utm_proxy_auth_profile – create, update or destroy reverse_proxy auth_profile entry in Sophos UTM

New in version 2.8.

Synopsis

  • Create, update or destroy a reverse_proxy auth_profile entry in SOPHOS UTM.
  • This module needs to have the REST Ability of the UTM to be activated.

Parameters

Parameter Choices/Defaults Comments
aaa
- / required
List of references to utm_aaa objects (allowed users or groups)
backend_mode
-
    Choices:
  • Basic
  • None ←
Specifies if the backend server needs authentication ([Basic|None])
backend_strip_basic_auth
boolean
    Choices:
  • no
  • yes ←
Should the login data be stripped when proxying the request to the backend host
backend_user_prefix
-
Default:
""
Prefix string to prepend to the username for backend authentication
backend_user_suffix
-
Default:
""
Suffix string to append to the username for backend authentication
basic_prompt
- / required
The message in the basic authentication prompt
comment
-
Default:
""
Optional comment string
frontend_cookie
-
Frontend cookie name
frontend_cookie_secret
-
Frontend cookie secret
frontend_form
-
Frontend authentication form name
frontend_form_template
-
Default:
""
Frontend authentication form template
frontend_login
-
Frontend login name
frontend_logout
-
Frontend logout name
frontend_mode
-
    Choices:
  • Basic ←
  • Form
Frontend authentication mode (Form|Basic)
frontend_realm
-
Frontend authentication realm
frontend_session_allow_persistency
boolean
    Choices:
  • no ←
  • yes
Allow session persistency
frontend_session_lifetime
- / required
session lifetime
frontend_session_lifetime_limited
boolean
    Choices:
  • no
  • yes ←
Specifies if limitation of session lifetime is active
frontend_session_lifetime_scope
-
    Choices:
  • days
  • hours ←
  • minutes
scope for frontend_session_lifetime (days|hours|minutes)
frontend_session_timeout
- / required
session timeout
frontend_session_timeout_enabled
boolean
    Choices:
  • no
  • yes ←
Specifies if session timeout is active
frontend_session_timeout_scope
-
    Choices:
  • days
  • hours
  • minutes ←
scope for frontend_session_timeout (days|hours|minutes)
headers
dictionary
A dictionary of additional headers to be sent to POST and PUT requests.
Is needed for some modules
logout_delegation_urls
-
Default:
[]
List of logout URLs that logouts are delegated to
logout_mode
-
    Choices:
  • None ←
  • Delegation
Mode of logout (None|Delegation)
name
- / required
The name of the object. Will be used to identify the entry
redirect_to_requested_url
boolean
    Choices:
  • no ←
  • yes
Should a redirect to the requested URL be made
state
string
    Choices:
  • absent
  • present ←
The desired state of the object.
present will create or update an object
absent will delete an object if it was present
utm_host
string / required
The REST Endpoint of the Sophos UTM.
utm_port
integer
Default:
4444
The port of the REST interface.
utm_protocol
string
    Choices:
  • http
  • https ←
The protocol of the REST Endpoint.
utm_token
string / required
validate_certs
boolean
    Choices:
  • no
  • yes ←
Whether the REST interface's ssl certificate should be verified or not.

Examples

- name: Create UTM proxy_auth_profile
  utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    aaa: [REF_OBJECT_STRING,REF_ANOTHEROBJECT_STRING]
    basic_prompt: "Authentication required: Please login"
    frontend_session_lifetime: 1
    frontend_session_timeout: 1
    state: present

- name: Remove UTM proxy_auth_profile
  utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    state: absent

- name: Read UTM proxy_auth_profile
  utm_proxy_auth_profile:
    utm_host: sophos.host.name
    utm_token: abcdefghijklmno1234
    name: TestAuthProfileEntry
    state: info

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
result
complex
success
The utm object that was created

  _locked
boolean
Whether or not the object is currently locked

  _ref
string
The reference name of the object

  _type
string
The type of the object

  aaa
list
List of references to utm_aaa objects (allowed users or groups)

  backend_mode
string
Specifies if the backend server needs authentication ([Basic|None])

  backend_strip_basic_auth
boolean
Should the login data be stripped when proxying the request to the backend host

  backend_user_prefix
string
Prefix string to prepend to the username for backend authentication

  backend_user_suffix
string
Suffix string to append to the username for backend authentication

  basic_prompt
string
The message in the basic authentication prompt

  comment
string
Optional comment string

  frontend_cookie
string
Frontend cookie name

  frontend_cookie_secret
string
Frontend cookie secret

  frontend_form
string
Frontend authentication form name

  frontend_form_template
string
Frontend authentication form template

  frontend_login
string
Frontend login name

  frontend_logout
string
Frontend logout name

  frontend_mode
string
Frontend authentication mode (Form|Basic)

  frontend_realm
string
Frontend authentication realm

  frontend_session_allow_persistency
boolean
Allow session persistency

  frontend_session_lifetime
integer
session lifetime

  frontend_session_lifetime_limited
boolean
Specifies if limitation of session lifetime is active

  frontend_session_lifetime_scope
string
scope for frontend_session_lifetime (days|hours|minutes)

  frontend_session_timeout
integer
session timeout

  frontend_session_timeout_enabled
boolean
Specifies if session timeout is active

  frontend_session_timeout_scope
string
scope for frontend_session_timeout (days|hours|minutes)

  logout_delegation_urls
list
List of logout URLs that logouts are delegated to

  logout_mode
string
Mode of logout (None|Delegation)

  name
string
The name of the object

  redirect_to_requested_url
boolean
Should a redirect to the requested URL be made



Status

Authors

  • Stephan Schwarz (@stearz)

Hint

If you notice any issues in this documentation you can edit this document to improve it.