Follow

LogMeOnce Command Line Interface (CLI)

The LogMeOnce Command Line Interface (CLI) is a unified tool to manage your LogMeOnce services. The LogMeOnce CLI uses all security features of LogMeOnce and is based on Zero Knowledge technology.

This feature is available as part of LogMeOnce Enterprise Edition. You can manage your LogMeOnce services from the command line and automate them through scripts. The LogMeOnce CLI enables you to start running commands that implement functionality equivalent to that provided by the browser-based LogMeOnce Password and Identity Management solution from the command prompt in your favorite terminal program:

  • Linux shells – Use common shell programs such as bash, zsh, and tcsh to run commands in Linux.
  • Windows command line – On Windows, run commands at the Windows command prompt or in PowerShell.

 

Download & Installation

The installation of LogMeOnce Command Line Interface (LMO CLI) on the supported operating systems are covered below. The installation of LMO CLI  does not require installation of Python.

Windows LMO CLI Installation

Download Link: https://logmeonce.s3.amazonaws.com/download/cli/lmocli.zip

Setup/Configuration:

  1. Unzip the file into desired location (For example “C:\Program Files\LogmeOnce” folder)
  2. Modify and add the executable location “C:\Program Files\LogmeOnce\lmocli” to the PATH variable in windows.
    • Press the Windows key and enter environment variables
    • Choose Edit environment variables for your account.
    • Choose PATH, and then choose Edit.
  1. Add the path to the Variable value field. For example: C:\Program Files\LogmeOnce\lmocli
  2. To confirm the installation, use the lmo -version command at a command prompt (open the Start menu and search for cmd to start a command prompt). If version details are not displayed, please make sure the PATH variable is configured properly.

Linux LMO CLI Installation

Download Link: https://logmeonce.s3.amazonaws.com/download/cli/lmocli.zip

Setup/Configuration:

    1. Download the LMO CLI ZIP file.
    2. Unzip the file into desired location (For example “/usr/local/bin” folder)
    3. Modify and add the executable location “/usr/local/bin” to the $PATH variable in windows.
    4. To confirm the installation, use the lmo -version command at a command prompt. If version details are not displayed, please make sure the $PATH variable is configured properly.

Permissions and Roles

LogMeOnce implements Least-privilege access control as default, The LogMeOnce CLI is not enabled as default, you can enable this feature by assigning LMO CLI role to specific users that require to run this feature. All operations by this user are logged for the audit trail. It is recommended to create a separate valid LogMeOnce user with a valid email address and assign an LMO CLI role. 

In order to create a role that allows CLI access: 

  • In Users Management edit a user and go to Role tab
  • Click “+ Add Role” - enter your new role name
  • From “Unassigned Permission” list select “CommandLineInterface: Access” and move it to left
  • Change “Access” to “User” and click “Save Changes”

Trusting Your IP and Device

As part of LogMeOnce security, a request from an unknown IP or device for a specific user should be trusted first in order to use any of LogMeOnce. You will receive an email which needs to be validated.

Quick Getting Started

To get started quickly, please follow the steps; 

  • Install LogMeOnce CLI
  • Validate if installation is successful

               >Lmo -version - Check LogMeOnce CLI version 

  • Configure CLI by adding your credentials

                > Lmo config - Configure CLI and add your credential
                > Lmo config show - Check your credentials

  • Validate if your configuration is complete
    • Lmo config validate - Validate if credential is entered and works properly
  • Check your email and Trust IP and device
    • Lmo config validate - Validate if credential is entered and works properly
  • Perform a quick test
    • Lmo sites - Display all your sites

 

LogMeOnce CLI Reference Guide

Description:

The LogMeOnce Command Line Interface is a unified tool to manage your LogMeOnce services.

Synopsis:

Lmo [options] <command> <subcommand> [parameters]

Use lmo command help for information on a specific command. Use lmo help topics to view a list of available help topics. Optional parameters are shown in square brackets.

