User security policy commands
User security policy mode provides the commands to specify a user security policy.
To enter the mode, use the global assembly-user-security command. To delete a user security policy, use the global no user-security command.
While in this mode, use the commands in the following table to define the user security policy.
- To view the current configuration, use the show command.
- To restore default values, use the reset command.
- To exit this configuration mode without saving changes to the running configuration, use the cancel command.
- To exit this configuration mode and save changes to the running configuration, use the exit command.
| Command | Purpose |
|---|---|
| admin-state | This command sets the administrative state for the configuration. |
| au-stop-on-error | This command controls whether to stop assembly processing and return an error if authentication fails. |
| auth-response-header-credential | This command identifies the response header that contains the authenticated user credentials. |
| auth-response-header-pattern | This command defines the pattern to select which response headers to add to the API context. |
| az-custom-form | This command specifies the location of the custom HTML authorization form. |
| az-custom-form-csp | This command specifies the value to use for the HTTP
Content-Security-Policy response header for the custom HTML authorization
page. |
| az-custom-form-tls-client-profile | The command identifies the TLS client profile to secure the connection when the custom HTML authorization form is requested. |
| az-default-form | This command indicates whether to use the default or a custom HTML authorization form. |
| az-form-time-limit | This command sets the allowable time to submit the HTML authorization form. |
| az-stop-on-error | This command controls whether to stop assembly processing and return an error if authorization fails. |
| az-table-default-entry | This command adds a default entry to the HTML authorization form. |
| az-table-display-checkboxes | This command indicates whether to display checkboxes for entries in the HTML authorization form. |
| az-table-dynamic-entries | This command specifies the context variable that adds dynamic entries to the HTML authorization form. |
| correlation-path | This command specifies the part of the API definition that correlates with the policy. |
| ei-custom-form | This command specifies the location of the custom HTML login form. |
| ei-custom-form-csp | This command specifies the value to use for the HTTP
Content-Security-Policy response header for the custom HTML login
page. |
| ei-custom-form-tls-client-profile | The command identifies the TLS client profile to secure the connection when the custom HTML login form is requested. |
| ei-default-form | This command indicates whether to use the default or a custom HTML login form. |
| ei-form-time-limit | This command sets the allowable time to submit the HTML login form for identity extraction. |
| ei-stop-on-error | This command controls whether to stop assembly processing and return an error if identity extraction fails. |
| extract-identity-method | This command controls whether to extract user credentials. When enabled, sets the method to extract user credentials. |
| factor-id | This command sets the identity that identifies the results of factor-authentication. |
| hostname | This command specifies the hostname to set instead of the original hostname. |
| pass-context-var | This command specifies the context variable to obtain the user password. |
| query-parameters | This command specifies the query parameters to append to the redirect. |
| redirect-time-limit | This command sets the time to allow for the transaction to complete when identity extraction uses a redirect. |
| redirect-url | This command specifies the URL fragment to redirect the request to obtain user credentials. |
| summary | This command specifies the brief, descriptive summary for the object instance. |
| title | This command specifies the title for the configuration. |
| user-auth-method | This command controls whether enable authentication. When enabled, sets the method to authenticate the identity of the resource owner. |
| user-az-method | This command controls whether enable authorization. When enabled, sets the authorization method. |
| user-context-var | This command specifies the context variable to obtain the username. |
| user-registry | This command specifies the registry to authenticate incoming API requests. |