apm saml auth-context-class-list
apm saml auth-context-class-liBIG-IP TMSH Mapmasaml auth-context-class-list(1)
NAME
auth-context-class-list - Configure a list of SAML authentication
context classes.
MODULE
apm saml
SYNTAX
Configure the auth-context-class-list component within the saml module
using the syntax shown in the following sections.
MODIFY
create auth-context-class-list [name]
modify auth-context-class-list [name]
options:
app-service [[string] | none]
classes [add | delete | modify | none | replace-all-with] {
name [string] {
order [integer]
value [string]j
}
}
description [[string] | none]
edit auth-context-class-list [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list auth-context-class-list
list auth-context-class-list [ [ [name] | [glob] | [regex] ] ... ]
show running-config auth-context-class-list
show running-config auth-context-class-list [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
app-service
non-default-properties
one-line
partition
DELETE
delete auth-context-class-list [name]
DESCRIPTION
You can use the auth-context-class-list to create and manage lists of
SAML authentication context classes. Each class in the list must
contain a unique order and a unique value. Order indicates the relative
level of security ranging from 1 (least secure) to 255 (most secure).
EXAMPLES
create sp_authn_ctx_classes_list classes add { password { order 1 value
urn:oasis:names:tc:SAML:2.0:ac:classes:Password} kerberos { order 2
value urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos } }
Creates a new list named 'sp_authn_ctx_classes_list' with two
authentication context classes: password and kerberos. Higher
order number implies higher security associated with class. In
this example, the fact that the kerberos class order is 2 implies
that it has higher security than the password class with order 1.
modify authentication_contexts_list classes add { SmartcardPKI { order
8 value urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI } }
Modifies default list of authentication context classes to include
a class 'SmartcardPKI' with priority order '8' and value
'urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI'.
modify authentication_contexts_list classes delete { smartcard }
Removes authentication context class 'smartcard' from the default
list of authentication context classes
'authentication_contexts_list'.
list auth-context-class-list
Displays default list of authentication context classes.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
classes
Specifies a list of authentication context classes. Properties
'order' and 'value' must be unique within the auth-context-class-
list object. Property 'order' specifies the security of the class
in the context of the BIG-IP system; order ranges from the least
secure '1' to the most secure '255'. Property 'value' specifies a
URL of authentication context class, for example,
'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos'.
description
Specifies a unique description for the list of authentication
context classes.
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015. All rights reserved.
BIG-IP 2015-11-1apm saml auth-context-class-list(1)