Product Documentation

authenticationvserver

Sep 01, 2016

Configuration for authentication virtual server resource.

Properties (click to see Operations)

Name Data Type Permissions Description
name
<String>
Read-write
Name for the new authentication virtual server.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the authentication virtual server is added by using the rename authentication vserver command.

The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication policy" or 'my authentication policy').
Minimum length = 1
servicetype
<String>
Read-write
Protocol type of the authentication virtual server. Always SSL.
Default value: SSL
Possible values = SSL
ipv46
<String>
Read-write
IP address of the authentication virtual server, if a single IP address is assigned to the virtual server.
Minimum length = 1
range
<Double>
Read-write
If you are creating a series of virtual servers with a range of IP addresses assigned to them, the length of the range.
The new range of authentication virtual servers will have IP addresses consecutively numbered, starting with the primary address specified with the IP Address parameter.
Default value: 1
Minimum value = 1
port
<Integer>
Read-write
TCP port on which the virtual server accepts connections.
Range 1 - 65535
* in CLI is represented as 65535 in NITRO API
state
<String>
Read-write
Initial state of the new virtual server.
Default value: ENABLED
Possible values = ENABLED, DISABLED
authentication
<String>
Read-write
Require users to be authenticated before sending traffic through this virtual server.
Default value: ON
Possible values = ON, OFF
authenticationdomain
<String>
Read-write
The domain of the authentication cookie set by Authentication vserver.
Minimum length = 3
Maximum length = 252
comment
<String>
Read-write
Any comments associated with this virtual server.
td
<Double>
Read-write
Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.
Minimum value = 0
Maximum value = 4094
appflowlog
<String>
Read-write
Log AppFlow flow information.
Default value: ENABLED
Possible values = ENABLED, DISABLED
maxloginattempts
<Double>
Read-write
Maximum Number of login Attempts.
Minimum value = 1
Maximum value = 255
failedlogintimeout
<Double>
Read-write
Number of minutes an account will be locked if user exceeds maximum permissible attempts.
Minimum value = 1
newname
<String>
Read-write
New name of the authentication virtual server.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, 'my authentication policy' or "my authentication policy").
Minimum length = 1
ip
<String>
Read-only
The Virtual IP address of the authentication vserver.
value
<String>
Read-only
Indicates whether or not the certificate is bound or if SSL offload is disabled.
Possible values = Certkey not bound, SSL feature disabled
type
<String>
Read-only
The type of Virtual Server, e.g. CONTENT based or ADDRESS based.
Possible values = CONTENT, ADDRESS
curstate
<String>
Read-only
The current state of the Virtual server, e.g. UP, DOWN, BUSY, etc.
Possible values = UP, DOWN, UNKNOWN, BUSY, OUT OF SERVICE, GOING OUT OF SERVICE, DOWN WHEN GOING OUT OF SERVICE, NS_EMPTY_STR, Unknown, DISABLED
status
<Integer>
Read-only
Whether or not this vserver responds to ARPs and whether or not round-robin selection is temporarily in effect.
cachetype
<String>
Read-only
Virtual server's cache type. The options are: TRANSPARENT, REVERSE and FORWARD.
Possible values = TRANSPARENT, REVERSE, FORWARD
redirect
<String>
Read-only
The cache redirect policy.
The valid redirect policies are:
l. CACHE - Directs all requests to the cache.
2. POLICY - Applies cache redirection policy to determine whether the request should be directed to the cache or origin. This is the default setting.
3. ORIGIN - Directs all requests to the origin server.
Possible values = CACHE, POLICY, ORIGIN
precedence
<String>
Read-only
This argument is used only when configuring content switching on the specified virtual server. This is applicable only
if both the URL and RULE-based policies have been configured on the same virtual server.
It specifies the type of policy (URL or RULE) that takes precedence on the content switching virtual server. The default setting is RULE.
l URL - In this case, the incoming request is matched against the URL-based policies before the rule-based policies.
l RULE - In this case, the incoming request is matched against the rule-based policies before the URL-based policies.
For all URL-based policies, the precedence hierarchy is:
1. Domain and exact URL
2. Domain, prefix and suffix
3. Domain and suffix
4. Domain and prefix
5. Domain only
6. Exact URL
7. Prefix and suffix
8. Suffix only
9. Prefix only
10. Default.
Possible values = RULE, URL
redirecturl
<String>
Read-only
The URL where traffic is redirected if the virtual server in system becomes unavailable. WARNING! Make sure that the domain you specify in the URL does not match the domain specified in the -d domainName argument of the ###add cs policy### command. If the same domain is specified in both arguments, the request will be continuously redirected to the same unavailable virtual server in the system. If so, the user may not get the requested content.
curaaausers
<Double>
Read-only
The number of current users logged in to this vserver.
rule
<String>
Read-only
The name of the rule, or expression, if any, that policy for the authentication server is to use. Rules are combinations of Expressions. Expressions are simple conditions, such as a test for equality, applied to operands, such as a URL string or an IP address. Expression syntax is described in the Installation and Configuration Guide. The default rule is ns_true.
policy
<String>
Read-only
The name of the policy, if any, bound to the authentication vserver.
servicename
<String>
Read-only
The name of the service, if any, to which the vserver policy is bound.
weight
<Double>
Read-only
Weight for this service, if any. This weight is used when the system performs load balancing, giving greater priority to a specific service. It is useful when the services bound to a virtual server are of different capacity.
cachevserver
<String>
Read-only
The name of the default target cache virtual server, if any, to which requests are redirected.
backupvserver
<String>
Read-only
The name of the backup vpn virtual server for this vpn virtual server.
clttimeout
<Double>
Read-only
The idle time, if any, in seconds after which the client connection is terminated.
somethod
<String>
Read-only
VPN client applications are allocated from a block of Intranet IP addresses.
That block may be exhausted after a certain number of connections. This switch specifies the
method used to determine whether or not a new connection will spillover, or exhaust, the allocated block of
Intranet IP addresses for that application. Possible values are CONNECTION or DYNAMICCONNECTION.
CONNECTION means that a static integer value is the hard limit for the spillover threshold. The spillover
threshold is described below. DYNAMICCONNECTION means that the spillover threshold is set according to
the maximum number of connections defined for the vpn vserver.
Possible values = CONNECTION, DYNAMICCONNECTION, BANDWIDTH, HEALTH, NONE
sothreshold
<Double>
Read-only
VPN client applications are allocated from a block of Intranet IP addresses.
That block may be exhausted after a certain number of connections.
The value of this option is number of client connections after which the Mapped IP address is used
as the client source IP address instead of an address from the allocated block of Intranet IP addresses.
sopersistence
<String>
Read-only
Whether or not cookie-based site persistance is enabled for this VPN vserver. Possible values are 'ConnectionProxy', HTTPRedirect, or NONE.
Possible values = ENABLED, DISABLED
sopersistencetimeout
<Double>
Read-only
The timeout, if any, for cookie-based site persistance of this VPN vserver.
priority
<Double>
Read-only
The priority, if any, of the vpn vserver policy.
downstateflush
<String>
Read-only
Perform delayed clean up of connections on this vserver.
Possible values = ENABLED, DISABLED
disableprimaryondown
<String>
Read-only
Tells whether traffic will continue reaching backup vservers even after primary comes UP from DOWN state.
Possible values = ENABLED, DISABLED
listenpolicy
<String>
Read-only
Listenpolicy configured for authentication vserver.
listenpriority
<Double>
Read-only
Priority of listen policy for authentication vserver.
tcpprofilename
<String>
Read-only
The name of the TCP profile.
httpprofilename
<String>
Read-only
Name of the HTTP profile.
vstype
<Double>
Read-only
Virtual Server Type, e.g. Load Balancing, Content Switch, Cache Redirection.
ngname
<String>
Read-only
Nodegroup devno to which this authentication vsever belongs to.
secondary
<Boolean>
Read-only
Bind the authentication policy to the secondary chain.
Provides for multifactor authentication in which a user must authenticate via both a primary authentication method and, afterward, via a secondary authentication method.
Because user groups are aggregated across authentication systems, usernames must be the same on all authentication servers. Passwords can be different.
groupextraction
<Boolean>
Read-only
Bind the Authentication policy to a tertiary chain which will be used only for group extraction. The user will not authenticate against this server, and this will only be called if primary and/or secondary authentication has succeeded.
__count
<Double>
Read-only
count parameter

