Skip to content

authentication-samlIdPProfile

The following operations can be performed on "authentication-samlIdPProfile":

set| show| rm| unset| add|

set authentication samlIdPProfile

Modifies the specified attributes of a saml IdP profile.

Synopsis

set authentication samlIdPProfile [-samlSPCertName ] [-samlIdPCertName ] [-assertionConsumerServiceURL ] [-samlIssuerName ] [-rejectUnsignedRequests ( ON | OFF )] [-signatureAlg ( RSA-SHA1 | RSA-SHA256 )] [-digestMethod ( SHA1 | SHA256 )] [-audience ] [-NameIDFormat ] [-NameIDExpr ] [-Attribute1 -Attribute1Expr [-Attribute1FriendlyName ] [-Attribute1Format ( URI | Basic )]] [-Attribute2 -Attribute2Expr [-Attribute2FriendlyName ] [-Attribute2Format ( URI | Basic )]] [-Attribute3 -Attribute3Expr [-Attribute3FriendlyName ] [-Attribute3Format ( URI | Basic )]] [-Attribute4 -Attribute4Expr [-Attribute4FriendlyName ] [-Attribute4Format ( URI | Basic )]] [-Attribute5 -Attribute5Expr [-Attribute5FriendlyName ] [-Attribute5Format ( URI | Basic )]] [-Attribute6 -Attribute6Expr [-Attribute6FriendlyName ] [-Attribute6Format ( URI | Basic )]] [-Attribute7 -Attribute7Expr [-Attribute7FriendlyName ] [-Attribute7Format ( URI | Basic )]] [-Attribute8 -Attribute8Expr [-Attribute8FriendlyName ] [-Attribute8Format ( URI | Basic )]] [-Attribute9 -Attribute9Expr [-Attribute9FriendlyName ] [-Attribute9Format ( URI | Basic )]] [-Attribute10 -Attribute10Expr [-Attribute10FriendlyName ] [-Attribute10Format ( URI | Basic )]] [-Attribute11 -Attribute11Expr [-Attribute11FriendlyName ] [-Attribute11Format ( URI | Basic )]] [-Attribute12 -Attribute12Expr [-Attribute12FriendlyName ] [-Attribute12Format ( URI | Basic )]] [-Attribute13 -Attribute13Expr [-Attribute13FriendlyName ] [-Attribute13Format ( URI | Basic )]] [-Attribute14 -Attribute14Expr [-Attribute14FriendlyName ] [-Attribute14Format ( URI | Basic )]] [-Attribute15 -Attribute15Expr [-Attribute15FriendlyName ] [-Attribute15Format ( URI | Basic )]] [-Attribute16 -Attribute16Expr [-Attribute16FriendlyName ] [-Attribute16Format ( URI | Basic )]] [-encryptAssertion ( ON | OFF )] [-encryptionAlgorithm ] [-samlBinding ] [-skewTime ] [-serviceProviderID ] [-signAssertion ] [-keyTransportAlg ( RSA-V1_5 | RSA_OAEP )] [-SPLogoutUrl ] [-logoutBinding ( REDIRECT | POST )] [-defaultAuthenticationGroup ] [-metadataUrl ] [-metadataRefreshInterval ] [-signatureService ] [-samlSigningCertVersion ] [-samlSPCertVersion ] [-acsUrlRule ]

Arguments

name Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').

samlSPCertName Name of the SSL certificate of SAML Relying Party. This certificate is used to verify signature of the incoming AuthnRequest from a Relying Party or Service Provider

samlIdPCertName Name of the certificate used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication

assertionConsumerServiceURL URL to which the assertion is to be sent.

samlIssuerName The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.

rejectUnsignedRequests Option to Reject unsigned SAML Requests. ON option denies any authentication requests that arrive without signature.

Possible values: ON, OFF Default value: ON

signatureAlg Algorithm to be used to sign/verify SAML transactions

Possible values: RSA-SHA1, RSA-SHA256 Default value: RSA-SHA256

digestMethod Algorithm to be used to compute/verify digest for SAML transactions

Possible values: SHA1, SHA256 Default value: SHA256

audience Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider

NameIDFormat Format of Name Identifier sent in Assertion.

