Is your feature request related to a problem? Please describe.
We want to utilize Ansible to publish root accounts of newly deployed servers. However, when we utilize the ansible modules to use the PVWA path through our netscaler loadbalancers, we get error "401" (unauthorized)......when we use an "api_base_url" pointing directly to one of the servers behind the loadbalancer the logon and provisioning functions as expected.
is it possible to also build such handling in the Ansible cyberark authentication modules to also make it possible to use session persistency based on cookies?
Describe alternatives you have considered
A clear and concise description of any alternative solutions or features that may be related to this that
you have considered.
Is your feature request related to a problem? Please describe.
We want to utilize Ansible to publish root accounts of newly deployed servers. However, when we utilize the ansible modules to use the PVWA path through our netscaler loadbalancers, we get error "401" (unauthorized)......when we use an "api_base_url" pointing directly to one of the servers behind the loadbalancer the logon and provisioning functions as expected.
At this point we think this is result of the (within our organisation) standard configuration of the netscalers, which provides a cookie to handle session persistancy (https://docs.netscaler.com/en-us/citrix-adc/current-release/load-balancing/load-balancing-persistence/http-cookie-persistence.html)
Describe the solution you would like
within powershell rest calls (invoke-restmethod), there are options to use a websession/sessionvariable to parse cookie info during a restcall (https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod?view=powershell-7.4)....making the used loadbalancer config "transparent" for the restcall.
is it possible to also build such handling in the Ansible cyberark authentication modules to also make it possible to use session persistency based on cookies?
Describe alternatives you have considered
A clear and concise description of any alternative solutions or features that may be related to this that you have considered.
Additional context
code and results sofar:
name: Create computeraccount in Cyberark hosts: localhost become: false gather_facts: false collections:
vars: cyberark_url: https://pamserver.localdns.nl cyberark_username: causer
vars_prompt:
tasks:
name: Logon to CyberArk Vault using PAS Web Services SDK cyberark_authentication: api_base_url: "{{ cyberark_url }}" validate_certs: false concurrentSession: true username: "{{ cyberark_username }}" password: "{{ cyberark_password }}"
name: Cyberark output ansible.builtin.debug: var: cyberark_session
name: Create computer account register: cyberarkaction cyberark_account: cyberark_session: "{{ cyberark_session }}" logging_level: DEBUG identified_by: "address" name: "root-srv9999.localdns.nl" safe: "T-LINUX-ROOT" address: "srv9999.localdns.nl" username: "root" platform_id: "T-Linux-root-00000" secret: "##123$$" secret_management: automatic_management_enabled: true state: present
name: Cyberark create account output ansible.builtin.debug: var: cyberarkaction
name: Logoff from CyberArk Vault cyberark_authentication: state: absent cyberark_session: "{{ cyberark_session }}"
failure code
fatal: [localhost]: FAILED! => changed=false headers: Authorization: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER Content-Type: application/json User-Agent: CyberArk/1.0 (Ansible; cyberark.pas) msg: |- Error while performing get_account.Please validate parameters provided. * end_point=**/PasswordVault/api/accounts?filter=safeName%20eq%20T-LINUX-ROOT&search=srv9999.localdns.nl ==> HTTP Error 401: Unauthorized status_code: 401