-
-
-
authentication-OAuthAction
-
-
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
authentication-OAuthAction
The following operations can be performed on “authentication-OAuthAction”:
unset | set | show | rm | add |
unset authentication OAuthAction
Use this command to remove authentication OAuthAction settings.Refer to the set authentication OAuthAction command for meanings of the arguments.
Synopsis
unset authentication OAuthAction
set authentication OAuthAction
Modifies the attributes of an existing OAuth authentication action.
Synopsis
set authentication OAuthAction
Arguments
name Name of the action to configure.
OAuthType Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.
Possible values: GENERIC, INTUNE, ATHENA Default value: GENERIC
authorizationEndpoint Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction
tokenEndpoint URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured
clientID Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret Secret string established by user and authorization server
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1
Attribute2 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2
Attribute3 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3
Attribute4 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4
Attribute5 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5
Attribute6 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6
Attribute7 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7
Attribute8 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8
Attribute9 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9
Attribute10 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10
Attribute11 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11
Attribute12 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12
Attribute13 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13
Attribute14 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14
Attribute15 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15
Attribute16 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16
Attributes List of attribute names separated by ‘,’ which needs to be extracted. Note that preceding and trailing spaces will be removed. Attribute name can be 127 bytes and total length of this string should not cross 1023 bytes. These attributes have multi-value support separated by ‘,’ and stored as key-value pair in AAA session
tenantID TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.
GraphEndpoint URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.
refreshInterval Interval at which services are monitored for necessary configuration. Default value: 1440 Minimum value: 0
CertEndpoint URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
audience Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient
userNameField Attribute in the token from which username should be extracted.
skewTime This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
issuer Identity of the server whose tokens are to be accepted.
UserInfoURL URL to which OAuth access token will be posted to obtain user information.
CertFilePath Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
grantType Grant type support. value can be code or password
Possible values: CODE, PASSWORD Default value: CODE
authentication If authentication is disabled, password is not sent in the request.
Possible values: ENABLED, DISABLED Default value: ENABLED
introspectURL URL to which access token would be posted for validation
allowedAlgorithms Multivalued option to specify allowed token verification algorithms. Default value: OAUTH_ALG_ALL
PKCE Option to enable/disable PKCE flow during authentication.
Possible values: ENABLED, DISABLED Default value: ENABLED
tokenEndpointAuthMethod Option to select the variant of token authentication method. This method is used while exchanging code with IdP.
Possible values: client_secret_post, client_secret_jwt, private_key_jwt, client_secret_basic Default value: client_secret_post,
metadataUrl Well-known configuration endpoint of the Authorization Server. Citrix ADC fetches server details from this endpoint.
resourceUri Resource URL for Oauth configuration.
Example
set authentication OAuthAction a1 -ClientID someid123 -clientSecret somesecret
show authentication OAuthAction
Displays information about the configured OAuth authentication action.
Synopsis
show authentication OAuthAction [
Arguments
name Name of the OAuth authentication action to display. If a name is not provided, information about all actions is shown.
Output
stateflag authorizationEndpoint Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction
tokenEndpoint URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured
clientID Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret Secret string established by user and authorization server
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1
Attribute2 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2
Attribute3 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3
Attribute4 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4
Attribute5 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5
Attribute6 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6
Attribute7 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7
Attribute8 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8
Attribute9 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9
Attribute10 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10
Attribute11 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11
Attribute12 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12
Attribute13 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13
Attribute14 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14
Attribute15 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15
Attribute16 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16
Attributes List of attribute names separated by ‘,’ which needs to be extracted. Note that preceding and trailing spaces will be removed. Attribute name can be 127 bytes and total length of this string should not cross 1023 bytes. These attributes have multi-value support separated by ‘,’ and stored as key-value pair in AAA session
tenantID TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.
GraphEndpoint URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.
refreshInterval Interval at which services are monitored for necessary configuration.
CertEndpoint URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
OAuthType Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.
audience Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient
userNameField Attribute in the token from which username should be extracted.
skewTime This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
issuer Identity of the server whose tokens are to be accepted.
OAuthStatus Describes status information of oauth server.
UserInfoURL URL to which OAuth access token will be posted to obtain user information.
CertFilePath Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
grantType Grant type support. value can be code or password
authentication If authentication is disabled, password is not sent in the request.
introspectURL URL to which access token would be posted for validation
allowedAlgorithms Multivalued option to specify allowed token verification algorithms.
PKCE Option to enable/disable PKCE flow during authentication.
tokenEndpointAuthMethod Option to select the variant of token authentication method. This method is used while exchanging code with IdP.
metadataUrl Well-known configuration endpoint of the Authorization Server. Citrix ADC fetches server details from this endpoint.
resourceUri Resource URL for Oauth configuration.
devno count
Example
show authentication OAuthAction a1
rm authentication OAuthAction
Removes a OAuth authentication action. You cannot remove an action that is used in any part of a policy.
Synopsis
rm authentication OAuthAction
Arguments
name Name of the OAuth authentication action to remove.
Example
rm authentication OAuthAction a1
add authentication OAuthAction
Adds an action to be used for OAuth authentication.
Synopsis
add authentication OAuthAction
Arguments
name Name for the OAuth Authentication action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the profile is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication action” or ‘my authentication action’).
OAuthType Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.
Possible values: GENERIC, INTUNE, ATHENA Default value: GENERIC
authorizationEndpoint Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction
tokenEndpoint URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured
clientID Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret Secret string established by user and authorization server
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1
Attribute2 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2
Attribute3 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3
Attribute4 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4
Attribute5 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5
Attribute6 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6
Attribute7 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7
Attribute8 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8
Attribute9 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9
Attribute10 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10
Attribute11 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11
Attribute12 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12
Attribute13 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13
Attribute14 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14
Attribute15 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15
Attribute16 Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16
Attributes List of attribute names separated by ‘,’ which needs to be extracted. Note that preceding and trailing spaces will be removed. Attribute name can be 127 bytes and total length of this string should not cross 1023 bytes. These attributes have multi-value support separated by ‘,’ and stored as key-value pair in AAA session
tenantID TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.
GraphEndpoint URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.
refreshInterval Interval at which services are monitored for necessary configuration. Default value: 1440 Minimum value: 0
CertEndpoint URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
audience Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient
userNameField Attribute in the token from which username should be extracted.
skewTime This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
issuer Identity of the server whose tokens are to be accepted.
UserInfoURL URL to which OAuth access token will be posted to obtain user information.
CertFilePath Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
grantType Grant type support. value can be code or password
Possible values: CODE, PASSWORD Default value: CODE
authentication If authentication is disabled, password is not sent in the request.
Possible values: ENABLED, DISABLED Default value: ENABLED
introspectURL URL to which access token would be posted for validation
allowedAlgorithms Multivalued option to specify allowed token verification algorithms. Default value: OAUTH_ALG_ALL
PKCE Option to enable/disable PKCE flow during authentication.
Possible values: ENABLED, DISABLED Default value: ENABLED
tokenEndpointAuthMethod Option to select the variant of token authentication method. This method is used while exchanging code with IdP.
Possible values: client_secret_post, client_secret_jwt, private_key_jwt, client_secret_basic Default value: client_secret_post,
metadataUrl Well-known configuration endpoint of the Authorization Server. Citrix ADC fetches server details from this endpoint.
resourceUri Resource URL for Oauth configuration.
Example
add authentication oauthAction a -authorizationEndpoint https://google.com/ -tokenEndpoint https://google.com/ -clientiD sadf -clientsecret df
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.