Called when the RemoteApp Launcher requests the application credentials. Can be called multiple times for the same session.
Called when the RemoteApp Launcher requests the application credentials. Can be called multiple times for the same session.
asset
| Type: string |
Description: The asset /database etc./ password requested for.
connection_name
| Type: string |
Description: The connection name the RemoteApp session uses. This is required if your SPS is linked to SPP.
session_id
| Type: string |
Description: The unique identifier of the session.
cookie
| Type: dictionary |
Description: The cookie returned by the previous hook in the session. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by one of the previous calls in this particular custom Credential Store plugin. You can use the cookie to maintain the state for each particular connection or to transfer information between the different methods of the plugin. For an example that transfers information in the cookie between two methods, see "Examples" in the Creating custom Authentication and Authorization plugins.
session_cookie
| Type: dictionary |
Description: You can use the session cookie to maintain global state between plugins for each particular connection. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by a previous plugin hook in the session.
protocol
| Type: string |
Description: The protocol name, in lowercase letters (http, ica, rdp, ssh, telnet, vnc).
client_hostname
| Type: string |
Description: A string containing the hostname of the client, if DNS lookup has been successful. If not, the value of this parameter is None.
client_ip
| Type: string |
Description: A string containing the IP address of the client.
gateway_username
| Type: string |
gateway_password
| Type: string |
gateway_groups
| Type: list |
gateway_domain
| string |
target_username - DEPRECATED
| string |
target_host - DEPRECATED
| string |
target_port - DEPRECATED
| Type: int |
target_domain - DEPRECATED
| Type: string |
server_username
| string |
server_ip
| string |
server_hostname
| string |
server_port
| Type: int |
server_domain
| Type: string |
cookie
| Type: dictionary |
| Required: no |
Description: The cookie returned by the previous hook in the session. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by one of the previous calls in this particular custom Credential Store plugin. You can use the cookie to maintain the state for each particular connection or to transfer information between the different methods of the plugin. For an example that transfers information in the cookie between two methods, see "Examples" in the Creating custom Authentication and Authorization plugins.
session_cookie
| Type: dictionary |
| Required: no |
Description: You can use the session cookie to maintain global state between plugins for each particular connection. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by a previous plugin hook in the session.
passwords
| Type: string list |
| Required: no |
Description: If the plugin returns multiple passwords, SPS tries to use them to authenticate on the target server (in the order they are listed).
The following example shows a simple plugin that can return both passwords and private keys based on usernames:
class Plugin(object):
passdb = {
"user": ["password"],
}
privkeydb = {
"user1": [('ssh-rsa', """
-----BEGIN RSA PRIVATE KEY-----
ISNFNFIASNFIANSFINSDIIISLLERfEJW++SppInNHlL89wTymILaxgln7FfQ2vr6
aBHymY/+Xwf08GiuLg2hFmfLNGZlJNnF9YB4+3o7MfjPDZJR1ne8Vr9hkte/SuK2
OhZbAeWbxHLsdOv0+ZCm7h5/nEM1gj4va+uKgpShVbxqEH7RglyUDvKUgQ7KwUZE
GW+RPApnXFN3OVjFdAqOpzeayH0kA52A3W/ske81JFGEHvfP54EePJx1qncJAX1z
jFPllYjPlMSLujbH7sabL0+LbnZDfMxOw2NXwnaKPgVlJ7I7YQDE11NLhiWbC2f1
pTLIerTOG9lovC3caa7TaIRs8VfZLjjNXWnS5wIDAQABAoIBAB6HLgz5eXIFT+ai
ISNFNFIASNFIANSFINSDIIISLLERfEJW++SppInNHlL89wTymILaxgln7FfQ2vr6
