fmgr_system_saml – Global settings for SAML authentication.

Added in version 2.0.0.

Warning

Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).

• Argument name before 3.0.0: var-name, var name, var.name

• New argument name starting in 3.0.0: var_name

FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values need to be adjusted to data sources before usage.

• Tested with FortiManager v6.x and v7.x.

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.15.0

FortiManager Version Compatibility

Supported Version Ranges: v6.0.0 -> latest

Parameters

• access_token -The token to access FortiManager without using username and password. type: str required: false
• bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
• enable_log - Enable/Disable logging for task. type: bool required: false default: False
• forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
• proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
• rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
• rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
• workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
• workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
• system_saml - Global settings for SAML authentication. type: dict
• acs_url (Alias name: acs-url) Sp acs(login) url. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• cert Certificate name. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• entity_id (Alias name: entity-id) Sp entity id. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• idp_cert (Alias name: idp-cert) Idp certificate name. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• idp_entity_id (Alias name: idp-entity-id) Idp entity id. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• idp_single_logout_url (Alias name: idp-single-logout-url) Idp single logout url. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• idp_single_sign_on_url (Alias name: idp-single-sign-on-url) Idp single sign-on url. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• login_auto_redirect (Alias name: login-auto-redirect) Enable/disable auto redirect to idp login page. type: str choices: [disable, enable] default: disable more...

  Supported Version Ranges: v6.0.0 -> latest

• role Saml role. type: str choices: [IDP, SP, FAB-SP] default: SP more...

  Supported Version Ranges: v6.0.0 -> latest

• server_address (Alias name: server-address) Server address. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• service_providers (Alias name: service-providers) Service-providers. type: list more...

  Supported Version Ranges: v6.0.0 -> latest

  • idp_entity_id (Alias name: idp-entity-id) Idp entity id. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • idp_single_logout_url (Alias name: idp-single-logout-url) Idp single logout url. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • idp_single_sign_on_url (Alias name: idp-single-sign-on-url) Idp single sign-on url. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • name Name. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • prefix Prefix. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • sp_cert (Alias name: sp-cert) Sp certificate name. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • sp_entity_id (Alias name: sp-entity-id) Sp entity id. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • sp_single_logout_url (Alias name: sp-single-logout-url) Sp single logout url. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • sp_single_sign_on_url (Alias name: sp-single-sign-on-url) Sp single sign-on url. type: str more...

    Supported Version Ranges: v6.0.0 -> latest

  • sp_adom (Alias name: sp-adom) Sp adom name. type: str more...

    Supported Version Ranges: v7.2.0 -> latest

  • sp_profile (Alias name: sp-profile) Sp profile name. type: str more...

    Supported Version Ranges: v7.2.0 -> latest

• sls_url (Alias name: sls-url) Sp sls(logout) url. type: str more...

  Supported Version Ranges: v6.0.0 -> latest

• status Enable/disable saml authentication (default = disable). type: str choices: [disable, enable] default: disable more...

  Supported Version Ranges: v6.0.0 -> latest

• default_profile (Alias name: default-profile) Default profile name. type: str default: Restricted_User more...

  Supported Version Ranges: v6.2.5 -> latest

• fabric_idp (Alias name: fabric-idp) Fabric-idp. type: list more...

  Supported Version Ranges: v6.4.0 -> latest

  • dev_id (Alias name: dev-id) Idp device id. type: str more...

    Supported Version Ranges: v6.4.0 -> latest

  • idp_cert (Alias name: idp-cert) Idp certificate name. type: str more...

    Supported Version Ranges: v6.4.0 -> latest

  • idp_entity_id (Alias name: idp-entity-id) Idp entity id. type: str more...

    Supported Version Ranges: v6.4.0 -> latest

  • idp_single_logout_url (Alias name: idp-single-logout-url) Idp single logout url. type: str more...

    Supported Version Ranges: v6.4.0 -> latest

  • idp_single_sign_on_url (Alias name: idp-single-sign-on-url) Idp single sign-on url. type: str more...

    Supported Version Ranges: v6.4.0 -> latest

  • idp_status (Alias name: idp-status) Enable/disable saml authentication (default = disable). type: str choices: [disable, enable] default: disable more...

    Supported Version Ranges: v6.4.0 -> latest

• forticloud_sso (Alias name: forticloud-sso) Enable/disable forticloud sso (default = disable). type: str choices: [disable, enable] default: disable more...

  Supported Version Ranges: v7.0.0 -> latest

• user_auto_create (Alias name: user-auto-create) Enable/disable user auto creation (default = disable). type: str choices: [disable, enable] default: disable more...

  Supported Version Ranges: v7.0.1 -> latest

• auth_request_signed (Alias name: auth-request-signed) Enable/disable auth request signed. type: str choices: [disable, enable] default: disable more...

  Supported Version Ranges: v7.2.3 -> latest

• want_assertions_signed (Alias name: want-assertions-signed) Enable/disable want assertions signed. type: str choices: [disable, enable] default: disable more...

  Supported Version Ranges: v7.2.3 -> latest

Notes

Note

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state: present directive.

• To delete an object, use state: absent directive

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Global settings for SAML authentication.
      fortinet.fortimanager.fmgr_system_saml:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        system_saml:
          acs_url: <string>
          cert: <string>
          entity_id: <string>
          idp_cert: <string>
          idp_entity_id: <string>
          idp_single_logout_url: <string>
          idp_single_sign_on_url: <string>
          login_auto_redirect: <value in [disable, enable]>
          role: <value in [IDP, SP, FAB-SP]>
          server_address: <string>
          service_providers:
            -
              idp_entity_id: <string>
              idp_single_logout_url: <string>
              idp_single_sign_on_url: <string>
              name: <string>
              prefix: <string>
              sp_cert: <string>
              sp_entity_id: <string>
              sp_single_logout_url: <string>
              sp_single_sign_on_url: <string>
              sp_adom: <string>
              sp_profile: <string>
          sls_url: <string>
          status: <value in [disable, enable]>
          default_profile: <string>
          fabric_idp:
            -
              dev_id: <string>
              idp_cert: <string>
              idp_entity_id: <string>
              idp_single_logout_url: <string>
              idp_single_sign_on_url: <string>
              idp_status: <value in [disable, enable]>
          forticloud_sso: <value in [disable, enable]>
          user_auto_create: <value in [disable, enable]>
          auth_request_signed: <value in [disable, enable]>
          want_assertions_signed: <value in [disable, enable]>

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• meta - The result of the request.returned: always type: dict
• request_url - The full url requested. returned: always type: str sample: /sys/login/user
• response_code - The status of api request. returned: always type: int sample: 0
• response_data - The data body of the api response. returned: optional type: list or dict
• response_message - The descriptive message of the api response. returned: always type: str sample: OK
• system_information - The information of the target system. returned: always type: dict
• rc - The status the request. returned: always type: int sample: 0
• version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)