aam authentication template

Authentication template

template Specification

Type	Collection
Object Key(s)	name
Collection Name	template-list
Collection URI	/axapi/v3/aam/authentication/template
Element Name	template
Element URI	/axapi/v3/aam/authentication/template/{name}
Element Attributes	template_attributes
Schema	template schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/aam/authentication/template	template attributes
Create List	POST	/axapi/v3/aam/authentication/template	template attributes
Get Object	GET	/axapi/v3/aam/authentication/template/{name}	template attributes
Get List	GET	/axapi/v3/aam/authentication/template	template-list
Modify Object	POST	/axapi/v3/aam/authentication/template/{name}	template attributes
Replace Object	PUT	/axapi/v3/aam/authentication/template/{name}	template attributes
Replace List	PUT	/axapi/v3/aam/authentication/template	template-list
Delete Object	DELETE	/axapi/v3/aam/authentication/template/{name}	template attributes

template-list

template-list is JSON List of template attributes

template-list : [

{ template attributes },

{ template attributes },

…

]

template attributes

account

Description Specify AD domain account

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/account/kerberos-spn

accounting-server

Description Specify a RADIUS accounting server

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: accounting-server and accounting-service-group are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/radius/instance

accounting-service-group

Description Specify an authentication service group for RADIUS accounting

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: accounting-service-group and accounting-server are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

auth-sess-mode

Description ‘cookie-based’: Track auth-session by cookie (default); ‘ip-based’: Track auth-session by client IP;

Type: string

Supported Values: cookie-based, ip-based

captcha

Description Specify captcha profile (Specify captcha proflie name)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/captcha/instance

chain

Type: List

cookie-domain

Type: List

cookie-domain-group

Type: List

cookie-httponly-enable

Description Enable httponly attribute for AAM cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cookie-max-age

Description Configure Max-Age for authentication session cookie (Configure Max-Age in seconds, 0 for no Max-Age/Expires attributes. Default is 604800 (1 week).)

Type: number

Range: 0-2592000

Default: 604800

cookie-samesite

Description ‘strict’: Specify SameSite attribute as Strict for AAM cookie; ‘lax’: Specify SameSite attribute as Lax for AAM cookie; ‘none’: Specify SameSite attribute as None for AAM cookie;

Type: string

Supported Values: strict, lax, none

cookie-secure-enable

Description Enable secure attribute for AAM cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-logout-disable

Description Disable forward logout request to backend application server. The config-field logout-url must be configured first

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

jwt

Description Specify authentication jwt template

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/jwt

local-logging

Description Enable local logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log

Description ‘use-partition-level-config’: Use configuration of authentication-log enable command; ‘enable’: Enable authentication logs for this template; ‘disable’: Disable authentication logs for this template;

Type: string

Supported Values: use-partition-level-config, enable, disable

Default: use-partition-level-config

logon

Description Specify authentication logon (Specify authentication logon template name)

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/logon/form-based

logout-idle-timeout

Description Specify idle logout time (Specify idle timeout in seconds, default is 300)

Type: number

Range: 1-86400

Default: 300

logout-url

Description Specify logout url (Specify logout url string)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

max-session-time

Description Specify default SAML token lifetime (Specify lifetime (in seconds) of SAML token when it not provided by token attributes, default is 28800. (0 for indefinite))

Type: number

Range: 0-86400

modify-content-security-policy

Description Put redirect-uri or service-principal-name into CSP header to avoid CPS break authentication process

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description Authentication template name

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

oauth-authorization-server

Description Specify OAUTH authorization server

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

oauth-client

Description Specify OAUTH client

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

redirect-hostname

Description Hostname(Length 1-31) for transparent-proxy authentication

Type: string

Format: host

Maximum Length: 31 characters

Maximum Length: 1 characters

relay

Description Specify authentication relay (Specify authentication relay template name)

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/relay/http-basic/instance

saml-idp

Description Specify SAML identity provider

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

saml-sp

Description Specify SAML service provider

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

server

Description Specify authentication server (Specify authentication server template name)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: server and service-group are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ldap/instance

service-group

Description Bind an authentication service group to this template (Specify authentication service group name)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: service-group server and chain-server are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

type

Description ‘saml’: SAML authentication template; ‘standard’: Standard authentication template; ‘oauth’: Oauth 2.0 authentication template;

Type: string

Supported Values: saml, standard, oauth

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

chain

Specification
Type	list
Block object keys

chain-server

Description Specify authentication server (Specify authentication server template name)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: chain-server service-group and chain-sg are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ldap/instance

chain-server-priority

Description Set server priority, higher the number higher the priority. Default is 3. (Chain server priority, higher the number higher the priority. Default is 3.)

Type: number

Range: 1-5

Default: 3

chain-sg

Description Bind an authentication service group to this template (Specify authentication service group name)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: chain-sg and chain-server are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

chain-sg-priority

Description Set service-group priority, higher the number higher the priority. Default is 3. (Chain service-group priority, higher the number higher the priority. Default is 3.)

Type: number

Range: 1-5

Default: 3

cookie-domain-group

Specification
Type	list
Block object keys

cookie-dmngrp

Description Specify group id to join in the cookie-domain

Type: number

Range: 0-31

cookie-domain

Specification
Type	list
Block object keys

cookie-dmn

Description Specify domain scope for the authentication (ex: .a10networks.com)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 2 characters