authentication-samlIdPProfile¶
The following operations can be performed on "authentication-samlIdPProfile":
add authentication samlIdPProfile¶
Creates a SAML single IdP profile. This profile is used in verifying incoming authentication request from Service Provider and creating and signing Assertion that is sent to the same.
Synopsis¶
add authentication samlIdPProfile <name> [(-samlSPCertName <string> [-encryptAssertion ( ON | OFF ) [-keyTransportAlg ( RSA-V1_5 | RSA_OAEP )]]) | (-metadataUrl <string> [-metadataRefreshInterval <positive_integer>])] [-samlIdPCertName <string>] [-assertionConsumerServiceURL <URL>] [-samlIssuerName <string>] [-rejectUnsignedRequests ( ON | OFF )] [-signatureAlg ( RSA-SHA1 | RSA-SHA256 )] [-digestMethod ( SHA1 | SHA256 )] [-audience <string>] [-NameIDFormat <NameIDFormat>] [-NameIDExpr <string>] [-Attribute1 <string> -Attribute1Expr <string> [-Attribute1FriendlyName <string>] [-Attribute1Format ( URI | Basic )]] [-Attribute2 <string> -Attribute2Expr <string> [-Attribute2FriendlyName <string>] [-Attribute2Format ( URI | Basic )]] [-Attribute3 <string> -Attribute3Expr <string> [-Attribute3FriendlyName <string>] [-Attribute3Format ( URI | Basic )]] [-Attribute4 <string> -Attribute4Expr <string> [-Attribute4FriendlyName <string>] [-Attribute4Format ( URI | Basic )]] [-Attribute5 <string> -Attribute5Expr <string> [-Attribute5FriendlyName <string>] [-Attribute5Format ( URI | Basic )]] [-Attribute6 <string> -Attribute6Expr <string> [-Attribute6FriendlyName <string>] [-Attribute6Format ( URI | Basic )]] [-Attribute7 <string> -Attribute7Expr <string> [-Attribute7FriendlyName <string>] [-Attribute7Format ( URI | Basic )]] [-Attribute8 <string> -Attribute8Expr <string> [-Attribute8FriendlyName <string>] [-Attribute8Format ( URI | Basic )]] [-Attribute9 <string> -Attribute9Expr <string> [-Attribute9FriendlyName <string>] [-Attribute9Format ( URI | Basic )]] [-Attribute10 <string> -Attribute10Expr <string> [-Attribute10FriendlyName <string>] [-Attribute10Format ( URI | Basic )]] [-Attribute11 <string> -Attribute11Expr <string> [-Attribute11FriendlyName <string>] [-Attribute11Format ( URI | Basic )]] [-Attribute12 <string> -Attribute12Expr <string> [-Attribute12FriendlyName <string>] [-Attribute12Format ( URI | Basic )]] [-Attribute13 <string> -Attribute13Expr <string> [-Attribute13FriendlyName <string>] [-Attribute13Format ( URI | Basic )]] [-Attribute14 <string> -Attribute14Expr <string> [-Attribute14FriendlyName <string>] [-Attribute14Format ( URI | Basic )]] [-Attribute15 <string> -Attribute15Expr <string> [-Attribute15FriendlyName <string>] [-Attribute15Format ( URI | Basic )]] [-Attribute16 <string> -Attribute16Expr <string> [-Attribute16FriendlyName <string>] [-Attribute16Format ( URI | Basic )]] [-encryptionAlgorithm <encryptionAlgorithm>] [-samlBinding <samlBinding>] [-skewTime <mins>] [-serviceProviderID <string>] [-signAssertion <signAssertion>] [-SPLogoutUrl <string>] [-logoutBinding ( REDIRECT | POST )] [-defaultAuthenticationGroup <string>] [-signatureService <string>] [-samlSigningCertVersion <string>] [-samlSPCertVersion <string>]
Arguments¶
name
Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
samlSPCertName
Name of the SSL certificate of SAML Relying Party. This certificate is used to verify signature of the incoming AuthnRequest from a Relying Party or Service Provider
samlIdPCertName
Name of the certificate used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication
assertionConsumerServiceURL
URL to which the assertion is to be sent.
samlIssuerName
The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
rejectUnsignedRequests
Option to Reject unsigned SAML Requests. ON option denies any authentication requests that arrive without signature.
Possible values: ON, OFF Default value: ON
signatureAlg
Algorithm to be used to sign/verify SAML transactions
Possible values: RSA-SHA1, RSA-SHA256 Default value: RSA-SHA256
digestMethod
Algorithm to be used to compute/verify digest for SAML transactions
Possible values: SHA1, SHA256 Default value: SHA256
audience
Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider
NameIDFormat
Format of Name Identifier sent in Assertion.
Possible values: Unspecified, emailAddress, X509SubjectName, WindowsDomainQualifiedName, kerberos, entity, persistent, transient Default value: transient
NameIDExpr
Expression that will be evaluated to obtain NameIdentifier to be sent in assertion
Attribute1
Name of attribute1 that needs to be sent in SAML Assertion
Attribute1Expr
Expression that will be evaluated to obtain attribute1's value to be sent in Assertion
Attribute1FriendlyName
User-Friendly Name of attribute1 that needs to be sent in SAML Assertion
Attribute1Format
Format of Attribute1 to be sent in Assertion.
Possible values: URI, Basic
Attribute2
Name of attribute2 that needs to be sent in SAML Assertion
Attribute2Expr
Expression that will be evaluated to obtain attribute2's value to be sent in Assertion
Attribute2FriendlyName
User-Friendly Name of attribute2 that needs to be sent in SAML Assertion
Attribute2Format
Format of Attribute2 to be sent in Assertion.
Possible values: URI, Basic
Attribute3
Name of attribute3 that needs to be sent in SAML Assertion
Attribute3Expr
Expression that will be evaluated to obtain attribute3's value to be sent in Assertion
Attribute3FriendlyName
User-Friendly Name of attribute3 that needs to be sent in SAML Assertion
Attribute3Format
Format of Attribute3 to be sent in Assertion.
Possible values: URI, Basic
Attribute4
Name of attribute4 that needs to be sent in SAML Assertion
Attribute4Expr
Expression that will be evaluated to obtain attribute4's value to be sent in Assertion
Attribute4FriendlyName
User-Friendly Name of attribute4 that needs to be sent in SAML Assertion
Attribute4Format
Format of Attribute4 to be sent in Assertion.
Possible values: URI, Basic
Attribute5
Name of attribute5 that needs to be sent in SAML Assertion
Attribute5Expr
Expression that will be evaluated to obtain attribute5's value to be sent in Assertion
Attribute5FriendlyName
User-Friendly Name of attribute5 that needs to be sent in SAML Assertion
Attribute5Format
Format of Attribute5 to be sent in Assertion.
Possible values: URI, Basic
Attribute6
Name of attribute6 that needs to be sent in SAML Assertion
Attribute6Expr
Expression that will be evaluated to obtain attribute6's value to be sent in Assertion
Attribute6FriendlyName
User-Friendly Name of attribute6 that needs to be sent in SAML Assertion
Attribute6Format
Format of Attribute6 to be sent in Assertion.
Possible values: URI, Basic
Attribute7
Name of attribute7 that needs to be sent in SAML Assertion
Attribute7Expr
Expression that will be evaluated to obtain attribute7's value to be sent in Assertion
Attribute7FriendlyName
User-Friendly Name of attribute7 that needs to be sent in SAML Assertion
Attribute7Format
Format of Attribute7 to be sent in Assertion.
Possible values: URI, Basic
Attribute8
Name of attribute8 that needs to be sent in SAML Assertion
Attribute8Expr
Expression that will be evaluated to obtain attribute8's value to be sent in Assertion
Attribute8FriendlyName
User-Friendly Name of attribute8 that needs to be sent in SAML Assertion
Attribute8Format
Format of Attribute8 to be sent in Assertion.
Possible values: URI, Basic
Attribute9
Name of attribute9 that needs to be sent in SAML Assertion
Attribute9Expr
Expression that will be evaluated to obtain attribute9's value to be sent in Assertion
Attribute9FriendlyName
User-Friendly Name of attribute9 that needs to be sent in SAML Assertion
Attribute9Format
Format of Attribute9 to be sent in Assertion.
Possible values: URI, Basic
Attribute10
Name of attribute10 that needs to be sent in SAML Assertion
Attribute10Expr
Expression that will be evaluated to obtain attribute10's value to be sent in Assertion
Attribute10FriendlyName
User-Friendly Name of attribute10 that needs to be sent in SAML Assertion
Attribute10Format
Format of Attribute10 to be sent in Assertion.
Possible values: URI, Basic
Attribute11
Name of attribute11 that needs to be sent in SAML Assertion
Attribute11Expr
Expression that will be evaluated to obtain attribute11's value to be sent in Assertion
Attribute11FriendlyName
User-Friendly Name of attribute11 that needs to be sent in SAML Assertion
Attribute11Format
Format of Attribute11 to be sent in Assertion.
Possible values: URI, Basic
Attribute12
Name of attribute12 that needs to be sent in SAML Assertion
Attribute12Expr
Expression that will be evaluated to obtain attribute12's value to be sent in Assertion
Attribute12FriendlyName
User-Friendly Name of attribute12 that needs to be sent in SAML Assertion
Attribute12Format
Format of Attribute12 to be sent in Assertion.
Possible values: URI, Basic
Attribute13
Name of attribute13 that needs to be sent in SAML Assertion
Attribute13Expr
Expression that will be evaluated to obtain attribute13's value to be sent in Assertion
Attribute13FriendlyName
User-Friendly Name of attribute13 that needs to be sent in SAML Assertion
Attribute13Format
Format of Attribute13 to be sent in Assertion.
Possible values: URI, Basic
Attribute14
Name of attribute14 that needs to be sent in SAML Assertion
Attribute14Expr
Expression that will be evaluated to obtain attribute14's value to be sent in Assertion
Attribute14FriendlyName
User-Friendly Name of attribute14 that needs to be sent in SAML Assertion
Attribute14Format
Format of Attribute14 to be sent in Assertion.
Possible values: URI, Basic
Attribute15
Name of attribute15 that needs to be sent in SAML Assertion
Attribute15Expr
Expression that will be evaluated to obtain attribute15's value to be sent in Assertion
Attribute15FriendlyName
User-Friendly Name of attribute15 that needs to be sent in SAML Assertion
Attribute15Format
Format of Attribute15 to be sent in Assertion.
Possible values: URI, Basic
Attribute16
Name of attribute16 that needs to be sent in SAML Assertion
Attribute16Expr
Expression that will be evaluated to obtain attribute16's value to be sent in Assertion
Attribute16FriendlyName
User-Friendly Name of attribute16 that needs to be sent in SAML Assertion
Attribute16Format
Format of Attribute16 to be sent in Assertion.
Possible values: URI, Basic
encryptAssertion
Option to encrypt assertion when Citrix ADC IDP sends one.
Possible values: ON, OFF Default value: OFF
encryptionAlgorithm
Algorithm to be used to encrypt SAML assertion
Possible values: DES3, AES128, AES192, AES256 Default value: AES256
samlBinding
This element specifies the transport mechanism of saml messages.
Possible values: REDIRECT, POST, ARTIFACT Default value: POST
skewTime
This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
serviceProviderID
Unique identifier of the Service Provider that sends SAML Request. Citrix ADC will ensure that the Issuer of the SAML Request matches this URI.
signAssertion
Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed
Possible values: NONE, ASSERTION, RESPONSE, BOTH Default value: ASSERTION
keyTransportAlg
Key transport algorithm to be used in encryption of SAML assertion
Possible values: RSA-V1_5, RSA_OAEP Default value: RSA_OAEP
SPLogoutUrl
Endpoint on the ServiceProvider (SP) to which logout messages are to be sent
logoutBinding
This element specifies the transport mechanism of saml logout messages.
Possible values: REDIRECT, POST Default value: POST
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups. This group can be used in policies to select specific authentication policy during logon
metadataUrl
This URL is used for obtaining samlidp metadata
metadataRefreshInterval
Interval in minute for fetching metadata from specified metadata URL Default value: 3600 Minimum value: 0
signatureService
Name of the service in cloud used to sign the data
samlSigningCertVersion
version of the certificate in signature service used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication
samlSPCertVersion
version of the certificate in signature service used to verify the signature of the incoming AuthnRequest from a Relying Party or Service Provider
rm authentication samlIdPProfile¶
Deletes an existing saml IdP profile.
Synopsis¶
rm authentication samlIdPProfile <name>
Arguments¶
name
Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
set authentication samlIdPProfile¶
Modifies the specified attributes of a saml IdP profile.
