Home > Configuration > Traffic Management

Use this method to creates a form-based single sign-on traffic profile (action.) Form-based single sign-on allows users to access web applications that require an HTML form-based logon without having to type their password again for each new application.

Use this method to creates a SAML single sign-on profile. This profile is employed in triggering saml assertion to a target service based on traffic profile.

Use this method to creates a session action (profile) that allows you to override global settings for any of the session parameters.

Use this method to creates a traffic management (TM) session policy, which is applied after the user logs on to the AAA virtual server, to customize user sessions.

Use this method to creates a traffic action to set traffic characteristics at run time. You can create a traffic action for an application that is installed in the internal network (for example, an action that defines the destination IP address and destination port, and sets the amount of time a user can stay logged on to the application, such as 15 minutes).

Use this method to adds a traffic policy to use for setting connection timeout, single sign-on, and initiating logout. The policy sets the characteristics of application traffic at run time.

Use this method to bind policy to tm global.

Use this method to get information about all configured form-based single sign-on actions, or displays detailed information about the specified action.

Use this method to get information about TM global bindings.

Use this method to get information about all configured saml single sign-on profiles, or displays detailed information about the specified action.

Use this method to get information about all configured traffic management (TM) session actions, or detailed information about the specified TM session action.

Use this method to get information about traffic session parameters.

Use this method to get information about all the configured traffic management (TM) session policies, or displays detailed information about the specified TM session policy.

Use this method to get information about all configured traffic management (TM) traffic actions, or displays detailed information about the specified TM traffic action.

Use this method to get information about all configured traffic management (TM) traffic policies, or displays detailed information about the specified TM traffic policy.

Use this method to deletes an existing form-based single sign-on traffic profile (action.)

Use this method to deletes an existing saml single sign-on traffic profile.

Use this method to deletes an existing session action.

Use this method to removes an existing traffic management (TM) session policy.

Use this method to removes an existing traffic action.

Use this method to removes an existing traffic policy.

Use this method to set uRL to which the completed form is submitted.

Use this method to set name-value pair attributes to send to the server in addition to sending the username and password. Value names are separated by an ampersand (&) (for example, name1=value1&name2=value2).

Use this method to set type of processing of the name-value pair. If you specify STATIC, the values configured by the administrator are used. For DYNAMIC, the response is parsed, and the form is extracted and then submitted.

Use this method to set name of the form field in which the user types in the password.

Use this method to set number of bytes, in the response, to parse for extracting the forms.

Use this method to set expression, that checks to see if single sign-on is successful.

Use this method to set hTTP method used by the single sign-on form to send the logon credentials to the logon server. Applies only to STATIC name-value type.

Use this method to set name of the form field in which the user types in the user ID.

Use this method to set uRL to which the assertion is to be sent.

Use this method to set name of attribute1 that needs to be sent in SAML Assertion

Use this method to set name of attribute10 that needs to be sent in SAML Assertion

Use this method to set name of attribute11 that needs to be sent in SAML Assertion

Use this method to set name of attribute12 that needs to be sent in SAML Assertion

Use this method to set name of attribute13 that needs to be sent in SAML Assertion

Use this method to set name of attribute14 that needs to be sent in SAML Assertion

Use this method to set name of attribute15 that needs to be sent in SAML Assertion

Use this method to set name of attribute16 that needs to be sent in SAML Assertion

Use this method to set name of attribute2 that needs to be sent in SAML Assertion

Use this method to set name of attribute3 that needs to be sent in SAML Assertion

Use this method to set name of attribute4 that needs to be sent in SAML Assertion

Use this method to set name of attribute5 that needs to be sent in SAML Assertion

Use this method to set name of attribute6 that needs to be sent in SAML Assertion

Use this method to set name of attribute7 that needs to be sent in SAML Assertion

Use this method to set name of attribute8 that needs to be sent in SAML Assertion

Use this method to set name of attribute9 that needs to be sent in SAML Assertion

Use this method to set audience for which assertion sent by IdP is applicable. This is typically entity name or url that represents ServiceProvider

Use this method to set algorithm to be used to compute/verify digest for SAML transactions

Use this method to set option to encrypt assertion when Citrix ADC sends one.

Use this method to set algorithm to be used to encrypt SAML assertion

Use this method to set expression that will be evaluated to obtain NameIdentifier to be sent in assertion

Use this method to set format of Name Identifier sent in Assertion.

Use this method to set expression to extract relaystate to be sent along with assertion. Evaluation of this expression should return TEXT content. This is typically a targ
et url to which user is redirected after the recipient validates SAML token

Use this method to set the name to be used in requests sent from Citrix ADC to IdP to uniquely identify Citrix ADC.

Use this method to set name of the SSL certificate that is used to Sign Assertion.

Use this method to set name of the SSL certificate of peer/receving party using which Assertion is encrypted.

