Sso_list Variables
- Last Updated: October 14, 2024
- 1 minute read
- LoadMaster
- Kemp 360 Central
- Documentation
Refer to the table below for details about SSO variables.
|
Parameter |
Type |
Choices |
Comment |
|---|---|---|---|
|
domain |
String |
|
The nickname to provide to your configuration |
| server_side | Int | 0, 1 |
Specify server-side authentication: 0 - false 1 - true |
| reset_fail_tout | Int | The number of seconds that must elapse before the login attempts is set back to 0 | |
| cert_check_asi | Int | Only when selecting certificates - check the validity of a certificate checked against the altsecurityidentities attribute of a user | |
| cert_check_on | Int | Enabling this allows a fallback to check a Common Name when the Subject Alternate Name (SAN) is not available | |
| auth_type | String |
- ldap_unencrypted - ldap_starttls - ldap_ldaps - radius - kcd - certificates - radius_and_ldap_unencrypted - radius_and_ldap_starttls - radius_and_ldap_ldaps |
Specify the transport protocol to use with an authentication server (RSA is not supported) |
| logon_fmt | String |
- 'Not specified' - Principalname - Username - 'Username only' |
The string format for authenticating with LDAP/RADIUS |
| logon_fmt2 | String |
- 'not specified' - Principalname - Username |
The string format for authenticating to the server |
| logon_transcode | String | 0, 1 |
Enable or disable the transcode of login credentials: 0 - Disabled 1 - Enabled |
| idp_entity_id | String | Specify the Identity Service Provider (IdP) Entity ID. This is relevant when using SAML. | |
| idp_sso_url | String | Specify the IdP SSO URL | |
| idp_cert | String | Specify the Idp certificate to use for verification processing | |
| idp_matchcert | Int | 0, 1 |
If enabled, the assigned certificate must match in the SAML response: 0 - false 1 - true |
| radius_shared_secret | String | The shared secret to use between the RADIUS server and the LoadMaster | |
| radius_send_nas_id | String | If the radius_send_nas_id parameter is enabled, the radius_nas_id parameter is relevant. When specified, the value is used as the NAS identifier. Otherwise, the hostname is used as the NAS identifier. | |
| max_failed_auths | Int | The maximum number of failed login attempts before the user is locked out. 0 means the user is never locked out. | |
| sp_entity_id | String | This is relevant when using SAML. This is the Service Provided (SP) entity ID. | |
| sp_cert | String | Optional sign in request | |
| sess_tout_idle_pub | Int | The session idle timeout in seconds in a public environment | |
| sess_tout_idle_priv | Int | The session idle timeout in seconds in a private environment | |
| sess_tout_type | String |
- idle_time - max_duration |
The type of session timeout |
| sess_tout_duration_pub | Int | The maximum duration timeout in seconds used in a public environment | |
| sess_tout_duration_priv | Int | The maximum duration timeout in seconds, used in a private environment | |
| kerberos_domain | String | The Kerberos realm | |
| kerberos_kdc | String | The Kerberos Key Distribution Center (KDC) | |
| kerberos_username | String | The Kerberos username | |
| kerberos_password | String | The Kerberos password |