Synopsis¶
set authentication samlIdPProfile <name> [-samlSPCertName <string>] [-samlIdPCertName <string>] [-assertionConsumerServiceURL <URL>] [-samlIssuerName <string>] [-rejectUnsignedRequests ( ON | OFF )] [-signatureAlg ( RSA-SHA1 | RSA-SHA256 )] [-digestMethod ( SHA1 | SHA256 )] [-audience <string>] [-NameIDFormat <NameIDFormat>] [-NameIDExpr <string>] [-Attribute1 <string> -Attribute1Expr <string> [-Attribute1FriendlyName <string>] [-Attribute1Format ( URI | Basic )]] [-Attribute2 <string> -Attribute2Expr <string> [-Attribute2FriendlyName <string>] [-Attribute2Format ( URI | Basic )]] [-Attribute3 <string> -Attribute3Expr <string> [-Attribute3FriendlyName <string>] [-Attribute3Format ( URI | Basic )]] [-Attribute4 <string> -Attribute4Expr <string> [-Attribute4FriendlyName <string>] [-Attribute4Format ( URI | Basic )]] [-Attribute5 <string> -Attribute5Expr <string> [-Attribute5FriendlyName <string>] [-Attribute5Format ( URI | Basic )]] [-Attribute6 <string> -Attribute6Expr <string> [-Attribute6FriendlyName <string>] [-Attribute6Format ( URI | Basic )]] [-Attribute7 <string> -Attribute7Expr <string> [-Attribute7FriendlyName <string>] [-Attribute7Format ( URI | Basic )]] [-Attribute8 <string> -Attribute8Expr <string> [-Attribute8FriendlyName <string>] [-Attribute8Format ( URI | Basic )]] [-Attribute9 <string> -Attribute9Expr <string> [-Attribute9FriendlyName <string>] [-Attribute9Format ( URI | Basic )]] [-Attribute10 <string> -Attribute10Expr <string> [-Attribute10FriendlyName <string>] [-Attribute10Format ( URI | Basic )]] [-Attribute11 <string> -Attribute11Expr <string> [-Attribute11FriendlyName <string>] [-Attribute11Format ( URI | Basic )]] [-Attribute12 <string> -Attribute12Expr <string> [-Attribute12FriendlyName <string>] [-Attribute12Format ( URI | Basic )]] [-Attribute13 <string> -Attribute13Expr <string> [-Attribute13FriendlyName <string>] [-Attribute13Format ( URI | Basic )]] [-Attribute14 <string> -Attribute14Expr <string> [-Attribute14FriendlyName <string>] [-Attribute14Format ( URI | Basic )]] [-Attribute15 <string> -Attribute15Expr <string> [-Attribute15FriendlyName <string>] [-Attribute15Format ( URI | Basic )]] [-Attribute16 <string> -Attribute16Expr <string> [-Attribute16FriendlyName <string>] [-Attribute16Format ( URI | Basic )]] [-encryptAssertion ( ON | OFF )] [-encryptionAlgorithm <encryptionAlgorithm>] [-samlBinding <samlBinding>] [-skewTime <mins>] [-serviceProviderID <string>] [-signAssertion <signAssertion>] [-keyTransportAlg ( RSA-V1_5 | RSA_OAEP )] [-SPLogoutUrl <string>] [-logoutBinding ( REDIRECT | POST )] [-defaultAuthenticationGroup <string>] [-metadataUrl <string>] [-metadataRefreshInterval <positive_integer>] [-signatureService <string>] [-samlSigningCertVersion <string>] [-samlSPCertVersion <string>]
Arguments¶
name
Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
samlSPCertName
Name of the SSL certificate of SAML Relying Party. This certificate is used to verify signature of the incoming AuthnRequest from a Relying Party or Service Provider
samlIdPCertName
Name of the certificate used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication
assertionConsumerServiceURL
URL to which the assertion is to be sent.
samlIssuerName
The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
rejectUnsignedRequests
Option to Reject unsigned SAML Requests. ON option denies any authentication requests that arrive without signature.
Possible values: ON, OFF Default value: ON
signatureAlg
Algorithm to be used to sign/verify SAML transactions
Possible values: RSA-SHA1, RSA-SHA256 Default value: RSA-SHA256
digestMethod
Algorithm to be used to compute/verify digest for SAML transactions
Possible values: SHA1, SHA256 Default value: SHA256
audience
Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider
NameIDFormat
Format of Name Identifier sent in Assertion.
