authentication-OAuthIDPProfile¶
The following operations can be performed on "authentication-OAuthIDPProfile":
add authentication OAuthIDPProfile¶
Creates a OAuth IdP profile. This profile is used in verifying incoming authentication request from Reousece Server, and sending token.
Synopsis¶
add authentication OAuthIDPProfile <name> [-clientID <string>] [-clientSecret ] [-redirectURL <URL>] [-issuer <string>] [-configservice <string>] [-audience <string>] [-skewTime <mins>] [-defaultAuthenticationGroup <string>] [-relyingPartyMetadataURL <URL>] [-refreshInterval <positive_integer>] [-encryptToken ( ON | OFF )] [-signatureService <string>] [-signatureAlg ( RS256 | RS512 )] [-Attributes <string>] [-sendPassword ( ON | OFF )]
Arguments¶
name
Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
clientID
Unique identity of the relying party requesting for authentication.
clientSecret
Unique secret string to authorize relying party at authorization server.
redirectURL
URL endpoint on relying party to which the OAuth token is to be sent.
issuer
The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
configservice
Name of the entity that is used to obtain configuration for the current authentication request. It is used only in Citrix Cloud.
audience
Audience for which token is being sent by Citrix ADC IdP. This is typically entity name or url that represents the recipient
skewTime
This option specifies the duration for which the token sent by Citrix ADC IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
defaultAuthenticationGroup
This is the group that is added to user sessions that match current IdP policy. It can be used in policies to identify relying party trust.
relyingPartyMetadataURL
This is the endpoint at which Citrix ADC IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).
refreshInterval
Interval at which Relying Party metadata is refreshed. Default value: 50 Minimum value: 0
encryptToken
Option to encrypt token when Citrix ADC IDP sends one.
Possible values: ON, OFF Default value: OFF
signatureService
Name of the service in cloud used to sign the data. This is applicable only if signature if offloaded to cloud.
signatureAlg
Algorithm to be used to sign OpenID tokens.
Possible values: RS256, RS512 Default value: RS256
Attributes
Name-Value pairs of attributes to be inserted in idtoken. Configuration format is name=value_expr@@@name2=value2_expr@@@. '@@@' is used as delimiter between Name-Value pairs. name is a literal string whose value is 127 characters and does not contain '=' character. Value is advanced policy expression terminated by @@@ delimiter. Last value need not contain the delimiter.
sendPassword
Option to send encrypted password in idtoken.
Possible values: ON, OFF Default value: OFF
rm authentication OAuthIDPProfile¶
Deletes an existing OAuth IdP profile.
Synopsis¶
rm authentication OAuthIDPProfile <name>
Arguments¶
name
Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
set authentication OAuthIDPProfile¶
Modifies the specified attributes of a OAuth IdP profile.
Synopsis¶
set authentication OAuthIDPProfile <name> [-clientID <string>] [-clientSecret ] [-redirectURL <URL>] [-issuer <string>] [-configservice <string>] [-audience <string>] [-skewTime <mins>] [-defaultAuthenticationGroup <string>] [-relyingPartyMetadataURL <URL>] [-refreshInterval <positive_integer>] [-encryptToken ( ON | OFF )] [-signatureService <string>] [-signatureAlg ( RS256 | RS512 )] [-Attributes <string>] [-sendPassword ( ON | OFF )]
Arguments¶
name
Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
clientID
Unique identity of the relying party requesting for authentication.
clientSecret
Unique secret string to authorize relying party at authorization server.
redirectURL
URL endpoint on relying party to which the OAuth token is to be sent.
issuer
The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
configservice
Name of the entity that is used to obtain configuration for the current authentication request. It is used only in Citrix Cloud.
audience
Audience for which token is being sent by Citrix ADC IdP. This is typically entity name or url that represents the recipient
skewTime
This option specifies the duration for which the token sent by Citrix ADC IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all. Default value: 5
defaultAuthenticationGroup
This is the group that is added to user sessions that match current IdP policy. It can be used in policies to identify relying party trust.
relyingPartyMetadataURL
This is the endpoint at which Citrix ADC IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).
refreshInterval
Interval at which Relying Party metadata is refreshed. Default value: 50 Minimum value: 0
encryptToken
Option to encrypt token when Citrix ADC IDP sends one.
Possible values: ON, OFF Default value: OFF
signatureService
Name of the service in cloud used to sign the data. This is applicable only if signature if offloaded to cloud.
signatureAlg
Algorithm to be used to sign OpenID tokens.
Possible values: RS256, RS512 Default value: RS256
Attributes
Name-Value pairs of attributes to be inserted in idtoken. Configuration format is name=value_expr@@@name2=value2_expr@@@. '@@@' is used as delimiter between Name-Value pairs. name is a literal string whose value is 127 characters and does not contain '=' character. Value is advanced policy expression terminated by @@@ delimiter. Last value need not contain the delimiter.
sendPassword
Option to send encrypted password in idtoken.
Possible values: ON, OFF Default value: OFF
unset authentication OAuthIDPProfile¶
Use this command to remove authentication OAuthIDPProfile settings.Refer to the set authentication OAuthIDPProfile command for meanings of the arguments.
Synopsis¶
unset authentication OAuthIDPProfile <name> [-issuer] [-configservice] [-audience] [-skewTime] [-defaultAuthenticationGroup] [-relyingPartyMetadataURL] [-refreshInterval] [-encryptToken] [-signatureService] [-signatureAlg] [-Attributes] [-sendPassword]
show authentication OAuthIDPProfile¶
Displays information about all configured OAuth IdP profiles, or displays detailed information about the specified action.
Synopsis¶
show authentication OAuthIDPProfile [<name>]
Arguments¶
name
Name for the new OAuth Identity Provider (IdP) single sign-on profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after an action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
Output¶
clientID
Unique identity of the relying party requesting for authentication.
clientSecret
Unique secret string to authorize relying party at authorization server.
redirectURL
URL endpoint on relying party to which the OAuth token is to be sent.
issuer
The name to be used in requests sent fromCitrix ADC to IdP to uniquely identify Citrix ADC.
configservice
Name of the entity that is used to obtain configuration for the current authentication request. It is used only in Citrix Cloud.
audience
Audience for which token is being sent by Citrix ADC IdP. This is typically entity name or url that represents the recipient
skewTime
This option specifies the duration for which the token sent by Citrix ADC IdP is valid. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.
defaultAuthenticationGroup
This is the group that is added to user sessions that match current IdP policy. It can be used in policies to identify relying party trust.
relyingPartyMetadataURL
This is the endpoint at which Citrix ADC IdP can get details about Relying Party (RP) being configured. Metadata response should include endpoints for jwks_uri for RP public key(s).
refreshInterval
Interval at which Relying Party metadata is refreshed.
encryptToken
Option to encrypt token when Citrix ADC IDP sends one.
signatureService
Name of the service in cloud used to sign the data. This is applicable only if signature if offloaded to cloud.
signatureAlg
Algorithm to be used to sign OpenID tokens.
OAuthStatus
Describes status information of oauth idp metadata fetch process.
Attributes
Name-Value pairs of attributes to be inserted in idtoken. Configuration format is name=value_expr@@@name2=value2_expr@@@. '@@@' is used as delimiter between Name-Value pairs. name is a literal string whose value is 127 characters and does not contain '=' character. Value is advanced policy expression terminated by @@@ delimiter. Last value need not contain the delimiter.
sendPassword
Option to send encrypted password in idtoken.
devno
count
stateflag