{ "id":"/axapi/v3/aam/authentication/template/{name}", "type":"object", "node-type":"list", "title":"template", "partition-visibility":"shared", "description":"Authentication template", "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Authentication template name", "optional":false }, "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'saml': SAML authentication template; 'standard': Standard authentication template; 'oauth': Oauth 2.0 authentication template; ", "enum":[ "saml", "standard", "oauth" ], "optional":true }, "auth-sess-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'cookie-based': Track auth-session by cookie (default); 'ip-based': Track auth-session by client IP; ", "enum":[ "cookie-based", "ip-based" ], "optional":true }, "saml-sp":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify SAML service provider", "optional":true }, "saml-idp":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify SAML identity provider", "optional":true }, "oauth-authorization-server":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify OAUTH authorization server", "optional":true }, "oauth-client":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify OAUTH client", "optional":true }, "cookie-domain":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "cookie-dmn":{ "type":"string", "format":"string-rlx", "minLength":2, "maxLength":63, "partition-visibility":"shared", "description":"Specify domain scope for the authentication (ex: .a10networks.com)" } } } ] }, "cookie-domain-group":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "cookie-dmngrp":{ "type":"number", "format":"number", "minimum":0, "maximum":31, "partition-visibility":"shared", "description":"Specify group id to join in the cookie-domain" } } } ] }, "cookie-max-age":{ "type":"number", "format":"number", "minimum":0, "maximum":2592000, "default":604800, "partition-visibility":"shared", "description":"Configure Max-Age for authentication session cookie (Configure Max-Age in seconds, 0 for no Max-Age/Expires attributes. Default is 604800 (1 week).)", "optional":true }, "cookie-secure-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable secure attribute for AAM cookies", "optional":true }, "cookie-httponly-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable httponly attribute for AAM cookies", "optional":true }, "cookie-samesite":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'strict': Specify SameSite attribute as Strict for AAM cookie; 'lax': Specify SameSite attribute as Lax for AAM cookie; 'none': Specify SameSite attribute as None for AAM cookie; ", "enum":[ "strict", "lax", "none" ], "optional":true }, "max-session-time":{ "type":"number", "format":"number", "minimum":0, "maximum":86400, "partition-visibility":"shared", "description":"Specify default SAML token lifetime (Specify lifetime (in seconds) of SAML token when it not provided by token attributes, default is 28800. (0 for indefinite))", "optional":true }, "local-logging":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable local logging", "optional":true }, "logon":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/logon/form-based", "description":"Specify authentication logon (Specify authentication logon template name)", "optional":true }, "logout-idle-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":86400, "default":300, "partition-visibility":"shared", "description":"Specify idle logout time (Specify idle timeout in seconds, default is 300)", "optional":true }, "logout-url":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify logout url (Specify logout url string)", "optional":true }, "forward-logout-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable forward logout request to backend application server. The config-field logout-url must be configured first", "optional":true }, "relay":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/relay/http-basic/instance", "description":"Specify authentication relay (Specify authentication relay template name)", "optional":true }, "jwt":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/jwt", "description":"Specify authentication jwt template", "optional":true }, "server":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/ldap/instance", "not":"service-group", "description":"Specify authentication server (Specify authentication server template name)", "optional":true }, "service-group":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/service-group", "not-list":[ "server", "chain-server" ], "description":"Bind an authentication service group to this template (Specify authentication service group name)", "optional":true }, "account":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/account/kerberos-spn", "description":"Specify AD domain account", "optional":true }, "captcha":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/captcha/instance", "description":"Specify captcha profile (Specify captcha proflie name)", "optional":true }, "accounting-server":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/radius/instance", "not":"accounting-service-group", "description":"Specify a RADIUS accounting server", "optional":true }, "accounting-service-group":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/service-group", "not":"accounting-server", "description":"Specify an authentication service group for RADIUS accounting", "optional":true }, "redirect-hostname":{ "type":"string", "format":"host", "minLength":1, "maxLength":31, "partition-visibility":"shared", "description":"Hostname(Length 1-31) for transparent-proxy authentication", "optional":true }, "modify-content-security-policy":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Put redirect-uri or service-principal-name into CSP header to avoid CPS break authentication process", "optional":true }, "log":{ "type":"string", "format":"enum", "default":"use-partition-level-config", "partition-visibility":"shared", "description":"'use-partition-level-config': Use configuration of authentication-log enable command; 'enable': Enable authentication logs for this template; 'disable': Disable authentication logs for this template; ", "enum":[ "use-partition-level-config", "enable", "disable" ], "optional":true }, "chain":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "chain-server":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/ldap/instance", "not-list":[ "service-group", "chain-sg" ], "description":"Specify authentication server (Specify authentication server template name)" }, "chain-server-priority":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "default":3, "partition-visibility":"shared", "description":"Set server priority, higher the number higher the priority. Default is 3. (Chain server priority, higher the number higher the priority. Default is 3.)" }, "chain-sg":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/service-group", "not":"chain-server", "description":"Bind an authentication service group to this template (Specify authentication service group name)" }, "chain-sg-priority":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "default":3, "partition-visibility":"shared", "description":"Set service-group priority, higher the number higher the priority. Default is 3. (Chain service-group priority, higher the number higher the priority. Default is 3.)" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "object-keys":[ "name" ], "required":[ "name" ] }