1 Reply Latest reply on May 13, 2014 11:39 PM by tdanner

    Connect-Swis Authentication Type


      I have been working on integrating SolarWinds alerts/acknowledgements with IBM's Tivoli Netcool. I currently have a database trigger running on a scheduled interval to acknowledge SolarWinds alerts using the SWIS API. The current implementation of connect-swis looks like this:


      #Decrypt the password file and store it in a variable to be passed to SWIS (only the user that encrypted the password file can decrypt it)
      $username = "admin"
      $securePassword = get-content C:\cred.txt | ConvertTo-SecureString
      $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securePassword)
      $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
      #Connect to SWIS
      $swis = Connect-Swis -host $SWServer -UserName $username -Password $password 


      In order to create the cred.txt file, which contains the password for the user "admin", I ran the following Windows command prior to running the script:

           read-host -assecurestring | convertfrom-securestring | out-file C:\cred.txt


      This is obviously not the most glamorous way to do this. I understand that there are other arguments that I can use to authenticate with SWIS. Could anyone fill me in on what those are, and how they work? For example, I have heard that you can do AD authentication or just a certificate.

        • Re: Connect-Swis Authentication Type

          The authentication options for Connect-Swis are:


          1. -Username <username> -Password <password>. In this mode, you provide the Orion username and password as plain text strings. If Orion is set up for AD authentication, these can be an AD username/password.

          2. -Credential <pscredential>. In this mode you provide a PSCredential object as the parameter. You can get this using "Get-Credential" (which will prompt the user interactively) or by calling "New-Object System.Management.Automation.PSCredential" and passing the username as a string and the password as a SecureString.

          3. -Trusted. In this mode your Windows/AD token is used to authenticate with SWIS.

          4. -Certificate. In this mode, the CN=SolarWinds-Orion certificate is used to authenticate with SWIS. For this to work, that certificate needs to be present on the machine where powershell is running (this basically means it needs to be one of the Orion servers) and the Windows user running powershell needs to have permission to read that cert's private key, which means the user needs to be a local administrator.