Update generated README

README.md

@@ -14,8 +14,6 @@ The Universal Orchestrator is part of the Keyfactor software distribution and is
 The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator.
 
 
-
-
 ## Support for Citrix Netscaler Universal Orchestrator
 
 Citrix Netscaler Universal Orchestrator is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com
@@ -32,9 +30,79 @@ Citrix Netscaler Universal Orchestrator is supported by Keyfactor for Keyfactor
 
 The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.1
 
+## Platform Specific Notes
+
+The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running.
+| Operation | Win | Linux |
+|-----|-----|------|
+|Supports Management Add|✓ |✓ |
+|Supports Management Remove|✓ |✓ |
+|Supports Create Store| | |
+|Supports Discovery| | |
+|Supports Renrollment| | |
+|Supports Inventory|✓ |✓ |
+
+
+## PAM Integration
+
+This orchestrator extension has the ability to connect to a variety of supported PAM providers to allow for the retrieval of various client hosted secrets right from the orchestrator server itself. This eliminates the need to set up the PAM integration on Keyfactor Command which may be in an environment that the client does not want to have access to their PAM provider.
+
+The secrets that this orchestrator extension supports for use with a PAM Provider are:
+
+|Name|Description|
+|----|-----------|
+|ServerUsername|The user id that will be used to authenticate into the server hosting the store|
+|ServerPassword|The password that will be used to authenticate into the server hosting the store|
+|StorePassword|The optional password used to secure the certificate store being managed|
+
+It is not necessary to use a PAM Provider for all of the secrets available above. If a PAM Provider should not be used, simply enter in the actual value to be used, as normal.
+
+If a PAM Provider will be used for one of the fields above, start by referencing the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam). The GitHub repo for the PAM Provider to be used contains important information such as the format of the `json` needed. What follows is an example but does not reflect the `json` values for all PAM Providers as they have different "instance" and "initialization" parameter names and values.
+
+<details><summary>General PAM Provider Configuration</summary>
+<p>
+
+
+
+### Example PAM Provider Setup
+
+To use a PAM Provider to resolve a field, in this example the __Server Password__ will be resolved by the `Hashicorp-Vault` provider, first install the PAM Provider extension from the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) on the Universal Orchestrator.
+
+Next, complete configuration of the PAM Provider on the UO by editing the `manifest.json` of the __PAM Provider__ (e.g. located at extensions/Hashicorp-Vault/manifest.json). The "initialization" parameters need to be entered here:
+
+~~~ json
+ "Keyfactor:PAMProviders:Hashicorp-Vault:InitializationInfo": {
+ "Host": "http://127.0.0.1:8200",
+ "Path": "v1/secret/data",
+ "Token": "xxxxxx"
+ }
+~~~
+
+After these values are entered, the Orchestrator needs to be restarted to pick up the configuration. Now the PAM Provider can be used on other Orchestrator Extensions.
+
+### Use the PAM Provider
+With the PAM Provider configured as an extenion on the UO, a `json` object can be passed instead of an actual value to resolve the field with a PAM Provider. Consult the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) for the specific format of the `json` object.
+
+To have the __Server Password__ field resolved by the `Hashicorp-Vault` provider, the corresponding `json` object from the `Hashicorp-Vault` extension needs to be copied and filed in with the correct information:
+
+~~~ json
+{"Secret":"my-kv-secret","Key":"myServerPassword"}
+~~~
+
+This text would be entered in as the value for the __Server Password__, instead of entering in the actual password. The Orchestrator will attempt to use the PAM Provider to retrieve the __Server Password__. If PAM should not be used, just directly enter in the value for the field.
+</p>
+</details> 
+
+
+
+
+---
+
+
 **Netscaler Cert Store Type Setup**
 
-*1. Cert Store Type Basic Settings*
+The Citrix ADC Orchestrator remotely manages certificates on the NetScaler device. Since the ADC supports services including: 
+Load Balancing, Authentication/Authorization/Auditing (AAA), and Gateways, this orchestrator can bind to any of these virtual servers when using unique virtual server names for each service.
 
 ![](Images/CertStoreType-Basic.gif)
 
@@ -50,6 +118,11 @@ The minimum version of the Keyfactor Universal Orchestrator Framework needed to
 *5. Cert Store Type Entry Params - KPEntry*
 ![](Images/CertStoreType-KPEntry.gif)
 
+#### STORE TYPE ENTRY PARAMS
+CONFIG ELEMENT | DESCRIPTION
+------------------|------------------
+Virtual Server | When Enrolling, this can be a single or comma separated list of VServers in Netscaler to replace.
+Key Pair| When Enrolling, this is the name of the Certificate that will be installed on Netscaler
 
 **Netscaler Cert Store Setup**
 
@@ -71,15 +144,14 @@ Password| This is the password that will be authenticated against the Netscaler
 
 **Netscaler permissions needed**
 
-The NetScaler user needs permission to perform the following API calls:
+CONFIG ELEMENT | VALUE | DESCRIPTION
+------------------|------------------|----------------
+Store Path Type |Freeform |Determines what restrictions are applied to the store path field when configuring a new store.
+Supports Custom Alias |Required |Determines if an individual entry within a store can have a custom Alias.
+Private Keys |Required |This determines if Keyfactor can send the private key associated with a certificate to the store. This is required since Citrix ADC will need the private key material to establish TLS connections.
+PFX Password Style |Default or Custom |This determines how the platform generate passwords to protect a PFX enrollment job that is delivered to the store.
 
-API Endpoint|Methods
----|---
-/nitro/v1/config/login|post
-/nitro/v1/config/lbvserver| get
-/nitro/v1/config/sslcertkey| get, update, add, delete
-/nitro/v1/config/sslcertkey_service_binding| get, update, add, delete
-/nitro/v1/config/systemfile| get, add, delete
+**Custom Fields**
 
 **Enrollment Multiple Virtual Servers**
 
@@ -123,5 +195,5 @@ Case Number|Case Name|Enrollment Params|Expected Results|Passed|Screenshot
 13 |Add Sni Cert To Multiple VServers and bind|**Alias:** TC13.boingy.com<br/>**Virtual Server Name:** TestVServer,TestVServer2<br/>**Sni Cert:** false,true|Adds and binds Cert to TestVServer and adds and binds Sni Cert to TestVServer2|True|![](Images/TC13.gif)
 14 |Inventory |No Params|Will Perform Inventory and pull down all Certs Tied to VServers|True|![](Images/TC14.gif)
 
-</details>
+![](Images/Remove.gif)