aam authentication saml¶
AAM SAML related configuration
saml Specification¶
Type
Intermediate Resource
Element Name
saml
Element URI
/axapi/v3/aam/authentication/saml
Element Attributes
saml_attributes
Schema
Operations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/aam/authentication/saml | saml_attributes |
saml attributes¶
global
Description: global is a JSON Block. Please see below for global
Type: Object
Refernce Object: /axapi/v3/aam/authentication/saml/global
identity-provider-list
Type: List
Refernce Object: /axapi/v3/aam/authentication/saml/identity-provider/{name}
metadata
Description: metadata is a JSON Block. Please see below for metadata
Type: Object
Refernce Object: /axapi/v3/aam/authentication/saml/metadata
metadata-monitor
Description: metadata-monitor is a JSON Block. Please see below for metadata-monitor
Type: Object
Refernce Object: /axapi/v3/aam/authentication/saml/metadata-monitor
service-provider-list
Type: List
Refernce Object: /axapi/v3/aam/authentication/saml/service-provider/{name}
session
Description: session is a JSON Block. Please see below for session
Type: Object
Refernce Object: /axapi/v3/aam/authentication/saml/session
service-provider-list¶
Specification
Type
list
Block object keys
SP-initiated-single-logout-service
Type: List
acs-uri-bypass
Description After user authenticated, bypass requests with assertion-consuming-service location URI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
adfs-ws-federation
Description: adfs-ws-federation is a JSON Block. Please see below for service-provider-list_adfs-ws-federation
Type: Object
artifact-resolution-service
Type: List
assertion-consuming-service
Type: List
bad-request-redirect-url
Description Specify URL to redirect
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
certificate
Description SAML service provider certificate file (PFX format is required.)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
entity-id
Description SAML service provider entity ID
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
metadata-export-service
Description: metadata-export-service is a JSON Block. Please see below for service-provider-list_metadata-export-service
Type: Object
name
Description Specify SAML authentication service provider name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
require-assertion-signed
Description: require-assertion-signed is a JSON Block. Please see below for service-provider-list_require-assertion-signed
Type: Object
saml-request-signed
Description: saml-request-signed is a JSON Block. Please see below for service-provider-list_saml-request-signed
Type: Object
service-url
Description SAML service provider service URL (ex. https://www.a10networks.com/saml.sso)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
signature-algorithm
Description ‘SHA1’: use SHA1 as signature algorithm (default); ‘SHA256’: use SHA256 as signature algorithm;
Type: string
Supported Values: SHA1, SHA256
Default: SHA1
single-logout-service
Type: List
soap-tls-certificate-validate
Description: soap-tls-certificate-validate is a JSON Block. Please see below for service-provider-list_soap-tls-certificate-validate
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
service-provider-list_require-assertion-signed¶
Specification
Type
object
require-assertion-signed-enable
Description Enable required signing of SAML assertion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_single-logout-service¶
Specification
Type
list
Block object keys
SLO-binding
Description ‘post’: POST binding of single logout service; ‘redirect’: Redirect binding of single logout service; ‘soap’: SOAP binding of single logout service;
Type: string
Supported Values: post, redirect, soap
SLO-location
Description The location of name-id management service. (ex. /SAML/POST)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
service-provider-list_assertion-consuming-service¶
Specification
Type
list
Block object keys
assertion-binding
Description ‘artifact’: Artifact binding of assertion consuming service; ‘paos’: PAOS binding of assertion consuming service; ‘post’: POST binding of assertion consuming service;
Type: string
Supported Values: artifact, paos, post
assertion-index
Description The index of assertion consuming service
Type: number
Range: 0-5
assertion-location
Description The location of assertion consuming service endpoint. (ex. /SAML/POST)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
service-provider-list_saml-request-signed¶
Specification
Type
object
saml-request-signed-disable
Description Disable signing signature for SAML (Authn/Artifact Resolve) requests
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_SP-initiated-single-logout-service¶
Specification
Type
list
Block object keys
SP-SLO-location
Description The location of SP-initiated single logout service endpoint. (ex. /Logout)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
asynchronous
Description the IDP will not send a logout response to AX
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_adfs-ws-federation¶
Specification
Type
object
ws-federation-enable
Description Enable ADFS WS-Federation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_soap-tls-certificate-validate¶
Specification
Type
object
soap-tls-certificate-validate-disable
Description Disable verification for server certificate in TLS session when resolving artificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_artifact-resolution-service¶
Specification
Type
list
Block object keys
artifact-binding
Description ‘soap’: SOAP binding of artifact resolution service;
Type: string
Supported Values: soap
artifact-index
Description The index of artifact resolution service
Type: number
Range: 0-5
artifact-location
Description The location of artifact resolution service. (ex. /SAML/POST)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
service-provider-list_metadata-export-service¶
Specification
Type
object
md-export-location
Description Specify the URI to export SP metadata (Export URI. Default is /A10SP_Metadata)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sign-xml
Description Sign exported SP metadata XML with SP’s certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
identity-provider-list¶
Specification
Type
list
Block object keys
metadata
Description URL of SAML identity provider’s metadata file
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
name
Description SAML authentication identity provider name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
reload-interval
Description Specify URI metadata reload period (Specify URI metadata reload period in seconds, default is 28800)
Type: number
Range: 1-86400
Default: 28800
reload-metadata
Description Reload IdP’s metadata immediately
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
global¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
session¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
metadata-monitor¶
Specification
Type
object
acs-continuous-fail-threshold
Description Specify how many ACS continuous fails will trigger metadata reload (ACS continuous fail threshold (default: 10))
Type: number
Range: 2-254
acs-missing-period
Description Specify how long no acs request will trigger metadata reload (in seconds (default: 60))
Type: number
Range: 1-254
acs-missing-threshold
Description Specify how many ACS request missing in the period will trigger metadata reload (ACS request missing threshold (default: 100))
Type: number
Range: 10-254
status
Description ‘enable’: Enable SAML metadata out-of-sync detection; ‘disable’: Disable SAML metadata out-of-sync detection;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
metadata¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters