aam authentication server

Authentication server configuration

server Specification

Type Intermediate Resource
Element Name server
Element URI /axapi/v3/aam/authentication/server
Element Attributes server_attributes
Schema server schema

Operations Allowed:

Operation Method URI Payload

Get Object

GET

/axapi/v3/aam/authentication/server

server_attributes

server Attributes

ldap

Description: ldap is a JSON Block . Please see below for ldap

Type: Object

Reference Object: /axapi/v3/aam/authentication/server/ldap

ocsp

Description: ocsp is a JSON Block . Please see below for ocsp

Type: Object

Reference Object: /axapi/v3/aam/authentication/server/ocsp

radius

Description: radius is a JSON Block . Please see below for radius

Type: Object

Reference Object: /axapi/v3/aam/authentication/server/radius

windows

Description: windows is a JSON Block . Please see below for windows

Type: Object

Reference Object: /axapi/v3/aam/authentication/server/windows

windows

Specification
Type object

instance-list

Description: instance-list is a JSON List . Please see below for l1085_instance-list

Type: List

Reference Object: /axapi/v3/aam/authentication/server/windows/instance/{name}

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l1085_sampling-enable

Type: List

uuid

Description: uuid of the object

Type: string

windows.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘kerberos-request-send’: Total Kerberos Request; ‘kerberos-response-get’: Total Kerberos Response; ‘kerberos-timeout-error’: Total Kerberos Timeout; ‘kerberos-other-error’: Total Kerberos Other Error; ‘ntlm-authentication-success’: Total NTLM Authentication Success; ‘ntlm-authentication-failure’: Total NTLM Authentication Failure; ‘ntlm-proto-negotiation-success’: Total NTLM Protocol Negotiation Success; ‘ntlm-proto-negotiation-failure’: Total NTLM Protocol Negotiation Failure; ‘ntlm-session-setup-success’: Total NTLM Session Setup Success; ‘ntlm-session-setup-failed’: Total NTLM Session Setup Failure; ‘kerberos-request-normal’: Total Kerberos Normal Request; ‘kerberos-request-dropped’: Total Kerberos Dropped Request; ‘kerberos-response-success’: Total Kerberos Success Response; ‘kerberos-response-failure’: Total Kerberos Failure Response; ‘kerberos-response-error’: Total Kerberos Error Response; ‘kerberos-response-timeout’: Total Kerberos Timeout Response; ‘kerberos-response-other’: Total Kerberos Other Response; ‘kerberos-job-start-error’: Total Kerberos Job Start Error; ‘kerberos-polling-control-error’: Total Kerberos Polling Control Error; ‘ntlm-prepare-req-success’: Total NTLM Prepare Request Success; ‘ntlm-prepare-req-failed’: Total NTLM Prepare Request Failed; ‘ntlm-timeout-error’: Total NTLM Timeout; ‘ntlm-other-error’: Total NTLM Other Error; ‘ntlm-request-normal’: Total NTLM Normal Request; ‘ntlm-request-dropped’: Total NTLM Dropped Request; ‘ntlm-response-success’: Total NTLM Success Response; ‘ntlm-response-failure’: Total NTLM Failure Response; ‘ntlm-response-error’: Total NTLM Error Response; ‘ntlm-response-timeout’: Total NTLM Timeout Response; ‘ntlm-response-other’: Total NTLM Other Response; ‘ntlm-job-start-error’: Total NTLM Job Start Error; ‘ntlm-polling-control-error’: Total NTLM Polling Control Error;