Possible values: Unspecified, emailAddress, X509SubjectName, WindowsDomainQualifiedName, kerberos, entity, persistent, transient Default value: transient

NameIDExpr Expression that will be evaluated to obtain NameIdentifier to be sent in assertion

Attribute1 Name of attribute1 that needs to be sent in SAML Assertion

Attribute1Expr Expression that will be evaluated to obtain attribute1's value to be sent in Assertion

Attribute1FriendlyName User-Friendly Name of attribute1 that needs to be sent in SAML Assertion

Attribute1Format Format of Attribute1 to be sent in Assertion.

Possible values: URI, Basic

Attribute2 Name of attribute2 that needs to be sent in SAML Assertion

Attribute2Expr Expression that will be evaluated to obtain attribute2's value to be sent in Assertion

Attribute2FriendlyName User-Friendly Name of attribute2 that needs to be sent in SAML Assertion

Attribute2Format Format of Attribute2 to be sent in Assertion.

Possible values: URI, Basic

Attribute3 Name of attribute3 that needs to be sent in SAML Assertion

Attribute3Expr Expression that will be evaluated to obtain attribute3's value to be sent in Assertion

Attribute3FriendlyName User-Friendly Name of attribute3 that needs to be sent in SAML Assertion

Attribute3Format Format of Attribute3 to be sent in Assertion.

Possible values: URI, Basic

Attribute4 Name of attribute4 that needs to be sent in SAML Assertion

Attribute4Expr Expression that will be evaluated to obtain attribute4's value to be sent in Assertion

Attribute4FriendlyName User-Friendly Name of attribute4 that needs to be sent in SAML Assertion

Attribute4Format Format of Attribute4 to be sent in Assertion.

Possible values: URI, Basic

Attribute5 Name of attribute5 that needs to be sent in SAML Assertion

Attribute5Expr Expression that will be evaluated to obtain attribute5's value to be sent in Assertion

Attribute5FriendlyName User-Friendly Name of attribute5 that needs to be sent in SAML Assertion

Attribute5Format Format of Attribute5 to be sent in Assertion.

Possible values: URI, Basic

Attribute6 Name of attribute6 that needs to be sent in SAML Assertion

Attribute6Expr Expression that will be evaluated to obtain attribute6's value to be sent in Assertion

Attribute6FriendlyName User-Friendly Name of attribute6 that needs to be sent in SAML Assertion

Attribute6Format Format of Attribute6 to be sent in Assertion.

Possible values: URI, Basic

Attribute7 Name of attribute7 that needs to be sent in SAML Assertion

Attribute7Expr Expression that will be evaluated to obtain attribute7's value to be sent in Assertion

Attribute7FriendlyName User-Friendly Name of attribute7 that needs to be sent in SAML Assertion

Attribute7Format Format of Attribute7 to be sent in Assertion.

Possible values: URI, Basic

Attribute8 Name of attribute8 that needs to be sent in SAML Assertion

Attribute8Expr Expression that will be evaluated to obtain attribute8's value to be sent in Assertion

Attribute8FriendlyName User-Friendly Name of attribute8 that needs to be sent in SAML Assertion

Attribute8Format Format of Attribute8 to be sent in Assertion.

Possible values: URI, Basic

Attribute9 Name of attribute9 that needs to be sent in SAML Assertion

Attribute9Expr Expression that will be evaluated to obtain attribute9's value to be sent in Assertion

Attribute9FriendlyName User-Friendly Name of attribute9 that needs to be sent in SAML Assertion

Attribute9Format Format of Attribute9 to be sent in Assertion.

Possible values: URI, Basic

Attribute10 Name of attribute10 that needs to be sent in SAML Assertion

Attribute10Expr Expression that will be evaluated to obtain attribute10's value to be sent in Assertion

Attribute10FriendlyName User-Friendly Name of attribute10 that needs to be sent in SAML Assertion

Attribute10Format Format of Attribute10 to be sent in Assertion.

Possible values: URI, Basic

Attribute11 Name of attribute11 that needs to be sent in SAML Assertion

Attribute11Expr Expression that will be evaluated to obtain attribute11's value to be sent in Assertion

Attribute11FriendlyName User-Friendly Name of attribute11 that needs to be sent in SAML Assertion

Attribute11Format Format of Attribute11 to be sent in Assertion.

Possible values: URI, Basic

Attribute12 Name of attribute12 that needs to be sent in SAML Assertion

Attribute12Expr Expression that will be evaluated to obtain attribute12's value to be sent in Assertion

Attribute12FriendlyName User-Friendly Name of attribute12 that needs to be sent in SAML Assertion

Attribute12Format Format of Attribute12 to be sent in Assertion.

