-
-
-
authentication-vserver
-
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
authentication-vserver
The following operations can be performed on “authentication-vserver”:
rm | stat | rename | enable | unbind | unset | disable | add | bind | show | set |
rm authentication vserver
Removes an authentication virtual server.
Synopsis
rm authentication vserver
Arguments
name Name of the authentication virtual server to remove.
Example
rm vserver authn_vip
stat authentication vserver
Displays statistics about the specified authentication virtual server. If no authentication virtual server is specified, displays statistics for all authentication virtual servers that are currently configured on the Citrix ADC.
Synopsis
stat authentication vserver [
Arguments
name Name of the authentication virtual server.
detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.
fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated
ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0
logFile The name of the log file to be used as input.
clearstats Clear the statsistics / counters
Possible values: basic, full
Output
count devno stateflag
Counters
IP address (IP) The IP address on which the service is running.
Port (port) The port on which the service is running.
Vserver protocol (Protocol) Protocol associated with the vserver
State Current state of the server. There are seven possible values: UP(7), DOWN(1), UNKNOWN(2), BUSY(3), OFS(Out of Service)(4), TROFS(Transition Out of Service)(5), TROFS_DOWN(Down When going Out of Service)(8)
Requests (Req) Total number of requests received on this service or virtual server. (This applies to HTTP/SSL services and servers.)
Responses (Rsp) Number of responses received on this service or virtual server. (This applies to HTTP/SSL services and servers.)
Request bytes (Reqb) Total number of request bytes received on this service or virtual server.
Response bytes (Rspb) Number of response bytes received by this service or virtual server.
Related Commands
rename authentication vserver
Rename an authentication virtual server.
Synopsis
rename authentication vserver
Arguments
name Current name of the authentication virtual server.
newName New name of the authentication virtual server. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, ‘my authentication policy’ or “my authentication policy”).
Example
rename authentication vserver av1 av_new
enable authentication vserver
Enables an authentication virtual server that is disabled. Note: Virtual servers, when added, are normally enabled by default.
Synopsis
enable authentication vserver
Arguments
name Name of the virtual server to enable.
Example
enable vserver authentication1
unbind authentication vserver
Unbinds the specified policy from the specified authentication virtual server.
Synopsis
unbind authentication vserver
Arguments
name Name of the virtual server.
policy Name of the policy to be unbound.
secondary Applicable only to classic authentication policy
groupExtraction Applicable only to classic authentication policy
type Bind point from which to unbind the policy.
Possible values: REQUEST, RESPONSE, ICA_REQUEST, OTHERTCP_REQUEST, AAA_REQUEST, AAA_RESPONSE
portaltheme Name of Theme to be unbound from authentication vserver
unset authentication vserver
Removes the settings of an existing authentication virtual server. Attributes for which a default value is available revert to their default values. Refer to the set authentication vserver command for descriptions of the parameters..Refer to the set authentication vserver command for meanings of the arguments.
Synopsis
unset authentication vserver
disable authentication vserver
Disables an authentication virtual server, taking it out of service.
Synopsis
disable authentication vserver
Arguments
name Name of the virtual server to disable. Notes:
- The Citrix ADC still responds to ARP and/or ping requests for the IP address of disabled virtual servers.
- Because the virtual server configuration still exists on the Citrix ADC, you can reenable the virtual server.
Example
disable vserver authn_vip
add authentication vserver
Creates an authentication virtual server.
Synopsis
add authentication vserver
Arguments
name Name for the new authentication virtual server. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the authentication virtual server is added by using the rename authentication vserver command.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication policy” or ‘my authentication policy’).
serviceType Protocol type of the authentication virtual server. Always SSL.
Possible values: SSL Default value: SSL
IPAddress IP address of the authentication virtual server, if a single IP address is assigned to the virtual server.
range If you are creating a series of virtual servers with a range of IP addresses assigned to them, the length of the range. The new range of authentication virtual servers will have IP addresses consecutively numbered, starting with the primary address specified with the IP Address parameter. Default value: 1 Minimum value: 1
port TCP port on which the virtual server accepts connections.
state Initial state of the new virtual server.
Possible values: ENABLED, DISABLED Default value: ENABLED
authentication Require users to be authenticated before sending traffic through this virtual server.
Possible values: ON, OFF Default value: ON
comment Any comments associated with this virtual server.
td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094
appflowLog Log AppFlow flow information.
