tm-samlSSOProfile
The following operations can be performed on “tm-samlSSOProfile”:
rm | set | show | add | unset |
rm tm samlSSOProfile
Deletes an existing saml single sign-on traffic profile.
Synopsis
rm tm samlSSOProfile
Arguments
name Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an SSO action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
set tm samlSSOProfile
Modifies the specified attributes of a saml single sign-on traffic profile.
Synopsis
set tm samlSSOProfile
Arguments
name Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an SSO action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
samlSigningCertName Name of the SSL certificate that is used to Sign Assertion.
assertionConsumerServiceURL URL to which the assertion is to be sent.
samlIssuerName The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
relaystateRule Expression to extract relaystate to be sent along with assertion. Evaluation of this expression should return TEXT content. This is typically a targ et url to which user is redirected after the recipient validates SAML token
signatureAlg Algorithm to be used to sign/verify SAML transactions
Possible values: RSA-SHA1, RSA-SHA256 Default value: RSA-SHA256
digestMethod Algorithm to be used to compute/verify digest for SAML transactions
Possible values: SHA1, SHA256 Default value: SHA256
audience Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider
NameIDFormat Format of Name Identifier sent in Assertion.
Possible values: Unspecified, emailAddress, X509SubjectName, WindowsDomainQualifiedName, kerberos, entity, persistent, transient Default value: transient
NameIDExpr Expression that will be evaluated to obtain NameIdentifier to be sent in assertion
Attribute1 Name of attribute1 that needs to be sent in SAML Assertion
Attribute1Expr Expression that will be evaluated to obtain attribute1’s value to be sent in Assertion
Attribute1FriendlyName User-Friendly Name of attribute1 that needs to be sent in SAML Assertion
Attribute1Format Format of Attribute1 to be sent in Assertion.
Possible values: URI, Basic
Attribute2 Name of attribute2 that needs to be sent in SAML Assertion
Attribute2Expr Expression that will be evaluated to obtain attribute2’s value to be sent in Assertion
Attribute2FriendlyName User-Friendly Name of attribute2 that needs to be sent in SAML Assertion
Attribute2Format Format of Attribute2 to be sent in Assertion.
Possible values: URI, Basic
Attribute3 Name of attribute3 that needs to be sent in SAML Assertion
Attribute3Expr Expression that will be evaluated to obtain attribute3’s value to be sent in Assertion
Attribute3FriendlyName User-Friendly Name of attribute3 that needs to be sent in SAML Assertion
Attribute3Format Format of Attribute3 to be sent in Assertion.
Possible values: URI, Basic
Attribute4 Name of attribute4 that needs to be sent in SAML Assertion
Attribute4Expr Expression that will be evaluated to obtain attribute4’s value to be sent in Assertion
Attribute4FriendlyName User-Friendly Name of attribute4 that needs to be sent in SAML Assertion
Attribute4Format Format of Attribute4 to be sent in Assertion.
Possible values: URI, Basic
Attribute5 Name of attribute5 that needs to be sent in SAML Assertion
Attribute5Expr Expression that will be evaluated to obtain attribute5’s value to be sent in Assertion
Attribute5FriendlyName User-Friendly Name of attribute5 that needs to be sent in SAML Assertion
Attribute5Format Format of Attribute5 to be sent in Assertion.
Possible values: URI, Basic
Attribute6 Name of attribute6 that needs to be sent in SAML Assertion
Attribute6Expr Expression that will be evaluated to obtain attribute6’s value to be sent in Assertion
Attribute6FriendlyName User-Friendly Name of attribute6 that needs to be sent in SAML Assertion
Attribute6Format Format of Attribute6 to be sent in Assertion.
Possible values: URI, Basic
Attribute7 Name of attribute7 that needs to be sent in SAML Assertion
Attribute7Expr Expression that will be evaluated to obtain attribute7’s value to be sent in Assertion
Attribute7FriendlyName User-Friendly Name of attribute7 that needs to be sent in SAML Assertion
Attribute7Format Format of Attribute7 to be sent in Assertion.
Possible values: URI, Basic
Attribute8 Name of attribute8 that needs to be sent in SAML Assertion
Attribute8Expr Expression that will be evaluated to obtain attribute8’s value to be sent in Assertion
Attribute8FriendlyName User-Friendly Name of attribute8 that needs to be sent in SAML Assertion
Attribute8Format Format of Attribute8 to be sent in Assertion.
