-
-
aaaparameter
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
videooptimizationdetectionpolicylabel_videooptimizationdetectionpolicy_binding
-
videooptimizationdetectionpolicy_videooptimizationglobaldetection_binding
-
videooptimizationglobaldetection_videooptimizationdetectionpolicy_binding
-
videooptimizationglobalpacing_videooptimizationpacingpolicy_binding
-
videooptimizationpacingpolicylabel_videooptimizationpacingpolicy_binding
-
videooptimizationpacingpolicy_videooptimizationglobalpacing_binding
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
aaaparameter
Configuration for AAA parameter resource.
Properties
(click to see Operations )
| Name | Data Type | Permissions | Description |
|---|---|---|---|
| enablestaticpagecaching |
|
Read-write | The default state of VPN Static Page caching. Static Page caching is enabled by default.
Default value: YES Possible values = YES, NO |
| enableenhancedauthfeedback |
|
Read-write | Enhanced auth feedback provides more information to the end user about the reason for an authentication failure. The default value is set to NO.
Default value: NO Possible values = YES, NO |
| defaultauthtype |
|
Read-write | The default authentication server type.
Default value: LOCAL Possible values = LOCAL, LDAP, RADIUS, TACACS, CERT |
| maxaaausers |
|
Read-write | Maximum number of concurrent users allowed to log on to VPN simultaneously.
Minimum value = 1 |
| maxloginattempts |
|
Read-write | Maximum Number of login Attempts.
Minimum value = 1 |
| failedlogintimeout |
|
Read-write | Number of minutes an account will be locked if user exceeds maximum permissible attempts.
Minimum value = 1 Maximum value = 525600 |
| aaadnatip |
|
Read-write | Source IP address to use for traffic that is sent to the authentication server. |
| enablesessionstickiness |
|
Read-write | Enables/Disables stickiness to authentication servers.
Default value: NO Possible values = YES, NO |
| aaasessionloglevel |
|
Read-write | Audit log level, which specifies the types of events to log for cli executed commands.
Available values function as follows
|
| aaadloglevel |
|
Read-write | AAAD log level, which specifies the types of AAAD events to log in nsvpn.log.
Available values function as follows
|
| dynaddr |
|
Read-write | Set by the DHCP client when the IP address was fetched dynamically.
Default value: OFF Possible values = ON, OFF |
| ftmode |
|
Read-write | First time user mode determines which configuration options are shown by default when logging in to the GUI. This setting is controlled by the GUI.
Default value: ON Possible values = ON, HA, OFF |
| maxsamldeflatesize |
|
Read-write | This will set the maximum deflate size in case of SAML Redirect binding. |
| persistentloginattempts |
|
Read-write | Persistent storage of unsuccessful user login attempts.
Default value: DISABLED Possible values = ENABLED, DISABLED |
| pwdexpirynotificationdays |
|
Read-write | This will set the threshold time in days for password expiry notification. Default value is 0, which means no notification is sent. |
| maxkbquestions |
|
Read-write | This will set maximum number of Questions to be asked for KB Validation. Default value is 2, Max Value is 6.
Minimum value = 2 Maximum value = 6 |
| loginencryption |
|
Read-write | Parameter to encrypt login information for nFactor flow.
Default value: DISABLED Possible values = ENABLED, DISABLED |
| samesite |
|
Read-write | SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite.
Possible values = None, LAX, STRICT |
| apitokencache |
|
Read-write | Option to enable/disable API cache feature.
Default value: DISABLED Possible values = ENABLED, DISABLED |
| tokenintrospectioninterval |
|
Read-write | Frequency at which a token must be verified at the Authorization Server (AS) despite being found in cache. |
| defaultcspheader |
|
Read-write | Parameter to enable/disable default CSP header.
Default value: DISABLED Possible values = ENABLED, DISABLED |
| httponlycookie |
|
Read-write | Parameter to set/reset HttpOnly Flag for NSC_AAAC/NSC_TMAS cookies in nfactor.
Default value: DISABLED Possible values = ENABLED, DISABLED |
| enhancedepa |
|
Read-write | Parameter to enable/disable EPA v2 functionality.
Default value: DISABLED Possible values = ENABLED, DISABLED |
| wafprotection | <String[]> | Read-write | Entities for which WAF Protection need to be applied.
