none
Using PowerShell to get user PIN from FIM CM? RRS feed

All replies

  • Hi

    well it could be done using powershell, though I find it easier using c#, a short code (not tested) is attached. You need to

    1) enable remoting on FIM CM server: https://msdn.microsoft.com/en-us/library/windows/desktop/bb468077%28v=vs.100%29.aspx

    2) create an application that

    2.a) searches for the card either by serial number or by holder, etc. (see https://msdn.microsoft.com/en-us/library/microsoft.clm.provision.findoperations.findsmartcards.aspx)

    2.b) uses GetUserPin for retrieval of the PIN

    3.) use a profile that utilizes Server distributed PIN policy

    a sample code (no validation whatsoever) is as follows:

            static string getPIN(string CardSN)
            {
                string clmFOBUrl;
                string clmROPUrl;
                string clmEXEUrl;
    
                Uri baseURL =
                new Uri(System.Configuration.ConfigurationManager.AppSettings["clmBaseURL"]);
                clmFOBUrl = baseURL.ToString().TrimEnd('/') + @"/remoterequests3.rem";
                clmROPUrl = baseURL.ToString().TrimEnd('/') + @"/remoterequests2.rem";
                clmEXEUrl = baseURL.ToString().TrimEnd('/') + @"/remoterequests5.rem";
    
                BinaryClientFormatterSinkProvider bcfsProvider = new BinaryClientFormatterSinkProvider();
    
                HttpClientChannel clmHTTPChannel = new HttpClientChannel("ClmHTTPChannel", bcfsProvider);
    
                System.Runtime.Remoting.Channels.ChannelServices.RegisterChannel(clmHTTPChannel, true);
    
                System.Runtime.Remoting.RemotingConfiguration.RegisterWellKnownClientType(
                    typeof(Microsoft.Clm.Provision.FindOperationsByCulture),
                    clmFOBUrl);
    
                System.Runtime.Remoting.RemotingConfiguration.RegisterWellKnownClientType(
                    typeof(Microsoft.Clm.Provision.ExecuteOperationsByCulture),
                    clmEXEUrl);
    
                System.Runtime.Remoting.RemotingConfiguration.RegisterWellKnownClientType(
                    typeof(Microsoft.Clm.Provision.RequestOperationsByCulture),
                    clmROPUrl);
    
                Microsoft.Clm.Provision.FindOperationsByCulture fobCulture = new FindOperationsByCulture();
                Microsoft.Clm.Provision.RequestOperationsByCulture ropCulture = new RequestOperationsByCulture();
                Microsoft.Clm.Provision.ExecuteOperationsByCulture exeCulture = new ExecuteOperationsByCulture();
    
                IDictionary fobChannelProperties = System.Runtime.Remoting.Channels.ChannelServices.GetChannelSinkProperties(fobCulture);
                IDictionary ropChannelProperties = System.Runtime.Remoting.Channels.ChannelServices.GetChannelSinkProperties(ropCulture);
                IDictionary exeChannelProperties = System.Runtime.Remoting.Channels.ChannelServices.GetChannelSinkProperties(exeCulture);
    
                string clmUserName = System.Configuration.ConfigurationManager.AppSettings["clmAgentUserName"];
                string clmDomain = System.Configuration.ConfigurationManager.AppSettings["clmAgentDomain"];
                string clmPassword = System.Configuration.ConfigurationManager.AppSettings["clmAgentPassword"];
    
                ropChannelProperties["useDefaultCredentials"] =
                    fobChannelProperties["useDefaultCredentials"] =
                        exeChannelProperties["useDefaultCredentials"] = true;
                if ((clmPassword != null) && (clmDomain != null) && (clmPassword != null))
                {
                    Console.WriteLine("WARNING: Reading CLM CM Agent credentials from config file, this better be a DEV environment!");
    
                    ropChannelProperties["username"] = fobChannelProperties["username"] = exeChannelProperties["username"]
                            = clmUserName;
                    ropChannelProperties["domain"] = fobChannelProperties["domain"] = exeChannelProperties["domain"]
                            = clmDomain;
                    ropChannelProperties["password"] = fobChannelProperties["password"] = exeChannelProperties["password"]
                            = clmPassword;
                    ropChannelProperties["useDefaultCredentials"] = fobChannelProperties["useDefaultCredentials"] = exeChannelProperties["useDefaultCredentials"]
                            = false;
                }
    
                Console.WriteLine("INFO: Querying for approved requests");
    
                ReadOnlyCollection<Smartcard> cards = fobCulture.FindSmartcards(
                    new SmartcardStatus[] { SmartcardStatus.Active },
                    new string[] { CardSN },
                    new string[] { },
                    new System.Guid[] { },
                    new DateTime(2000, 01, 01),
                    new DateTime(2020, 01, 01),
                    System.Globalization.CultureInfo.InvariantCulture,
                    System.Globalization.CultureInfo.InvariantCulture);
    
                if (cards.Count != 1)
                {
                    throw new Exception("ERROR: Found " + cards.Count + " cards!");
                }
                
                Console.WriteLine("INFO: Searching for PIN");
                string PIN = ExecuteOperations.GetUserPin(cards[0].Uuid);
                return PIN;
    
            }
            
            static void Main(string[] args)
            {
                try
                {
                    Console.WriteLine("===");
    
                    Console.WriteLine("TokenID: "+args[0]);
                    string pin = getPIN(args[0]);
                    Console.WriteLine("TokenPIN: " + pin);
    
                    Console.WriteLine("===");
    
                }catch(Exception e)
                {
                    Console.WriteLine("ERROR: " + e.Message + "\n. Stacktrace: " + e.StackTrace);
                }
                Console.WriteLine("Done!");
            }

    • Proposed as answer by Martin Rublik Monday, February 15, 2016 9:40 AM
    Wednesday, February 3, 2016 1:45 PM
  • Thanks, that can help a bit, if only I had a C# environment... That's why I'd prefer the PowerShell way.

    Thursday, February 4, 2016 4:00 AM
  • Hi

    Visual Studio Express might help https://www.visualstudio.com/en-us/products/visual-studio-express-vs.aspx, anyway it should be possible to convert the code sample above to PS.

    Martin

    Thursday, February 4, 2016 7:37 AM