Note
This plugin is part of the cyberark.pas collection (version 1.0.7).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cyberark.pas
.
To use it in a playbook, specify: cyberark.pas.cyberark_authentication
.
New in version 2.4: of cyberark.pas
cyberark_session
parameter.Parameter | Choices/Defaults | Comments |
---|---|---|
api_base_url string | A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK. | |
connection_number integer | To support multiple connections for same user specify different value for this parameter. | |
cyberark_session dictionary | Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session. | |
new_password string | The new password of the user. This parameter is optional, and enables you to change a password. | |
password string | The password of the user. | |
state string |
| Specifies if an authentication logon/logoff and a cyberark_session should be added/removed. |
use_cyberark_authentication boolean |
| Whether or not LDAP will be used. |
use_ldap_authentication boolean |
| Whether or not LDAP will be used. |
use_radius_authentication boolean |
| Whether or not users will be authenticated via a RADIUS server. Valid values are true/false. |
use_windows_authentication boolean |
| Whether or not Windows will be used. |
username string | The name of the user who will logon to the Vault. | |
validate_certs boolean |
| If false , SSL certificates will not be validated. This should only set to false used on personally controlled sites using self-signed certificates. |
- name: Logon - use_shared_logon_authentication cyberark_authentication: api_base_url: "{{ web_services_base_url }}" use_shared_logon_authentication: yes - name: Logon - Not use_shared_logon_authentication cyberark_authentication: api_base_url: "{{ web_services_base_url }}" username: "{{ password_object.password }}" password: "{{ password_object.passprops.username }}" use_shared_logon_authentication: no - name: Logoff from CyberArk Vault cyberark_authentication: state: absent cyberark_session: "{{ cyberark_session }}"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
cyberark_session complex | success | Authentication facts. | |
api_base_url string | always | Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls. | |
token string | always | The token that identifies the session, encoded in BASE 64. | |
use_shared_logon_authentication boolean | always | Whether or not Shared Logon Authentication was used to establish the session. | |
validate_certs boolean | always | Whether or not SSL certificates should be validated. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/cyberark/pas/cyberark_authentication_module.html