This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
aaa-parameter
The following operations can be performed on “aaa-parameter”:
unset | set | show |
unset aaa parameter
Resets the global AAA parameter settings on the Citrix ADC. Attributes for which a default value is available revert to their default values. See the set aaa parameter command for descriptions of the parameters..Refer to the set aaa parameter command for meanings of the arguments.
Synopsis
unset aaa parameter [-enableStaticPageCaching] [-enableEnhancedAuthFeedback] [-defaultAuthType] [-maxAAAUsers] [-aaadnatIp] [-maxLoginAttempts] [-enableSessionStickiness] [-maxSamlDeflateSize] [-persistentLoginAttempts] [-pwdExpiryNotificationDays] [-maxKBQuestions] [-aaaSessionLoglevel] [-aaadLoglevel] [-dynAddr] [-ftMode] [-loginEncryption] [-SameSite] [-APITokenCache] [-tokenIntrospectionInterval] [-defaultCSPHeader] [-httpOnlyCookie] [-enhancedEPA] [-wafProtection] [-securityInsights]
set aaa parameter
Sets the global AAA configuration. Any configuration settings made at this level overrides configuration settings for the authentication server.
Synopsis
set aaa parameter [-enableStaticPageCaching ( YES | NO )] [-enableEnhancedAuthFeedback ( YES | NO )] [-defaultAuthType |
*>] [-enableSessionStickiness ( YES | NO )] [-aaaSessionLoglevel |
OFF )] [-ftMode |
DISABLED )] [-pwdExpiryNotificationDays |
DISABLED )] [-SameSite |
DISABLED )] [-tokenIntrospectionInterval |
DISABLED )] [-httpOnlyCookie ( ENABLED | DISABLED )] [-enhancedEPA ( ENABLED | DISABLED )] [-wafProtection |
DISABLED )] |
Arguments
enableStaticPageCaching The default state of VPN Static Page caching. Static Page caching is enabled by default.
Possible values: YES, NO Default value: YES
enableEnhancedAuthFeedback Enhanced auth feedback provides more information to the end user about the reason for an authentication failure. The default value is set to NO.
Possible values: YES, NO Default value: NO
defaultAuthType The default authentication server type.
Possible values: LOCAL, LDAP, RADIUS, TACACS, CERT Default value: LOCAL
maxAAAUsers Maximum number of concurrent users allowed to log on to VPN simultaneously. Minimum value: 1
maxLoginAttempts Maximum Number of login Attempts Minimum value: 1
failedLoginTimeout Number of minutes an account will be locked if user exceeds maximum permissible attempts Minimum value: 1 Maximum value: 525600
aaadnatIp Source IP address to use for traffic that is sent to the authentication server.
enableSessionStickiness Enables/Disables stickiness to authentication servers
Possible values: YES, NO Default value: NO
aaaSessionLoglevel Audit log level, which specifies the types of events to log for cli executed commands. Available values function as follows:
- EMERGENCY - Events that indicate an immediate crisis on the server.
- ALERT - Events that might require action.
- CRITICAL - Events that indicate an imminent server crisis.
- ERROR - Events that indicate some type of error.
- WARNING - Events that require action in the near future.
- NOTICE - Events that the administrator should know about.
- INFORMATIONAL - All but low-level events.
- DEBUG - All events, in extreme detail.
Possible values: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, DEBUG Default value: DEFAULT_LOGLEVEL_AAA
aaadLoglevel AAAD log level, which specifies the types of AAAD events to log in nsvpn.log. Available values function as follows:
- EMERGENCY - Events that indicate an immediate crisis on the server.
- ALERT - Events that might require action.
- CRITICAL - Events that indicate an imminent server crisis.
- ERROR - Events that indicate some type of error.
- WARNING - Events that require action in the near future.
- NOTICE - Events that the administrator should know about.
- INFORMATIONAL - All but low-level events.
- DEBUG - All events, in extreme detail.
Possible values: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, DEBUG Default value: INFORMATIONAL
dynAddr Set by the DHCP client when the IP address was fetched dynamically.
Possible values: ON, OFF Default value: OFF
ftMode First time user mode determines which configuration options are shown by default when logging in to the GUI. This setting is controlled by the GUI.
Possible values: ON, HA, OFF Default value: ON
maxSamlDeflateSize This will set the maximum deflate size in case of SAML Redirect binding. Minimum value: 0
persistentLoginAttempts Persistent storage of unsuccessful user login attempts
Possible values: ENABLED, DISABLED Default value: DISABLED
pwdExpiryNotificationDays This will set the threshold time in days for password expiry notification. Default value is 0, which means no notification is sent Minimum value: 0
maxKBQuestions This will set maximum number of Questions to be asked for KB Validation. Default value is 2, Max Value is 6 Minimum value: 2 Maximum value: 6
loginEncryption Parameter to encrypt login information for nFactor flow
Possible values: ENABLED, DISABLED Default value: DISABLED
SameSite SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite
Possible values: None, LAX, STRICT
APITokenCache Option to enable/disable API cache feature.
