community.general.utm_proxy_auth_profile – create, update or destroy reverse_proxy auth_profile entry in Sophos UTM

Note

This plugin is part of the community.general collection (version 2.2.0).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.utm_proxy_auth_profile.

Synopsis

  • Create, update or destroy a reverse_proxy auth_profile entry in SOPHOS UTM.

  • This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter Choices/Defaults Comments
aaa
list / elements=string / required
List of references to utm_aaa objects (allowed users or groups)
backend_mode
string
    Choices:
  • Basic
  • None ←
Specifies if the backend server needs authentication ([Basic|None])
backend_strip_basic_auth
boolean
    Choices:
  • no
  • yes ←
Should the login data be stripped when proxying the request to the backend host
backend_user_prefix
string
Default:
""
Prefix string to prepend to the username for backend authentication
backend_user_suffix
string
Default:
""
Suffix string to append to the username for backend authentication
basic_prompt
string / required
The message in the basic authentication prompt
comment
string
Default:
""
Optional comment string
frontend_cookie
string
Frontend cookie name
frontend_cookie_secret
string
Frontend cookie secret
frontend_form
string
Frontend authentication form name
frontend_form_template
string
Default:
""
Frontend authentication form template
frontend_login
string
Frontend login name
frontend_logout
string
Frontend logout name
frontend_mode
string
    Choices:
  • Basic ←
  • Form
Frontend authentication mode (Form|Basic)
frontend_realm
string
Frontend authentication realm
frontend_session_allow_persistency
boolean
    Choices:
  • no ←
  • yes
Allow session persistency
frontend_session_lifetime
integer / required
session lifetime
frontend_session_lifetime_limited
boolean
    Choices:
  • no
  • yes ←
Specifies if limitation of session lifetime is active
frontend_session_lifetime_scope
string
    Choices:
  • days
  • hours ←
  • minutes
scope for frontend_session_lifetime (days|hours|minutes)
frontend_session_timeout
integer / required
session timeout
frontend_session_timeout_enabled
boolean
    Choices:
  • no
  • yes ←
Specifies if session timeout is active
frontend_session_timeout_scope
string
    Choices:
  • days
  • hours
  • minutes ←
scope for frontend_session_timeout (days|hours|minutes)
headers
dictionary
A dictionary of additional headers to be sent to POST and PUT requests.
Is needed for some modules
logout_delegation_urls
list / elements=string
Default:
[]
List of logout URLs that logouts are delegated to
logout_mode
string
    Choices:
  • None ←
  • Delegation
Mode of logout (None|Delegation)
name
string / required
The name of the object. Will be used to identify the entry
redirect_to_requested_url
boolean
    Choices:
  • no ←
  • yes
Should a redirect to the requested URL be made
state
string
    Choices:
  • absent
  • present ←
The desired state of the object.
present will create or update an object
absent will delete an object if it was present
utm_host
string / required
The REST Endpoint of the Sophos UTM.
utm_port
integer
Default:
4444
The port of the REST interface.
utm_protocol
string
    Choices:
  • http
  • https ←
The protocol of the REST Endpoint.
utm_token
string / required
validate_certs
boolean
    Choices:
  • no
  • yes ←
Whether the REST interface's ssl certificate should be verified or not.

Examples

- name: Create UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    aaa: [REF_OBJECT_STRING,REF_ANOTHEROBJECT_STRING]
    basic_prompt: "Authentication required: Please login"
    frontend_session_lifetime: 1
    frontend_session_timeout: 1
    state: present

- name: Remove UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    state: absent

- name: Read UTM proxy_auth_profile
  community.general.utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    state: info

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
result
complex
success
The utm object that was created

 
_locked
boolean
success
Whether or not the object is currently locked

 
_ref
string
success
The reference name of the object

 
_type
string
success
The type of the object

 
aaa
list / elements=string
success
List of references to utm_aaa objects (allowed users or groups)

 
backend_mode
string
success
Specifies if the backend server needs authentication ([Basic|None])

 
backend_strip_basic_auth
boolean
success
Should the login data be stripped when proxying the request to the backend host

 
backend_user_prefix
string
success
Prefix string to prepend to the username for backend authentication

 
backend_user_suffix
string
success
Suffix string to append to the username for backend authentication

 
basic_prompt
string
success
The message in the basic authentication prompt

 
comment
string
success
Optional comment string

  frontend_cookie
string
success
Frontend cookie name

 
frontend_form
string
success
Frontend authentication form name

 
frontend_form_template
string
success
Frontend authentication form template

 
frontend_login
string
success
Frontend login name

 
frontend_logout
string
success
Frontend logout name

 
frontend_mode
string
success
Frontend authentication mode (Form|Basic)

 
frontend_realm
string
success
Frontend authentication realm

 
frontend_session_allow_persistency
boolean
success
Allow session persistency

 
frontend_session_lifetime
integer
success
session lifetime

 
frontend_session_lifetime_limited
boolean
success
Specifies if limitation of session lifetime is active

 
frontend_session_lifetime_scope
string
success
scope for frontend_session_lifetime (days|hours|minutes)

 
frontend_session_timeout
integer
success
session timeout

 
frontend_session_timeout_enabled
boolean
success
Specifies if session timeout is active

 
frontend_session_timeout_scope
string
success
scope for frontend_session_timeout (days|hours|minutes)

 
logout_delegation_urls
list / elements=string
success
List of logout URLs that logouts are delegated to

 
logout_mode
string
success
Mode of logout (None|Delegation)

 
name
string
success
The name of the object

 
redirect_to_requested_url
boolean
success
Should a redirect to the requested URL be made



Authors

  • Stephan Schwarz (@stearz)