Product Documentation

authentication certAction

Sep 12, 2016

The following operations can be performed on "authentication certAction":

add | rm | set | unset | show

add authentication certAction

Adds an action (profile) for a client certificate (cert) authentication server. The profile contains all configuration data necessary to communicate with that client cert authentication server.

Synopsys

add authentication certAction <name> [-twoFactor ( ON | OFF )] [-userNameField <string>] [-groupNameField <string>] [-defaultAuthenticationGroup <string>]

Arguments

name

Name for the client cert authentication server profile (action).

Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after certifcate action is created.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication action" or 'my authentication action').

twoFactor

Enables or disables two-factor authentication.

Two factor authentication is client cert authentication followed by password authentication.

Possible values: ON, OFF

Default value: OFF

userNameField

Client-cert field from which the username is extracted. Must be set to either ""Subject"" and ""Issuer"" (include both sets of double quotation marks).

Format: <field>:<subfield>.

groupNameField

Client-cert field from which the group is extracted. Must be set to either ""Subject"" and ""Issuer"" (include both sets of double quotation marks).

Format: <field>:<subfield>

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Example

add authentication certaction -twoFactor ON -userNameField "Subject:CN" -groupNameField "Subject:OU"

rm authentication certAction

Removes an existing client cert authentication server profile (action).

Synopsys

rm authentication certAction <name>

Arguments

name

Name of the profile to be removed.

set authentication certAction

Configures a client cert authentication server profile (action).

Synopsys

set authentication certAction <name> [-twoFactor ( ON | OFF )] [-userNameField <string>] [-groupNameField <string>] [-defaultAuthenticationGroup <string>]

Arguments

name

Name of the client cert server profile.

twoFactor

Enables or disables two-factor authentication.

Two factor authentication is client cert authentication followed by password authentication.

Possible values: ON, OFF

Default value: OFF

userNameField

Client-cert field from which the username is extracted. Must be set to either ""Subject"" and ""Issuer"" (include both sets of double quotation marks).

Format: <field>:<subfield>.

groupNameField

Client-cert field from which the group is extracted. Must be set to either ""Subject"" and ""Issuer"" (include both sets of double quotation marks).

Format: <field>:<subfield>

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Example

set authentication certaction -twoFactor ON -userNameField "Subject:CN" -groupNameField "Subject:OU"

unset authentication certAction

Use this command to remove authentication certAction settings.Refer to the set authentication certAction command for meanings of the arguments.

Synopsys

unset authentication certAction <name> [-twoFactor] [-userNameField] [-groupNameField] [-defaultAuthenticationGroup]

show authentication certAction

Displays the current configuration settings for the specified client cert authentication server profile (action).

Synopsys

show authentication certAction [<name>]

Arguments

name

Name of the client cert server profile (action).

Outputs

twoFactor

The state of two factor authentication.

userNameField

The field in the certificate from which the username will be extracted.

groupNameField

The field in the certificate from which the group will be extracted.

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

stateflag

devno

count