.. _aam_authentication_saml: aam authentication saml ======================= AAM SAML related configuration saml Specification ------------------ ===================================== ================================================================ **Parameter** **Value** ===================================== ================================================================ **Type** *Intermediate Resource* **Element Name** saml **Element URI** /axapi/v3/aam/authentication/saml **Element Attributes** saml_attributes **Partition Visibility** shared **Schema** :download:`saml schema ` ===================================== ================================================================ **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/aam/authentication/saml .. raw:: html saml_attributes .. raw:: html
.. _79_saml_attributes: saml attributes --------------- **global** **Description:** global is a **JSON Block**. Please see below for :ref:`79_global` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/saml/global ` **identity-provider-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/saml/identity-provider/{name} ` **metadata** **Description:** metadata is a **JSON Block**. Please see below for :ref:`79_metadata` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/saml/metadata ` **metadata-monitor** **Description:** metadata-monitor is a **JSON Block**. Please see below for :ref:`79_metadata-monitor` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/saml/metadata-monitor ` **service-provider-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/saml/service-provider/{name} ` **session** **Description:** session is a **JSON Block**. Please see below for :ref:`79_session` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/saml/session ` .. _79_service-provider-list: service-provider-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **SP-initiated-single-logout-service** **Type:** List **acs-uri-bypass** **Description** After user authenticated, bypass requests with assertion-consuming-service location URI **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **adfs-ws-federation** **Description:** adfs-ws-federation is a **JSON Block**. Please see below for :ref:`79_service-provider-list_adfs-ws-federation` **Type:** Object **artifact-resolution-service** **Type:** List **assertion-consuming-service** **Type:** List **bad-request-redirect-url** **Description** Specify URL to redirect **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **certificate** **Description** SAML service provider certificate file (PFX format is required.) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **entity-id** **Description** SAML service provider entity ID **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **metadata-export-service** **Description:** metadata-export-service is a **JSON Block**. Please see below for :ref:`79_service-provider-list_metadata-export-service` **Type:** Object **name** **Description** Specify SAML authentication service provider name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-saml-service-prov-tmpl ` **require-assertion-signed** **Description:** require-assertion-signed is a **JSON Block**. Please see below for :ref:`79_service-provider-list_require-assertion-signed` **Type:** Object **saml-request-signed** **Description:** saml-request-signed is a **JSON Block**. Please see below for :ref:`79_service-provider-list_saml-request-signed` **Type:** Object **sampling-enable** **Type:** List **service-url** **Description** SAML service provider service URL (ex. https://www.a10networks.com/saml.sso) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **signature-algorithm** **Description** 'SHA1': use SHA1 as signature algorithm (default); 'SHA256': use SHA256 as signature algorithm; **Type:** string **Supported Values:** SHA1, SHA256 **Default:** SHA1 **single-logout-service** **Type:** List **soap-tls-certificate-validate** **Description:** soap-tls-certificate-validate is a **JSON Block**. Please see below for :ref:`79_service-provider-list_soap-tls-certificate-validate` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _79_service-provider-list_require-assertion-signed: service-provider-list_require-assertion-signed ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **require-assertion-signed-enable** **Description** Enable required signing of SAML assertion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _79_service-provider-list_single-logout-service: service-provider-list_single-logout-service ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **SLO-binding** **Description** 'post': POST binding of single logout service; 'redirect': Redirect binding of single logout service; 'soap': SOAP binding of single logout service; **Type:** string **Supported Values:** post, redirect, soap **SLO-location** **Description** The location of name-id management service. (ex. /SAML/POST) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _79_service-provider-list_assertion-consuming-service: service-provider-list_assertion-consuming-service ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **assertion-binding** **Description** 'artifact': Artifact binding of assertion consuming service; 'paos': PAOS binding of assertion consuming service; 'post': POST binding of assertion consuming service; **Type:** string **Supported Values:** artifact, paos, post **assertion-index** **Description** The index of assertion consuming service **Type:** number **Range:** 0-5 **assertion-location** **Description** The location of assertion consuming service endpoint. (ex. /SAML/POST) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _79_service-provider-list_sampling-enable: service-provider-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'sp-metadata-export-req': Metadata Export Request; 'sp-metadata-export-success': Metadata Export Success; 'login-auth-req': Login Authentication Request; 'login-auth-resp': Login Authentication Response; 'acs-req': SAML Single-Sign-On Request; 'acs-success': SAML Single-Sign-On Success; 'acs-authz-fail': SAML Single-Sign-On Authorization Fail; 'acs-error': SAML Single-Sign-On Error; 'slo-req': Single Logout Request; 'slo-success': Single