Possible values: URI, Basic

Attribute13 Name of attribute13 that needs to be sent in SAML Assertion

Attribute13Expr Expression that will be evaluated to obtain attribute13's value to be sent in Assertion

Attribute13FriendlyName User-Friendly Name of attribute13 that needs to be sent in SAML Assertion

Attribute13Format Format of Attribute13 to be sent in Assertion.

Possible values: URI, Basic

Attribute14 Name of attribute14 that needs to be sent in SAML Assertion

Attribute14Expr Expression that will be evaluated to obtain attribute14's value to be sent in Assertion

Attribute14FriendlyName User-Friendly Name of attribute14 that needs to be sent in SAML Assertion

Attribute14Format Format of Attribute14 to be sent in Assertion.

Possible values: URI, Basic

Attribute15 Name of attribute15 that needs to be sent in SAML Assertion

Attribute15Expr Expression that will be evaluated to obtain attribute15's value to be sent in Assertion

Attribute15FriendlyName User-Friendly Name of attribute15 that needs to be sent in SAML Assertion

Attribute15Format Format of Attribute15 to be sent in Assertion.

Possible values: URI, Basic

Attribute16 Name of attribute16 that needs to be sent in SAML Assertion

Attribute16Expr Expression that will be evaluated to obtain attribute16's value to be sent in Assertion

Attribute16FriendlyName User-Friendly Name of attribute16 that needs to be sent in SAML Assertion

Attribute16Format Format of Attribute16 to be sent in Assertion.

Possible values: URI, Basic

encryptAssertion Option to encrypt assertion when Citrix ADC IDP sends one.

Possible values: ON, OFF Default value: OFF

encryptionAlgorithm Algorithm to be used to encrypt SAML assertion

Possible values: DES3, AES128, AES192, AES256 Default value: AES256

samlBinding This element specifies the transport mechanism of saml messages.

Possible values: REDIRECT, POST, ARTIFACT Default value: POST

skewTime This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5

serviceProviderID Unique identifier of the Service Provider that sends SAML Request. Citrix ADC will ensure that the Issuer of the SAML Request matches this URI. In case of SP initiated sign-in scenarios, this value must be same as samlIssuerName configured in samlAction.

signAssertion Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed

Possible values: NONE, ASSERTION, RESPONSE, BOTH Default value: ASSERTION

keyTransportAlg Key transport algorithm to be used in encryption of SAML assertion

Possible values: RSA-V1_5, RSA_OAEP Default value: RSA_OAEP

SPLogoutUrl Endpoint on the ServiceProvider (SP) to which logout messages are to be sent

logoutBinding This element specifies the transport mechanism of saml logout messages.

Possible values: REDIRECT, POST Default value: POST

defaultAuthenticationGroup This group will be part of AAA session's internal group list. This will be helpful to admin in Nfactor flow to decide right AAA configuration for Relaying Party. In authentication policy AAA.USER.IS_MEMBER_OF("") is way to use this feature.

metadataUrl This URL is used for obtaining samlidp metadata

metadataRefreshInterval Interval in minute for fetching metadata from specified metadata URL Default value: 3600 Minimum value: 0

signatureService Name of the service in cloud used to sign the data

samlSigningCertVersion version of the certificate in signature service used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication

samlSPCertVersion version of the certificate in signature service used to verify the signature of the incoming AuthnRequest from a Relying Party or Service Provider

acsUrlRule Expression that will be evaluated to allow Assertion Consumer Service URI coming in the SAML Request

show authentication samlIdPProfile

Displays information about all configured saml single sign-on profiles, or displays detailed information about the specified action.

Synopsis

show authentication samlIdPProfile []

Arguments

name Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').

Output

samlSPCertName Name of the SSL certificate of SAML Relying Party. This certificate is used to verify signature of the incoming AuthnRequest from a Relying Party or Service Provider

samlIdPCertName Name of the certificate used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication

assertionConsumerServiceURL URL to which the assertion is to be sent.

sendPassword Option to send password in assertion.

samlIssuerName The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.

rejectUnsignedRequests Option to Reject unsigned SAML Requests. ON option denies any authentication requests that arrive without signature.

signatureAlg Algorithm to be used to sign/verify SAML transactions

digestMethod Algorithm to be used to compute/verify digest for SAML transactions

audience Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider

NameIDFormat Format of Name Identifier sent in Assertion.

