CyberArk with AutoIT (Develop Custom universal connector) - FileZilla as an example

On a development machine, you can develop an AutoIt script that will launch and authenticate to your application for your connection component.

 

Diagram

Example:

FileZilla - sFTP -> Linux Server 10.0.0.20 (root/CyberArk1)

Steps

Note: https://docs.cyberark.com/pam-self-hosted/Latest/en/Content/PASIMP/psm_Develop_universal_connector.htm

1 Install AutoIT and Client Application

Download and install AutoIt3 on the development machine to develop PSM universal connector components. By default, AutoIt3 is installed in the following location on your computer: %ProgramFiles%\AutoIt3.

When using Autoit based connection components, we recommend that you compile the Autoit script to an executable form and use that binary. Running AutoIt scripts directly using AutoIt3.exe might introduce security risks.

version 3.3.14.2

SciTE Editor is the main script editor.

• autocomplete the command
• point to the required parameter 
• F1 for help
• F5 to run or Tools - go
• Finder tool icon to identify the elements

2 Develop the AutoIT script

Common functions

• launch the client application, manage any message pop-ups that may appear and log in to the target.
• Common functions
• Run - runs an external application
• WinWaitActive
• ControlSetText
• ControlClick
• Manage message pop
• sleep
• if , endif

## to avoid losing win control

Local $WinTitle = "Some window"

Local $WinText = ""

Local $hMsg = WinWait($WinTitle, $WinText, 20)

If WinActivate ($hMsg) Then

 ......Controlclick...

 ......ControlSetText..

 ......ControlCommand..

EndIf

or 

If $hMsg <> 0 Then

 ......Controlclick...

 ......ControlSetText..

 ......ControlCommand..

EndIf

Debug and best practice

3 Create the Connector

1. copy the PSMAutoItDispatcherSkeleton.au3 file from PSM's Components folder
2. Areas you may want to modify in the skeleton file will be marked with the string "CHANGE_ME"
3. Set the dispatcher name and path for the application executable accordingly
4. Copy your script under the "Handle login here!" section and replace hard coded values with variables.
5. 
   

4 Test the Connector

Command line for testing:

5 Integrate with PVWA

• Compile au3 file into an executable file and copy it to PSM's compnent folder
• Create a new Connection Component using th PSM-VNCClientSample as a template and adjust accordingly
• set a unque id
• point to the compiled executable
• add any additional parameters if required

Deploy the Connector on all PSM servers

1. Install the application client on the PSM servers

2. 

HTML5 

If there is HTML5 gateway deployed in your CyberArk environment, you will be able to use it to access your target. 

If you got an PSMSR308E error, it might relate to refresh time on your PSM server. You will need to wait long enough to let PSM to acquire your settings. 

The configuration of AutoLogonSequenceWithLogonAccount is

\[.*\@.* ~]\$ >exec su - {Username}
Password:>{Password}

Videos

 

References

• Custom Universal Connectors

• PSM web applications documentation: Web Applications for PSM | CyberArk Docs

• AutoIT Universal Connectors documentation: Custom Universal Connectors | CyberArk Docs

• CyberArk training course featuring some AutoIT topics: CPM Plugin & PSM Connector Development - CyberArk

• AutoIT forum: https://www.autoitscript.com/forum/