aam authentication saml¶
AAM SAML related configuration
saml Specification¶
Parameter Value Type Intermediate Resource Element Name saml Element URI /axapi/v3/aam/authentication/saml Element Attributes saml_attributes Partition Visibility shared Schema saml schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/aam/authentication/saml | saml_attributes |
saml attributes¶
global
Description: global is a JSON Block. Please see below for global
Type: Object
Reference Object: /axapi/v3/aam/authentication/saml/global
identity-provider-list
Type: List
Reference Object: /axapi/v3/aam/authentication/saml/identity-provider/{name}
metadata
Description: metadata is a JSON Block. Please see below for metadata
Type: Object
Reference Object: /axapi/v3/aam/authentication/saml/metadata
metadata-monitor
Description: metadata-monitor is a JSON Block. Please see below for metadata-monitor
Type: Object
Reference Object: /axapi/v3/aam/authentication/saml/metadata-monitor
service-provider-list
Type: List
Reference Object: /axapi/v3/aam/authentication/saml/service-provider/{name}
session
Description: session is a JSON Block. Please see below for session
Type: Object
Reference Object: /axapi/v3/aam/authentication/saml/session
service-provider-list¶
Specification Value Type list Block object keys SP-initiated-single-logout-service
Type: Listacs-uri-bypass
Description After user authenticated, bypass requests with assertion-consuming-service location URI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
adfs-ws-federation
Description: adfs-ws-federation is a JSON Block. Please see below for service-provider-list_adfs-ws-federation
Type: Object
artifact-resolution-service
Type: Listassertion-consuming-service
Type: Listbad-request-redirect-url
Description Specify URL to redirect
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
certificate
Description SAML service provider certificate file (PFX format is required.)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
entity-id
Description SAML service provider entity ID
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
metadata-export-service
Description: metadata-export-service is a JSON Block. Please see below for service-provider-list_metadata-export-service
Type: Object
name
Description Specify SAML authentication service provider name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
packet-capture-template
Description Name of the packet capture template to be bind with this object
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-saml-service-prov-tmpl
require-assertion-signed
Description: require-assertion-signed is a JSON Block. Please see below for service-provider-list_require-assertion-signed
Type: Object
saml-request-signed
Description: saml-request-signed is a JSON Block. Please see below for service-provider-list_saml-request-signed
Type: Object
sampling-enable
Type: Listservice-url
Description SAML service provider service URL (ex. https://www.a10networks.com/saml.sso)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
signature-algorithm
Description ‘SHA1’: use SHA1 as signature algorithm (default); ‘SHA256’: use SHA256 as signature algorithm;
Type: string
Supported Values: SHA1, SHA256
Default: SHA1
single-logout-service
Type: Listsoap-tls-certificate-validate
Description: soap-tls-certificate-validate is a JSON Block. Please see below for service-provider-list_soap-tls-certificate-validate
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
service-provider-list_require-assertion-signed¶
Specification Value Type object require-assertion-signed-enable
Description Enable required signing of SAML assertion
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_single-logout-service¶
Specification Value Type list Block object keys SLO-binding
Description ‘post’: POST binding of single logout service; ‘redirect’: Redirect binding of single logout service; ‘soap’: SOAP binding of single logout service;
Type: string
Supported Values: post, redirect, soap
SLO-location
Description The location of name-id management service. (ex. /SAML/POST)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
service-provider-list_assertion-consuming-service¶
Specification Value Type list Block object keys assertion-binding
Description ‘artifact’: Artifact binding of assertion consuming service; ‘paos’: PAOS binding of assertion consuming service; ‘post’: POST binding of assertion consuming service;
Type: string
Supported Values: artifact, paos, post
assertion-index
Description The index of assertion consuming service
Type: number
Range: 0-5
assertion-location
Description The location of assertion consuming service endpoint. (ex. /SAML/POST)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
service-provider-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘sp-metadata-export-req’: Metadata Export Request; ‘sp-metadata-export-success’: Metadata Export Success; ‘login-auth-req’: Login Authentication Request; ‘login-auth-resp’: Login Authentication Response; ‘acs-req’: SAML Single-Sign-On Request; ‘acs-success’: SAML Single-Sign-On Success; ‘acs-authz-fail’: SAML Single-Sign-On Authorization Fail; ‘acs-error’: SAML Single-Sign-On Error; ‘slo-req’: Single Logout Request; ‘slo-success’: Single Logout Success; ‘slo-error’: Single Logout Error; ‘sp-slo-req’: SP-initiated Single Logout Request; ‘glo-slo-success’: Total Global Logout Success; ‘loc-slo-success’: Total Local Logout Success; ‘par-slo-success’: Total Partial Logout Success; ‘other-error’: Other Error;
