Avi AuthProfile Object API
CLI ``` - configure authprofile - show authprofile ```
Contact Info: support@avinetworks.com
Version: 20.1.9
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html
Access
- HTTP Basic Authentication
[ Jump to Models ]
Table of Contents
get /authprofilepost /authprofiledelete /authprofile/{uuid}get /authprofile/{uuid}patch /authprofile/{uuid}put /authprofile/{uuid}
(authprofileGet)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"next" : "aeiou",
"count" : 123,
"results" : [ {
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfileApiResponse
401
log in failed
(authprofilePost)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — AuthProfile object creation
Return type
Example data
Content-Type: application/json
{
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfile
401
log in failed
Up
delete /authprofile/{uuid}
(authprofileUuidDelete)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
Return type
String
Example data
Content-Type: application/json
"aeiou"
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
204
object deleted
String
404
not found
Up
get /authprofile/{uuid}
(authprofileUuidGet)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfile
401
log in failed
Up
patch /authprofile/{uuid}
(authprofileUuidPatch)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — AuthProfile object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfile
401
log in failed
Up
put /authprofile/{uuid}
(authprofileUuidPut)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — AuthProfile object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"description" : "aeiou",
"pa_agent_ref" : "aeiou",
"type" : "aeiou",
"tacacs_plus" : {
"authorization_attrs" : [ {
"name" : "aeiou",
"mandatory" : true,
"value" : "aeiou"
} ],
"server" : [ "aeiou" ],
"password" : "aeiou",
"port" : 123,
"service" : "aeiou"
},
"uuid" : "aeiou",
"url" : "aeiou",
"_last_modified" : "aeiou",
"ldap" : {
"server" : [ "aeiou" ],
"settings" : {
"admin_bind_dn" : "aeiou",
"group_member_is_full_dn" : true,
"password" : "aeiou",
"group_filter" : "aeiou",
"user_id_attribute" : "aeiou",
"user_search_dn" : "aeiou",
"group_search_dn" : "aeiou",
"ignore_referrals" : true,
"user_attributes" : [ "aeiou" ],
"group_member_attribute" : "aeiou",
"group_search_scope" : "aeiou",
"user_search_scope" : "aeiou"
},
"base_dn" : "aeiou",
"port" : 123,
"user_bind" : {
"user_id_attribute" : "aeiou",
"user_attributes" : [ "aeiou" ],
"dn_template" : "aeiou",
"token" : "aeiou"
},
"security_mode" : "aeiou",
"bind_as_administrator" : true,
"email_attribute" : "aeiou",
"full_name_attribute" : "aeiou"
},
"tenant_ref" : "aeiou",
"name" : "aeiou",
"saml" : {
"idp" : {
"metadata" : "aeiou"
},
"sp" : {
"org_url" : "aeiou",
"sp_nodes" : [ {
"signing_ssl_key_and_certificate_ref" : "aeiou",
"signing_key" : "aeiou",
"name" : "aeiou",
"signing_cert" : "aeiou",
"entity_id" : "aeiou",
"single_signon_url" : "aeiou"
} ],
"tech_contact_name" : "aeiou",
"fqdn" : "aeiou",
"saml_entity_type" : "aeiou",
"org_display_name" : "aeiou",
"org_name" : "aeiou",
"tech_contact_email" : "aeiou"
}
},
"http" : {
"cache_expiration_time" : 123,
"group_member_is_full_dn" : true,
"request_header" : "aeiou",
"require_user_groups" : [ "aeiou" ]
},
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"jwt_profile_ref" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
AuthProfile
401
log in failed
[ Jump to Methods ]
Table of Contents
AuthProfileAuthProfileApiResponseAuthProfileHTTPClientParamsAuthTacacsPlusAttributeValuePairLdapAuthSettingsLdapDirectorySettingsLdapUserBindSettingsRoleFilterMatchLabelSamlIdentityProviderSettingsSamlServiceProviderNodeSamlServiceProviderSettingsSamlSettingsTacacsPlusAuthSettings
_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
description (optional)
String User defined description for the object.
http (optional)
jwt_profile_ref (optional)
String JWTServerProfile to be used for authentication. It is a reference to an object of type JWTServerProfile. Field introduced in 20.1.3.
ldap (optional)
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.6. Allowed in Basic edition, Essentials edition, Enterprise edition.
name
String Name of the Auth Profile.
pa_agent_ref (optional)
String PingAccessAgent uuid. It is a reference to an object of type PingAccessAgent. Field introduced in 18.2.3. Allowed in Basic edition, Essentials edition, Enterprise edition.
saml (optional)
tacacs_plus (optional)
tenant_ref (optional)
String It is a reference to an object of type Tenant.
type
String Type of the Auth Profile. Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS, AUTH_PROFILE_JWT.
url (optional)
uuid (optional)
String UUID of the Auth Profile.
count
results
next (optional)
cache_expiration_time (optional)
Integer The max allowed length of time a clients authentication is cached. Allowed values are 1-30. Unit is SEC. format: int32
group_member_is_full_dn (optional)
Boolean Group member entries contain full DNs instead of just user id attribute values. This should now be configured using the LdapDirectorySettings field instead. Field deprecated in 18.2.1.