Possible values: Unspecified, emailAddress, X509SubjectName, WindowsDomainQualifiedName, kerberos, entity, persistent, transient Default value: transient
NameIDExpr
Expression that will be evaluated to obtain NameIdentifier to be sent in assertion
Attribute1
Name of attribute1 that needs to be sent in SAML Assertion
Attribute1Expr
Expression that will be evaluated to obtain attribute1's value to be sent in Assertion
Attribute1FriendlyName
User-Friendly Name of attribute1 that needs to be sent in SAML Assertion
Attribute1Format
Format of Attribute1 to be sent in Assertion.
Possible values: URI, Basic
Attribute2
Name of attribute2 that needs to be sent in SAML Assertion
Attribute2Expr
Expression that will be evaluated to obtain attribute2's value to be sent in Assertion
Attribute2FriendlyName
User-Friendly Name of attribute2 that needs to be sent in SAML Assertion
Attribute2Format
Format of Attribute2 to be sent in Assertion.
Possible values: URI, Basic
Attribute3
Name of attribute3 that needs to be sent in SAML Assertion
Attribute3Expr
Expression that will be evaluated to obtain attribute3's value to be sent in Assertion
Attribute3FriendlyName
User-Friendly Name of attribute3 that needs to be sent in SAML Assertion
Attribute3Format
Format of Attribute3 to be sent in Assertion.
Possible values: URI, Basic
Attribute4
Name of attribute4 that needs to be sent in SAML Assertion
Attribute4Expr
Expression that will be evaluated to obtain attribute4's value to be sent in Assertion
Attribute4FriendlyName
User-Friendly Name of attribute4 that needs to be sent in SAML Assertion
Attribute4Format
Format of Attribute4 to be sent in Assertion.
Possible values: URI, Basic
Attribute5
Name of attribute5 that needs to be sent in SAML Assertion
Attribute5Expr
Expression that will be evaluated to obtain attribute5's value to be sent in Assertion
Attribute5FriendlyName
User-Friendly Name of attribute5 that needs to be sent in SAML Assertion
Attribute5Format
Format of Attribute5 to be sent in Assertion.
Possible values: URI, Basic
Attribute6
Name of attribute6 that needs to be sent in SAML Assertion
Attribute6Expr
Expression that will be evaluated to obtain attribute6's value to be sent in Assertion
Attribute6FriendlyName
User-Friendly Name of attribute6 that needs to be sent in SAML Assertion
Attribute6Format
Format of Attribute6 to be sent in Assertion.
Possible values: URI, Basic
Attribute7
Name of attribute7 that needs to be sent in SAML Assertion
Attribute7Expr
Expression that will be evaluated to obtain attribute7's value to be sent in Assertion
Attribute7FriendlyName
User-Friendly Name of attribute7 that needs to be sent in SAML Assertion
Attribute7Format
Format of Attribute7 to be sent in Assertion.
Possible values: URI, Basic
Attribute8
Name of attribute8 that needs to be sent in SAML Assertion
Attribute8Expr
Expression that will be evaluated to obtain attribute8's value to be sent in Assertion
Attribute8FriendlyName
User-Friendly Name of attribute8 that needs to be sent in SAML Assertion
Attribute8Format
Format of Attribute8 to be sent in Assertion.
Possible values: URI, Basic
Attribute9
Name of attribute9 that needs to be sent in SAML Assertion
Attribute9Expr
Expression that will be evaluated to obtain attribute9's value to be sent in Assertion
Attribute9FriendlyName
User-Friendly Name of attribute9 that needs to be sent in SAML Assertion
Attribute9Format
Format of Attribute9 to be sent in Assertion.
Possible values: URI, Basic
Attribute10
Name of attribute10 that needs to be sent in SAML Assertion
Attribute10Expr
Expression that will be evaluated to obtain attribute10's value to be sent in Assertion
Attribute10FriendlyName
User-Friendly Name of attribute10 that needs to be sent in SAML Assertion
Attribute10Format
Format of Attribute10 to be sent in Assertion.
Possible values: URI, Basic
Attribute11
Name of attribute11 that needs to be sent in SAML Assertion
Attribute11Expr
Expression that will be evaluated to obtain attribute11's value to be sent in Assertion
Attribute11FriendlyName
User-Friendly Name of attribute11 that needs to be sent in SAML Assertion
Attribute11Format
Format of Attribute11 to be sent in Assertion.
Possible values: URI, Basic
Attribute12
Name of attribute12 that needs to be sent in SAML Assertion
Attribute12Expr
Expression that will be evaluated to obtain attribute12's value to be sent in Assertion
Attribute12FriendlyName
User-Friendly Name of attribute12 that needs to be sent in SAML Assertion
Attribute12Format
Format of Attribute12 to be sent in Assertion.
