public bool InitActiveRolesClient() { Log.Info("Initializing Active Roles Client"); if (Config.ARSGJitAccessAttribute == null) { Log.Error("Bad configuration. ARSGJitProvisioningAttribute must be set"); return(false); } Log.Info("Using ARSGJitProvisioningAttribute: " + Config.ARSGJitAccessAttribute); if (Config.ActiveRolesUsername == null) { Log.Info("Authenticating to Active Roles using current windows identity: " + WindowsIdentity.GetCurrent().Name); ActiveRolesClient = new ActiveRolesDirectoryServicesClient(); } else { Log.Info("Authenticating to Active Roles using username/password for: " + Config.ActiveRolesUsername); ActiveRolesClient = new ActiveRolesDirectoryServicesClient(Config.ActiveRolesUsername, Config.ActiveRolesPassword); } try { ActiveRolesClient.GetAttributeSchemaOmSyntax(Config.ARSGJitAccessAttribute); } catch (ActiveRolesClientException e) { Log.Error(e.Message); return(false); } return(true); }
void HandleAccessRequestEvent(string eventName, string eventBody) { var accessRequestEvent = JsonConvert.DeserializeObject <AccessRequestEvent>(eventBody); Log.Debug($"Recieved event: {eventName}, AssetId: {accessRequestEvent.AssetId}, AccountId: {accessRequestEvent.AccountId}"); var assetAccount = SafeguardClient.GetAssetAccount(accessRequestEvent.AccountId); if (assetAccount.PlatformType == "MicrosoftAD") { if (eventName == "AccessRequestAvailable") { ActiveRolesClient.SetObjectAttribute(assetAccount.DistinguishedName, Config.ARSGJitAccessAttribute, "true"); Log.Info($"Grant access for: {assetAccount.DistinguishedName}. Set {Config.ARSGJitAccessAttribute} = true."); } else { ActiveRolesClient.SetObjectAttribute(assetAccount.DistinguishedName, Config.ARSGJitAccessAttribute, "false"); Log.Info($"Revoke access for: {assetAccount.DistinguishedName}. Set {Config.ARSGJitAccessAttribute} = false."); } } else { Log.Debug($"Ignored event for {assetAccount.Name}, because PlatformType is: {assetAccount.PlatformType}"); } }