Avi AuthProfile Object API

CLI ``` - configure authprofile - show authprofile ```
More information: https://avinetworks.com/contact-us
Contact Info: support@avinetworks.com
Version: 22.1.5
All rights reserved


  1. HTTP Basic Authentication


[ Jump to Models ]

Table of Contents

  1. get /authprofile
  2. post /authprofile
  3. delete /authprofile/{uuid}
  4. get /authprofile/{uuid}
  5. patch /authprofile/{uuid}
  6. put /authprofile/{uuid}
get /authprofile


This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type


Example data

Content-Type: application/json
  "next" : "aeiou",
  "count" : 123,
  "results" : [ {
    "description" : "aeiou",
    "pa_agent_ref" : "aeiou",
    "type" : "aeiou",
    "tacacs_plus" : {
      "authorization_attrs" : [ {
        "name" : "aeiou",
        "mandatory" : true,
        "value" : "aeiou"
      } ],
      "server" : [ "aeiou" ],
      "password" : "aeiou",
      "port" : 123,
      "service" : "aeiou"
    "uuid" : "aeiou",
    "url" : "aeiou",
    "_last_modified" : "aeiou",
    "ldap" : {
      "server" : [ "aeiou" ],
      "settings" : {
        "admin_bind_dn" : "aeiou",
        "group_member_is_full_dn" : true,
        "password" : "aeiou",
        "group_filter" : "aeiou",
        "user_id_attribute" : "aeiou",
        "user_search_dn" : "aeiou",
        "group_search_dn" : "aeiou",
        "ignore_referrals" : true,
        "user_attributes" : [ "aeiou" ],
        "group_member_attribute" : "aeiou",
        "group_search_scope" : "aeiou",
        "user_search_scope" : "aeiou"
      "base_dn" : "aeiou",
      "port" : 123,
      "user_bind" : {
        "user_id_attribute" : "aeiou",
        "user_attributes" : [ "aeiou" ],
        "dn_template" : "aeiou",
        "token" : "aeiou"
      "security_mode" : "aeiou",
      "bind_as_administrator" : true,
      "email_attribute" : "aeiou",
      "full_name_attribute" : "aeiou"
    "oauth_profile" : {
      "pool_ref" : "aeiou",
      "oauth_resp_buffer_sz" : 123,
      "introspection_endpoint" : "aeiou",
      "jwks_uri" : "aeiou",
      "end_session_endpoint" : "aeiou",
      "jwks_timeout" : 123,
      "issuer" : "aeiou",
      "authorization_endpoint" : "aeiou",
      "token_endpoint" : "aeiou",
      "userinfo_endpoint" : "aeiou"
    "tenant_ref" : "aeiou",
    "name" : "aeiou",
    "saml" : {
      "idp" : {
        "metadata" : "aeiou"
      "sp" : {
        "org_url" : "aeiou",
        "sp_nodes" : [ {
          "signing_ssl_key_and_certificate_ref" : "aeiou",
          "name" : "aeiou",
          "entity_id" : "aeiou",
          "single_signon_url" : "aeiou"
        } ],
        "tech_contact_name" : "aeiou",
        "fqdn" : "aeiou",
        "saml_entity_type" : "aeiou",
        "org_display_name" : "aeiou",
        "org_name" : "aeiou",
        "tech_contact_email" : "aeiou"
    "configpb_attributes" : {
      "version" : 123
    "http" : {
      "cache_expiration_time" : 123,
      "request_header" : "aeiou",
      "require_user_groups" : [ "aeiou" ]
    "markers" : [ {
      "values" : [ "aeiou" ],
      "key" : "aeiou"
    } ],
    "jwt_profile_ref" : "aeiou"
  } ]


This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.