Type: string

Supported Values: all, kerberos-request-send, kerberos-response-get, kerberos-timeout-error, kerberos-other-error, ntlm-authentication-success, ntlm-authentication-failure, ntlm-proto-negotiation-success, ntlm-proto-negotiation-failure, ntlm-session-setup-success, ntlm-session-setup-failed, kerberos-request-normal, kerberos-request-dropped, kerberos-response-success, kerberos-response-failure, kerberos-response-error, kerberos-response-timeout, kerberos-response-other, kerberos-job-start-error, kerberos-polling-control-error, ntlm-prepare-req-success, ntlm-prepare-req-failed, ntlm-timeout-error, ntlm-other-error, ntlm-request-normal, ntlm-request-dropped, ntlm-response-success, ntlm-response-failure, ntlm-response-error, ntlm-response-timeout, ntlm-response-other, ntlm-job-start-error, ntlm-polling-control-error

windows.instance-list

Specification
Type list
Block object keys

auth-protocol

Description: auth-protocol is a JSON Block . Please see below for l1085_auth-protocol

Type: Object

health-check

Description: Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description: Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description: Health monitor name

Type: string

Reference Object: /axapi/v3/health/monitor

host

Description: host is a JSON Block . Please see below for l1085_host

Type: Object

name

Description: Specify Windows authentication server name

Type: string

Format: string-rlx

realm

Description: Specify realm of Windows server

Type: string

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l1085_sampling-enable

Type: List

support-apacheds-kdc

Description: Enable weak cipher (DES CRC/MD5/MD4) and merge AS-REQ in single packet

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

timeout

Description: Specify connection timeout to server, default is 10 seconds

Type: number

Range: 1-255

Default: 10

uuid

Description: uuid of the object

Type: string

windows.instance-list.host

Specification
Type object

hostip

Description: Specify the Windows server’s hostname(Length 1-31) or IP address

Type: string

Format: host

Mutual Exclusion: hostip and hostipv6 are mutually exclusive

hostipv6

Description: Specify the Windows server’s IPV6 address

Type: string

Format: ipv6-address

Mutual Exclusion: hostipv6 and hostip are mutually exclusive

windows.instance-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘krb_send_req_success’: Kerberos Request; ‘krb_get_resp_success’: Kerberos Response; ‘krb_timeout_error’: Kerberos Timeout; ‘krb_other_error’: Kerberos Other Error; ‘ntlm_proto_nego_success’: NTLM Protocol Negotiation Success; ‘ntlm_proto_nego_failure’: NTLM Protocol Negotiation Failure; ‘ntlm_session_setup_success’: NTLM Session Setup Success; ‘ntlm_session_setup_failure’: NTLM Session Setup Failure; ‘ntlm_prepare_req_success’: NTLM Prepare Request Success; ‘ntlm_prepare_req_error’: NTLM Prepare Request Error; ‘ntlm_auth_success’: NTLM Authentication Success; ‘ntlm_auth_failure’: NTLM Authentication Failure; ‘ntlm_timeout_error’: NTLM Timeout; ‘ntlm_other_error’: NTLM Other Error;

Type: string

Supported Values: all, krb_send_req_success, krb_get_resp_success, krb_timeout_error, krb_other_error, ntlm_proto_nego_success, ntlm_proto_nego_failure, ntlm_session_setup_success, ntlm_session_setup_failure, ntlm_prepare_req_success, ntlm_prepare_req_error, ntlm_auth_success, ntlm_auth_failure, ntlm_timeout_error, ntlm_other_error

windows.instance-list.auth-protocol

Specification
Type object

kerberos-disable

Description: Disable Kerberos authentication protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

kerberos-port

Description: Specify the Kerbros port, default is 88

Type: number

Range: 1-65534

Default: 88

kport-hm

Description: Check Kerberos port’s health status

Type: string

Mutual Exclusion: kport-hm and kport-hm-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

kport-hm-disable

Description: Disable configured Kerberos port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: kport-hm-disable and kport-hm are mutually exclusive

ntlm-disable

Description: Disable NTLM authentication protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ntlm-health-check

Description: Check NTLM port’s health status

Type: string

Mutual Exclusion: ntlm-health-check and ntlm-health-check-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

ntlm-health-check-disable

Description: Disable configured NTLM port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ntlm-health-check-disable and ntlm-health-check are mutually exclusive

ntlm-version

Description: Specify NTLM version, default is 2

Type: number

Range: 1-2

Default: 2

ocsp

Specification
Type object

instance-list

Description: instance-list is a JSON List . Please see below for l1085_instance-list

