aam authentication server

Authentication server configuration

server Specification

Type	Configuration Resource
Element Name	server
Element URI	/axapi/v3/aam/authentication/server
Element Attributes	server_attributes
Operational Data URI	/axapi/v3/aam/authentication/server/oper
Schema	server schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/aam/authentication/server	server attributes
Get Object	GET	/axapi/v3/aam/authentication/server	server attributes
Modify Object	POST	/axapi/v3/aam/authentication/server	server attributes
Replace Object	PUT	/axapi/v3/aam/authentication/server	server attributes
Delete Object	DELETE	/axapi/v3/aam/authentication/server	server attributes

server attributes

ldap

Description: ldap is a JSON Block. Please see below for ldap

Type: Object

Refernce Object: /axapi/v3/aam/authentication/server/ldap

ocsp

Description: ocsp is a JSON Block. Please see below for ocsp

Type: Object

Refernce Object: /axapi/v3/aam/authentication/server/ocsp

radius

Description: radius is a JSON Block. Please see below for radius

Type: Object

Refernce Object: /axapi/v3/aam/authentication/server/radius

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

windows

Description: windows is a JSON Block. Please see below for windows

Type: Object

Refernce Object: /axapi/v3/aam/authentication/server/windows

windows

Specification
Type	object

instance-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/server/windows/instance/{name}

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

windows_instance-list

Specification
Type	list
Block object keys

auth-protocol

Description: auth-protocol is a JSON Block. Please see below for windows_instance-list_auth-protocol

Type: Object

health-check

Description Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description Health monitor name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/health/monitor

host

Description: host is a JSON Block. Please see below for windows_instance-list_host

Type: Object

name

Description Specify Windows authentication server name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

realm

Description Specify realm of Windows server

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

support-apacheds-kdc

Description Enable weak cipher (DES CRC/MD5/MD4) and merge AS-REQ in single packet

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

timeout

Description Specify connection timeout to server, default is 10 seconds

Type: number

Range: 1-255

Default: 10

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

windows_instance-list_host

Specification
Type	object

hostip

Description Specify the Windows server’s hostname(Length 1-31) or IP address

Type: string

Format: host

Maximum Length: 31 characters

Maximum Length: 1 characters

Mutual Exclusion: hostip and hostipv6 are mutually exclusive

hostipv6

Description Specify the Windows server’s IPV6 address

Type: string

Format: ipv6-address

Mutual Exclusion: hostipv6 and hostip are mutually exclusive

windows_instance-list_auth-protocol

Specification
Type	object

kerberos-disable

Description Disable Kerberos authentication protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

kerberos-password-change-port

Description Specify the Kerbros password change port, default is 464

Type: number

Range: 1-65534

Default: 464

kerberos-port

Description Specify the Kerberos port, default is 88

Type: number

Range: 1-65534

Default: 88

kport-hm

Description Check Kerberos port’s health status

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: kport-hm and kport-hm-disable are mutually exclusive

Refernce Object: /axapi/v3/health/monitor

kport-hm-disable

Description Disable configured Kerberos port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: kport-hm-disable and kport-hm are mutually exclusive

ntlm-disable

Description Disable NTLM authentication protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ntlm-health-check

Description Check NTLM port’s health status

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: ntlm-health-check and ntlm-health-check-disable are mutually exclusive

Refernce Object: /axapi/v3/health/monitor

ntlm-health-check-disable

Description Disable configured NTLM port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ntlm-health-check-disable and ntlm-health-check are mutually exclusive

ntlm-version

Description Specify NTLM version, default is 2

Type: number

Range: 1-2

Default: 2

ocsp

Specification
Type	object

instance-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/server/ocsp/instance/{name}

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ocsp_instance-list

Specification
Type	list
Block object keys

health-check

Description Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description Health monitor name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/health/monitor

http-version

Description Set HTTP version (default 1.0)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description Specify OCSP authentication server name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port-health-check

Description Check port’s health status

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: port-health-check and port-health-check-disable are mutually exclusive

Refernce Object: /axapi/v3/health/monitor

port-health-check-disable

Description Disable configured port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: port-health-check-disable and port-health-check are mutually exclusive

responder-ca

Description Specify the trusted OCSP responder’s CA cert filename

Type: string

Maximum Length: 245 characters

Maximum Length: 1 characters

responder-cert

Description Specify the trusted OCSP responder’s cert filename

Type: string

Maximum Length: 245 characters

Maximum Length: 1 characters

url

Description Specify the OCSP server’s address (Format: http://host[:port]/) (The OCSP server’s address(Format: http://host[:port]/))

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

version-type

Description ‘1.1’: HTTP version 1.1;

Type: string

Supported Values: 1.1

radius

Specification
Type	object

instance-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/server/radius/instance/{name}

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

radius_instance-list

Specification
Type	list
Block object keys

accounting-port

Description Specify the RADIUS server’s accounting port, default is 1813

Type: number

Range: 1-65534

Default: 1813

acct-port-hm

Description Specify accounting port health check method

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: acct-port-hm and acct-port-hm-disable are mutually exclusive

Refernce Object: /axapi/v3/health/monitor

acct-port-hm-disable

Description Disable configured accounting port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: acct-port-hm-disable and acct-port-hm are mutually exclusive

auth-type

Description ‘pap’: PAP authentication. Default; ‘mschapv2’: MS-CHAPv2 authentication; ‘mschapv2-pap’: Use MS-CHAPv2 first. If server doesn’t support it, try PAP;