NameIDExpr Expression that will be evaluated to obtain NameIdentifier to be sent in assertion

Attribute1 Name of attribute1 that needs to be sent in SAML Assertion

Attribute2 Name of attribute2 that needs to be sent in SAML Assertion

Attribute3 Name of attribute3 that needs to be sent in SAML Assertion

Attribute4 Name of attribute4 that needs to be sent in SAML Assertion

Attribute5 Name of attribute5 that needs to be sent in SAML Assertion

Attribute6 Name of attribute6 that needs to be sent in SAML Assertion

Attribute7 Name of attribute7 that needs to be sent in SAML Assertion

Attribute8 Name of attribute8 that needs to be sent in SAML Assertion

Attribute9 Name of attribute9 that needs to be sent in SAML Assertion

Attribute10 Name of attribute10 that needs to be sent in SAML Assertion

Attribute11 Name of attribute11 that needs to be sent in SAML Assertion

Attribute12 Name of attribute12 that needs to be sent in SAML Assertion

Attribute13 Name of attribute13 that needs to be sent in SAML Assertion

Attribute14 Name of attribute14 that needs to be sent in SAML Assertion

Attribute15 Name of attribute15 that needs to be sent in SAML Assertion

Attribute16 Name of attribute16 that needs to be sent in SAML Assertion

Attribute1FriendlyName User-Friendly Name of attribute1 that needs to be sent in SAML Assertion

Attribute2FriendlyName User-Friendly Name of attribute2 that needs to be sent in SAML Assertion

Attribute3FriendlyName User-Friendly Name of attribute3 that needs to be sent in SAML Assertion

Attribute4FriendlyName User-Friendly Name of attribute4 that needs to be sent in SAML Assertion

Attribute5FriendlyName User-Friendly Name of attribute5 that needs to be sent in SAML Assertion

Attribute6FriendlyName User-Friendly Name of attribute6 that needs to be sent in SAML Assertion

Attribute7FriendlyName User-Friendly Name of attribute7 that needs to be sent in SAML Assertion

Attribute8FriendlyName User-Friendly Name of attribute8 that needs to be sent in SAML Assertion

Attribute9FriendlyName User-Friendly Name of attribute9 that needs to be sent in SAML Assertion

Attribute10FriendlyName User-Friendly Name of attribute10 that needs to be sent in SAML Assertion

Attribute11FriendlyName User-Friendly Name of attribute11 that needs to be sent in SAML Assertion

Attribute12FriendlyName User-Friendly Name of attribute12 that needs to be sent in SAML Assertion

Attribute13FriendlyName User-Friendly Name of attribute13 that needs to be sent in SAML Assertion

Attribute14FriendlyName User-Friendly Name of attribute14 that needs to be sent in SAML Assertion

Attribute15FriendlyName User-Friendly Name of attribute15 that needs to be sent in SAML Assertion

Attribute16FriendlyName User-Friendly Name of attribute16 that needs to be sent in SAML Assertion

Attribute1Format Format of Attribute1 to be sent in Assertion.

Attribute2Format Format of Attribute2 to be sent in Assertion.

Attribute3Format Format of Attribute3 to be sent in Assertion.

Attribute4Format Format of Attribute4 to be sent in Assertion.

Attribute5Format Format of Attribute5 to be sent in Assertion.

Attribute6Format Format of Attribute6 to be sent in Assertion.

Attribute7Format Format of Attribute7 to be sent in Assertion.

Attribute8Format Format of Attribute8 to be sent in Assertion.

Attribute9Format Format of Attribute9 to be sent in Assertion.

Attribute10Format Format of Attribute10 to be sent in Assertion.

Attribute11Format Format of Attribute11 to be sent in Assertion.

Attribute12Format Format of Attribute12 to be sent in Assertion.

Attribute13Format Format of Attribute13 to be sent in Assertion.

Attribute14Format Format of Attribute14 to be sent in Assertion.

Attribute15Format Format of Attribute15 to be sent in Assertion.

Attribute16Format Format of Attribute16 to be sent in Assertion.

