Avi AuthProfile Object API

##CLI## ``` - configure authprofile - show authprofile ```
More information: https://avinetworks.com/contact-us
Contact Info: support@avinetworks.com
Version: 17.2.4
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html

Access

  1. HTTP Basic Authentication

Methods

[ Jump to Models ]

Table of Contents

  1. get /authprofile
  2. post /authprofile
  3. delete /authprofile/{uuid}
  4. get /authprofile/{uuid}
  5. patch /authprofile/{uuid}
  6. put /authprofile/{uuid}
Up
get /authprofile
( authprofileGet)

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

AuthProfileApiResponse

Example data

Content-Type: application/json
{
  "count" : 123,
  "results" : [ {
    "ldap" : {
      "server" : [ "aeiou" ],
      "settings" : {
        "admin_bind_dn" : "aeiou",
        "group_member_is_full_dn" : true,
        "password" : "aeiou",
        "group_filter" : "aeiou",
        "user_id_attribute" : "aeiou",
        "user_search_dn" : "aeiou",
        "group_search_dn" : "aeiou",
        "ignore_referrals" : true,
        "user_attributes" : [ "aeiou" ],
        "group_member_attribute" : "aeiou",
        "group_search_scope" : "aeiou",
        "user_search_scope" : "aeiou"
      },
      "base_dn" : "aeiou",
      "port" : 123,
      "user_bind" : {
        "user_id_attribute" : "aeiou",
        "user_attributes" : [ "aeiou" ],
        "dn_template" : "aeiou",
        "token" : "aeiou"
      },
      "security_mode" : "aeiou",
      "bind_as_administrator" : true,
      "email_attribute" : "aeiou",
      "full_name_attribute" : "aeiou"
    },
    "tenant_ref" : "aeiou",
    "name" : "aeiou",
    "saml" : {
      "idp" : {
        "metadata" : "aeiou"
      },
      "sp" : {
        "org_url" : "aeiou",
        "sp_nodes" : [ {
          "signing_key" : "aeiou",
          "name" : "aeiou",
          "signing_cert" : "aeiou",
          "entity_id" : "aeiou",
          "single_signon_url" : "aeiou"
        } ],
        "tech_contact_name" : "aeiou",
        "fqdn" : "aeiou",
        "saml_entity_type" : "aeiou",
        "org_display_name" : "aeiou",
        "org_name" : "aeiou",
        "tech_contact_email" : "aeiou"
      }
    },
    "description" : "aeiou",
    "http" : {
      "cache_expiration_time" : 123,
      "group_member_is_full_dn" : true,
      "request_header" : "aeiou",
      "require_user_groups" : [ "aeiou" ]
    },
    "type" : "aeiou",
    "tacacs_plus" : {
      "authorization_attrs" : [ {
        "name" : "aeiou",
        "mandatory" : true,
        "value" : "aeiou"
      } ],
      "server" : [ "aeiou" ],
      "password" : "aeiou",
      "port" : 123,
      "service" : "aeiou"
    },
    "uuid" : "aeiou",
    "url" : "aeiou"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK AuthProfileApiResponse

401

log in failed

Up
post /authprofile
( authprofilePost)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — AuthProfile object creation

