.. _aam_authentication_relay: aam authentication relay ======================== Authentication relay configuration relay Specification ------------------- ===================================== ================================================================= **Parameter** **Value** ===================================== ================================================================= **Type** *Intermediate Resource* **Element Name** relay **Element URI** /axapi/v3/aam/authentication/relay **Element Attributes** relay_attributes **Partition Visibility** shared **Schema** :download:`relay schema ` ===================================== ================================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/aam/authentication/relay .. raw:: html relay_attributes .. raw:: html
.. _66_relay_attributes: relay attributes ---------------- **form-based** **Description:** form-based is a **JSON Block**. Please see below for :ref:`66_form-based` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/form-based ` **http-basic** **Description:** http-basic is a **JSON Block**. Please see below for :ref:`66_http-basic` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/http-basic ` **kerberos** **Description:** kerberos is a **JSON Block**. Please see below for :ref:`66_kerberos` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/kerberos ` **ntlm-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/ntlm/{name} ` **oauth-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/oauth/{name} ` **saml-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/saml/{name} ` **ws-federation-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/ws-federation/{name} ` .. _66_ntlm-list: ntlm-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **domain** **Description** Specify NTLM domain, default is null **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **large-request-disable** **Description** Disable NTLM relay processing for large requests **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Specify NTLM authentication relay name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-relay-ntlm-tmpl ` **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **version** **Description** Specify NTLM version, default is NTLM 2 **Type:** number **Range:** 1-2 **Default:** 2 .. _66_ntlm-list_sampling-enable: ntlm-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'success': Success; 'failure': Failure; 'request': Request; 'response': Response; 'http-code-200': HTTP 200 OK; 'http-code-400': HTTP 400 Bad Request; 'http-code-401': HTTP 401 Unauthorized; 'http-code-403': HTTP 403 Forbidden; 'http-code-404': HTTP 404 Not Found; 'http-code-500': HTTP 500 Internal Server Error; 'http-code-503': HTTP 503 Service Unavailable; 'http-code-other': Other HTTP Response; 'buffer-alloc-fail': Buffer Allocation Failure; 'encoding-fail': Encoding Failure; 'insert-header-fail': Insert Header Failure; 'parse-header-fail': Parse Header Failure; 'internal-error': Internal Error; 'ntlm-auth-skipped': Requests for which NTLM relay is skipped; 'large-request-processing': Requests invoking large request processing; 'large-request-flushed': Large requests sent to server; 'head-negotiate-request-sent': HEAD requests sent with NEGOTIATE header; 'head-auth-request-sent': HEAD requests sent with AUTH header; **Type:** string **Supported Values:** all, success, failure, request, response, http-code-200, http-code-400, http-code-401, http-code-403, http-code-404, http-code-500, http-code-503, http-code-other, buffer-alloc-fail, encoding-fail, insert-header-fail, parse-header-fail, internal-error, ntlm-auth-skipped, large-request-processing, large-request-flushed, head-negotiate-request-sent, head-auth-request-sent .. _66_form-based: form-based ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **instance-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/form-based/instance/{name} ` .. _66_form-based_instance-list: form-based_instance-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **name** **Description** Specify form-based authentication relay name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-relay-form-inst-tmpl ` **request-uri-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/form-based/instance/{name}/request-uri/{match-type}+{uri} ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _66_form-based_instance-list_sampling-enable: form-based_instance-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'request': Request; 'invalid_srv_rsp': Invalid Server Response; 'post_fail': POST Failed; 'invalid_cred': Invalid Credential; 'bad_req': Bad Request; 'not_fnd': Not Found; 'error': Internal Server Error; 'other_error': Other Error; **Type:** string **Supported Values:** all, request, invalid_srv_rsp, post_fail, invalid_cred, bad_req, not_fnd, error, other_error .. _66_form-based_instance-list_request-uri-list: form-based_instance-list_request-uri-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action-uri** **Description** Specify the action-URI **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **cookie** **Description:** cookie is a **JSON Block**. Please see below for :ref:`66_form-based_instance-list_request-uri-list_cookie` **Type:** Object **domain-variable** **Description** Specify domain variable name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **match-type** **Description** 'equals': URI exactly matches the string; 'contains': URI string contains another sub string; 'starts-with': URI string starts with sub string; 'ends-with': URI string ends with sub string; **Type:** string **Supported Values:** equals, contains, starts-with, ends-with **max-packet-collect-size** **Description** Specify the max packet collection size in bytes, default is 1MB **Type:** number **Range:** 1024-2097152 **Default:** 1048576 **other-variables** **Description** Specify other variables (n1=v1&n2=v2) in form relay **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **password-variable** **Description** Specify password variable name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uri** **Description** Specify request URI **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **user-variable** **Description** Specify username variable name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _66_form-based_instance-list_request-uri-list_cookie: form-based_instance-list_request-uri-list_cookie ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cookie-value** **Description:** cookie-value is a **JSON Block**. Please see below for :ref:`66_form-based_instance-list_request-uri-list_cookie_cookie-value` **Type:** Object .. _66_form-based_instance-list_request-uri-list_cookie_cookie-value: form-based_instance-list_request-uri-list_cookie_cookie-value ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cookie-value** **Description** Specify cookie in POST packet **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _66_ws-federation-list: ws-federation-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **application-server** **Description** 'sharepoint': Microsoft SharePoint; 'exchange-owa': Microsoft Exchange OWA; **Type:** string **Supported Values:** sharepoint, exchange-owa **authentication-uri** **Description** Specify WS-Federation relay URI, default is /_trust/ **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **name** **Description** Specify WS-Federation authentication relay name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-relay-ws-fed-tmpl ` **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _66_ws-federation-list_sampling-enable: ws-federation-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'request': Request; 