Attribute1Expr Expression that will be evaluated to obtain attribute1's value to be sent in Assertion

Attribute2Expr Expression that will be evaluated to obtain attribute2's value to be sent in Assertion

Attribute3Expr Expression that will be evaluated to obtain attribute3's value to be sent in Assertion

Attribute4Expr Expression that will be evaluated to obtain attribute4's value to be sent in Assertion

Attribute5Expr Expression that will be evaluated to obtain attribute5's value to be sent in Assertion

Attribute6Expr Expression that will be evaluated to obtain attribute6's value to be sent in Assertion

Attribute7Expr Expression that will be evaluated to obtain attribute7's value to be sent in Assertion

Attribute8Expr Expression that will be evaluated to obtain attribute8's value to be sent in Assertion

Attribute9Expr Expression that will be evaluated to obtain attribute9's value to be sent in Assertion

Attribute10Expr Expression that will be evaluated to obtain attribute10's value to be sent in Assertion

Attribute11Expr Expression that will be evaluated to obtain attribute11's value to be sent in Assertion

Attribute12Expr Expression that will be evaluated to obtain attribute12's value to be sent in Assertion

Attribute13Expr Expression that will be evaluated to obtain attribute13's value to be sent in Assertion

Attribute14Expr Expression that will be evaluated to obtain attribute14's value to be sent in Assertion

Attribute15Expr Expression that will be evaluated to obtain attribute15's value to be sent in Assertion

Attribute16Expr Expression that will be evaluated to obtain attribute16's value to be sent in Assertion

encryptAssertion Option to encrypt assertion when Citrix ADC IDP sends one.

encryptionAlgorithm Algorithm to be used to encrypt SAML assertion

samlBinding This element specifies the transport mechanism of saml messages.

skewTime This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

serviceProviderID Unique identifier of the Service Provider that sends SAML Request. Citrix ADC will ensure that the Issuer of the SAML Request matches this URI. In case of SP initiated sign-in scenarios, this value must be same as samlIssuerName configured in samlAction.

signAssertion Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed

keyTransportAlg Key transport algorithm to be used in encryption of SAML assertion

SPLogoutUrl Endpoint on the ServiceProvider (SP) to which logout messages are to be sent

logoutBinding This element specifies the transport mechanism of saml logout messages.

defaultAuthenticationGroup This group will be part of AAA session's internal group list. This will be helpful to admin in Nfactor flow to decide right AAA configuration for Relaying Party. In authentication policy AAA.USER.IS_MEMBER_OF("") is way to use this feature.

metadataUrl This URL is used for obtaining samlidp metadata

metadataRefreshInterval Interval in minute for fetching metadata from specified metadata URL

metadataImportStatus Describes metadata import status.

signatureService Name of the service in cloud used to sign the data

samlSigningCertVersion version of the certificate in signature service used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication

samlSPCertVersion version of the certificate in signature service used to verify the signature of the incoming AuthnRequest from a Relying Party or Service Provider

acsUrlRule Expression that will be evaluated to allow Assertion Consumer Service URI coming in the SAML Request

devno count stateflag

rm authentication samlIdPProfile

Deletes an existing saml IdP profile.

Synopsis

rm authentication samlIdPProfile

Arguments

name Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').

unset authentication samlIdPProfile

Use this command to remove authentication samlIdPProfile settings.Refer to the set authentication samlIdPProfile command for meanings of the arguments.

Synopsis

unset authentication samlIdPProfile [-samlSPCertName] [-samlIdPCertName] [-assertionConsumerServiceURL] [-samlIssuerName] [-rejectUnsignedRequests] [-signatureAlg] [-digestMethod] [-audience] [-NameIDFormat] [-NameIDExpr] [-Attribute1] [-Attribute1FriendlyName] [-Attribute1Format] [-Attribute2] [-Attribute2FriendlyName] [-Attribute2Format] [-Attribute3] [-Attribute3FriendlyName] [-Attribute3Format] [-Attribute4] [-Attribute4FriendlyName] [-Attribute4Format] [-Attribute5] [-Attribute5FriendlyName] [-Attribute5Format] [-Attribute6] [-Attribute6FriendlyName] [-Attribute6Format] [-Attribute7] [-Attribute7FriendlyName] [-Attribute7Format] [-Attribute8] [-Attribute8FriendlyName] [-Attribute8Format] [-Attribute9] [-Attribute9FriendlyName] [-Attribute9Format] [-Attribute10] [-Attribute10FriendlyName] [-Attribute10Format] [-Attribute11] [-Attribute11FriendlyName] [-Attribute11Format] [-Attribute12] [-Attribute12FriendlyName] [-Attribute12Format] [-Attribute13] [-Attribute13FriendlyName] [-Attribute13Format] [-Attribute14] [-Attribute14FriendlyName] [-Attribute14Format] [-Attribute15] [-Attribute15FriendlyName] [-Attribute15Format] [-Attribute16] [-Attribute16FriendlyName] [-Attribute16Format] [-encryptAssertion] [-encryptionAlgorithm] [-samlBinding] [-skewTime] [-serviceProviderID] [-signAssertion] [-keyTransportAlg] [-SPLogoutUrl] [-logoutBinding] [-defaultAuthenticationGroup] [-metadataUrl] [-metadataRefreshInterval] [-signatureService] [-samlSigningCertVersion] [-samlSPCertVersion] [-acsUrlRule]

