Skip to content

authenticationvserver

Configuration for authentication virtual server resource.

Properties

(click to see Operations)

NameData TypePermissionsDescription
name<String>Read-writeName for the new authentication virtual server.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the authentication virtual server is added by using the rename authentication vserver command.

The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication policy" or 'my authentication policy').
Minimum length = 1
servicetype<String>Read-writeProtocol type of the authentication virtual server. Always SSL.
Default value: SSL
Possible values = SSL
ipv46<String>Read-writeIP address of the authentication virtual server, if a single IP address is assigned to the virtual server.
Minimum length = 1
range<Double>Read-writeIf you are creating a series of virtual servers with a range of IP addresses assigned to them, the length of the range.
The new range of authentication virtual servers will have IP addresses consecutively numbered, starting with the primary address specified with the IP Address parameter.
Default value: 1
Minimum value = 1
port<Integer>Read-writeTCP port on which the virtual server accepts connections.
Range 1 - 65535
* in CLI is represented as 65535 in NITRO API
state<String>Read-writeInitial state of the new virtual server.
Default value: ENABLED
Possible values = ENABLED, DISABLED
authentication<String>Read-writeRequire users to be authenticated before sending traffic through this virtual server.
Default value: ON
Possible values = ON, OFF
authenticationdomain<String>Read-writeThe domain of the authentication cookie set by Authentication vserver.
Minimum length = 3
Maximum length = 252
comment<String>Read-writeAny comments associated with this virtual server.
td<Double>Read-writeInteger value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.
Minimum value = 0
Maximum value = 4094
appflowlog<String>Read-writeLog AppFlow flow information.
Default value: ENABLED
Possible values = ENABLED, DISABLED
maxloginattempts<Double>Read-writeMaximum Number of login Attempts.
Minimum value = 1
Maximum value = 255
failedlogintimeout<Double>Read-writeNumber of minutes an account will be locked if user exceeds maximum permissible attempts.
Minimum value = 1
certkeynames<String>Read-writeName of the certificate key that was bound to the corresponding SSL virtual server as the Certificate Authority for the device certificate.
Minimum length = 1
Maximum length = 127
newname<String>Read-writeNew name of the authentication virtual server.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, 'my authentication policy' or "my authentication policy").
Minimum length = 1
ip<String>Read-onlyThe Virtual IP address of the authentication vserver.
value<String>Read-onlyIndicates whether or not the certificate is bound or if SSL offload is disabled.
Possible values = Certkey not bound, SSL feature disabled
type<String>Read-onlyThe type of Virtual Server, e.g. CONTENT based or ADDRESS based.
Possible values = CONTENT, ADDRESS
curstate<String>Read-onlyThe current state of the Virtual server, e.g. UP, DOWN, BUSY, etc.
Possible values = UP, DOWN, UNKNOWN, BUSY, OUT OF SERVICE, GOING OUT OF SERVICE, DOWN WHEN GOING OUT OF SERVICE, NS_EMPTY_STR, Unknown, DISABLED
status<Integer>Read-onlyWhether or not this vserver responds to ARPs and whether or not round-robin selection is temporarily in effect.
cachetype<String>Read-onlyVirtual server's cache type. The options are: TRANSPARENT, REVERSE and FORWARD.
Possible values = TRANSPARENT, REVERSE, FORWARD
redirect<String>Read-onlyThe cache redirect policy.
The valid redirect policies are:
l. CACHE - Directs all requests to the cache.
2. POLICY - Applies cache redirection policy to determine whether the request should be directed to the cache or origin. This is the default setting.
3. ORIGIN - Directs all requests to the origin server.
Possible values = CACHE, POLICY, ORIGIN
precedence<String>Read-onlyThis argument is used only when configuring content switching on the specified virtual server. This is applicable only
if both the URL and RULE-based policies have been configured on the same virtual server.
It specifies the type of policy (URL or RULE) that takes precedence on the content switching virtual server. The default setting is RULE.
l URL - In this case, the incoming request is matched against the URL-based policies before the rule-based policies.
l RULE - In this case, the incoming request is matched against the rule-based policies before the URL-based policies.
