ADC NITRO APIs

authenticationoauthaction

Configuration for OAuth authentication action resource.

Properties

(click to see Operations )

Name Data Type Permissions Description
name Read-write Name for the OAuth Authentication action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the profile is created. The following requirement applies only to the Citrix ADC CLI If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication action” or ‘my authentication action’). Minimum length = 1
oauthtype Read-write Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.

Default value: GENERIC

Possible values = GENERIC, INTUNE, ATHENA
authorizationendpoint Read-write Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction.
tokenendpoint Read-write URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured.
idtokendecryptendpoint Read-write URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured.
clientid Read-write Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID.

Minimum length = 1
clientsecret Read-write Secret string established by user and authorization server.

Minimum length = 1
defaultauthenticationgroup Read-write This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
attribute1 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1.
attribute2 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2.
attribute3 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3.
attribute4 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4.
attribute5 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5.
attribute6 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6.
attribute7 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7.
attribute8 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8.
attribute9 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9.
attribute10 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10.
attribute11 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11.
attribute12 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12.
attribute13 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13.
attribute14 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14.
attribute15 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15.
attribute16 Read-write Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16.
attributes Read-write List of attribute names separated by ‘,’ which needs to be extracted.

Note that preceding and trailing spaces will be removed.

Attribute name can be 127 bytes and total length of this string should not cross 1023 bytes.

These attributes have multi-value support separated by ‘,’ and stored as key-value pair in AAA session.
tenantid Read-write TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.
graphendpoint Read-write URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.
refreshinterval Read-write Interval at which services are monitored for necessary configuration.

Default value: 1440
certendpoint Read-write URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
audience Read-write Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient.
usernamefield Read-write Attribute in the token from which username should be extracted.

Minimum length = 1
skewtime Read-write This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

Default value: 5
issuer Read-write Identity of the server whose tokens are to be accepted.
userinfourl Read-write URL to which OAuth access token will be posted to obtain user information.
certfilepath Read-write Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
granttype Read-write Grant type support. value can be code or password.

Default value: CODE

Possible values = CODE, PASSWORD
authentication Read-write If authentication is disabled, password is not sent in the request. .

Default value: ENABLED

Possible values = ENABLED, DISABLED
introspecturl Read-write URL to which access token would be posted for validation.
allowedalgorithms <String[]> Read-write Multivalued option to specify allowed token verification algorithms. .

Default value: OAUTH_ALG_ALL

Possible values = HS256, RS256, RS512
pkce Read-write Option to enable/disable PKCE flow during authentication. .

Default value: ENABLED

Possible values = ENABLED, DISABLED
tokenendpointauthmethod Read-write Option to select the variant of token authentication method. This method is used while exchanging code with IdP. .

Default value: client_secret_post,

Possible values = client_secret_post, client_secret_jwt, private_key_jwt, client_secret_basic
metadataurl Read-write Well-known configuration endpoint of the Authorization Server. Citrix ADC fetches server details from this endpoint. .
resourceuri Read-write Resource URL for Oauth configuration.
oauthstatus Read-only Describes status information of oauth server.

Default value: INIT

Possible values = INIT, CERTFETCH, AADFORGRAPH, GRAPH, AADFORMDM, MDMINFO, COMPLETE
__count Read-only count parameter

Operations

(click to see Properties )

  • ADD
  • DELETE
  • UPDATE
  • UNSET
  • GET (ALL)
  • GET
  • COUNT

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER: <username>

    X-NITRO-PASS: <password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

*Note: * Mandatory parameters are marked in red and placeholder content is marked in green

add

URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:

{"authenticationoauthaction":{
<b>"name":<String_value>,
</b>"oauthtype":<String_value>,
"authorizationendpoint":<String_value>,
"tokenendpoint":<String_value>,
"idtokendecryptendpoint":<String_value>,
"clientid":<String_value>,
"clientsecret":<String_value>,
"defaultauthenticationgroup":<String_value>,
"attribute1":<String_value>,
"attribute2":<String_value>,
"attribute3":<String_value>,
"attribute4":<String_value>,
"attribute5":<String_value>,
"attribute6":<String_value>,
"attribute7":<String_value>,
"attribute8":<String_value>,
"attribute9":<String_value>,
"attribute10":<String_value>,
"attribute11":<String_value>,
"attribute12":<String_value>,
"attribute13":<String_value>,
"attribute14":<String_value>,
"attribute15":<String_value>,
"attribute16":<String_value>,
"attributes":<String_value>,
"tenantid":<String_value>,
"graphendpoint":<String_value>,
"refreshinterval":<Double_value>,
"certendpoint":<String_value>,
"audience":<String_value>,
"usernamefield":<String_value>,
"skewtime":<Double_value>,
"issuer":<String_value>,
"userinfourl":<String_value>,
"certfilepath":<String_value>,
"granttype":<String_value>,
"authentication":<String_value>,
"introspecturl":<String_value>,
"allowedalgorithms":<String[]_value>,
"pkce":<String_value>,
"tokenendpointauthmethod":<String_value>,
"metadataurl":<String_value>,
"resourceuri":<String_value>
}}

<!--NeedCopy-->

Response: HTTP Status Code on Success: 201 Created

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

delete

URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction/ name_value<String> HTTP Method: DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

update

URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction HTTP Method: PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:

{"authenticationoauthaction":{
<b>"name":<String_value>,
</b>"oauthtype":<String_value>,
"authorizationendpoint":<String_value>,
"tokenendpoint":<String_value>,
"idtokendecryptendpoint":<String_value>,
"clientid":<String_value>,
"clientsecret":<String_value>,
"defaultauthenticationgroup":<String_value>,
"attribute1":<String_value>,
"attribute2":<String_value>,
"attribute3":<String_value>,
"attribute4":<String_value>,
"attribute5":<String_value>,
"attribute6":<String_value>,
"attribute7":<String_value>,
"attribute8":<String_value>,
"attribute9":<String_value>,
"attribute10":<String_value>,
"attribute11":<String_value>,
"attribute12":<String_value>,
"attribute13":<String_value>,
"attribute14":<String_value>,
"attribute15":<String_value>,
"attribute16":<String_value>,
"attributes":<String_value>,
"tenantid":<String_value>,
"graphendpoint":<String_value>,
"refreshinterval":<Double_value>,
"certendpoint":<String_value>,
"audience":<String_value>,
"usernamefield":<String_value>,
"skewtime":<Double_value>,
"issuer":<String_value>,
"userinfourl":<String_value>,
"certfilepath":<String_value>,
"granttype":<String_value>,
"authentication":<String_value>,
"introspecturl":<String_value>,
"allowedalgorithms":<String[]_value>,
"pkce":<String_value>,
"tokenendpointauthmethod":<String_value>,
"metadataurl":<String_value>,
"resourceuri":<String_value>
}}

<!--NeedCopy-->

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

unset

URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? action=unset HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:

{"authenticationoauthaction":{
<b>"name":<String_value>,
</b>"oauthtype":true,
"idtokendecryptendpoint":true,
"defaultauthenticationgroup":true,
"attribute1":true,
"attribute2":true,
"attribute3":true,
"attribute4":true,
"attribute5":true,
"attribute6":true,
"attribute7":true,
"attribute8":true,
"attribute9":true,
"attribute10":true,
"attribute11":true,
"attribute12":true,
"attribute13":true,
"attribute14":true,
"attribute15":true,
"attribute16":true,
"attributes":true,
"graphendpoint":true,
"refreshinterval":true,
"certendpoint":true,
"audience":true,
"usernamefield":true,
"skewtime":true,
"issuer":true,
"userinfourl":true,
"certfilepath":true,
"authentication":true,
"introspecturl":true,
"allowedalgorithms":true,
"pkce":true,
"tokenendpointauthmethod":true,
"metadataurl":true,
"resourceuri":true
}}

<!--NeedCopy-->

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction Query-parameters: attrs http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

filter http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? filter=property-name1:property-val1,property-name2:property-val2

Use this query-parameter to get the filtered set of authenticationoauthaction resources configured on NetScaler.Filtering can be done on any of the properties of the resource.

view http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? view=summary

Use this query-parameter to get the summary output of authenticationoauthaction resources configured on NetScaler.

Note: By default, the retrieved results are displayed in detail view (?view=detail).

pagination http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? pagesize=#no;pageno=#no

Use this query-parameter to get the authenticationoauthaction resources in chunks.

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:

{ "authenticationoauthaction": [ {
"name":<String_value>,
"authorizationendpoint":<String_value>,
"tokenendpoint":<String_value>,
"idtokendecryptendpoint":<String_value>,
"clientid":<String_value>,
"clientsecret":<String_value>,
"defaultauthenticationgroup":<String_value>,
"attribute1":<String_value>,
"attribute2":<String_value>,
"attribute3":<String_value>,
"attribute4":<String_value>,
"attribute5":<String_value>,
"attribute6":<String_value>,
"attribute7":<String_value>,
"attribute8":<String_value>,
"attribute9":<String_value>,
"attribute10":<String_value>,
"attribute11":<String_value>,
"attribute12":<String_value>,
"attribute13":<String_value>,
"attribute14":<String_value>,
"attribute15":<String_value>,
"attribute16":<String_value>,
"attributes":<String_value>,
"tenantid":<String_value>,
"graphendpoint":<String_value>,
"refreshinterval":<Double_value>,
"certendpoint":<String_value>,
"oauthtype":<String_value>,
"audience":<String_value>,
"usernamefield":<String_value>,
"skewtime":<Double_value>,
"issuer":<String_value>,
"oauthstatus":<String_value>,
"userinfourl":<String_value>,
"certfilepath":<String_value>,
"granttype":<String_value>,
"authentication":<String_value>,
"introspecturl":<String_value>,
"allowedalgorithms":<String[]_value>,
"pkce":<String_value>,
"tokenendpointauthmethod":<String_value>,
"metadataurl":<String_value>,
"resourceuri":<String_value>
}]}

<!--NeedCopy-->

get

URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction/ name_value<String> Query-parameters: attrs http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction/ name_value<String> ? attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

view http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction/ name_value<String> ? view=summary

Use this query-parameter to get the summary output of authenticationoauthaction resources configured on NetScaler.

Note: By default, the retrieved results are displayed in detail view (?view=detail).

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:

{  "authenticationoauthaction": [ {
"name":<String_value>,
"authorizationendpoint":<String_value>,
"tokenendpoint":<String_value>,
"idtokendecryptendpoint":<String_value>,
"clientid":<String_value>,
"clientsecret":<String_value>,
"defaultauthenticationgroup":<String_value>,
"attribute1":<String_value>,
"attribute2":<String_value>,
"attribute3":<String_value>,
"attribute4":<String_value>,
"attribute5":<String_value>,
"attribute6":<String_value>,
"attribute7":<String_value>,
"attribute8":<String_value>,
"attribute9":<String_value>,
"attribute10":<String_value>,
"attribute11":<String_value>,
"attribute12":<String_value>,
"attribute13":<String_value>,
"attribute14":<String_value>,
"attribute15":<String_value>,
"attribute16":<String_value>,
"attributes":<String_value>,
"tenantid":<String_value>,
"graphendpoint":<String_value>,
"refreshinterval":<Double_value>,
"certendpoint":<String_value>,
"oauthtype":<String_value>,
"audience":<String_value>,
"usernamefield":<String_value>,
"skewtime":<Double_value>,
"issuer":<String_value>,
"oauthstatus":<String_value>,
"userinfourl":<String_value>,
"certfilepath":<String_value>,
"granttype":<String_value>,
"authentication":<String_value>,
"introspecturl":<String_value>,
"allowedalgorithms":<String[]_value>,
"pkce":<String_value>,
"tokenendpointauthmethod":<String_value>,
"metadataurl":<String_value>,
"resourceuri":<String_value>
}]}

<!--NeedCopy-->

count

URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? count=yes HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:

{ "authenticationoauthaction": [ { "__count": "#no"} ] }

<!--NeedCopy-->
authenticationoauthaction