OK AuthProfileApiResponse


log in failed

post /authprofile


This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — AuthProfile object creation

Return type


Example data

Content-Type: application/json
  "description" : "aeiou",
  "pa_agent_ref" : "aeiou",
  "type" : "aeiou",
  "tacacs_plus" : {
    "authorization_attrs" : [ {
      "name" : "aeiou",
      "mandatory" : true,
      "value" : "aeiou"
    } ],
    "server" : [ "aeiou" ],
    "password" : "aeiou",
    "port" : 123,
    "service" : "aeiou"
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "ldap" : {
    "server" : [ "aeiou" ],
    "settings" : {
      "admin_bind_dn" : "aeiou",
      "group_member_is_full_dn" : true,
      "password" : "aeiou",
      "group_filter" : "aeiou",
      "user_id_attribute" : "aeiou",
      "user_search_dn" : "aeiou",
      "group_search_dn" : "aeiou",
      "ignore_referrals" : true,
      "user_attributes" : [ "aeiou" ],
      "group_member_attribute" : "aeiou",
      "group_search_scope" : "aeiou",
      "user_search_scope" : "aeiou"
    "base_dn" : "aeiou",
    "port" : 123,
    "user_bind" : {
      "user_id_attribute" : "aeiou",
      "user_attributes" : [ "aeiou" ],
      "dn_template" : "aeiou",
      "token" : "aeiou"
    "security_mode" : "aeiou",
    "bind_as_administrator" : true,
    "email_attribute" : "aeiou",
    "full_name_attribute" : "aeiou"
  "oauth_profile" : {
    "pool_ref" : "aeiou",
    "oauth_resp_buffer_sz" : 123,
    "introspection_endpoint" : "aeiou",
    "jwks_uri" : "aeiou",
    "end_session_endpoint" : "aeiou",
    "jwks_timeout" : 123,
    "issuer" : "aeiou",
    "authorization_endpoint" : "aeiou",
    "token_endpoint" : "aeiou",
    "userinfo_endpoint" : "aeiou"
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "saml" : {
    "idp" : {
      "metadata" : "aeiou"
    "sp" : {
      "org_url" : "aeiou",
      "sp_nodes" : [ {
        "signing_ssl_key_and_certificate_ref" : "aeiou",
        "name" : "aeiou",
        "entity_id" : "aeiou",
        "single_signon_url" : "aeiou"
      } ],
      "tech_contact_name" : "aeiou",
      "fqdn" : "aeiou",
      "saml_entity_type" : "aeiou",
      "org_display_name" : "aeiou",
      "org_name" : "aeiou",
      "tech_contact_email" : "aeiou"
  "configpb_attributes" : {
    "version" : 123
  "http" : {
    "cache_expiration_time" : 123,
    "request_header" : "aeiou",
    "require_user_groups" : [ "aeiou" ]
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "jwt_profile_ref" : "aeiou"


This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.



OK AuthProfile


log in failed

delete /authprofile/{uuid}

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch


This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name

Return type


Example data

Content-Type: application/json


This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.