Possible values: URI, Basic
Attribute13
Name of attribute13 that needs to be sent in SAML Assertion
Attribute13Expr
Expression that will be evaluated to obtain attribute13's value to be sent in Assertion
Attribute13FriendlyName
User-Friendly Name of attribute13 that needs to be sent in SAML Assertion
Attribute13Format
Format of Attribute13 to be sent in Assertion.
Possible values: URI, Basic
Attribute14
Name of attribute14 that needs to be sent in SAML Assertion
Attribute14Expr
Expression that will be evaluated to obtain attribute14's value to be sent in Assertion
Attribute14FriendlyName
User-Friendly Name of attribute14 that needs to be sent in SAML Assertion
Attribute14Format
Format of Attribute14 to be sent in Assertion.
Possible values: URI, Basic
Attribute15
Name of attribute15 that needs to be sent in SAML Assertion
Attribute15Expr
Expression that will be evaluated to obtain attribute15's value to be sent in Assertion
Attribute15FriendlyName
User-Friendly Name of attribute15 that needs to be sent in SAML Assertion
Attribute15Format
Format of Attribute15 to be sent in Assertion.
Possible values: URI, Basic
Attribute16
Name of attribute16 that needs to be sent in SAML Assertion
Attribute16Expr
Expression that will be evaluated to obtain attribute16's value to be sent in Assertion
Attribute16FriendlyName
User-Friendly Name of attribute16 that needs to be sent in SAML Assertion
Attribute16Format
Format of Attribute16 to be sent in Assertion.
Possible values: URI, Basic
encryptAssertion
Option to encrypt assertion when Citrix ADC IDP sends one.
Possible values: ON, OFF Default value: OFF
encryptionAlgorithm
Algorithm to be used to encrypt SAML assertion
Possible values: DES3, AES128, AES192, AES256 Default value: AES256
samlBinding
This element specifies the transport mechanism of saml messages.
Possible values: REDIRECT, POST, ARTIFACT Default value: POST
skewTime
This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
serviceProviderID
Unique identifier of the Service Provider that sends SAML Request. Citrix ADC will ensure that the Issuer of the SAML Request matches this URI.
signAssertion
Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed
Possible values: NONE, ASSERTION, RESPONSE, BOTH Default value: ASSERTION
keyTransportAlg
Key transport algorithm to be used in encryption of SAML assertion
Possible values: RSA-V1_5, RSA_OAEP Default value: RSA_OAEP
SPLogoutUrl
Endpoint on the ServiceProvider (SP) to which logout messages are to be sent
logoutBinding
This element specifies the transport mechanism of saml logout messages.
Possible values: REDIRECT, POST Default value: POST
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups. This group can be used in policies to select specific authentication policy during logon
metadataUrl
This URL is used for obtaining samlidp metadata
metadataRefreshInterval
Interval in minute for fetching metadata from specified metadata URL Default value: 3600 Minimum value: 0
signatureService
Name of the service in cloud used to sign the data
samlSigningCertVersion
version of the certificate in signature service used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication
samlSPCertVersion
version of the certificate in signature service used to verify the signature of the incoming AuthnRequest from a Relying Party or Service Provider
unset authentication samlIdPProfile¶
Use this command to remove authentication samlIdPProfile settings.Refer to the set authentication samlIdPProfile command for meanings of the arguments.