add authentication samlIdPProfile

Creates a SAML single IdP profile. This profile is used in verifying incoming authentication request from Service Provider and creating and signing Assertion that is sent to the same.

Synopsis

add authentication samlIdPProfile [(-samlSPCertName [-encryptAssertion ( ON | OFF ) [-keyTransportAlg ( RSA-V1_5 | RSA_OAEP )]]) | (-metadataUrl [-metadataRefreshInterval ])] [-samlIdPCertName ] [-assertionConsumerServiceURL ] [-samlIssuerName ] [-rejectUnsignedRequests ( ON | OFF )] [-signatureAlg ( RSA-SHA1 | RSA-SHA256 )] [-digestMethod ( SHA1 | SHA256 )] [-audience ] [-NameIDFormat ] [-NameIDExpr ] [-Attribute1 -Attribute1Expr [-Attribute1FriendlyName ] [-Attribute1Format ( URI | Basic )]] [-Attribute2 -Attribute2Expr [-Attribute2FriendlyName ] [-Attribute2Format ( URI | Basic )]] [-Attribute3 -Attribute3Expr [-Attribute3FriendlyName ] [-Attribute3Format ( URI | Basic )]] [-Attribute4 -Attribute4Expr [-Attribute4FriendlyName ] [-Attribute4Format ( URI | Basic )]] [-Attribute5 -Attribute5Expr [-Attribute5FriendlyName ] [-Attribute5Format ( URI | Basic )]] [-Attribute6 -Attribute6Expr [-Attribute6FriendlyName ] [-Attribute6Format ( URI | Basic )]] [-Attribute7 -Attribute7Expr [-Attribute7FriendlyName ] [-Attribute7Format ( URI | Basic )]] [-Attribute8 -Attribute8Expr [-Attribute8FriendlyName ] [-Attribute8Format ( URI | Basic )]] [-Attribute9 -Attribute9Expr [-Attribute9FriendlyName ] [-Attribute9Format ( URI | Basic )]] [-Attribute10 -Attribute10Expr [-Attribute10FriendlyName ] [-Attribute10Format ( URI | Basic )]] [-Attribute11 -Attribute11Expr [-Attribute11FriendlyName ] [-Attribute11Format ( URI | Basic )]] [-Attribute12 -Attribute12Expr [-Attribute12FriendlyName ] [-Attribute12Format ( URI | Basic )]] [-Attribute13 -Attribute13Expr [-Attribute13FriendlyName ] [-Attribute13Format ( URI | Basic )]] [-Attribute14 -Attribute14Expr [-Attribute14FriendlyName ] [-Attribute14Format ( URI | Basic )]] [-Attribute15 -Attribute15Expr [-Attribute15FriendlyName ] [-Attribute15Format ( URI | Basic )]] [-Attribute16 -Attribute16Expr [-Attribute16FriendlyName ] [-Attribute16Format ( URI | Basic )]] [-encryptionAlgorithm ] [-samlBinding ] [-skewTime ] [-serviceProviderID ] [-signAssertion ] [-SPLogoutUrl ] [-logoutBinding ( REDIRECT | POST )] [-defaultAuthenticationGroup ] [-signatureService ] [-samlSigningCertVersion ] [-samlSPCertVersion ] [-acsUrlRule ]

Arguments

name Name for the new saml single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').

samlSPCertName Name of the SSL certificate of SAML Relying Party. This certificate is used to verify signature of the incoming AuthnRequest from a Relying Party or Service Provider

samlIdPCertName Name of the certificate used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication

assertionConsumerServiceURL URL to which the assertion is to be sent.

samlIssuerName The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.

rejectUnsignedRequests Option to Reject unsigned SAML Requests. ON option denies any authentication requests that arrive without signature.