object deleted String


not found

get /authprofile/{uuid}

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch


This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type


Example data

Content-Type: application/json
  "description" : "aeiou",
  "pa_agent_ref" : "aeiou",
  "type" : "aeiou",
  "tacacs_plus" : {
    "authorization_attrs" : [ {
      "name" : "aeiou",
      "mandatory" : true,
      "value" : "aeiou"
    } ],
    "server" : [ "aeiou" ],
    "password" : "aeiou",
    "port" : 123,
    "service" : "aeiou"
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "ldap" : {
    "server" : [ "aeiou" ],
    "settings" : {
      "admin_bind_dn" : "aeiou",
      "group_member_is_full_dn" : true,
      "password" : "aeiou",
      "group_filter" : "aeiou",
      "user_id_attribute" : "aeiou",
      "user_search_dn" : "aeiou",
      "group_search_dn" : "aeiou",
      "ignore_referrals" : true,
      "user_attributes" : [ "aeiou" ],
      "group_member_attribute" : "aeiou",
      "group_search_scope" : "aeiou",
      "user_search_scope" : "aeiou"
    "base_dn" : "aeiou",
    "port" : 123,
    "user_bind" : {
      "user_id_attribute" : "aeiou",
      "user_attributes" : [ "aeiou" ],
      "dn_template" : "aeiou",
      "token" : "aeiou"
    "security_mode" : "aeiou",
    "bind_as_administrator" : true,
    "email_attribute" : "aeiou",
    "full_name_attribute" : "aeiou"
  "oauth_profile" : {
    "pool_ref" : "aeiou",
    "oauth_resp_buffer_sz" : 123,
    "introspection_endpoint" : "aeiou",
    "jwks_uri" : "aeiou",
    "end_session_endpoint" : "aeiou",
    "jwks_timeout" : 123,
    "issuer" : "aeiou",
    "authorization_endpoint" : "aeiou",
    "token_endpoint" : "aeiou",
    "userinfo_endpoint" : "aeiou"
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "saml" : {
    "idp" : {
      "metadata" : "aeiou"
    "sp" : {
      "org_url" : "aeiou",
      "sp_nodes" : [ {
        "signing_ssl_key_and_certificate_ref" : "aeiou",
        "name" : "aeiou",
        "entity_id" : "aeiou",
        "single_signon_url" : "aeiou"
      } ],
      "tech_contact_name" : "aeiou",
      "fqdn" : "aeiou",
      "saml_entity_type" : "aeiou",
      "org_display_name" : "aeiou",
      "org_name" : "aeiou",
      "tech_contact_email" : "aeiou"
  "configpb_attributes" : {
    "version" : 123
  "http" : {
    "cache_expiration_time" : 123,
    "request_header" : "aeiou",
    "require_user_groups" : [ "aeiou" ]
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "jwt_profile_ref" : "aeiou"


This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.



OK AuthProfile


log in failed

patch /authprofile/{uuid}

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch


This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — AuthProfile object creation

Query parameters

name (optional)
Query Parameter — object name

Return type


Example data

Content-Type: application/json
  "description" : "aeiou",
  "pa_agent_ref" : "aeiou",
  "type" : "aeiou",
  "tacacs_plus" : {
    "authorization_attrs" : [ {
      "name" : "aeiou",
      "mandatory" : true,
      "value" : "aeiou"
    } ],
    "server" : [ "aeiou" ],
    "password" : "aeiou",
    "port" : 123,
    "service" : "aeiou"
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "ldap" : {
    "server" : [ "aeiou" ],
    "settings" : {
      "admin_bind_dn" : "aeiou",
      "group_member_is_full_dn" : true,
      "password" : "aeiou",
      "group_filter" : "aeiou",
      "user_id_attribute" : "aeiou",
      "user_search_dn" : "aeiou",
      "group_search_dn" : "aeiou",
      "ignore_referrals" : true,
      "user_attributes" : [ "aeiou" ],
      "group_member_attribute" : "aeiou",
      "group_search_scope" : "aeiou",
      "user_search_scope" : "aeiou"
    "base_dn" : "aeiou",
    "port" : 123,
    "user_bind" : {
      "user_id_attribute" : "aeiou",
      "user_attributes" : [ "aeiou" ],
      "dn_template" : "aeiou",
      "token" : "aeiou"
    "security_mode" : "aeiou",
    "bind_as_administrator" : true,
    "email_attribute" : "aeiou",
    "full_name_attribute" : "aeiou"
  "oauth_profile" : {
    "pool_ref" : "aeiou",
    "oauth_resp_buffer_sz" : 123,
    "introspection_endpoint" : "aeiou",
    "jwks_uri" : "aeiou",
    "end_session_endpoint" : "aeiou",
    "jwks_timeout" : 123,
    "issuer" : "aeiou",
    "authorization_endpoint" : "aeiou",
    "token_endpoint" : "aeiou",
    "userinfo_endpoint" : "aeiou"
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "saml" : {
    "idp" : {
      "metadata" : "aeiou"
    "sp" : {
      "org_url" : "aeiou",
      "sp_nodes" : [ {
        "signing_ssl_key_and_certificate_ref" : "aeiou",
        "name" : "aeiou",
        "entity_id" : "aeiou",
        "single_signon_url" : "aeiou"
      } ],
      "tech_contact_name" : "aeiou",
      "fqdn" : "aeiou",
      "saml_entity_type" : "aeiou",
      "org_display_name" : "aeiou",
      "org_name" : "aeiou",
      "tech_contact_email" : "aeiou"
  "configpb_attributes" : {
    "version" : 123
  "http" : {
    "cache_expiration_time" : 123,
    "request_header" : "aeiou",
    "require_user_groups" : [ "aeiou" ]
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "jwt_profile_ref" : "aeiou"


