This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
authenticationvserver
Configuration for authentication virtual server resource.
Properties
(click to see Operations)
Name | Data Type | Permissions | Description |
---|---|---|---|
name |
|
Read-write | Name for the new authentication virtual server. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the authentication virtual server is added by using the rename authentication vserver command. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication policy” or ‘my authentication policy’). Minimum length = 1 |
servicetype |
|
Read-write | Protocol type of the authentication virtual server. Always SSL. Default value: SSL Possible values = SSL |
ipv46 |
|
Read-write | IP address of the authentication virtual server, if a single IP address is assigned to the virtual server. Minimum length = 1 |
range |
|
Read-write | If you are creating a series of virtual servers with a range of IP addresses assigned to them, the length of the range. The new range of authentication virtual servers will have IP addresses consecutively numbered, starting with the primary address specified with the IP Address parameter. Default value: 1 Minimum value = 1 |
port |
|
Read-write | TCP port on which the virtual server accepts connections. Range 1 - 65535 * in CLI is represented as 65535 in NITRO API |
state |
|
Read-write | Initial state of the new virtual server. Default value: ENABLED Possible values = ENABLED, DISABLED |
authentication |
|
Read-write | Require users to be authenticated before sending traffic through this virtual server. Default value: ON Possible values = ON, OFF |
authenticationdomain |
|
Read-write | The domain of the authentication cookie set by Authentication vserver. Minimum length = 3 Maximum length = 252 |
comment |
|
Read-write | Any comments associated with this virtual server. |
td |
|
Read-write | Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value = 0 Maximum value = 4094 |
appflowlog |
|
Read-write | Log AppFlow flow information. Default value: ENABLED Possible values = ENABLED, DISABLED |
maxloginattempts |
|
Read-write | Maximum Number of login Attempts. Minimum value = 1 Maximum value = 255 |
failedlogintimeout |
|
Read-write | Number of minutes an account will be locked if user exceeds maximum permissible attempts. Minimum value = 1 |
certkeynames |
|
Read-write | Name of the certificate key that was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate. Minimum length = 1 Maximum length = 127 |
newname |
|
Read-write | New name of the authentication virtual server. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, ‘my authentication policy’ or “my authentication policy”). Minimum length = 1 |
ip |
|
Read-only | The Virtual IP address of the authentication vserver. |
value |
|
Read-only | Indicates whether or not the certificate is bound or if SSL offload is disabled. Possible values = Certkey not bound, SSL feature disabled |
type |
|
Read-only | The type of Virtual Server, e.g. CONTENT based or ADDRESS based. Possible values = CONTENT, ADDRESS |
curstate |
|
Read-only | The current state of the Virtual server, e.g. UP, DOWN, BUSY, etc. Possible values = UP, DOWN, UNKNOWN, BUSY, OUT OF SERVICE, GOING OUT OF SERVICE, DOWN WHEN GOING OUT OF SERVICE, NS_EMPTY_STR, Unknown, DISABLED |
status |
|
Read-only | Whether or not this vserver responds to ARPs and whether or not round-robin selection is temporarily in effect. |
cachetype |
|
Read-only | Virtual server’s cache type. The options are: TRANSPARENT, REVERSE and FORWARD. Possible values = TRANSPARENT, REVERSE, FORWARD |
redirect |
|
Read-only | The cache redirect policy. The valid redirect policies are: l. CACHE - Directs all requests to the cache. 2. POLICY - Applies cache redirection policy to determine whether the request should be directed to the cache or origin. This is the default setting. 3. ORIGIN - Directs all requests to the origin server. Possible values = CACHE, POLICY, ORIGIN |
precedence |
|
Read-only | This argument is used only when configuring content switching on the specified virtual server. This is applicable only if both the URL and RULE-based policies have been configured on the same virtual server. It specifies the type of policy (URL or RULE) that takes precedence on the content switching virtual server. The default setting is RULE. l URL - In this case, the incoming request is matched against the URL-based policies before the rule-based policies. l RULE - In this case, the incoming request is matched against the rule-based policies before the URL-based policies. For all URL-based policies, the precedence hierarchy is: 1. Domain and exact URL 2. Domain, prefix and suffix 3. Domain and suffix 4. Domain and prefix 5. Domain only 6. Exact URL 7. Prefix and suffix 8. Suffix only 9. Prefix only 10. Default. Possible values = RULE, URL |