Possible values: ENABLED, DISABLED Default value: ENABLED
maxLoginAttempts Maximum Number of login Attempts Minimum value: 1 Maximum value: 255
failedLoginTimeout Number of minutes an account will be locked if user exceeds maximum permissible attempts Minimum value: 1
certkeyNames Name of the certificate key that was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate
SameSite SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite
Possible values: None, LAX, STRICT
Example
The following example creates an authentication vserver named myauthenticationvip which supports SSL portocol and with AAA functionality enabled: vserver myauthenticationvip SSL 65.219.17.34 443 -aaa ON
bind authentication vserver
Binds authentication policies to an authentication virtual server.
Synopsis
bind authentication vserver
Arguments
name Name of the authentication virtual server to which to bind the policy.
policy Name of the policy to bind to the virtual server.
priority Positive integer specifying the priority of the policy. A lower number specifies a higher priority. Policies are evaluated in the order of their priorities, and the first policy that matches the request is applied. Must be unique within the list of policies bound to the authentication virtual server.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, ‘my authentication policy’ or “my authentication policy”). Minimum value: 0
secondary Applicable only while bindind classic authentication policy as advance authentication policy use nFactor
groupExtraction Applicable only while bindind classic authentication policy as advance authentication policy use nFactor
nextFactor Applicable only while binding advance authentication policy as classic authentication policy does not support nFactor
gotoPriorityExpression Applicable only to advance authentication policy. Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE. Specify one of the following values:
- NEXT - Evaluate the policy with the next higher priority number.
- END - End policy evaluation.
- USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT.
- An expression that evaluates to a number. If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows:
- If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next.
- If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next.
- If the expression evaluates to a priority number that is numerically higher than the highest numbered priority, policy evaluation ends. An UNDEF event is triggered if:
- The expression is invalid.
- The expression evaluates to a priority number that is numerically lower than the current policy’s priority.
- The expression evaluates to a priority number that is between the current policy’s priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.
type Bind point to which to bind the policy. Applies only to rewrite and cache policies. If you do not set this parameter, the policy is bound to REQ_DEFAULT or RES_DEFAULT, depending on whether the policy rule is a response-time or a request-time expression.
Possible values: REQUEST, RESPONSE, ICA_REQUEST, OTHERTCP_REQUEST, AAA_REQUEST, AAA_RESPONSE
portaltheme Portal theme to be bound to Authentication vserver
show authentication vserver
Displays the configuration of the specified authentication virtual server. If no authentication virtual server is specified, displays a list of all authentication virtual servers that are currently configured on the Citrix ADC.
Synopsis
show authentication vserver [
Arguments
name Name of the authentication virtual server.
Output
IPAddress The Virtual IP address of the authentication vserver.
td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.
IPAddress The IP address of the authentication server.
value Indicates whether or not the certificate is bound or if SSL offload is disabled.
port The virtual TCP port of the authentication vserver.
range
The range of authentication vserver IP addresses. The new range of authentication vservers will have IP addresses consecutively numbered, starting with the primary address specified with the
serviceType The authentication vserver’s protocol type, Currently the only possible value is SSL.
type The type of Virtual Server, e.g. CONTENT based or ADDRESS based.
state The current state of the Virtual server, e.g. UP, DOWN, BUSY, etc.
status Whether or not this vserver responds to ARPs and whether or not round-robin selection is temporarily in effect.
cacheType Virtual server’s cache type. The options are: TRANSPARENT, REVERSE and FORWARD.
redirect The cache redirect policy. The valid redirect policies are: l.CACHE - Directs all requests to the cache. 2.POLICY - Applies cache redirection policy to determine whether the request should be directed to the cache or origin. This is the default setting. 3.ORIGIN - Directs all requests to the origin server.
precedence This argument is used only when configuring content switching on the specified virtual server. This is applicable only if both the URL and RULE-based policies have been configured on the same virtual server. It specifies the type of policy (URL or RULE) that takes precedence on the content switching virtual server. The default setting is RULE. lURL - In this case, the incoming request is matched against the URL-based policies before the rule-based policies. lRULE - In this case, the incoming request is matched against the rule-based policies before the URL-based policies. For all URL-based policies, the precedence hierarchy is: 1.Domain and exact URL 2.Domain, prefix and suffix 3.Domain and suffix 4.Domain and prefix 5.Domain only 6.Exact URL 7.Prefix and suffix 8.Suffix only 9.Prefix only 10.Default
redirectURL The URL where traffic is redirected if the virtual server in system becomes unavailable. WARNING!Make sure that the domain you specify in the URL does not match the domain specified in the -d domainName argument of the ###add cs policy### command. If the same domain is specified in both arguments, the request will be continuously redirected to the same unavailable virtual server in the system. If so, the user may not get the requested content.
authentication Indicates whether or not authentication is being applied to incoming users to the VPN.
curAAAUsers The number of current users logged in to this vserver.