This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.



OK AuthProfile


log in failed

put /authprofile/{uuid}

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch


This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — AuthProfile object creation

Query parameters

name (optional)
Query Parameter — object name

Return type


Example data

Content-Type: application/json
  "description" : "aeiou",
  "pa_agent_ref" : "aeiou",
  "type" : "aeiou",
  "tacacs_plus" : {
    "authorization_attrs" : [ {
      "name" : "aeiou",
      "mandatory" : true,
      "value" : "aeiou"
    } ],
    "server" : [ "aeiou" ],
    "password" : "aeiou",
    "port" : 123,
    "service" : "aeiou"
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "ldap" : {
    "server" : [ "aeiou" ],
    "settings" : {
      "admin_bind_dn" : "aeiou",
      "group_member_is_full_dn" : true,
      "password" : "aeiou",
      "group_filter" : "aeiou",
      "user_id_attribute" : "aeiou",
      "user_search_dn" : "aeiou",
      "group_search_dn" : "aeiou",
      "ignore_referrals" : true,
      "user_attributes" : [ "aeiou" ],
      "group_member_attribute" : "aeiou",
      "group_search_scope" : "aeiou",
      "user_search_scope" : "aeiou"
    "base_dn" : "aeiou",
    "port" : 123,
    "user_bind" : {
      "user_id_attribute" : "aeiou",
      "user_attributes" : [ "aeiou" ],
      "dn_template" : "aeiou",
      "token" : "aeiou"
    "security_mode" : "aeiou",
    "bind_as_administrator" : true,
    "email_attribute" : "aeiou",
    "full_name_attribute" : "aeiou"
  "oauth_profile" : {
    "pool_ref" : "aeiou",
    "oauth_resp_buffer_sz" : 123,
    "introspection_endpoint" : "aeiou",
    "jwks_uri" : "aeiou",
    "end_session_endpoint" : "aeiou",
    "jwks_timeout" : 123,
    "issuer" : "aeiou",
    "authorization_endpoint" : "aeiou",
    "token_endpoint" : "aeiou",
    "userinfo_endpoint" : "aeiou"
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "saml" : {
    "idp" : {
      "metadata" : "aeiou"
    "sp" : {
      "org_url" : "aeiou",
      "sp_nodes" : [ {
        "signing_ssl_key_and_certificate_ref" : "aeiou",
        "name" : "aeiou",
        "entity_id" : "aeiou",
        "single_signon_url" : "aeiou"
      } ],
      "tech_contact_name" : "aeiou",
      "fqdn" : "aeiou",
      "saml_entity_type" : "aeiou",
      "org_display_name" : "aeiou",
      "org_name" : "aeiou",
      "tech_contact_email" : "aeiou"
  "configpb_attributes" : {
    "version" : 123
  "http" : {
    "cache_expiration_time" : 123,
    "request_header" : "aeiou",
    "require_user_groups" : [ "aeiou" ]
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "jwt_profile_ref" : "aeiou"


This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.