For all URL-based policies, the precedence hierarchy is:
1. Domain and exact URL
2. Domain, prefix and suffix
3. Domain and suffix
4. Domain and prefix
5. Domain only
6. Exact URL
7. Prefix and suffix
8. Suffix only
9. Prefix only
10. Default.
Possible values = RULE, URL
redirecturl<String>Read-onlyThe URL where traffic is redirected if the virtual server in system becomes unavailable. WARNING! Make sure that the domain you specify in the URL does not match the domain specified in the -d domainName argument of the ###add cs policy### command. If the same domain is specified in both arguments, the request will be continuously redirected to the same unavailable virtual server in the system. If so, the user may not get the requested content.
curaaausers<Double>Read-onlyThe number of current users logged in to this vserver.
policy<String>Read-onlyThe name of the policy, if any, bound to the authentication vserver.
servicename<String>Read-onlyThe name of the service, if any, to which the vserver policy is bound.
weight<Double>Read-onlyWeight for this service, if any. This weight is used when the system performs load balancing, giving greater priority to a specific service. It is useful when the services bound to a virtual server are of different capacity.
cachevserver<String>Read-onlyThe name of the default target cache virtual server, if any, to which requests are redirected.
backupvserver<String>Read-onlyThe name of the backup vpn virtual server for this vpn virtual server.
clttimeout<Double>Read-onlyThe idle time, if any, in seconds after which the client connection is terminated.
somethod<String>Read-onlyVPN client applications are allocated from a block of Intranet IP addresses.
That block may be exhausted after a certain number of connections. This switch specifies the
method used to determine whether or not a new connection will spillover, or exhaust, the allocated block of
Intranet IP addresses for that application. Possible values are CONNECTION or DYNAMICCONNECTION.
CONNECTION means that a static integer value is the hard limit for the spillover threshold. The spillover
threshold is described below. DYNAMICCONNECTION means that the spillover threshold is set according to
the maximum number of connections defined for the vpn vserver.
Possible values = CONNECTION, DYNAMICCONNECTION, BANDWIDTH, HEALTH, NONE
sothreshold<Double>Read-onlyVPN client applications are allocated from a block of Intranet IP addresses.
That block may be exhausted after a certain number of connections.
The value of this option is number of client connections after which the Mapped IP address is used
as the client source IP address instead of an address from the allocated block of Intranet IP addresses.
sopersistence<String>Read-onlyWhether or not cookie-based site persistance is enabled for this VPN vserver. Possible values are 'ConnectionProxy', HTTPRedirect, or NONE.
Possible values = ENABLED, DISABLED
sopersistencetimeout<Double>Read-onlyThe timeout, if any, for cookie-based site persistance of this VPN vserver.
priority<Double>Read-onlyThe priority, if any, of the vpn vserver policy.
downstateflush<String>Read-onlyPerform delayed clean up of connections on this vserver.
Possible values = ENABLED, DISABLED
disableprimaryondown<String>Read-onlyTells whether traffic will continue reaching backup vservers even after primary comes UP from DOWN state.
Possible values = ENABLED, DISABLED
listenpolicy<String>Read-onlyListenpolicy configured for authentication vserver.
listenpriority<Double>Read-onlyPriority of listen policy for authentication vserver.
tcpprofilename<String>Read-onlyThe name of the TCP profile.
httpprofilename<String>Read-onlyName of the HTTP profile.
vstype<Double>Read-onlyVirtual Server Type, e.g. Load Balancing, Content Switch, Cache Redirection.
ngname<String>Read-onlyNodegroup devno to which this authentication vsever belongs to.
secondary<Boolean>Read-onlyBind the authentication policy to the secondary chain.
Provides for multifactor authentication in which a user must authenticate via both a primary authentication method and, afterward, via a secondary authentication method.
Because user groups are aggregated across authentication systems, usernames must be the same on all authentication servers. Passwords can be different.
groupextraction<Boolean>Read-onlyBind the Authentication policy to a tertiary chain which will be used only for group extraction. The user will not authenticate against this server, and this will only be called if primary and/or secondary authentication has succeeded.
__count<Double>Read-onlycount parameter

