Avi SSOPolicy Object API

CLI ``` - configure ssopolicy - show ssopolicy ```
More information: https://avinetworks.com/contact-us
Contact Info: support@avinetworks.com
Version: 21.1.6
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html

Access

  1. HTTP Basic Authentication

Methods

[ Jump to Models ]

Table of Contents

  1. get /ssopolicy
  2. post /ssopolicy
  3. delete /ssopolicy/{uuid}
  4. get /ssopolicy/{uuid}
  5. patch /ssopolicy/{uuid}
  6. put /ssopolicy/{uuid}
Up
get /ssopolicy
(ssopolicyGet)

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

SSOPolicyApiResponse

Example data

Content-Type: application/json
{
  "next" : "aeiou",
  "count" : 123,
  "results" : [ {
    "tenant_ref" : "aeiou",
    "name" : "aeiou",
    "authentication_policy" : {
      "sp_metadata" : "aeiou",
      "authn_rules" : [ {
        "enable" : true,
        "match" : {
          "path" : {
            "match_criteria" : "aeiou",
            "string_group_refs" : [ "aeiou" ],
            "match_str" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "host_hdr" : {
            "match_criteria" : "aeiou",
            "value" : [ "aeiou" ],
            "match_case" : "aeiou"
          },
          "client_ip" : {
            "group_refs" : [ "aeiou" ],
            "match_criteria" : "aeiou",
            "prefixes" : [ {
              "ip_addr" : "",
              "mask" : 123
            } ],
            "ranges" : [ {
              "end" : "",
              "begin" : ""
            } ],
            "addrs" : [ {
              "addr" : "aeiou",
              "type" : "aeiou"
            } ]
          }
        },
        "name" : "aeiou",
        "action" : {
          "type" : "aeiou"
        },
        "index" : 123
      } ],
      "default_auth_profile_ref" : "aeiou",
      "cookie_timeout" : 123,
      "auth_profile_ref" : "aeiou",
      "entity_id" : "aeiou",
      "key" : [ {
        "hmac_key" : "aeiou",
        "aes_key" : "aeiou",
        "name" : "aeiou"
      } ],
      "cookie_name" : "aeiou",
      "single_signon_url" : "aeiou"
    },
    "configpb_attributes" : {
      "version" : 123
    },
    "markers" : [ {
      "values" : [ "aeiou" ],
      "key" : "aeiou"
    } ],
    "type" : "aeiou",
    "authorization_policy" : {
      "authz_rules" : [ {
        "enable" : true,
        "match" : {
          "access_token" : {
            "token_name" : "aeiou",
            "matches" : [ {
              "string_match" : {
                "match_criteria" : "aeiou",
                "string_group_refs" : [ "aeiou" ],
                "match_str" : [ "aeiou" ]
              },
              "bool_match" : true,
              "name" : "aeiou",
              "int_match" : 123,
              "is_mandatory" : true,
              "type" : "aeiou",
              "validate" : true
            } ]
          },
          "path" : "",
          "method" : {
            "match_criteria" : "aeiou",
            "methods" : [ "aeiou" ]
          },
          "host_hdr" : "",
          "attr_matches" : [ {
            "attribute_name" : "aeiou",
            "attribute_value_list" : ""
          } ]
        },
        "name" : "aeiou",
        "action" : {
          "status_code" : "aeiou",
          "type" : "aeiou"
        },
        "index" : 123
      } ]
    },
    "uuid" : "aeiou",
    "url" : "aeiou",
    "_last_modified" : "aeiou",
    "labels" : [ {
      "value" : "aeiou",
      "key" : "aeiou"
    } ]
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK SSOPolicyApiResponse

401

log in failed

Up
post /ssopolicy
(ssopolicyPost)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — SSOPolicy object creation

