netscaler.adc.aaaparameter module – Configuration for AAA parameter resource.

Note

This module is part of the netscaler.adc collection (version 2.6.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.aaaparameter.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for AAA parameter resource.

Parameters

Parameter

Comments

aaadloglevel

string

AAAD log level, which specifies the types of AAAD events to log in nsvpn.log.

Available values function as follows:

* EMERGENCY - Events that indicate an immediate crisis on the server.

* ALERT - Events that might require action.

* CRITICAL - Events that indicate an imminent server crisis.

* ERROR - Events that indicate some type of error.

* WARNING - Events that require action in the near future.

* NOTICE - Events that the administrator should know about.

* INFORMATIONAL - All but low-level events.

* DEBUG - All events, in extreme detail.

Choices:

  • "EMERGENCY"

  • "ALERT"

  • "CRITICAL"

  • "ERROR"

  • "WARNING"

  • "NOTICE"

  • "INFORMATIONAL"

  • "DEBUG"

aaadnatip

string

Source IP address to use for traffic that is sent to the authentication server.

aaasessionloglevel

string

Audit log level, which specifies the types of events to log for cli executed commands.

Available values function as follows:

* EMERGENCY - Events that indicate an immediate crisis on the server.

* ALERT - Events that might require action.

* CRITICAL - Events that indicate an imminent server crisis.

* ERROR - Events that indicate some type of error.

* WARNING - Events that require action in the near future.

* NOTICE - Events that the administrator should know about.

* INFORMATIONAL - All but low-level events.

* DEBUG - All events, in extreme detail.

Choices:

  • "EMERGENCY"

  • "ALERT"

  • "CRITICAL"

  • "ERROR"

  • "WARNING"

  • "NOTICE"

  • "INFORMATIONAL"

  • "DEBUG"

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

apitokencache

string

Option to enable/disable API cache feature.

Choices:

  • "ENABLED"

  • "DISABLED"

defaultauthtype

string

The default authentication server type.

Choices:

  • "LOCAL"

  • "LDAP"

  • "RADIUS"

  • "TACACS"

  • "CERT"

defaultcspheader

string

Parameter to enable/disable default CSP header

Choices:

  • "ENABLED"

  • "DISABLED"

dynaddr

string

Set by the DHCP client when the IP address was fetched dynamically.

Choices:

  • "ON"

  • "OFF"

enableenhancedauthfeedback

string

Enhanced auth feedback provides more information to the end user about the reason for an authentication failure. The default value is set to NO.

Choices:

  • "YES"

  • "NO"

enablesessionstickiness

string

Enables/Disables stickiness to authentication servers

Choices:

  • "YES"

  • "NO"

enablestaticpagecaching

string

The default state of VPN Static Page caching. Static Page caching is enabled by default.

Choices:

  • "YES"

  • "NO"

enhancedepa

string

Parameter to enable/disable EPA v2 functionality

Choices:

  • "ENABLED"

  • "DISABLED"

failedlogintimeout

float

Number of minutes an account will be locked if user exceeds maximum permissible attempts

ftmode

string

First time user mode determines which configuration options are shown by default when logging in to the GUI. This setting is controlled by the GUI.

Choices:

  • "ON"

  • "HA"

  • "OFF"

httponlycookie

string

Parameter to set/reset HttpOnly Flag for NSC_AAAC/NSC_TMAS cookies in nfactor

Choices:

  • "ENABLED"

  • "DISABLED"

loginencryption

string

Parameter to encrypt login information for nFactor flow

Choices:

  • "ENABLED"

  • "DISABLED"

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

maxaaausers

float

Maximum number of concurrent users allowed to log on to VPN simultaneously.

maxkbquestions

float

This will set maximum number of Questions to be asked for KB Validation. Default value is 2, Max Value is 6

maxloginattempts

float

Maximum Number of login Attempts

maxsamldeflatesize

float

This will set the maximum deflate size in case of SAML Redirect binding.

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

persistentloginattempts

string

Persistent storage of unsuccessful user login attempts

Choices:

  • "ENABLED"

  • "DISABLED"

pwdexpirynotificationdays

float

This will set the threshold time in days for password expiry notification. Default value is 0, which means no notification is sent

samesite

string

SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite

Choices:

  • "None"

  • "LAX"

  • "STRICT"

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

securityinsights

string

On enabling this option, the Citrix ADC will send the security insight records to the configured collectors when request comes to Authentication endpoint.

* If cs vserver is frontend with Authentication vserver as target for cs action, then record is sent using Authentication vserver name.

* If vpn/lb/cs vserver are configured with Authentication ON, then then record is sent using vpn/lb/cs vserver name accordingly.

* If authentication vserver is frontend, then record is sent using Authentication vserver name.

Choices:

  • "ENABLED"

  • "DISABLED"

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When unset, the resource will be unset on the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "unset"

tokenintrospectioninterval

float

Frequency at which a token must be verified at the Authorization Server (AS) despite being found in cache.

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

wafprotection

list / elements=string

Entities for which WAF Protection need to be applied.

Available settings function as follows:

* AUTH - Endpoints used for Authentication applicable for both AAATM, IDP, GATEWAY use cases.

* VPN - Endpoints used for Gateway use cases.

* DISABLED - No Endpoint WAF protection.

Currently supported only in default partition

Choices:

  • "DISABLED"

  • "AUTH"

  • "VPN"

Notes

Note

Examples

---
- name: Sample aaaparameter playbook
  hosts: demo_netscalers
  gather_facts: false
  tasks:
    - name: Configure aaaparameter
      delegate_to: localhost
      netscaler.adc.aaaparameter:
        state: present
        maxaaausers: '4294967295'
        aaasessionloglevel: DEBUG
        aaadloglevel: ALERT

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)

  • Shiva Shankar Vaddepally (@shivashankar-vaddepally)