fortios_user_saml – SAML server entry configuration in Fortinet’s FortiOS and FortiGate.
The below requirements are needed on the host that executes this module.
Using member operation to add an element to an existing object.
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fortios_user_saml
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
enable_log - Enable/Disable logging for task. type: bool required: false default: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
user_saml - SAML server entry configuration. type: dict
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
user_saml
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
adfs_claim - Enable/disable ADFS Claim for user/group attribute in assertion statement . type: str choices: enable, disable
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
adfs_claim
no
no
no
no
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[enable]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[disable]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
auth_url - URL to verify authentication. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auth_url
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
yes
yes
yes
yes
cert - Certificate to sign SAML messages. Source vpn.certificate.local.name. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
cert
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
clock_tolerance - Clock skew tolerance in seconds (0 - 300). type: int
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
clock_tolerance
no
no
no
no
no
no
no
no
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
digest_method - Digest method algorithm . type: str choices: sha1, sha256
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
digest_method
no
no
no
no
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[sha1]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[sha256]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
entity_id - SP entity ID. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
entity_id
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
group_claim_type - Group claim in assertion statement. type: str choices: email, given-name, name, upn, common-name, email-adfs-1x, group, upn-adfs-1x, role, sur-name, ppid, name-identifier, authentication-method, deny-only-group-sid, deny-only-primary-sid, deny-only-primary-group-sid, group-sid, primary-group-sid, primary-sid, windows-account-name
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
group_claim_type
no
no
no
no
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[email]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[given-name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[upn]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[common-name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[email-adfs-1x]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[group]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[upn-adfs-1x]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[role]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[sur-name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[ppid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[name-identifier]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[authentication-method]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[deny-only-group-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[deny-only-primary-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[deny-only-primary-group-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[group-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[primary-group-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[primary-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[windows-account-name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
group_name - Group name in assertion statement. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
group_name
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
idp_cert - IDP Certificate name. Source vpn.certificate.remote.name. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
idp_cert
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
idp_entity_id - IDP entity ID. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
idp_entity_id
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
idp_single_logout_url - IDP single logout url. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
idp_single_logout_url
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
idp_single_sign_on_url - IDP single sign-on URL. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
idp_single_sign_on_url
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
limit_relaystate - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). type: str choices: enable, disable
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
limit_relaystate
no
no
no
no
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[enable]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[disable]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
name - SAML server entry name. type: str required: true
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
name
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
single_logout_url - SP single logout URL. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
single_logout_url
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
single_sign_on_url - SP single sign-on URL. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
single_sign_on_url
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
user_claim_type - User name claim in assertion statement. type: str choices: email, given-name, name, upn, common-name, email-adfs-1x, group, upn-adfs-1x, role, sur-name, ppid, name-identifier, authentication-method, deny-only-group-sid, deny-only-primary-sid, deny-only-primary-group-sid, group-sid, primary-group-sid, primary-sid, windows-account-name
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
user_claim_type
no
no
no
no
no
no
no
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[email]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[given-name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[upn]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[common-name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[email-adfs-1x]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[group]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[upn-adfs-1x]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[role]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[sur-name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[ppid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[name-identifier]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[authentication-method]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[deny-only-group-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[deny-only-primary-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[deny-only-primary-group-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[group-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[primary-group-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[primary-sid]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
[windows-account-name]
n/a
n/a
n/a
n/a
n/a
n/a
n/a
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
user_name - User name in assertion statement. type: str
more...
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
user_name
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
- hosts : fortigates
collections :
- fortinet.fortios
connection : httpapi
vars :
vdom : "root"
ansible_httpapi_use_ssl : yes
ansible_httpapi_validate_certs : no
ansible_httpapi_port : 443
tasks :
- name : SAML server entry configuration.
fortios_user_saml :
vdom : " {{ vdom }} "
state : "present"
access_token : "<your_own_value>"
user_saml :
adfs_claim : "enable"
auth_url : "<your_own_value>"
cert : "<your_own_value> (source vpn.certificate.local.name)"
clock_tolerance : "15"
digest_method : "sha1"
entity_id : "<your_own_value>"
group_claim_type : "email"
group_name : "<your_own_value>"
idp_cert : "<your_own_value> (source vpn.certificate.remote.name)"
idp_entity_id : "<your_own_value>"
idp_single_logout_url : "<your_own_value>"
idp_single_sign_on_url : "<your_own_value>"
limit_relaystate : "enable"
name : "default_name_16"
single_logout_url : "<your_own_value>"
single_sign_on_url : "<your_own_value>"
user_claim_type : "email"
user_name : "<your_own_value>"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values , the following are the fields unique to this module:
build - Build number of the fortigate image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
revision - Internal revision number returned: always type: str sample: 17.0.2.10658
serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: always type: str sample: success
vdom - Virtual domain used returned: always type: str sample: root
version - Version of the FortiGate returned: always type: str sample: v5.6.3
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.