Return type

AuthProfile

Example data

Content-Type: application/json
{
  "ldap" : {
    "server" : [ "aeiou" ],
    "settings" : {
      "admin_bind_dn" : "aeiou",
      "group_member_is_full_dn" : true,
      "password" : "aeiou",
      "group_filter" : "aeiou",
      "user_id_attribute" : "aeiou",
      "user_search_dn" : "aeiou",
      "group_search_dn" : "aeiou",
      "ignore_referrals" : true,
      "user_attributes" : [ "aeiou" ],
      "group_member_attribute" : "aeiou",
      "group_search_scope" : "aeiou",
      "user_search_scope" : "aeiou"
    },
    "base_dn" : "aeiou",
    "port" : 123,
    "user_bind" : {
      "user_id_attribute" : "aeiou",
      "user_attributes" : [ "aeiou" ],
      "dn_template" : "aeiou",
      "token" : "aeiou"
    },
    "security_mode" : "aeiou",
    "bind_as_administrator" : true,
    "email_attribute" : "aeiou",
    "full_name_attribute" : "aeiou"
  },
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "saml" : {
    "idp" : {
      "metadata" : "aeiou"
    },
    "sp" : {
      "org_url" : "aeiou",
      "sp_nodes" : [ {
        "signing_key" : "aeiou",
        "name" : "aeiou",
        "signing_cert" : "aeiou",
        "entity_id" : "aeiou",
        "single_signon_url" : "aeiou"
      } ],
      "tech_contact_name" : "aeiou",
      "fqdn" : "aeiou",
      "saml_entity_type" : "aeiou",
      "org_display_name" : "aeiou",
      "org_name" : "aeiou",
      "tech_contact_email" : "aeiou"
    }
  },
  "description" : "aeiou",
  "http" : {
    "cache_expiration_time" : 123,
    "group_member_is_full_dn" : true,
    "request_header" : "aeiou",
    "require_user_groups" : [ "aeiou" ]
  },
  "type" : "aeiou",
  "tacacs_plus" : {
    "authorization_attrs" : [ {
      "name" : "aeiou",
      "mandatory" : true,
      "value" : "aeiou"
    } ],
    "server" : [ "aeiou" ],
    "password" : "aeiou",
    "port" : 123,
    "service" : "aeiou"
  },
  "uuid" : "aeiou",
  "url" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK AuthProfile

401

log in failed

Up
delete /authprofile/{uuid}
( authprofileUuidDelete)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name

Return type

String

Example data

Content-Type: application/json
"aeiou"

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

204

object deleted String

404

not found

Up
get /authprofile/{uuid}
( authprofileUuidGet)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

AuthProfile

Example data

Content-Type: application/json
{
  "ldap" : {
    "server" : [ "aeiou" ],
    "settings" : {
      "admin_bind_dn" : "aeiou",
      "group_member_is_full_dn" : true,
      "password" : "aeiou",
      "group_filter" : "aeiou",
      "user_id_attribute" : "aeiou",
      "user_search_dn" : "aeiou",
      "group_search_dn" : "aeiou",
      "ignore_referrals" : true,
      "user_attributes" : [ "aeiou" ],
      "group_member_attribute" : "aeiou",
      "group_search_scope" : "aeiou",
      "user_search_scope" : "aeiou"
    },
    "base_dn" : "aeiou",
    "port" : 123,
    "user_bind" : {
      "user_id_attribute" : "aeiou",
      "user_attributes" : [ "aeiou" ],
      "dn_template" : "aeiou",
      "token" : "aeiou"
    },
    "security_mode" : "aeiou",
    "bind_as_administrator" : true,
    "email_attribute" : "aeiou",
    "full_name_attribute" : "aeiou"
  },
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "saml" : {
    "idp" : {
      "metadata" : "aeiou"
    },
    "sp" : {
      "org_url" : "aeiou",
      "sp_nodes" : [ {
        "signing_key" : "aeiou",
        "name" : "aeiou",
        "signing_cert" : "aeiou",
        "entity_id" : "aeiou",
        "single_signon_url" : "aeiou"
      } ],
      "tech_contact_name" : "aeiou",
      "fqdn" : "aeiou",
      "saml_entity_type" : "aeiou",
      "org_display_name" : "aeiou",
      "org_name" : "aeiou",
      "tech_contact_email" : "aeiou"
    }
  },
  "description" : "aeiou",
  "http" : {
    "cache_expiration_time" : 123,
    "group_member_is_full_dn" : true,
    "request_header" : "aeiou",
    "require_user_groups" : [ "aeiou" ]
  },
  "type" : "aeiou",
  "tacacs_plus" : {
    "authorization_attrs" : [ {
      "name" : "aeiou",
      "mandatory" : true,
      "value" : "aeiou"
    } ],
    "server" : [ "aeiou" ],
    "password" : "aeiou",
    "port" : 123,
    "service" : "aeiou"
  },
  "uuid" : "aeiou",
  "url" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK AuthProfile

