Avi AuthProfile Object API
CLI ``` - configure authprofile - show authprofile ```
Contact Info: support@avinetworks.com
Version: 21.1.6
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html
Access
- HTTP Basic Authentication
[ Jump to Models ]
Table of Contents
get /authprofilepost /authprofiledelete /authprofile/{uuid}get /authprofile/{uuid}patch /authprofile/{uuid}put /authprofile/{uuid}
(authprofileGet)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"next" : "aeiou",
"count" : 123,
"results" : [ {
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"oauth_profile" : {
"pool_ref" : "aeiou",
"oauth_resp_buffer_sz" : 123,
"introspection_endpoint" : "aeiou",
"jwks_uri" : "aeiou",
"jwks_timeout" : 123,
"issuer" : "aeiou",
"authorization_endpoint" : "aeiou",
"token_endpoint" : "aeiou",
"userinfo_endpoint" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"configpb_attributes" : {
"version" : 123
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfileApiResponse
401
log in failed
(authprofilePost)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — AuthProfile object creation
Return type
Example data
Content-Type: application/json
{
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"oauth_profile" : {
"pool_ref" : "aeiou",
"oauth_resp_buffer_sz" : 123,
"introspection_endpoint" : "aeiou",
"jwks_uri" : "aeiou",
"jwks_timeout" : 123,
"issuer" : "aeiou",
"authorization_endpoint" : "aeiou",
"token_endpoint" : "aeiou",
"userinfo_endpoint" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"configpb_attributes" : {
"version" : 123
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfile
401
log in failed
Up
delete /authprofile/{uuid}
(authprofileUuidDelete)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
Return type
String
Example data
Content-Type: application/json
"aeiou"
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
204
object deleted
String
404
not found
Up
get /authprofile/{uuid}
(authprofileUuidGet)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"oauth_profile" : {
"pool_ref" : "aeiou",
"oauth_resp_buffer_sz" : 123,
"introspection_endpoint" : "aeiou",
"jwks_uri" : "aeiou",
"jwks_timeout" : 123,
"issuer" : "aeiou",
"authorization_endpoint" : "aeiou",
"token_endpoint" : "aeiou",
"userinfo_endpoint" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"configpb_attributes" : {
"version" : 123
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfile
401
log in failed
Up
patch /authprofile/{uuid}
(authprofileUuidPatch)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — AuthProfile object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"oauth_profile" : {
"pool_ref" : "aeiou",
"oauth_resp_buffer_sz" : 123,
"introspection_endpoint" : "aeiou",
"jwks_uri" : "aeiou",
"jwks_timeout" : 123,
"issuer" : "aeiou",
"authorization_endpoint" : "aeiou",
"token_endpoint" : "aeiou",
"userinfo_endpoint" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"configpb_attributes" : {
"version" : 123
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfile
401
log in failed
Up
put /authprofile/{uuid}
(authprofileUuidPut)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — AuthProfile object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"oauth_profile" : {
"pool_ref" : "aeiou",
"oauth_resp_buffer_sz" : 123,
"introspection_endpoint" : "aeiou",
"jwks_uri" : "aeiou",
"jwks_timeout" : 123,
"issuer" : "aeiou",
"authorization_endpoint" : "aeiou",
"token_endpoint" : "aeiou",
"userinfo_endpoint" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"configpb_attributes" : {
"version" : 123
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfile
401
log in failed
[ Jump to Methods ]
Table of Contents
AuthProfileAuthProfileApiResponseAuthProfileHTTPClientParamsAuthTacacsPlusAttributeValuePairConfigPbAttributesLdapAuthSettingsLdapDirectorySettingsLdapUserBindSettingsOAuthProfileRoleFilterMatchLabelSamlIdentityProviderSettingsSamlServiceProviderNodeSamlServiceProviderSettingsSamlSettingsTacacsPlusAuthSettings
_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
configpb_attributes (optional)
ConfigPbAttributes Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
description (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
http (optional)
AuthProfileHTTPClientParams HTTP user authentication params. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
jwt_profile_ref (optional)
String JWTServerProfile to be used for authentication. It is a reference to an object of type JWTServerProfile. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
ldap (optional)
LdapAuthSettings LDAP server and directory settings. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.6. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
name
String Name of the Auth Profile. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
oauth_profile (optional)
OAuthProfile OAuth Profile - Common endpoint information. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
pa_agent_ref (optional)
String PingAccessAgent uuid. It is a reference to an object of type PingAccessAgent. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
saml (optional)
SamlSettings SAML settings. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tacacs_plus (optional)
TacacsPlusAuthSettings TACACS+ settings. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
tenant_ref (optional)
String It is a reference to an object of type Tenant. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
type
String Type of the Auth Profile. Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS, AUTH_PROFILE_JWT, AUTH_PROFILE_OAUTH. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
url (optional)
uuid (optional)
String UUID of the Auth Profile. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
count
results
next (optional)
cache_expiration_time (optional)
Integer The max allowed length of time a clients authentication is cached. Allowed values are 1-30. Unit is SEC. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
group_member_is_full_dn (optional)
Boolean Group member entries contain full DNs instead of just user id attribute values. This should now be configured using the LdapDirectorySettings field instead. Field deprecated in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
request_header (optional)
String Insert an HTTP header. This field is used to define the header name. The value of the header is set to the client's HTTP Auth user ID. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
require_user_groups (optional)
array[String] A user should be a member of these groups. Each group is defined by the DN. For example, CN=testgroup,OU=groups,dc=example,dc=avinetworks,DC=com. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
mandatory (optional)
Boolean mandatory. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
name (optional)
String attribute name. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
value (optional)
String attribute value. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
version (optional)
Integer Protobuf version number. Gets incremented if there is se Diff of federated diff in config pbs.This field will be a monotonically increasing number indicating the number of Config Update operations. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition. format: int32
base_dn (optional)
String The LDAP base DN. For example, avinetworks.com would be DC=avinetworks,DC=com. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
bind_as_administrator (optional)
Boolean LDAP administrator credentials are used to search for users and group memberships. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
email_attribute (optional)
String LDAP attribute that refers to user email. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
full_name_attribute (optional)
String LDAP attribute that refers to user's full name. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
port (optional)
Integer Query the LDAP servers on this port. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
security_mode (optional)
