-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
videooptimizationdetectionpolicy_videooptimizationglobaldetection_binding
-
videooptimizationdetectionpolicylabel_videooptimizationdetectionpolicy_binding
-
videooptimizationglobaldetection_videooptimizationdetectionpolicy_binding
-
videooptimizationglobalpacing_videooptimizationpacingpolicy_binding
-
videooptimizationpacingpolicy_videooptimizationglobalpacing_binding
-
videooptimizationpacingpolicylabel_videooptimizationpacingpolicy_binding
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
authenticationoauthaction
Configuration for OAuth authentication action resource.
Properties
(click to see Operations )
| Name | Data Type | Permissions | Description |
|---|---|---|---|
| name |
|
Read-write | Name for the OAuth Authentication action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the profile is created. The following requirement applies only to the Citrix ADC CLI If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication action” or ‘my authentication action’). Minimum length = 1 |
| oauthtype |
|
Read-write | Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.
Default value: GENERIC Possible values = GENERIC, INTUNE |
| authorizationendpoint |
|
Read-write | Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction. |
| tokenendpoint |
|
Read-write | URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured. |
| idtokendecryptendpoint |
|
Read-write | URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured. |
| clientid |
|
Read-write | Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID.
Minimum length = 1 |
| clientsecret |
|
Read-write | Secret string established by user and authorization server.
Minimum length = 1 |
| defaultauthenticationgroup |
|
Read-write | This is the default group that is chosen when the authentication succeeds in addition to extracted groups. |
| oauthmiscflags | <String[]> | Read-write | Option to set/unset miscellaneous feature flags.
Available values function as follows
|
| attribute1 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1. |
| attribute2 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2. |
| attribute3 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3. |
| attribute4 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4. |
| attribute5 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5. |
| attribute6 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6. |
| attribute7 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7. |
| attribute8 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8. |
| attribute9 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9. |
| attribute10 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10. |
| attribute11 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11. |
| attribute12 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12. |
| attribute13 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13. |
| attribute14 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14. |
| attribute15 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15. |
| attribute16 |
|
Read-write | Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16. |
| attributes |
|
Read-write | List of attribute names separated by ‘,’ which needs to be extracted.
Note that preceding and trailing spaces will be removed. Attribute name can be 127 bytes and total length of this string should not cross 1023 bytes. These attributes have multi-value support separated by ‘,’ and stored as key-value pair in AAA session. |
| tenantid |
|
Read-write | TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier. |
| graphendpoint |
|
Read-write | URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints. |
| refreshinterval |
|
Read-write | Interval at which services are monitored for necessary configuration.
Default value: 1440 |
| certendpoint |
|
Read-write | URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification. |
| audience |
|
Read-write | Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient. |
| usernamefield |
|
Read-write | Attribute in the token from which username should be extracted.
Minimum length = 1 |
| skewtime |
|
Read-write | This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
Default value: 5 |
| issuer |
|
Read-write | Identity of the server whose tokens are to be accepted. |
| userinfourl |
|
Read-write | URL to which OAuth access token will be posted to obtain user information. |
| certfilepath |
|
Read-write | Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification. |
| granttype |
|
Read-write | Grant type support. value can be code or password.
Default value: CODE Possible values = CODE, PASSWORD |
| authentication |
|
Read-write | If authentication is disabled, password is not sent in the request. .
Default value: ENABLED Possible values = ENABLED, DISABLED |
| introspecturl |
|
Read-write | URL to which access token would be posted for validation. |
| allowedalgorithms | <String[]> | Read-write | Multivalued option to specify allowed token verification algorithms. .
Default value: OAUTH_ALG_ALL Possible values = HS256, RS256, RS512 |
| pkce |
|
Read-write | Option to enable/disable PKCE flow during authentication. .
Default value: ENABLED Possible values = ENABLED, DISABLED |
| tokenendpointauthmethod |
|
Read-write | Option to select the variant of token authentication method. This method is used while exchanging code with IdP. .
Default value: client_secret_post, Possible values = client_secret_post, client_secret_jwt, private_key_jwt, client_secret_basic |
| metadataurl |
|
Read-write | Well-known configuration endpoint of the Authorization Server. Citrix ADC fetches server details from this endpoint. . |
| resourceuri |
|
Read-write | Resource URL for Oauth configuration. |
| requestattribute |
|
Read-write | Name-Value pairs of attributes to be inserted in request parameter. Configuration format is name=value_expr@@@name2=value2_expr@@@.
’@@@’ is used as delimiter between Name-Value pairs. name is a literal string whose value is 127 characters and does not contain ‘=’ character. Value is advanced policy expression terminated by @@@ delimiter. Last value need not contain the delimiter. |
| intunedeviceidexpression |
|
Read-write | The expression that will be evaluated to obtain IntuneDeviceId for compliance check against IntuneNAC device compliance endpoint. The expression is applicable when the OAuthType is INTUNE. The maximum length allowed to be used as IntuneDeviceId for the device compliance check from the computed response after the expression evaluation is 41.
Examples
add authentication oauthAction |
| oauthstatus |
|
Read-only | Describes status information of oauth server.
