1. REST API for Unified Assurance Core
  2. Tasks
  3. AAA
  4. Authentication Types

Create an Authentication Type Instance

post

/api/AAA/AuthTypes

Creates a new authentication type instance. You can create multiple instances of the SAML, LDAP, and Active Directory authentication types. There will always be only one Internal authentication type instance.
The minimum required properties in the request body are:
  • AuthenticationTypeName
  • AuthenticationTypeProtocol
  • AuthenticationStatus
  • If AuthenticationTypeProtocol is SAML:
    • Certificate
    • EntityID
    • SingleLogoutService
    • SingleSignOnService
  • If AuthenticationTypeProtocol is LDAP:
    • LDAPHost1
  • If AuthenticationTypeProtocol is Active Directory:
    • ADHost1

Request

There are no request parameters for this operation.

Supported Media Types
Request Body - application/json ()
Root Schema : schema
Type: object
The details of the authentication type instance to create.
Show Source
  • The IP or FQDN of the primary server to use for Active Directory. Used for the Active Directory authentication type only.
    Example: ad1.example.com
  • The IP or FQDN of the failover server to use for Active Directory. Used for the Active Directory authentication type only.
    Example: ad2.example.com
  • Whether to connect to Active Directory over a secure connection (1) or not (0). Used for the Active Directory authentication type only.
    Example: 1
  • The domain to use for transient users. Also used for persistent Active Directory users.
    Example: ad.example.com
  • Whether the authentication type instance is enabled (1) or not (0).
    Example: 1
  • The authentication type instance name. Use this to differentiate between multiple instances of the same protocol.
    To avoid confusion with numeric IDs, the name value cannot be integers only or integers prefixed with the + or - symbols only. It must contain letters or other characters. For example, 1234, +1234, and -1234 are not valid, but US1234, US+1234 and US_1234 are.
    Example: SAML SSO 1
  • The protocol used for the authentication type instance. Valid values are:
    • SAML
    • LDAP
    • Active Directory
    The Internal authentication type instance exists by default, and you cannot create more of that type.
    Example: SAML
  • The SAML certificate. Used for the SAML authentication type only.
  • Whether or not (1 or 0) to use this LDAP or Active Directory instance to authenticate when the username or domain specified at login does not match any of the other configured authentication protocols. There can only be one default instance. Used for the LDAP and Active Directory authentication types only.
    Example: 1
  • The unique ID for your SAML-enabled identity provider. Used for the SAML authentication type only.
    Example: example.com/saml-idp
  • The field to look for user groups for transient users. The value can vary by authentication provider. For example, LDAP uses memberOf, and SAML might use member, eduPersonAffiliation, or any string. Used when authenticating transient users with external authentication types only.
    Example: memberOf
  • The LDAP distinguished name (dn) specific to your organization. Use %s as a variable for usernames. Used for the LDAP authentication type only.
    Example: CN=%s,OU=Users,DC=example,DC=com
  • The IP or FQDN of the primary server to use for LDAP. Used for the LDAP authentication type only.
    Example: ldap.example.com
  • The IP or FQDN of the secondary server to use for LDAP. Used for the LDAP authentication type only.
    Example: ldap2.example.com
  • Optional. The port to use for LDAP. Used for the LDAP authentication type only.
    Example: 636
  • The type of secure connection for LDAP. Valid values are:
    • 0: None (do not use a secure connection)
    • 1: LDAPS (secure on connection)
    • 2: TLS (negotiated)
    Used for the LDAP authentication type only.
    Example: 1
  • The format of the name ID element of the SAML response. The Unified Assurance username for persistent users must match this format. Used for the SAML authentication type only.
    Example: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • The endpoint on your IdP that receives incoming logout requests and sends logout responses. Used for the SAML authentication type only.
    Example: example.com/saml/saml2/idp/SingleLogoutService.php
  • The endpoint on your IdP that receives authentication requests, processes them, and returns the authenticated user. Used for the SAML authentication type only.
    Example: example.com/saml/saml2/idp/SSOService.php
Back to Top