Return type

SSOPolicy

Example data

Content-Type: application/json
{
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "authentication_policy" : {
    "sp_metadata" : "aeiou",
    "authn_rules" : [ {
      "enable" : true,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ {
            "ip_addr" : "",
            "mask" : 123
          } ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ {
            "addr" : "aeiou",
            "type" : "aeiou"
          } ]
        }
      },
      "name" : "aeiou",
      "action" : {
        "type" : "aeiou"
      },
      "index" : 123
    } ],
    "default_auth_profile_ref" : "aeiou",
    "cookie_timeout" : 123,
    "auth_profile_ref" : "aeiou",
    "entity_id" : "aeiou",
    "key" : [ {
      "hmac_key" : "aeiou",
      "aes_key" : "aeiou",
      "name" : "aeiou"
    } ],
    "cookie_name" : "aeiou",
    "single_signon_url" : "aeiou"
  },
  "configpb_attributes" : {
    "version" : 123
  },
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "type" : "aeiou",
  "authorization_policy" : {
    "authz_rules" : [ {
      "enable" : true,
      "match" : {
        "access_token" : {
          "token_name" : "aeiou",
          "matches" : [ {
            "string_match" : {
              "match_criteria" : "aeiou",
              "string_group_refs" : [ "aeiou" ],
              "match_str" : [ "aeiou" ]
            },
            "bool_match" : true,
            "name" : "aeiou",
            "int_match" : 123,
            "is_mandatory" : true,
            "type" : "aeiou",
            "validate" : true
          } ]
        },
        "path" : "",
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : "",
        "attr_matches" : [ {
          "attribute_name" : "aeiou",
          "attribute_value_list" : ""
        } ]
      },
      "name" : "aeiou",
      "action" : {
        "status_code" : "aeiou",
        "type" : "aeiou"
      },
      "index" : 123
    } ]
  },
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK SSOPolicy

401

log in failed

Up
delete /ssopolicy/{uuid}
(ssopolicyUuidDelete)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name

Return type

String

Example data

Content-Type: application/json
"aeiou"

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

204

object deleted String

404

not found

Up
get /ssopolicy/{uuid}
(ssopolicyUuidGet)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

SSOPolicy

Example data

Content-Type: application/json
{
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "authentication_policy" : {
    "sp_metadata" : "aeiou",
    "authn_rules" : [ {
      "enable" : true,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ {
            "ip_addr" : "",
            "mask" : 123
          } ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ {
            "addr" : "aeiou",
            "type" : "aeiou"
          } ]
        }
      },
      "name" : "aeiou",
      "action" : {
        "type" : "aeiou"
      },
      "index" : 123
    } ],
    "default_auth_profile_ref" : "aeiou",
    "cookie_timeout" : 123,
    "auth_profile_ref" : "aeiou",
    "entity_id" : "aeiou",
    "key" : [ {
      "hmac_key" : "aeiou",
      "aes_key" : "aeiou",
      "name" : "aeiou"
    } ],
    "cookie_name" : "aeiou",
    "single_signon_url" : "aeiou"
  },
  "configpb_attributes" : {
    "version" : 123
  },
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "type" : "aeiou",
  "authorization_policy" : {
    "authz_rules" : [ {
      "enable" : true,
      "match" : {
        "access_token" : {
          "token_name" : "aeiou",
          "matches" : [ {
            "string_match" : {
              "match_criteria" : "aeiou",
              "string_group_refs" : [ "aeiou" ],
              "match_str" : [ "aeiou" ]
            },
            "bool_match" : true,
            "name" : "aeiou",
            "int_match" : 123,
            "is_mandatory" : true,
            "type" : "aeiou",
            "validate" : true
          } ]
        },
        "path" : "",
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : "",
        "attr_matches" : [ {
          "attribute_name" : "aeiou",
          "attribute_value_list" : ""
        } ]
      },
      "name" : "aeiou",
      "action" : {
        "status_code" : "aeiou",
        "type" : "aeiou"
      },
      "index" : 123
    } ]
  },
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK SSOPolicy

401

log in failed

Up
patch /ssopolicy/{uuid}
(ssopolicyUuidPatch)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — SSOPolicy object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

