Try SpotterConfiguration for OAuth authentication action resource.
| "added in version" 2.0.0 of netscaler.adc"
Authors: Sumanth Lingappa (@sumanth-lingappa)
preview | supported by community
Install with ansible-galaxy collection install netscaler.adc:==2.5.1
collections:
- name: netscaler.adc
version: 2.5.1Configuration for OAuth authentication action resource.
name:
description:
- Name for the OAuth Authentication action.
- Must begin with a letter, number, or the underscore character (_), and must contain
only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@),
equals (=), colon (:), and underscore characters. Cannot be changed after the profile
is created.
- ''
- 'The following requirement applies only to the Citrix ADC CLI:'
- If the name includes one or more spaces, enclose the name in double or single quotation
marks (for example, "my authentication action" or 'my authentication action').
type: str
nsip:
description:
- The ip address of the NetScaler ADC appliance where the nitro API calls will be
made.
- The port can be specified with the colon (:). E.g. 192.168.1.1:555.
required: true
type: str
pkce:
choices:
- ENABLED
- DISABLED
description:
- Option to enable/disable PKCE flow during authentication.
type: str
state:
choices:
- present
- absent
- unset
default: present
description:
- The state of the resource being configured by the module on the NetScaler ADC node.
- When C(present), the resource will be added/updated configured according to the
module's parameters.
- When C(absent), the resource will be deleted from the NetScaler ADC node.
- When C(unset), the resource will be unset on the NetScaler ADC node.
type: str
issuer:
description:
- Identity of the server whose tokens are to be accepted.
type: str
api_path:
default: nitro/v1/config
description:
- Base NITRO API path.
- Define only in case of an ADM service proxy call
type: str
audience:
description:
- Audience for which token sent by Authorization server is applicable. This is typically
entity name or url that represents the recipient
type: str
clientid:
description:
- Unique identity of the client/user who is getting authenticated. Authorization server
infers client configuration using this ID
type: str
skewtime:
description:
- This option specifies the allowed clock skew in number of minutes that Citrix ADC
allows on an incoming token. For example, if skewTime is 10, then token would be
valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
type: float
tenantid:
description:
- TenantID of the application. This is usually specific to providers such as Microsoft
and usually refers to the deployment identifier.
type: str
granttype:
choices:
- CODE
- PASSWORD
description:
- Grant type support. value can be code or password
type: str
oauthtype:
choices:
- GENERIC
- INTUNE
- ATHENA
description:
- Type of the OAuth implementation. Default value is generic implementation that is
applicable for most deployments.
type: str
attribute1:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1
type: str
attribute2:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2
type: str
attribute3:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3
type: str
attribute4:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4
type: str
attribute5:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5
type: str
attribute6:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6
type: str
attribute7:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7
type: str
attribute8:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8
type: str
attribute9:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9
type: str
attributes:
description:
- List of attribute names separated by ',' which needs to be extracted.
- Note that preceding and trailing spaces will be removed.
- Attribute name can be 127 bytes and total length of this string should not cross
1023 bytes.
- These attributes have multi-value support separated by ',' and stored as key-value
pair in AAA session
type: str
nitro_pass:
description:
- The password with which to authenticate to the NetScaler ADC node.
required: false
type: str
nitro_user:
description:
- The username with which to authenticate to the NetScaler ADC node.
required: false
type: str
attribute10:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10
type: str
attribute11:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11
type: str
attribute12:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12
type: str
attribute13:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13
type: str
attribute14:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14
type: str
attribute15:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15
type: str
attribute16:
description:
- Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16
type: str
metadataurl:
description:
- Well-known configuration endpoint of the Authorization Server. Citrix ADC fetches
server details from this endpoint.
type: str
resourceuri:
description:
- Resource URL for Oauth configuration.
type: str
save_config:
default: false
description:
- If C(true) the module will save the configuration on the NetScaler ADC node if it
makes any changes.
- The module will not save the configuration on the NetScaler ADC node if it made
no changes.
type: bool
userinfourl:
description:
- URL to which OAuth access token will be posted to obtain user information.
type: str
certendpoint:
description:
- URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
type: str
certfilepath:
description:
- Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
type: str
clientsecret:
description:
- Secret string established by user and authorization server
type: str
graphendpoint:
description:
- URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.
type: str
introspecturl:
description:
- URL to which access token would be posted for validation
type: str
tokenendpoint:
description:
- URL to which OAuth token will be posted to verify its authenticity. User obtains
this token from Authorization server upon successful authentication. Citrix ADC
will validate presented token by posting it to the URL configured
type: str
usernamefield:
description:
- Attribute in the token from which username should be extracted.
type: str
authentication:
choices:
- ENABLED
- DISABLED
description:
- If authentication is disabled, password is not sent in the request.
type: str
nitro_protocol:
choices:
- http
- https
default: https
description:
- Which protocol to use when accessing the nitro API objects.
type: str
validate_certs:
default: true
description:
- If C(false), SSL certificates will not be validated. This should only be used on
personally controlled sites using self-signed certificates.
required: false
type: bool
refreshinterval:
description:
- Interval at which services are monitored for necessary configuration.
type: float
nitro_auth_token:
description:
- The authentication token provided by a login operation.
type: str
version_added: 2.6.0
version_added_collection: netscaler.adc
allowedalgorithms:
choices:
- HS256
- RS256
- RS512
description:
- Multivalued option to specify allowed token verification algorithms.
elements: str
type: list
authorizationendpoint:
description:
- Authorization endpoint/url to which unauthenticated user will be redirected. Citrix
ADC redirects user to this endpoint by adding query parameters including clientid.
If this parameter not specified then as default value we take Token Endpoint/URL
value. Please note that Authorization Endpoint or Token Endpoint is mandatory for
oauthAction
type: str
idtokendecryptendpoint:
description:
- URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted
idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt
idtoken, Citrix ADC posts request to the URL configured
type: str
tokenendpointauthmethod:
choices:
- client_secret_post
- client_secret_jwt
- private_key_jwt
- client_secret_basic
description:
- Option to select the variant of token authentication method. This method is used
while exchanging code with IdP.
type: str
defaultauthenticationgroup:
description:
- This is the default group that is chosen when the authentication succeeds in addition
to extracted groups.
type: str
changed:
description: Indicates if any change is made by the module
returned: always
sample: true
type: bool
diff:
description: Dictionary of before and after changes
returned: always
sample:
after:
key2: pqr
before:
key1: xyz
prepared: changes done
type: dict
diff_list:
description: List of differences between the actual configured object and the configuration
specified in the module
returned: when changed
sample:
- 'Attribute `key1` differs. Desired: (<class ''str''>) XYZ. Existing: (<class ''str''>)
PQR'
type: list
failed:
description: Indicates if the module failed or not
returned: always
sample: false
type: bool
loglines:
description: list of logged messages by the module
returned: always
sample:
- message 1
- message 2
type: list