401

log in failed

Up
patch /authprofile/{uuid}
( authprofileUuidPatch)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — AuthProfile object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

AuthProfile

Example data

Content-Type: application/json
{
  "ldap" : {
    "server" : [ "aeiou" ],
    "settings" : {
      "admin_bind_dn" : "aeiou",
      "group_member_is_full_dn" : true,
      "password" : "aeiou",
      "group_filter" : "aeiou",
      "user_id_attribute" : "aeiou",
      "user_search_dn" : "aeiou",
      "group_search_dn" : "aeiou",
      "ignore_referrals" : true,
      "user_attributes" : [ "aeiou" ],
      "group_member_attribute" : "aeiou",
      "group_search_scope" : "aeiou",
      "user_search_scope" : "aeiou"
    },
    "base_dn" : "aeiou",
    "port" : 123,
    "user_bind" : {
      "user_id_attribute" : "aeiou",
      "user_attributes" : [ "aeiou" ],
      "dn_template" : "aeiou",
      "token" : "aeiou"
    },
    "security_mode" : "aeiou",
    "bind_as_administrator" : true,
    "email_attribute" : "aeiou",
    "full_name_attribute" : "aeiou"
  },
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "saml" : {
    "idp" : {
      "metadata" : "aeiou"
    },
    "sp" : {
      "org_url" : "aeiou",
      "sp_nodes" : [ {
        "signing_key" : "aeiou",
        "name" : "aeiou",
        "signing_cert" : "aeiou",
        "entity_id" : "aeiou",
        "single_signon_url" : "aeiou"
      } ],
      "tech_contact_name" : "aeiou",
      "fqdn" : "aeiou",
      "saml_entity_type" : "aeiou",
      "org_display_name" : "aeiou",
      "org_name" : "aeiou",
      "tech_contact_email" : "aeiou"
    }
  },
  "description" : "aeiou",
  "http" : {
    "cache_expiration_time" : 123,
    "group_member_is_full_dn" : true,
    "request_header" : "aeiou",
    "require_user_groups" : [ "aeiou" ]
  },
  "type" : "aeiou",
  "tacacs_plus" : {
    "authorization_attrs" : [ {
      "name" : "aeiou",
      "mandatory" : true,
      "value" : "aeiou"
    } ],
    "server" : [ "aeiou" ],
    "password" : "aeiou",
    "port" : 123,
    "service" : "aeiou"
  },
  "uuid" : "aeiou",
  "url" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK AuthProfile

401

log in failed

Up
put /authprofile/{uuid}
( authprofileUuidPut)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — AuthProfile object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

AuthProfile

Example data

Content-Type: application/json
{
  "ldap" : {
    "server" : [ "aeiou" ],
    "settings" : {
      "admin_bind_dn" : "aeiou",
      "group_member_is_full_dn" : true,
      "password" : "aeiou",
      "group_filter" : "aeiou",
      "user_id_attribute" : "aeiou",
      "user_search_dn" : "aeiou",
      "group_search_dn" : "aeiou",
      "ignore_referrals" : true,
      "user_attributes" : [ "aeiou" ],
      "group_member_attribute" : "aeiou",
      "group_search_scope" : "aeiou",
      "user_search_scope" : "aeiou"
    },
    "base_dn" : "aeiou",
    "port" : 123,
    "user_bind" : {
      "user_id_attribute" : "aeiou",
      "user_attributes" : [ "aeiou" ],
      "dn_template" : "aeiou",
      "token" : "aeiou"
    },
    "security_mode" : "aeiou",
    "bind_as_administrator" : true,
    "email_attribute" : "aeiou",
    "full_name_attribute" : "aeiou"
  },
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "saml" : {
    "idp" : {
      "metadata" : "aeiou"
    },
    "sp" : {
      "org_url" : "aeiou",
      "sp_nodes" : [ {
        "signing_key" : "aeiou",
        "name" : "aeiou",
        "signing_cert" : "aeiou",
        "entity_id" : "aeiou",
        "single_signon_url" : "aeiou"
      } ],
      "tech_contact_name" : "aeiou",
      "fqdn" : "aeiou",
      "saml_entity_type" : "aeiou",
      "org_display_name" : "aeiou",
      "org_name" : "aeiou",
      "tech_contact_email" : "aeiou"
    }
  },
  "description" : "aeiou",
  "http" : {
    "cache_expiration_time" : 123,
    "group_member_is_full_dn" : true,
    "request_header" : "aeiou",
    "require_user_groups" : [ "aeiou" ]
  },
  "type" : "aeiou",
  "tacacs_plus" : {
    "authorization_attrs" : [ {
      "name" : "aeiou",
      "mandatory" : true,
      "value" : "aeiou"
    } ],
    "server" : [ "aeiou" ],
    "password" : "aeiou",
    "port" : 123,
    "service" : "aeiou"
  },
  "uuid" : "aeiou",
  "url" : "aeiou"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK AuthProfile

