ADC CLI Commands

authentication-certAction

The following operations can be performed on “authentication-certAction”:

add unset rm set show

add authentication certAction

Adds an action (profile) for a client certificate (cert) authentication server. The profile contains all configuration data necessary to communicate with that client cert authentication server.

Synopsis

add authentication certAction [-twoFactor ( ON | OFF )] [-userNameField ] [-groupNameField ] [-defaultAuthenticationGroup ]

Arguments

name Name for the client cert authentication server profile (action). Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after certifcate action is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication action” or ‘my authentication action’).

twoFactor Enables or disables two-factor authentication. Two factor authentication is client cert authentication followed by password authentication.

Possible values: ON, OFF Default value: OFF

userNameField Client-cert field from which the username is extracted. Must be set to either ““Subject”” and ““Issuer”” (include both sets of double quotation marks). Format: :.

groupNameField Client-cert field from which the group is extracted. Must be set to either ““Subject”” and ““Issuer”” (include both sets of double quotation marks). Format: :

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Example

add authentication certaction -twoFactor ON -userNameField “Subject:CN” -groupNameField “Subject:OU”

unset authentication certAction

Use this command to remove authentication certAction settings.Refer to the set authentication certAction command for meanings of the arguments.

Synopsis

unset authentication certAction [-twoFactor] [-userNameField] [-groupNameField] [-defaultAuthenticationGroup]

rm authentication certAction

Removes an existing client cert authentication server profile (action).

Synopsis

rm authentication certAction

Arguments

name Name of the profile to be removed.

set authentication certAction

Configures a client cert authentication server profile (action).

Synopsis

set authentication certAction [-twoFactor ( ON | OFF )] [-userNameField ] [-groupNameField ] [-defaultAuthenticationGroup ]

Arguments

name Name of the client cert server profile.

twoFactor Enables or disables two-factor authentication. Two factor authentication is client cert authentication followed by password authentication.

Possible values: ON, OFF Default value: OFF

userNameField Client-cert field from which the username is extracted. Must be set to either ““Subject”” and ““Issuer”” (include both sets of double quotation marks). Format: :.

groupNameField Client-cert field from which the group is extracted. Must be set to either ““Subject”” and ““Issuer”” (include both sets of double quotation marks). Format: :

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Example

set authentication certaction -twoFactor ON -userNameField “Subject:CN” -groupNameField “Subject:OU”

show authentication certAction

Displays the current configuration settings for the specified client cert authentication server profile (action).

Synopsis

show authentication certAction []

Arguments

name Name of the client cert server profile (action).

Output

twoFactor The state of two factor authentication.

userNameField The field in the certificate from which the username will be extracted.

groupNameField The field in the certificate from which the group will be extracted.

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

stateflag devno count

authentication-certAction