Type: List

Reference Object: /axapi/v3/aam/authentication/server/ocsp/instance/{name}

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l1085_sampling-enable

Type: List

uuid

Description: uuid of the object

Type: string

ocsp.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘stapling-certificate-good’: Total OCSP Stapling Good Certificate Response; ‘stapling-certificate-revoked’: Total OCSP Stapling Revoked Certificate Response; ‘stapling-certificate-unknown’: Total OCSP Stapling Unknown Certificate Response; ‘stapling-request-normal’: Total OSCP Stapling Normal Request; ‘stapling-request-dropped’: Total OCSP Stapling Dropped Request; ‘stapling-response-success’: Total OCSP Stapling Success Response; ‘stapling-response-failure’: Total OCSP Stapling Failure Response; ‘stapling-response-error’: Total OCSP Stapling Error Response; ‘stapling-response-timeout’: Total OCSP Stapling Timeout Response; ‘stapling-response-other’: Total OCSP Stapling Other Response; ‘request-normal’: Total OSCP Normal Request; ‘request-dropped’: Total OCSP Dropped Request; ‘response-success’: Total OCSP Success Response; ‘response-failure’: Total OCSP Failure Response; ‘response-error’: Total OCSP Error Response; ‘response-timeout’: Total OCSP Timeout Response; ‘response-other’: Total OCSP Other Response; ‘job-start-error’: Total OCSP Job Start Error; ‘polling-control-error’: Total OCSP Polling Control Error;

Type: string

Supported Values: all, stapling-certificate-good, stapling-certificate-revoked, stapling-certificate-unknown, stapling-request-normal, stapling-request-dropped, stapling-response-success, stapling-response-failure, stapling-response-error, stapling-response-timeout, stapling-response-other, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error

ocsp.instance-list

Specification
Type list
Block object keys

health-check

Description: Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description: Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description: Health monitor name

Type: string

Reference Object: /axapi/v3/health/monitor

name

Description: Specify OCSP authentication server name

Type: string

Format: string-rlx

port-health-check

Description: Check port’s health status

Type: string

Mutual Exclusion: port-health-check and port-health-check-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

port-health-check-disable

Description: Disable configured port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: port-health-check-disable and port-health-check are mutually exclusive

responder-ca

Description: Specify the trusted OCSP responder’s CA cert filename

Type: string

responder-cert

Description: Specify the trusted OCSP responder’s cert filename

Type: string

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l1085_sampling-enable

Type: List

url

Description: Specify the OCSP server’s address (Format: http://host[:port]/ ) (The OCSP server’s address(Format: http://host[:port]/ ))

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

ocsp.instance-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘request’: Request; ‘certificate-good’: Good Certificate Response; ‘certificate-revoked’: Revoked Certificate Response; ‘certificate-unknown’: Unknown Certificate Response; ‘timeout’: Timeout; ‘fail’: Handle OCSP response failed; ‘stapling-request’: OCSP Stapling Request Send; ‘stapling-certificate-good’: OCSP Stapling Good Certificate Response; ‘stapling-certificate-revoked’: OCSP Stapling Revoked Certificate Response; ‘stapling-certificate-unknown’: OCSP Stapling Unknown Certificate Response; ‘stapling-timeout’: OCSP Stapling Timeout; ‘stapling-fail’: Handle OCSP response failed;

Type: string

Supported Values: all, request, certificate-good, certificate-revoked, certificate-unknown, timeout, fail, stapling-request, stapling-certificate-good, stapling-certificate-revoked, stapling-certificate-unknown, stapling-timeout, stapling-fail

radius

Specification
Type object

instance-list

Description: instance-list is a JSON List . Please see below for l1085_instance-list