Operations (click to see Properties)

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http://<netscaler-ip-address>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

메모

Mandatory parameters are marked in red and placeholder content is marked in <green>.

add

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Content-Type:application/json

Request Payload:

{"authenticationvserver":{
      "name":<String_value>,
      "servicetype":<String_value>,
      "ipv46":<String_value>,
      "range":<Double_value>,
      "port":<Integer_value>,
      "state":<String_value>,
      "authentication":<String_value>,
      "authenticationdomain":<String_value>,
      "comment":<String_value>,
      "td":<Double_value>,
      "appflowlog":<String_value>,
      "maxloginattempts":<Double_value>,
      "failedlogintimeout":<Double_value>
}}

Response:

HTTP Status Code on Success: 201 Created
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

delete

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver/name_value<String>

HTTP Method: DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

update

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver

HTTP Method: PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Content-Type:application/json

Request Payload:

{"authenticationvserver":{
      "name":<String_value>,
      "ipv46":<String_value>,
      "authentication":<String_value>,
      "authenticationdomain":<String_value>,
      "comment":<String_value>,
      "appflowlog":<String_value>,
      "maxloginattempts":<Double_value>,
      "failedlogintimeout":<Double_value>
}}

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

unset

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?action=unset

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Content-Type:application/json

Request Payload:

