authentication OAuthAction¶
The following operations can be performed on "authentication OAuthAction":
add authentication OAuthAction¶
Adds an action to be used for OAuth authentication.
Synopsys¶
add authentication OAuthAction <name> -authorizationEndpoint <URL> -tokenEndpoint <URL> [-idtokenDecryptEndpoint <URL>] -clientID <string> -clientSecret <string> [-defaultAuthenticationGroup <string>] [-Attribute1 <string>] [-Attribute2 <string>] [-Attribute3 <string>] [-Attribute4 <string>] [-Attribute5 <string>] [-Attribute6 <string>] [-Attribute7 <string>] [-Attribute8 <string>] [-Attribute9 <string>] [-Attribute10 <string>] [-Attribute11 <string>] [-Attribute12 <string>] [-Attribute13 <string>] [-Attribute14 <string>] [-Attribute15 <string>] [-Attribute16 <string>]
Arguments¶
name
Name for the OAuth Authentication action.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the profile is created.
The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication action" or 'my authentication action').
authorizationEndpoint
Authorization endpoint/url to which unauthenticated user will be redirected. Netscaler appliance redirects user to this endpoint by adding query parameters including clientid.
tokenEndpoint
URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Netscaler appliance will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint
URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Netscaler appliance posts request to the URL configured
clientID
Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret
Secret string established by user and authorization server
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1
Expression that would be evaluated to extract attribute1 from the oauth response
Attribute2
Expression that would be evaluated to extract attribute2 from the oauth response
Attribute3
Expression that would be evaluated to extract attribute3 from the oauth response
Attribute4
Expression that would be evaluated to extract attribute4 from the oauth response
Attribute5
Expression that would be evaluated to extract attribute5 from the oauth response
Attribute6
Expression that would be evaluated to extract attribute6 from the oauth response
Attribute7
Expression that would be evaluated to extract attribute7 from the oauth response
Attribute8
Expression that would be evaluated to extract attribute8 from the oauth response
Attribute9
Expression that would be evaluated to extract attribute9 from the oauth response
Attribute10
Expression that would be evaluated to extract attribute10 from the oauth response
Attribute11
Expression that would be evaluated to extract attribute11 from the oauth response
Attribute12
Expression that would be evaluated to extract attribute12 from the oauth response
Attribute13
Expression that would be evaluated to extract attribute13 from the oauth response
Attribute14
Expression that would be evaluated to extract attribute14 from the oauth response
Attribute15
Expression that would be evaluated to extract attribute15 from the oauth response
Attribute16
Expression that would be evaluated to extract attribute16 from the oauth response
Example¶
add authentication oauthAction a -authorizationEndpoint https://google.com/ -tokenEndpoint https://google.com/ -clientiD sadf -clientsecret df
rm authentication OAuthAction¶
Removes a OAuth authentication action. You cannot remove an action that is used in any part of a policy.
Synopsys¶
rm authentication OAuthAction <name>
Arguments¶
name
Name of the OAuth authentication action to remove.
Example¶
rm authentication OAuthAction a1
set authentication OAuthAction¶
Modifies the attributes of an existing OAuth authentication action.
Synopsys¶
set authentication OAuthAction <name> [-authorizationEndpoint <URL>] [-tokenEndpoint <URL>] [-idtokenDecryptEndpoint <URL>] [-clientID <string>] [-clientSecret <string>] [-defaultAuthenticationGroup <string>] [-Attribute1 <string>] [-Attribute2 <string>] [-Attribute3 <string>] [-Attribute4 <string>] [-Attribute5 <string>] [-Attribute6 <string>] [-Attribute7 <string>] [-Attribute8 <string>] [-Attribute9 <string>] [-Attribute10 <string>] [-Attribute11 <string>] [-Attribute12 <string>] [-Attribute13 <string>] [-Attribute14 <string>] [-Attribute15 <string>] [-Attribute16 <string>]
Arguments¶
name
Name of the action to configure.
authorizationEndpoint
Authorization endpoint/url to which unauthenticated user will be redirected. Netscaler appliance redirects user to this endpoint by adding query parameters including clientid.