Type: string
Supported Values: all, sp-metadata-export-req, sp-metadata-export-success, login-auth-req, login-auth-resp, acs-req, acs-success, acs-authz-fail, acs-error, slo-req, slo-success, slo-error, sp-slo-req, glo-slo-success, loc-slo-success, par-slo-success, other-error
service-provider-list_saml-request-signed¶
Specification Value Type object saml-request-signed-disable
Description Disable signing signature for SAML (Authn/Artifact Resolve) requests
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_SP-initiated-single-logout-service¶
Specification Value Type list Block object keys SP-SLO-location
Description The location of SP-initiated single logout service endpoint. (ex. /Logout)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
asynchronous
Description the IDP will not send a logout response to AX
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_adfs-ws-federation¶
Specification Value Type object ws-federation-enable
Description Enable ADFS WS-Federation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_soap-tls-certificate-validate¶
Specification Value Type object soap-tls-certificate-validate-disable
Description Disable verification for server certificate in TLS session when resolving artificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-provider-list_artifact-resolution-service¶
Specification Value Type list Block object keys artifact-binding
Description ‘soap’: SOAP binding of artifact resolution service;
Type: string
Supported Values: soap
artifact-index
Description The index of artifact resolution service
Type: number
Range: 0-5
artifact-location
Description The location of artifact resolution service. (ex. /SAML/POST)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
service-provider-list_metadata-export-service¶
Specification Value Type object md-export-location
Description Specify the URI to export SP metadata (Export URI. Default is /A10SP_Metadata)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sign-xml
Description Sign exported SP metadata XML with SP’s certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
identity-provider-list¶
Specification Value Type list Block object keys metadata
Description URL of SAML identity provider’s metadata file
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
name
Description SAML authentication identity provider name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
reload-interval
Description Specify URI metadata reload period (Specify URI metadata reload period in seconds, default is 28800)
Type: number
Range: 1-86400
Default: 28800
reload-metadata
Description Reload IdP’s metadata immediately
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
global¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
global_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘requests-to-a10saml’: Total Request to A10 SAML Service; ‘responses-from-a10saml’: Total Response from A10 SAML Service; ‘sp-metadata-export-req’: Total Metadata Export Request; ‘sp-metadata-export-success’: Toal Metadata Export Success; ‘login-auth-req’: Total Login Authentication Request; ‘login-auth-resp’: Total Login Authentication Response; ‘acs-req’: Total SAML Single-Sign-On Request; ‘acs-success’: Total SAML Single-Sign-On Success; ‘acs-authz-fail’: Total SAML Single-Sign-On Authorization Fail; ‘acs-error’: Total SAML Single-Sign-On Error; ‘slo-req’: Total Single Logout Request; ‘slo-success’: Total Single Logout Success; ‘slo-error’: Total Single Logout Error; ‘sp-slo-req’: Total SP-initiated Single Logout Request; ‘glo-slo-success’: Total Global Logout Success; ‘loc-slo-success’: Total Local Logout Success; ‘par-slo-success’: Total Partial Logout Success; ‘relay-req’: some help string; ‘relay-success’: some help string; ‘relay-fail’: some help string; ‘relay-error’: some help string; ‘other-error’: Total Other Error;
Type: string
Supported Values: all, requests-to-a10saml, responses-from-a10saml, sp-metadata-export-req, sp-metadata-export-success, login-auth-req, login-auth-resp, acs-req, acs-success, acs-authz-fail, acs-error, slo-req, slo-success, slo-error, sp-slo-req, glo-slo-success, loc-slo-success, par-slo-success, relay-req, relay-success, relay-fail, relay-error, other-error
session¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
metadata-monitor¶
Specification Value Type object acs-continuous-fail-threshold
Description Specify how many ACS continuous fails will trigger metadata reload (ACS continuous fail threshold (default: 10))
Type: number
Range: 2-254
acs-missing-period
Description Specify how long no acs request will trigger metadata reload (in seconds (default: 60))
Type: number
Range: 1-254
acs-missing-threshold
Description Specify how many ACS request missing in the period will trigger metadata reload (ACS request missing threshold (default: 100))
Type: number
Range: 10-254
status
Description ‘enable’: Enable SAML metadata out-of-sync detection; ‘disable’: Disable SAML metadata out-of-sync detection;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
metadata¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters