W3cubDocs

/Ansible 2.10

cyberark.pas.cyberark_authentication – CyberArk Authentication using PAS Web Services SDK.

Note

This plugin is part of the cyberark.pas collection.

To install it use: ansible-galaxy collection install cyberark.pas.

To use it in a playbook, specify: cyberark.pas.cyberark_authentication.

New in version 2.4: of cyberark.pas

Synopsis
Parameters
Examples
Return Values

Synopsis

Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called cyberark_session. Every module can use this fact as cyberark_session parameter.

Parameters

Parameter	Choices/Defaults	Comments
api_base_url string		A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK.
connection_number integer		To support multiple connections for same user specify different value for this parameter.
cyberark_session dictionary		Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session.
new_password string		The new password of the user. This parameter is optional, and enables you to change a password.
password string		The password of the user.
state string	Choices: present ← absent	Specifies if an authentication logon/logoff and a cyberark_session should be added/removed.
use_radius_authentication boolean	Choices: no ← yes	Whether or not users will be authenticated via a RADIUS server. Valid values are true/false.
use_shared_logon_authentication boolean	Choices: no ← yes	Whether or not Shared Logon Authentication will be used.
username string		The name of the user who will logon to the Vault.
validate_certs boolean	Choices: no yes ←	If `false`, SSL certificates will not be validated. This should only set to `false` used on personally controlled sites using self-signed certificates.

Examples

- name: Logon - use_shared_logon_authentication
  cyberark_authentication:
    api_base_url: "{{ web_services_base_url }}"
    use_shared_logon_authentication: yes

- name: Logon - Not use_shared_logon_authentication
  cyberark_authentication:
    api_base_url: "{{ web_services_base_url }}"
    username: "{{ password_object.password }}"
    password: "{{ password_object.passprops.username }}"
    use_shared_logon_authentication: no

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key		Returned	Description
cyberark_session complex		success	Authentication facts.
	api_base_url string	always	Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls.
	token string	always	The token that identifies the session, encoded in BASE 64.
	use_shared_logon_authentication boolean	always	Whether or not Shared Logon Authentication was used to establish the session.
	validate_certs boolean	always	Whether or not SSL certificates should be validated.

Authors

Edward Nunez (@enunez-cyberark) CyberArk BizDev
Cyberark Bizdev (@cyberark-bizdev)
Erasmo Acosta (@erasmix)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/cyberark/pas/cyberark_authentication_module.html