Citrix ADC 12.1 NITRO API Reference

authenticationvserver

Configuration for authentication virtual server resource.

Properties

(click to see Operations)

Name Data Type Permissions Description
name Read-write Name for the new authentication virtual server.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the authentication virtual server is added by using the rename authentication vserver command.

The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication policy” or ‘my authentication policy’).
Minimum length = 1
servicetype Read-write Protocol type of the authentication virtual server. Always SSL.
Default value: SSL
Possible values = SSL
ipv46 Read-write IP address of the authentication virtual server, if a single IP address is assigned to the virtual server.
Minimum length = 1
range Read-write If you are creating a series of virtual servers with a range of IP addresses assigned to them, the length of the range.
The new range of authentication virtual servers will have IP addresses consecutively numbered, starting with the primary address specified with the IP Address parameter.
Default value: 1
Minimum value = 1
port Read-write TCP port on which the virtual server accepts connections.
Range 1 - 65535
* in CLI is represented as 65535 in NITRO API
state Read-write Initial state of the new virtual server.
Default value: ENABLED
Possible values = ENABLED, DISABLED
authentication Read-write Require users to be authenticated before sending traffic through this virtual server.
Default value: ON
Possible values = ON, OFF
authenticationdomain Read-write The domain of the authentication cookie set by Authentication vserver.
Minimum length = 3
Maximum length = 252
comment Read-write Any comments associated with this virtual server.
td Read-write Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.
Minimum value = 0
Maximum value = 4094
appflowlog Read-write Log AppFlow flow information.
Default value: ENABLED
Possible values = ENABLED, DISABLED
maxloginattempts Read-write Maximum Number of login Attempts.
Minimum value = 1
Maximum value = 255
failedlogintimeout Read-write Number of minutes an account will be locked if user exceeds maximum permissible attempts.
Minimum value = 1
certkeynames Read-write Name of the certificate key that was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate.
Minimum length = 1
Maximum length = 127
newname Read-write New name of the authentication virtual server.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, ‘my authentication policy’ or “my authentication policy”).
Minimum length = 1
ip Read-only The Virtual IP address of the authentication vserver.
value Read-only Indicates whether or not the certificate is bound or if SSL offload is disabled.
Possible values = Certkey not bound, SSL feature disabled
type Read-only The type of Virtual Server, e.g. CONTENT based or ADDRESS based.
Possible values = CONTENT, ADDRESS
curstate Read-only The current state of the Virtual server, e.g. UP, DOWN, BUSY, etc.
Possible values = UP, DOWN, UNKNOWN, BUSY, OUT OF SERVICE, GOING OUT OF SERVICE, DOWN WHEN GOING OUT OF SERVICE, NS_EMPTY_STR, Unknown, DISABLED
status Read-only Whether or not this vserver responds to ARPs and whether or not round-robin selection is temporarily in effect.
cachetype Read-only Virtual server’s cache type. The options are: TRANSPARENT, REVERSE and FORWARD.
Possible values = TRANSPARENT, REVERSE, FORWARD
redirect Read-only The cache redirect policy.
The valid redirect policies are:
l. CACHE - Directs all requests to the cache.
2. POLICY - Applies cache redirection policy to determine whether the request should be directed to the cache or origin. This is the default setting.
3. ORIGIN - Directs all requests to the origin server.
Possible values = CACHE, POLICY, ORIGIN
precedence Read-only This argument is used only when configuring content switching on the specified virtual server. This is applicable only
if both the URL and RULE-based policies have been configured on the same virtual server.
It specifies the type of policy (URL or RULE) that takes precedence on the content switching virtual server. The default setting is RULE.
l URL - In this case, the incoming request is matched against the URL-based policies before the rule-based policies.
l RULE - In this case, the incoming request is matched against the rule-based policies before the URL-based policies.
For all URL-based policies, the precedence hierarchy is:
1. Domain and exact URL
2. Domain, prefix and suffix
3. Domain and suffix
4. Domain and prefix
5. Domain only
6. Exact URL
7. Prefix and suffix
8. Suffix only
9. Prefix only
10. Default.
Possible values = RULE, URL
redirecturl Read-only The URL where traffic is redirected if the virtual server in system becomes unavailable. WARNING! Make sure that the domain you specify in the URL does not match the domain specified in the -d domainName argument of the ###add cs policy### command. If the same domain is specified in both arguments, the request will be continuously redirected to the same unavailable virtual server in the system. If so, the user may not get the requested content.
curaaausers Read-only The number of current users logged in to this vserver.
policy Read-only The name of the policy, if any, bound to the authentication vserver.
servicename Read-only The name of the service, if any, to which the vserver policy is bound.
weight Read-only Weight for this service, if any. This weight is used when the system performs load balancing, giving greater priority to a specific service. It is useful when the services bound to a virtual server are of different capacity.
cachevserver Read-only The name of the default target cache virtual server, if any, to which requests are redirected.
backupvserver Read-only The name of the backup vpn virtual server for this vpn virtual server.
clttimeout Read-only The idle time, if any, in seconds after which the client connection is terminated.
somethod Read-only VPN client applications are allocated from a block of Intranet IP addresses.
That block may be exhausted after a certain number of connections. This switch specifies the
method used to determine whether or not a new connection will spillover, or exhaust, the allocated block of
Intranet IP addresses for that application. Possible values are CONNECTION or DYNAMICCONNECTION.
CONNECTION means that a static integer value is the hard limit for the spillover threshold. The spillover
threshold is described below. DYNAMICCONNECTION means that the spillover threshold is set according to
the maximum number of connections defined for the vpn vserver.
Possible values = CONNECTION, DYNAMICCONNECTION, BANDWIDTH, HEALTH, NONE
sothreshold Read-only VPN client applications are allocated from a block of Intranet IP addresses.
That block may be exhausted after a certain number of connections.
The value of this option is number of client connections after which the Mapped IP address is used
as the client source IP address instead of an address from the allocated block of Intranet IP addresses.
sopersistence Read-only Whether or not cookie-based site persistance is enabled for this VPN vserver. Possible values are ‘ConnectionProxy’, HTTPRedirect, or NONE.
Possible values = ENABLED, DISABLED
sopersistencetimeout Read-only The timeout, if any, for cookie-based site persistance of this VPN vserver.
priority Read-only The priority, if any, of the vpn vserver policy.
downstateflush Read-only Perform delayed clean up of connections on this vserver.
Possible values = ENABLED, DISABLED
disableprimaryondown Read-only Tells whether traffic will continue reaching backup vservers even after primary comes UP from DOWN state.
Possible values = ENABLED, DISABLED
listenpolicy Read-only Listenpolicy configured for authentication vserver.
listenpriority Read-only Priority of listen policy for authentication vserver.
tcpprofilename Read-only The name of the TCP profile.
httpprofilename Read-only Name of the HTTP profile.
vstype Read-only Virtual Server Type, e.g. Load Balancing, Content Switch, Cache Redirection.
ngname Read-only Nodegroup devno to which this authentication vsever belongs to.
secondary Read-only Bind the authentication policy to the secondary chain.
Provides for multifactor authentication in which a user must authenticate via both a primary authentication method and, afterward, via a secondary authentication method.
Because user groups are aggregated across authentication systems, usernames must be the same on all authentication servers. Passwords can be different.
groupextraction Read-only Bind the Authentication policy to a tertiary chain which will be used only for group extraction. The user will not authenticate against this server, and this will only be called if primary and/or secondary authentication has succeeded.
__count Read-only count parameter

