authentication-certAction¶
The following operations can be performed on "authentication-certAction":
add authentication certAction¶
Adds an action (profile) for a client certificate (cert) authentication server. The profile contains all configuration data necessary to communicate with that client cert authentication server.
Synopsis¶
add authentication certAction
Arguments¶
name Name for the client cert authentication server profile (action). Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after certifcate action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication action" or 'my authentication action').
twoFactor Enables or disables two-factor authentication. Two factor authentication is client cert authentication followed by password authentication.
Possible values: ON, OFF Default value: OFF
userNameField
Client-cert field from which the username is extracted. Must be set to either ""Subject"" and ""Issuer"" (include both sets of double quotation marks).
Format:
groupNameField
Client-cert field from which the group is extracted. Must be set to either ""Subject"" and ""Issuer"" (include both sets of double quotation marks).
Format:
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Example¶
add authentication certaction -twoFactor ON -userNameField "Subject:CN" -groupNameField "Subject:OU"
Related Commands¶
unset authentication certAction¶
Use this command to remove authentication certAction settings.Refer to the set authentication certAction command for meanings of the arguments.
Synopsis¶
unset authentication certAction
rm authentication certAction¶
Removes an existing client cert authentication server profile (action).
Synopsis¶
rm authentication certAction
Arguments¶
name Name of the profile to be removed.
set authentication certAction¶
Configures a client cert authentication server profile (action).
Synopsis¶
set authentication certAction
Arguments¶
name Name of the client cert server profile.
twoFactor Enables or disables two-factor authentication. Two factor authentication is client cert authentication followed by password authentication.
Possible values: ON, OFF Default value: OFF
userNameField
Client-cert field from which the username is extracted. Must be set to either ""Subject"" and ""Issuer"" (include both sets of double quotation marks).
Format:
groupNameField
Client-cert field from which the group is extracted. Must be set to either ""Subject"" and ""Issuer"" (include both sets of double quotation marks).
Format:
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Example¶
set authentication certaction -twoFactor ON -userNameField "Subject:CN" -groupNameField "Subject:OU"
Related Commands¶
show authentication certAction¶
Displays the current configuration settings for the specified client cert authentication server profile (action).
Synopsis¶
show authentication certAction [
Arguments¶
name Name of the client cert server profile (action).
Output¶
twoFactor The state of two factor authentication.
userNameField The field in the certificate from which the username will be extracted.
groupNameField The field in the certificate from which the group will be extracted.
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
stateflag devno count