utm_proxy_auth_profile – create, update or destroy reverse_proxy auth_profile entry in Sophos UTM¶
New in version 2.8.
Synopsis¶
Create, update or destroy a reverse_proxy auth_profile entry in SOPHOS UTM.
This module needs to have the REST Ability of the UTM to be activated.
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
aaa
-
/ required
|
List of references to utm_aaa objects (allowed users or groups)
|
|
backend_mode
-
|
|
Specifies if the backend server needs authentication ([Basic|None])
|
backend_strip_basic_auth
boolean
|
|
Should the login data be stripped when proxying the request to the backend host
|
backend_user_prefix
-
|
Default: ""
|
Prefix string to prepend to the username for backend authentication
|
backend_user_suffix
-
|
Default: ""
|
Suffix string to append to the username for backend authentication
|
basic_prompt
-
/ required
|
The message in the basic authentication prompt
|
|
comment
-
|
Default: ""
|
Optional comment string
|
frontend_cookie
-
|
Frontend cookie name
|
|
frontend_cookie_secret
-
|
Frontend cookie secret
|
|
frontend_form
-
|
Frontend authentication form name
|
|
frontend_form_template
-
|
Default: ""
|
Frontend authentication form template
|
frontend_login
-
|
Frontend login name
|
|
frontend_logout
-
|
Frontend logout name
|
|
frontend_mode
-
|
|
Frontend authentication mode (Form|Basic)
|
frontend_realm
-
|
Frontend authentication realm
|
|
frontend_session_allow_persistency
boolean
|
|
Allow session persistency
|
frontend_session_lifetime
-
/ required
|
session lifetime
|
|
frontend_session_lifetime_limited
boolean
|
|
Specifies if limitation of session lifetime is active
|
frontend_session_lifetime_scope
-
|
|
scope for frontend_session_lifetime (days|hours|minutes)
|
frontend_session_timeout
-
/ required
|
session timeout
|
|
frontend_session_timeout_enabled
boolean
|
|
Specifies if session timeout is active
|
frontend_session_timeout_scope
-
|
|
scope for frontend_session_timeout (days|hours|minutes)
|
headers
dictionary
|
A dictionary of additional headers to be sent to POST and PUT requests.
Is needed for some modules
|
|
logout_delegation_urls
-
|
Default: []
|
List of logout URLs that logouts are delegated to
|
logout_mode
-
|
|
Mode of logout (None|Delegation)
|
name
-
/ required
|
The name of the object. Will be used to identify the entry
|
|
redirect_to_requested_url
boolean
|
|
Should a redirect to the requested URL be made
|
state
string
|
|
The desired state of the object.
present will create or update an objectabsent will delete an object if it was present |
utm_host
string
/ required
|
The REST Endpoint of the Sophos UTM.
|
|
utm_port
integer
|
Default: 4444
|
The port of the REST interface.
|
utm_protocol
string
|
|
The protocol of the REST Endpoint.
|
utm_token
string
/ required
|
The token used to identify at the REST-API. See https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en, Chapter 2.4.2.
|
|
validate_certs
boolean
|
|
Whether the REST interface's ssl certificate should be verified or not.
|
Examples¶
- name: Create UTM proxy_auth_profile
utm_proxy_auth_profile:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAuthProfileEntry
aaa: [REF_OBJECT_STRING,REF_ANOTHEROBJECT_STRING]
basic_prompt: "Authentication required: Please login"
frontend_session_lifetime: 1
frontend_session_timeout: 1
state: present
- name: Remove UTM proxy_auth_profile
utm_proxy_auth_profile:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAuthProfileEntry
state: absent
- name: Read UTM proxy_auth_profile
utm_proxy_auth_profile:
utm_host: sophos.host.name
utm_token: abcdefghijklmno1234
name: TestAuthProfileEntry
state: info
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
result
complex
|
success |
The utm object that was created
|
|
_locked
boolean
|
Whether or not the object is currently locked
|
||
_ref
string
|
The reference name of the object
|
||
_type
string
|
The type of the object
|
||
aaa
list
|
List of references to utm_aaa objects (allowed users or groups)
|
||
backend_mode
string
|
Specifies if the backend server needs authentication ([Basic|None])
|
||
backend_strip_basic_auth
boolean
|
Should the login data be stripped when proxying the request to the backend host
|
||
backend_user_prefix
string
|
Prefix string to prepend to the username for backend authentication
|
||
backend_user_suffix
string
|
Suffix string to append to the username for backend authentication
|
||
basic_prompt
string
|
The message in the basic authentication prompt
|
||
comment
string
|
Optional comment string
|
||
frontend_cookie
string
|
Frontend cookie name
|
||
frontend_cookie_secret
string
|
Frontend cookie secret
|
||
frontend_form
string
|
Frontend authentication form name
|
||
frontend_form_template
string
|
Frontend authentication form template
|
||
frontend_login
string
|
Frontend login name
|
||
frontend_logout
string
|
Frontend logout name
|
||
frontend_mode
string
|
Frontend authentication mode (Form|Basic)
|
||
frontend_realm
string
|
Frontend authentication realm
|
||
frontend_session_allow_persistency
boolean
|
Allow session persistency
|
||
frontend_session_lifetime
integer
|
session lifetime
|
||
frontend_session_lifetime_limited
boolean
|
Specifies if limitation of session lifetime is active
|
||
frontend_session_lifetime_scope
string
|
scope for frontend_session_lifetime (days|hours|minutes)
|
||
frontend_session_timeout
integer
|
session timeout
|
||
frontend_session_timeout_enabled
boolean
|
Specifies if session timeout is active
|
||
frontend_session_timeout_scope
string
|
scope for frontend_session_timeout (days|hours|minutes)
|
||
logout_delegation_urls
list
|
List of logout URLs that logouts are delegated to
|
||
logout_mode
string
|
Mode of logout (None|Delegation)
|
||
name
string
|
The name of the object
|
||
redirect_to_requested_url
boolean
|
Should a redirect to the requested URL be made
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]