aam jwt-authorization¶

AAM JWT authorization related configuration

jwt-authorization Specification¶

Parameter Value

Type Collection

Object Key(s) name

Collection Name jwt-authorization-list

Collection URI /axapi/v3/aam/jwt-authorization

Element Name jwt-authorization

Element URI /axapi/v3/aam/jwt-authorization/{name}

Element Attributes jwt-authorization_attributes

Partition Visibility shared

Statistics Data URI /axapi/v3/aam/jwt-authorization/{name}/stats

Schema jwt-authorization schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/aam/jwt-authorization	jwt-authorization attributes
POST /axapi/v3/aam/jwt-authorization/ Payload: { "jwt-authorization": { "name": "a", "user-tag": "a" } }
Create List	POST	/axapi/v3/aam/jwt-authorization	jwt-authorization attributes
Get Object	GET	/axapi/v3/aam/jwt-authorization/{name}	jwt-authorization attributes
GET /axapi/v3/aam/jwt-authorization/a Reponse: { "jwt-authorization": { "name": "a", "jwt-cache-enable": 0, "exp-claim-requried": 0, "jwt-forwarding": 0, "uuid": "a441e20e-4f5d-11ee-bde4-3768133b9b1a", "user-tag": "a", "a10-url": "/axapi/v3/aam/jwt-authorization/a" } }
Get List	GET	/axapi/v3/aam/jwt-authorization	jwt-authorization-list
Modify Object	POST	/axapi/v3/aam/jwt-authorization/{name}	jwt-authorization attributes
Replace Object	PUT	/axapi/v3/aam/jwt-authorization/{name}	jwt-authorization attributes
PUT /axapi/v3/aam/jwt-authorization/a Payload: { "jwt-authorization": { "name": "a", "user-tag": "abcd" } }
Replace List	PUT	/axapi/v3/aam/jwt-authorization	jwt-authorization-list
Delete Object	DELETE	/axapi/v3/aam/jwt-authorization/{name}	jwt-authorization attributes
DELETE /axapi/v3/aam/jwt-authorization/a Reponse: { "response": { "http-status": 200, "status": "OK", "msg": "Success" } }

jwt-authorization-list¶

jwt-authorization-list is JSON List of jwt-authorization attributes

jwt-authorization-list : [

{ jwt-authorization attributes },

{ jwt-authorization attributes },

…

]

jwt-authorization attributes¶

encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

exp-claim-requried

Description Specify the exp claim is required for JWT authorization

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

jwt-cache-enable

Description Enable caching authorized JWT token and skip verification and authorization for cached tokens

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

jwt-exp-default

Description Specify the default token expiration if exp claim is not available (default 1800)

Type: number

Range: 1-86400

jwt-forwarding

Description Specify JWT token will not be stripped while forwarding client request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-level

Description ‘0’: log disable; ‘1’: only log authorzation fail (default); ‘2’: only log authorization success; ‘3’: log all;

Type: string

Supported Values: 0, 1, 2, 3

name

Description Specify JWT authorization template name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

packet-capture-template

Description Name of the packet capture template to be bind with this object

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-jwt-authorization-tmpl

sampling-enable

Type: List

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

verification-cert

Description Specify the certificate to verify JWT token signature

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

Mutual Exclusion: verification-cert, verification-jwks, and verification-secret are mutually exclusive

verification-jwks

Description Specify the jwks file to verify JWT token signature

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

Mutual Exclusion: verification-jwks, verification-cert, and verification-secret are mutually exclusive

verification-secret

Description Specify secret for verify JWT token signature

Type: string

Format: password

Maximum Length: 128 characters

Maximum Length: 1 characters

Mutual Exclusion: verification-secret, verification-cert, and verification-jwks are mutually exclusive

sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘jwt-request’: JWT Request; ‘jwt-authorize-success’: JWT Authorize Success; ‘jwt-authorize-failure’: JWT Authorize Failure; ‘jwt-missing-token’: JWT Missing Token; ‘jwt-missing-claim’: JWT Missing Claim; ‘jwt-token-expired’: JWT Token Expired; ‘jwt-signature-failure’: JWT Signature Failure; ‘jwt-other-error’: JWT Other Error;

Type: string

Supported Values: all, jwt-request, jwt-authorize-success, jwt-authorize-failure, jwt-missing-token, jwt-missing-claim, jwt-token-expired, jwt-signature-failure, jwt-other-error