ADC CLI Commands

authentication-policylabel

The following operations can be performed on “authentication-policylabel”:

stat unbind rename add rm show bind

stat authentication policylabel

Displays statistics for the specified authentication policy label. If no authentication policy label is specified, displays a list of all authentication policy labels.

Synopsis

stat authentication policylabel [] [-detail] [-fullValues] [-ntimes ] [-logFile ] [-clearstats ( basic | full )]

Arguments

labelName Name of the authentication policy label.

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

Output

count devno stateflag

Counters

Policy Label Hits (Hits) Number of times policy label was invoked.

unbind authentication policylabel

Unbinds the specified policy from the specified authorization policy label.

Synopsis

unbind authentication policylabel -policyName [-priority ]

Arguments

labelName Name for the new authentication policy label. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication policy label” or ‘authentication policy label’).

policyName Name of the authentication policy to bind to the policy label.

priority Priority of the NOPOLICY to be unbound. Minimum value: 1 Maximum value: 2147483647

Example

unbind authorization policylabel trans_http_url pol_1

rename authentication policylabel

Rename a authn policy label.

Synopsis

rename authentication policylabel @ @

Arguments

labelName The name of the auth policy label

newName The new name of the auth policy label

Example

rename authn policy label oldname newname

add authentication policylabel

Creates a user-defined authentication policy label.

Synopsis

add authentication policylabel [-type ( AAATM_REQ | RBA_REQ )] [-comment ] [-loginSchema ]

Arguments

labelName Name for the new authentication policy label. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication policy label” or ‘authentication policy label’).

type Type of feature (aaatm or rba) against which to match the policies bound to this policy label.

Possible values: AAATM_REQ, RBA_REQ Default value: AAATM_REQ

comment Any comments to preserve information about this authentication policy label.

loginSchema Login schema associated with authentication policy label. Login schema defines the UI rendering by providing customization option of the fields. If user intervention is not needed for a given factor such as group extraction, a loginSchema whose authentication schema is “noschema” should be used.

Example

add authentication policylabel trans_http_url

rm authentication policylabel

Removes an authorization policy label.

Synopsis

rm authentication policylabel

Arguments

labelName Name of the authorization policy label to remove.

Example

rm authorization policylabel trans_http_url

show authentication policylabel

Displays the current settings for the specified authentication policy label. If no policy name is provided, displays a list of all authentication policy labels currently configured on the Citrix ADC.

Synopsis

show authentication policylabel []

Arguments

labelName Name of the authorization policy label.

Output

stateflag numpol Number of polices bound to label.

hits Number of times policy label was invoked.

policyName Name of the authentication policy to bind to the policy label.

priority Specifies the priority of the policy.

gotoPriorityExpression Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

flowType Flowtype of the bound authentication policy.

description Description of the policylabel

flags nextFactor On success invoke label.

comment Any comments to preserve information about this authentication policy label.

loginSchema Login schema associated with authentication policy label. Login schema defines the UI rendering by providing customization option of the fields. If user intervention is not needed for a given factor such as group extraction, a loginSchema whose authentication schema is “noschema” should be used.

type Type of feature (aaatm or rba) against which to match the policies bound to this policy label.

devno count

Example

i)show authentication policylabel trans_http_url ii)show authentication policylabel

bind authentication policylabel

Binds an authentication policy to .

Synopsis

bind authentication policylabel -policyName -priority [-gotoPriorityExpression ] [-nextFactor ]

Arguments

labelName Name of the authentication policy label to which to bind the policy.

policyName Name of the authentication policy to bind to the policy label.

priority Positive integer specifying the priority of the policy. The lower the number, the higher the priority. Policies within a label are evaluated in the order of their priority numbers. Minimum value: 1 Maximum value: 2147483647

gotoPriorityExpression Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE. Specify one of the following values:

  • NEXT - Evaluate the policy with the next higher priority number.
  • END - End policy evaluation.
  • USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT.
  • An expression that evaluates to a number. If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows:
  • If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next.
  • If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next.
  • If the expression evaluates to a number that is larger than the largest numbered priority, policy evaluation ends. An UNDEF event is triggered if:
  • The expression is invalid.
  • The expression evaluates to a priority number that is smaller than the current policy’s priority number.
  • The expression evaluates to a priority number that is between the current policy’s priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.

nextFactor On success invoke label.

Example

i)bind authentication policylabel authn_label_1 -policyName authn_pol_1 -priority 1 ii)bind authentication policylabel authn_label_2 -policyName authn_pol_2 -priority 2 -nextFactor authn_label_1 -gotoPriorityExpression next

authentication-policylabel