Possible values: ENABLED, DISABLED Default value: DISABLED
tokenIntrospectionInterval Frequency at which a token must be verified at the Authorization Server (AS) despite being found in cache. Minimum value: 0
defaultCSPHeader Parameter to enable/disable default CSP header
Possible values: ENABLED, DISABLED Default value: DISABLED
httpOnlyCookie Parameter to set/reset HttpOnly Flag for NSC_AAAC/NSC_TMAS cookies in nfactor
Possible values: ENABLED, DISABLED Default value: DISABLED
enhancedEPA Parameter to enable/disable EPA v2 functionality
Possible values: ENABLED, DISABLED Default value: DISABLED
wafProtection Entities for which WAF Protection need to be applied. Available settings function as follows:
- AUTH - Endpoints used for Authentication applicable for both AAATM, IDP, GATEWAY use cases.
- VPN - Endpoints used for Gateway use cases.
- DISABLED - No Endpoint WAF protection. Currently supported only in default partition
securityInsights On enabling this option, the Citrix ADC will send the security insight records to the configured collectors when request comes to Authentication endpoint.
- If cs vserver is frontend with Authentication vserver as target for cs action, then record is sent using Authentication vserver name.
- If vpn/lb/cs vserver are configured with Authentication ON, then then record is sent using vpn/lb/cs vserver name accordingly.
- If authentication vserver is frontend, then record is sent using Authentication vserver name.
Possible values: ENABLED, DISABLED Default value: DISABLED
Example
set aaa parameter -defaultAuthType RADIUS -maxAAAUSers 100
show aaa parameter
Displays the current AAA global configuration.
Synopsis
show aaa parameter
Arguments
Output
enableStaticPageCaching Indicates if static page caching is enabled or not.
enableEnhancedAuthFeedback Indicates whether enhanced auth feedback is enabled or not.
defaultAuthType The default authentication server type.
maxAAAUsers The maximum number of concurrent users allowed to log into the system at any time.
aaadnatIp The natIp to be used for the AAA traffic
maxLoginAttempts Maximum Number of login Attempts
failedLoginTimeout Number of minutes an account will be locked if user exceeds maximum permissible attempts
enableSessionStickiness Enables/Disables stickiness to authentication servers
aaaSessionLoglevel Audit log level, which specifies the types of events to log for cli executed commands. Available values function as follows:
- EMERGENCY - Events that indicate an immediate crisis on the server.
- ALERT - Events that might require action.
- CRITICAL - Events that indicate an imminent server crisis.
- ERROR - Events that indicate some type of error.
- WARNING - Events that require action in the near future.
- NOTICE - Events that the administrator should know about.
- INFORMATIONAL - All but low-level events.
- DEBUG - All events, in extreme detail.
aaadLoglevel AAAD log level, which specifies the types of AAAD events to log in nsvpn.log. Available values function as follows:
- EMERGENCY - Events that indicate an immediate crisis on the server.
- ALERT - Events that might require action.
- CRITICAL - Events that indicate an imminent server crisis.
- ERROR - Events that indicate some type of error.
- WARNING - Events that require action in the near future.
- NOTICE - Events that the administrator should know about.
- INFORMATIONAL - All but low-level events.
- DEBUG - All events, in extreme detail.
dynAddr Set by the DHCP client when the IP address was fetched dynamically.
ftMode First time user mode determines which configuration options are shown by default when logging in to the GUI. This setting is controlled by the GUI.
maxSamlDeflateSize This will set the maximum deflate size in case of SAML Redirect binding.
persistentLoginAttempts Persistent storage of unsuccessful user login attempts
pwdExpiryNotificationDays This will set the threshold time in days for password expiry notification. Default value is 0, which means no notification is sent
maxKBQuestions This will set maximum number of Questions to be asked for KB Validation. Default value is 2, Max Value is 6
builtin Flag to determine if aaa param is built-in or not
feature The feature to be checked while applying this config
loginEncryption Parameter to encrypt login information for nFactor flow
SameSite SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite
APITokenCache Option to enable/disable API cache feature.
tokenIntrospectionInterval Frequency at which a token must be verified at the Authorization Server (AS) despite being found in cache.
defaultCSPHeader Parameter to enable/disable default CSP header
httpOnlyCookie Parameter to set/reset HttpOnly Flag for NSC_AAAC/NSC_TMAS cookies in nfactor
enhancedEPA Parameter to enable/disable EPA v2 functionality
wafProtection Entities for which WAF Protection need to be applied. Available settings function as follows:
- AUTH - Endpoints used for Authentication applicable for both AAATM, IDP, GATEWAY use cases.
- VPN - Endpoints used for Gateway use cases.
- DISABLED - No Endpoint WAF protection. Currently supported only in default partition
securityInsights On enabling this option, the Citrix ADC will send the security insight records to the configured collectors when request comes to Authentication endpoint.
- If cs vserver is frontend with Authentication vserver as target for cs action, then record is sent using Authentication vserver name.
- If vpn/lb/cs vserver are configured with Authentication ON, then then record is sent using vpn/lb/cs vserver name accordingly.
- If authentication vserver is frontend, then record is sent using Authentication vserver name.
Example
show aaa parameter Configured AAA parameters DefaultAuthType: LDAP MaxAAAUsers: 5 Done
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.