Download full document:

authentication OAuthAction

The following operations can be performed on "authentication OAuthAction":

add| rm| set| unset| show

add authentication OAuthAction

p{white-space: pre-wrap;}

Adds an action to be used for OAuth authentication.

Synopsys

add authentication OAuthAction <name> [-OAuthType ( GENERIC | INTUNE )] [-authorizationEndpoint <URL>] [-tokenEndpoint <URL>] [-idtokenDecryptEndpoint <URL>] -clientID <string> -clientSecret [-defaultAuthenticationGroup <string>] [-Attribute1 <string>] [-Attribute2 <string>] [-Attribute3 <string>] [-Attribute4 <string>] [-Attribute5 <string>] [-Attribute6 <string>] [-Attribute7 <string>] [-Attribute8 <string>] [-Attribute9 <string>] [-Attribute10 <string>] [-Attribute11 <string>] [-Attribute12 <string>] [-Attribute13 <string>] [-Attribute14 <string>] [-Attribute15 <string>] [-Attribute16 <string>] [-tenantID <string>] [-GraphEndpoint <string>] [-refreshInterval <positive_integer>] [-CertEndpoint <string>] [-audience <string>] [-userNameField <string>] [-skewTime <mins>] [-issuer <string>] [-UserInfoURL <URL>] [-CertFilePath <string>] [-grantType ( CODE | PASSWORD )]

Arguments

name

Name for the OAuth Authentication action.

Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the profile is created.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication action" or 'my authentication action').

OAuthType

Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.

Possible values: GENERIC, INTUNE

Default value: GENERIC

authorizationEndpoint

Authorization endpoint/url to which unauthenticated user will be redirected. Netscaler appliance redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction

tokenEndpoint

URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Netscaler appliance will validate presented token by posting it to the URL configured

idtokenDecryptEndpoint

URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Netscaler appliance posts request to the URL configured

clientID

Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID

clientSecret

Secret string established by user and authorization server

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Attribute1

Expression that would be evaluated to extract attribute1 from the oauth response

Attribute2

Expression that would be evaluated to extract attribute2 from the oauth response

Attribute3

Expression that would be evaluated to extract attribute3 from the oauth response

Attribute4

Expression that would be evaluated to extract attribute4 from the oauth response

Attribute5

Expression that would be evaluated to extract attribute5 from the oauth response

Attribute6

Expression that would be evaluated to extract attribute6 from the oauth response

Attribute7

Expression that would be evaluated to extract attribute7 from the oauth response

Attribute8

Expression that would be evaluated to extract attribute8 from the oauth response

Attribute9

Expression that would be evaluated to extract attribute9 from the oauth response

Attribute10

Expression that would be evaluated to extract attribute10 from the oauth response

Attribute11

Expression that would be evaluated to extract attribute11 from the oauth response

Attribute12

Expression that would be evaluated to extract attribute12 from the oauth response

Attribute13

Expression that would be evaluated to extract attribute13 from the oauth response

Attribute14

Expression that would be evaluated to extract attribute14 from the oauth response

Attribute15

Expression that would be evaluated to extract attribute15 from the oauth response

Attribute16

Expression that would be evaluated to extract attribute16 from the oauth response

tenantID

TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.

GraphEndpoint

URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.

refreshInterval

Interval at which services are monitored for necessary configuration.

Default value: 1440

Minimum value: 0

CertEndpoint

URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.

audience

Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient

userNameField

Attribute in the token from which username should be extracted.

skewTime

This option specifies the allowed clock skew in number of minutes that Netscaler allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

Default value: 5

issuer

Identity of the server whose tokens are to be accepted.

UserInfoURL

URL to which OAuth access token will be posted to obtain user information.

CertFilePath

Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.

grantType

Grant type support. value can be code or password

Possible values: CODE, PASSWORD

Default value: CODE

Example

add authentication oauthAction a -authorizationEndpoint https://google.com/ -tokenEndpoint https://google.com/ -clientiD sadf -clientsecret df

rm authentication OAuthAction

p{white-space: pre-wrap;}

Removes a OAuth authentication action. You cannot remove an action that is used in any part of a policy.

Synopsys

rm authentication OAuthAction <name>

Arguments

name

Name of the OAuth authentication action to remove.

Example

rm authentication OAuthAction a1

set authentication OAuthAction

p{white-space: pre-wrap;}

Modifies the attributes of an existing OAuth authentication action.

Synopsys

set authentication OAuthAction <name> [-OAuthType ( GENERIC | INTUNE )] [-authorizationEndpoint <URL>] [-tokenEndpoint <URL>] [-idtokenDecryptEndpoint <URL>] [-clientID <string>] [-clientSecret ] [-defaultAuthenticationGroup <string>] [-Attribute1 <string>] [-Attribute2 <string>] [-Attribute3 <string>] [-Attribute4 <string>] [-Attribute5 <string>] [-Attribute6 <string>] [-Attribute7 <string>] [-Attribute8 <string>] [-Attribute9 <string>] [-Attribute10 <string>] [-Attribute11 <string>] [-Attribute12 <string>] [-Attribute13 <string>] [-Attribute14 <string>] [-Attribute15 <string>] [-Attribute16 <string>] [-tenantID <string>] [-GraphEndpoint <string>] [-refreshInterval <positive_integer>] [-CertEndpoint <string>] [-audience <string>] [-userNameField <string>] [-skewTime <mins>] [-issuer <string>] [-UserInfoURL <URL>] [-CertFilePath <string>] [-grantType ( CODE | PASSWORD )]

Arguments

name

Name of the action to configure.

OAuthType

Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.