Type: List

Reference Object: /axapi/v3/aam/authentication/server/radius/instance/{name}

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l1085_sampling-enable

Type: List

uuid

Description: uuid of the object

Type: string

radius.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘authen_success’: Total Authentication Success; ‘authen_failure’: Total Authentication Failure; ‘authorize_success’: Total Authorization Success; ‘authorize_failure’: Total Authorization Failure; ‘access_challenge’: Total Access-Challenge Message Receive; ‘timeout_error’: Total Timeout; ‘other_error’: Total Other Error; ‘request’: Total Request; ‘request-normal’: Total Normal Request; ‘request-dropped’: Total Dropped Request; ‘response-success’: Total Success Response; ‘response-failure’: Total Failure Response; ‘response-error’: Total Error Response; ‘response-timeout’: Total Timeout Response; ‘response-other’: Total Other Response; ‘job-start-error’: Total Job Start Error; ‘polling-control-error’: Total Polling Control Error; ‘accounting-request-sent’: Accounting-Request Sent; ‘accounting-success’: Accounting Success; ‘accounting-failure’: Accounting Failure;

Type: string

Supported Values: all, authen_success, authen_failure, authorize_success, authorize_failure, access_challenge, timeout_error, other_error, request, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error, accounting-request-sent, accounting-success, accounting-failure

radius.instance-list

Specification
Type list
Block object keys

accounting-port

Description: Specify the RADIUS server’s accounting port, default is 1813

Type: number

Range: 1-65534

Default: 1813

acct-port-hm

Description: Specify accounting port health check method

Type: string

Mutual Exclusion: acct-port-hm and acct-port-hm-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

acct-port-hm-disable

Description: Disable configured accounting port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: acct-port-hm-disable and acct-port-hm are mutually exclusive

encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

health-check

Description: Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description: Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description: Health monitor name

Type: string

Reference Object: /axapi/v3/health/monitor

host

Description: host is a JSON Block . Please see below for l1085_host

Type: Object

interval

Description: Specify the interval time for resend the request (second), default is 3 seconds (The interval time(second), default is 3 seconds)

Type: number

Range: 1-1024

Default: 3

name

Description: Specify RADIUS authentication server name

Type: string

Format: string-rlx

port

Description: Specify the RADIUS server’s authentication port, default is 1812

Type: number

Range: 1-65534

Default: 1812

port-hm

Description: Check port’s health status

Type: string

Mutual Exclusion: port-hm and port-hm-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

port-hm-disable

Description: Disable configured port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: port-hm-disable and port-hm are mutually exclusive

retry

Description: Specify the retry number for resend the request, default is 5 (The retry number, default is 5)

Type: number

Range: 1-32

Default: 5

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l1085_sampling-enable

Type: List

secret

Description: Specify the RADIUS server’s secret

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

secret-string

Description: The RADIUS server’s secret

Type: string

Format: password

uuid

Description: uuid of the object

Type: string

radius.instance-list.host

Specification
Type object

hostip

Description: Server’s hostname(Length 1-31) or IP address

Type: string

Format: host

Mutual Exclusion: hostip and hostipv6 are mutually exclusive

hostipv6

Description: Server’s IPV6 address

Type: string

Format: ipv6-address

Mutual Exclusion: hostipv6 and hostip are mutually exclusive

radius.instance-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘authen_success’: Authentication Success; ‘authen_failure’: Authentication Failure; ‘authorize_success’: Authorization Success; ‘authorize_failure’: Authorization Failure; ‘access_challenge’: Access-Challenge Message Receive; ‘timeout_error’: Timeout; ‘other_error’: Other Error; ‘request’: Request; ‘accounting-request-sent’: Accounting-Request Sent; ‘accounting-success’: Accounting Success; ‘accounting-failure’: Accounting Failure;

Type: string

Supported Values: all, authen_success, authen_failure, authorize_success, authorize_failure, access_challenge, timeout_error, other_error, request, accounting-request-sent, accounting-success, accounting-failure

ldap

Specification
Type object

instance-list

Description: instance-list is a JSON List . Please see below for l1085_instance-list