{"authenticationvserver":{
      "name":<String_value>,
      "authenticationdomain":true,
      "maxloginattempts":true,
      "authentication":true,
      "comment":true,
      "appflowlog":true
}}

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

enable

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?action=enable

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Content-Type:application/json

Request Payload:

{"authenticationvserver":{
      "name":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

disable

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?action=disable

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Content-Type:application/json

Request Payload:

{"authenticationvserver":{
      "name":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

rename

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?action=rename

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Content-Type:application/json

Request Payload:

{"authenticationvserver":{
      "name":<String_value>,
      "newname":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver

Query-parameters:

attrs

http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

filter

http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?filter=property-name1:property-val1,property-name2:property-val2

Use this query-parameter to get the filtered set of authenticationvserver resources configured on NetScaler.Filtering can be done on any of the properties of the resource.

view

http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?view=summary

Note: By default, the retrieved results are displayed in detail view (?view=detail).

pagination

http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?pagesize=#no&pageno=#no

Use this query-parameter to get the authenticationvserver resources in chunks.

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Accept:application/json

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Headers:

Content-Type:application/json

Response Payload:

{ "authenticationvserver": [ {
      "name":<String_value>,
      "ip":<String_value>,
      "td":<Double_value>,
      "ipv46":<String_value>,
      "value":<String_value>,
      "port":<Integer_value>,
      "range":<Double_value>,
      "servicetype":<String_value>,
      "type":<String_value>,
      "curstate":<String_value>,
      "status":<Integer_value>,
      "cachetype":<String_value>,
      "redirect":<String_value>,
      "precedence":<String_value>,
      "redirecturl":<String_value>,
      "authentication":<String_value>,
      "curaaausers":<Double_value>,
      "authenticationdomain":<String_value>,
      "rule":<String_value>,
      "policyname":<String_value>,
      "policy":<String_value>,
      "servicename":<String_value>,
      "weight":<Double_value>,
      "cachevserver":<String_value>,
      "backupvserver":<String_value>,
      "clttimeout":<Double_value>,
      "somethod":<String_value>,
      "sothreshold":<Double_value>,
      "sopersistence":<String_value>,
      "sopersistencetimeout":<Double_value>,
      "priority":<Double_value>,
      "downstateflush":<String_value>,
      "disableprimaryondown":<String_value>,
      "listenpolicy":<String_value>,
      "listenpriority":<Double_value>,
      "tcpprofilename":<String_value>,
      "httpprofilename":<String_value>,
      "comment":<String_value>,
      "appflowlog":<String_value>,
      "vstype":<Double_value>,
      "ngname":<String_value>,
      "maxloginattempts":<Double_value>,
      "failedlogintimeout":<Double_value>,
      "secondary":<Boolean_value>,
      "groupextraction":<Boolean_value>
}]}

get

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver/name_value<String>

Query-parameters:

attrs

http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver/name_value<String>?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

view

http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver/name_value<String>?view=summary

Note: By default, the retrieved results are displayed in detail view (?view=detail).

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Accept:application/json

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Headers:

Content-Type:application/json

Response Payload:

{ "authenticationvserver": [ {
      "name":<String_value>,
      "ip":<String_value>,
      "td":<Double_value>,
      "ipv46":<String_value>,
      "value":<String_value>,
      "port":<Integer_value>,
      "range":<Double_value>,
      "servicetype":<String_value>,
      "type":<String_value>,
      "curstate":<String_value>,
      "status":<Integer_value>,
      "cachetype":<String_value>,
      "redirect":<String_value>,
      "precedence":<String_value>,
      "redirecturl":<String_value>,
      "authentication":<String_value>,
      "curaaausers":<Double_value>,
      "authenticationdomain":<String_value>,
      "rule":<String_value>,
      "policyname":<String_value>,
      "policy":<String_value>,
      "servicename":<String_value>,
      "weight":<Double_value>,
      "cachevserver":<String_value>,
      "backupvserver":<String_value>,
      "clttimeout":<Double_value>,
      "somethod":<String_value>,
      "sothreshold":<Double_value>,
      "sopersistence":<String_value>,
      "sopersistencetimeout":<Double_value>,
      "priority":<Double_value>,
      "downstateflush":<String_value>,
      "disableprimaryondown":<String_value>,
      "listenpolicy":<String_value>,
      "listenpriority":<Double_value>,
      "tcpprofilename":<String_value>,
      "httpprofilename":<String_value>,
      "comment":<String_value>,
      "appflowlog":<String_value>,
      "vstype":<Double_value>,
      "ngname":<String_value>,
      "maxloginattempts":<Double_value>,
      "failedlogintimeout":<Double_value>,
      "secondary":<Boolean_value>,
      "groupextraction":<Boolean_value>
}]}

count

URL: http://<netscaler-ip-address>/nitro/v1/config/authenticationvserver?count=yes

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Accept:application/json

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Headers:

Content-Type:application/json

Response Payload:

{ "authenticationvserver": [ { "__count": "#no"} ] }