Download full document:

authentication OAuthIDPProfile

The following operations can be performed on "authentication OAuthIDPProfile":

add| rm| set| unset| show

add authentication OAuthIDPProfile

p{white-space: pre-wrap;}

Creates a OAuth IdP profile. This profile is used in verifying incoming authentication request from Reousece Server, and sending token.

Synopsys

add authentication OAuthIDPProfile <name> [-clientID <string>] [-clientSecret ] [-redirectURL <URL>] [-issuer <string>] [-audience <string>] [-skewTime <mins>] [-defaultAuthenticationGroup <string>] [-relyingPartyMetadataURL <URL>] [-refreshInterval <positive_integer>] [-encryptToken ( ON | OFF )]

Arguments

name

Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').

clientID

Unique identity of the relying party requesting for authentication.

clientSecret

Unique secret string to authorize relying party at authorization server.

redirectURL

URL endpoint on relying party to which the OAuth token is to be sent.

issuer

The name to be used in requests sent from Netscaler to IdP to uniquely identify Netscaler.

audience

Audience for which token is being sent by NetScaler IdP. This is typically entity name or url that represents the recipient

skewTime

This option specifies the duration for which the token sent by NetScaler IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

Default value: 5

defaultAuthenticationGroup

This is the group that is added to user sessions that match current IdP policy. It can be used in policies to identify relying party trust.

relyingPartyMetadataURL

This is the endpoint at which NetScaler IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).

refreshInterval

Interval at which Relying Party metadata is refreshed.

Default value: 50

Minimum value: 0

encryptToken

Option to encrypt token when Netscaler IDP sends one.

Possible values: ON, OFF

Default value: OFF

rm authentication OAuthIDPProfile

p{white-space: pre-wrap;}

Deletes an existing OAuth IdP profile.

Synopsys

rm authentication OAuthIDPProfile <name>

Arguments

name

Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').

set authentication OAuthIDPProfile

p{white-space: pre-wrap;}

Modifies the specified attributes of a OAuth IdP profile.

Synopsys

set authentication OAuthIDPProfile <name> [-clientID <string>] [-clientSecret ] [-redirectURL <URL>] [-issuer <string>] [-audience <string>] [-skewTime <mins>] [-defaultAuthenticationGroup <string>] [-relyingPartyMetadataURL <URL>] [-refreshInterval <positive_integer>] [-encryptToken ( ON | OFF )]

Arguments

name

Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').

clientID

Unique identity of the relying party requesting for authentication.

clientSecret

Unique secret string to authorize relying party at authorization server.

redirectURL

URL endpoint on relying party to which the OAuth token is to be sent.

issuer

The name to be used in requests sent from Netscaler to IdP to uniquely identify Netscaler.

audience

Audience for which token is being sent by NetScaler IdP. This is typically entity name or url that represents the recipient

skewTime

This option specifies the duration for which the token sent by NetScaler IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

Default value: 5

defaultAuthenticationGroup

This is the group that is added to user sessions that match current IdP policy. It can be used in policies to identify relying party trust.

relyingPartyMetadataURL

This is the endpoint at which NetScaler IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).

refreshInterval

Interval at which Relying Party metadata is refreshed.

Default value: 50

Minimum value: 0

encryptToken

Option to encrypt token when Netscaler IDP sends one.

Possible values: ON, OFF

Default value: OFF

unset authentication OAuthIDPProfile

p{white-space: pre-wrap;}

Use this command to remove authentication OAuthIDPProfile settings.Refer to the set authentication OAuthIDPProfile command for meanings of the arguments.

Synopsys

unset authentication OAuthIDPProfile <name> [-issuer] [-audience] [-skewTime] [-defaultAuthenticationGroup] [-relyingPartyMetadataURL] [-refreshInterval] [-encryptToken]

show authentication OAuthIDPProfile

p{white-space: pre-wrap;}

Displays information about all configured OAuth IdP profiles, or displays detailed information about the specified action.

Synopsys

show authentication OAuthIDPProfile [<name>]

Arguments

name

Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').

Outputs

clientID

Unique identity of the relying party requesting for authentication.

clientSecret

Unique secret string to authorize relying party at authorization server.

redirectURL

URL endpoint on relying party to which the OAuth token is to be sent.

issuer

The name to be used in requests sent from Netscaler to IdP to uniquely identify Netscaler.

audience

Audience for which token is being sent by NetScaler IdP. This is typically entity name or url that represents the recipient

skewTime

This option specifies the duration for which the token sent by NetScaler IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

defaultAuthenticationGroup

This is the group that is added to user sessions that match current IdP policy. It can be used in policies to identify relying party trust.

relyingPartyMetadataURL

This is the endpoint at which NetScaler IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).

refreshInterval

Interval at which Relying Party metadata is refreshed.

encryptToken

Option to encrypt token when Netscaler IDP sends one.

OAuthStatus

Describes status information of oauth idp metadata fetch process.

devno

count

stateflag