cyberark_authentication - Module for CyberArk Vault Authentication using PAS Web Services SDK
New in version 2.4.
Synopsis
- Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called cyberark_session. Every module can use this fact as
cyberark_sessionparameter.
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| api_base_url | no | A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK. | ||
| cyberark_session | no | Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session. | ||
| new_password | no | The new password of the user. This parameter is optional, and enables you to change a password. | ||
| password | no | The password of the user. | ||
| state | no | present |
| Specifies if an authentication logon/logoff and a cyberark_session should be added/removed. |
| use_radius_authentication | no | no |
| Whether or not users will be authenticated via a RADIUS server. Valid values are true/false. |
| use_shared_logon_authentication | no | no |
| Whether or not Shared Logon Authentication will be used. |
| username | no | The name of the user who will logon to the Vault. | ||
| validate_certs | no | yes |
| If false, SSL certificates will not be validated. This should only set to false used on personally controlled sites using self-signed certificates. |
Examples
- name: Logon to CyberArk Vault using PAS Web Services SDK - use_shared_logon_authentication
cyberark_authentication:
api_base_url: "{{ web_services_base_url }}"
use_shared_logon_authentication: yes
- name: Logon to CyberArk Vault using PAS Web Services SDK - Not use_shared_logon_authentication
cyberark_authentication:
api_base_url: "{{ web_services_base_url }}"
username: "{{ password_object.password }}"
password: "{{ password_object.passprops.username }}"
use_shared_logon_authentication: no
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| cyberark_session | Authentication facts. | success | dict | {'token': {'type': 'string', 'description': 'The token that identifies the session, encoded in BASE 64.', 'returned': 'always'}, 'validate_certs': {'type': 'bool', 'description': 'Whether or not SSL certificates should be validated.', 'returned': 'always'}, 'use_shared_logon_authentication': {'type': 'bool', 'description': 'Whether or not Shared Logon Authentication was used to establish the session.', 'returned': 'always'}, 'api_base_url': {'type': 'string', 'description': 'Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls.', 'returned': 'always'}} |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/cyberark_authentication_module.html