Invoke ADCAddAuthenticationoauthaction - j81blog/J81.ADCToolkit GitHub Wiki

Invoke-ADCAddAuthenticationoauthaction

SYNOPSIS

Add Authentication configuration Object.

SYNTAX

Invoke-ADCAddAuthenticationoauthaction [-Name] <String> [[-Oauthtype] <String>]
 [[-Authorizationendpoint] <String>] [[-Tokenendpoint] <String>] [[-Idtokendecryptendpoint] <String>]
 [[-Clientid] <String>] [[-Clientsecret] <String>] [[-Defaultauthenticationgroup] <String>]
 [[-Attribute1] <String>] [[-Attribute2] <String>] [[-Attribute3] <String>] [[-Attribute4] <String>]
 [[-Attribute5] <String>] [[-Attribute6] <String>] [[-Attribute7] <String>] [[-Attribute8] <String>]
 [[-Attribute9] <String>] [[-Attribute10] <String>] [[-Attribute11] <String>] [[-Attribute12] <String>]
 [[-Attribute13] <String>] [[-Attribute14] <String>] [[-Attribute15] <String>] [[-Attribute16] <String>]
 [[-Attributes] <String>] [[-Tenantid] <String>] [[-Graphendpoint] <String>] [[-Refreshinterval] <Double>]
 [[-Certendpoint] <String>] [[-Audience] <String>] [[-Usernamefield] <String>] [[-Skewtime] <Double>]
 [[-Issuer] <String>] [[-Userinfourl] <String>] [[-Certfilepath] <String>] [[-Granttype] <String>]
 [[-Authentication] <String>] [[-Introspecturl] <String>] [[-Allowedalgorithms] <String[]>] [[-Pkce] <String>]
 [[-Tokenendpointauthmethod] <String>] [[-Metadataurl] <String>] [[-Resourceuri] <String>] [-PassThru]
 [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

Configuration for OAuth authentication action resource.

EXAMPLES

EXAMPLE 1

Invoke-ADCAddAuthenticationoauthaction -name <string>

An example how to add authenticationoauthaction configuration Object(s).

PARAMETERS

-Name

Name for the OAuth Authentication action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the profile is created.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Oauthtype

Type of the OAuth implementation. Default value is generic implementation that is applicable for most deployments. Possible values = GENERIC, INTUNE, ATHENA

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: GENERIC
Accept pipeline input: False
Accept wildcard characters: False

-Authorizationendpoint

Authorization endpoint/url to which unauthenticated user will be redirected. Citrix ADC redirects user to this endpoint by adding query parameters including clientid. If this parameter not specified then as default value we take Token Endpoint/URL value. Please note that Authorization Endpoint or Token Endpoint is mandatory for oauthAction.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Tokenendpoint

URL to which OAuth token will be posted to verify its authenticity. User obtains this token from Authorization server upon successful authentication. Citrix ADC will validate presented token by posting it to the URL configured.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Idtokendecryptendpoint

URL to which obtained idtoken will be posted to get a decrypted user identity. Encrypted idtoken will be obtained by posting OAuth token to token endpoint. In order to decrypt idtoken, Citrix ADC posts request to the URL configured.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Clientid

Unique identity of the client/user who is getting authenticated. Authorization server infers client configuration using this ID.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Clientsecret

Secret string established by user and authorization server.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 8
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Defaultauthenticationgroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 9
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute1

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute1.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 10
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute2

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute2.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 11
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute3

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute3.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 12
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute4

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute4.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 13
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute5

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute5.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 14
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute6

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute6.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 15
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute7

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute7.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 16
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute8

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute8.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 17
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute9

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute9.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 18
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute10

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute10.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 19
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute11

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute11.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 20
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute12

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute12.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 21
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute13

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute13.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 22
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute14

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute14.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 23
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute15

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute15.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 24
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attribute16

Name of the attribute to be extracted from OAuth Token and to be stored in the attribute16.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 25
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Attributes

List of attribute names separated by ',' which needs to be extracted. Note that preceding and trailing spaces will be removed. Attribute name can be 127 bytes and total length of this string should not cross 1023 bytes. These attributes have multi-value support separated by ',' and stored as key-value pair in AAA session.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 26
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Tenantid

TenantID of the application. This is usually specific to providers such as Microsoft and usually refers to the deployment identifier.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 27
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Graphendpoint

URL of the Graph API service to learn Enterprise Mobility Services (EMS) endpoints.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 28
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Refreshinterval

Interval at which services are monitored for necessary configuration.

Type: Double
Parameter Sets: (All)
Aliases:

Required: False
Position: 29
Default value: 1440
Accept pipeline input: False
Accept wildcard characters: False

-Certendpoint

URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 30
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Audience

Audience for which token sent by Authorization server is applicable. This is typically entity name or url that represents the recipient.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 31
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Usernamefield

Attribute in the token from which username should be extracted.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 32
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Skewtime

This option specifies the allowed clock skew in number of minutes that Citrix ADC allows on an incoming token. For example, if skewTime is 10, then token would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

Type: Double
Parameter Sets: (All)
Aliases:

Required: False
Position: 33
Default value: 5
Accept pipeline input: False
Accept wildcard characters: False

-Issuer

Identity of the server whose tokens are to be accepted.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 34
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Userinfourl

URL to which OAuth access token will be posted to obtain user information.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 35
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Certfilepath

Path to the file that contains JWKs (Json Web Key) for JWT (Json Web Token) verification.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 36
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Granttype

Grant type support. value can be code or password. Possible values = CODE, PASSWORD

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 37
Default value: CODE
Accept pipeline input: False
Accept wildcard characters: False

-Authentication

If authentication is disabled, password is not sent in the request. . Possible values = ENABLED, DISABLED

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 38
Default value: ENABLED
Accept pipeline input: False
Accept wildcard characters: False

-Introspecturl

URL to which access token would be posted for validation.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 39
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Allowedalgorithms

Multivalued option to specify allowed token verification algorithms. . Possible values = HS256, RS256, RS512

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 40
Default value: OAUTH_ALG_ALL
Accept pipeline input: False
Accept wildcard characters: False

-Pkce

Option to enable/disable PKCE flow during authentication. . Possible values = ENABLED, DISABLED

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 41
Default value: ENABLED
Accept pipeline input: False
Accept wildcard characters: False

-Tokenendpointauthmethod

Option to select the variant of token authentication method. This method is used while exchanging code with IdP. . Possible values = client_secret_post, client_secret_jwt, private_key_jwt

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 42
Default value: Client_secret_post
Accept pipeline input: False
Accept wildcard characters: False

-Metadataurl

Well-known configuration endpoint of the Authorization Server. Citrix ADC fetches server details from this endpoint. .

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 43
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Resourceuri

Resource URL for Oauth configuration.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 44
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PassThru

Return details about the created authenticationoauthaction item.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

File Name : Invoke-ADCAddAuthenticationoauthaction Version : v2111.2521 Author : John Billekens Reference : https://developer-docs.citrix.com/projects/citrix-adc-nitro-api-reference/en/latest/configuration/authentication/authenticationoauthaction/ Requires : PowerShell v5.1 and up ADC 13.x and up. ADC 12 and lower may work, not guaranteed.

RELATED LINKS

https://blog.j81.nl

⚠️ **GitHub.com Fallback** ⚠️