Token auth bug fixes (#35)

Fixes ab#46603
fixes ab#46175
* Add license headers

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: kfadmin <kfadmin@LFINE-KF10-ORCH>
Co-authored-by: Michael Henderson <mhenderson@keyfactor.com>

Bundle/Discovery.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Common.Enums;
@@ -30,7 +39,7 @@ public override JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDis
                 LogHandlerCommon.Debug(logger, certificateStore, "Getting partitions");
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
 
-                F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, new List<PreviousInventoryItem>()) { IgnoreSSLWarning = true };
+                F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, true, new List<PreviousInventoryItem>());
                 List<string> partitions = f5.GetPartitions().Select(p => p.name).ToList();
 
                 LogHandlerCommon.Trace(logger, certificateStore, $"Found {partitions?.Count} partitions");

Bundle/Inventory.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Common.Enums;
@@ -31,7 +40,7 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
             {
                 base.ParseJobProperties();
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, config.LastInventory) { F5Version = base.F5Version, IgnoreSSLWarning = base.IgnoreSSLWarning };
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, config.LastInventory) { F5Version = base.F5Version };
 
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Getting inventory for CA Bundle '{config.CertificateStoreDetails.StorePath}'");
                 inventory = f5.GetCABundleInventory();

Bundle/Management.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Common.Enums;
@@ -39,11 +48,10 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
                 base.ParseJobProperties();
                 base.PrimaryNodeActive();
 
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, config.JobCertificate.PrivateKeyPassword, config.LastInventory)
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, config.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, config.LastInventory)
                 {
                     PrimaryNode = base.PrimaryNode,
-                    F5Version = base.F5Version,
-                    IgnoreSSLWarning = base.IgnoreSSLWarning
+                    F5Version = base.F5Version
                 };
 
                 switch (config.OperationType)

CHANGELOG.md

@@ -1,3 +1,7 @@
+v1.4.1
+- Bug Fix: IgnoreSSLWarning was not recognized when set to true
+- Modified login API call for token auth to fix issue some users were experiencing
+
 v1.4
 - Modified authentication for API calls from Basic to Token Auth.  Initial login uses id/password to retrieve temporary access token, so the same id/password credentials are still required for the certificate store, but all subsequent API calls will use the token retrieved on initial login.
 - Added PAM Support

DiscoveryBase.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
 using System.Collections.Generic;

F5Client.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Common.Enums;
 using Keyfactor.PKI.X509;
@@ -43,13 +52,14 @@ internal class F5Client
 
         #region Constructors
 
-        public F5Client(CertificateStore certificateStore, string serverUserName, string serverPassword, bool useSSL, string pfxPassword, IEnumerable<PreviousInventoryItem> inventory)
+        public F5Client(CertificateStore certificateStore, string serverUserName, string serverPassword, bool useSSL, string pfxPassword, bool ignoreSSLWarning, IEnumerable<PreviousInventoryItem> inventory)
         {
             CertificateStore = certificateStore;
             ServerUserName = serverUserName;
             ServerPassword = serverPassword;
             UseSSL = useSSL;
             PFXPassword = pfxPassword;
+            IgnoreSSLWarning = ignoreSSLWarning;
             Inventory = inventory;
 
             if (logger == null)
@@ -692,7 +702,7 @@ public List<CurrentInventoryItem> GetSSLProfiles(int pageSize)
         private string GetToken(string userName, string userPassword)
         {
             LogHandlerCommon.MethodEntry(logger, CertificateStore, "GetToken");
-            F5LoginRequest request = new F5LoginRequest() { username = userName, password = userPassword };
+            F5LoginRequest request = new F5LoginRequest() { username = userName, password = userPassword, loginProviderName = "tmos" };
             F5LoginResponse loginResponse = REST.Post<F5LoginResponse>($"/mgmt/shared/authn/login", JsonConvert.SerializeObject(request));
             LogHandlerCommon.MethodExit(logger, CertificateStore, "GetToken");
 

F5DataModels.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using System;
 using System.Collections.Generic;
 using System.Linq;

F5JobBase.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Orchestrators.Extensions.Interfaces;
 using Microsoft.Extensions.Logging;
 using System;