request_header (optional)
String Insert an HTTP header. This field is used to define the header name. The value of the header is set to the client's HTTP Auth user ID.
require_user_groups (optional)
array[String] A user should be a member of these groups. Each group is defined by the DN. For example, CN=testgroup,OU=groups,dc=example,dc=avinetworks,DC=com.
mandatory (optional)
name (optional)
value (optional)
base_dn (optional)
String The LDAP base DN. For example, avinetworks.com would be DC=avinetworks,DC=com.
bind_as_administrator (optional)
Boolean LDAP administrator credentials are used to search for users and group memberships.
email_attribute (optional)
String LDAP attribute that refers to user email.
full_name_attribute (optional)
String LDAP attribute that refers to user's full name.
port (optional)
Integer Query the LDAP servers on this port. format: int32
security_mode (optional)
String LDAP connection security mode. Enum options - AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS.
server (optional)
array[String] LDAP server IP address or Hostname. Use IP address if an auth profile is used to configure Virtual Service. Minimum of 1 items required.
settings (optional)
user_bind (optional)
admin_bind_dn (optional)
String LDAP Admin User DN. Administrator credentials are required to search for users under user search DN or groups under group search DN.
group_filter (optional)
String Group filter is used to identify groups during search.
group_member_attribute (optional)
String LDAP group attribute that identifies each of the group members.
group_member_is_full_dn (optional)
Boolean Group member entries contain full DNs instead of just user id attribute values.
group_search_dn (optional)
String LDAP group search DN is the root of search for a given group in the LDAP directory. Only matching groups present in this LDAP directory sub-tree will be checked for user membership.
group_search_scope (optional)
String LDAP group search scope defines how deep to search for the group starting from the group search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE.
ignore_referrals (optional)
Boolean During user or group search, ignore searching referrals.
password (optional)
String LDAP Admin User Password.
user_attributes (optional)
array[String] LDAP user attributes to fetch on a successful user bind.
user_id_attribute (optional)
String LDAP user id attribute is the login attribute that uniquely identifies a single user record.
user_search_dn (optional)
String LDAP user search DN is the root of search for a given user in the LDAP directory. Only user records present in this LDAP directory sub-tree will be validated.
user_search_scope (optional)
String LDAP user search scope defines how deep to search for the user starting from user search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE.
dn_template (optional)
String LDAP user DN pattern is used to bind LDAP user after replacing the user token with real username.
token (optional)
String LDAP token is replaced with real user name in the user DN pattern.
user_attributes (optional)
array[String] LDAP user attributes to fetch on a successful user bind.
user_id_attribute (optional)
String LDAP user id attribute is the login attribute that uniquely identifies a single user record.
key
String Key for filter match. Field introduced in 20.1.3.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3.
metadata (optional)
String SAML IDP metadata. Field introduced in 17.2.3.
entity_id (optional)
String Globally unique entityID for this node. Entity ID on the IDP should match this. Field introduced in 17.2.3.
name
String Refers to the Cluster name identifier (Virtual IP or FQDN). Field introduced in 17.2.3.
signing_cert (optional)
String Service Provider signing certificate for metadata. Field deprecated in 18.2.1. Field introduced in 17.2.3.
signing_key (optional)
String Service Provider signing key for metadata. Field deprecated in 18.2.1. Field introduced in 17.2.3.
signing_ssl_key_and_certificate_ref (optional)
String Service Engines will use this SSL certificate to sign assertions going to the IdP. It is a reference to an object of type SSLKeyAndCertificate. Field introduced in 18.2.1.
single_signon_url (optional)
String Single Signon URL to be programmed on the IDP. Field introduced in 17.2.3.
fqdn (optional)
String FQDN if entity type is DNS_FQDN . Field introduced in 17.2.3.
org_display_name (optional)
String Service Provider Organization Display Name. Field introduced in 17.2.3.
org_name (optional)
String Service Provider Organization Name. Field introduced in 17.2.3.
org_url (optional)
String Service Provider Organization URL. Field introduced in 17.2.3.
saml_entity_type (optional)
String Type of SAML endpoint. Enum options - AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN, AUTH_SAML_APP_VS. Field introduced in 17.2.3.
sp_nodes (optional)
tech_contact_email (optional)
String Service Provider technical contact email. Field introduced in 17.2.3.
tech_contact_name (optional)
String Service Provider technical contact name. Field introduced in 17.2.3.
authorization_attrs (optional)
password (optional)
String TACACS+ server shared secret.
port (optional)
Integer TACACS+ server listening port. format: int32
server (optional)
array[String] TACACS+ server IP address or FQDN. Minimum of 1 items required.
service (optional)
String TACACS+ service. Enum options - AUTH_TACACS_PLUS_SERVICE_NONE, AUTH_TACACS_PLUS_SERVICE_LOGIN, AUTH_TACACS_PLUS_SERVICE_ENABLE, AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP, AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD, AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI, AUTH_TACACS_PLUS_SERVICE_FWPROXY.