Type: List

Reference Object: /axapi/v3/aam/authentication/server/ldap/instance/{name}

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l1085_sampling-enable

Type: List

uuid

Description: uuid of the object

Type: string

ldap.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘admin-bind-success’: Total Admin Bind Success; ‘admin-bind-failure’: Total Admin Bind Failure; ‘bind-success’: Total User Bind Success; ‘bind-failure’: Total User Bind Failure; ‘search-success’: Total Search Success; ‘search-failure’: Total Search Failure; ‘authorize-success’: Total Authorization Success; ‘authorize-failure’: Total Authorization Failure; ‘timeout-error’: Total Timeout; ‘other-error’: Total Other Error; ‘request’: Total Request; ‘request-normal’: Total Normal Request; ‘request-dropped’: Total Dropped Request; ‘response-success’: Total Success Response; ‘response-failure’: Total Failure Response; ‘response-error’: Total Error Response; ‘response-timeout’: Total Timeout Response; ‘response-other’: Total Other Response; ‘job-start-error’: Total Job Start Error; ‘polling-control-error’: Total Polling Control Error;

Type: string

Supported Values: all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error

ldap.instance-list

Specification
Type list
Block object keys

admin-dn

Description: The LDAP server’s admin DN

Type: string

Format: string-rlx

admin-secret

Description: Specify the LDAP server’s admin secret password

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

base

Description: Specify the LDAP server’s search base

Type: string

Format: string-rlx

bind-with-dn

Description: Enforce using DN for LDAP binding(All user input name will be used to create DN)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-domain

Description: Specify default domain for LDAP

Type: string

derive-bind-dn

Description: derive-bind-dn is a JSON Block . Please see below for l1085_derive-bind-dn

Type: Object

dn-attribute

Description: Specify Distinguished Name attribute, default is CN

Type: string

Format: string-rlx

Default: cn

encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

health-check

Description: Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description: Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description: Health monitor name

Type: string

Reference Object: /axapi/v3/health/monitor

host

Description: host is a JSON Block . Please see below for l1085_host

Type: Object

name

Description: Specify LDAP authentication server name

Type: string

Format: string-rlx

port

Description: Specify the LDAP server’s authentication port, default is 389

Type: number

Range: 1-65534

Default: 389

port-hm

Description: Check port’s health status

Type: string

Mutual Exclusion: port-hm and port-hm-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

port-hm-disable

Description: Disable configured port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: port-hm-disable and port-hm are mutually exclusive

pwdmaxage

Description: Specify the LDAP server’s default password expiration time (in seconds) (The LDAP server’s default password expiration time (in seconds), default is 0 (no expiration))

Type: number

Range: 0-4294967295

Default: 0

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l1085_sampling-enable

Type: List

secret-string

Description: secret password

Type: string

Format: password

timeout

Description: Specify timout for LDAP, default is 10 seconds (The timeout, default is 10 seconds)

Type: number

Range: 1-255

Default: 10

uuid

Description: uuid of the object

Type: string

ldap.instance-list.host

Specification
Type object

hostip

Description: Server’s hostname(Length 1-31) or IP address

Type: string

Format: host

Mutual Exclusion: hostip and hostipv6 are mutually exclusive

hostipv6

Description: Server’s IPV6 address

Type: string

Format: ipv6-address

Mutual Exclusion: hostipv6 and hostip are mutually exclusive

ldap.instance-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘admin-bind-success’: Admin Bind Success; ‘admin-bind-failure’: Admin Bind Failure; ‘bind-success’: User Bind Success; ‘bind-failure’: User Bind Failure; ‘search-success’: Search Success; ‘search-failure’: Search Failure; ‘authorize-success’: Authorization Success; ‘authorize-failure’: Authorization Failure; ‘timeout-error’: Timeout; ‘other-error’: Other Error; ‘request’: Request;

Type: string

Supported Values: all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request

ldap.instance-list.derive-bind-dn

Specification
Type object

username-attr

Description: Specify attribute name of username

Type: string

Format: string-rlx