401

log in failed

Up

Models

[ Jump to Methods ]

Table of Contents

  1. AuthProfile
  2. AuthProfileApiResponse
  3. AuthProfileHTTPClientParams
  4. AuthTacacsPlusAttributeValuePair
  5. LdapAuthSettings
  6. LdapDirectorySettings
  7. LdapUserBindSettings
  8. SamlIdentityProviderSettings
  9. SamlServiceProviderNode
  10. SamlServiceProviderSettings
  11. SamlSettings
  12. TacacsPlusAuthSettings

AuthProfile Up

description (optional)
String User defined description for the object.
http (optional)
AuthProfileHTTPClientParams HTTP user authentication params.
ldap (optional)
LdapAuthSettings LDAP server and directory settings.
name
String Name of the Auth Profile.
saml (optional)
SamlSettings SAML settings. Field introduced in 17.2.3.
tacacs_plus (optional)
TacacsPlusAuthSettings TACACS+ settings.
tenant_ref (optional)
String It is a reference to an object of type Tenant.
type
String Type of the Auth Profile. Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML.
url (optional)
String url
uuid (optional)
String UUID of the Auth Profile.

AuthProfileApiResponse Up

count
Integer format: int32
results

AuthProfileHTTPClientParams Up

cache_expiration_time (optional)
Integer The max allowed length of time a clients authentication is cached. Allowed values are 1-30. format: int32
group_member_is_full_dn (optional)
Boolean Group member entries contain full DNs instead of just user id attribute values.
request_header (optional)
String Insert an HTTP header. This field is used to define the header name. The value of the header is set to the client's HTTP Auth user ID.
require_user_groups (optional)
array[String] A user should be a member of these groups. Each group is defined by the DN. For example, CN=testgroup,OU=groups,dc=example,dc=avinetworks,DC=com.

AuthTacacsPlusAttributeValuePair Up

mandatory (optional)
Boolean mandatory.
name (optional)
String attribute name.
value (optional)
String attribute value.

LdapAuthSettings Up

base_dn (optional)
String The LDAP base DN. For example, avinetworks,com would be DC=avinetworks,DC=com.
bind_as_administrator (optional)
Boolean LDAP administrator credentials are used to search for users and group memberships.
email_attribute (optional)
String LDAP attribute that refers to user email.
full_name_attribute (optional)
String LDAP attribute that refers to user's full name.
port (optional)
Integer Query the LDAP servers on this port. format: int32
security_mode (optional)
String LDAP connection security mode. Enum options - AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS.
server (optional)
array[String] LDAP server IP address.
settings (optional)
LdapDirectorySettings LDAP full directory configuration with administrator credentials.
user_bind (optional)
LdapUserBindSettings LDAP anonymous bind configuration.

