Product Documentation

authentication loginSchemaPolicy

Sep 12, 2016

The following operations can be performed on "authentication loginSchemaPolicy":

add | rm | set | unset | show | stat | rename

add authentication loginSchemaPolicy

Adds a LoginSchema policy for use in login parameter selection.

Synopsys

add authentication loginSchemaPolicy <name> -rule <expression> -action <string> [-undefAction <string>] [-comment <string>] [-logAction <string>]

Arguments

name

Name for the LoginSchema policy. This is used for selecting parameters for user logon. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the policy is created.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my policy" or 'my policy').

rule

Expression which is evaluated to choose a profile for authentication.

Maximum length of a string literal in the expression is 255 characters. A longer string can be split into smaller strings of up to 255 characters each, and the smaller strings concatenated with the + operator. For example, you can create a 500-character string as follows: '"<string of 255 characters>" + "<string of 245 characters>"'

The following requirements apply only to the NetScaler CLI:

* If the expression includes one or more spaces, enclose the entire expression in double quotation marks.

* If the expression itself includes double quotation marks, escape the quotations by using the \\ character.

* Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.

action

Name of the profile to apply to requests or connections that match this policy.

* NOOP - Do not take any specific action when this policy evaluates to true. This is useful to implicitly go to a different policy set.

* RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.

* DROP - Drop the request without sending a response to the user.

undefAction

Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.

comment

Any comments to preserve information about this policy.

logAction

Name of messagelog action to use when a request matches this policy.

rm authentication loginSchemaPolicy

Removes an existing LoginSchema policy.

Synopsys

rm authentication loginSchemaPolicy <name>

Arguments

name

Name of the policy to remove.

set authentication loginSchemaPolicy

Modifies the specified parameters of an existing policy.

Synopsys

set authentication loginSchemaPolicy <name> [-rule <expression>] [-action <string>] [-undefAction <string>] [-comment <string>] [-logAction <string>]

Arguments

name

Name of the policy to modify.

rule

Expression which is evaluated to choose a profile for authentication.

Maximum length of a string literal in the expression is 255 characters. A longer string can be split into smaller strings of up to 255 characters each, and the smaller strings concatenated with the + operator. For example, you can create a 500-character string as follows: '"<string of 255 characters>" + "<string of 245 characters>"'

The following requirements apply only to the NetScaler CLI:

* If the expression includes one or more spaces, enclose the entire expression in double quotation marks.

* If the expression itself includes double quotation marks, escape the quotations by using the \\ character.

* Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.

action

Name of the profile to apply to requests or connections that match this policy.

* NOOP - Do not take any specific action when this policy evaluates to true. This is useful to implicitly go to a different policy set.

* RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.

* DROP - Drop the request without sending a response to the user.

undefAction

Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.

comment

Any comments to preserve information about this policy.

logAction

Name of messagelog action to use when a request matches this policy.

unset authentication loginSchemaPolicy

Removes the settings of an existing policy. Attributes for which a default value is available revert to their default values. See the set LoginSchemaPolicy command for a description of the parameters..Refer to the set authentication loginSchemaPolicy command for meanings of the arguments.

Synopsys

unset authentication loginSchemaPolicy <name> [-undefAction] [-comment] [-logAction]

Example

unset LoginSchemaPolicy pol9 -undefAction

show authentication loginSchemaPolicy

Displays information about all configured LoginSchema policies, or displays detailed information about the specified policy.

Synopsys

show authentication loginSchemaPolicy [<name>]

Arguments

name

Name of the LoginSchema policy for which to display detailed information.

Outputs

rule

The rule used by the LoginSchema authentication policy. Rules are combinations of Expressions. Expressions are simple conditions, such as a test for equality, applied to operands, such as a URL string or an IP address. Expression syntax is described in the Installation and Configuration Guide

action

The action to be performed when the rule is matched.

stateflag

undefAction

Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.

comment

Any comments to preserve information about this policy.

logAction

Name of messagelog action to use when a request matches this policy.

boundTo

The entity name to which policy is bound

activePolicy

priority

gotoPriorityExpression

Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

hits

Number of hits.

bindPolicyType

vserverType

undefHits

Number of Undef hits.

labelType

Type of policy label invocation.

labelName

Name of the label to invoke if the current policy rule evaluates to TRUE.

builtin

Flag to determine if policy is built-in or not

devno

count

stat authentication loginSchemaPolicy

Display LoginSchema policy statistics.

Synopsys

stat authentication loginSchemaPolicy [<name>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]

Arguments

name

The name of the LoginSchema policy for which statistics will be displayed. If not given statistics are shown for all policies.

detail

Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues

Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes

The number of times, in intervals of seven seconds, the statistics should be displayed.

Default value: 1

Minimum value: 0

logFile

The name of the log file to be used as input.

clearstats

Clear the statsistics / counters

Possible values: basic, full

Outputs

count

devno

stateflag

Outputs

Policy hits (Hits)

Number of hits on the policy

Policy undef hits (Undefhits)

Number of undef hits on the policy

Example

stat authentication loginschemapolicy.

rename authentication loginSchemaPolicy

Renames the specified LoginSchema policy.

Synopsys

rename authentication loginSchemaPolicy <name>@ <newName>@

Arguments

name

Existing name of the LoginSchema policy.

newName

New name for the LoginSchema policy.

Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my loginschemapolicy policy" or 'my loginschemapolicy policy').

Example

rename loginschemapolicy oldname newname