Synopsis¶
unset authentication samlIdPProfile <name> [-samlSPCertName] [-samlIdPCertName] [-assertionConsumerServiceURL] [-samlIssuerName] [-rejectUnsignedRequests] [-signatureAlg] [-digestMethod] [-audience] [-NameIDFormat] [-NameIDExpr] [-Attribute1] [-Attribute1FriendlyName] [-Attribute1Format] [-Attribute2] [-Attribute2FriendlyName] [-Attribute2Format] [-Attribute3] [-Attribute3FriendlyName] [-Attribute3Format] [-Attribute4] [-Attribute4FriendlyName] [-Attribute4Format] [-Attribute5] [-Attribute5FriendlyName] [-Attribute5Format] [-Attribute6] [-Attribute6FriendlyName] [-Attribute6Format] [-Attribute7] [-Attribute7FriendlyName] [-Attribute7Format] [-Attribute8] [-Attribute8FriendlyName] [-Attribute8Format] [-Attribute9] [-Attribute9FriendlyName] [-Attribute9Format] [-Attribute10] [-Attribute10FriendlyName] [-Attribute10Format] [-Attribute11] [-Attribute11FriendlyName] [-Attribute11Format] [-Attribute12] [-Attribute12FriendlyName] [-Attribute12Format] [-Attribute13] [-Attribute13FriendlyName] [-Attribute13Format] [-Attribute14] [-Attribute14FriendlyName] [-Attribute14Format] [-Attribute15] [-Attribute15FriendlyName] [-Attribute15Format] [-Attribute16] [-Attribute16FriendlyName] [-Attribute16Format] [-encryptAssertion] [-encryptionAlgorithm] [-samlBinding] [-skewTime] [-serviceProviderID] [-signAssertion] [-keyTransportAlg] [-SPLogoutUrl] [-logoutBinding] [-defaultAuthenticationGroup] [-metadataUrl] [-metadataRefreshInterval] [-signatureService] [-samlSigningCertVersion] [-samlSPCertVersion]
show authentication samlIdPProfile¶
Displays information about all configured saml single sign-on profiles, or displays detailed information about the specified action.
Synopsis¶
show authentication samlIdPProfile [<name>]
Arguments¶
name
Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
Output¶
samlSPCertName
Name of the SSL certificate of SAML Relying Party. This certificate is used to verify signature of the incoming AuthnRequest from a Relying Party or Service Provider
samlIdPCertName
Name of the certificate used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication
assertionConsumerServiceURL
URL to which the assertion is to be sent.
sendPassword
Option to send password in assertion.
samlIssuerName
The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
rejectUnsignedRequests
Option to Reject unsigned SAML Requests. ON option denies any authentication requests that arrive without signature.
signatureAlg
Algorithm to be used to sign/verify SAML transactions
digestMethod
Algorithm to be used to compute/verify digest for SAML transactions
audience
Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider
NameIDFormat
Format of Name Identifier sent in Assertion.
NameIDExpr
Expression that will be evaluated to obtain NameIdentifier to be sent in assertion
Attribute1
Name of attribute1 that needs to be sent in SAML Assertion
Attribute2
Name of attribute2 that needs to be sent in SAML Assertion
Attribute3
Name of attribute3 that needs to be sent in SAML Assertion
Attribute4
Name of attribute4 that needs to be sent in SAML Assertion
Attribute5
Name of attribute5 that needs to be sent in SAML Assertion
Attribute6
Name of attribute6 that needs to be sent in SAML Assertion
Attribute7
Name of attribute7 that needs to be sent in SAML Assertion
Attribute8
Name of attribute8 that needs to be sent in SAML Assertion
Attribute9
Name of attribute9 that needs to be sent in SAML Assertion
Attribute10
Name of attribute10 that needs to be sent in SAML Assertion
Attribute11
Name of attribute11 that needs to be sent in SAML Assertion
Attribute12
Name of attribute12 that needs to be sent in SAML Assertion
Attribute13
Name of attribute13 that needs to be sent in SAML Assertion
Attribute14
Name of attribute14 that needs to be sent in SAML Assertion
Attribute15
Name of attribute15 that needs to be sent in SAML Assertion
Attribute16
Name of attribute16 that needs to be sent in SAML Assertion
Attribute1FriendlyName
User-Friendly Name of attribute1 that needs to be sent in SAML Assertion
Attribute2FriendlyName
User-Friendly Name of attribute2 that needs to be sent in SAML Assertion
Attribute3FriendlyName
User-Friendly Name of attribute3 that needs to be sent in SAML Assertion
Attribute4FriendlyName
User-Friendly Name of attribute4 that needs to be sent in SAML Assertion
Attribute5FriendlyName
User-Friendly Name of attribute5 that needs to be sent in SAML Assertion
Attribute6FriendlyName
User-Friendly Name of attribute6 that needs to be sent in SAML Assertion
Attribute7FriendlyName
User-Friendly Name of attribute7 that needs to be sent in SAML Assertion
Attribute8FriendlyName
User-Friendly Name of attribute8 that needs to be sent in SAML Assertion
Attribute9FriendlyName
User-Friendly Name of attribute9 that needs to be sent in SAML Assertion
Attribute10FriendlyName
User-Friendly Name of attribute10 that needs to be sent in SAML Assertion
Attribute11FriendlyName
User-Friendly Name of attribute11 that needs to be sent in SAML Assertion
Attribute12FriendlyName
User-Friendly Name of attribute12 that needs to be sent in SAML Assertion
Attribute13FriendlyName
User-Friendly Name of attribute13 that needs to be sent in SAML Assertion
Attribute14FriendlyName
User-Friendly Name of attribute14 that needs to be sent in SAML Assertion
Attribute15FriendlyName
User-Friendly Name of attribute15 that needs to be sent in SAML Assertion
Attribute16FriendlyName
User-Friendly Name of attribute16 that needs to be sent in SAML Assertion
Attribute1Format
Format of Attribute1 to be sent in Assertion.
