cyberark.pas.cyberark_authentication – CyberArk Authentication using PAS Web Services SDK.
cyberark.pas.cyberark_authentication – CyberArk Authentication using PAS Web Services SDK.
Note
This plugin is part of the cyberark.pas collection (version 1.0.5).
To install it use: ansible-galaxy collection install cyberark.pas.
To use it in a playbook, specify: cyberark.pas.cyberark_authentication.
New in version 2.4: of cyberark.pas
Synopsis
- Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called cyberark_session. Every module can use this fact as
cyberark_sessionparameter.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
api_base_url string |
A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK. | |
|
connection_number integer |
To support multiple connections for same user specify different value for this parameter. | |
|
cyberark_session dictionary |
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session. | |
|
new_password string |
The new password of the user. This parameter is optional, and enables you to change a password. | |
|
password string |
The password of the user. | |
|
state string |
|
Specifies if an authentication logon/logoff and a cyberark_session should be added/removed. |
|
use_radius_authentication boolean |
|
Whether or not users will be authenticated via a RADIUS server. Valid values are true/false. |
|
use_shared_logon_authentication boolean |
|
Whether or not Shared Logon Authentication will be used. |
|
username string |
The name of the user who will logon to the Vault. | |
|
validate_certs boolean |
|
If |
Examples
- name: Logon - use_shared_logon_authentication
cyberark_authentication:
api_base_url: "{{ web_services_base_url }}"
use_shared_logon_authentication: yes
- name: Logon - Not use_shared_logon_authentication
cyberark_authentication:
api_base_url: "{{ web_services_base_url }}"
username: "{{ password_object.password }}"
password: "{{ password_object.passprops.username }}"
use_shared_logon_authentication: no
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
cyberark_session complex |
success |
Authentication facts.
| |
|
api_base_url string |
always |
Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls.
| |
|
token string |
always |
The token that identifies the session, encoded in BASE 64.
| |
|
use_shared_logon_authentication boolean |
always |
Whether or not Shared Logon Authentication was used to establish the session.
| |
|
validate_certs boolean |
always |
Whether or not SSL certificates should be validated.
|
Authors
- Edward Nunez (@enunez-cyberark) CyberArk BizDev
- Cyberark Bizdev (@cyberark-bizdev)
- Erasmo Acosta (@erasmix)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/cyberark/pas/cyberark_authentication_module.html