F5Orchestrator.csproj

@@ -4,9 +4,9 @@
     <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
     <TargetFramework>netcoreapp3.1</TargetFramework>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
-    <Version>12.0</Version>
-    <AssemblyVersion>11.0.0.0</AssemblyVersion>
-    <FileVersion>12.0.0.0</FileVersion>
+    <Version>13.3</Version>
+    <AssemblyVersion>13.3.0.0</AssemblyVersion>
+    <FileVersion>13.3.0.0</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>

InventoryBase.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;

ManagementBase.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
@@ -82,7 +91,7 @@ protected void PrimaryNodeActive()
 
             if (PrimaryNodeOnlineRequired)
             {
-                F5Client f5 = new F5Client(JobConfig.CertificateStoreDetails, ServerUserName, ServerPassword, JobConfig.UseSSL, JobConfig.JobCertificate.PrivateKeyPassword, JobConfig.LastInventory)
+                F5Client f5 = new F5Client(JobConfig.CertificateStoreDetails, ServerUserName, ServerPassword, JobConfig.UseSSL, JobConfig.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, JobConfig.LastInventory)
                 { PrimaryNode = this.PrimaryNode };
                 if (!f5.PrimaryNodeActive())
                 {

README.md

@@ -4,6 +4,7 @@ The F5 Orchestrator allows for the remote management of F5 Stores. Discovery, In
 
 #### Integration status: Production - Ready for use in production environments.
 
+
 ## About the Keyfactor Universal Orchestrator Extension
 
 This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications.
@@ -14,12 +15,12 @@ The Universal Orchestrator is the successor to the Windows Orchestrator. This Or
 
 
 
+
 ## Support for F5
 
 F5 is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative.
 
 ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
-___
 
 
 
@@ -61,6 +62,11 @@ It is not necessary to use a PAM Provider for all of the secrets available above
 
 If a PAM Provider will be used for one of the fields above, start by referencing the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam). The GitHub repo for the PAM Provider to be used contains important information such as the format of the `json` needed. What follows is an example but does not reflect the `json` values for all PAM Providers as they have different "instance" and "initialization" parameter names and values.
 
+<details><summary>General PAM Provider Configuration</summary>
+<p>
+
+
+
 ### Example PAM Provider Setup
 
 To use a PAM Provider to resolve a field, in this example the __Server Password__ will be resolved by the `Hashicorp-Vault` provider, first install the PAM Provider extension from the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) on the Universal Orchestrator.
@@ -87,6 +93,8 @@ To have the __Server Password__ field resolved by the `Hashicorp-Vault` provider
 ~~~
 
 This text would be entered in as the value for the __Server Password__, instead of entering in the actual password. The Orchestrator will attempt to use the PAM Provider to retrieve the __Server Password__. If PAM should not be used, just directly enter in the value for the field.
+</p>
+</details> 
 
 
 

RESTHandler.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -300,7 +309,7 @@ private HttpClientHandler GetHttpClientHandler()
         {
             HttpClientHandler handler = new HttpClientHandler();
             if (IgnoreSSLWarning) { handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }; }
-            
+
             return handler;
         }
     }

SSLProfile/Discovery.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Common.Enums;
@@ -31,7 +40,7 @@ public override JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDis
 
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
 
-                F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, new List<PreviousInventoryItem>()) { IgnoreSSLWarning = true };
+                F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, true, new List<PreviousInventoryItem>());
                 List<string> locations = f5.GetPartitions().Select(p => p.name).ToList();
 
                 LogHandlerCommon.Debug(logger, certificateStore, $"Submitting {locations?.Count} partitions");

SSLProfile/Inventory.cs

@@ -1,3 +1,12 @@
+// Copyright 2023 Keyfactor                                                   
+// Licensed under the Apache License, Version 2.0 (the "License"); you may    
+// not use this file except in compliance with the License.  You may obtain a 
+// copy of the License at http://www.apache.org/licenses/LICENSE-2.0.  Unless 
+// required by applicable law or agreed to in writing, software distributed   
+// under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES   
+// OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
+// thespecific language governing permissions and limitations under the       
+// License. 
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Common.Enums;
@@ -31,7 +40,7 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
             {
                 base.ParseJobProperties();
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, config.LastInventory) { F5Version = base.F5Version, IgnoreSSLWarning = base.IgnoreSSLWarning };
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, config.LastInventory) { F5Version = base.F5Version };
 
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Getting inventory from '{config.CertificateStoreDetails.StorePath}'");
                 inventory = f5.GetSSLProfiles(20);