Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Steve

  1. There is no ability to query whether a security group exists in PasswordState. This makes it difficult to determine whether one needs to be added or not. Since the current Add Security Group causes duplicates, it is even more useful for such a call to exist, to stop this occuring
  2. The Add Active Directory Security Group API allows for duplicates records to be added to the system. Since there is no purpose for duplicates, other than to confuse people, it would be best if this didn't occur.
  3. I would like to see all API's available in PasswordState to be consistent in operation and setup. Many of the issues I have come across and reported have been because of the inconsistencies in the available APIs and lack of clarity or conciseness in the documentation. Some MUST have the APIKey in the json body to work, whereas others can have it in the body or the Header. Since the APIKey is relevant to security and NOT the actual REST function, it doesn't seem logical that it is included in the body of the requests. This consistency includes any/all of the fo
  4. Currently, there is only a single API available in relation to AD Security Groups, and it simply allows Add. Currently, if you ask it to add a group, it does so, regardless of whether the group already exists, thus creating multiple entries in PasswordState. Since there can be no valid reason for the same group (who's membership is managed externally) to exist in PasswordState multiple times, I would consider this an error and simply confusing to users. Since there is no available API to query whether a group already exists, it makes it difficult to determin
  5. Hi Support, I have found the reason why a $null APIKey works for hosts queries, and addressbook queries and probably ActiveDirectory Security Groups as well. If you look at the attached image you can see the reason. I do not have an API key set, and thus a null or empty string key makes the blank key in system settings. I was hoping to only have to have a single "SystemWide" APIKey for all queries, but it seems I must use different keys for different API sets. I would suggest that a blank APIKey should mean that API calls should not b
  6. Hi Support, I downloaded and installed SAPIEN Powershell Studio 2020 I run the script via "Run", "Run in Console", etc etc etc. I get exactly the same issues as every other environment I have tested. If I set $MyAPIKey = $null then the search always works without an error, regardless of whether its first call, third call or any other call. If i set it to an otherwise invalid valid (non blank), then I get the error. Powershell version Name Value ---- -
  7. Hi Support, I don't have video screen capture, but i ran the script in ISE, Windows Powershell and the Package Manager Console in Visual Studio 2019 (which is also powershell) all new sessions so shouldn't be any caching. As can be from the screen capture all three from brand new sessions all produce the same result. I also used the "Advanced REST Client" plugin in Chrome, which is shown in ScreenDump2 and 3. I did 3 first (empty APIKey), then 2, then 3 again I'd be interested to know what caching you believe is occuring.
  8. HI again, I tested all other "Search" capabilities and found that the addressbook also works without Authorization It returned (since its empty) Invoke-Restmethod : [{"errors":[{"message":"Not Found"},{"phrase":"You search for Address Book records return zero results."}]}]
  9. Hi 1. We have no Load Balancer nor Proxy between client and server service. 2. I had used both the ISE and Powershell commandline and both produce identical results I ran your script above, using our URI (including adding the /api before /hosts and it returns a list of servers. If I assign $MyAPIKey either $null or '' I get the same result, but any other value ('abc') produces the No Authorization error
  10. Build: 8850 API Key is in the header But I have found an issue in my code, that now presents some other issues In the Powershell below I have the API Key in the $PasswordstateAPIKey variable, but pass an un-initialized $apiKey in the Invoke-RestMethod -header thus the APIKey is in the header is empty So when I correct this typo, I get the following responses Get hosts - No Authorisation Delete hosts - No Authorisation POST hosts - No Authorisation So it seems passing an uninitialized $apiKey allows:- the Get Hosts to functi
  11. I was testing some API scripting I have been doing and have always been using the System Wide API Key. I tested the GET /api/hosts and this works Although the documentation states: "In order to search for Hosts, you must specify the Hosts API Key" I tried POST /api/hosts to add a host and get the error Invoke-Restmethod : [{"errors":[{"message":"No Authorization"},{"phrase":"An error has occurred trying to validate the Hosts API Key. Please check if the Hosts API Key on the Systems Setting screen has been specified, and is correct."}]}] I tried
  12. The users had setup manual permissions on the folder and not propagated permissions. I'd prefer not to play in Production to reproduce the issue, so I will try to give what details I can to assist you. 1) Initially they created top level password lists with individual permissions (and I may have been included as a user) 2) I asked them to create a root folder, move the lists into the folder, and also use group permissions instead of user permissions 3) they created the folder with manual permissions 4) they moved the password lists into the folder 5)
  13. Hi Support, We are running v8850. I have not been anywhere near the Hosts tab on this particular instance. I also happened to have the PasswordState API help page open at the same time, although don't know if thats relevant. the other activity was other websites, not additional PasswordState pages (except help above) Steve
  14. We use Google Chrome as our browser to host PasswordState. We have the session timeout set to 15 minutes. I have noticed that if I have logged into PasswordState, then switched to other tabs and done other activity within the browser, I can return to the PasswordState tab and the session is still active and I can use it, even though its been longer than 15 minutes. I was also on the Administration tab when this occured, so don't know if that makes any difference?
  15. A concurrent user created a folder and moved some Password Lists into this folder, so that they didn't appear at the root level of Passwords. (I requested this to manage our environment) This caused me to receive errors on the Passwords Tab, saying I did not have permission to the Password Lists (even though I am Security Admin) that had been moved. Refreshing the page did not remove the errors, nor did it make the new top level folder appear. I had to logout completely from PasswordState and re-login to clear the errors and see the folder.
  16. We would like to be able to fully implement Role Group based access to the PasswordState. To assist in this, it would be great if security permissions assignments could be restricted to ONLY Security Groups and individual users could not be assigned. Private password lists would probably need to be an exception. Even defaulting the Access Permission form to default to Groups, rather than users would be a great start
  • Create New...