ADC

Traffic profiles

September 21, 2020

Contributed by:

After creating at least one forms or SAML sso profile, you must next create a traffic profile.

Note

In this feature, the terms “profile” and “action” mean the same thing.

To create a traffic profile by using the command line interface

At the command prompt, type:

```add tm trafficAction [-appTimeout ][-SSO ( ON | OFF ) [-formSSOAction ]][-persistentCookie ( ENABLED | DISABLED )][-InitiateLogout ( ON | OFF )]


### Example

add tm trafficAction Traffic-Prof-1 –appTimeout 10 -SSO ON -formSSOAction SSO-Prof-1

## To modify a session profile by using the command line interface

At the command prompt, type:

```set tm trafficAction <name> [-appTimeout <mins>] [-SSO ( ON | OFF ) [-formSSOAction <string>]] [-persistentCookie ( ENABLED | DISABLED )] [-InitiateLogout ( ON | OFF )]<!--NeedCopy-->

Example

set tm trafficAction Traffic-Prof-1 –appTimeout 10 -SSO ON -formSSOAction SSO-Prof-1
<!--NeedCopy-->

To remove a session profile by using the command line interface

At the command prompt, type:

```rm tm trafficAction


### Example

rm tm trafficAction Traffic-Prof-1

## To configure traffic profiles by using the configuration utility

1.  Navigate to **Security > AAA - Application Traffic > Traffic.**
1.  Navigate to **Security > AAA - Application Traffic > Policies > Traffic.**
1.  In the details pane, click the Profiles tab.
1.  On the Profiles tab, do one of the following:
    -  To create a new traffic profile, click **Add.**
    -  To modify an existing traffic profile, select the profile, and then click **Edit.**
1.  In the **Create Traffic Profile** or **Configure Traffic Profile** dialog box, specify values for the parameters.
    -  Name\*—name (Cannot be changed for a previously configured session action.)
    -  AppTimeout—appTimeout
    -  Single Sign-On—SSO
    -  Form SSO Action—formSSOAction
    -  SAML SSO Action—samlSSOAction
    -  Enable Persistent Cookie—persistentCookie
    -  Initiate Logout—InitiateLogout
1.  Click **Create** or **OK**. The traffic profile that you created appears in the Traffic Policies, Profiles, and either the Form SSO Profiles or SAML SSO Profiles pane, as appropriate.

## Support for AAA.USER and AAA.LOGIN expressions

The AAA.USER expression is now implemented to replace the existing HTTP.REQ.USER expressions. The AAA.USER expression is applicable to handle non-HTTP traffic, such as Secure Web Gateway (SWG) and role-based access (RBA) mechanism. The AAA.USER expressions are equivalent to HTTP.REQ.USER expressions.

You can use the expression at a variety of actions or profiles configuration.

At the command prompt, type:

```add tm trafficAction <name> [SSO (ON|OFF) [-userExpression <string>]<!--NeedCopy-->

Example

add tm trafficAction tm_act -SSO ON -userExpression "AAA.USER.NAME"

Done

   add tm trafficPolicy tm_pol true tm_act

Done

    bind lb vserver lb1 -policyName tm_pol -priority 2
<!--NeedCopy-->

Note

If you use HTTP.REQ.USER expression, a warning message “HTTP.REQ.USER has been deprecated. Use AAA.USER instead” appears on the command prompt.

AAA.LOGIN Expression. The LOGIN expression represents pre-login, also known as the login request. The login request can be from Citrix Gateway, SAML IdP, or from OAuth authentication. The Citrix ADC will abstract the required attributes from policy configuration. The AAA.LOGIN expression contains the attributes, which can be fetched based on the following:
- AAA.LOGIN.USERNAME. The username (if found) is fetched from the current login request. The same expression applied to a non-login request (determined by a authentication, authorization, and auditing) results in an empty string.
- AAA.LOGIN.PASSWORD. The user password (if found) is fetched from the current login request. The expression results in an empty string if the password is not found.
- AAA.LOGIN.PASSWORD2. The second password (if found) is fetched from the login request.
- AAA.LOGIN.DOMAIN. The domain information is fetched from the login request.
AAA.USER.ATTRIBUTE. The AAA.USER.ATTRIBUTE expressions have now an integer associated with it. The attributes can be grouped and name the string with an appropriate name. The authentication, authorization, and auditing module looks up user sessions attribute and AAA.USER.ATTRIBUTE(“string”) would query the hash table for that particular attribute. For example, if Attributes(“samaccountname”) is set, AAA.USER.ATTRIBUTE(“samaccountname”) would query the hash map and would fetch the value corresponding to “samaccountname.”

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Traffic profiles

September 21, 2020

Contributed by:

September 21, 2020

Contributed by:

Traffic profiles

To create a traffic profile by using the command line interface

Example

To remove a session profile by using the command line interface

Example

In this article