tokenEndpoint
URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Netscaler appliance will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint
URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Netscaler appliance posts request to the URL configured
clientID
Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret
Secret string established by user and authorization server
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1
Expression that would be evaluated to extract attribute1 from the oauth response
Attribute2
Expression that would be evaluated to extract attribute2 from the oauth response
Attribute3
Expression that would be evaluated to extract attribute3 from the oauth response
Attribute4
Expression that would be evaluated to extract attribute4 from the oauth response
Attribute5
Expression that would be evaluated to extract attribute5 from the oauth response
Attribute6
Expression that would be evaluated to extract attribute6 from the oauth response
Attribute7
Expression that would be evaluated to extract attribute7 from the oauth response
Attribute8
Expression that would be evaluated to extract attribute8 from the oauth response
Attribute9
Expression that would be evaluated to extract attribute9 from the oauth response
Attribute10
Expression that would be evaluated to extract attribute10 from the oauth response
Attribute11
Expression that would be evaluated to extract attribute11 from the oauth response
Attribute12
Expression that would be evaluated to extract attribute12 from the oauth response
Attribute13
Expression that would be evaluated to extract attribute13 from the oauth response
Attribute14
Expression that would be evaluated to extract attribute14 from the oauth response
Attribute15
Expression that would be evaluated to extract attribute15 from the oauth response
Attribute16
Expression that would be evaluated to extract attribute16 from the oauth response
Example¶
set authentication OAuthAction a1 -ClientID someid123 -clientSecret somesecret
unset authentication OAuthAction¶
Use this command to remove authentication OAuthAction settings.Refer to the set authentication OAuthAction command for meanings of the arguments.
Synopsys¶
unset authentication OAuthAction <name> [-idtokenDecryptEndpoint] [-defaultAuthenticationGroup] [-Attribute1] [-Attribute2] [-Attribute3] [-Attribute4] [-Attribute5] [-Attribute6] [-Attribute7] [-Attribute8] [-Attribute9] [-Attribute10] [-Attribute11] [-Attribute12] [-Attribute13] [-Attribute14] [-Attribute15] [-Attribute16]
show authentication OAuthAction¶
Displays information about the configured OAuth authentication action.
Synopsys¶
show authentication OAuthAction [<name>]
Arguments¶
name
Name of the OAuth authentication action to display. If a name is not provided, information about all actions is shown.
Outputs¶
stateflag
authorizationEndpoint
Authorization endpoint/url to which unauthenticated user will be redirected. Netscaler appliance redirects user to this endpoint by adding query parameters including clientid.
tokenEndpoint
URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Netscaler appliance will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint
URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Netscaler appliance posts request to the URL configured
clientID
Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret
Secret string established by user and authorization server
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1
Expression that would be evaluated to extract attribute1 from the oauth response
Attribute2
Expression that would be evaluated to extract attribute2 from the oauth response
Attribute3
Expression that would be evaluated to extract attribute3 from the oauth response
Attribute4
Expression that would be evaluated to extract attribute4 from the oauth response
Attribute5
Expression that would be evaluated to extract attribute5 from the oauth response
Attribute6
Expression that would be evaluated to extract attribute6 from the oauth response
Attribute7
Expression that would be evaluated to extract attribute7 from the oauth response
Attribute8
Expression that would be evaluated to extract attribute8 from the oauth response
Attribute9
Expression that would be evaluated to extract attribute9 from the oauth response
Attribute10
Expression that would be evaluated to extract attribute10 from the oauth response
Attribute11
Expression that would be evaluated to extract attribute11 from the oauth response
Attribute12
Expression that would be evaluated to extract attribute12 from the oauth response
Attribute13
Expression that would be evaluated to extract attribute13 from the oauth response
Attribute14
Expression that would be evaluated to extract attribute14 from the oauth response
Attribute15
Expression that would be evaluated to extract attribute15 from the oauth response
Attribute16
Expression that would be evaluated to extract attribute16 from the oauth response
devno
count
Example¶
show authentication OAuthAction a1