SSOPolicy

Example data

Content-Type: application/json
{
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "authentication_policy" : {
    "sp_metadata" : "aeiou",
    "authn_rules" : [ {
      "enable" : true,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ {
            "ip_addr" : "",
            "mask" : 123
          } ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ {
            "addr" : "aeiou",
            "type" : "aeiou"
          } ]
        }
      },
      "name" : "aeiou",
      "action" : {
        "type" : "aeiou"
      },
      "index" : 123
    } ],
    "default_auth_profile_ref" : "aeiou",
    "cookie_timeout" : 123,
    "auth_profile_ref" : "aeiou",
    "entity_id" : "aeiou",
    "key" : [ {
      "hmac_key" : "aeiou",
      "aes_key" : "aeiou",
      "name" : "aeiou"
    } ],
    "cookie_name" : "aeiou",
    "single_signon_url" : "aeiou"
  },
  "configpb_attributes" : {
    "version" : 123
  },
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "type" : "aeiou",
  "authorization_policy" : {
    "authz_rules" : [ {
      "enable" : true,
      "match" : {
        "access_token" : {
          "token_name" : "aeiou",
          "matches" : [ {
            "string_match" : {
              "match_criteria" : "aeiou",
              "string_group_refs" : [ "aeiou" ],
              "match_str" : [ "aeiou" ]
            },
            "bool_match" : true,
            "name" : "aeiou",
            "int_match" : 123,
            "is_mandatory" : true,
            "type" : "aeiou",
            "validate" : true
          } ]
        },
        "path" : "",
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : "",
        "attr_matches" : [ {
          "attribute_name" : "aeiou",
          "attribute_value_list" : ""
        } ]
      },
      "name" : "aeiou",
      "action" : {
        "status_code" : "aeiou",
        "type" : "aeiou"
      },
      "index" : 123
    } ]
  },
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK SSOPolicy

401

log in failed

Up
put /ssopolicy/{uuid}
(ssopolicyUuidPut)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — SSOPolicy object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

SSOPolicy

Example data

Content-Type: application/json
{
  "tenant_ref" : "aeiou",
  "name" : "aeiou",
  "authentication_policy" : {
    "sp_metadata" : "aeiou",
    "authn_rules" : [ {
      "enable" : true,
      "match" : {
        "path" : {
          "match_criteria" : "aeiou",
          "string_group_refs" : [ "aeiou" ],
          "match_str" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "host_hdr" : {
          "match_criteria" : "aeiou",
          "value" : [ "aeiou" ],
          "match_case" : "aeiou"
        },
        "client_ip" : {
          "group_refs" : [ "aeiou" ],
          "match_criteria" : "aeiou",
          "prefixes" : [ {
            "ip_addr" : "",
            "mask" : 123
          } ],
          "ranges" : [ {
            "end" : "",
            "begin" : ""
          } ],
          "addrs" : [ {
            "addr" : "aeiou",
            "type" : "aeiou"
          } ]
        }
      },
      "name" : "aeiou",
      "action" : {
        "type" : "aeiou"
      },
      "index" : 123
    } ],
    "default_auth_profile_ref" : "aeiou",
    "cookie_timeout" : 123,
    "auth_profile_ref" : "aeiou",
    "entity_id" : "aeiou",
    "key" : [ {
      "hmac_key" : "aeiou",
      "aes_key" : "aeiou",
      "name" : "aeiou"
    } ],
    "cookie_name" : "aeiou",
    "single_signon_url" : "aeiou"
  },
  "configpb_attributes" : {
    "version" : 123
  },
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "type" : "aeiou",
  "authorization_policy" : {
    "authz_rules" : [ {
      "enable" : true,
      "match" : {
        "access_token" : {
          "token_name" : "aeiou",
          "matches" : [ {
            "string_match" : {
              "match_criteria" : "aeiou",
              "string_group_refs" : [ "aeiou" ],
              "match_str" : [ "aeiou" ]
            },
            "bool_match" : true,
            "name" : "aeiou",
            "int_match" : 123,
            "is_mandatory" : true,
            "type" : "aeiou",
            "validate" : true
          } ]
        },
        "path" : "",
        "method" : {
          "match_criteria" : "aeiou",
          "methods" : [ "aeiou" ]
        },
        "host_hdr" : "",
        "attr_matches" : [ {
          "attribute_name" : "aeiou",
          "attribute_value_list" : ""
        } ]
      },
      "name" : "aeiou",
      "action" : {
        "status_code" : "aeiou",
        "type" : "aeiou"
      },
      "index" : 123
    } ]
  },
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK SSOPolicy

401

log in failed

Up

Models

[ Jump to Methods ]

