Kaseya Community

Link to New Live Connect

This question has suggested answer(s)

In the previous version of Kaseya 9.2 we could like directly to Live Connect. By using an example like this https://kaseyahost/KLC/LiveConnect.aspx?agentguid=129417970253330

I am wondering if anyone knows the new format of the URL to access the new live connect features. 

All Replies
  • I've been looking into this and I don't think it's going to be as simple as it was previously - it appears Kaseya uses an API call to create the LiveConnect session which I can't imagine can be encapsulated in a single basic URL.

    Perhaps someone with API / development experience can comment further, but as far as I'm concerned it's no longer achievable without writing some code (which we're not ready to do at this stage).

  • Further to this - if you're interested it looks like the relevant code lives in /vsaPres/js/kaseya/web/master-debug.js (presumably a more human-readable version of master.js in that same folder) - search for: @class Kaseya.web.helpers.LiveConnectLauncher



    fixed file path
    [edited by: Combo at 9:15 PM (GMT -7) on Aug 14, 2016]
  • I've asked  and  for this twice but haven't heard back.  I opened a ticket (#146373) and was told the following:

    "I spoken with the engineering team regarding the portal page using the new live connect,and they confirmed this feature will no be available until 9.4."

    In looking at 

    Combo
    @class Kaseya.web.helpers.LiveConnectLauncher
    , it seems (to me at least) that triggering LiveConnect requires creation of an API session before the session can be launched using the API session token.

    My use case is for our Autotask instance--if I can pass through the Kaseya Device ID or the Agent GUID via specially-formed URL, an end-user clicking on said URL within the Autotask ticket who already has an active Kaseya application session would go right to the machine's modern LiveConnect interface.

    I also mentioned this on a recent call with Mike Puglia, and he said they're looking into what the magic URL would accept (Machine_GroupID, AgentGUID, both?) in order to locate & connect to the correct machine.  In my mind, one or both would be great, though at the moment, Autotask's Kaseya "integration" (I use the term very loosely) has a unique identifier of Machine_GroupID (which is a whole other issue when it comes to machines changing groups & creating duplicate Configuration Items in the Autotask database)... I digress...

    Alongside this requirement for a trigger-able URL to take a user directly into Live Connect, it would be great if 9.4 (or even a 9.3 patch) allowed us to (via System > Server Management > Default Settings) choose a default behavior for "clicking the dot" such that we can decide whether it opens standalone KRC or the new LiveConnect.

    I'm in the Beta program, so needless to say, I'll be harping on these points Wink

    If, in the interim, someone comes up with a clever way to build such a magic URL, please share!

  • I don't have any magic, but here are some details I noticed that could be helpful. It looks like the VSA URL being launched looks like this:

    https://vsahostname.domain.com/vsapres/api/session/create/00000000/111111111111111/22222222-2222-2222-2222-222222222222/NONE/NA/0?_dc=3333333333333

    00000000 The user's adminId
    111111111111111 The agentGuid
    22222222-2222-2222-2222-222222222222 The current web session id -- this appears to change at each VSA login.
    3333333333333 A timestamp used to avoid web server caching.

    Client-side AJAX then uses the returned JSON data to side-launch a url that looks like this:

    kaseyaliveconnect:///eyJob21lUGFnZVVybCI6Imh0dHBzOi8vdnNhaG9zdG5hbWUuZG9tYWluLmNvbS9saXZlY29ubmVjdC8iLCJwYXlsb2FkIjp7ImFnZW50SWQiOiIxMTExMTExMTExMTExMTEiLCJhdXRoIjp7IlRlbmFudElkIjoiMSIsIlRva2VuIjoiMTIzNDU2NzgiLCJVc2VyTmFtZSI6InNvbWVrYXNleWF1c2VyIiwiUm9sZUlkIjoyLCJTY29wZUlkIjoiMiIsIkFkbWluSWQiOjAwMDAwMDAwLCJNYWNoaW5lSWQiOm51bGwsIk1hY2hpbmVHcm91cE5hbWUiOm51bGwsIlNlcnZlcklwIjoidnNhaG9zdG5hbWUuZG9tYWluLmNvbSJ9LCJuYXZJZCI6ImRhc2hib2FyZCJ9LCJsYXVuY2hOb3RpZnlVcmwiOiJodHRwczovL3ZzYWhvc3RuYW1lLmRvbWFpbi5jb20vdnNhcHJlcy9hcGkvc2Vzc2lvbi9sYXVuY2gvNDQ0NDQ0NDQtNDQ0NC00NDQ0LTQ0NDQtNDQ0NDQ0NDQ0NDQ0In0=

    That URL is a base64 encoded JSON string containing information about how to connect using an already existing API token. Here is the decoded information reformatted to be human-readable (and scrubbed of identifying material):

    {
        "homePageUrl":"https://vsahostname.domain.com/liveconnect/",
        "payload":{
            "agentId":"111111111111111",
            "auth":{
                "TenantId":"1",
                "Token":"12345678",
                "UserName":"somekaseyauser",
                "RoleId":2,
                "ScopeId":"2",
                "AdminId":00000000,
                "MachineId":null,
                "MachineGroupName":null,
                "ServerIp":"vsahostname.domain.com"
            },
            "navId":"dashboard"
        },
        "launchNotifyUrl":"https://vsahostname.domain.com/vsapres/api/session/launch/44444444-4444-4444-4444-444444444444"
    }

    Right now it looks like recreating this outside of the VSA would require API calls because the call to the local LiveConnect client requires a token for authentication.

    I also checked for strings inside the KaseyaLiveConnect.exe binary and it doesn't appear that there are any useful command line switches that could be used to bypass API calls and the base64-encoded kasyealiveconnect:/// URL. I don't work for Kaseya and am just providing this as hopefully helpful information to try to understand the problem more fully as this is something we have considered as well, but haven't gotten to yet.

    I have a few other ideas of ways to potentially attack this, but unfortunately none of them are as quick and dirty as a specially crafted URL.

  • I'm not a developer but I did stay at a Holiday Inn Express last night... Stick out tongue

    (Thank you, by the way,  for your extensive research into this!)

    Maybe someone with some ASPx chops can weigh in on this, but what might be the difficulty to create an ASPx page that would live on the KServer and accept an AgentGUID and/or Machine_GroupID as a parameter?  Something like https://myvsa.mycompany.com/liveconnecthelper/liveconnecthelper.aspx?id=machine.subgroup.group Workflow as follows:

    1) Query the database (?) or cookies (?) to see if the user has an active application session
    2) If the user has an active application session, grab the user's adminId, web session ID, role, scope, etc...
    3) Query the DB to cross-reference the Machine_GroupID to an AgentGUID
    4) Make the call to the API to get the token with the information above
    5) Start the connection

    Again, I'm told this will be in 9.4, but dang if we sure could use this now!  Wink

  • (Note to self... take away Brian's harp Stick out tongue)

    Well done nate-pgn in the in-depth research on what is going on. You got the basic gist of what's going on. One of the reasons we are adding an API in v9.4 is so that we can link Live Connect to the entire IT Complete stack, and do so in a trusted and safe manner. So instead of giving you guys a solution that is sure to break in the next few months, we just haven't been promoting the idea of live links.

    Brian, I get the desire for it now. But we would rather get it right and make sure its safe so you do not go out and invest in codifying something that will just have to be changed. That, and if we didn't give you something to harp on us about, we never get to hear your sweet music at the CSC. ;-)