QScd2MYvJ9dIdumxbk5dK7+5I3fGHroXTRgUF6AIKI2FCsnQtDyTY1mjZ99+dGjH
AjOKnIbKPuaj+Mpx3dLhlhDgi+DncGSizhOtb3jK1tq++YLoA7W/7n9av5Ybz8c0
iqF0WUwcd6KYphuL9583OPP6Gv33Br4jP729EkqXnJa8PcniX8y3ZlFcVmxOGqnL
ISNFNFIASNFIANSFINSDIIISLLERfEJW++SppInNHlL89wTymILaxgln7FfQ2vr6
UumxiQECgYEA9yPcGBo/R/2IyjyKBXjYcd/1u0kYZRWvloahjNoWQjs/EHvbBMlM
xmtowOHbbEg4BgymPmVR8Ux24B3XJR6SbAPMF15wJ7oD1WwG8djQSw0RrbuPgP4s
OJnRpCn4blpa15n5qUF8wCwnEJow+UUaYY1znMlmAyeWjaK1VHV7tEUCgYEA8MH1
guHR+hHyZcLTT2+QTuL2Pu2MrwLhXNz5hPcCRH72dKBdfrvpRwLKj3XJKBK4r4gN
hByiT2sJKCNks4LkyOlWQtd0khRuan/xkliH7a6Fcx+d5odQsZrRbrjpsUQFlnTB
AFv6kSnhAtmJVDalYWfPSQCuE0nwB9TaDU6UGzsCgYAItvwA4ZQPrtIPB5l6XeuM
ISNFNFIASNFIANSFINSDIIISLLERfEJW++SppInNHlL89wTymILaxgln7FfQ2vr6
QDIHNO5RiE6wTPHlv1aA/wH7lVyXGN9oU4w/9Lbs9US0y5oxLL0Abc4m2LkXYSdv
ISNFNFIASNFIANSFINSDIIISLLERfEJW++SppInNHlL89wTymILaxgln7FfQ2vr6
FykNgS4dhrCG3NmpP4zQbKnS+VDQrLJ/qbSG59Ida8nIs74yanQX17EPuzqD/iJT
LoahB2128G7BiEfcIpFVCgI0OqikYQkM4oOQD3sUw8ySfi/rZMxGtT34uf7398FH
bBRnAoGBANRNw9oTcSh/ScLNqhB1pld81UX8jf+4+9hj9U+gpQCkujVxTs7xil8R
ISNFNFIASNFIANSFINSDIIISLLERfEJW++SppInNHlL89wTymILaxgln7FfQ2vr6
31nME0D1kojABIMeW8cITVHx4PD7I8jp+3sIPRXzCr8bfTzGSOAA
-----END RSA PRIVATE KEY-----
""")],
}
def get_private_key_list(self, session_id, cookie, protocol, client_ip,
gateway_username, gateway_password,
target_username, target_host, target_port,
target_domain=None, gateway_domain=None,
gateway_groups=None):
keylist = []
if target_username in self.privkeydb:
keylist = self.privkeydb[target_username]
print "Retrieved private keys;"
print keylist
else:
print "User not found;"
return {
"private_keys": keylist,
}
def get_password_list(self, session_id, cookie, protocol, client_ip,
gateway_username, gateway_password,
target_username, target_host, target_port,
target_domain=None, gateway_domain=None
gateway_groups=None):
pwlist = []
if target_username in self.passdb:
pwlist = self.passdb[target_username]
print "Retrieved passwords;"
else:
print "User not found;"
return {
"passwords": pwlist,
}
def authentication_completed(self, session_id, cookie):
return None
def session_ended(self, session_id, cookie):
return NoneThe following example demonstrates how the predefined hooks can be enhanced with additional logic:
import inspect
class Plugin(object):
passdb = {
"joe": ["joespw1", "joespw2", ],
"jack": ["jackspw", ],
}
def get_password_list(self, session_id, cookie, protocol, client_ip,
gateway_username, gateway_password,
target_username, target_host, target_port,
target_domain=None, gateway_domain=None, gateway_groups=None):
# Discard "None" parameters, log all other returned parameters
args = list(inspect.getargvalues(inspect.currentframe()).args)
logkws = ["{arg}='{value}'".format(arg=arg, value=locals()[arg])
for arg in args if arg != 'self' and locals()[arg] is not None]
if "call_count" in cookie:
call_count = cookie["call_count"]
else:
call_count = 0
logkws.append("call_count='{0}'".format(call_count))
print ("Retrieving passwords, non-null parameters follow; " + ', '.join(logkws))
# Return the password list for the user
pwlist = []
if target_username in self.passdb:
pwlist = self.passdb[target_username]
print "Retrieved passwords;"
else:
print "User not found;"
return {
"passwords": pwlist,
"cookie": {"call_count": call_count + 1}
}
def authentication_completed(self, session_id, cookie):
call_count = cookie["call_count"] if "call_count" in cookie else None
print ("Received notification about completed authentication; "
"call_count='{call_count}'").format(call_count=call_count)
return None
def session_ended(self, session_id, cookie):
call_count = cookie["call_count"] if "call_count" in cookie else None
print ("Received notification about session end; "
"call_count='{call_count}'").format(call_count=call_count)
return None© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center