Possible values: ON, OFF Default value: ON

signatureAlg Algorithm to be used to sign/verify SAML transactions

Possible values: RSA-SHA1, RSA-SHA256 Default value: RSA-SHA256

digestMethod Algorithm to be used to compute/verify digest for SAML transactions

Possible values: SHA1, SHA256 Default value: SHA256

audience Audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider

NameIDFormat Format of Name Identifier sent in Assertion.

Possible values: Unspecified, emailAddress, X509SubjectName, WindowsDomainQualifiedName, kerberos, entity, persistent, transient Default value: transient

NameIDExpr Expression that will be evaluated to obtain NameIdentifier to be sent in assertion

Attribute1 Name of attribute1 that needs to be sent in SAML Assertion

Attribute1Expr Expression that will be evaluated to obtain attribute1's value to be sent in Assertion

Attribute1FriendlyName User-Friendly Name of attribute1 that needs to be sent in SAML Assertion

Attribute1Format Format of Attribute1 to be sent in Assertion.

Possible values: URI, Basic

Attribute2 Name of attribute2 that needs to be sent in SAML Assertion

Attribute2Expr Expression that will be evaluated to obtain attribute2's value to be sent in Assertion

Attribute2FriendlyName User-Friendly Name of attribute2 that needs to be sent in SAML Assertion

Attribute2Format Format of Attribute2 to be sent in Assertion.

Possible values: URI, Basic

Attribute3 Name of attribute3 that needs to be sent in SAML Assertion

Attribute3Expr Expression that will be evaluated to obtain attribute3's value to be sent in Assertion

Attribute3FriendlyName User-Friendly Name of attribute3 that needs to be sent in SAML Assertion

Attribute3Format Format of Attribute3 to be sent in Assertion.

Possible values: URI, Basic

Attribute4 Name of attribute4 that needs to be sent in SAML Assertion

Attribute4Expr Expression that will be evaluated to obtain attribute4's value to be sent in Assertion

Attribute4FriendlyName User-Friendly Name of attribute4 that needs to be sent in SAML Assertion

Attribute4Format Format of Attribute4 to be sent in Assertion.

Possible values: URI, Basic

Attribute5 Name of attribute5 that needs to be sent in SAML Assertion

Attribute5Expr Expression that will be evaluated to obtain attribute5's value to be sent in Assertion

Attribute5FriendlyName User-Friendly Name of attribute5 that needs to be sent in SAML Assertion

Attribute5Format Format of Attribute5 to be sent in Assertion.

Possible values: URI, Basic

Attribute6 Name of attribute6 that needs to be sent in SAML Assertion

Attribute6Expr Expression that will be evaluated to obtain attribute6's value to be sent in Assertion

Attribute6FriendlyName User-Friendly Name of attribute6 that needs to be sent in SAML Assertion

Attribute6Format Format of Attribute6 to be sent in Assertion.

Possible values: URI, Basic

Attribute7 Name of attribute7 that needs to be sent in SAML Assertion

Attribute7Expr Expression that will be evaluated to obtain attribute7's value to be sent in Assertion

Attribute7FriendlyName User-Friendly Name of attribute7 that needs to be sent in SAML Assertion

Attribute7Format Format of Attribute7 to be sent in Assertion.

Possible values: URI, Basic

Attribute8 Name of attribute8 that needs to be sent in SAML Assertion

Attribute8Expr Expression that will be evaluated to obtain attribute8's value to be sent in Assertion

Attribute8FriendlyName User-Friendly Name of attribute8 that needs to be sent in SAML Assertion

Attribute8Format Format of Attribute8 to be sent in Assertion.

Possible values: URI, Basic

Attribute9 Name of attribute9 that needs to be sent in SAML Assertion

Attribute9Expr Expression that will be evaluated to obtain attribute9's value to be sent in Assertion

Attribute9FriendlyName User-Friendly Name of attribute9 that needs to be sent in SAML Assertion

Attribute9Format Format of Attribute9 to be sent in Assertion.

Possible values: URI, Basic

Attribute10 Name of attribute10 that needs to be sent in SAML Assertion

Attribute10Expr Expression that will be evaluated to obtain attribute10's value to be sent in Assertion

Attribute10FriendlyName User-Friendly Name of attribute10 that needs to be sent in SAML Assertion

Attribute10Format Format of Attribute10 to be sent in Assertion.