Response

Supported Media Types

200 Response

Successful operation
Body ()
Root Schema : schema
Match All
Show Source
Nested Schema : SuccessfulAddOperation
Type: object
The response body for a successful add operation.
Show Source
Nested Schema : type
Type: object
Show Source
Nested Schema : data
Type: array
Show Source
Nested Schema : AAAAuthTypesRead
Type: object
The authentication type instance details.
Show Source
  • The IP or FQDN of the primary server to use for Active Directory. Used for the Active Directory authentication type only.
    Example: ad1.example.com
  • The IP or FQDN of the failover server to use for Active Directory. Used for the Active Directory authentication type only.
    Example: ad2.example.com
  • Whether to connect to Active Directory over a secure connection (1) or not (0). Used for the Active Directory authentication type only.
    Example: 1
  • The domain to use for transient users. Also used for persistent Active Directory users.
    Example: ad.example.com
  • Whether the authentication type instance is enabled (1) or not (0).
    Example: 1
  • The authentication type instance status icon.
    Example: OrbGreen.png
  • The authentication type instance ID.
    Example: 1
  • The authentication type instance name. Use this to differentiate between multiple instances of the same protocol.
    Example: SAML SSO 1
  • The protocol used for the authentication type instance. Valid values are:
    • SAML
    • LDAP
    • Active Directory
    • Internal
    Example: SAML
  • The SAML certificate. Used for the SAML authentication type only.
  • Whether or not (1 or 0) to use this LDAP or Active Directory instance to authenticate when the username or domain specified at login does not match any of the other configured authentication protocols. There can only be one default instance. Used for the LDAP and Active Directory authentication types only.
    Example: 1
  • The unique ID for your SAML-enabled identity provider. Used for the SAML authentication type only.
    Example: example.com/saml-idp
  • The field to look for user groups for transient users. The value can vary by authentication provider. For example, LDAP uses memberOf, SAML might use member, eduPersonAffiliation, or any string. Used when authenticating transient users with external authentication types only.
    Example: memberOf
  • The LDAP distinguished name (dn) specific to your organization. Use %s as a variable for usernames. Used for the LDAP authentication type only.
    Example: CN=%s,OU=Users,DC=example,DC=com
  • The IP or FQDN of the primary server to use for LDAP. Used for the LDAP authentication type only.
    Example: ldap.example.com
  • The IP or FQDN of the secondary server to use for LDAP. Used for the LDAP authentication type only.
    Example: ldap2.example.com
  • Optional. The port to use for LDAP. Used for the LDAP authentication type only.
    Example: 636
  • The type of secure connection for LDAP. Valid values are:
    • 0: None (do not use a secure connection)
    • 1: LDAPS (secure on connection)
    • 2: TLS (negotiated)
    Used for the LDAP authentication type only.
    Example: 1
  • The format of the name ID element of the SAML response. The Unified Assurance username for persistent users must match this format. Used for the SAML authentication type only.
    Example: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • The minimum password length. Used for the Internal authentication type only.
    Example: 4
  • The minimum number of lowercase letters required in the password. Used for the Internal authentication type only.
    Example: 1
  • The minimum number of numerals required in the password. Used for the Internal authentication type only.
    Example: 0
  • The minimum number of special characters required in the password. Used for the Internal authentication type only.
    Example: 0
  • The minimum number of uppercase letters required in the password. Used for the Internal authentication type only.
    Example: 0
  • The number of password resets available. Used for the Internal authentication type only.
    Example: 0
  • Custom text to show when resetting a password. This is used for internal authentication only.
    Example: Reset password
  • The question to ask a user when they reset their password. This is used for internal authentication only.
    Example: What was the name of your first pet?
  • The endpoint on your IdP that receives incoming logout requests and sends logout responses. Used for the SAML authentication type only.
    Example: example.com/saml/saml2/idp/SingleLogoutService.php
  • The endpoint on your IdP receives authentication requests, processes them, and returns the authenticated user. Used for the SAML authentication type only.
    Example: example.com/saml/saml2/idp/SSOService.php

Default Response

Failed operation
Body ()
Root Schema : schema
Type: object
Show Source
Nested Schema : errors
Type: array
The list of errors reported. Validation errors will be keyed by record field.
Show Source
Nested Schema : items
Type: object
An error.
Back to Top