Operations

(click to see Properties)

ADD| DELETE| UPDATE| UNSET| ENABLE| DISABLE| RENAME| GET (ALL)| GET| COUNT

Some options that you can use for each operations:

  • Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:

    http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note:In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Note:

Mandatory parameters are marked in redand placeholder content is marked in <green>.

add

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"authenticationvserver":{
<b>"name":<String_value>,
</b><b>"servicetype":<String_value>,
</b>"ipv46":<String_value>,
"range":<Double_value>,
"port":<Integer_value>,
"state":<String_value>,
"authentication":<String_value>,
"authenticationdomain":<String_value>,
"comment":<String_value>,
"td":<Double_value>,
"appflowlog":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"certkeynames":<String_value>
}}

Response:

HTTP Status Code on Success: 201 Created HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

delete

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>

HTTP Method:DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

update

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver

HTTP Method:PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"authenticationvserver":{
<b>"name":<String_value>,
</b>"ipv46":<String_value>,
"authentication":<String_value>,
"authenticationdomain":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"certkeynames":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

unset

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=unset

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"authenticationvserver":{
<b>"name":<String_value>,
</b>"authenticationdomain":true,
"maxloginattempts":true,
"authentication":true,
"comment":true,
"appflowlog":true,
"failedlogintimeout":true,
"certkeynames":true
}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

enable

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=enable

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"authenticationvserver":{
<b>"name":<String_value>
</b>}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

disable

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=disable

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"authenticationvserver":{
<b>"name":<String_value>
</b>}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

rename

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?action=rename

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"authenticationvserver":{
<b>"name":<String_value>,
</b><b>"newname":<String_value>
</b>}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

get (all)

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver

Query-parameters:

attrs

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

filter

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?filter=property-name1:property-val1,property-name2:property-val2

Use this query-parameter to get the filtered set of authenticationvserver resources configured on Citrix ADC. Filtering can be done on any of the properties of the resource.

view

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

pagination

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?pagesize=#no;pageno=#no

Use this query-parameter to get the authenticationvserver resources in chunks.

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:

{ "authenticationvserver": [ {
"name":<String_value>,
"ip":<String_value>,
"td":<Double_value>,
"ipv46":<String_value>,
"value":<String_value>,
"port":<Integer_value>,
"range":<Double_value>,
"servicetype":<String_value>,
"type":<String_value>,
"curstate":<String_value>,
"status":<Integer_value>,
"cachetype":<String_value>,
"redirect":<String_value>,
"precedence":<String_value>,
"redirecturl":<String_value>,
"authentication":<String_value>,
"curaaausers":<Double_value>,
"authenticationdomain":<String_value>,
"policyname":<String_value>,
"policy":<String_value>,
"servicename":<String_value>,
"weight":<Double_value>,
"cachevserver":<String_value>,
"backupvserver":<String_value>,
"clttimeout":<Double_value>,
"somethod":<String_value>,
"sothreshold":<Double_value>,
"sopersistence":<String_value>,
"sopersistencetimeout":<Double_value>,
"priority":<Double_value>,
"downstateflush":<String_value>,
"disableprimaryondown":<String_value>,
"listenpolicy":<String_value>,
"listenpriority":<Double_value>,
"tcpprofilename":<String_value>,
"httpprofilename":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"vstype":<Double_value>,
"ngname":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"secondary":<Boolean_value>,
"groupextraction":<Boolean_value>,
"certkeynames":<String_value>
}]}

get

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>

Query-parameters:

attrs

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

view

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver/name_value<String>?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:

{ "authenticationvserver": [ {
"name":<String_value>,
"ip":<String_value>,
"td":<Double_value>,
"ipv46":<String_value>,
"value":<String_value>,
"port":<Integer_value>,
"range":<Double_value>,
"servicetype":<String_value>,
"type":<String_value>,
"curstate":<String_value>,
"status":<Integer_value>,
"cachetype":<String_value>,
"redirect":<String_value>,
"precedence":<String_value>,
"redirecturl":<String_value>,
"authentication":<String_value>,
"curaaausers":<Double_value>,
"authenticationdomain":<String_value>,
"policyname":<String_value>,
"policy":<String_value>,
"servicename":<String_value>,
"weight":<Double_value>,
"cachevserver":<String_value>,
"backupvserver":<String_value>,
"clttimeout":<Double_value>,
"somethod":<String_value>,
"sothreshold":<Double_value>,
"sopersistence":<String_value>,
"sopersistencetimeout":<Double_value>,
"priority":<Double_value>,
"downstateflush":<String_value>,
"disableprimaryondown":<String_value>,
"listenpolicy":<String_value>,
"listenpriority":<Double_value>,
"tcpprofilename":<String_value>,
"httpprofilename":<String_value>,
"comment":<String_value>,
"appflowlog":<String_value>,
"vstype":<Double_value>,
"ngname":<String_value>,
"maxloginattempts":<Double_value>,
"failedlogintimeout":<Double_value>,
"secondary":<Boolean_value>,
"groupextraction":<Boolean_value>,
"certkeynames":<String_value>
}]}

count

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/authenticationvserver?count=yes

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:

{ "authenticationvserver": [ { "__count": "#no"} ] }