OK AuthProfile


log in failed



[ Jump to Methods ]

Table of Contents

  1. AuthProfile
  2. AuthProfileApiResponse
  3. AuthProfileHTTPClientParams
  4. AuthTacacsPlusAttributeValuePair
  5. ConfigPbAttributes
  6. LdapAuthSettings
  7. LdapDirectorySettings
  8. LdapUserBindSettings
  9. OAuthProfile
  10. RoleFilterMatchLabel
  11. SamlIdentityProviderSettings
  12. SamlServiceProviderNode
  13. SamlServiceProviderSettings
  14. SamlSettings
  15. TacacsPlusAuthSettings

AuthProfile Up

_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
configpb_attributes (optional)
ConfigPbAttributes Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
description (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
http (optional)
AuthProfileHTTPClientParams HTTP user authentication params. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
jwt_profile_ref (optional)
String JWTServerProfile to be used for authentication. It is a reference to an object of type JWTServerProfile. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
ldap (optional)
LdapAuthSettings LDAP server and directory settings. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.6. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
String Name of the Auth Profile. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
oauth_profile (optional)
OAuthProfile OAuth Profile - Common endpoint information. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
pa_agent_ref (optional)
String PingAccessAgent uuid. It is a reference to an object of type PingAccessAgent. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
saml (optional)
SamlSettings SAML settings. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tacacs_plus (optional)
TacacsPlusAuthSettings TACACS+ settings. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
tenant_ref (optional)
String It is a reference to an object of type Tenant. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
String Type of the Auth Profile. Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS, AUTH_PROFILE_JWT, AUTH_PROFILE_OAUTH. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
url (optional)
String url
uuid (optional)
String UUID of the Auth Profile. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

AuthProfileApiResponse Up

Integer format: int32
next (optional)

AuthProfileHTTPClientParams Up

cache_expiration_time (optional)
Integer The max allowed length of time a clients authentication is cached. Allowed values are 1-30. Unit is SEC. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
request_header (optional)
String Insert an HTTP header. This field is used to define the header name. The value of the header is set to the client's HTTP Auth user ID. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
require_user_groups (optional)
array[String] A user should be a member of these groups. Each group is defined by the DN. For example, CN=testgroup,OU=groups,dc=example,dc=avinetworks,DC=com. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

AuthTacacsPlusAttributeValuePair Up

mandatory (optional)
Boolean mandatory. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
name (optional)
String attribute name. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
value (optional)
String attribute value. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

ConfigPbAttributes Up

version (optional)
Integer Protobuf version number. Gets incremented if there is se Diff of federated diff in config pbs.This field will be a monotonically increasing number indicating the number of Config Update operations. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition. format: int32

LdapAuthSettings Up

base_dn (optional)
String The LDAP base DN. For example, avinetworks.com would be DC=avinetworks,DC=com. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
bind_as_administrator (optional)
Boolean LDAP administrator credentials are used to search for users and group memberships. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
email_attribute (optional)
String LDAP attribute that refers to user email. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
full_name_attribute (optional)
String LDAP attribute that refers to user's full name. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
port (optional)
Integer Query the LDAP servers on this port. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
security_mode (optional)
String LDAP connection security mode. Enum options - AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
server (optional)
array[String] LDAP server IP address or Hostname. Use IP address if an auth profile is used to configure Virtual Service. Minimum of 1 items required. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
settings (optional)
LdapDirectorySettings LDAP full directory configuration with administrator credentials. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_bind (optional)
LdapUserBindSettings LDAP anonymous bind configuration. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