String LDAP connection security mode. Enum options - AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
server (optional)
array[String] LDAP server IP address or Hostname. Use IP address if an auth profile is used to configure Virtual Service. Minimum of 1 items required. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
settings (optional)
LdapDirectorySettings LDAP full directory configuration with administrator credentials. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_bind (optional)
LdapUserBindSettings LDAP anonymous bind configuration. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
admin_bind_dn (optional)
String LDAP Admin User DN. Administrator credentials are required to search for users under user search DN or groups under group search DN. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_filter (optional)
String Group filter is used to identify groups during search. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_member_attribute (optional)
String LDAP group attribute that identifies each of the group members. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_member_is_full_dn (optional)
Boolean Group member entries contain full DNs instead of just user id attribute values. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_search_dn (optional)
String LDAP group search DN is the root of search for a given group in the LDAP directory. Only matching groups present in this LDAP directory sub-tree will be checked for user membership. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_search_scope (optional)
String LDAP group search scope defines how deep to search for the group starting from the group search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
ignore_referrals (optional)
Boolean During user or group search, ignore searching referrals. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
password (optional)
String LDAP Admin User Password. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_attributes (optional)
array[String] LDAP user attributes to fetch on a successful user bind. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_id_attribute (optional)
String LDAP user id attribute is the login attribute that uniquely identifies a single user record. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_search_dn (optional)
String LDAP user search DN is the root of search for a given user in the LDAP directory. Only user records present in this LDAP directory sub-tree will be validated. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_search_scope (optional)
String LDAP user search scope defines how deep to search for the user starting from user search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
dn_template (optional)
String LDAP user DN pattern is used to bind LDAP user after replacing the user token with real username. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
token (optional)
String LDAP token is replaced with real user name in the user DN pattern. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_attributes (optional)
array[String] LDAP user attributes to fetch on a successful user bind. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
user_id_attribute (optional)
String LDAP user id attribute is the login attribute that uniquely identifies a single user record. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
authorization_endpoint
String URL of authorization server. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
introspection_endpoint (optional)
String URL of token introspection server. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
issuer (optional)
String Uniquely identifiable name of the Token Issuer. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
jwks_timeout (optional)
Integer Lifetime of the cached JWKS keys. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition. format: int32
jwks_uri (optional)
String JWKS URL of the endpoint that hosts the public keys that can be used to verify any JWT issued by the authorization server. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
oauth_resp_buffer_sz (optional)
Integer Buffering size for the responses from the OAUTH enpoints. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition. format: int32
pool_ref (optional)
String Pool object to interface with Authorization Server endpoints. It is a reference to an object of type Pool. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
token_endpoint
String URL of token exchange server. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
userinfo_endpoint (optional)
String URL of the Userinfo Endpoint. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
key
String Key for filter match. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
metadata (optional)
String SAML IDP metadata. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
entity_id (optional)
String Globally unique entityID for this node. Entity ID on the IDP should match this. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
name
String Refers to the Cluster name identifier (Virtual IP or FQDN). Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
signing_cert (optional)
String Service Provider signing certificate for metadata. Field deprecated in 18.2.1. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
signing_key (optional)
String Service Provider signing key for metadata. Field deprecated in 18.2.1. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
signing_ssl_key_and_certificate_ref (optional)
String Service Engines will use this SSL certificate to sign assertions going to the IdP. It is a reference to an object of type SSLKeyAndCertificate. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
single_signon_url (optional)
String Single Signon URL to be programmed on the IDP. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
fqdn (optional)
String FQDN if entity type is DNS_FQDN . Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
org_display_name (optional)
String Service Provider Organization Display Name. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
org_name (optional)
String Service Provider Organization Name. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
org_url (optional)
String Service Provider Organization URL. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
saml_entity_type (optional)
String Type of SAML endpoint. Enum options - AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN, AUTH_SAML_APP_VS. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
sp_nodes (optional)
array[SamlServiceProviderNode] Service Provider node information. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tech_contact_email (optional)
String Service Provider technical contact email. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tech_contact_name (optional)
String Service Provider technical contact name. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
idp (optional)
SamlIdentityProviderSettings Configure remote Identity provider settings. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
sp
SamlServiceProviderSettings Configure service provider settings for the Controller. Field introduced in 17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
authorization_attrs (optional)
password (optional)
String TACACS+ server shared secret. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
port (optional)
Integer TACACS+ server listening port. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
server (optional)
array[String] TACACS+ server IP address or FQDN. Minimum of 1 items required. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
service (optional)
String TACACS+ service. Enum options - AUTH_TACACS_PLUS_SERVICE_NONE, AUTH_TACACS_PLUS_SERVICE_LOGIN, AUTH_TACACS_PLUS_SERVICE_ENABLE, AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP, AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD, AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI, AUTH_TACACS_PLUS_SERVICE_FWPROXY. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.