-
-
-
authentication-OAuthIDPProfile
-
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
authentication-OAuthIDPProfile
The following operations can be performed on “authentication-OAuthIDPProfile”:
rm authentication OAuthIDPProfile
Deletes an existing OAuth IdP profile.
Synopsis
rm authentication OAuthIDPProfile
Arguments
name Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
add authentication OAuthIDPProfile
Creates a OAuth IdP profile. This profile is used in verifying incoming authentication request from Reousece Server, and sending token.
Synopsis
add authentication OAuthIDPProfile
Arguments
name Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
clientID Unique identity of the relying party requesting for authentication.
clientSecret Unique secret string to authorize relying party at authorization server.
redirectURL URL endpoint on relying party to which the OAuth token is to be sent.
issuer The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
configservice Name of the entity that is used to obtain configuration for the current authentication request. It is used only in Citrix Cloud.
audience Audience for which token is being sent by Citrix ADC IdP. This is typically entity name or url that represents the recipient
skewTime This option specifies the duration for which the token sent by Citrix ADC IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
defaultAuthenticationGroup
This group will be part of AAA session’s internal group list. This will be helpful to admin in Nfactor flow to decide right AAA configuration for Relaying Party. In authentication policy AAA.USER.IS_MEMBER_OF(“
relyingPartyMetadataURL This is the endpoint at which Citrix ADC IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).
refreshInterval Interval at which Relying Party metadata is refreshed. Default value: 50 Minimum value: 0
encryptToken Option to encrypt token when Citrix ADC IDP sends one.
Possible values: ON, OFF Default value: OFF
signatureService Name of the service in cloud used to sign the data. This is applicable only if signature if offloaded to cloud.
signatureAlg Algorithm to be used to sign OpenID tokens.
Possible values: RS256, RS512 Default value: RS256
Attributes Name-Value pairs of attributes to be inserted in idtoken. Configuration format is name=value_expr@@@name2=value2_expr@@@. ‘@@@’ is used as delimiter between Name-Value pairs. name is a literal string whose value is 127 characters and does not contain ‘=’ character. Value is advanced policy expression terminated by @@@ delimiter. Last value need not contain the delimiter.
sendPassword Option to send encrypted password in idtoken.
Possible values: ON, OFF Default value: OFF
show authentication OAuthIDPProfile
Displays information about all configured OAuth IdP profiles, or displays detailed information about the specified action.
Synopsis
show authentication OAuthIDPProfile [
Arguments
name Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
Output
clientID Unique identity of the relying party requesting for authentication.
clientSecret Unique secret string to authorize relying party at authorization server.
redirectURL URL endpoint on relying party to which the OAuth token is to be sent.
issuer The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
configservice Name of the entity that is used to obtain configuration for the current authentication request. It is used only in Citrix Cloud.
audience Audience for which token is being sent by Citrix ADC IdP. This is typically entity name or url that represents the recipient
skewTime This option specifies the duration for which the token sent by Citrix ADC IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
defaultAuthenticationGroup
This group will be part of AAA session’s internal group list. This will be helpful to admin in Nfactor flow to decide right AAA configuration for Relaying Party. In authentication policy AAA.USER.IS_MEMBER_OF(“
relyingPartyMetadataURL This is the endpoint at which Citrix ADC IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).
refreshInterval Interval at which Relying Party metadata is refreshed.
encryptToken Option to encrypt token when Citrix ADC IDP sends one.
signatureService Name of the service in cloud used to sign the data. This is applicable only if signature if offloaded to cloud.
signatureAlg Algorithm to be used to sign OpenID tokens.
OAuthStatus Describes status information of oauth idp metadata fetch process.
Attributes Name-Value pairs of attributes to be inserted in idtoken. Configuration format is name=value_expr@@@name2=value2_expr@@@. ‘@@@’ is used as delimiter between Name-Value pairs. name is a literal string whose value is 127 characters and does not contain ‘=’ character. Value is advanced policy expression terminated by @@@ delimiter. Last value need not contain the delimiter.
sendPassword Option to send encrypted password in idtoken.
devno count stateflag
unset authentication OAuthIDPProfile
Use this command to remove authentication OAuthIDPProfile settings.Refer to the set authentication OAuthIDPProfile command for meanings of the arguments.
Synopsis
unset authentication OAuthIDPProfile
set authentication OAuthIDPProfile
Modifies the specified attributes of a OAuth IdP profile.
Synopsis
set authentication OAuthIDPProfile
Arguments
name Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
clientID Unique identity of the relying party requesting for authentication.
clientSecret Unique secret string to authorize relying party at authorization server.
redirectURL URL endpoint on relying party to which the OAuth token is to be sent.
issuer The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
configservice Name of the entity that is used to obtain configuration for the current authentication request. It is used only in Citrix Cloud.
audience Audience for which token is being sent by Citrix ADC IdP. This is typically entity name or url that represents the recipient
skewTime This option specifies the duration for which the token sent by Citrix ADC IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
defaultAuthenticationGroup
This group will be part of AAA session’s internal group list. This will be helpful to admin in Nfactor flow to decide right AAA configuration for Relaying Party. In authentication policy AAA.USER.IS_MEMBER_OF(“
relyingPartyMetadataURL This is the endpoint at which Citrix ADC IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).
refreshInterval Interval at which Relying Party metadata is refreshed. Default value: 50 Minimum value: 0
encryptToken Option to encrypt token when Citrix ADC IDP sends one.
Possible values: ON, OFF Default value: OFF
signatureService Name of the service in cloud used to sign the data. This is applicable only if signature if offloaded to cloud.
signatureAlg Algorithm to be used to sign OpenID tokens.
Possible values: RS256, RS512 Default value: RS256
Attributes Name-Value pairs of attributes to be inserted in idtoken. Configuration format is name=value_expr@@@name2=value2_expr@@@. ‘@@@’ is used as delimiter between Name-Value pairs. name is a literal string whose value is 127 characters and does not contain ‘=’ character. Value is advanced policy expression terminated by @@@ delimiter. Last value need not contain the delimiter.
sendPassword Option to send encrypted password in idtoken.
Possible values: ON, OFF Default value: OFF
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.