ADC Advanced Policy Expressions

AAA_USER_T


Represents the AAA User Information.

This topic lists the expressions that are provided by this class.

ATTRIBUTE (uint index)

Returns USER's attribute stored at a given index. For example: HTTP.REQ.USER.ATTRIBUTE(1) gives the value of a previously extracted attribute that is stored as 'attribute1'. Index range is between 1 and 16, both included.

Parameters``:

            index- offset

Returns: text_t

ATTRIBUTE (text_t name)

Returns USER's attribute stored with a given name. For example: HTTP.REQ.USER.ATTRIBUTE("name") gives the value of a previously extracted attribute that is stored as 'attribute["name"]'.

Parameters``:

            name- name used for extracting corresponding attribute value

Returns: text_t

  • AUTH_STRENGTH

    Returns an integer that represents the strength of authentication of the current user session.

Returns: num_at

  • DOMAIN

    Returns the Domain of the user.

Returns: text_t

  • EXTERNAL_GROUPS

    Operate as a List on the External Groups which is seperated by ','. For example: HTTP.REQ.USER.EXTERNAL_GROUPS gives list of all groups which are ',' seperated.

Returns: list_t

EXTERNAL_GROUPS (char sep)

Operate as a List on the Group which is seperated by given delimiter. For example: HTTP.REQ.USER.EXTERNAL_GROUPS(':') gives list of all external groups which are ':' seperated.

Parameters (expressions not allowed):

            sep- delimiter

Returns: list_t

  • GROUPS

    Operate as a List on the Group which is seperated by ','. For example: HTTP.REQ.USER.GROUPS gives list of all groups which are ',' seperated. In this list first internal groups are listed which are followed by external groups.

Returns: list_t

GROUPS_AS_XML (text_t tag)

Gives the list of groups in a SAML assertion multi-attribute format, each enclosed by an element that has the specified tagname. For example: HTTP.REQ.USER.GROUPS_AS_XML("mytagname"): the expression will return a list of groups in the following format - financeengg In this example, finance, engg are the group names.

Parameters``:

            tag- tagname

Returns: text_t

GROUPS (char sep)

Operate as a List on the Group which is seperated by given delimiter. For example: HTTP.REQ.USER.GROUPS(':') gives list of all groups which are ':' seperated. In this list first internal groups are listed which are followed by external groups.

Parameters (expressions not allowed):

            sep- delimiter

Returns: list_t

  • INTERNAL_GROUPS

    Operate as a List on the Group which is seperated by ','. For example: HTTP.REQ.USER.INTERNAL_GROUPS gives list of all groups which are ',' seperated.

Returns: list_t

INTERNAL_GROUPS (char sep)

Operate as a List on the Group which is seperated by given delimiter. For example: HTTP.REQ.USER.INTERNAL_GROUPS(':') gives list of all internal groups which are ':' seperated.

Parameters (expressions not allowed):

            sep- delimiter

Returns: list_t

IS_MEMBER_OF_ALL (text_t patset_name)

Returns TRUE if all patterns(group string) of the patset matches user's groups in session

Parameters (expressions not allowed):

            patset_name- patset Name

Returns: bool_at

IS_MEMBER_OF_ANY (text_t patset_name)

Returns TRUE if there is at least one pattern(group string) of the patset matches user's groups in session

Parameters (expressions not allowed):

            patset_name- patset Name

Returns: bool_at

IS_MEMBER_OF (text_t group_name)

Returns TRUE if the user is a member of the group group_name

Parameters (expressions not allowed):

            group_name- Group Name

Returns: bool_at

  • LOGIN_ATTEMPTS

    Return the number of failed login attempts for the current user. User name is extracted from current authentication process.

Returns: num_at

LOGIN_ATTEMPTS (text_t username)

Return the number of failed login attempts for the given user.

Parameters (expressions not allowed):

            username- the name of the user to get the information for.

Returns: num_at

  • LOGIN_NAME

    Returns the NAME that is provided by user at the time of login.

Returns: text_t

  • NAME

    Returns the NAME of the user. This is the name used by user for login unless it is overriden by name from external authentication server.

Returns: text_t

  • OAUTHIDP_CC_FLOW

    Returns true if the AAA session is in the OAuth IDP CC Flow. This is used during authentication of the user when the AAA server acts as an IDP and the Relaying Party is Citrix Cloud. Note that this expression works only if the corresponding OAuth IDP profile is configured with a default group.

Returns: bool_at

  • OAUTHIDP_FLOW

    Returns true if the AAA session is in the OAuth IDP Flow. This is used during authentication of the user when the AAA server acts as an IDP. Note that this expression works only if the corresponding OAuth IDP profile is configured with a default group.

Returns: bool_at

  • PASSWD

    Returns the PASSWORD of the user.

Returns: text_t

  • SAMLIDP_FLOW

    Returns true if the AAA session is in the SAML IDP Flow. This is used during authentication of the user when the AAA server acts as an IDP. Note that this expression works only if the corresponding SAML IDP profile is configured with a default group.

Returns: bool_at

  • SESSIONID

    Returns the Session ID of the user.

Returns: text_t

AAA_USER_T