Default value: INIT Possible values = INIT, CERTFETCH, AADFORGRAPH, GRAPH, AADFORMDM, MDMINFO, COMPLETE |
| _nextgenapiresource |
|
Read-only | . |
| __count |
|
Read-only | count parameter |
Operations
(click to see Properties )
- ADD
- DELETE
- UPDATE
- UNSET
- GET (ALL)
- GET
- COUNT
Some options that you can use for each operations:
-
Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:
http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.
-
Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER: <username>
X-NITRO-PASS: <password>
Note: In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
*Note:
*
Mandatory parameters are marked in
red
and placeholder content is marked in
green
unset
URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? action=unset
HTTP Method: POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"authenticationoauthaction":{
<b>"name":<String_value>,
</b>"oauthtype":true,
"idtokendecryptendpoint":true,
"defaultauthenticationgroup":true,
"oauthmiscflags":true,
"attribute1":true,
"attribute2":true,
"attribute3":true,
"attribute4":true,
"attribute5":true,
"attribute6":true,
"attribute7":true,
"attribute8":true,
"attribute9":true,
"attribute10":true,
"attribute11":true,
"attribute12":true,
"attribute13":true,
"attribute14":true,
"attribute15":true,
"attribute16":true,
"attributes":true,
"graphendpoint":true,
"refreshinterval":true,
"certendpoint":true,
"audience":true,
"usernamefield":true,
"skewtime":true,
"issuer":true,
"userinfourl":true,
"certfilepath":true,
"authentication":true,
"introspecturl":true,
"allowedalgorithms":true,
"pkce":true,
"tokenendpointauthmethod":true,
"metadataurl":true,
"resourceuri":true,
"requestattribute":true,
"intunedeviceidexpression":true
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
delete
URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction/ name_value<String>
HTTP Method: DELETE
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
update
URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction
HTTP Method: PUT
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"authenticationoauthaction":{
<b>"name":<String_value>,
</b>"oauthtype":<String_value>,
"authorizationendpoint":<String_value>,
"tokenendpoint":<String_value>,
"idtokendecryptendpoint":<String_value>,
"clientid":<String_value>,
"clientsecret":<String_value>,
"defaultauthenticationgroup":<String_value>,
"oauthmiscflags":<String[]_value>,
"attribute1":<String_value>,
"attribute2":<String_value>,
"attribute3":<String_value>,
"attribute4":<String_value>,
"attribute5":<String_value>,
"attribute6":<String_value>,
"attribute7":<String_value>,
"attribute8":<String_value>,
"attribute9":<String_value>,
"attribute10":<String_value>,
"attribute11":<String_value>,
"attribute12":<String_value>,
"attribute13":<String_value>,
"attribute14":<String_value>,
"attribute15":<String_value>,
"attribute16":<String_value>,
"attributes":<String_value>,
"tenantid":<String_value>,
"graphendpoint":<String_value>,
"refreshinterval":<Integer_value>,
"certendpoint":<String_value>,
"audience":<String_value>,
"usernamefield":<String_value>,
"skewtime":<Integer_value>,
"issuer":<String_value>,
"userinfourl":<String_value>,
"certfilepath":<String_value>,
"granttype":<String_value>,
"authentication":<String_value>,
"introspecturl":<String_value>,
"allowedalgorithms":<String[]_value>,
"pkce":<String_value>,
"tokenendpointauthmethod":<String_value>,
"metadataurl":<String_value>,
"resourceuri":<String_value>,
"requestattribute":<String_value>,
"intunedeviceidexpression":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
add
URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction
HTTP Method: POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"authenticationoauthaction":{
<b>"name":<String_value>,
</b>"oauthtype":<String_value>,
"authorizationendpoint":<String_value>,
"tokenendpoint":<String_value>,
"idtokendecryptendpoint":<String_value>,
"clientid":<String_value>,
"clientsecret":<String_value>,
"defaultauthenticationgroup":<String_value>,
"oauthmiscflags":<String[]_value>,
"attribute1":<String_value>,
"attribute2":<String_value>,
"attribute3":<String_value>,
"attribute4":<String_value>,
"attribute5":<String_value>,
"attribute6":<String_value>,
"attribute7":<String_value>,
"attribute8":<String_value>,
"attribute9":<String_value>,
"attribute10":<String_value>,
"attribute11":<String_value>,
"attribute12":<String_value>,
"attribute13":<String_value>,
"attribute14":<String_value>,
"attribute15":<String_value>,
"attribute16":<String_value>,
"attributes":<String_value>,
"tenantid":<String_value>,
"graphendpoint":<String_value>,
"refreshinterval":<Integer_value>,
"certendpoint":<String_value>,
"audience":<String_value>,
"usernamefield":<String_value>,
"skewtime":<Integer_value>,
"issuer":<String_value>,
"userinfourl":<String_value>,
"certfilepath":<String_value>,
"granttype":<String_value>,
"authentication":<String_value>,
"introspecturl":<String_value>,
"allowedalgorithms":<String[]_value>,
"pkce":<String_value>,
"tokenendpointauthmethod":<String_value>,
"metadataurl":<String_value>,
"resourceuri":<String_value>,
"requestattribute":<String_value>,
"intunedeviceidexpression":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 201 Created
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
get (all)
URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction
Query-parameters:
attrs
http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
filter
http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? filter=property-name1:property-val1,property-name2:property-val2
Use this query-parameter to get the filtered set of authenticationoauthaction resources configured on NetScaler.Filtering can be done on any of the properties of the resource.
view
http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? view=summary
Use this query-parameter to get the summary output of authenticationoauthaction resources configured on NetScaler.
Note: By default, the retrieved results are displayed in detail view (?view=detail).
pagination
http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? pagesize=#no;pageno=#no
Use this query-parameter to get the authenticationoauthaction resources in chunks.
HTTP Method: GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Accept:application/json
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
Response Header:
Content-Type:application/json
Response Payload:
{ "authenticationoauthaction": [ {
"name":<String_value>,
"authorizationendpoint":<String_value>,
"tokenendpoint":<String_value>,
"idtokendecryptendpoint":<String_value>,
"clientid":<String_value>,
"clientsecret":<String_value>,
"defaultauthenticationgroup":<String_value>,
"oauthmiscflags":<String[]_value>,
"attribute1":<String_value>,
"attribute2":<String_value>,
"attribute3":<String_value>,
"attribute4":<String_value>,
"attribute5":<String_value>,
"attribute6":<String_value>,
"attribute7":<String_value>,
"attribute8":<String_value>,
"attribute9":<String_value>,
"attribute10":<String_value>,
"attribute11":<String_value>,
"attribute12":<String_value>,
"attribute13":<String_value>,
"attribute14":<String_value>,
"attribute15":<String_value>,
"attribute16":<String_value>,
"attributes":<String_value>,
"tenantid":<String_value>,
"graphendpoint":<String_value>,
"refreshinterval":<Integer_value>,
"certendpoint":<String_value>,
"oauthtype":<String_value>,
"audience":<String_value>,
"usernamefield":<String_value>,
"skewtime":<Integer_value>,
"issuer":<String_value>,
"oauthstatus":<String_value>,
"userinfourl":<String_value>,
"certfilepath":<String_value>,
"granttype":<String_value>,
"authentication":<String_value>,
"introspecturl":<String_value>,
"allowedalgorithms":<String[]_value>,
"pkce":<String_value>,
"tokenendpointauthmethod":<String_value>,
"metadataurl":<String_value>,
"resourceuri":<String_value>,
"requestattribute":<String_value>,
"intunedeviceidexpression":<String_value>,
"_nextgenapiresource":<String_value>
}]}
<!--NeedCopy-->
get
URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction/ name_value<String>
Query-parameters:
attrs
http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction/ name_value<String> ? attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
view
http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction/ name_value<String> ? view=summary
Use this query-parameter to get the summary output of authenticationoauthaction resources configured on NetScaler.
Note: By default, the retrieved results are displayed in detail view (?view=detail).
HTTP Method: GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Accept:application/json
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
Response Header:
Content-Type:application/json
Response Payload:
{ "authenticationoauthaction": [ {
"name":<String_value>,
"authorizationendpoint":<String_value>,
"tokenendpoint":<String_value>,
"idtokendecryptendpoint":<String_value>,
"clientid":<String_value>,
"clientsecret":<String_value>,
"defaultauthenticationgroup":<String_value>,
"oauthmiscflags":<String[]_value>,
"attribute1":<String_value>,
"attribute2":<String_value>,
"attribute3":<String_value>,
"attribute4":<String_value>,
"attribute5":<String_value>,
"attribute6":<String_value>,
"attribute7":<String_value>,
"attribute8":<String_value>,
"attribute9":<String_value>,
"attribute10":<String_value>,
"attribute11":<String_value>,
"attribute12":<String_value>,
"attribute13":<String_value>,
"attribute14":<String_value>,
"attribute15":<String_value>,
"attribute16":<String_value>,
"attributes":<String_value>,
"tenantid":<String_value>,
"graphendpoint":<String_value>,
"refreshinterval":<Integer_value>,
"certendpoint":<String_value>,
"oauthtype":<String_value>,
"audience":<String_value>,
"usernamefield":<String_value>,
"skewtime":<Integer_value>,
"issuer":<String_value>,
"oauthstatus":<String_value>,
"userinfourl":<String_value>,
"certfilepath":<String_value>,
"granttype":<String_value>,
"authentication":<String_value>,
"introspecturl":<String_value>,
"allowedalgorithms":<String[]_value>,
"pkce":<String_value>,
"tokenendpointauthmethod":<String_value>,
"metadataurl":<String_value>,
"resourceuri":<String_value>,
"requestattribute":<String_value>,
"intunedeviceidexpression":<String_value>,
"_nextgenapiresource":<String_value>
}]}
<!--NeedCopy-->
count
URL: http:// <netscaler-ip-address> /nitro/v1/config/authenticationoauthaction? count=yes
HTTP Method: GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Accept:application/json
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
Response Header:
Content-Type:application/json
Response Payload:
{ "authenticationoauthaction": [ { "__count": "#no"} ] }
<!--NeedCopy-->
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.