while still using SAML protocol to authenticate users and the same IDP configuraiton. When decoding a SAML auth request from Passwordstate, the optional AssertionConsumerServiceURL value is not included. Since this value is not specified, the IDP will always redirect users to the default AssertionConsumerServiceURL configured in the IDP, despite other AssertionConsumerServiceURLs being present in the IDP configuration - whihc means that regardless of the URL used to access passwordstate, the user will always be directed to the default IDP replyURL. If this field was built from the users current URL/domain and supplied in the request, then as long as the URL used is configured in the IDP, the IDP will redirect the user to their original URL on successful auth. This would enable 1 IDP configuration to be used for multiple app urls/domains.
-
rtlogility started following API returns 404 for /folders endpoints
-
API returns 404 for /folders endpoints. No code changes were made. The requests started failing after we installed the latest version V9.8 (Build 9858). It may not be related to the actual updates. We are using the system wide api key. There is no issues creating new folders, lists or secrets. Only when we try a GET against /folders or /folders/?FolderName=<foldername>. Error : System.Net.WebException: The remote server returned an error: (404) Not Found.
-
rtlogility joined the community
-
Cannot log into Passwordstate after 9858 upgrade
support replied to NateG's topic in Community Support
Cheers Sarge -
Cannot log into Passwordstate after 9858 upgrade
Sarge replied to NateG's topic in Community Support
This may not be required. There is documentation (section 7) of the "Passwordstate_Upgrade_Instructions.pdf" which covers this already. Specifically, UPDATE SystemSettings SET MaintenanceModeUserID = '' -
Cannot log into Passwordstate after 9858 upgrade
support replied to NateG's topic in Community Support
Hi NateG, Thanks, and we did overlook that customers can enable Maintenance Mode when logged in with Emergency login account, and we will need to update our documentation for this. Regards Click Studios -
Nate123 started following Announcements
-
+1
-
JSON/Leaf Syslog Formatting for remote logging
Ben Claussen replied to Garrett B's topic in Feature Requests
+1 -
Browser tab - show where you are in Passwordstate
Ben Claussen replied to Dave Bennie's topic in Feature Requests
+1