Available settings function as follows
|
| securityinsights |
|
Read-write | On enabling this option, the Citrix ADC will send the security insight records to the configured collectors when request comes to Authentication endpoint.
* If cs vserver is frontend with Authentication vserver as target for cs action, then record is sent using Authentication vserver name. * If vpn/lb/cs vserver are configured with Authentication ON, then then record is sent using vpn/lb/cs vserver name accordingly. * If authentication vserver is frontend, then record is sent using Authentication vserver name. Default value: DISABLED Possible values = ENABLED, DISABLED |
| builtin | <String[]> | Read-only | Flag to determine if aaa param is built-in or not.
Possible values = MODIFIABLE, DELETABLE, IMMUTABLE, PARTITION_ALL |
| feature |
|
Read-only | The feature to be checked while applying this config. |
Operations
(click to see Properties )
- UPDATE
- UNSET
- GET (ALL)
Some options that you can use for each operations:
-
Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:
http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.
-
Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER: <username>
X-NITRO-PASS: <password>
Note: In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
*Note:
*
Mandatory parameters are marked in
red
and placeholder content is marked in
green
unset
URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaparameter? action=unset HTTP Method: POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"aaaparameter":{
"enablestaticpagecaching":true,
"enableenhancedauthfeedback":true,
"defaultauthtype":true,
"maxaaausers":true,
"aaadnatip":true,
"maxloginattempts":true,
"enablesessionstickiness":true,
"maxsamldeflatesize":true,
"persistentloginattempts":true,
"pwdexpirynotificationdays":true,
"maxkbquestions":true,
"aaasessionloglevel":true,
"aaadloglevel":true,
"dynaddr":true,
"ftmode":true,
"loginencryption":true,
"samesite":true,
"apitokencache":true,
"tokenintrospectioninterval":true,
"defaultcspheader":true,
"httponlycookie":true,
"enhancedepa":true,
"wafprotection":true,
"securityinsights":true
}}
<!--NeedCopy-->
Response: HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
update
URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaparameter HTTP Method: PUT
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"aaaparameter":{
"enablestaticpagecaching":<String_value>,
"enableenhancedauthfeedback":<String_value>,
"defaultauthtype":<String_value>,
"maxaaausers":<Double_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"aaadnatip":<String_value>,
"enablesessionstickiness":<String_value>,
"aaasessionloglevel":<String_value>,
"aaadloglevel":<String_value>,
"dynaddr":<String_value>,
"ftmode":<String_value>,
"maxsamldeflatesize":<Double_value>,
"persistentloginattempts":<String_value>,
"pwdexpirynotificationdays":<Double_value>,
"maxkbquestions":<Double_value>,
"loginencryption":<String_value>,
"samesite":<String_value>,
"apitokencache":<String_value>,
"tokenintrospectioninterval":<Double_value>,
"defaultcspheader":<String_value>,
"httponlycookie":<String_value>,
"enhancedepa":<String_value>,
"wafprotection":<String[]_value>,
"securityinsights":<String_value>
}}
<!--NeedCopy-->
Response: HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
get (all)
URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaparameter HTTP Method: GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Accept:application/json
Response: HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
Response Header:
Content-Type:application/json
Response Payload:
{ "aaaparameter": [ {
"enablestaticpagecaching":<String_value>,
"enableenhancedauthfeedback":<String_value>,
"defaultauthtype":<String_value>,
"maxaaausers":<Double_value>,
"aaadnatip":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"enablesessionstickiness":<String_value>,
"aaasessionloglevel":<String_value>,
"aaadloglevel":<String_value>,
"dynaddr":<String_value>,
"ftmode":<String_value>,
"maxsamldeflatesize":<Double_value>,
"persistentloginattempts":<String_value>,
"pwdexpirynotificationdays":<Double_value>,
"maxkbquestions":<Double_value>,
"builtin":<String[]_value>,
"feature":<String_value>,
"loginencryption":<String_value>,
"samesite":<String_value>,
"apitokencache":<String_value>,
"tokenintrospectioninterval":<Double_value>,
"defaultcspheader":<String_value>,
"httponlycookie":<String_value>,
"enhancedepa":<String_value>,
"wafprotection":<String[]_value>,
"securityinsights":<String_value>
}]}
<!--NeedCopy-->
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.