Type: string

Supported Values: pap, mschapv2, mschapv2-pap

encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

health-check

Description Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description Health monitor name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/health/monitor

host

Description: host is a JSON Block. Please see below for radius_instance-list_host

Type: Object

interval

Description Specify the interval time for resend the request (second), default is 3 seconds (The interval time(second), default is 3 seconds)

Type: number

Range: 1-1024

Default: 3

name

Description Specify RADIUS authentication server name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port

Description Specify the RADIUS server’s authentication port, default is 1812

Type: number

Range: 1-65534

Default: 1812

port-hm

Description Check port’s health status

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: port-hm and port-hm-disable are mutually exclusive

Refernce Object: /axapi/v3/health/monitor

port-hm-disable

Description Disable configured port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: port-hm-disable and port-hm are mutually exclusive

retry

Description Specify the retry number for resend the request, default is 5 (The retry number, default is 5)

Type: number

Range: 1-32

Default: 5

secret

Description Specify the RADIUS server’s secret

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

secret-string

Description The RADIUS server’s secret

Type: string

Format: password

Maximum Length: 128 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

radius_instance-list_host

Specification
Type	object

hostip

Description Server’s hostname(Length 1-31) or IP address

Type: string

Format: host

Maximum Length: 31 characters

Maximum Length: 1 characters

Mutual Exclusion: hostip and hostipv6 are mutually exclusive

hostipv6

Description Server’s IPV6 address

Type: string

Format: ipv6-address

Mutual Exclusion: hostipv6 and hostip are mutually exclusive

ldap

Specification
Type	object

instance-list

Type: List

Refernce Object: /axapi/v3/aam/authentication/server/ldap/instance/{name}

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ldap_instance-list

Specification
Type	list
Block object keys

admin-dn

Description The LDAP server’s admin DN

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

admin-secret

Description Specify the LDAP server’s admin secret password

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

auth-type

Description ‘ad’: Active Directory. Default; ‘open-ldap’: OpenLDAP;

Type: string

Supported Values: ad, open-ldap

base

Description Specify the LDAP server’s search base

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

bind-with-dn

Description Enforce using DN for LDAP binding(All user input name will be used to create DN)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ca-cert

Description Specify the LDAPS CA cert filename (Trusted LDAPS CA cert filename)

Type: string

Maximum Length: 245 characters

Maximum Length: 1 characters

default-domain

Description Specify default domain for LDAP

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

derive-bind-dn

Description: derive-bind-dn is a JSON Block. Please see below for ldap_instance-list_derive-bind-dn

Type: Object

dn-attribute

Description Specify Distinguished Name attribute, default is CN

Type: string

Format: string-rlx

Maximum Length: 31 characters

Maximum Length: 1 characters

Default: cn

encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

health-check

Description Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description Health monitor name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/health/monitor

host

Description: host is a JSON Block. Please see below for ldap_instance-list_host

Type: Object

ldaps-conn-reuse-idle-timeout

Description Specify LDAPS connection reuse idle timeout value (in seconds) (Specify idle timeout value (in seconds), default is 0 (not reuse LDAPS connection))

Type: number

Range: 0-86400

Default: 0

name

Description Specify LDAP authentication server name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port

Description Specify the LDAP server’s authentication port, default is 389

Type: number

Range: 1-65534

Default: 389

port-hm

Description Check port’s health status

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: port-hm and port-hm-disable are mutually exclusive

Refernce Object: /axapi/v3/health/monitor

port-hm-disable

Description Disable configured port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: port-hm-disable and port-hm are mutually exclusive

prompt-pw-change-before-exp

Description Prompt user to change password before expiration in N days. This option only takes effect when server type is AD (Prompt user to change password before expiration in N days, default is not to prompt the user)

Type: number

Range: 1-999

protocol

Description ‘ldap’: Use LDAP (default); ‘ldaps’: Use LDAP over SSL; ‘starttls’: Use LDAP StartTLS;

Type: string

Supported Values: ldap, ldaps, starttls

Default: ldap

pwdmaxage

Description Specify the LDAP server’s default password expiration time (in seconds) (The LDAP server’s default password expiration time (in seconds), default is 0 (no expiration))

Type: number

Range: 0-4294967295

Default: 0

secret-string

Description secret password

Type: string

Format: password

Maximum Length: 128 characters

Maximum Length: 1 characters

timeout

Description Specify timout for LDAP, default is 10 seconds (The timeout, default is 10 seconds)

Type: number

Range: 1-255

Default: 10

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ldap_instance-list_derive-bind-dn

Specification
Type	object

username-attr

Description Specify attribute name of username

Type: string

Format: string-rlx

Maximum Length: 31 characters

Maximum Length: 1 characters

ldap_instance-list_host

Specification
Type	object

hostip

Description Server’s hostname(Length 1-31) or IP address

Type: string

Format: host

Maximum Length: 31 characters

Maximum Length: 1 characters

Mutual Exclusion: hostip and hostipv6 are mutually exclusive

hostipv6

Description Server’s IPV6 address

Type: string

Format: ipv6-address

Mutual Exclusion: hostipv6 and hostip are mutually exclusive

operational data

	Counter	Size	Description
	rserver-count	number	rserver-count
	name	string	name
	get-count	string	get-count
	part-id	number	part-id
	rport-count	number	rport-count
	rserver-list		rserver-list