redirecturl |
|
Read-only | The URL where traffic is redirected if the virtual server in system becomes unavailable. WARNING! Make sure that the domain you specify in the URL does not match the domain specified in the -d domainName argument of the ###add cs policy### command. If the same domain is specified in both arguments, the request will be continuously redirected to the same unavailable virtual server in the system. If so, the user may not get the requested content. |
curaaausers |
|
Read-only | The number of current users logged in to this vserver. |
policy |
|
Read-only | The name of the policy, if any, bound to the authentication vserver. |
servicename |
|
Read-only | The name of the service, if any, to which the vserver policy is bound. |
weight |
|
Read-only | Weight for this service, if any. This weight is used when the system performs load balancing, giving greater priority to a specific service. It is useful when the services bound to a virtual server are of different capacity. |
cachevserver |
|
Read-only | The name of the default target cache virtual server, if any, to which requests are redirected. |
backupvserver |
|
Read-only | The name of the backup vpn virtual server for this vpn virtual server. |
clttimeout |
|
Read-only | The idle time, if any, in seconds after which the client connection is terminated. |
somethod |
|
Read-only | VPN client applications are allocated from a block of Intranet IP addresses. That block may be exhausted after a certain number of connections. This switch specifies the method used to determine whether or not a new connection will spillover, or exhaust, the allocated block of Intranet IP addresses for that application. Possible values are CONNECTION or DYNAMICCONNECTION. CONNECTION means that a static integer value is the hard limit for the spillover threshold. The spillover threshold is described below. DYNAMICCONNECTION means that the spillover threshold is set according to the maximum number of connections defined for the vpn vserver. Possible values = CONNECTION, DYNAMICCONNECTION, BANDWIDTH, HEALTH, NONE |
sothreshold |
|
Read-only | VPN client applications are allocated from a block of Intranet IP addresses. That block may be exhausted after a certain number of connections. The value of this option is number of client connections after which the Mapped IP address is used as the client source IP address instead of an address from the allocated block of Intranet IP addresses. |
sopersistence |
|
Read-only | Whether or not cookie-based site persistance is enabled for this VPN vserver. Possible values are ‘ConnectionProxy’, HTTPRedirect, or NONE. Possible values = ENABLED, DISABLED |
sopersistencetimeout |
|
Read-only | The timeout, if any, for cookie-based site persistance of this VPN vserver. |
priority |
|
Read-only | The priority, if any, of the vpn vserver policy. |
downstateflush |
|
Read-only | Perform delayed clean up of connections on this vserver. Possible values = ENABLED, DISABLED |
disableprimaryondown |
|
Read-only | Tells whether traffic will continue reaching backup vservers even after primary comes UP from DOWN state. Possible values = ENABLED, DISABLED |
listenpolicy |
|
Read-only | Listenpolicy configured for authentication vserver. |
listenpriority |
|
Read-only | Priority of listen policy for authentication vserver. |
tcpprofilename |
|
Read-only | The name of the TCP profile. |
httpprofilename |
|
Read-only | Name of the HTTP profile. |
vstype |
|
Read-only | Virtual Server Type, e.g. Load Balancing, Content Switch, Cache Redirection. |
ngname |
|
Read-only | Nodegroup devno to which this authentication vsever belongs to. |
secondary |
|
Read-only | Bind the authentication policy to the secondary chain. Provides for multifactor authentication in which a user must authenticate via both a primary authentication method and, afterward, via a secondary authentication method. Because user groups are aggregated across authentication systems, usernames must be the same on all authentication servers. Passwords can be different. |
groupextraction |
|
Read-only | Bind the Authentication policy to a tertiary chain which will be used only for group extraction. The user will not authenticate against this server, and this will only be called if primary and/or secondary authentication has succeeded. |
__count |
|
Read-only | count parameter |
Operations
(click to see Properties)
ADD | DELETE | UPDATE | UNSET | ENABLE | DISABLE | RENAME | GET (ALL) | GET | COUNT |
Some options that you can use for each operations:
-
Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".
