handling of persistency cookies #69
Assignees
Labels
Comments
|
Currently facing the exact same issue in my organization... Our current workaround is to use the Ansible URI module and manually making the REST calls. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
We want to utilize Ansible to publish root accounts of newly deployed servers. However, when we utilize the ansible modules to use the PVWA path through our netscaler loadbalancers, we get error "401" (unauthorized)......when we use an "api_base_url" pointing directly to one of the servers behind the loadbalancer the logon and provisioning functions as expected.
At this point we think this is result of the (within our organisation) standard configuration of the netscalers, which provides a cookie to handle session persistancy (https://docs.netscaler.com/en-us/citrix-adc/current-release/load-balancing/load-balancing-persistence/http-cookie-persistence.html)
Describe the solution you would like
within powershell rest calls (invoke-restmethod), there are options to use a websession/sessionvariable to parse cookie info during a restcall (https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod?view=powershell-7.4)....making the used loadbalancer config "transparent" for the restcall.
is it possible to also build such handling in the Ansible cyberark authentication modules to also make it possible to use session persistency based on cookies?
Describe alternatives you have considered
A clear and concise description of any alternative solutions or features that may be related to this that
you have considered.
Additional context
code and results sofar:
name: Create computeraccount in Cyberark
hosts: localhost
become: false
gather_facts: false
collections:
vars:
cyberark_url: https://pamserver.localdns.nl
cyberark_username: causer
vars_prompt:
prompt: cyberark password
tasks:
name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "{{ cyberark_url }}"
validate_certs: false
concurrentSession: true
username: "{{ cyberark_username }}"
password: "{{ cyberark_password }}"
name: Cyberark output
ansible.builtin.debug:
var: cyberark_session
name: Create computer account
register: cyberarkaction
cyberark_account:
cyberark_session: "{{ cyberark_session }}"
logging_level: DEBUG
identified_by: "address"
name: "root-srv9999.localdns.nl"
safe: "T-LINUX-ROOT"
address: "srv9999.localdns.nl"
username: "root"
platform_id: "T-Linux-root-00000"
secret: "##123$$"
secret_management:
automatic_management_enabled: true
state: present
name: Cyberark create account output
ansible.builtin.debug:
var: cyberarkaction
name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
failure code
fatal: [localhost]: FAILED! => changed=false
headers:
Authorization: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
Content-Type: application/json
User-Agent: CyberArk/1.0 (Ansible; cyberark.pas)
msg: |-
Error while performing get_account.Please validate parameters provided.
*** end_point=********/PasswordVault/api/accounts?filter=safeName%20eq%20T-LINUX-ROOT&search=srv9999.localdns.nl
==> HTTP Error 401: Unauthorized
status_code: 401
The text was updated successfully, but these errors were encountered: