community.general.utm_proxy_auth_profile – create, update or destroy reverse_proxy auth_profile entry in Sophos UTM

Note

This plugin is part of the community.general collection (version 4.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.utm_proxy_auth_profile.

Synopsis

  • Create, update or destroy a reverse_proxy auth_profile entry in SOPHOS UTM.

  • This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter Choices/Defaults Comments
aaa
list / elements=string / required
List of references to utm_aaa objects (allowed users or groups)
backend_mode
string
    Choices:
  • Basic
  • None ←
Specifies if the backend server needs authentication ([Basic|None])
backend_strip_basic_auth
boolean
    Choices:
  • no
  • yes ←
Should the login data be stripped when proxying the request to the backend host
backend_user_prefix
string
Default:
""
Prefix string to prepend to the username for backend authentication
backend_user_suffix
string
Default:
""
Suffix string to append to the username for backend authentication
basic_prompt
string / required
The message in the basic authentication prompt
comment
string
Default:
""
Optional comment string
frontend_cookie
string
Frontend cookie name
frontend_cookie_secret
string
Frontend cookie secret
frontend_form
string
Frontend authentication form name
frontend_form_template
string
Default:
""
Frontend authentication form template
frontend_login
string
Frontend login name
frontend_logout
string
Frontend logout name
frontend_mode
string
    Choices:
  • Basic ←
  • Form
Frontend authentication mode (Form|Basic)
frontend_realm
string
Frontend authentication realm
frontend_session_allow_persistency
boolean
    Choices:
  • no ←
  • yes
Allow session persistency
frontend_session_lifetime
integer / required
session lifetime
frontend_session_lifetime_limited
boolean
    Choices:
  • no
  • yes ←
Specifies if limitation of session lifetime is active
frontend_session_lifetime_scope
string
    Choices:
  • days
  • hours ←
  • minutes
scope for frontend_session_lifetime (days|hours|minutes)
frontend_session_timeout
integer / required
session timeout
frontend_session_timeout_enabled
boolean
    Choices:
  • no
  • yes ←
Specifies if session timeout is active
frontend_session_timeout_scope
string
    Choices:
  • days
  • hours
  • minutes ←
scope for frontend_session_timeout (days|hours|minutes)
headers
dictionary
A dictionary of additional headers to be sent to POST and PUT requests.
Is needed for some modules
logout_delegation_urls
list / elements=string
Default:
[]
List of logout URLs that logouts are delegated to
logout_mode
string
    Choices:
  • None ←
  • Delegation
Mode of logout (None|Delegation)
name
string / required
The name of the object. Will be used to identify the entry
redirect_to_requested_url
boolean
    Choices:
  • no ←
  • yes
Should a redirect to the requested URL be made
state
string
    Choices:
  • absent
  • present ←
The desired state of the object.
present will create or update an object
absent will delete an object if it was present
utm_host
string / required
The REST Endpoint of the Sophos UTM.
utm_port
integer
Default:
4444
The port of the REST interface.
utm_protocol
string
    Choices:
  • http
  • https ←
The protocol of the REST Endpoint.
utm_token
string / required
validate_certs
boolean
    Choices:
  • no
  • yes ←
Whether the REST interface's ssl certificate should be verified or not.

Examples

- name: Create UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    aaa: [REF_OBJECT_STRING,REF_ANOTHEROBJECT_STRING]
    basic_prompt: "Authentication required: Please login"
    frontend_session_lifetime: 1
    frontend_session_timeout: 1
    state: present

- name: Remove UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    state: absent

- name: Read UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    state: info

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
result
complex
success
The utm object that was created

 
_locked
boolean
success
Whether or not the object is currently locked

 
_ref
string
success
The reference name of the object

 
_type
string
success
The type of the object

 
aaa
list / elements=string
success
List of references to utm_aaa objects (allowed users or groups)

 
backend_mode
string
success
Specifies if the backend server needs authentication ([Basic|None])

 
backend_strip_basic_auth
boolean
success
Should the login data be stripped when proxying the request to the backend host

 
backend_user_prefix
string
success
Prefix string to prepend to the username for backend authentication

 
backend_user_suffix
string
success
Suffix string to append to the username for backend authentication

 
basic_prompt
string
success
The message in the basic authentication prompt

 
comment
string
success
Optional comment string

  frontend_cookie
string
success
Frontend cookie name

 
frontend_form
string
success
Frontend authentication form name

 
frontend_form_template
string
success
Frontend authentication form template

 
frontend_login
string
success
Frontend login name

 
frontend_logout
string
success
Frontend logout name

 
frontend_mode
string
success
Frontend authentication mode (Form|Basic)

 
frontend_realm
string
success
Frontend authentication realm

 
frontend_session_allow_persistency
boolean
success
Allow session persistency

 
frontend_session_lifetime
integer
success
session lifetime

 
frontend_session_lifetime_limited
boolean
success
Specifies if limitation of session lifetime is active

 
frontend_session_lifetime_scope
string
success
scope for frontend_session_lifetime (days|hours|minutes)

 
frontend_session_timeout
integer
success
session timeout

 
frontend_session_timeout_enabled
boolean
success
Specifies if session timeout is active

 
frontend_session_timeout_scope
string
success
scope for frontend_session_timeout (days|hours|minutes)

 
logout_delegation_urls
list / elements=string
success
List of logout URLs that logouts are delegated to

 
logout_mode
string
success
Mode of logout (None|Delegation)

 
name
string
success
The name of the object

 
redirect_to_requested_url
boolean
success
Should a redirect to the requested URL be made



Authors

  • Stephan Schwarz (@stearz)