Skip to content
Was this article helpful?

aaa-parameter

The following operations can be performed on "aaa-parameter":

set| unset| show|

set aaa parameter

Sets the global AAA configuration. Any configuration settings made at this level overrides configuration settings for the authentication server.

Synopsis

set aaa parameter [-enableStaticPageCaching ( YES | NO )] [-enableEnhancedAuthFeedback ( YES | NO )] [-defaultAuthType <defaultAuthType>] [-maxAAAUsers <positive_integer>] [-maxLoginAttempts <positive_integer> [-failedLoginTimeout <mins>]] [-aaadnatIp <ip_addr|*>] [-enableSessionStickiness ( YES | NO )] [-aaaSessionLoglevel <aaaSessionLoglevel>] [-aaadLoglevel <aaadLoglevel>] [-dynAddr ( ON | OFF )] [-ftMode <ftMode>] [-maxSamlDeflateSize <positive_integer>] [-persistentLoginAttempts ( ENABLED | DISABLED )] [-pwdExpiryNotificationDays <positive_integer>] [-maxKBQuestions <positive_integer>] [-loginEncryption ( ENABLED | DISABLED )] [-SameSite <SameSite>]

Arguments

enableStaticPageCaching

The default state of VPN Static Page caching. If nothing is specified, the default value is set to YES.

Possible values: YES, NO Default value: YES

enableEnhancedAuthFeedback

Enhanced auth feedback provides more information to the end user about the reason for an authentication failure. The default value is set to NO.

Possible values: YES, NO Default value: NO

defaultAuthType

The default authentication server type.

Possible values: LOCAL, LDAP, RADIUS, TACACS, CERT Default value: LOCAL

maxAAAUsers

Maximum number of concurrent users allowed to log on to VPN simultaneously. Minimum value: 1

maxLoginAttempts

Maximum Number of login Attempts Minimum value: 1

failedLoginTimeout

Number of minutes an account will be locked if user exceeds maximum permissible attempts Minimum value: 1

aaadnatIp

Source IP address to use for traffic that is sent to the authentication server.

enableSessionStickiness

Enables/Disables stickiness to authentication servers

Possible values: YES, NO Default value: NO

aaaSessionLoglevel

Audit log level, which specifies the types of events to log for cli executed commands. Available values function as follows: * EMERGENCY - Events that indicate an immediate crisis on the server. * ALERT - Events that might require action. * CRITICAL - Events that indicate an imminent server crisis. * ERROR - Events that indicate some type of error. * WARNING - Events that require action in the near future. * NOTICE - Events that the administrator should know about. * INFORMATIONAL - All but low-level events. * DEBUG - All events, in extreme detail.

Possible values: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, DEBUG Default value: DEFAULT_LOGLEVEL_AAA

aaadLoglevel

AAAD log level, which specifies the types of AAAD events to log in nsvpn.log. Available values function as follows: * EMERGENCY - Events that indicate an immediate crisis on the server. * ALERT - Events that might require action. * CRITICAL - Events that indicate an imminent server crisis. * ERROR - Events that indicate some type of error. * WARNING - Events that require action in the near future. * NOTICE - Events that the administrator should know about. * INFORMATIONAL - All but low-level events. * DEBUG - All events, in extreme detail.

Possible values: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, DEBUG Default value: INFORMATIONAL

dynAddr

Set by the DHCP client when the IP address was fetched dynamically.

Possible values: ON, OFF Default value: OFF

ftMode

First time user mode determines which configuration options are shown by default when logging in to the GUI. This setting is controlled by the GUI.

