aam authentication relay

Authentication relay configuration

relay Specification

Type	Intermediate Resource
Element Name	relay
Element URI	/axapi/v3/aam/authentication/relay
Element Attributes	relay_attributes
Schema	relay schema

Operations Allowed:

Operation	Method	URI	Payload
Get Object	GET	/axapi/v3/aam/authentication/relay	relay_attributes

relay attributes

form-based

Description: form-based is a JSON Block. Please see below for form-based

Type: Object

Refernce Object: /axapi/v3/aam/authentication/relay/form-based

http-basic

Description: http-basic is a JSON Block. Please see below for http-basic

Type: Object

Refernce Object: /axapi/v3/aam/authentication/relay/http-basic

kerberos

Description: kerberos is a JSON Block. Please see below for kerberos

Type: Object

Refernce Object: /axapi/v3/aam/authentication/relay/kerberos

ntlm-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/relay/ntlm/{name}

oauth-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/relay/oauth/{name}

saml-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/relay/saml/{name}

ws-federation-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/relay/ws-federation/{name}

ntlm-list

Specification
Type	list
Block object keys

domain

Description Specify NTLM domain, default is null

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

large-request-disable

Description Disable NTLM relay processing for large requests

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description Specify NTLM authentication relay name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

version

Description Specify NTLM version, default is NTLM 2

Type: number

Range: 1-2

Default: 2

form-based

Specification
Type	object

instance-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/relay/form-based/instance/{name}

form-based_instance-list

Specification
Type	list
Block object keys

name

Description Specify form-based authentication relay name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

request-uri-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/relay/form-based/instance/{name}/request-uri/{match-type}+{uri}

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

form-based_instance-list_request-uri-list

Specification
Type	list
Block object keys

action-uri

Description Specify the action-URI

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

cookie

Description: cookie is a JSON Block. Please see below for form-based_instance-list_request-uri-list_cookie

Type: Object

domain-variable

Description Specify domain variable name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

match-type

Description ‘equals’: URI exactly matches the string; ‘contains’: URI string contains another sub string; ‘starts-with’: URI string starts with sub string; ‘ends-with’: URI string ends with sub string;

Type: string

Supported Values: equals, contains, starts-with, ends-with

max-packet-collect-size

Description Specify the max packet collection size in bytes, default is 1MB

Type: number

Range: 1024-2097152

Default: 1048576

other-variables

Description Specify other variables (n1=v1&n2=v2) in form relay

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

password-variable

Description Specify password variable name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uri

Description Specify request URI

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

user-variable

Description Specify username variable name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

form-based_instance-list_request-uri-list_cookie

Specification
Type	object

cookie-value

Description: cookie-value is a JSON Block. Please see below for form-based_instance-list_request-uri-list_cookie_cookie-value

Type: Object

form-based_instance-list_request-uri-list_cookie_cookie-value

Specification
Type	object

cookie-value

Description Specify cookie in POST packet

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

ws-federation-list

Specification
Type	list
Block object keys

application-server

Description ‘sharepoint’: Microsoft SharePoint; ‘exchange-owa’: Microsoft Exchange OWA;

Type: string

Supported Values: sharepoint, exchange-owa

authentication-uri

Description Specify WS-Federation relay URI, default is /_trust/

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

name

Description Specify WS-Federation authentication relay name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

oauth-list

Specification
Type	list
Block object keys

all

Description All URI can be relay

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: all and match-type are mutually exclusive

match-type

Description ‘equals’: URI exactly matches the string; ‘contains’: URI string contains another sub string; ‘starts-with’: URI string starts with sub string; ‘ends-with’: URI string ends with sub string;

Type: string

Supported Values: equals, contains, starts-with, ends-with

Mutual Exclusion: match-type and all are mutually exclusive

match-uri

Description

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

name

Description Specify oauth authentication relay name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

relay-type

Description ‘access-token’: Relay access token to backend; ‘id-token’: Relay JWT to backend;

Type: string

Supported Values: access-token, id-token

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

saml-list

Specification
Type	list
Block object keys

idp-auth-uri

Description Specify the URI for IDP to handle SAML authentication request

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

match-type

Description ‘equals’: URI exactly matches the string; ‘contains’: URI string contains another sub string; ‘starts-with’: URI string starts with sub string; ‘ends-with’: URI string ends with sub string;

Type: string

Supported Values: equals, contains, starts-with, ends-with

match-uri

Description Match URI

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

method

Description ‘get-from-backend’: Get RelayState parameter from backend server; ‘request-uri’: Use the (URL encoded) current request-uri as the RelayState;

Type: string

Supported Values: get-from-backend, request-uri

Mutual Exclusion: method and value are mutually exclusive

name

Description Specify SAML authentication relay name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

relay-acs-uri

Description Specify the backend server assertion consuming service URI

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

retry-number

Description Specify how many continuous fail for SAML relay will trigger. Default will not retry.

Type: number

Range: 0-10

Default: 0

server-cookie-name

Description Specify the cookie name that used by backend server for authenticated users

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

value

Description Use the fixed string as the RelayState

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: value and method are mutually exclusive

kerberos

Specification
Type	object

instance-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/relay/kerberos/instance/{name}

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

kerberos_instance-list

Specification
Type	list
Block object keys

encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

kerberos-account

Description Specify the kerberos account name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

kerberos-kdc

Description Specify the kerberos kdc ip or host name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: kerberos-kdc and kerberos-kdc-service-group are mutually exclusive

kerberos-kdc-service-group

Description Specify an authentication service group as multiple KDCs

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: kerberos-kdc-service-group and kerberos-kdc are mutually exclusive

Refernce Object: /axapi/v3/aam/authentication/service-group

kerberos-realm

Description Specify the kerberos realm

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

name

Description Specify Kerberos authentication relay name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

password

Description Specify password of Kerberos password

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port

Description Specify The KDC port, default is 88

Type: number

Range: 1-65535

Default: 88

secret-string

Description The kerberos client password

Type: string

Format: password

Maximum Length: 63 characters

Maximum Length: 1 characters

timeout

Description Specify timeout for kerberos transport, default is 10 seconds (The timeout, default is 10 seconds)

Type: number

Range: 1-255

Default: 10

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

http-basic

Specification
Type	object

instance-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/relay/http-basic/instance/{name}

http-basic_instance-list

Specification
Type	list
Block object keys

domain

Description Specify user domain, default is null

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

domain-format

Description ‘user-principal-name’: Append domain with User Principal Name format. (e.g. user@domain); ‘down-level-logon-name’: Append domain with Down-Level Logon Name format. (e.g. domainuser);

Type: string

Supported Values: user-principal-name, down-level-logon-name

Default: down-level-logon-name

name

Description Specify HTTP basic authentication relay name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters