Product Documentation

authentication policylabel

Sep 12, 2016

The following operations can be performed on "authentication policylabel":

add authentication policylabel

Creates a user-defined authentication policy label.

Synopsys

add authentication policylabel <labelName> [-comment <string>] [-loginSchema <string>]

Arguments

labelName

Name for the new authentication policy label.

Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication policy label" or 'authentication policy label').

comment

Any comments to preserve information about this authentication policy label.

loginSchema

Login schema associated with authentication policy label. Login schema defines the UI rendering by providing customization option of the fields. If user intervention is not needed for a given factor such as group extraction, a loginSchema whose authentication schema is "noschema" should be used.

Example

add authentication policylabel trans_http_url

rm authentication policylabel

Removes an authorization policy label.

Synopsys

rm authentication policylabel <labelName>

Arguments

labelName

Name of the authorization policy label to remove.

Example

rm authorization policylabel trans_http_url

bind authentication policylabel

Binds an authentication policy to <authentication policy label>.

Synopsys

bind authentication policylabel <labelName> -policyName <string> -priority <positive_integer> [-gotoPriorityExpression <expression>] [-nextFactor <string>]

Arguments

labelName

Name of the authentication policy label to which to bind the policy.

policyName

Name of the authentication policy to bind to the policy label.

priority

Positive integer specifying the priority of the policy. The lower the number, the higher the priority. Policies within a label are evaluated in the order of their priority numbers.

Minimum value: 1

Maximum value: 2147483647

gotoPriorityExpression

Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE. Specify one of the following values:

* NEXT ? Evaluate the policy with the next higher priority number.

* END ? End policy evaluation.

* USE_INVOCATION_RESULT ? Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT.

* A default syntax or classic expression that evaluates to a number.

If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows:

* If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next.

* If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next.

* If the expression evaluates to a number that is larger than the largest numbered priority, policy evaluation ends.

An UNDEF event is triggered if:

* The expression is invalid.

* The expression evaluates to a priority number that is smaller than the current policy's priority number.

* The expression evaluates to a priority number that is between the current policy's priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.

nextFactor

On success invoke label.

Example

 i) bind authentication policylabel authn_label_1 -policyName authn_pol_1 -priority 1  ii) bind authentication policylabel authn_label_2 -policyName authn_pol_2 -priority 2 -nextFactor authn_label_1 -gotoPriorityExpression next

unbind authentication policylabel

Unbinds the specified policy from the specified authorization policy label.

Synopsys

unbind authentication policylabel <labelName> -policyName <string> [-priority <positive_integer>]

Arguments

labelName

Name for the new authentication policy label.

Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication policy label" or 'authentication policy label').

policyName

Name of the authentication policy to bind to the policy label.

priority

Priority of the NOPOLICY to be unbound.

Minimum value: 1

Maximum value: 2147483647

Example

unbind authorization policylabel trans_http_url pol_1

rename authentication policylabel

Rename a authn policy label.

Synopsys

rename authentication policylabel <labelName>@ <newName>@

Arguments

labelName

The name of the auth policy label

newName

The new name of the auth policy label

Example

rename authn policy label oldname newname

show authentication policylabel

Displays the current settings for the specified authentication policy label. If no policy name is provided, displays a list of all authentication policy labels currently configured on the NetScaler appliance.

Synopsys

show authentication policylabel [<labelName>]

Arguments

labelName

Name of the authorization policy label.

Outputs

stateflag

numpol

Number of polices bound to label.

hits

Number of times policy label was invoked.

policyName

Name of the authentication policy to bind to the policy label.

priority

Specifies the priority of the policy.

gotoPriorityExpression

Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

flowType

Flowtype of the bound authentication policy.

description

Description of the policylabel

flags

nextFactor

On success invoke label.

comment

Any comments to preserve information about this authentication policy label.

loginSchema

Login schema associated with authentication policy label. Login schema defines the UI rendering by providing customization option of the fields. If user intervention is not needed for a given factor such as group extraction, a loginSchema whose authentication schema is "noschema" should be used.

devno

count

Example

 i) show authentication policylabel trans_http_url  ii) show authentication policylabel

stat authentication policylabel

Displays statistics for the specified authentication policy label. If no authentication policy label is specified, displays a list of all authentication policy labels.

Synopsys

stat authentication policylabel [<labelName>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]

Arguments

labelName

Name of the authentication policy label.

detail

Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues

Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes

The number of times, in intervals of seven seconds, the statistics should be displayed.

Default value: 1

Minimum value: 0

logFile

The name of the log file to be used as input.

clearstats

Clear the statsistics / counters

Possible values: basic, full

Outputs

count

devno

stateflag

Outputs

Policy Label Hits (Hits)

Number of times policy label was invoked.