Table of Contents

  1. AuthAttributeMatch
  2. AuthenticationAction
  3. AuthenticationMatch
  4. AuthenticationPolicy
  5. AuthenticationRule
  6. AuthorizationAction
  7. AuthorizationMatch
  8. AuthorizationPolicy
  9. AuthorizationRule
  10. ConfigPbAttributes
  11. HostHdrMatch
  12. HttpCookiePersistenceKey
  13. IpAddr
  14. IpAddrMatch
  15. IpAddrPrefix
  16. IpAddrRange
  17. JWTClaimMatch
  18. JWTMatch
  19. KeyValue
  20. MethodMatch
  21. PathMatch
  22. RoleFilterMatchLabel
  23. SSOPolicy
  24. SSOPolicyApiResponse
  25. StringMatch

AuthAttributeMatch Up

attribute_name
String Attribute name whose values will be looked up in the access lists. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
attribute_value_list
StringMatch Attribute Values used to determine access when authentication applies. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

AuthenticationAction Up

type
String Authentication Action to be taken for a matched Rule. Enum options - SKIP_AUTHENTICATION, USE_DEFAULT_AUTHENTICATION. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

AuthenticationMatch Up

client_ip (optional)
IpAddrMatch Configure client ip addresses. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
host_hdr (optional)
HostHdrMatch Configure the host header. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
path (optional)
PathMatch Configure request paths. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

AuthenticationPolicy Up

auth_profile_ref (optional)
String Auth Profile to use for validating users. It is a reference to an object of type AuthProfile. Field deprecated in 18.2.3. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
authn_rules (optional)
array[AuthenticationRule] Add rules to apply auth profile to specific targets. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
cookie_name (optional)
String HTTP cookie name for authenticated session. Field deprecated in 18.2.3. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
cookie_timeout (optional)
Integer Cookie timeout in minutes. Allowed values are 1-1440. Field deprecated in 18.2.3. Field introduced in 18.2.1. Unit is MIN. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
default_auth_profile_ref (optional)
String Auth Profile to use for validating users. It is a reference to an object of type AuthProfile. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
entity_id (optional)
String Globally unique entityID for this node. Entity ID on the IDP should match this. Field deprecated in 18.2.3. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
key (optional)
array[HttpCookiePersistenceKey] Key to generate the cookie. Field deprecated in 18.2.3. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
single_signon_url (optional)
String Single Signon URL to be programmed on the IDP. Field deprecated in 18.2.3. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
sp_metadata (optional)
String SAML SP metadata. Field deprecated in 18.2.3. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.

AuthenticationRule Up

action (optional)
AuthenticationAction Enable or disable authentication for matched targets. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
enable
Boolean Enable or disable the rule. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
index
Integer Index of the rule. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
match (optional)
AuthenticationMatch Add match criteria to the rule. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
name
String Name of the rule. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

AuthorizationAction Up

status_code (optional)
String HTTP status code to use for local response when an policy rule is matched. Enum options - HTTP_RESPONSE_STATUS_CODE_401, HTTP_RESPONSE_STATUS_CODE_403. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
type (optional)
String Defines the action taken when an authorization policy rule is matched. By default, access is allowed to the requested resource. Enum options - ALLOW_ACCESS, CLOSE_CONNECTION, HTTP_LOCAL_RESPONSE. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

AuthorizationMatch Up

access_token (optional)
JWTMatch Access Token claims to be matched. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
attr_matches (optional)
array[AuthAttributeMatch] Attributes whose values need to be matched . Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
host_hdr (optional)
HostHdrMatch Host header value to be matched. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
method (optional)
MethodMatch HTTP methods to be matched. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
path (optional)
PathMatch Paths/URLs to be matched. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

AuthorizationPolicy Up

authz_rules (optional)
array[AuthorizationRule] Authorization Policy Rules. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

AuthorizationRule Up

action
AuthorizationAction Authorization action when rule is matched. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
enable
Boolean Enable or disable the rule. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
index
Integer Index of the Authorization Policy rule. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
match
AuthorizationMatch Authorization match criteria for the rule. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
name
String Name of the rule. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

ConfigPbAttributes Up

version (optional)
Integer Protobuf version number. Gets incremented if there is se Diff of federated diff in config pbs.This field will be a monotonically increasing number indicating the number of Config Update operations. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition. format: int32

HostHdrMatch Up

match_case (optional)
String Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
match_criteria
String Criterion to use for the host header value match. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
value (optional)
array[String] String value(s) in the host header. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

