community.general.utm_proxy_auth_profile module – Create, update or destroy reverse_proxy auth_profile entry in Sophos UTM

Note

This module is part of the community.general collection (version 5.8.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.utm_proxy_auth_profile.

Synopsis

  • Create, update or destroy a reverse_proxy auth_profile entry in SOPHOS UTM.

  • This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter

Comments

aaa

list / elements=string / required

List of references to utm_aaa objects (allowed users or groups)

backend_mode

string

Specifies if the backend server needs authentication ([Basic|None])

Choices:

  • "Basic"

  • "None" ← (default)

backend_strip_basic_auth

boolean

Should the login data be stripped when proxying the request to the backend host

Choices:

  • false

  • true ← (default)

backend_user_prefix

string

Prefix string to prepend to the username for backend authentication

Default: ""

backend_user_suffix

string

Suffix string to append to the username for backend authentication

Default: ""

basic_prompt

string / required

The message in the basic authentication prompt

comment

string

Optional comment string

Default: ""

string

Frontend cookie name

string

Frontend cookie secret

frontend_form

string

Frontend authentication form name

frontend_form_template

string

Frontend authentication form template

Default: ""

frontend_login

string

Frontend login name

frontend_logout

string

Frontend logout name

frontend_mode

string

Frontend authentication mode (Form|Basic)

Choices:

  • "Basic" ← (default)

  • "Form"

frontend_realm

string

Frontend authentication realm

frontend_session_allow_persistency

boolean

Allow session persistency

Choices:

  • false ← (default)

  • true

frontend_session_lifetime

integer / required

session lifetime

frontend_session_lifetime_limited

boolean

Specifies if limitation of session lifetime is active

Choices:

  • false

  • true ← (default)

frontend_session_lifetime_scope

string

scope for frontend_session_lifetime (days|hours|minutes)

Choices:

  • "days"

  • "hours" ← (default)

  • "minutes"

frontend_session_timeout

integer / required

session timeout

frontend_session_timeout_enabled

boolean

Specifies if session timeout is active

Choices:

  • false

  • true ← (default)

frontend_session_timeout_scope

string

scope for frontend_session_timeout (days|hours|minutes)

Choices:

  • "days"

  • "hours"

  • "minutes" ← (default)

headers

dictionary

A dictionary of additional headers to be sent to POST and PUT requests.

Is needed for some modules

Default: {}

logout_delegation_urls

list / elements=string

List of logout URLs that logouts are delegated to

Default: []

logout_mode

string

Mode of logout (None|Delegation)

Choices:

  • "None" ← (default)

  • "Delegation"

name

string / required

The name of the object. Will be used to identify the entry

redirect_to_requested_url

boolean

Should a redirect to the requested URL be made

Choices:

  • false ← (default)

  • true

state

string

The desired state of the object.

present will create or update an object

absent will delete an object if it was present

Choices:

  • "absent"

  • "present" ← (default)

utm_host

string / required

The REST Endpoint of the Sophos UTM.

utm_port

integer

The port of the REST interface.

Default: 4444

utm_protocol

string

The protocol of the REST Endpoint.

Choices:

  • "http"

  • "https" ← (default)

utm_token

string / required

The token used to identify at the REST-API. See https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la%3Den, Chapter 2.4.2.

validate_certs

boolean

Whether the REST interface’s ssl certificate should be verified or not.

Choices:

  • false

  • true ← (default)

Examples

- name: Create UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    aaa: [REF_OBJECT_STRING,REF_ANOTHEROBJECT_STRING]
    basic_prompt: "Authentication required: Please login"
    frontend_session_lifetime: 1
    frontend_session_timeout: 1
    state: present

- name: Remove UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    state: absent

- name: Read UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    state: info

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

result

complex

The utm object that was created

Returned: success

_locked

boolean

Whether or not the object is currently locked

Returned: success

_ref

string

The reference name of the object

Returned: success

_type

string

The type of the object

Returned: success

aaa

list / elements=string

List of references to utm_aaa objects (allowed users or groups)

Returned: success

backend_mode

string

Specifies if the backend server needs authentication ([Basic|None])

Returned: success

backend_strip_basic_auth

boolean

Should the login data be stripped when proxying the request to the backend host

Returned: success

backend_user_prefix

string

Prefix string to prepend to the username for backend authentication

Returned: success

backend_user_suffix

string

Suffix string to append to the username for backend authentication

Returned: success

basic_prompt

string

The message in the basic authentication prompt

Returned: success

comment

string

Optional comment string

Returned: success

string

Frontend cookie name

Returned: success

frontend_form

string

Frontend authentication form name

Returned: success

frontend_form_template

string

Frontend authentication form template

Returned: success

frontend_login

string

Frontend login name

Returned: success

frontend_logout

string

Frontend logout name

Returned: success

frontend_mode

string

Frontend authentication mode (Form|Basic)

Returned: success

frontend_realm

string

Frontend authentication realm

Returned: success

frontend_session_allow_persistency

boolean

Allow session persistency

Returned: success

frontend_session_lifetime

integer

session lifetime

Returned: success

frontend_session_lifetime_limited

boolean

Specifies if limitation of session lifetime is active

Returned: success

frontend_session_lifetime_scope

string

scope for frontend_session_lifetime (days|hours|minutes)

Returned: success

frontend_session_timeout

integer

session timeout

Returned: success

frontend_session_timeout_enabled

boolean

Specifies if session timeout is active

Returned: success

frontend_session_timeout_scope

string

scope for frontend_session_timeout (days|hours|minutes)

Returned: success

logout_delegation_urls

list / elements=string

List of logout URLs that logouts are delegated to

Returned: success

logout_mode

string

Mode of logout (None|Delegation)

Returned: success

name

string

The name of the object

Returned: success

redirect_to_requested_url

boolean

Should a redirect to the requested URL be made

Returned: success

Authors

  • Stephan Schwarz (@stearz)