Operations

(click to see Properties)

ADD DELETE UPDATE UNSET ENABLE DISABLE RENAME GET (ALL) GET COUNT

Some options that you can use for each operations:

  • Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:

    http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note:In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

*Note:*

Mandatory parameters are marked in redand placeholder content is marked in <green>.

add

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"authenticationvserver":{
<b>"name":<String_value>,
</b><b>"servicetype":<String_value>,
</b>"ipv46":<String_value>,
"range":<Double_value>,
"port":<Integer_value>,
"state":<String_value>,
"authentication":<String_value>,
"authenticationdomain":<String_value>,
"comment":<String_value>,
"td":<Double_value>,
"appflowlog":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"certkeynames":<String_value>
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 201 Created HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

delete

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>

HTTP Method:DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

update

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver

HTTP Method:PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"authenticationvserver":{
<b>"name":<String_value>,
</b>"ipv46":<String_value>,
"authentication":<String_value>,
"authenticationdomain":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"certkeynames":<String_value>
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

unset

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=unset

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"authenticationvserver":{
<b>"name":<String_value>,
</b>"authenticationdomain":true,
"maxloginattempts":true,
"authentication":true,
"comment":true,
"appflowlog":true,
"failedlogintimeout":true,
"certkeynames":true
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

enable

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=enable

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"authenticationvserver":{
<b>"name":<String_value>
</b>}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

disable

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=disable

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"authenticationvserver":{
<b>"name":<String_value>
</b>}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

rename

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=rename

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"authenticationvserver":{
<b>"name":<String_value>,
</b><b>"newname":<String_value>
</b>}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

get (all)

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver

Query-parameters:

attrs

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

filter

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?filter=property-name1:property-val1,property-name2:property-val2

Use this query-parameter to get the filtered set of authenticationvserver resources configured on Citrix ADC. Filtering can be done on any of the properties of the resource.

view

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

pagination

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?pagesize=#no;pageno=#no

Use this query-parameter to get the authenticationvserver resources in chunks.

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "authenticationvserver": [ {
"name":<String_value>,
"ip":<String_value>,
"td":<Double_value>,
"ipv46":<String_value>,
"value":<String_value>,
"port":<Integer_value>,
"range":<Double_value>,
"servicetype":<String_value>,
"type":<String_value>,
"curstate":<String_value>,
"status":<Integer_value>,
"cachetype":<String_value>,
"redirect":<String_value>,
"precedence":<String_value>,
"redirecturl":<String_value>,
"authentication":<String_value>,
"curaaausers":<Double_value>,
"authenticationdomain":<String_value>,
"policyname":<String_value>,
"policy":<String_value>,
"servicename":<String_value>,
"weight":<Double_value>,
"cachevserver":<String_value>,
"backupvserver":<String_value>,
"clttimeout":<Double_value>,
"somethod":<String_value>,
"sothreshold":<Double_value>,
"sopersistence":<String_value>,
"sopersistencetimeout":<Double_value>,
"priority":<Double_value>,
"downstateflush":<String_value>,
"disableprimaryondown":<String_value>,
"listenpolicy":<String_value>,
"listenpriority":<Double_value>,
"tcpprofilename":<String_value>,
"httpprofilename":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"vstype":<Double_value>,
"ngname":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"secondary":<Boolean_value>,
"groupextraction":<Boolean_value>,
"certkeynames":<String_value>
}]}

<!--NeedCopy-->

get

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>

Query-parameters:

attrs

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

view

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "authenticationvserver": [ {
"name":<String_value>,
"ip":<String_value>,
"td":<Double_value>,
"ipv46":<String_value>,
"value":<String_value>,
"port":<Integer_value>,
"range":<Double_value>,
"servicetype":<String_value>,
"type":<String_value>,
"curstate":<String_value>,
"status":<Integer_value>,
"cachetype":<String_value>,
"redirect":<String_value>,
"precedence":<String_value>,
"redirecturl":<String_value>,
"authentication":<String_value>,
"curaaausers":<Double_value>,
"authenticationdomain":<String_value>,
"policyname":<String_value>,
"policy":<String_value>,
"servicename":<String_value>,
"weight":<Double_value>,
"cachevserver":<String_value>,
"backupvserver":<String_value>,
"clttimeout":<Double_value>,
"somethod":<String_value>,
"sothreshold":<Double_value>,
"sopersistence":<String_value>,
"sopersistencetimeout":<Double_value>,
"priority":<Double_value>,
"downstateflush":<String_value>,
"disableprimaryondown":<String_value>,
"listenpolicy":<String_value>,
"listenpriority":<Double_value>,
"tcpprofilename":<String_value>,
"httpprofilename":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"vstype":<Double_value>,
"ngname":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"secondary":<Boolean_value>,
"groupextraction":<Boolean_value>,
"certkeynames":<String_value>
}]}

<!--NeedCopy-->

count

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?count=yes

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "authenticationvserver": [ { "__count": "#no"} ] }

<!--NeedCopy-->
authenticationvserver