'success': Success; 'failure': Failure; **Type:** string **Supported Values:** all, request, success, failure .. _66_oauth-list: oauth-list ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **all** **Description** All URI can be relay **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** all and match-type are mutually exclusive **match-type** **Description** 'equals': URI exactly matches the string; 'contains': URI string contains another sub string; 'starts-with': URI string starts with sub string; 'ends-with': URI string ends with sub string; **Type:** string **Supported Values:** equals, contains, starts-with, ends-with **Mutual Exclusion:** match-type and all are mutually exclusive **match-uri** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **name** **Description** Specify oauth authentication relay name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **relay-type** **Description** 'access-token': Relay access token to backend; 'id-token': Relay JWT to backend; **Type:** string **Supported Values:** access-token, id-token **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _66_oauth-list_sampling-enable: oauth-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'relay-req': some help string; 'relay-succ': some help string; 'relay-fail': some help string; **Type:** string **Supported Values:** all, relay-req, relay-succ, relay-fail .. _66_saml-list: saml-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **idp-auth-uri** **Description** Specify the URI for IDP to handle SAML authentication request **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **match-type** **Description** 'equals': URI exactly matches the string; 'contains': URI string contains another sub string; 'starts-with': URI string starts with sub string; 'ends-with': URI string ends with sub string; **Type:** string **Supported Values:** equals, contains, starts-with, ends-with **match-uri** **Description** Match URI **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **method** **Description** 'get-from-backend': Get RelayState parameter from backend server; 'request-uri': Use the (URL encoded) current request-uri as the RelayState; **Type:** string **Supported Values:** get-from-backend, request-uri **Mutual Exclusion:** method and value are mutually exclusive **name** **Description** Specify SAML authentication relay name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **relay-acs-uri** **Description** Specify the backend server assertion consuming service URI **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **retry-number** **Description** Specify how many continuous fail for SAML relay will trigger. Default will not retry. **Type:** number **Range:** 0-10 **Default:** 0 **sampling-enable** **Type:** List **server-cookie-name** **Description** Specify the cookie name that used by backend server for authenticated users **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **value** **Description** Use the fixed string as the RelayState **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** value and method are mutually exclusive .. _66_saml-list_sampling-enable: saml-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'request': Request; 'success': Success; 'failure': Failure; 'error': Error; **Type:** string **Supported Values:** all, request, success, failure, error .. _66_kerberos: kerberos ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **instance-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/kerberos/instance/{name} ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _66_kerberos_sampling-enable: kerberos_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'request-send': Total Request Send; 'response-get': Total Response Get; 'timeout-error': Total Timeout; 'other-error': Total Other Error; 'request-normal': Total Normal Request; 'request-dropped': Total Dropped Request; 'response-success': Total Success Response; 'response-failure': Total Failure Response; 'response-error': Total Error Response; 'response-timeout': Total Timeout Response; 'response-other': Total Other Response; 'job-start-error': Total Job Start Error; 'polling-control-error': Total Polling Control Error; **Type:** string **Supported Values:** all, request-send, response-get, timeout-error, other-error, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error .. _66_kerberos_instance-list: kerberos_instance-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **kerberos-account** **Description** Specify the kerberos account name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **kerberos-kdc** **Description** Specify the kerberos kdc ip or host name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** kerberos-kdc and kerberos-kdc-service-group are mutually exclusive **kerberos-kdc-service-group** **Description** Specify an authentication service group as multiple KDCs **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** kerberos-kdc-service-group and kerberos-kdc are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **kerberos-realm** **Description** Specify the kerberos realm **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **name** **Description** Specify Kerberos authentication relay name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **password** **Description** Specify password of Kerberos password **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port** **Description** Specify The KDC port, default is 88 **Type:** number **Range:** 1-65535 **Default:** 88 **sampling-enable** **Type:** List **secret-string** **Description** The kerberos client password **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **timeout** **Description** Specify timeout for kerberos transport, default is 10 seconds (The timeout, default is 10 seconds) **Type:** number **Range:** 1-255 **Default:** 10 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _66_kerberos_instance-list_sampling-enable: kerberos_instance-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'request-send': Request Send; 'response-receive': Response Receive; 'current-requests-of-user': Current Pending Requests of User; 'tickets': Tickets; **Type:** string **Supported Values:** all, request-send, response-receive, current-requests-of-user, tickets .. _66_http-basic: http-basic ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **instance-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/relay/http-basic/instance/{name} ` .. _66_http-basic_instance-list: http-basic_instance-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **domain** **Description** Specify user domain, default is null **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **domain-format** **Description** 'user-principal-name': Append domain with User Principal Name format. (e.g. user@domain); 'down-level-logon-name': Append domain with Down-Level Logon Name format. (e.g. domain\user); **Type:** string **Supported Values:** user-principal-name, down-level-logon-name **Default:** down-level-logon-name **name** **Description** Specify HTTP basic authentication relay name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-relay-hbase-inst-tmpl ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _66_http-basic_instance-list_sampling-enable: http-basic_instance-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'success': Success; 'no-creds': No Credential; 'bad-req': Bad Request; 'unauth': Unauthorized; 'forbidden': Forbidden; 'not-found': Not Found; 'server-error': Internal Server Error; 'unavailable': Service Unavailable; **Type:** string **Supported Values:** all, success, no-creds, bad-req, unauth, forbidden, not-found, server-error, unavailable