Possible values: URI, Basic
Attribute9 Name of attribute9 that needs to be sent in SAML Assertion
Attribute9Expr Expression that will be evaluated to obtain attribute9’s value to be sent in Assertion
Attribute9FriendlyName User-Friendly Name of attribute9 that needs to be sent in SAML Assertion
Attribute9Format Format of Attribute9 to be sent in Assertion.
Possible values: URI, Basic
Attribute10 Name of attribute10 that needs to be sent in SAML Assertion
Attribute10Expr Expression that will be evaluated to obtain attribute10’s value to be sent in Assertion
Attribute10FriendlyName User-Friendly Name of attribute10 that needs to be sent in SAML Assertion
Attribute10Format Format of Attribute10 to be sent in Assertion.
Possible values: URI, Basic
Attribute11 Name of attribute11 that needs to be sent in SAML Assertion
Attribute11Expr Expression that will be evaluated to obtain attribute11’s value to be sent in Assertion
Attribute11FriendlyName User-Friendly Name of attribute11 that needs to be sent in SAML Assertion
Attribute11Format Format of Attribute11 to be sent in Assertion.
Possible values: URI, Basic
Attribute12 Name of attribute12 that needs to be sent in SAML Assertion
Attribute12Expr Expression that will be evaluated to obtain attribute12’s value to be sent in Assertion
Attribute12FriendlyName User-Friendly Name of attribute12 that needs to be sent in SAML Assertion
Attribute12Format Format of Attribute12 to be sent in Assertion.
Possible values: URI, Basic
Attribute13 Name of attribute13 that needs to be sent in SAML Assertion
Attribute13Expr Expression that will be evaluated to obtain attribute13’s value to be sent in Assertion
Attribute13FriendlyName User-Friendly Name of attribute13 that needs to be sent in SAML Assertion
Attribute13Format Format of Attribute13 to be sent in Assertion.
Possible values: URI, Basic
Attribute14 Name of attribute14 that needs to be sent in SAML Assertion
Attribute14Expr Expression that will be evaluated to obtain attribute14’s value to be sent in Assertion
Attribute14FriendlyName User-Friendly Name of attribute14 that needs to be sent in SAML Assertion
Attribute14Format Format of Attribute14 to be sent in Assertion.
Possible values: URI, Basic
Attribute15 Name of attribute15 that needs to be sent in SAML Assertion
Attribute15Expr Expression that will be evaluated to obtain attribute15’s value to be sent in Assertion
Attribute15FriendlyName User-Friendly Name of attribute15 that needs to be sent in SAML Assertion
Attribute15Format Format of Attribute15 to be sent in Assertion.
Possible values: URI, Basic
Attribute16 Name of attribute16 that needs to be sent in SAML Assertion
Attribute16Expr Expression that will be evaluated to obtain attribute16’s value to be sent in Assertion
Attribute16FriendlyName User-Friendly Name of attribute16 that needs to be sent in SAML Assertion
Attribute16Format Format of Attribute16 to be sent in Assertion.
Possible values: URI, Basic
encryptAssertion Option to encrypt assertion when Citrix ADC sends one.
Possible values: ON, OFF Default value: OFF
samlSPCertName Name of the SSL certificate of peer/receving party using which Assertion is encrypted.
encryptionAlgorithm Algorithm to be used to encrypt SAML assertion
Possible values: DES3, AES128, AES192, AES256 Default value: AES256
skewTime This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
signAssertion Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed
Possible values: NONE, ASSERTION, RESPONSE, BOTH Default value: ASSERTION
show tm samlSSOProfile
Displays information about all configured saml single sign-on profiles, or displays detailed information about the specified action.
Synopsis
show tm samlSSOProfile [
Arguments
name Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an SSO action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
Output
samlSigningCertName Name of the SSL certificate that is used to Sign Assertion.
assertionConsumerServiceURL URL to which the assertion is to be sent.
sendPassword Option to send password in assertion.
samlIssuerName The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
relaystateRule Expression to extract relaystate to be sent along with assertion. Evaluation of this expression should return TEXT content. This is typically a targ et url to which user is redirected after the recipient validates SAML token
signatureAlg Algorithm to be used to sign/verify SAML transactions
digestMethod Algorithm to be used to compute/verify digest for SAML transactions
audience Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider
NameIDFormat Format of Name Identifier sent in Assertion.
