Kerberos Server¶
Overview¶
This document describes the API to configure AAA Kerberos servers and their properties in BIG-IQ.
REST Endpoint: /cm/access/working-config/apm/aaa/kerberos¶
Requests¶
GET /cm/access/working-config/apm/aaa/kerberos/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
authRealm | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
spn | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
spn | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
keytabFileObj | string | Uploaded Keytab file, A Keytab file contains Kerberos encrypted keys that are derived from the Kerberos password. The file contains service keys that the server uses to authenticate the client. |
keytabFileObjReference | reference | Reference to the stored Keytab file. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
serviceName | string | Specify a Kerberos service name, such as HTTP. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A Detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | Yes |
Service_Catalog_Viewer | Yes |
Service_Catalog_Editor | Yes |
Trust_Discovery_Import | Yes |
Access_View | Yes |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | Yes |
Application_Viewer | Yes |
Trust_Discovery_Import | Yes |
Access_Deploy | Yes |
Access_Policy_Editor | Yes |
POST /cm/access/working-config/apm/aaa/kerberos¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
authRealm | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. | |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. | |
spn | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. |
keytabFileObj | string | True | Uploaded Keytab file, A Keytab file contains Kerberos encrypted keys that are derived from the Kerberos password. The file contains service keys that the server uses to authenticate the client. |
keytabFileObjReference | reference | True | Reference to the stored Keytab file. |
link | string | True | URI link of the reference. |
serviceName | string | True | Specify a Kerberos service name, such as HTTP. |
name | string | True | The name of the object |
partition | string | True | The BIG-IP partition where the object should be placed |
subPath | string | False | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | False | Reference to the device |
id | string | False | Id of the device. |
link | string | False | URI link of the reference. |
isLsoShared | boolean | True | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Reference to the device group. |
link | string | False | URI link of the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
authRealm | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
spn | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
keytabFileObj | string | Uploaded Keytab file, A Keytab file contains Kerberos encrypted keys that are derived from the Kerberos password. The file contains service keys that the server uses to authenticate the client. |
keytabFileObjReference | reference | Reference to the stored Keytab file. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
serviceName | string | Specify a Kerberos service name, such as HTTP. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A Detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
PUT /cm/access/working-config/apm/aaa/kerberos/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
authRealm | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. | |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. | |
spn | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. | |
keytabFileObj | string | False | Uploaded Keytab file, A Keytab file contains Kerberos encrypted keys that are derived from the Kerberos password. The file contains service keys that the server uses to authenticate the client. |
keytabFileObjReference | reference | True | Reference to the stored Keytab file. |
name | string | True | Name of the resource |
kind | string | False | The kind of the resource. |
link | string | False | URI link of the reference. |
serviceName | string | False | Specify a Kerberos service name, such as HTTP. |
name | string | False | The name of the object |
partition | string | False | The BIG-IP partition where the object should be placed |
subPath | string | False | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | False | Reference to the device |
id | string | False | Id of the device. |
name | string | False | Device name. Typically it is device’s hostname. |
kind | string | False | Kind of the device. |
machineId | string | False | Machine ID of the device. |
link | string | False | URI link of the reference. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Reference to the device group. |
name | string | False | Name of the resource |
kind | string | False | The kind of the resource. |
link | string | False | URI link of the reference. |
id | string | False | An ID of an application |
kind | string | False | The kind of application. |
selfLink | string | False | The selfLink of an application. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
authRealm | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
spn | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
keytabFileObj | string | Uploaded Keytab file, A Keytab file contains Kerberos encrypted keys that are derived from the Kerberos password. The file contains service keys that the server uses to authenticate the client. |
keytabFileObjReference | reference | Reference to the stored Keytab file. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
serviceName | string | Specify a Kerberos service name, such as HTTP. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A Detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