Possible values: GENERIC, INTUNE

Default value: GENERIC

authorizationEndpoint

Authorization endpoint/url to which unauthenticated user will be redirected. Netscaler appliance redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction

tokenEndpoint

URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Netscaler appliance will validate presented token by posting it to the URL configured

idtokenDecryptEndpoint

URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Netscaler appliance posts request to the URL configured

clientID

Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID

clientSecret

Secret string established by user and authorization server

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Attribute1

Expression that would be evaluated to extract attribute1 from the oauth response

Attribute2

Expression that would be evaluated to extract attribute2 from the oauth response

Attribute3

Expression that would be evaluated to extract attribute3 from the oauth response

Attribute4

Expression that would be evaluated to extract attribute4 from the oauth response

Attribute5

Expression that would be evaluated to extract attribute5 from the oauth response

Attribute6

Expression that would be evaluated to extract attribute6 from the oauth response

Attribute7

Expression that would be evaluated to extract attribute7 from the oauth response

Attribute8

Expression that would be evaluated to extract attribute8 from the oauth response

Attribute9

Expression that would be evaluated to extract attribute9 from the oauth response

Attribute10

Expression that would be evaluated to extract attribute10 from the oauth response

Attribute11

Expression that would be evaluated to extract attribute11 from the oauth response

Attribute12

Expression that would be evaluated to extract attribute12 from the oauth response

Attribute13

Expression that would be evaluated to extract attribute13 from the oauth response

Attribute14

Expression that would be evaluated to extract attribute14 from the oauth response

Attribute15

Expression that would be evaluated to extract attribute15 from the oauth response

Attribute16

Expression that would be evaluated to extract attribute16 from the oauth response

tenantID

TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.

GraphEndpoint

URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.

refreshInterval

Interval at which services are monitored for necessary configuration.

Default value: 1440

Minimum value: 0

CertEndpoint

URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.

audience

Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient

userNameField

Attribute in the token from which username should be extracted.

skewTime

This option specifies the allowed clock skew in number of minutes that Netscaler allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

Default value: 5

issuer

Identity of the server whose tokens are to be accepted.

UserInfoURL

URL to which OAuth access token will be posted to obtain user information.

CertFilePath

Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.

grantType

Grant type support. value can be code or password

Possible values: CODE, PASSWORD

Default value: CODE

Example

set authentication OAuthAction a1 -ClientID someid123 -clientSecret somesecret

unset authentication OAuthAction

p{white-space: pre-wrap;}

Use this command to remove authentication OAuthAction settings.Refer to the set authentication OAuthAction command for meanings of the arguments.

Synopsys

unset authentication OAuthAction <name> [-OAuthType] [-idtokenDecryptEndpoint] [-defaultAuthenticationGroup] [-Attribute1] [-Attribute2] [-Attribute3] [-Attribute4] [-Attribute5] [-Attribute6] [-Attribute7] [-Attribute8] [-Attribute9] [-Attribute10] [-Attribute11] [-Attribute12] [-Attribute13] [-Attribute14] [-Attribute15] [-Attribute16] [-GraphEndpoint] [-refreshInterval] [-CertEndpoint] [-audience] [-userNameField] [-skewTime] [-issuer] [-UserInfoURL] [-CertFilePath]

show authentication OAuthAction

p{white-space: pre-wrap;}

Displays information about the configured OAuth authentication action.

Synopsys

show authentication OAuthAction [<name>]

Arguments

name

Name of the OAuth authentication action to display. If a name is not provided, information about all actions is shown.

Outputs

stateflag

authorizationEndpoint

Authorization endpoint/url to which unauthenticated user will be redirected. Netscaler appliance redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction

tokenEndpoint

URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Netscaler appliance will validate presented token by posting it to the URL configured

idtokenDecryptEndpoint

URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Netscaler appliance posts request to the URL configured

clientID

Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID

clientSecret

Secret string established by user and authorization server

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Attribute1

Expression that would be evaluated to extract attribute1 from the oauth response

Attribute2

Expression that would be evaluated to extract attribute2 from the oauth response

Attribute3

Expression that would be evaluated to extract attribute3 from the oauth response

Attribute4

Expression that would be evaluated to extract attribute4 from the oauth response

Attribute5

Expression that would be evaluated to extract attribute5 from the oauth response

Attribute6

Expression that would be evaluated to extract attribute6 from the oauth response

Attribute7

Expression that would be evaluated to extract attribute7 from the oauth response

Attribute8

Expression that would be evaluated to extract attribute8 from the oauth response

Attribute9

Expression that would be evaluated to extract attribute9 from the oauth response

Attribute10

Expression that would be evaluated to extract attribute10 from the oauth response

Attribute11

Expression that would be evaluated to extract attribute11 from the oauth response

Attribute12

Expression that would be evaluated to extract attribute12 from the oauth response

Attribute13

Expression that would be evaluated to extract attribute13 from the oauth response

Attribute14

Expression that would be evaluated to extract attribute14 from the oauth response

Attribute15

Expression that would be evaluated to extract attribute15 from the oauth response

Attribute16

Expression that would be evaluated to extract attribute16 from the oauth response

tenantID

TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.

GraphEndpoint

URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.

refreshInterval

Interval at which services are monitored for necessary configuration.

CertEndpoint

URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.

OAuthType

Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.

audience

Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient

userNameField

Attribute in the token from which username should be extracted.

skewTime

This option specifies the allowed clock skew in number of minutes that Netscaler allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

issuer

Identity of the server whose tokens are to be accepted.

OAuthStatus

Describes status information of oauth server.

UserInfoURL

URL to which OAuth access token will be posted to obtain user information.

CertFilePath

Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.

grantType

Grant type support. value can be code or password

devno

count

Example

show authentication OAuthAction a1