aam authentication template¶

Authentication template

template Specification¶

Parameter Value

Type Collection

Object Key(s) name

Collection Name template-list

Collection URI /axapi/v3/aam/authentication/template

Element Name template

Element URI /axapi/v3/aam/authentication/template/{name}

Element Attributes template_attributes

Partition Visibility shared

Schema template schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/aam/authentication/template	template attributes
POST /axapi/v3/aam/authentication/template/ Payload: { "template": { "name": "a", "user-tag": "a" } }
Create List	POST	/axapi/v3/aam/authentication/template	template attributes
Get Object	GET	/axapi/v3/aam/authentication/template/{name}	template attributes
GET /axapi/v3/aam/authentication/template/a Reponse: { "template": { "name": "a", "cookie-max-age": 604800, "cookie-secure-enable": 0, "cookie-httponly-enable": 0, "local-logging": 0, "logout-idle-timeout": 300, "forward-logout-disable": 0, "modify-content-security-policy": 0, "log": "use-partition-level-config", "uuid": "3d68364c-4f5c-11ee-bde4-3768133b9b1a", "user-tag": "a", "a10-url": "/axapi/v3/aam/authentication/template/a" } }
Get List	GET	/axapi/v3/aam/authentication/template	template-list
Modify Object	POST	/axapi/v3/aam/authentication/template/{name}	template attributes
Replace Object	PUT	/axapi/v3/aam/authentication/template/{name}	template attributes
PUT /axapi/v3/aam/authentication/template/a Payload: { "template": { "name": "a", "user-tag": "abcd" } }
Replace List	PUT	/axapi/v3/aam/authentication/template	template-list
Delete Object	DELETE	/axapi/v3/aam/authentication/template/{name}	template attributes
DELETE /axapi/v3/aam/authentication/template/a Reponse: { "response": { "http-status": 200, "status": "OK", "msg": "Success" } }

template-list¶

template-list is JSON List of template attributes

template-list : [

{ template attributes },

{ template attributes },

…

]

template attributes¶

account

Description Specify AD domain account

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/account/kerberos-spn

accounting-server

Description Specify a RADIUS accounting server

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: accounting-server and accounting-service-group are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/radius/instance

accounting-service-group

Description Specify an authentication service group for RADIUS accounting

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: accounting-service-group and accounting-server are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

auth-sess-mode

Description ‘cookie-based’: Track auth-session by cookie (default); ‘ip-based’: Track auth-session by client IP;

Type: string

Supported Values: cookie-based, ip-based

captcha

Description Specify captcha profile (Specify captcha proflie name)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/captcha/instance

chain

Type: List

cookie-domain

Type: List

cookie-domain-group

Type: List

cookie-httponly-enable

Description Enable httponly attribute for AAM cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cookie-max-age

Description Configure Max-Age for authentication session cookie (Configure Max-Age in seconds, 0 for no Max-Age/Expires attributes. Default is 604800 (1 week).)

Type: number

Range: 0-2592000

Default: 604800

cookie-samesite

Description ‘strict’: Specify SameSite attribute as Strict for AAM cookie; ‘lax’: Specify SameSite attribute as Lax for AAM cookie; ‘none’: Specify SameSite attribute as None for AAM cookie;

Type: string

Supported Values: strict, lax, none

cookie-secure-enable

Description Enable secure attribute for AAM cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-logout-disable

Description Disable forward logout request to backend application server. The config-field logout-url must be configured first

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

jwt

Description Specify authentication jwt template

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/jwt

local-logging

Description Enable local logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log

Description ‘use-partition-level-config’: Use configuration of authentication-log enable command; ‘enable’: Enable authentication logs for this template; ‘disable’: Disable authentication logs for this template;

Type: string

Supported Values: use-partition-level-config, enable, disable

Default: use-partition-level-config

logon

Description Specify authentication logon (Specify authentication logon template name)

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/logon/form-based

logout-idle-timeout

Description Specify idle logout time (Specify idle timeout in seconds, default is 300)

Type: number

Range: 1-86400

Default: 300

logout-url

Description Specify logout url (Specify logout url string)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

max-session-time

Description Specify default SAML token lifetime (Specify lifetime (in seconds) of SAML token when it not provided by token attributes, default is 28800. (0 for indefinite))

Type: number

Range: 0-86400

modify-content-security-policy

Description Put redirect-uri or service-principal-name into CSP header to avoid CPS break authentication process

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description Authentication template name

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

oauth-authorization-server

Description Specify OAUTH authorization server

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

oauth-client

Description Specify OAUTH client

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

redirect-hostname

Description Hostname(Length 1-31) for transparent-proxy authentication

Type: string

Format: host

Maximum Length: 31 characters

Maximum Length: 1 characters

relay

Description Specify authentication relay (Specify authentication relay template name)

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/relay/http-basic/instance

saml-idp

Description Specify SAML identity provider

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

saml-sp

Description Specify SAML service provider

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

server

Description Specify authentication server (Specify authentication server template name)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: server and service-group are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ldap/instance

service-group

Description Bind an authentication service group to this template (Specify authentication service group name)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: service-group, server, and chain-server are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

type

Description ‘saml’: SAML authentication template; ‘standard’: Standard authentication template; ‘oauth’: Oauth 2.0 authentication template;

Type: string

Supported Values: saml, standard, oauth

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

chain¶

Specification Value

Type list

Block object keys

chain-server

Description Specify authentication server (Specify authentication server template name)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: chain-server, service-group, and chain-sg are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ldap/instance

chain-server-priority

Description Set server priority, higher the number higher the priority. Default is 3. (Chain server priority, higher the number higher the priority. Default is 3.)

Type: number

Range: 1-5

Default: 3

chain-sg

Description Bind an authentication service group to this template (Specify authentication service group name)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: chain-sg and chain-server are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

chain-sg-priority

Description Set service-group priority, higher the number higher the priority. Default is 3. (Chain service-group priority, higher the number higher the priority. Default is 3.)

Type: number

Range: 1-5

Default: 3

cookie-domain¶

Specification Value

Type list

Block object keys

cookie-dmn

Description Specify domain scope for the authentication (ex: .a10networks.com)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 2 characters