Usage: lmo <command>[-h] [-profile PROFILE] [-username USERNAME] [-password PASSWORD] [-domain DOMAIN] [-search] [-update] [-create] [-file FILE] [-delete] [-debug] [-version] [-help] [-decrypt] [-encrypt]

Arguments:

  command             Use commands like: config, sites, notes, storage (default: None)

Optional arguments:

  • -h, --help          Show this help message and exit
  • -profile PROFILE    Enter Profile Name (default: None)
  • -username USERNAME  Enter Username. (default: None)
  • -password PASSWORD  Enter Password. (default: None)
  • -domain DOMAIN      Enter Name of Domain (default: None)
  • -search             Search for an item
  • -update            Use for update data (default: 0)
  • -create             Use for create data (default: 0)
  • -file FILE           Enter file Name (default: None)
  • -delete             Use for delete data (default: 0)
  • -debug             Display debug messages (default: False)
  • -version            Display CLI version (default: False)
  • -help                For help (default: False)
  • -decrypt           Use for decrypt credential (default: 0)
  • -encrypt           Use for encrypt credential (default: 0)

Configure Command 

Configure [show | validate]  [-profile <profilename>]

This command is run with no arguments, you will be prompted for configuration values such as your LogMeOnce username,  password and domain. It is highly recommended to create a seperate user when using this feature so all logging and audit trail is enabled. 

If your config file does not exist (the default location is <default-user-home>/.lmo/credential.cfg), the LogMeOnce CLI will create it for you. To keep an existing value, hit enter when prompted for the value. When you are prompted for information, the current value will be displayed in [brackets] except the password. If the config item has no value, it is displayed as [None]. 

Note: the values you provide for the LogMeOnce credential will be written to the credentials file (~/.lmo/credential.cfg).

 

The credential is encrypted and data is protected:

[Section1]
username = AT0oInhv1MqGu12cZIOLI48MggZD5J6irc9IhN64ESS4LdllMUIVYy2JzZ3fM+CX2JYrUj6PZtb1yMlSttUzuJkVZI7su
password = AdZ/CYVhni9d/tRGxiHS7zVyqy5uYm/Y66OvxO4BrUdKei8qyn9q8RjOJ9t0Zjj9FDQuhd3u1F+yul-+x6TZ7dGBfEoN
domain = AdsIcq2CgnbPgwer4f!tnT3Qw6lMdm4zjePmemrt@YLYCiWhVge9Vq+OAcpTZVr+fxhpbynR3mT46x6GZVBNnfQmERaL9p

 

Examples:

Windows configuration file location: C:\Users\mike\.lmo\credential.cfg

Linux configuration file location: ~\.lmo\credential.cfg

 

>lmo config or lmo config -profile service2.cfg
LogMeOnce Username [None]: marketing@logmeonce.com
LogMeOnce Password [None]: <Your-password-for-this-account>
LogMeOnce Domain [None]: <yourdomain>.logmeonce.com

 >lmo config show or lmo config show -profile service2.cfg 

 >lmo config validate or lmo config validate -profile service2.cfg


The only difference is with LogMeOnce CLI it requires a password and PasswordLess operations are not permitted. 

 

Sites Command 

Sites [site_ID] [-profile name]

This command is run with no arguments, you will be prompted for configuration values such as your LogMeOnce username,  password and domain. It is highly recommended to create a seperate user when using this feature so all logging and audit trail is enabled. 