AuthenticationDomain The domain of the authentication cookie set by Authentication vserver
policyName The name of the policy, if any, bound to the authentication vserver.
policy The name of the policy, if any, bound to the authentication vserver.
serviceName The name of the service, if any, to which the vserver policy is bound.
weight Weight for this service, if any. This weight is used when the system performs load balancing, giving greater priority to a specific service. It is useful when the services bound to a virtual server are of different capacity.
cacheVserver The name of the default target cache virtual server, if any, to which requests are redirected.
backupVServer The name of the backup vpn virtual server for this vpn virtual server.
cltTimeout The idle time, if any, in seconds after which the client connection is terminated.
soMethod VPN client applications are allocated from a block of Intranet IP addresses. That block may be exhausted after a certain number of connections. This switch specifies the method used to determine whether or not a new connection will spillover, or exhaust, the allocated block of Intranet IP addresses for that application. Possible values are CONNECTION or DYNAMICCONNECTION. CONNECTION means that a static integer value is the hard limit for the spillover threshold. The spillover threshold is described below. DYNAMICCONNECTION means that the spillover threshold is set according to the maximum number of connections defined for the vpn vserver.
soThreshold VPN client applications are allocated from a block of Intranet IP addresses. That block may be exhausted after a certain number of connections. The value of this option is number of client connections after which the Mapped IP address is used as the client source IP address instead of an address from the allocated block of Intranet IP addresses.
soPersistence Whether or not cookie-based site persistance is enabled for this VPN vserver. Possible values are ‘ConnectionProxy’, HTTPRedirect, or NONE
soPersistenceTimeOut The timeout, if any, for cookie-based site persistance of this VPN vserver.
priority The priority, if any, of the vpn vserver policy.
downStateFlush Perform delayed clean up of connections on this vserver.
type Bindpoint to which the policy is bound.
actType disablePrimaryOnDown Tells whether traffic will continue reaching backup vservers even after primary comes UP from DOWN state.
Listenpolicy Listenpolicy configured for authentication vserver
Listenpriority Priority of listen policy for authentication vserver
tcpProfileName The name of the TCP profile.
httpProfileName Name of the HTTP profile.
comment Any comments associated with this virtual server.
policySubType stateflag flags appflowLog Log AppFlow flow information.
vstype Virtual Server Type, e.g. Load Balancing, Content Switch, Cache Redirection
state Initial state of the new virtual server.
ngname Nodegroup devno to which this authentication vsever belongs to
maxLoginAttempts Maximum Number of login Attempts
failedLoginTimeout Number of minutes an account will be locked if user exceeds maximum permissible attempts
secondary Bind the authentication policy to the secondary chain. Provides for multifactor authentication in which a user must authenticate via both a primary authentication method and, afterward, via a secondary authentication method. Because user groups are aggregated across authentication systems, usernames must be the same on all authentication servers. Passwords can be different.
groupExtraction Bind the Authentication policy to a tertiary chain which will be used only for group extraction. The user will not authenticate against this server, and this will only be called if primary and/or secondary authentication has succeeded.
nextFactor On success invoke label.
gotoPriorityExpression Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
portaltheme Theme for Authentication virtual server Login portal
noDefaultBindings to determine if the configuration will have default ssl CIPHER and ECC curve bindings
certkeyNames Name of the certificate key that was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate
SameSite SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite
devno count
Example
show authentication vserver
set authentication vserver
Modifies the specified parameters of an existing authentication virtual server.
Synopsis
set authentication vserver
Arguments
name Name of the virtual server to modify.
IPAddress IP address of the authentication virtual server, if a single IP address is assigned to the virtual server.
authentication Require users to be authenticated before sending traffic through this virtual server.
Possible values: ON, OFF Default value: ON
comment Any comments associated with this virtual server.
appflowLog Log AppFlow flow information.
Possible values: ENABLED, DISABLED Default value: ENABLED
maxLoginAttempts Maximum Number of login Attempts Minimum value: 1 Maximum value: 255
failedLoginTimeout Number of minutes an account will be locked if user exceeds maximum permissible attempts Minimum value: 1
certkeyNames Name of the certificate key that was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate
SameSite SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite
Possible values: None, LAX, STRICT
Share
Share
In this article
- rm authentication vserver
- stat authentication vserver
- rename authentication vserver
- enable authentication vserver
- unbind authentication vserver
- unset authentication vserver
- disable authentication vserver
- add authentication vserver
- bind authentication vserver
- show authentication vserver
- set authentication vserver
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.