You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

cyberark_authentication - Module for CyberArk Vault Authentication using PAS Web Services SDK¶

New in version 2.4.

Synopsis
Options
Examples
Return Values
- Status

Synopsis ¶

Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called cyberark_session. Every module can use this fact as cyberark_session parameter.

Options ¶

parameter	required	default	choices	comments
api_base_url	no			A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK.
cyberark_session	no			Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session.
new_password	no			The new password of the user. This parameter is optional, and enables you to change a password.
password	no			The password of the user.
state	no	present	present absent	Specifies if an authentication logon/logoff and a cyberark_session should be added/removed.
use_radius_authentication	no	no	yes no	Whether or not users will be authenticated via a RADIUS server. Valid values are true/false.
use_shared_logon_authentication	no	no	yes no	Whether or not Shared Logon Authentication will be used.
username	no			The name of the user who will logon to the Vault.
validate_certs	no	yes	yes no	If `false`, SSL certificates will not be validated. This should only set to `false` used on personally controlled sites using self-signed certificates.

Examples ¶

- name: Logon to CyberArk Vault using PAS Web Services SDK - use_shared_logon_authentication
  cyberark_authentication:
    api_base_url: "{{ web_services_base_url }}"
    use_shared_logon_authentication: yes

- name: Logon to CyberArk Vault using PAS Web Services SDK - Not use_shared_logon_authentication
  cyberark_authentication:
    api_base_url: "{{ web_services_base_url }}"
    username: "{{ password_object.password }}"
    password: "{{ password_object.passprops.username }}"
    use_shared_logon_authentication: no

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values ¶

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
cyberark_session	Authentication facts.	success	dict	{'token': {'type': 'string', 'description': 'The token that identifies the session, encoded in BASE 64.', 'returned': 'always'}, 'validate_certs': {'type': 'bool', 'description': 'Whether or not SSL certificates should be validated.', 'returned': 'always'}, 'use_shared_logon_authentication': {'type': 'bool', 'description': 'Whether or not Shared Logon Authentication was used to establish the session.', 'returned': 'always'}, 'api_base_url': {'type': 'string', 'description': 'Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls.', 'returned': 'always'}}

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.