authentication OAuthAction¶
The following operations can be performed on "authentication OAuthAction":
add authentication OAuthAction¶
Adds an action to be used for OAuth authentication.
Synopsys¶
add authentication OAuthAction <name> [-OAuthType <OAuthType>] [-authorizationEndpoint <URL>] [-tokenEndpoint <URL>] [-idtokenDecryptEndpoint <URL>] -clientID <string> -clientSecret [-defaultAuthenticationGroup <string>] [-Attribute1 <string>] [-Attribute2 <string>] [-Attribute3 <string>] [-Attribute4 <string>] [-Attribute5 <string>] [-Attribute6 <string>] [-Attribute7 <string>] [-Attribute8 <string>] [-Attribute9 <string>] [-Attribute10 <string>] [-Attribute11 <string>] [-Attribute12 <string>] [-Attribute13 <string>] [-Attribute14 <string>] [-Attribute15 <string>] [-Attribute16 <string>] [-tenantID <string>] [-GraphEndpoint <string>] [-refreshInterval <positive_integer>] [-CertEndpoint <string>] [-audience <string>] [-userNameField <string>] [-skewTime <mins>] [-issuer <string>] [-UserInfoURL <URL>] [-CertFilePath <string>] [-grantType ( CODE | PASSWORD )] [-authentication ( ENABLED | DISABLED )]
Arguments¶
name
Name for the OAuth Authentication action.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the profile is created.
The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication action" or 'my authentication action').
OAuthType
Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.
Possible values: GENERIC, INTUNE, ATHENA
Default value: GENERIC
authorizationEndpoint
Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction
tokenEndpoint
URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint
URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured
clientID
Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret
Secret string established by user and authorization server
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1
Attribute2
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2
Attribute3
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3
Attribute4
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4
Attribute5
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5
Attribute6
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6
Attribute7
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7
Attribute8
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8
Attribute9
be extracted from OAuth Token and to be stored in the attribute9
Attribute10
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10
Attribute11
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11
Attribute12
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12
Attribute13
be extracted from OAuth Token and to be stored in the attribute13
Attribute14
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14
Attribute15
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15
Attribute16
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16
tenantID
TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.
GraphEndpoint
URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.
refreshInterval
Interval at which services are monitored for necessary configuration.
Default value: 1440
Minimum value: 0
CertEndpoint
URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
audience
Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient
userNameField
Attribute in the token from which username should be extracted.
skewTime
This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
Default value: 5
issuer
Identity of the server whose tokens are to be accepted.
UserInfoURL
URL to which OAuth access token will be posted to obtain user information.
CertFilePath
Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
grantType
Grant type support. value can be code or password
Possible values: CODE, PASSWORD
Default value: CODE
authentication
If authentication is disabled, password is not sent in the request.
Possible values: ENABLED, DISABLED
Default value: ENABLED
Example¶
add authentication oauthAction a -authorizationEndpoint https://google.com/ -tokenEndpoint https://google.com/ -clientiD sadf -clientsecret df
rm authentication OAuthAction¶
Removes a OAuth authentication action. You cannot remove an action that is used in any part of a policy.
Synopsys¶
rm authentication OAuthAction <name>
Arguments¶
name
Name of the OAuth authentication action to remove.
Example¶
rm authentication OAuthAction a1
set authentication OAuthAction¶
Modifies the attributes of an existing OAuth authentication action.
Synopsys¶
set authentication OAuthAction <name> [-OAuthType <OAuthType>] [-authorizationEndpoint <URL>] [-tokenEndpoint <URL>] [-idtokenDecryptEndpoint <URL>] [-clientID <string>] [-clientSecret ] [-defaultAuthenticationGroup <string>] [-Attribute1 <string>] [-Attribute2 <string>] [-Attribute3 <string>] [-Attribute4 <string>] [-Attribute5 <string>] [-Attribute6 <string>] [-Attribute7 <string>] [-Attribute8 <string>] [-Attribute9 <string>] [-Attribute10 <string>] [-Attribute11 <string>] [-Attribute12 <string>] [-Attribute13 <string>] [-Attribute14 <string>] [-Attribute15 <string>] [-Attribute16 <string>] [-tenantID <string>] [-GraphEndpoint <string>] [-refreshInterval <positive_integer>] [-CertEndpoint <string>] [-audience <string>] [-userNameField <string>] [-skewTime <mins>] [-issuer <string>] [-UserInfoURL <URL>] [-CertFilePath <string>] [-grantType ( CODE | PASSWORD )] [-authentication ( ENABLED | DISABLED )]
Arguments¶
name
Name of the action to configure.