Use this method to set option to send password in assertion.
NOTE: This attribute is deprecated.
Send password feature has been deprecated. Please use custom attributes.

Use this method to set option to sign portions of assertion when Citrix ADC IDP sends one. Based on the user selection, either Assertion or Response or Both or none can be signed

Use this method to set algorithm to be used to sign/verify SAML transactions

Use this method to set this option specifies the number of minutes on either side of current time that the assertion would be valid. For example, if skewTime is 10, then assertion would be valid from (current time - 10) min to (current time + 10) min, ie 20min in all.

Use this method to set allow or deny access to content for which there is no specific authorization policy.

Use this method to set web address of the home page that a user is displayed when authentication vserver is bookmarked and used to login.

Use this method to set allow only an HTTP session cookie, in which case the cookie cannot be accessed by scripts.

Use this method to set kerberos constrained delegation account name

Use this method to set enable or disable persistent SSO cookies for the traffic management (TM) session. A persistent cookie remains on the user device and is sent with each HTTP request. The cookie becomes stale if the session ends. This setting is overwritten if a traffic action sets persistent cookie to OFF.
Note: If persistent cookie is enabled, make sure you set the persistent cookie validity.

Use this method to set integer specifying the number of minutes for which the persistent cookie remains valid. Can be set only if the persistent cookie setting is enabled.

Use this method to set session timeout, in minutes. If there is no traffic during the timeout period, the user is disconnected and must reauthenticate to access intranet resources.

Use this method to set use single sign-on (SSO) to log users on to all web applications automatically after they authenticate, or pass users to the web application logon page to authenticate to each application individually. Note that this configuration does not honor the following authentication types for security reason. BASIC, DIGEST, and NTLM (without Negotiate NTLM2 Key or Negotiate Sign Flag). Use TM TrafficAction to configure SSO for these authentication types.

Use this method to set use the primary or secondary authentication credentials for single sign-on (SSO).

Use this method to set domain to use for single sign-on (SSO).

Use this method to set allow or deny access to content for which there is no specific authorization policy.

Use this method to set web address of the home page that a user is displayed when authentication vserver is bookmarked and used to login.

Use this method to set allow only an HTTP session cookie, in which case the cookie cannot be accessed by scripts.

Use this method to set kerberos constrained delegation account name

Use this method to set use persistent SSO cookies for the traffic session. A persistent cookie remains on the user device and is sent with each HTTP request. The cookie becomes stale if the session ends.

Use this method to set integer specifying the number of minutes for which the persistent cookie remains valid. Can be set only if the persistence cookie setting is enabled.

Use this method to set session timeout, in minutes. If there is no traffic during the timeout period, the user is disconnected and must reauthenticate to access the intranet resources.

Use this method to set log users on to all web applications automatically after they authenticate, or pass users to the web application logon page to authenticate for each application. Note that this configuration does not honor the following authentication types for security reason. BASIC, DIGEST, and NTLM (without Negotiate NTLM2 Key or Negotiate Sign Flag). Use TM TrafficAction to configure SSO for these authentication types.

Use this method to set use primary or secondary authentication credentials for single sign-on.

Use this method to set domain to use for single sign-on.

Use this method to set action to be applied to connections that match this policy.

Use this method to set expression, against which traffic is evaluated. Both classic and advance expressions are supported in default partition but only advance expressions in non-default partition.

The following requirements apply only to the Citrix ADC CLI:
* If the expression includes one or more spaces, enclose the entire expression in double quotation marks.
* If the expression itself includes double quotation marks, escape the quotations by using the \ character.
* Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.

Use this method to set time interval, in minutes, of user inactivity after which the connection is closed.

Use this method to set setting to start, stop or reset TM session force timer

Use this method to set time interval, in minutes, for which force timer should be set.

Use this method to set name of the configured form-based single sign-on profile.

Use this method to set initiate logout for the traffic management (TM) session if the policy evaluates to true. The session is then terminated after two minutes.

Use this method to set kerberos contrained delegation account name

Use this method to set expression that will be evaluated to obtain password for SingleSignOn

Use this method to set use persistent cookies for the traffic session. A persistent cookie remains on the user device and is sent with each HTTP request. The cookie becomes stale if the session ends.

Use this method to set profile to be used for doing SAML SSO to remote relying party

Use this method to set use single sign-on for the resource that the user is accessing now.

Use this method to set expression that will be evaluated to obtain username for SingleSignOn

Use this method to set name of the action to apply to requests or connections that match this policy.

Use this method to set name of the Citrix ADC named expression, or an expression, that the policy uses to determine whether to apply certain action on the current traffic.

Use this method to unbind policy from tm global.

Remove tm formSSOAction namevaluepair setting.

Remove tm formSSOAction nvtype setting.

Remove tm formSSOAction responsesize setting.

Remove tm formSSOAction submitmethod setting.

Remove tm samlSSOProfile attribute1 setting.

Remove tm samlSSOProfile attribute10 setting.

