{ "id":"/axapi/v3/aam/authentication/saml", "type":"object", "node-type":"intermediate", "title":"saml", "operation-not-allowed": ["PUT", "POST", "DELETE"], "partition-visibility":"shared", "auto-created-object":1, "description":"AAM SAML related configuration", "properties":{ "global":{ "type":"object", "$ref":"/axapi/v3/aam/authentication/saml/global", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'requests-to-a10saml': Total Request to A10 SAML Service; 'responses-from-a10saml': Total Response from A10 SAML Service; 'sp-metadata-export-req': Total Metadata Export Request; 'sp-metadata-export-success': Toal Metadata Export Success; 'login-auth-req': Total Login Authentication Request; 'login-auth-resp': Total Login Authentication Response; 'acs-req': Total SAML Single-Sign-On Request; 'acs-success': Total SAML Single-Sign-On Success; 'acs-authz-fail': Total SAML Single-Sign-On Authorization Fail; 'acs-error': Total SAML Single-Sign-On Error; 'slo-req': Total Single Logout Request; 'slo-success': Total Single Logout Success; 'slo-error': Total Single Logout Error; 'sp-slo-req': Total SP-initiated Single Logout Request; 'glo-slo-success': Total Global Logout Success; 'loc-slo-success': Total Local Logout Success; 'par-slo-success': Total Partial Logout Success; 'relay-req': relay-req; 'relay-success': relay-success; 'relay-fail': relay-fail; 'relay-error': relay-error; 'other-error': Total Other Error; ", "enum":[ "all", "requests-to-a10saml", "responses-from-a10saml", "sp-metadata-export-req", "sp-metadata-export-success", "login-auth-req", "login-auth-resp", "acs-req", "acs-success", "acs-authz-fail", "acs-error", "slo-req", "slo-success", "slo-error", "sp-slo-req", "glo-slo-success", "loc-slo-success", "par-slo-success", "relay-req", "relay-success", "relay-fail", "relay-error", "other-error" ] } } } ] } } }, "session":{ "type":"object", "$ref":"/axapi/v3/aam/authentication/saml/session", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "metadata":{ "type":"object", "$ref":"/axapi/v3/aam/authentication/saml/metadata", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "metadata-monitor":{ "type":"object", "$ref":"/axapi/v3/aam/authentication/saml/metadata-monitor", "properties":{ "status":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable SAML metadata out-of-sync detection; 'disable': Disable SAML metadata out-of-sync detection; ", "enum":[ "enable", "disable" ] }, "acs-continuous-fail-threshold":{ "type":"number", "format":"number", "minimum":2, "maximum":254, "partition-visibility":"shared", "description":"Specify how many ACS continuous fails will trigger metadata reload (ACS continuous fail threshold (default: 10))" }, "acs-missing-threshold":{ "type":"number", "format":"number", "minimum":10, "maximum":254, "partition-visibility":"shared", "description":"Specify how many ACS request missing in the period will trigger metadata reload (ACS request missing threshold (default: 100))" }, "acs-missing-period":{ "type":"number", "format":"number", "minimum":1, "maximum":254, "partition-visibility":"shared", "description":"Specify how long no acs request will trigger metadata reload (in seconds (default: 60))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "service-provider-list":{ "type":"array", "minItems":1, "items":{ "type":"service-provider" }, "uniqueItems":true, "$ref":"/axapi/v3/aam/authentication/saml/service-provider/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify SAML authentication service provider name", "optional":false }, "adfs-ws-federation":{ "type":"object", "properties":{ "ws-federation-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ADFS WS-Federation" } } }, "artifact-resolution-service":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "artifact-index":{ "type":"number", "format":"number", "minimum":0, "maximum":5, "partition-visibility":"shared", "description":"The index of artifact resolution service" }, "artifact-location":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"The location of artifact resolution service. (ex. /SAML/POST)" }, "artifact-binding":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'soap': SOAP binding of artifact resolution service; ", "enum":[ "soap" ] } } } ] }, "assertion-consuming-service":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "assertion-index":{ "type":"number", "format":"number", "minimum":0, "maximum":5, "partition-visibility":"shared", "description":"The index of assertion consuming service" }, "assertion-location":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"The location of assertion consuming service endpoint. (ex. /SAML/POST)" }, "assertion-binding":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'artifact': Artifact binding of assertion consuming service; 'paos': PAOS binding of assertion consuming service; 'post': POST binding of assertion consuming service; ", "enum":[ "artifact", "paos", "post" ] } } } ] }, "single-logout-service":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "SLO-location":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"The