OAuthType
Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.
Possible values: GENERIC, INTUNE, ATHENA
Default value: GENERIC
authorizationEndpoint
Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction
tokenEndpoint
URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint
URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured
clientID
Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret
Secret string established by user and authorization server
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1
Attribute2
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2
Attribute3
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3
Attribute4
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4
Attribute5
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5
Attribute6
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6
Attribute7
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7
Attribute8
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8
Attribute9
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9
Attribute10
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10
Attribute11
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11
Attribute12
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12
Attribute13
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13
Attribute14
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14
Attribute15
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15
Attribute16
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16
tenantID
TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.
GraphEndpoint
URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.
refreshInterval
Interval at which services are monitored for necessary configuration.
Default value: 1440
Minimum value: 0
CertEndpoint
URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
audience
Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient
userNameField
Attribute in the token from which username should be extracted.
skewTime
This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
Default value: 5
issuer
Identity of the server whose tokens are to be accepted.
UserInfoURL
URL to which OAuth access token will be posted to obtain user information.
CertFilePath
Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
grantType
Grant type support. value can be code or password
Possible values: CODE, PASSWORD
Default value: CODE
authentication
If authentication is disabled, password is not sent in the request.
Possible values: ENABLED, DISABLED
Default value: ENABLED
Example¶
set authentication OAuthAction a1 -ClientID someid123 -clientSecret somesecret
unset authentication OAuthAction¶
Use this command to remove authentication OAuthAction settings.Refer to the set authentication OAuthAction command for meanings of the arguments.
Synopsys¶
unset authentication OAuthAction <name> [-OAuthType] [-idtokenDecryptEndpoint] [-defaultAuthenticationGroup] [-Attribute1] [-Attribute2] [-Attribute3] [-Attribute4] [-Attribute5] [-Attribute6] [-Attribute7] [-Attribute8] [-Attribute9] [-Attribute10] [-Attribute11] [-Attribute12] [-Attribute13] [-Attribute14] [-Attribute15] [-Attribute16] [-GraphEndpoint] [-refreshInterval] [-CertEndpoint] [-audience] [-userNameField] [-skewTime] [-issuer] [-UserInfoURL] [-CertFilePath] [-authentication]
show authentication OAuthAction¶
Displays information about the configured OAuth authentication action.
Synopsys¶
show authentication OAuthAction [<name>]
Arguments¶
name
Name of the OAuth authentication action to display. If a name is not provided, information about all actions is shown.
Outputs¶
stateflag
authorizationEndpoint
Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction
tokenEndpoint
URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured
idtokenDecryptEndpoint
URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured
clientID
Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID
clientSecret
Secret string established by user and authorization server
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Attribute1
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1
Attribute2
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2
Attribute3
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3
Attribute4
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4
Attribute5
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5
Attribute6
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6
Attribute7
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7
Attribute8
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8
Attribute9
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9
Attribute10
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10
Attribute11
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11
Attribute12
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12
Attribute13
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13
Attribute14
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14
Attribute15
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15
Attribute16
Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16
tenantID
TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.
GraphEndpoint
URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.
refreshInterval
Interval at which services are monitored for necessary configuration.
CertEndpoint
URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
OAuthType
Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments.
audience
Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient
userNameField
Attribute in the token from which username should be extracted.
skewTime
This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
issuer
Identity of the server whose tokens are to be accepted.
OAuthStatus
Describes status information of oauth server.
UserInfoURL
URL to which OAuth access token will be posted to obtain user information.
CertFilePath
Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.
grantType
Grant type support. value can be code or password
authentication
If authentication is disabled, password is not sent in the request.
devno
count
Example¶
show authentication OAuthAction a1