/ home / fortinet / fortinet.fortios / 2.3.6 / module / fortios_authentication_setting

fortinet.fortios.fortios_authentication_setting (2.3.6) — module

Configure authentication setting in Fortinet's FortiOS and FortiGate.

| "added in version" 2.0.0 of fortinet.fortios"

Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)

preview | supported by community

Install collection

Install with ansible-galaxy collection install fortinet.fortios:==2.3.6

Add to requirements.yml

  collections:
    - name: fortinet.fortios
      version: 2.3.6

Description

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify authentication feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

ansible>=2.15

Usage examples

Scanned by Steampunk Spotter

- name: Configure authentication setting.
  fortinet.fortios.fortios_authentication_setting:
      vdom: "{{ vdom }}"
      authentication_setting:
          active_auth_scheme: "<your_own_value> (source authentication.scheme.name)"
          auth_https: "enable"
          captive_portal: "<your_own_value> (source firewall.address.name)"
          captive_portal_ip: "<your_own_value>"
          captive_portal_ip6: "<your_own_value>"
          captive_portal_port: "7830"
          captive_portal_ssl_port: "7831"
          captive_portal_type: "fqdn"
          captive_portal6: "<your_own_value> (source firewall.address6.name)"
          cert_auth: "enable"
          cert_captive_portal: "<your_own_value> (source firewall.address.name)"
          cert_captive_portal_ip: "<your_own_value>"
          cert_captive_portal_port: "7832"
          cookie_max_age: "480"
          cookie_refresh_div: "2"
          dev_range:
              -
                  name: "default_name_19 (source firewall.address.name firewall.addrgrp.name)"
          ip_auth_cookie: "enable"
          persistent_cookie: "enable"
          sso_auth_scheme: "<your_own_value> (source authentication.scheme.name)"
          update_time: "<your_own_value>"
          user_cert_ca:
              -
                  name: "default_name_25 (source vpn.certificate.ca.name vpn.certificate.local.name)"

Inputs

    
vdom:
    default: root
    description:
    - Virtual domain, among those defined previously. A vdom is a virtual instance of
      the FortiGate that can be configured and used as a different unit.
    type: str

enable_log:
    default: false
    description:
    - Enable/Disable logging for task.
    required: false
    type: bool

member_path:
    description:
    - Member attribute path to operate on.
    - Delimited by a slash character if there are more than one attribute.
    - Parameter marked with member_path is legitimate for doing member operation.
    type: str

access_token:
    description:
    - Token-based authentication. Generated from GUI of Fortigate.
    required: false
    type: str

member_state:
    choices:
    - present
    - absent
    description:
    - Add or delete a member under specified attribute path.
    - When member_state is specified, the state option is ignored.
    type: str

authentication_setting:
    default: null
    description:
    - Configure authentication setting.
    suboptions:
      active_auth_scheme:
        description:
        - Active authentication method (scheme name). Source authentication.scheme.name.
        type: str
      auth_https:
        choices:
        - enable
        - disable
        description:
        - Enable/disable redirecting HTTP user authentication to HTTPS.
        type: str
      captive_portal:
        description:
        - Captive portal host name. Source firewall.address.name.
        type: str
      captive_portal6:
        description:
        - IPv6 captive portal host name. Source firewall.address6.name.
        type: str
      captive_portal_ip:
        description:
        - Captive portal IP address.
        type: str
      captive_portal_ip6:
        description:
        - Captive portal IPv6 address.
        type: str
      captive_portal_port:
        description:
        - Captive portal port number (1 - 65535).
        type: int
      captive_portal_ssl_port:
        description:
        - Captive portal SSL port number (1 - 65535).
        type: int
      captive_portal_type:
        choices:
        - fqdn
        - ip
        description:
        - Captive portal type.
        type: str
      cert_auth:
        choices:
        - enable
        - disable
        description:
        - Enable/disable redirecting certificate authentication to HTTPS portal.
        type: str
      cert_captive_portal:
        description:
        - Certificate captive portal host name. Source firewall.address.name.
        type: str
      cert_captive_portal_ip:
        description:
        - Certificate captive portal IP address.
        type: str
      cert_captive_portal_port:
        description:
        - Certificate captive portal port number (1 - 65535).
        type: int
      cookie_max_age:
        description:
        - Persistent web portal cookie maximum age in minutes (30 - 10080 (1 week)).
        type: int
      cookie_refresh_div:
        description:
        - Refresh rate divider of persistent web portal cookie . Refresh value = cookie-max-age/cookie-refresh-div.
        type: int
      dev_range:
        description:
        - Address range for the IP based device query.
        elements: dict
        suboptions:
          name:
            description:
            - Address name. Source firewall.address.name firewall.addrgrp.name.
            required: true
            type: str
        type: list
      ip_auth_cookie:
        choices:
        - enable
        - disable
        description:
        - Enable/disable persistent cookie on IP based web portal authentication .
        type: str
      persistent_cookie:
        choices:
        - enable
        - disable
        description:
        - Enable/disable persistent cookie on web portal authentication .
        type: str
      sso_auth_scheme:
        description:
        - Single-Sign-On authentication method (scheme name). Source authentication.scheme.name.
        type: str
      update_time:
        description:
        - Time of the last update.
        type: str
      user_cert_ca:
        description:
        - CA certificate used for client certificate verification.
        elements: dict
        suboptions:
          name:
            description:
            - CA certificate list. Source vpn.certificate.ca.name vpn.certificate.local.name.
            required: true
            type: str
        type: list
    type: dict

Outputs

build:
  description: Build number of the fortigate image
  returned: always
  sample: '1547'
  type: str
http_method:
  description: Last method used to provision the content into FortiGate
  returned: always
  sample: PUT
  type: str
http_status:
  description: Last result given by FortiGate on last operation applied
  returned: always
  sample: '200'
  type: str
mkey:
  description: Master key (id) used in the last call to FortiGate
  returned: success
  sample: id
  type: str
name:
  description: Name of the table used to fulfill the request
  returned: always
  sample: urlfilter
  type: str
path:
  description: Path of the table used to fulfill the request
  returned: always
  sample: webfilter
  type: str
revision:
  description: Internal revision number
  returned: always
  sample: 17.0.2.10658
  type: str
serial:
  description: Serial number of the unit
  returned: always
  sample: FGVMEVYYQT3AB5352
  type: str
status:
  description: Indication of the operation's result
  returned: always
  sample: success
  type: str
vdom:
  description: Virtual domain used
  returned: always
  sample: root
  type: str
version:
  description: Version of the FortiGate
  returned: always
  sample: v5.6.3
  type: str