location of name-id management service. (ex. /SAML/POST)" }, "SLO-binding":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'post': POST binding of single logout service; 'redirect': Redirect binding of single logout service; 'soap': SOAP binding of single logout service; ", "enum":[ "post", "redirect", "soap" ] } } } ] }, "SP-initiated-single-logout-service":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "SP-SLO-location":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"The location of SP-initiated single logout service endpoint. (ex. /Logout)" }, "asynchronous":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"the IDP will not send a logout response to AX" } } } ] }, "metadata-export-service":{ "type":"object", "properties":{ "md-export-location":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify the URI to export SP metadata (Export URI. Default is /A10SP_Metadata)" }, "sign-xml":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Sign exported SP metadata XML with SP's certificate" } } }, "certificate":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"SAML service provider certificate file (PFX format is required.)", "optional":true }, "entity-id":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1023, "partition-visibility":"shared", "description":"SAML service provider entity ID", "optional":true }, "saml-request-signed":{ "type":"object", "properties":{ "saml-request-signed-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable signing signature for SAML (Authn/Artifact Resolve) requests" } } }, "soap-tls-certificate-validate":{ "type":"object", "properties":{ "soap-tls-certificate-validate-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable verification for server certificate in TLS session when resolving artificate" } } }, "signature-algorithm":{ "type":"string", "format":"enum", "default":"SHA1", "partition-visibility":"shared", "description":"'SHA1': use SHA1 as signature algorithm (default); 'SHA256': use SHA256 as signature algorithm; ", "enum":[ "SHA1", "SHA256" ], "optional":true }, "require-assertion-signed":{ "type":"object", "properties":{ "require-assertion-signed-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable required signing of SAML assertion" } } }, "service-url":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"SAML service provider service URL (ex. https://www.a10networks.com/saml.sso)", "optional":true }, "bad-request-redirect-url":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify URL to redirect", "optional":true }, "acs-uri-bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"After user authenticated, bypass requests with assertion-consuming-service location URI", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'sp-metadata-export-req': Metadata Export Request; 'sp-metadata-export-success': Metadata Export Success; 'login-auth-req': Login Authentication Request; 'login-auth-resp': Login Authentication Response; 'acs-req': SAML Single-Sign-On Request; 'acs-success': SAML Single-Sign-On Success; 'acs-authz-fail': SAML Single-Sign-On Authorization Fail; 'acs-error': SAML Single-Sign-On Error; 'slo-req': Single Logout Request; 'slo-success': Single Logout Success; 'slo-error': Single Logout Error; 'sp-slo-req': SP-initiated Single Logout Request; 'glo-slo-success': Total Global Logout Success; 'loc-slo-success': Total Local Logout Success; 'par-slo-success': Total Partial Logout Success; 'other-error': Other Error; ", "enum":[ "all", "sp-metadata-export-req", "sp-metadata-export-success", "login-auth-req", "login-auth-resp", "acs-req", "acs-success", "acs-authz-fail", "acs-error", "slo-req", "slo-success", "slo-error", "sp-slo-req", "glo-slo-success", "loc-slo-success", "par-slo-success", "other-error" ] } } } ] }, "packet-capture-template":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/visibility/packet-capture/object-templates/aam-auth-saml-service-prov-tmpl", "description":"Name of the packet capture template to be bind with this object", "optional":true } }, "required":[ "name" ] } ] }, "identity-provider-list":{ "type":"array", "minItems":1, "items":{ "type":"identity-provider" }, "uniqueItems":true, "$ref":"/axapi/v3/aam/authentication/saml/identity-provider/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"SAML authentication identity provider name", "optional":false }, "metadata":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"URL of SAML identity provider's metadata file", "optional":true }, "reload-metadata":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Reload IdP's metadata immediately", "optional":true }, "reload-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":86400, "default":28800, "partition-visibility":"shared", "description":"Specify URI metadata reload period (Specify URI metadata reload period in seconds, default is 28800)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "name" ] } ] } } }