PATCH /cm/access/working-config/apm/aaa/kerberos/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
authRealm | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. | |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. | |
spn | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. | |
keytabFileObj | string | False | Uploaded Keytab file, A Keytab file contains Kerberos encrypted keys that are derived from the Kerberos password. The file contains service keys that the server uses to authenticate the client. |
keytabFileObjReference | reference | True | Reference to the stored Keytab file. |
link | string | True | URI link of the reference. |
serviceName | string | False | Specify a Kerberos service name, such as HTTP. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
authRealm | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
spn | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
keytabFileObj | string | Uploaded Keytab file, A Keytab file contains Kerberos encrypted keys that are derived from the Kerberos password. The file contains service keys that the server uses to authenticate the client. |
keytabFileObjReference | reference | Reference to the stored Keytab file. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
serviceName | string | Specify a Kerberos service name, such as HTTP. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A Detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
DELETE /cm/access/working-config/apm/aaa/kerberos/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
authRealm | string | Specify a Kerberos auth realm name (administrative name), such as TESTBED.LAB.COMPANYNET.COM. Kerberos clients manually map DNS domain names to Kerberos realm names. It establishes the boundaries within which an authentication server has the authority to authenticate a user, host, or service. |
spnFormat | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
spn | string | Specify a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. |
keytabFileObj | string | Uploaded Keytab file, A Keytab file contains Kerberos encrypted keys that are derived from the Kerberos password. The file contains service keys that the server uses to authenticate the client. |
keytabFileObjReference | reference | Reference to the stored Keytab file. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
serviceName | string | Specify a Kerberos service name, such as HTTP. |
name | string | The name of the object |
partition | string | The BIG-IP partition where the object should be placed |
subPath | string | The BIG-IP folder where the object should be placed |
lsoDeviceReference | reference | Reference to the device |
id | string | Id of the device. |
name | string | Device name. Typically it is device’s hostname. |
kind | string | Kind of the device. |
machineId | string | Machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the resource |
kind | string | The kind of the resource. |
link | string | URI link of the reference. |
id | string | An ID of an application |
kind | string | The kind of application. |
selfLink | string | The selfLink of an application. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A Detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials(no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
Examples¶
Get AAA Kerberos Server¶
GET /cm/access/working-config/apm/aaa/kerberos/<id>
Response¶
HTTP/1.1 200 OK
{
"authRealm": "TESTBED.LAB.COMPANYNET.COM",
"keytabFileObj": "/Common/kerberos_1",
"keytabFileObjReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"serviceName": "HTTP",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}
Create New AAA Kerberos Server¶
POST /cm/access/working-config/apm/aaa/kerberos
{
"authRealm": "TESTBED.LAB.COMPANYNET.COM",
"keytabFileObj": "/Common/kerberos_1",
"keytabFileObjReference": {
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"serviceName": "HTTP",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"isLsoShared": false,
"deviceGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
}
Response¶
HTTP/1.1 200 OK
{
"authRealm": "TESTBED.LAB.COMPANYNET.COM",
"keytabFileObj": "/Common/kerberos_1",
"keytabFileObjReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"serviceName": "HTTP",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}
Edit AAA Kerberos Server¶
PUT /cm/access/working-config/apm/aaa/kerberos/<id>
{
"authRealm": "TESTBED.LAB.COMPANYNET.COM",
"keytabFileObj": "/Common/kerberos_1",
"keytabFileObjReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"serviceName": "HTTP",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}
Response¶
HTTP/1.1 200 OK
{
"authRealm": "TESTBED.LAB.COMPANYNET.COM",
"keytabFileObj": "/Common/kerberos_1",
"keytabFileObjReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"serviceName": "HTTP",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}
Edit AAA Kerberos Server¶
PATCH /cm/access/working-config/apm/aaa/kerberos/<id>
{
"authRealm": "TESTBED.LAB.COMPANYNET.COM",
"keytabFileObj": "/Common/kerberos_1",
"keytabFileObjReference": {
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"serviceName": "HTTP",
"isLsoShared": false,
}
Response¶
HTTP/1.1 200 OK
{
"authRealm": "TESTBED.LAB.COMPANYNET.COM",
"keytabFileObj": "/Common/kerberos_1",
"keytabFileObjReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"serviceName": "HTTP",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}
Delete AAA Kerberos Server¶
DELETE /cm/access/working-config/apm/aaa/kerberos/<id>
Response¶
HTTP/1.1 200 OK
{
"authRealm": "TESTBED.LAB.COMPANYNET.COM",
"keytabFileObj": "/Common/kerberos_1",
"keytabFileObjReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"serviceName": "HTTP",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}