NameIDExpr Expression that will be evaluated to obtain NameIdentifier to be sent in assertion
Attribute1 Name of attribute1 that needs to be sent in SAML Assertion
Attribute2 Name of attribute2 that needs to be sent in SAML Assertion
Attribute3 Name of attribute3 that needs to be sent in SAML Assertion
Attribute4 Name of attribute4 that needs to be sent in SAML Assertion
Attribute5 Name of attribute5 that needs to be sent in SAML Assertion
Attribute6 Name of attribute6 that needs to be sent in SAML Assertion
Attribute7 Name of attribute7 that needs to be sent in SAML Assertion
Attribute8 Name of attribute8 that needs to be sent in SAML Assertion
Attribute9 Name of attribute9 that needs to be sent in SAML Assertion
Attribute10 Name of attribute10 that needs to be sent in SAML Assertion
Attribute11 Name of attribute11 that needs to be sent in SAML Assertion
Attribute12 Name of attribute12 that needs to be sent in SAML Assertion
Attribute13 Name of attribute13 that needs to be sent in SAML Assertion
Attribute14 Name of attribute14 that needs to be sent in SAML Assertion
Attribute15 Name of attribute15 that needs to be sent in SAML Assertion
Attribute16 Name of attribute16 that needs to be sent in SAML Assertion
Attribute1FriendlyName User-Friendly Name of attribute1 that needs to be sent in SAML Assertion
Attribute2FriendlyName User-Friendly Name of attribute2 that needs to be sent in SAML Assertion
Attribute3FriendlyName User-Friendly Name of attribute3 that needs to be sent in SAML Assertion
Attribute4FriendlyName User-Friendly Name of attribute4 that needs to be sent in SAML Assertion
Attribute5FriendlyName User-Friendly Name of attribute5 that needs to be sent in SAML Assertion
Attribute6FriendlyName User-Friendly Name of attribute6 that needs to be sent in SAML Assertion
Attribute7FriendlyName User-Friendly Name of attribute7 that needs to be sent in SAML Assertion
Attribute8FriendlyName User-Friendly Name of attribute8 that needs to be sent in SAML Assertion
Attribute9FriendlyName User-Friendly Name of attribute9 that needs to be sent in SAML Assertion
Attribute10FriendlyName User-Friendly Name of attribute10 that needs to be sent in SAML Assertion
Attribute11FriendlyName User-Friendly Name of attribute11 that needs to be sent in SAML Assertion
Attribute12FriendlyName User-Friendly Name of attribute12 that needs to be sent in SAML Assertion
Attribute13FriendlyName User-Friendly Name of attribute13 that needs to be sent in SAML Assertion
Attribute14FriendlyName User-Friendly Name of attribute14 that needs to be sent in SAML Assertion
Attribute15FriendlyName User-Friendly Name of attribute15 that needs to be sent in SAML Assertion
Attribute16FriendlyName User-Friendly Name of attribute16 that needs to be sent in SAML Assertion
Attribute1Format Format of Attribute1 to be sent in Assertion.
Attribute2Format Format of Attribute2 to be sent in Assertion.
Attribute3Format Format of Attribute3 to be sent in Assertion.
Attribute4Format Format of Attribute4 to be sent in Assertion.
Attribute5Format Format of Attribute5 to be sent in Assertion.
Attribute6Format Format of Attribute6 to be sent in Assertion.
Attribute7Format Format of Attribute7 to be sent in Assertion.
Attribute8Format Format of Attribute8 to be sent in Assertion.
Attribute9Format Format of Attribute9 to be sent in Assertion.
Attribute10Format Format of Attribute10 to be sent in Assertion.
Attribute11Format Format of Attribute11 to be sent in Assertion.
Attribute12Format Format of Attribute12 to be sent in Assertion.
Attribute13Format Format of Attribute13 to be sent in Assertion.
Attribute14Format Format of Attribute14 to be sent in Assertion.
Attribute15Format Format of Attribute15 to be sent in Assertion.
Attribute16Format Format of Attribute16 to be sent in Assertion.
Attribute1Expr Expression that will be evaluated to obtain attribute1’s value to be sent in Assertion
Attribute2Expr Expression that will be evaluated to obtain attribute2’s value to be sent in Assertion
Attribute3Expr Expression that will be evaluated to obtain attribute3’s value to be sent in Assertion
Attribute4Expr Expression that will be evaluated to obtain attribute4’s value to be sent in Assertion
Attribute5Expr Expression that will be evaluated to obtain attribute5’s value to be sent in Assertion
Attribute6Expr Expression that will be evaluated to obtain attribute6’s value to be sent in Assertion
Attribute7Expr Expression that will be evaluated to obtain attribute7’s value to be sent in Assertion
Attribute8Expr Expression that will be evaluated to obtain attribute8’s value to be sent in Assertion
Attribute9Expr Expression that will be evaluated to obtain attribute9’s value to be sent in Assertion
Attribute10Expr Expression that will be evaluated to obtain attribute10’s value to be sent in Assertion
Attribute11Expr Expression that will be evaluated to obtain attribute11’s value to be sent in Assertion
Attribute12Expr Expression that will be evaluated to obtain attribute12’s value to be sent in Assertion
Attribute13Expr Expression that will be evaluated to obtain attribute13’s value to be sent in Assertion
Attribute14Expr Expression that will be evaluated to obtain attribute14’s value to be sent in Assertion
Attribute15Expr Expression that will be evaluated to obtain attribute15’s value to be sent in Assertion
Attribute16Expr Expression that will be evaluated to obtain attribute16’s value to be sent in Assertion
encryptAssertion Option to encrypt assertion when Citrix ADC sends one.
samlSPCertName Name of the SSL certificate of peer/receving party using which Assertion is encrypted.
encryptionAlgorithm Algorithm to be used to encrypt SAML assertion
skewTime This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
signAssertion Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed
devno count stateflag
add tm samlSSOProfile
Creates a SAML single sign-on profile. This profile is employed in triggering saml assertion to a target service based on traffic profile.
Synopsis
add tm samlSSOProfile
Arguments
name Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an SSO action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
samlSigningCertName Name of the SSL certificate that is used to Sign Assertion.
assertionConsumerServiceURL URL to which the assertion is to be sent.
relaystateRule Expression to extract relaystate to be sent along with assertion. Evaluation of this expression should return TEXT content. This is typically a targ et url to which user is redirected after the recipient validates SAML token
samlIssuerName The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
signatureAlg Algorithm to be used to sign/verify SAML transactions
Possible values: RSA-SHA1, RSA-SHA256 Default value: RSA-SHA256
digestMethod Algorithm to be used to compute/verify digest for SAML transactions
Possible values: SHA1, SHA256 Default value: SHA256
audience Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider
NameIDFormat Format of Name Identifier sent in Assertion.
Possible values: Unspecified, emailAddress, X509SubjectName, WindowsDomainQualifiedName, kerberos, entity, persistent, transient Default value: transient
NameIDExpr Expression that will be evaluated to obtain NameIdentifier to be sent in assertion
Attribute1 Name of attribute1 that needs to be sent in SAML Assertion
Attribute1Expr Expression that will be evaluated to obtain attribute1’s value to be sent in Assertion
Attribute1FriendlyName User-Friendly Name of attribute1 that needs to be sent in SAML Assertion
Attribute1Format Format of Attribute1 to be sent in Assertion.
Possible values: URI, Basic
Attribute2 Name of attribute2 that needs to be sent in SAML Assertion
Attribute2Expr Expression that will be evaluated to obtain attribute2’s value to be sent in Assertion
Attribute2FriendlyName User-Friendly Name of attribute2 that needs to be sent in SAML Assertion
Attribute2Format Format of Attribute2 to be sent in Assertion.
Possible values: URI, Basic
Attribute3 Name of attribute3 that needs to be sent in SAML Assertion
Attribute3Expr Expression that will be evaluated to obtain attribute3’s value to be sent in Assertion
Attribute3FriendlyName User-Friendly Name of attribute3 that needs to be sent in SAML Assertion
Attribute3Format Format of Attribute3 to be sent in Assertion.
Possible values: URI, Basic
Attribute4 Name of attribute4 that needs to be sent in SAML Assertion
Attribute4Expr Expression that will be evaluated to obtain attribute4’s value to be sent in Assertion
Attribute4FriendlyName User-Friendly Name of attribute4 that needs to be sent in SAML Assertion
Attribute4Format Format of Attribute4 to be sent in Assertion.
Possible values: URI, Basic
Attribute5 Name of attribute5 that needs to be sent in SAML Assertion
Attribute5Expr Expression that will be evaluated to obtain attribute5’s value to be sent in Assertion
Attribute5FriendlyName User-Friendly Name of attribute5 that needs to be sent in SAML Assertion
Attribute5Format Format of Attribute5 to be sent in Assertion.
Possible values: URI, Basic
Attribute6 Name of attribute6 that needs to be sent in SAML Assertion
Attribute6Expr Expression that will be evaluated to obtain attribute6’s value to be sent in Assertion
Attribute6FriendlyName User-Friendly Name of attribute6 that needs to be sent in SAML Assertion
Attribute6Format Format of Attribute6 to be sent in Assertion.
Possible values: URI, Basic
Attribute7 Name of attribute7 that needs to be sent in SAML Assertion
Attribute7Expr Expression that will be evaluated to obtain attribute7’s value to be sent in Assertion
Attribute7FriendlyName User-Friendly Name of attribute7 that needs to be sent in SAML Assertion
Attribute7Format Format of Attribute7 to be sent in Assertion.
Possible values: URI, Basic
Attribute8 Name of attribute8 that needs to be sent in SAML Assertion
Attribute8Expr Expression that will be evaluated to obtain attribute8’s value to be sent in Assertion
Attribute8FriendlyName User-Friendly Name of attribute8 that needs to be sent in SAML Assertion
Attribute8Format Format of Attribute8 to be sent in Assertion.
Possible values: URI, Basic
Attribute9 Name of attribute9 that needs to be sent in SAML Assertion
Attribute9Expr Expression that will be evaluated to obtain attribute9’s value to be sent in Assertion
Attribute9FriendlyName User-Friendly Name of attribute9 that needs to be sent in SAML Assertion
Attribute9Format Format of Attribute9 to be sent in Assertion.
Possible values: URI, Basic
Attribute10 Name of attribute10 that needs to be sent in SAML Assertion
Attribute10Expr Expression that will be evaluated to obtain attribute10’s value to be sent in Assertion
Attribute10FriendlyName User-Friendly Name of attribute10 that needs to be sent in SAML Assertion
Attribute10Format Format of Attribute10 to be sent in Assertion.
Possible values: URI, Basic
Attribute11 Name of attribute11 that needs to be sent in SAML Assertion
Attribute11Expr Expression that will be evaluated to obtain attribute11’s value to be sent in Assertion
Attribute11FriendlyName User-Friendly Name of attribute11 that needs to be sent in SAML Assertion
Attribute11Format Format of Attribute11 to be sent in Assertion.
Possible values: URI, Basic
Attribute12 Name of attribute12 that needs to be sent in SAML Assertion
Attribute12Expr Expression that will be evaluated to obtain attribute12’s value to be sent in Assertion
Attribute12FriendlyName User-Friendly Name of attribute12 that needs to be sent in SAML Assertion
Attribute12Format Format of Attribute12 to be sent in Assertion.
Possible values: URI, Basic
Attribute13 Name of attribute13 that needs to be sent in SAML Assertion
Attribute13Expr Expression that will be evaluated to obtain attribute13’s value to be sent in Assertion
Attribute13FriendlyName User-Friendly Name of attribute13 that needs to be sent in SAML Assertion
Attribute13Format Format of Attribute13 to be sent in Assertion.
Possible values: URI, Basic
Attribute14 Name of attribute14 that needs to be sent in SAML Assertion
Attribute14Expr Expression that will be evaluated to obtain attribute14’s value to be sent in Assertion
Attribute14FriendlyName User-Friendly Name of attribute14 that needs to be sent in SAML Assertion
Attribute14Format Format of Attribute14 to be sent in Assertion.
Possible values: URI, Basic
Attribute15 Name of attribute15 that needs to be sent in SAML Assertion
Attribute15Expr Expression that will be evaluated to obtain attribute15’s value to be sent in Assertion
Attribute15FriendlyName User-Friendly Name of attribute15 that needs to be sent in SAML Assertion
Attribute15Format Format of Attribute15 to be sent in Assertion.
Possible values: URI, Basic
Attribute16 Name of attribute16 that needs to be sent in SAML Assertion
Attribute16Expr Expression that will be evaluated to obtain attribute16’s value to be sent in Assertion
Attribute16FriendlyName User-Friendly Name of attribute16 that needs to be sent in SAML Assertion
Attribute16Format Format of Attribute16 to be sent in Assertion.
Possible values: URI, Basic
encryptAssertion Option to encrypt assertion when Citrix ADC sends one.
Possible values: ON, OFF Default value: OFF
samlSPCertName Name of the SSL certificate of peer/receving party using which Assertion is encrypted.
encryptionAlgorithm Algorithm to be used to encrypt SAML assertion
Possible values: DES3, AES128, AES192, AES256 Default value: AES256
skewTime This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
signAssertion Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed
Possible values: NONE, ASSERTION, RESPONSE, BOTH Default value: ASSERTION
unset tm samlSSOProfile
Use this command to remove tm samlSSOProfile settings.Refer to the set tm samlSSOProfile command for meanings of the arguments.
Synopsis
unset tm samlSSOProfile