-
Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER:<username>
X-NITRO-PASS:<password>
Note:In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
*Note:
*
Mandatory parameters are marked in redand placeholder content is marked in <green>.
add
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"authenticationvserver":{
<b>"name":<String_value>,
</b><b>"servicetype":<String_value>,
</b>"ipv46":<String_value>,
"range":<Double_value>,
"port":<Integer_value>,
"state":<String_value>,
"authentication":<String_value>,
"authenticationdomain":<String_value>,
"comment":<String_value>,
"td":<Double_value>,
"appflowlog":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"certkeynames":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 201 Created HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
delete
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>
HTTP Method:DELETE
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
update
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver
HTTP Method:PUT
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"authenticationvserver":{
<b>"name":<String_value>,
</b>"ipv46":<String_value>,
"authentication":<String_value>,
"authenticationdomain":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"certkeynames":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
unset
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=unset
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"authenticationvserver":{
<b>"name":<String_value>,
</b>"authenticationdomain":true,
"maxloginattempts":true,
"authentication":true,
"comment":true,
"appflowlog":true,
"failedlogintimeout":true,
"certkeynames":true
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
enable
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=enable
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"authenticationvserver":{
<b>"name":<String_value>
</b>}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
disable
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=disable
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"authenticationvserver":{
<b>"name":<String_value>
</b>}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
rename
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=rename
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"authenticationvserver":{
<b>"name":<String_value>,
</b><b>"newname":<String_value>
</b>}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
get (all)
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver
Query-parameters:
attrs
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
filter
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?filter=property-name1:property-val1,property-name2:property-val2
Use this query-parameter to get the filtered set of authenticationvserver resources configured on Citrix ADC. Filtering can be done on any of the properties of the resource.
view
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?view=summary
Note:By default, the retrieved results are displayed in detail view (?view=detail).
pagination
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?pagesize=#no;pageno=#no
Use this query-parameter to get the authenticationvserver resources in chunks.
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "authenticationvserver": [ {
"name":<String_value>,
"ip":<String_value>,
"td":<Double_value>,
"ipv46":<String_value>,
"value":<String_value>,
"port":<Integer_value>,
"range":<Double_value>,
"servicetype":<String_value>,
"type":<String_value>,
"curstate":<String_value>,
"status":<Integer_value>,
"cachetype":<String_value>,
"redirect":<String_value>,
"precedence":<String_value>,
"redirecturl":<String_value>,
"authentication":<String_value>,
"curaaausers":<Double_value>,
"authenticationdomain":<String_value>,
"policyname":<String_value>,
"policy":<String_value>,
"servicename":<String_value>,
"weight":<Double_value>,
"cachevserver":<String_value>,
"backupvserver":<String_value>,
"clttimeout":<Double_value>,
"somethod":<String_value>,
"sothreshold":<Double_value>,
"sopersistence":<String_value>,
"sopersistencetimeout":<Double_value>,
"priority":<Double_value>,
"downstateflush":<String_value>,
"disableprimaryondown":<String_value>,
"listenpolicy":<String_value>,
"listenpriority":<Double_value>,
"tcpprofilename":<String_value>,
"httpprofilename":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"vstype":<Double_value>,
"ngname":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"secondary":<Boolean_value>,
"groupextraction":<Boolean_value>,
"certkeynames":<String_value>
}]}
<!--NeedCopy-->
get
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>
Query-parameters:
attrs
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>?attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
view
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>?view=summary
Note:By default, the retrieved results are displayed in detail view (?view=detail).
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "authenticationvserver": [ {
"name":<String_value>,
"ip":<String_value>,
"td":<Double_value>,
"ipv46":<String_value>,
"value":<String_value>,
"port":<Integer_value>,
"range":<Double_value>,
"servicetype":<String_value>,
"type":<String_value>,
"curstate":<String_value>,
"status":<Integer_value>,
"cachetype":<String_value>,
"redirect":<String_value>,
"precedence":<String_value>,
"redirecturl":<String_value>,
"authentication":<String_value>,
"curaaausers":<Double_value>,
"authenticationdomain":<String_value>,
"policyname":<String_value>,
"policy":<String_value>,
"servicename":<String_value>,
"weight":<Double_value>,
"cachevserver":<String_value>,
"backupvserver":<String_value>,
"clttimeout":<Double_value>,
"somethod":<String_value>,
"sothreshold":<Double_value>,
"sopersistence":<String_value>,
"sopersistencetimeout":<Double_value>,
"priority":<Double_value>,
"downstateflush":<String_value>,
"disableprimaryondown":<String_value>,
"listenpolicy":<String_value>,
"listenpriority":<Double_value>,
"tcpprofilename":<String_value>,
"httpprofilename":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"vstype":<Double_value>,
"ngname":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"secondary":<Boolean_value>,
"groupextraction":<Boolean_value>,
"certkeynames":<String_value>
}]}
<!--NeedCopy-->
count
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?count=yes
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "authenticationvserver": [ { "__count": "#no"} ] }
<!--NeedCopy-->
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.