.. _aam_authorization: aam authorization ================= AAM authorization related configuration authorization Specification --------------------------- ===================================== ========================================================== **Parameter** **Value** ===================================== ========================================================== **Type** *Intermediate Resource* **Element Name** authorization **Element URI** /axapi/v3/aam/authorization **Element Attributes** authorization_attributes **Partition Visibility** shared **Schema** :download:`authorization schema ` ===================================== ========================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/aam/authorization .. raw:: html authorization_attributes .. raw:: html
.. _119_authorization_attributes: authorization attributes ------------------------ **jwt** **Description:** jwt is a **JSON Block**. Please see below for :ref:`119_jwt` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authorization/jwt ` **policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authorization/policy/{name} ` .. _119_policy-list: policy-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **attribute-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authorization/policy/{name}/attribute/{attr-num} ` **attribute-rule** **Description** Define attribute rule for authorization policy **Type:** string **Format:** string-rlx **extended-filter** **Description** Extended search filter. EX: Check whether user belongs to a nested group. (memberOf:1.2.840.113556.1.4.1941:=$GROUP-DN) **Type:** string **Format:** string-rlx **Maximum Length:** 511 characters **Maximum Length:** 1 characters **forward-policy-authorize-only** **Description** This policy only provides server info for forward policy feature **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **jwt-authorization** **Description** Specify JWT authorization template (Specify JWT authorization template name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** jwt-authorization, server, and service-group are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/jwt-authorization ` **jwt-claim-map-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authorization/policy/{name}/jwt-claim-map/{attr-num} ` **name** **Description** Specify authorization policy name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server** **Description** Specify a LDAP or RADIUS server for authorization (Specify a LDAP or RADIUS server name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** server, service-group, and jwt-authorization are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ldap/instance ` **service-group** **Description** Specify an authentication service group for authorization (Specify authentication service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** service-group, server, and jwt-authorization are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _119_policy-list_jwt-claim-map-list: policy-list_jwt-claim-map-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **attr-num** **Description** Spcify attribute ID for claim mapping **Type:** number **Range:** 1-32 **bool-val** **Description** 'true': True; 'false': False; **Type:** string **Supported Values:** true, false **boolean-type** **Description** Claim type is boolean **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** boolean-type, string-type, and number-type are mutually exclusive **claim** **Description** Specify JWT claim name to map to. **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **num-val** **Description** Specify JWT claim value. **Type:** number **Range:** 0-4294967295 **number-type** **Description** Claim type is number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** number-type, string-type, and boolean-type are mutually exclusive **str-val** **Description** Specify JWT claim value. **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **string-type** **Description** Claim type is string **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** string-type, number-type, and boolean-type are mutually exclusive **type** **Description** Specify claim type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _119_policy-list_attribute-list: policy-list_attribute-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **A10-AX-AUTH-URI** **Description** Custom-defined attribute **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** A10-AX-AUTH-URI and attribute-name are mutually exclusive **a10-dynamic-defined** **Description** The value of this attribute will depend on AX configuration instead of user configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **any** **Description** Matched when attribute is present (with any value). **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any and attr-type are mutually exclusive **attr-int** **Description** 'equal': Operation type is equal; 'not-equal': Operation type is not equal; 'less-than': Operation type is less-than; 'more-than': Operation type is more-than; 'less-than-equal-to': Operation type is less-than-equal-to; 'more-than-equal-to': Operation type is more-thatn-equal-to; **Type:** string **Supported Values:** equal, not-equal, less-than, more-than, less-than-equal-to, more-than-equal-to **attr-int-val** **Description** Set attribute value **Type:** number **Range:** 0-4294967295 **attr-ip** **Description** 'equal': Operation type is equal; 'not-equal': Operation type is not-equal; **Type:** string **Supported Values:** equal, not-equal **attr-ipv4** **Description** IPv4 address **Type:** string **Format:** ipv4-address **attr-num** **Description** Set attribute ID for authorization policy **Type:** number **Range:** 1-32 **attr-number** **Description** 'equal': Operation type is equal; 'not-equal': Operation type is not equal; 'less-than': Operation type is less-than; 'more-than': Operation type is more-than; 'less-than-equal-to': Operation type is less-than-equal-to; 'more-than-equal-to': Operation type is more-thatn-equal-to; **Type:** string **Supported Values:** equal, not-equal, less-than, more-than, less-than-equal-to, more-than-equal-to **attr-number-val** **Description** Set attribute value **Type:** string **Maximum Length:** 20 characters **Maximum Length:** 1 characters **attr-str** **Description** 'match': Operation type is match; 'sub-string': Operation type is sub-string; **Type:** string **Supported Values:** match, sub-string **attr-str-val** **Description** Set attribute value **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **attr-type** **Description** Specify attribute type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** attr-type and any are mutually exclusive **attribute-name** **Description** Specify attribute name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** attribute-name and A10-AX-AUTH-URI are mutually exclusive **custom-attr-str** **Description** 'match': Operation type is match; 'sub-string': Operation type is sub-string; **Type:** string **Supported Values:** match, sub-string **custom-attr-type** **Description** Specify attribute type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **integer-type** **Description** Attribute type is integer **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** integer-type,string-type, ip-type, and number-type are mutually exclusive **ip-type** **Description** IP address is transformed into network byte order **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ip-type,string-type, integer-type, and number-type are mutually exclusive **number-type** **Description** Attribute type is decimal number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** number-type,string-type, integer-type, and ip-type are mutually exclusive **string-type** **Description** Attribute type is string **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** string-type,integer-type, ip-type, and number-type are mutually exclusive **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _119_jwt: jwt ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cache** **Description:** cache is a **JSON Block**. Please see below for :ref:`119_jwt_cache` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authorization/jwt/cache ` .. _119_jwt_cache: jwt_cache ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters