ADC CLI Commands

tm-sessionAction

The following operations can be performed on “tm-sessionAction”:

set add unset show rm

set tm sessionAction

Modifies the specified parameters of an existing session action.

Synopsis

set tm sessionAction \[-sessTimeout ] \[-defaultAuthorizationAction \( ALLOW | DENY )] \[-SSO \( ON | OFF )] \[-ssoCredential \( PRIMARY | SECONDARY )] \[-ssoDomain ] \[-kcdAccount ] \[-httpOnlyCookie \( YES | NO )] \[-persistentCookie \( ON | OFF )] \[-persistentCookieValidity <positive\_integer>] \[-homePage ]

Arguments

name Name of the session action to modify.

sessTimeout Session timeout, in minutes. If there is no traffic during the timeout period, the user is disconnected and must reauthenticate to access intranet resources. Minimum value: 1

defaultAuthorizationAction Allow or deny access to content for which there is no specific authorization policy.

Possible values: ALLOW, DENY

SSO Use single sign-on (SSO) to log users on to all web applications automatically after they authenticate, or pass users to the web application logon page to authenticate to each application individually. Note that this configuration does not honor the following authentication types for security reason. BASIC, DIGEST, and NTLM (without Negotiate NTLM2 Key or Negotiate Sign Flag). Use TM TrafficAction to configure SSO for these authentication types.

Possible values: ON, OFF Default value: OFF

ssoCredential Use the primary or secondary authentication credentials for single sign-on (SSO).

Possible values: PRIMARY, SECONDARY

ssoDomain Domain to use for single sign-on (SSO).

kcdAccount Kerberos constrained delegation account name

httpOnlyCookie Allow only an HTTP session cookie, in which case the cookie cannot be accessed by scripts.

Possible values: YES, NO Default value: YES

persistentCookie Enable or disable persistent SSO cookies for the traffic management (TM) session. A persistent cookie remains on the user device and is sent with each HTTP request. The cookie becomes stale if the session ends. This setting is overwritten if a traffic action sets persistent cookie to OFF. Note: If persistent cookie is enabled, make sure you set the persistent cookie validity.

Possible values: ON, OFF

persistentCookieValidity Integer specifying the number of minutes for which the persistent cookie remains valid. Can be set only if the persistent cookie setting is enabled. Minimum value: 1

homePage Web address of the home page that a user is displayed when authentication vserver is bookmarked and used to login.

add tm sessionAction

Creates a session action (profile) that allows you to override global settings for any of the session parameters.

Synopsis

add tm sessionAction \[-sessTimeout ] \[-defaultAuthorizationAction \( ALLOW | DENY )] \[-SSO \( ON | OFF )] \[-ssoCredential \( PRIMARY | SECONDARY )] \[-ssoDomain ] \[-httpOnlyCookie \( YES | NO )] \[-kcdAccount ] \[-persistentCookie \( ON | OFF )] \[-persistentCookieValidity ] \[-homePage ]

Arguments

name Name for the session action. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after a session action is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).

sessTimeout Session timeout, in minutes. If there is no traffic during the timeout period, the user is disconnected and must reauthenticate to access intranet resources. Minimum value: 1

defaultAuthorizationAction Allow or deny access to content for which there is no specific authorization policy.

Possible values: ALLOW, DENY

SSO Use single sign-on (SSO) to log users on to all web applications automatically after they authenticate, or pass users to the web application logon page to authenticate to each application individually. Note that this configuration does not honor the following authentication types for security reason. BASIC, DIGEST, and NTLM (without Negotiate NTLM2 Key or Negotiate Sign Flag). Use TM TrafficAction to configure SSO for these authentication types.

Possible values: ON, OFF Default value: OFF

ssoCredential Use the primary or secondary authentication credentials for single sign-on (SSO).

Possible values: PRIMARY, SECONDARY

ssoDomain Domain to use for single sign-on (SSO).

httpOnlyCookie Allow only an HTTP session cookie, in which case the cookie cannot be accessed by scripts.

Possible values: YES, NO Default value: YES

kcdAccount Kerberos constrained delegation account name

persistentCookie Enable or disable persistent SSO cookies for the traffic management (TM) session. A persistent cookie remains on the user device and is sent with each HTTP request. The cookie becomes stale if the session ends. This setting is overwritten if a traffic action sets persistent cookie to OFF. Note: If persistent cookie is enabled, make sure you set the persistent cookie validity.

Possible values: ON, OFF

persistentCookieValidity Integer specifying the number of minutes for which the persistent cookie remains valid. Can be set only if the persistent cookie setting is enabled. Minimum value: 1

homePage Web address of the home page that a user is displayed when authentication vserver is bookmarked and used to login.

unset tm sessionAction

Use this command to remove tm sessionAction settings.Refer to the set tm sessionAction command for meanings of the arguments.

Synopsis

unset tm sessionAction [-sessTimeout] [-defaultAuthorizationAction] [-SSO] [-ssoCredential] [-ssoDomain] [-kcdAccount] [-httpOnlyCookie] [-persistentCookie] [-persistentCookieValidity] [-homePage]

show tm sessionAction

Displays information about all configured traffic management (TM) session actions, or detailed information about the specified TM session action.

Synopsis

show tm sessionAction []

Arguments

name Name of the existing traffic management (TM) session action for which to display detailed information.

Output

sessTimeout The session timeout, in minutes, set by the action.

defaultAuthorizationAction The Authorization Action, e.g. allow or deny

stateflag SSO Whether or not Single Sign-On is used for this session.

ssoCredential Use the primary or secondary authentication credentials for single sign-on (SSO).

ssoDomain Domain to use for single sign-on (SSO).

kcdAccount Kerberos constrained delegation account name

httpOnlyCookie Allow only an HTTP session cookie, in which case the cookie cannot be accessed by scripts.

persistentCookie Enable or disable persistent SSO cookies for the traffic management (TM) session. A persistent cookie remains on the user device and is sent with each HTTP request. The cookie becomes stale if the session ends. This setting is overwritten if a traffic action sets persistent cookie to OFF. Note: If persistent cookie is enabled, make sure you set the persistent cookie validity.

persistentCookieValidity Integer specifying the number of minutes for which the persistent cookie remains valid. Can be set only if the persistent cookie setting is enabled.

homePage Web address of the home page that a user is displayed when authentication vserver is bookmarked and used to login.

builtin Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

feature The feature to be checked while applying this config

devno count

rm tm sessionAction

Deletes an existing session action.

Synopsis

rm tm sessionAction

Arguments

name Name of the session action to delete.

tm-sessionAction