LdapDirectorySettings Up

admin_bind_dn (optional)
String LDAP Admin User DN. Administrator credentials are required to search for users under user search DN or groups under group search DN. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_filter (optional)
String Group filter is used to identify groups during search. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_member_attribute (optional)
String LDAP group attribute that identifies each of the group members. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_member_is_full_dn (optional)
Boolean Group member entries contain full DNs instead of just user id attribute values. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_search_dn (optional)
String LDAP group search DN is the root of search for a given group in the LDAP directory. Only matching groups present in this LDAP directory sub-tree will be checked for user membership. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_search_scope (optional)
String LDAP group search scope defines how deep to search for the group starting from the group search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
ignore_referrals (optional)
Boolean During user or group search, ignore searching referrals. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
password (optional)
String LDAP Admin User Password. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_attributes (optional)
array[String] LDAP user attributes to fetch on a successful user bind. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_id_attribute (optional)
String LDAP user id attribute is the login attribute that uniquely identifies a single user record. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_search_dn (optional)
String LDAP user search DN is the root of search for a given user in the LDAP directory. Only user records present in this LDAP directory sub-tree will be validated. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_search_scope (optional)
String LDAP user search scope defines how deep to search for the user starting from user search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

LdapUserBindSettings Up

dn_template (optional)
String LDAP user DN pattern is used to bind LDAP user after replacing the user token with real username. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
token (optional)
String LDAP token is replaced with real user name in the user DN pattern. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_attributes (optional)
array[String] LDAP user attributes to fetch on a successful user bind. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_id_attribute (optional)
String LDAP user id attribute is the login attribute that uniquely identifies a single user record. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

OAuthProfile Up

String URL of authorization server. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
end_session_endpoint (optional)
String Logout URI of IDP server. Field introduced in 22.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
introspection_endpoint (optional)
String URL of token introspection server. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
issuer (optional)
String Uniquely identifiable name of the Token Issuer. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
jwks_timeout (optional)
Integer Lifetime of the cached JWKS keys. Allowed values are 0-1440. Field introduced in 21.1.3. Unit is MIN. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition. format: int32
jwks_uri (optional)
String JWKS URL of the endpoint that hosts the public keys that can be used to verify any JWT issued by the authorization server. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
oauth_resp_buffer_sz (optional)
Integer Buffering size for the responses from the OAUTH enpoints. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition. format: int32
String Pool object to interface with Authorization Server endpoints. It is a reference to an object of type Pool. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
String URL of token exchange server. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
userinfo_endpoint (optional)
String URL of the Userinfo Endpoint. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

RoleFilterMatchLabel Up

String Key for filter match. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

SamlIdentityProviderSettings Up

metadata (optional)
String SAML IDP metadata. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

SamlServiceProviderNode Up

entity_id (optional)
String Globally unique entityID for this node. Entity ID on the IDP should match this. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
String Refers to the Cluster name identifier (Virtual IP or FQDN). Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
signing_ssl_key_and_certificate_ref (optional)
String Service Engines will use this SSL certificate to sign assertions going to the IdP. It is a reference to an object of type SSLKeyAndCertificate. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
single_signon_url (optional)
String Single Signon URL to be programmed on the IDP. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

SamlServiceProviderSettings Up

fqdn (optional)
String FQDN if entity type is DNS_FQDN . Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
org_display_name (optional)
String Service Provider Organization Display Name. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
org_name (optional)
String Service Provider Organization Name. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
org_url (optional)
String Service Provider Organization URL. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
saml_entity_type (optional)
String Type of SAML endpoint. Enum options - AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN, AUTH_SAML_APP_VS. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
sp_nodes (optional)
array[SamlServiceProviderNode] Service Provider node information. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tech_contact_email (optional)
String Service Provider technical contact email. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tech_contact_name (optional)
String Service Provider technical contact name. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

SamlSettings Up

idp (optional)
SamlIdentityProviderSettings Configure remote Identity provider settings. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
SamlServiceProviderSettings Configure service provider settings for the Controller. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

TacacsPlusAuthSettings Up

authorization_attrs (optional)
array[AuthTacacsPlusAttributeValuePair] TACACS+ authorization attribute value pairs. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
password (optional)
String TACACS+ server shared secret. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
port (optional)
Integer TACACS+ server listening port. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
server (optional)
array[String] TACACS+ server IP address or FQDN. Minimum of 1 items required. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
service (optional)