Attribute2Format
Format of Attribute2 to be sent in Assertion.
Attribute3Format
Format of Attribute3 to be sent in Assertion.
Attribute4Format
Format of Attribute4 to be sent in Assertion.
Attribute5Format
Format of Attribute5 to be sent in Assertion.
Attribute6Format
Format of Attribute6 to be sent in Assertion.
Attribute7Format
Format of Attribute7 to be sent in Assertion.
Attribute8Format
Format of Attribute8 to be sent in Assertion.
Attribute9Format
Format of Attribute9 to be sent in Assertion.
Attribute10Format
Format of Attribute10 to be sent in Assertion.
Attribute11Format
Format of Attribute11 to be sent in Assertion.
Attribute12Format
Format of Attribute12 to be sent in Assertion.
Attribute13Format
Format of Attribute13 to be sent in Assertion.
Attribute14Format
Format of Attribute14 to be sent in Assertion.
Attribute15Format
Format of Attribute15 to be sent in Assertion.
Attribute16Format
Format of Attribute16 to be sent in Assertion.
Attribute1Expr
Expression that will be evaluated to obtain attribute1's value to be sent in Assertion
Attribute2Expr
Expression that will be evaluated to obtain attribute2's value to be sent in Assertion
Attribute3Expr
Expression that will be evaluated to obtain attribute3's value to be sent in Assertion
Attribute4Expr
Expression that will be evaluated to obtain attribute4's value to be sent in Assertion
Attribute5Expr
Expression that will be evaluated to obtain attribute5's value to be sent in Assertion
Attribute6Expr
Expression that will be evaluated to obtain attribute6's value to be sent in Assertion
Attribute7Expr
Expression that will be evaluated to obtain attribute7's value to be sent in Assertion
Attribute8Expr
Expression that will be evaluated to obtain attribute8's value to be sent in Assertion
Attribute9Expr
Expression that will be evaluated to obtain attribute9's value to be sent in Assertion
Attribute10Expr
Expression that will be evaluated to obtain attribute10's value to be sent in Assertion
Attribute11Expr
Expression that will be evaluated to obtain attribute11's value to be sent in Assertion
Attribute12Expr
Expression that will be evaluated to obtain attribute12's value to be sent in Assertion
Attribute13Expr
Expression that will be evaluated to obtain attribute13's value to be sent in Assertion
Attribute14Expr
Expression that will be evaluated to obtain attribute14's value to be sent in Assertion
Attribute15Expr
Expression that will be evaluated to obtain attribute15's value to be sent in Assertion
Attribute16Expr
Expression that will be evaluated to obtain attribute16's value to be sent in Assertion
encryptAssertion
Option to encrypt assertion when Citrix ADC IDP sends one.
encryptionAlgorithm
Algorithm to be used to encrypt SAML assertion
samlBinding
This element specifies the transport mechanism of saml messages.
skewTime
This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
serviceProviderID
Unique identifier of the Service Provider that sends SAML Request. Citrix ADC will ensure that the Issuer of the SAML Request matches this URI.
signAssertion
Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed
keyTransportAlg
Key transport algorithm to be used in encryption of SAML assertion
SPLogoutUrl
Endpoint on the ServiceProvider (SP) to which logout messages are to be sent
logoutBinding
This element specifies the transport mechanism of saml logout messages.
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups. This group can be used in policies to select specific authentication policy during logon
metadataUrl
This URL is used for obtaining samlidp metadata
metadataRefreshInterval
Interval in minute for fetching metadata from specified metadata URL
metadataImportStatus
Describes metadata import status.
signatureService
Name of the service in cloud used to sign the data
samlSigningCertVersion
version of the certificate in signature service used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication
samlSPCertVersion
version of the certificate in signature service used to verify the signature of the incoming AuthnRequest from a Relying Party or Service Provider
devno
count
stateflag