Possible values: ON, HA, OFF Default value: ON

maxSamlDeflateSize

This will set the maximum deflate size in case of SAML Redirect binding. Minimum value: 0

persistentLoginAttempts

Persistent storage of unsuccessful user login attempts

Possible values: ENABLED, DISABLED Default value: DISABLED

pwdExpiryNotificationDays

This will set the threshold time in days for password expiry notification. Default value is 0, which means no notification is sent Minimum value: 0

maxKBQuestions

This will set maximum number of Questions to be asked for KB Validation. Default value is 2, Max Value is 6 Minimum value: 2 Maximum value: 6

loginEncryption

Parameter to encrypt login information for nFactor flow

Possible values: ENABLED, DISABLED Default value: DISABLED

SameSite

SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite

Possible values: None, LAX, STRICT

Example

set aaa parameter -defaultAuthType RADIUS -maxAAAUSers 100

unset aaa parameter

Resets the global AAA parameter settings on the Citrix ADC. Attributes for which a default value is available revert to their default values. See the set aaa parameter command for descriptions of the parameters..Refer to the set aaa parameter command for meanings of the arguments.

Synopsis

unset aaa parameter [-enableStaticPageCaching] [-enableEnhancedAuthFeedback] [-defaultAuthType] [-maxAAAUsers] [-aaadnatIp] [-maxLoginAttempts] [-enableSessionStickiness] [-maxSamlDeflateSize] [-persistentLoginAttempts] [-pwdExpiryNotificationDays] [-maxKBQuestions] [-aaaSessionLoglevel] [-aaadLoglevel] [-dynAddr] [-ftMode] [-loginEncryption] [-SameSite]

show aaa parameter

Displays the current AAA global configuration.

Synopsis

show aaa parameter

Arguments

Output

enableStaticPageCaching

Indicates if static page caching is enabled or not.

enableEnhancedAuthFeedback

Indicates whether enhanced auth feedback is enabled or not.

defaultAuthType

The default authentication server type.

maxAAAUsers

The maximum number of concurrent users allowed to log into the system at any time.

aaadnatIp

The natIp to be used for the AAA traffic

maxLoginAttempts

Maximum Number of login Attempts

failedLoginTimeout

Number of minutes an account will be locked if user exceeds maximum permissible attempts

enableSessionStickiness

Enables/Disables stickiness to authentication servers

aaaSessionLoglevel

Audit log level, which specifies the types of events to log for cli executed commands. Available values function as follows: * EMERGENCY - Events that indicate an immediate crisis on the server. * ALERT - Events that might require action. * CRITICAL - Events that indicate an imminent server crisis. * ERROR - Events that indicate some type of error. * WARNING - Events that require action in the near future. * NOTICE - Events that the administrator should know about. * INFORMATIONAL - All but low-level events. * DEBUG - All events, in extreme detail.

aaadLoglevel

AAAD log level, which specifies the types of AAAD events to log in nsvpn.log. Available values function as follows: * EMERGENCY - Events that indicate an immediate crisis on the server. * ALERT - Events that might require action. * CRITICAL - Events that indicate an imminent server crisis. * ERROR - Events that indicate some type of error. * WARNING - Events that require action in the near future. * NOTICE - Events that the administrator should know about. * INFORMATIONAL - All but low-level events. * DEBUG - All events, in extreme detail.

dynAddr

Set by the DHCP client when the IP address was fetched dynamically.

ftMode

First time user mode determines which configuration options are shown by default when logging in to the GUI. This setting is controlled by the GUI.

maxSamlDeflateSize

This will set the maximum deflate size in case of SAML Redirect binding.

persistentLoginAttempts

Persistent storage of unsuccessful user login attempts

pwdExpiryNotificationDays

This will set the threshold time in days for password expiry notification. Default value is 0, which means no notification is sent

maxKBQuestions

This will set maximum number of Questions to be asked for KB Validation. Default value is 2, Max Value is 6

builtin

Flag to determine if aaa param is built-in or not

feature

The feature to be checked while applying this config

loginEncryption

Parameter to encrypt login information for nFactor flow

SameSite

SameSite attribute value for Cookies generated in AAATM context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite

Example

show aaa parameter Configured AAA parameters DefaultAuthType: LDAP MaxAAAUsers: 5 Done

Was this article helpful?