Getting list of sites

Extra parameters

  • search - filters the list of sites by search phrase
> lmo sites -search Facebook
> lmo sites -search “two words”
  •  decrypt - decrypts input values
> lmo sites -decrypt


Examples:

{
"sites": [
     {
         "id": 1749398,
         "name": "Google",
         "updated": 1586452560,
         "flags": 293,
         "image": "https://logmeonce-sites.s3.amazonaws.com/256_google_175x175.png",
         "icon": "https://logmeonce-sites.s3.amazonaws.com/256_google_16x16.png",
         "used": 0,
         "login": {
             "Url": "https://accounts.google.com/ServiceLogin?continue=http://www.google.com/",
             "regex": "^(ftp|http|https)://([^/]+\\.)?google.com.*",
             "inputs": [
                 {
                     "flags": 3,
                     "name": "[\"identifier\", \"Email\"]",
                     "type": "text",
                     "value": "Adh/fgxV90+BoMboA+DojRSxAb7BhGpz26IrF+Nxj49QPOjc5f8swFBcpgLBKG3rRasAkf0="
                 },
                 {
                     "flags": 5,
                     "name": "[\"password\", \"Passwd\"]",
                     "type": "password",
                     "value": "Adh/fgzAxSBxlmvPL/tV+50rS1F5y5fLyp4I8zPoq+rYsR0JFFOuvlhkciNzh/ahT8pshh8="
                 }
             ],
             "match": {
                 "username": "#profileIdentifier, #email-display",
                 "trim": "@gmail.com"
             },
             "action": {
                 "submit": "#identifierNext, #passwordNext"
             }
         }
}
}

 

Getting single site

> lmo sites [SITE_ID] 

You can get single site data by passing site ID.

> lmo sites 1749398

Extra parameters

  • decrypt - decrypts input values
> lmo sites 1749398 -decrypt

 

Creating new site

> lmo sites -create -file <FILE_PATH>

This is another version of sites command. With help of the “create” parameter, you can create new sites. The information of the new site should be available in JSON file. 

 

JSON file format:

{
    "url": "https://www.facebook.com/",
    "name": "Facebook (john)",
    "inputs": [{
        "type": "text",
        "value": "john.doe@gmail.com"
    }, {
        "type": "password",
        "value": "secret_password",
    }]
}


Site data format:

  • url - login page url (required)
  • name - name of site (optional)
  • inputs - array of inputs - at least single password must be present (required)
  • note - site note (optional)
  • flags - numeric value that defines SSO and SLO (bitwise operation)
    • 1 - SSO - Automatic Login
    • 2 - SLO - Automatic Logout

By default only SSO is enabled, possible values are:

  • 0 - both SSO, SLO disabled
  • 1 - SSO enabled, SLO disabled
  • 2 - SSO disabled, SLO enabled
  • 3 - both SSO, SLO enabled

Input data format:

  • type - default is text
  • flags - numeric value that defines input properties (bitwise operation)
    • 1 - required - this input is required to be found in login page, all required inputs must be found in order for site to be detected
    • 2 - username - this input is marked as Username (only 1 input can be marked as username, but there can be more non-password inputs)
    • 4 - password - this input is marked as Password (only 1 input can be marked as password, but there can be more inputs with type password)
    • 8 - used internally by some sites from catalog
    • 16 - only for inputs that are “checkbox” type - when this bit is set it means checkbox is checked, when this bit is not set checkbox is unchecked
  • value - the value of the input - must be encrypted

Extra parameters

  • encrypt - encrypting input values are note

> lmo sites -create -encrypt -file file somefile.json

 

Updating existing site

> lmo sites [SITE_ID] -update -file <FILE_PATH>

With help of the update parameter of sites, you can update existing sites. The information of the new site should be available in file or parameter.

The data format for input JSON file is exactly the same as explained above in create section. If you only want to update one or two parameters without passing all data - instead of passing the parameters in JSON file - you can pass it as arguments, like:

> lmo sites 1749398 -update -name “Facebook (changed)”

> lmo sites 1749398 -update -name “Facebook (changed)” -url https://facebook.com

All parameters can be passed as arguments or in JSON file format - but it is recommended to use JSON file.

 

Deleting site

> lmo sites [ID] -delete 

With help of the delete parameter of sites, you can delete existing sites. You require existing site ID to delete specific sites from the list.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.