authentication-policylabel¶
The following operations can be performed on "authentication-policylabel":
stat| unbind| rename| add| rm| show| bind|
stat authentication policylabel¶
Displays statistics for the specified authentication policy label. If no authentication policy label is specified, displays a list of all authentication policy labels.
Synopsis¶
stat authentication policylabel [
Arguments¶
labelName Name of the authentication policy label.
detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.
fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated
ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0
logFile The name of the log file to be used as input.
clearstats Clear the statsistics / counters
Possible values: basic, full
Output¶
count devno stateflag
Counters¶
Policy Label Hits (Hits) Number of times policy label was invoked.
Related Commands¶
unbind authentication policylabel¶
Unbinds the specified policy from the specified authorization policy label.
Synopsis¶
unbind authentication policylabel
Arguments¶
labelName Name for the new authentication policy label. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication policy label" or 'authentication policy label').
policyName Name of the authentication policy to bind to the policy label.
priority Priority of the NOPOLICY to be unbound. Minimum value: 1 Maximum value: 2147483647
Example¶
unbind authorization policylabel trans_http_url pol_1
rename authentication policylabel¶
Rename a authn policy label.
Synopsis¶
rename authentication policylabel
Arguments¶
labelName The name of the auth policy label
newName The new name of the auth policy label
Example¶
rename authn policy label oldname newname
add authentication policylabel¶
Creates a user-defined authentication policy label.
Synopsis¶
add authentication policylabel
Arguments¶
labelName Name for the new authentication policy label. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication policy label" or 'authentication policy label').
type Type of feature (aaatm or rba) against which to match the policies bound to this policy label.
Possible values: AAATM_REQ, RBA_REQ Default value: AAATM_REQ
comment Any comments to preserve information about this authentication policy label.
loginSchema Login schema associated with authentication policy label. Login schema defines the UI rendering by providing customization option of the fields. If user intervention is not needed for a given factor such as group extraction, a loginSchema whose authentication schema is "noschema" should be used.
Example¶
add authentication policylabel trans_http_url
rm authentication policylabel¶
Removes an authorization policy label.
Synopsis¶
rm authentication policylabel
Arguments¶
labelName Name of the authorization policy label to remove.
Example¶
rm authorization policylabel trans_http_url
show authentication policylabel¶
Displays the current settings for the specified authentication policy label. If no policy name is provided, displays a list of all authentication policy labels currently configured on the Citrix ADC.
Synopsis¶
show authentication policylabel [
Arguments¶
labelName Name of the authorization policy label.
Output¶
stateflag numpol Number of polices bound to label.
hits Number of times policy label was invoked.
policyName Name of the authentication policy to bind to the policy label.
priority Specifies the priority of the policy.
gotoPriorityExpression Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
flowType Flowtype of the bound authentication policy.
description Description of the policylabel
flags nextFactor On success invoke label.
comment Any comments to preserve information about this authentication policy label.
loginSchema Login schema associated with authentication policy label. Login schema defines the UI rendering by providing customization option of the fields. If user intervention is not needed for a given factor such as group extraction, a loginSchema whose authentication schema is "noschema" should be used.
type Type of feature (aaatm or rba) against which to match the policies bound to this policy label.
devno count
Example¶
i)show authentication policylabel trans_http_url ii)show authentication policylabel
bind authentication policylabel¶
Binds an authentication policy to
Synopsis¶
bind authentication policylabel
Arguments¶
labelName Name of the authentication policy label to which to bind the policy.
policyName Name of the authentication policy to bind to the policy label.
priority Positive integer specifying the priority of the policy. The lower the number, the higher the priority. Policies within a label are evaluated in the order of their priority numbers. Minimum value: 1 Maximum value: 2147483647
gotoPriorityExpression Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE. Specify one of the following values: * NEXT - Evaluate the policy with the next higher priority number. * END - End policy evaluation. * USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT. * An expression that evaluates to a number. If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows: * If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next. * If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next. * If the expression evaluates to a number that is larger than the largest numbered priority, policy evaluation ends. An UNDEF event is triggered if: * The expression is invalid. * The expression evaluates to a priority number that is smaller than the current policy's priority number. * The expression evaluates to a priority number that is between the current policy's priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.
nextFactor On success invoke label.
Example¶
i)bind authentication policylabel authn_label_1 -policyName authn_pol_1 -priority 1 ii)bind authentication policylabel authn_label_2 -policyName authn_pol_2 -priority 2 -nextFactor authn_label_1 -gotoPriorityExpression next