HttpCookiePersistenceKey Up

aes_key (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
hmac_key (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
name (optional)
String name to use for cookie encryption. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

IpAddr Up

addr
String IP address. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
type
String Enum options - V4, DNS, V6. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

IpAddrMatch Up

addrs (optional)
array[IpAddr] IP address(es). Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
group_refs (optional)
array[String] UUID of IP address group(s). It is a reference to an object of type IpAddrGroup. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
match_criteria
String Criterion to use for IP address matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
prefixes (optional)
array[IpAddrPrefix] IP address prefix(es). Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
ranges (optional)
array[IpAddrRange] IP address range(s). Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

IpAddrPrefix Up

ip_addr
IpAddr Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
mask
Integer Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32

IpAddrRange Up

begin
IpAddr Starting IP address of the range. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
end
IpAddr Ending IP address of the range. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

JWTClaimMatch Up

bool_match (optional)
Boolean Boolean value against which the claim is matched. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
int_match (optional)
Integer Integer value against which the claim is matched. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition. format: int32
is_mandatory
Boolean Specified Claim should be present in the JWT. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
name
String JWT Claim name to be validated. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
string_match (optional)
StringMatch String values against which the claim is matched. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
type
String Specifies the type of the Claim. Enum options - JWT_CLAIM_TYPE_BOOL, JWT_CLAIM_TYPE_INT, JWT_CLAIM_TYPE_STRING. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
validate
Boolean Specifies whether to validate the Claim value. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

JWTMatch Up

matches (optional)
array[JWTClaimMatch] Claims whose values need to be matched. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
token_name (optional)
String Token for which the claims need to be validated. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

KeyValue Up

key
String Key. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
value (optional)
String Value. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

MethodMatch Up

match_criteria
String Criterion to use for HTTP method matching the method in the HTTP request. Enum options - IS_IN, IS_NOT_IN. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
methods (optional)
array[String] Configure HTTP method(s). Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK. Minimum of 1 items required. Maximum of 16 items allowed. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- HTTP_METHOD_GET,HTTP_METHOD_PUT,HTTP_METHOD_POST,HTTP_METHOD_HEAD,HTTP_METHOD_OPTIONS), Basic edition(Allowed values- HTTP_METHOD_GET,HTTP_METHOD_PUT,HTTP_METHOD_POST,HTTP_METHOD_HEAD,HTTP_METHOD_OPTIONS), Enterprise with Cloud Services edition.

PathMatch Up

match_case (optional)
String Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
match_criteria
String Criterion to use for matching the path in the HTTP request URI. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL), Basic edition(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL), Enterprise with Cloud Services edition.
match_str (optional)
array[String] String values. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
string_group_refs (optional)
array[String] UUID of the string group(s). It is a reference to an object of type StringGroup. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

RoleFilterMatchLabel Up

key
String Key for filter match. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

SSOPolicy Up

_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
authentication_policy (optional)
AuthenticationPolicy Authentication Policy Settings. Field introduced in 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
authorization_policy (optional)
AuthorizationPolicy Authorization Policy Settings. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
configpb_attributes (optional)
ConfigPbAttributes Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
labels (optional)
array[KeyValue] Key value pairs for granular object access control. Also allows for classification and tagging of similar objects. Field deprecated in 20.1.5. Field introduced in 20.1.2. Maximum of 4 items allowed. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.5. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
name
String Name of the SSO Policy. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tenant_ref (optional)
String UUID of the Tenant. It is a reference to an object of type Tenant. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
type
String SSO Policy Type. Enum options - SSO_TYPE_SAML, SSO_TYPE_PINGACCESS, SSO_TYPE_JWT, SSO_TYPE_LDAP, SSO_TYPE_OAUTH. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
url (optional)
String url
uuid (optional)
String UUID of the SSO Policy. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

SSOPolicyApiResponse Up

count
Integer format: int32
results
next (optional)

StringMatch Up

match_criteria
String Criterion to use for string matching the HTTP request. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL), Basic edition(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL), Enterprise with Cloud Services edition.
match_str (optional)
array[String] String value(s). Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
string_group_refs (optional)
array[String] UUID of the string group(s). It is a reference to an object of type StringGroup. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.