aam authorization policy¶
Authorization-policy configuration
policy Specification¶
Type Collection Object Key(s) name Collection Name policy-list Collection URI /axapi/v3/aam/authorization/policy Element Name policy Element URI /axapi/v3/aam/authorization/policy/{name} Element Attributes policy_attributes Schema policy schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/aam/authorization/policy | ||
Create List | POST | /axapi/v3/aam/authorization/policy | ||
Get Object | GET | /axapi/v3/aam/authorization/policy/{name} | ||
Get List | GET | /axapi/v3/aam/authorization/policy | ||
Modify Object | POST | /axapi/v3/aam/authorization/policy/{name} | ||
Replace Object | PUT | /axapi/v3/aam/authorization/policy/{name} | ||
Replace List | PUT | /axapi/v3/aam/authorization/policy | ||
Delete Object | DELETE | /axapi/v3/aam/authorization/policy/{name} |
policy-list¶
policy-list is JSON List of policy attributes
policy-list : [
]
policy attributes¶
attribute-list
Type: List
Reference Object: /axapi/v3/aam/authorization/policy/{name}/attribute/{attr-num}
attribute-rule
Description Define attribute rule for authorization policy
Type: string
Format: string-rlx
extended-filter
Description Extended search filter. EX: Check whether user belongs to a nested group. (memberOf:1.2.840.113556.1.4.1941:=$GROUP-DN)
Type: string
Format: string-rlx
Maximum Length: 511 characters
Maximum Length: 1 characters
forward-policy-authorize-only
Description This policy only provides server info for forward policy feature
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
jwt-authorization
Description Specify JWT authorization template (Specify JWT authorization template name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: jwt-authorization server and service-group are mutually exclusive
Reference Object: /axapi/v3/aam/jwt-authorization
jwt-claim-map-list
Type: List
Reference Object: /axapi/v3/aam/authorization/policy/{name}/jwt-claim-map/{attr-num}
name
Description Specify authorization policy name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
server
Description Specify a LDAP or RADIUS server for authorization (Specify a LDAP or RADIUS server name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: server service-group and jwt-authorization are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/server/ldap/instance
service-group
Description Specify an authentication service group for authorization (Specify authentication service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: service-group server and jwt-authorization are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/service-group
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
jwt-claim-map-list¶
Specification Type list Block object keys attr-num
Description Spcify attribute ID for claim mapping
Type: number
Range: 1-32
bool-val
Description ‘true’: True; ‘false’: False;
Type: string
Supported Values: true, false
boolean-type
Description Claim type is boolean
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: boolean-type string-type and number-type are mutually exclusive
claim
Description Specify JWT claim name to map to.
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
num-val
Description Specify JWT claim value.
Type: number
Range: 0-4294967295
number-type
Description Claim type is number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: number-type string-type and boolean-type are mutually exclusive
str-val
Description Specify JWT claim value.
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
string-type
Description Claim type is string
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: string-type number-type and boolean-type are mutually exclusive
type
Description Specify claim type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
attribute-list¶
Specification Type list Block object keys A10-AX-AUTH-URI
Description Custom-defined attribute
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: A10-AX-AUTH-URI and attribute-name are mutually exclusive
a10-dynamic-defined
Description The value of this attribute will depend on AX configuration instead of user configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
any
Description Matched when attribute is present (with any value).
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: any and attr-type are mutually exclusive
attr-int
Description ‘equal’: Operation type is equal; ‘not-equal’: Operation type is not equal; ‘less-than’: Operation type is less-than; ‘more-than’: Operation type is more-than; ‘less-than-equal-to’: Operation type is less-than-equal-to; ‘more-than-equal-to’: Operation type is more-thatn-equal-to;
Type: string
Supported Values: equal, not-equal, less-than, more-than, less-than-equal-to, more-than-equal-to
attr-int-val
Description Set attribute value
Type: number
Range: 0-4294967295
attr-ip
Description ‘equal’: Operation type is equal; ‘not-equal’: Operation type is not-equal;
Type: string
Supported Values: equal, not-equal
attr-ipv4
Description IPv4 address
Type: string
Format: ipv4-address
attr-num
Description Set attribute ID for authorization policy
Type: number
Range: 1-32
attr-number
Description ‘equal’: Operation type is equal; ‘not-equal’: Operation type is not equal; ‘less-than’: Operation type is less-than; ‘more-than’: Operation type is more-than; ‘less-than-equal-to’: Operation type is less-than-equal-to; ‘more-than-equal-to’: Operation type is more-thatn-equal-to;
Type: string
Supported Values: equal, not-equal, less-than, more-than, less-than-equal-to, more-than-equal-to
attr-number-val
Description Set attribute value
Type: string
Maximum Length: 20 characters
Maximum Length: 1 characters
attr-str
Description ‘match’: Operation type is match; ‘sub-string’: Operation type is sub-string;
Type: string
Supported Values: match, sub-string
attr-str-val
Description Set attribute value
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
attr-type
Description Specify attribute type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: attr-type and any are mutually exclusive
attribute-name
Description Specify attribute name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: attribute-name and A10-AX-AUTH-URI are mutually exclusive
custom-attr-str
Description ‘match’: Operation type is match; ‘sub-string’: Operation type is sub-string;
Type: string
Supported Values: match, sub-string
custom-attr-type
Description Specify attribute type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
integer-type
Description Attribute type is integer
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: integer-typestring-type, ip-type and number-type are mutually exclusive
ip-type
Description IP address is transformed into network byte order
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ip-typestring-type, integer-type and number-type are mutually exclusive
number-type
Description Attribute type is decimal number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: number-typestring-type, integer-type and ip-type are mutually exclusive
string-type
Description Attribute type is string
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: string-typeinteger-type, ip-type and number-type are mutually exclusive
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters