cyberark_authentication – Module for CyberArk Vault Authentication using PAS Web Services SDK

From Get docs
Ansible/docs/2.8/modules/cyberark authentication module


cyberark_authentication – Module for CyberArk Vault Authentication using PAS Web Services SDK

New in version 2.4.


Synopsis

  • Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called cyberark_session. Every module can use this fact as cyberark_session parameter.

Parameters

Parameter Choices/Defaults Comments

api_base_url

-

A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK.

cyberark_session

-

Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session.

new_password

-

The new password of the user. This parameter is optional, and enables you to change a password.

password

-

The password of the user.

state

-

  • present

  • absent

Specifies if an authentication logon/logoff and a cyberark_session should be added/removed.

use_radius_authentication

boolean

  • no

  • yes

Whether or not users will be authenticated via a RADIUS server. Valid values are true/false.

use_shared_logon_authentication

boolean

  • no

  • yes

Whether or not Shared Logon Authentication will be used.

username

-

The name of the user who will logon to the Vault.

validate_certs

boolean

  • no
  • yes

If false, SSL certificates will not be validated. This should only set to false used on personally controlled sites using self-signed certificates.



Examples

- name: Logon to CyberArk Vault using PAS Web Services SDK - use_shared_logon_authentication
  cyberark_authentication:
    api_base_url: "{{ web_services_base_url }}"
    use_shared_logon_authentication: yes

- name: Logon to CyberArk Vault using PAS Web Services SDK - Not use_shared_logon_authentication
  cyberark_authentication:
    api_base_url: "{{ web_services_base_url }}"
    username: "{{ password_object.password }}"
    password: "{{ password_object.passprops.username }}"
    use_shared_logon_authentication: no

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

cyberark_session

dictionary

success

Authentication facts.


Sample:

{'api_base_url': {'description': 'Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls.', 'type': 'str', 'returned': 'always'}, 'token': {'description': 'The token that identifies the session, encoded in BASE 64.', 'type': 'str', 'returned': 'always'}, 'use_shared_logon_authentication': {'description': 'Whether or not Shared Logon Authentication was used to establish the session.', 'type': 'bool', 'returned': 'always'}, 'validate_certs': {'description': 'Whether or not SSL certificates should be validated.', 'type': 'bool', 'returned': 'always'}}




Status

Authors

  • Edward Nunez (@enunez-cyberark) CyberArk BizDev
  • Cyberark Bizdev (@cyberark-bizdev)
  • erasmix (@erasmix)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/cyberark_authentication_module.html