Logout Success; 'slo-error': Single Logout Error; 'sp-slo-req': SP-initiated Single Logout Request; 'glo-slo-success': Total Global Logout Success; 'loc-slo-success': Total Local Logout Success; 'par-slo-success': Total Partial Logout Success; 'other-error': Other Error; **Type:** string **Supported Values:** all, sp-metadata-export-req, sp-metadata-export-success, login-auth-req, login-auth-resp, acs-req, acs-success, acs-authz-fail, acs-error, slo-req, slo-success, slo-error, sp-slo-req, glo-slo-success, loc-slo-success, par-slo-success, other-error .. _79_service-provider-list_saml-request-signed: service-provider-list_saml-request-signed ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **saml-request-signed-disable** **Description** Disable signing signature for SAML (Authn/Artifact Resolve) requests **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _79_service-provider-list_SP-initiated-single-logout-service: service-provider-list_SP-initiated-single-logout-service ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **SP-SLO-location** **Description** The location of SP-initiated single logout service endpoint. (ex. /Logout) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **asynchronous** **Description** the IDP will not send a logout response to AX **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _79_service-provider-list_adfs-ws-federation: service-provider-list_adfs-ws-federation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ws-federation-enable** **Description** Enable ADFS WS-Federation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _79_service-provider-list_soap-tls-certificate-validate: service-provider-list_soap-tls-certificate-validate ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **soap-tls-certificate-validate-disable** **Description** Disable verification for server certificate in TLS session when resolving artificate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _79_service-provider-list_artifact-resolution-service: service-provider-list_artifact-resolution-service ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **artifact-binding** **Description** 'soap': SOAP binding of artifact resolution service; **Type:** string **Supported Values:** soap **artifact-index** **Description** The index of artifact resolution service **Type:** number **Range:** 0-5 **artifact-location** **Description** The location of artifact resolution service. (ex. /SAML/POST) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _79_service-provider-list_metadata-export-service: service-provider-list_metadata-export-service ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **md-export-location** **Description** Specify the URI to export SP metadata (Export URI. Default is /A10SP_Metadata) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sign-xml** **Description** Sign exported SP metadata XML with SP's certificate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _79_identity-provider-list: identity-provider-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **metadata** **Description** URL of SAML identity provider's metadata file **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **name** **Description** SAML authentication identity provider name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **reload-interval** **Description** Specify URI metadata reload period (Specify URI metadata reload period in seconds, default is 28800) **Type:** number **Range:** 1-86400 **Default:** 28800 **reload-metadata** **Description** Reload IdP's metadata immediately **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _79_global: global ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _79_global_sampling-enable: global_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'requests-to-a10saml': Total Request to A10 SAML Service; 'responses-from-a10saml': Total Response from A10 SAML Service; 'sp-metadata-export-req': Total Metadata Export Request; 'sp-metadata-export-success': Toal Metadata Export Success; 'login-auth-req': Total Login Authentication Request; 'login-auth-resp': Total Login Authentication Response; 'acs-req': Total SAML Single-Sign-On Request; 'acs-success': Total SAML Single-Sign-On Success; 'acs-authz-fail': Total SAML Single-Sign-On Authorization Fail; 'acs-error': Total SAML Single-Sign-On Error; 'slo-req': Total Single Logout Request; 'slo-success': Total Single Logout Success; 'slo-error': Total Single Logout Error; 'sp-slo-req': Total SP-initiated Single Logout Request; 'glo-slo-success': Total Global Logout Success; 'loc-slo-success': Total Local Logout Success; 'par-slo-success': Total Partial Logout Success; 'relay-req': some help string; 'relay-success': some help string; 'relay-fail': some help string; 'relay-error': some help string; 'other-error': Total Other Error; **Type:** string **Supported Values:** all, requests-to-a10saml, responses-from-a10saml, sp-metadata-export-req, sp-metadata-export-success, login-auth-req, login-auth-resp, acs-req, acs-success, acs-authz-fail, acs-error, slo-req, slo-success, slo-error, sp-slo-req, glo-slo-success, loc-slo-success, par-slo-success, relay-req, relay-success, relay-fail, relay-error, other-error .. _79_session: session ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _79_metadata-monitor: metadata-monitor ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **acs-continuous-fail-threshold** **Description** Specify how many ACS continuous fails will trigger metadata reload (ACS continuous fail threshold (default: 10)) **Type:** number **Range:** 2-254 **acs-missing-period** **Description** Specify how long no acs request will trigger metadata reload (in seconds (default: 60)) **Type:** number **Range:** 1-254 **acs-missing-threshold** **Description** Specify how many ACS request missing in the period will trigger metadata reload (ACS request missing threshold (default: 100)) **Type:** number **Range:** 10-254 **status** **Description** 'enable': Enable SAML metadata out-of-sync detection; 'disable': Disable SAML metadata out-of-sync detection; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _79_metadata: metadata ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters