aam authentication relay¶
Authentication relay configuration
relay Specification¶
Type Intermediate Resource Element Name relay Element URI /axapi/v3/aam/authentication/relay Element Attributes relay_attributes Schema relay schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/aam/authentication/relay | relay_attributes |
relay attributes¶
form-based
Description: form-based is a JSON Block. Please see below for form-based
Type: Object
Reference Object: /axapi/v3/aam/authentication/relay/form-based
http-basic
Description: http-basic is a JSON Block. Please see below for http-basic
Type: Object
Reference Object: /axapi/v3/aam/authentication/relay/http-basic
kerberos
Description: kerberos is a JSON Block. Please see below for kerberos
Type: Object
Reference Object: /axapi/v3/aam/authentication/relay/kerberos
ntlm-list
Type: List
Reference Object: /axapi/v3/aam/authentication/relay/ntlm/{name}
oauth-list
Type: List
Reference Object: /axapi/v3/aam/authentication/relay/oauth/{name}
saml-list
Type: List
Reference Object: /axapi/v3/aam/authentication/relay/saml/{name}
ws-federation-list
Type: List
Reference Object: /axapi/v3/aam/authentication/relay/ws-federation/{name}
ntlm-list¶
Specification Type list Block object keys domain
Description Specify NTLM domain, default is null
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
large-request-disable
Description Disable NTLM relay processing for large requests
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Specify NTLM authentication relay name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
packet-capture-template
Description Name of the packet capture template to be bind with this object
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-relay-ntlm-tmpl
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
version
Description Specify NTLM version, default is NTLM 2
Type: number
Range: 1-2
Default: 2
ntlm-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘success’: Success; ‘failure’: Failure; ‘request’: Request; ‘response’: Response; ‘http-code-200’: HTTP 200 OK; ‘http-code-400’: HTTP 400 Bad Request; ‘http-code-401’: HTTP 401 Unauthorized; ‘http-code-403’: HTTP 403 Forbidden; ‘http-code-404’: HTTP 404 Not Found; ‘http-code-500’: HTTP 500 Internal Server Error; ‘http-code-503’: HTTP 503 Service Unavailable; ‘http-code-other’: Other HTTP Response; ‘buffer-alloc-fail’: Buffer Allocation Failure; ‘encoding-fail’: Encoding Failure; ‘insert-header-fail’: Insert Header Failure; ‘parse-header-fail’: Parse Header Failure; ‘internal-error’: Internal Error; ‘ntlm-auth-skipped’: Requests for which NTLM relay is skipped; ‘large-request-processing’: Requests invoking large request processing; ‘large-request-flushed’: Large requests sent to server; ‘head-negotiate-request-sent’: HEAD requests sent with NEGOTIATE header; ‘head-auth-request-sent’: HEAD requests sent with AUTH header;
Type: string
Supported Values: all, success, failure, request, response, http-code-200, http-code-400, http-code-401, http-code-403, http-code-404, http-code-500, http-code-503, http-code-other, buffer-alloc-fail, encoding-fail, insert-header-fail, parse-header-fail, internal-error, ntlm-auth-skipped, large-request-processing, large-request-flushed, head-negotiate-request-sent, head-auth-request-sent
form-based¶
Specification Type object instance-list
Type: List
Reference Object: /axapi/v3/aam/authentication/relay/form-based/instance/{name}
form-based_instance-list¶
Specification Type list Block object keys name
Description Specify form-based authentication relay name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
packet-capture-template
Description Name of the packet capture template to be bind with this object
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-relay-form-inst-tmpl
request-uri-list
Type: List
Reference Object: /axapi/v3/aam/authentication/relay/form-based/instance/{name}/request-uri/{match-type}+{uri}
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
form-based_instance-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘request’: Request; ‘invalid_srv_rsp’: Invalid Server Response; ‘post_fail’: POST Failed; ‘invalid_cred’: Invalid Credential; ‘bad_req’: Bad Request; ‘not_fnd’: Not Found; ‘error’: Internal Server Error; ‘other_error’: Other Error;
Type: string
Supported Values: all, request, invalid_srv_rsp, post_fail, invalid_cred, bad_req, not_fnd, error, other_error
form-based_instance-list_request-uri-list¶
Specification Type list Block object keys action-uri
Description Specify the action-URI
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
cookie
Description: cookie is a JSON Block. Please see below for form-based_instance-list_request-uri-list_cookie
Type: Object
domain-variable
Description Specify domain variable name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
match-type
Description ‘equals’: URI exactly matches the string; ‘contains’: URI string contains another sub string; ‘starts-with’: URI string starts with sub string; ‘ends-with’: URI string ends with sub string;
Type: string
Supported Values: equals, contains, starts-with, ends-with
max-packet-collect-size
Description Specify the max packet collection size in bytes, default is 1MB
Type: number
Range: 1024-2097152
Default: 1048576
other-variables
Description Specify other variables (n1=v1&n2=v2) in form relay
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
password-variable
Description Specify password variable name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uri
Description Specify request URI
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
user-variable
Description Specify username variable name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
form-based_instance-list_request-uri-list_cookie¶
Specification Type object cookie-value
Description: cookie-value is a JSON Block. Please see below for form-based_instance-list_request-uri-list_cookie_cookie-value
Type: Object
form-based_instance-list_request-uri-list_cookie_cookie-value¶
Specification Type object cookie-value
Description Specify cookie in POST packet
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
ws-federation-list¶
Specification Type list Block object keys application-server
Description ‘sharepoint’: Microsoft SharePoint; ‘exchange-owa’: Microsoft Exchange OWA;
Type: string
Supported Values: sharepoint, exchange-owa
authentication-uri
Description Specify WS-Federation relay URI, default is /_trust/
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
name
Description Specify WS-Federation authentication relay name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
packet-capture-template
Description Name of the packet capture template to be bind with this object
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-relay-ws-fed-tmpl
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ws-federation-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘request’: Request; ‘success’: Success; ‘failure’: Failure;
Type: string
Supported Values: all, request, success, failure