Remove tm samlSSOProfile attribute10format setting.

Remove tm samlSSOProfile attribute10friendly setting.

Remove tm samlSSOProfile attribute11 setting.

Remove tm samlSSOProfile attribute11format setting.

Remove tm samlSSOProfile attribute11friendly setting.

Remove tm samlSSOProfile attribute12 setting.

Remove tm samlSSOProfile attribute12format setting.

Remove tm samlSSOProfile attribute12friendly setting.

Remove tm samlSSOProfile attribute13 setting.

Remove tm samlSSOProfile attribute13format setting.

Remove tm samlSSOProfile attribute13friendly setting.

Remove tm samlSSOProfile attribute14 setting.

Remove tm samlSSOProfile attribute14format setting.

Remove tm samlSSOProfile attribute14friendly setting.

Remove tm samlSSOProfile attribute15 setting.

Remove tm samlSSOProfile attribute15format setting.

Remove tm samlSSOProfile attribute15friendly setting.

Remove tm samlSSOProfile attribute16 setting.

Remove tm samlSSOProfile attribute16format setting.

Remove tm samlSSOProfile attribute16friendly setting.

Remove tm samlSSOProfile attribute1format setting.

Remove tm samlSSOProfile attribute1friendly setting.

Remove tm samlSSOProfile attribute2 setting.

Remove tm samlSSOProfile attribute2format setting.

Remove tm samlSSOProfile attribute2friendly setting.

Remove tm samlSSOProfile attribute3 setting.

Remove tm samlSSOProfile attribute3format setting.

Remove tm samlSSOProfile attribute3friendly setting.

Remove tm samlSSOProfile attribute4 setting.

Remove tm samlSSOProfile attribute4format setting.

Remove tm samlSSOProfile attribute4friendly setting.

Remove tm samlSSOProfile attribute5 setting.

Remove tm samlSSOProfile attribute5format setting.

Remove tm samlSSOProfile attribute5friendly setting.

Remove tm samlSSOProfile attribute6 setting.

Remove tm samlSSOProfile attribute6format setting.

Remove tm samlSSOProfile attribute6friendly setting.

Remove tm samlSSOProfile attribute7 setting.

Remove tm samlSSOProfile attribute7format setting.

Remove tm samlSSOProfile attribute7friendly setting.

Remove tm samlSSOProfile attribute8 setting.

Remove tm samlSSOProfile attribute8format setting.

Remove tm samlSSOProfile attribute8friendly setting.

Remove tm samlSSOProfile attribute9 setting.

Remove tm samlSSOProfile attribute9format setting.

Remove tm samlSSOProfile attribute9friendly setting.

Remove tm samlSSOProfile audience setting.

Remove tm samlSSOProfile digestmethod setting.

Remove tm samlSSOProfile encryptassertion setting.

Remove tm samlSSOProfile encryptionalgorithm setting.

Remove tm samlSSOProfile nameidexpr setting.

Remove tm samlSSOProfile nameidformat setting.

Remove tm samlSSOProfile relaystaterule setting.

Remove tm samlSSOProfile samlissuer setting.

Remove tm samlSSOProfile samlsigningcert setting.

Remove tm samlSSOProfile samlspcert setting.

Remove tm samlSSOProfile sendpassword setting.

Remove tm samlSSOProfile signassertion setting.

Remove tm samlSSOProfile signaturealg setting.

Remove tm samlSSOProfile skewtime setting.

Remove tm sessionAction defaultauthorizationaction setting.

Remove tm sessionAction homepage setting.

Remove tm sessionAction httponlycookie setting.

Remove tm sessionAction kcdaccount setting.

Remove tm sessionAction persistentcookie setting.

Remove tm sessionAction persistentcookievalidity setting.

Remove tm sessionAction sesstimeout setting.

Remove tm sessionAction sso setting.

Remove tm sessionAction ssocredential setting.

Remove tm sessionAction ssodomain setting.

Remove tm sessionParameter defaultauthorizationaction setting.

Remove tm sessionParameter homepage setting.

Remove tm sessionParameter httponlycookie setting.

Remove tm sessionParameter kcdaccount setting.

Remove tm sessionParameter persistentcookie setting.

Remove tm sessionParameter persistentcookievalidity setting.

Remove tm sessionParameter sesstimeout setting.

Remove tm sessionParameter sso setting.

Remove tm sessionParameter ssocredential setting.

Remove tm sessionParameter ssodomain setting.

Remove tm sessionPolicy action setting.

Remove tm sessionPolicy rule setting.

Remove tm trafficAction forcedtimeout setting.

Remove tm trafficAction kcdaccount setting.

Remove tm trafficAction passwdexpression setting.

Remove tm trafficAction persistentcookie setting.

Remove tm trafficAction userexpression setting.

Remove tm trafficPolicy action setting.

Remove tm trafficPolicy rule setting.