LdapDirectorySettings Up

admin_bind_dn (optional)
String LDAP Admin User DN. Administrator credentials are required to search for users under user search DN or groups under group search DN.
group_filter (optional)
String Group filter is used to identify groups during search.
group_member_attribute (optional)
String LDAP group attribute that identifies each of the group members.
group_member_is_full_dn (optional)
Boolean Group member entries contain full DNs instead of just user id attribute values.
group_search_dn (optional)
String LDAP group search DN is the root of search for a given group in the LDAP directory. Only matching groups present in this LDAP directory sub-tree will be checked for user membership.
group_search_scope (optional)
String LDAP group search scope defines how deep to search for the group starting from the group search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE.
ignore_referrals (optional)
Boolean During user or group search, ignore searching referrals.
password (optional)
String LDAP Admin User Password.
user_attributes (optional)
array[String] LDAP user attributes to fetch on a successful user bind.
user_id_attribute (optional)
String LDAP user id attribute is the login attribute that uniquely identifies a single user record.
user_search_dn (optional)
String LDAP user search DN is the root of search for a given user in the LDAP directory. Only user records present in this LDAP directory sub-tree will be validated.
user_search_scope (optional)
String LDAP user search scope defines how deep to search for the user starting from user search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE.

LdapUserBindSettings Up

dn_template (optional)
String LDAP user DN pattern is used to bind LDAP user after replacing the user token with real username.
token (optional)
String LDAP token is replaced with real user name in the user DN pattern.
user_attributes (optional)
array[String] LDAP user attributes to fetch on a successful user bind.
user_id_attribute (optional)
String LDAP user id attribute is the login attribute that uniquely identifies a single user record.

SamlIdentityProviderSettings Up

metadata (optional)
String SAML IDP metadata. Field introduced in 17.2.3.

SamlServiceProviderNode Up

entity_id (optional)
String Globally unique entityID for this node. Entity ID on the IDP should match this. Field introduced in 17.2.3.
name
String Refers to the Cluster name identifier (Virtual IP or FQDN). Field introduced in 17.2.3.
signing_cert (optional)
String Service Provider signing certificate for metadata. Field introduced in 17.2.3.
signing_key (optional)
String Service Provider signing key for metadata. Field introduced in 17.2.3.
single_signon_url (optional)
String Single Signon URL to be programmed on the IDP. Field introduced in 17.2.3.

SamlServiceProviderSettings Up

fqdn (optional)
String FQDN if entity type is DNS_FQDN . Field introduced in 17.2.3.
org_display_name (optional)
String Service Provider Organization Display Name. Field introduced in 17.2.3.
org_name (optional)
String Service Provider Organization Name. Field introduced in 17.2.3.
org_url (optional)
String Service Provider Organization URL. Field introduced in 17.2.3.
saml_entity_type (optional)
String Type of SAML endpoint. Enum options - AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN. Field introduced in 17.2.3.
sp_nodes (optional)
array[SamlServiceProviderNode] Service Provider node information. Field introduced in 17.2.3.
tech_contact_email (optional)
String Service Provider technical contact email. Field introduced in 17.2.3.
tech_contact_name (optional)
String Service Provider technical contact name. Field introduced in 17.2.3.

SamlSettings Up

idp (optional)
SamlIdentityProviderSettings Configure remote Identity provider settings. Field introduced in 17.2.3.
sp
SamlServiceProviderSettings Configure service provider settings for the Controller. Field introduced in 17.2.3.

TacacsPlusAuthSettings Up

authorization_attrs (optional)
array[AuthTacacsPlusAttributeValuePair] TACACS+ authorization attribute value pairs.
password (optional)
String TACACS+ server shared secret.
port (optional)
Integer TACACS+ server listening port. format: int32
server (optional)
array[String] TACACS+ server IP address.
service (optional)
String TACACS+ service. Enum options - AUTH_TACACS_PLUS_SERVICE_NONE, AUTH_TACACS_PLUS_SERVICE_LOGIN, AUTH_TACACS_PLUS_SERVICE_ENABLE, AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP, AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD, AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI, AUTH_TACACS_PLUS_SERVICE_FWPROXY.