oauth-list¶
Specification Type list Block object keys all
Description All URI can be relay
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: all and match-type are mutually exclusive
match-type
Description ‘equals’: URI exactly matches the string; ‘contains’: URI string contains another sub string; ‘starts-with’: URI string starts with sub string; ‘ends-with’: URI string ends with sub string;
Type: string
Supported Values: equals, contains, starts-with, ends-with
Mutual Exclusion: match-type and all are mutually exclusive
match-uri
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
name
Description Specify oauth authentication relay name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
relay-type
Description ‘access-token’: Relay access token to backend; ‘id-token’: Relay JWT to backend;
Type: string
Supported Values: access-token, id-token
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
oauth-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘relay-req’: some help string; ‘relay-succ’: some help string; ‘relay-fail’: some help string;
Type: string
Supported Values: all, relay-req, relay-succ, relay-fail
saml-list¶
Specification Type list Block object keys idp-auth-uri
Description Specify the URI for IDP to handle SAML authentication request
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
match-type
Description ‘equals’: URI exactly matches the string; ‘contains’: URI string contains another sub string; ‘starts-with’: URI string starts with sub string; ‘ends-with’: URI string ends with sub string;
Type: string
Supported Values: equals, contains, starts-with, ends-with
match-uri
Description Match URI
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
method
Description ‘get-from-backend’: Get RelayState parameter from backend server; ‘request-uri’: Use the (URL encoded) current request-uri as the RelayState;
Type: string
Supported Values: get-from-backend, request-uri
Mutual Exclusion: method and value are mutually exclusive
name
Description Specify SAML authentication relay name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
relay-acs-uri
Description Specify the backend server assertion consuming service URI
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
retry-number
Description Specify how many continuous fail for SAML relay will trigger. Default will not retry.
Type: number
Range: 0-10
Default: 0
sampling-enable
Type: Listserver-cookie-name
Description Specify the cookie name that used by backend server for authenticated users
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
value
Description Use the fixed string as the RelayState
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: value and method are mutually exclusive
saml-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘request’: Request; ‘success’: Success; ‘failure’: Failure; ‘error’: Error;
Type: string
Supported Values: all, request, success, failure, error
kerberos¶
Specification Type object instance-list
Type: List
Reference Object: /axapi/v3/aam/authentication/relay/kerberos/instance/{name}
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
kerberos_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘request-send’: Total Request Send; ‘response-get’: Total Response Get; ‘timeout-error’: Total Timeout; ‘other-error’: Total Other Error; ‘request-normal’: Total Normal Request; ‘request-dropped’: Total Dropped Request; ‘response-success’: Total Success Response; ‘response-failure’: Total Failure Response; ‘response-error’: Total Error Response; ‘response-timeout’: Total Timeout Response; ‘response-other’: Total Other Response; ‘job-start-error’: Total Job Start Error; ‘polling-control-error’: Total Polling Control Error;
Type: string
Supported Values: all, request-send, response-get, timeout-error, other-error, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error
kerberos_instance-list¶
Specification Type list Block object keys encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)kerberos-account
Description Specify the kerberos account name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
kerberos-kdc
Description Specify the kerberos kdc ip or host name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: kerberos-kdc and kerberos-kdc-service-group are mutually exclusive
kerberos-kdc-service-group
Description Specify an authentication service group as multiple KDCs
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: kerberos-kdc-service-group and kerberos-kdc are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/service-group
kerberos-realm
Description Specify the kerberos realm
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
name
Description Specify Kerberos authentication relay name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
password
Description Specify password of Kerberos password
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port
Description Specify The KDC port, default is 88
Type: number
Range: 1-65535
Default: 88
sampling-enable
Type: Listsecret-string
Description The kerberos client password
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
timeout
Description Specify timeout for kerberos transport, default is 10 seconds (The timeout, default is 10 seconds)
Type: number
Range: 1-255
Default: 10
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
kerberos_instance-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘request-send’: Request Send; ‘response-receive’: Response Receive; ‘current-requests-of-user’: Current Pending Requests of User; ‘tickets’: Tickets;
Type: string
Supported Values: all, request-send, response-receive, current-requests-of-user, tickets
http-basic¶
Specification Type object instance-list
Type: List
Reference Object: /axapi/v3/aam/authentication/relay/http-basic/instance/{name}
http-basic_instance-list¶
Specification Type list Block object keys domain
Description Specify user domain, default is null
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
domain-format
Description ‘user-principal-name’: Append domain with User Principal Name format. (e.g. user@domain); ‘down-level-logon-name’: Append domain with Down-Level Logon Name format. (e.g. domainuser);
Type: string
Supported Values: user-principal-name, down-level-logon-name
Default: down-level-logon-name
name
Description Specify HTTP basic authentication relay name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
packet-capture-template
Description Name of the packet capture template to be bind with this object
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-relay-hbase-inst-tmpl
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
http-basic_instance-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘success’: Success; ‘no-creds’: No Credential; ‘bad-req’: Bad Request; ‘unauth’: Unauthorized; ‘forbidden’: Forbidden; ‘not-found’: Not Found; ‘server-error’: Internal Server Error; ‘unavailable’: Service Unavailable;
Type: string
Supported Values: all, success, no-creds, bad-req, unauth, forbidden, not-found, server-error, unavailable