Possible values: URI, Basic

Attribute11 Name of attribute11 that needs to be sent in SAML Assertion

Attribute11Expr Expression that will be evaluated to obtain attribute11's value to be sent in Assertion

Attribute11FriendlyName User-Friendly Name of attribute11 that needs to be sent in SAML Assertion

Attribute11Format Format of Attribute11 to be sent in Assertion.

Possible values: URI, Basic

Attribute12 Name of attribute12 that needs to be sent in SAML Assertion

Attribute12Expr Expression that will be evaluated to obtain attribute12's value to be sent in Assertion

Attribute12FriendlyName User-Friendly Name of attribute12 that needs to be sent in SAML Assertion

Attribute12Format Format of Attribute12 to be sent in Assertion.

Possible values: URI, Basic

Attribute13 Name of attribute13 that needs to be sent in SAML Assertion

Attribute13Expr Expression that will be evaluated to obtain attribute13's value to be sent in Assertion

Attribute13FriendlyName User-Friendly Name of attribute13 that needs to be sent in SAML Assertion

Attribute13Format Format of Attribute13 to be sent in Assertion.

Possible values: URI, Basic

Attribute14 Name of attribute14 that needs to be sent in SAML Assertion

Attribute14Expr Expression that will be evaluated to obtain attribute14's value to be sent in Assertion

Attribute14FriendlyName User-Friendly Name of attribute14 that needs to be sent in SAML Assertion

Attribute14Format Format of Attribute14 to be sent in Assertion.

Possible values: URI, Basic

Attribute15 Name of attribute15 that needs to be sent in SAML Assertion

Attribute15Expr Expression that will be evaluated to obtain attribute15's value to be sent in Assertion

Attribute15FriendlyName User-Friendly Name of attribute15 that needs to be sent in SAML Assertion

Attribute15Format Format of Attribute15 to be sent in Assertion.

Possible values: URI, Basic

Attribute16 Name of attribute16 that needs to be sent in SAML Assertion

Attribute16Expr Expression that will be evaluated to obtain attribute16's value to be sent in Assertion

Attribute16FriendlyName User-Friendly Name of attribute16 that needs to be sent in SAML Assertion

Attribute16Format Format of Attribute16 to be sent in Assertion.

Possible values: URI, Basic

encryptAssertion Option to encrypt assertion when Citrix ADC IDP sends one.

Possible values: ON, OFF Default value: OFF

encryptionAlgorithm Algorithm to be used to encrypt SAML assertion

Possible values: DES3, AES128, AES192, AES256 Default value: AES256

samlBinding This element specifies the transport mechanism of saml messages.

Possible values: REDIRECT, POST, ARTIFACT Default value: POST

skewTime This option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5

serviceProviderID Unique identifier of the Service Provider that sends SAML Request. Citrix ADC will ensure that the Issuer of the SAML Request matches this URI. In case of SP initiated sign-in scenarios, this value must be same as samlIssuerName configured in samlAction.

signAssertion Option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed

Possible values: NONE, ASSERTION, RESPONSE, BOTH Default value: ASSERTION

keyTransportAlg Key transport algorithm to be used in encryption of SAML assertion

Possible values: RSA-V1_5, RSA_OAEP Default value: RSA_OAEP

SPLogoutUrl Endpoint on the ServiceProvider (SP) to which logout messages are to be sent

logoutBinding This element specifies the transport mechanism of saml logout messages.

Possible values: REDIRECT, POST Default value: POST

defaultAuthenticationGroup This group will be part of AAA session's internal group list. This will be helpful to admin in Nfactor flow to decide right AAA configuration for Relaying Party. In authentication policy AAA.USER.IS_MEMBER_OF("") is way to use this feature.

metadataUrl This URL is used for obtaining samlidp metadata

metadataRefreshInterval Interval in minute for fetching metadata from specified metadata URL Default value: 3600 Minimum value: 0

signatureService Name of the service in cloud used to sign the data

samlSigningCertVersion version of the certificate in signature service used to sign the SAMLResposne that is sent to Relying Party or Service Provider after successful authentication

samlSPCertVersion version of the certificate in signature service used to verify the signature of the incoming AuthnRequest from a Relying Party or Service Provider

acsUrlRule Expression that will be evaluated to allow Assertion Consumer Service URI coming in the SAML Request

Was this article helpful?