The backendExecute command executes back-end server–related administrative operations.
Table: backendExecute commands | Command | Description |
|---|
| BACKENDCMD_CREATE | Registers a new back-end server (see BACKENDCMD_CREATE). |
| BACKENDCMD_DELETE | Deletes the specified back-end server entry (see BACKENDCMD_DELETE). |
| BACKENDCMD_UPDATE | Updates the settings for the specified back-end server (see BACKENDCMD_UDPATE). |
| BACKENDCMD_VIEW | Displays the settings for the specified back-end server (see BACKENDCMD_VIEW). |
Parameters
Table: backendExecute input parameters | Paramter name | Data type | Description |
|---|
| sessionID | String | Required. The session identifier of the current administrative session. The logon command returns this identifier after a successful logon (see logon (Command)). |
| cmd | BackEndCmdIDEnum | The operation to be executed. See Table: backendExecute commands. |
| attributeSet | BackEndAttributeSet | A set containing zero or more attribute fields. |
Table: backendExecute output parameters | Paramter name | Data type | Description |
|---|
| results | BackEndResults | Result structure containing return and status codes and a list of zero or more result attribute fields. |
The following field attributes are available for the operations of this command:
Table: backendExecute field attributes | Attribute name | Data type | Description |
|---|
| BACKENDFLD_AUTH_IP_ADDRESS | String | Valid IPv4 address. |
| BACKENDFLD_AUTH_PORT | Integer | Possible values: 1–65535 |
| BACKENDFLD_AUTH_PORT_SSL | Integer | The SSL authentication port. |
| BACKENDFLD_BACKEND_PROTOCOL_ID | String | Communication protocol identifier. Up to 32 characters. |
| BACKENDFLD_BACKEND_SERVER_ID | String | The unique back-end server identifier. Up to 80 characters. |
| BACKENDFLD_CHARACTER_ENCODING | String | |
| BACKENDFLD_CREATE_TIME | DateTime | The date and time the data record was created. |
| BACKENDFLD_CUSTOM_REALM | String | Specifies an optional custom realm to be appended to the user name in RADIUS Access-Request packets if BACKENDFLD_INCLUDE_REALM is set. This attribute applies to RADIUS back-end servers only. Up to 255 characters. |
| BACKENDFLD_DIRECTORY_AUTH | String | Reserved for future use. |
| BACKENDFLD_DIRECTORY_BASE_DN | String | The base distinguished name (DN) used by the LDAP server when initiating searches. |
| BACKENDFLD_DOMAIN | String | Up to 255 characters. |
| BACKENDFLD_EMAIL_ATTRIBUTE | String | The LDAP attribute name that serves as the user's email address for DUR user information synchronization. Up to 64 characters. |
| BACKENDFLD_INCLUDE_REALM | String | Determines whether a user realm should be appended to the user name in RADIUS Access-Request packets. The realm is either set to BACKENDFLD_CUSTOM_REALM (if specified) or to the resolved domain name of the respective user. This attribute also specifies the notation to use when appending the realm, i.e. either prefix (REALM\USER) or postfix notation (USER@REALM). This attribute applies to RADIUS back-end servers only. Possible values: - No
- Yes - Prefix
- Yes - Postfix
|
| BACKENDFLD_MOBILE_ATTRIBUTE | String | The LDAP attribute name that serves as the user's mobile phone number for DUR user information synchronization. Up to 64 characters. |
| BACKENDFLD_MODIFY_TIME | DateTime | The date and time the data record was last modified. |
| BACKENDFLD_PHONE_ATTRIBUTE | String | The LDAP attribute name that serves as the user's landline phone number for DUR user information synchronization. Up to 64 characters. |
| BACKENDFLD_PRIORITY | Integer | Used if there is more than one back-end server. A higher number will denote a higher priority. The server with the highest priority is tried first, then the next highest, etc. |
| BACKENDFLD_RADIUS_ACCT_IP_ADDRESS | String | Valid IPv4 address. |
| BACKENDFLD_RADIUS_ACCT_PORT | Integer | Possible values: 1–65535 |
| BACKENDFLD_RADIUS_AUTH_IP_ADDRESS | String | Valid IPv4 address. |
| BACKENDFLD_RADIUS_AUTH_PORT | Integer | Possible values: 1–65535 |
| BACKENDFLD_RADIUS_MSG_AUTHENTICATOR_VALIDATION | Boolean | Determines whether OneSpan Authentication Server should strictly validate the Message-Authenticator attribute in all Access response packets received from the back-end server (according to RFC 2869). The Message-Authenticator attribute is used to sign access requests to prevent request spoofing. If OneSpan Authentication Server receives a response packet from the back-end server with a Message-Authenticator attribute, it calculates the correct value of it and discards the packet if it does not match the value sent. |
| BACKENDFLD_RADIUS_SHARED_SECRET | String | Up to 255 characters. |
| BACKENDFLD_RETRIES | Integer | Possible values: 1–65535 |
| BACKENDFLD_SECURITY_PRINCIPAL_DN | String | DN of an administrator account to use when sending a query to an LDAP back-end authenticator. |
| BACKENDFLD_SECURITY_PRINCIPAL_PASSWORD | String | Password for the Security_Principle account. |
| BACKENDFLD_TIMEOUT | Integer | Possible values: 1–999
|
| BACKENDFLD_USER_ID_ATTRIBUTE | String | The common name used for searching. Default value: cn |
| BACKENDFLD_USER_OBJECT_CLASS | String | The object class used by the LDAP server to hold attributes about people. Default value: inetOrgPerson |
| BACKENDFLD_USERNAME_ATTRIBUTE | String | The LDAP attribute name that serves as the user's display name for DUR user information synchronization. Up to 64 characters. |
BACKENDCMD_CREATE
The following attributes can be specified in the attributeSet input parameter of this command:
Table: BACKENDCMD_CREATE (Supported input attributes) | Attribute name | Optional? |
|---|
| BACKENDFLD_AUTH_IP_ADDRESS | Optional |
| BACKENDFLD_AUTH_PORT | Optional |
| BACKENDFLD_AUTH_PORT_SSL | Optional |
| BACKENDFLD_BACKEND_PROTOCOL_ID | Mandatory |
| BACKENDFLD_BACKEND_SERVER_ID | Mandatory |
| BACKENDFLD_CHARACTER_ENCODING | Optional |
| BACKENDFLD_CUSTOM_REALM | Optional |
| BACKENDFLD_DIRECTORY_AUTH | Optional |
| BACKENDFLD_DIRECTORY_BASE_DN | Optional |
| BACKENDFLD_DOMAIN | Optional |
| BACKENDFLD_EMAIL_ATTRIBUTE | Optional |
| BACKENDFLD_INCLUDE_REALM | Optional |
| BACKENDFLD_MOBILE_ATTRIBUTE | Optional |
| BACKENDFLD_PHONE_ATTRIBUTE | Optional |
| BACKENDFLD_PRIORITY | Optional |
| BACKENDFLD_RADIUS_ACCT_IP_ADDRESS | Optional |
| BACKENDFLD_RADIUS_ACCT_PORT | Optional |
BACKENDFLD_RADIUS_MSG_AUTHENTICATOR_VALIDATION
| Optional |
| BACKENDFLD_RADIUS_SHARED_SECRET | Optional |
| BACKENDFLD_RETRIES | Optional |
| BACKENDFLD_SECURITY_PRINCIPAL_DN | Optional |
| BACKENDFLD_SECURITY_PRINCIPAL_PASSWORD | Optional |
| BACKENDFLD_TIMEOUT | Optional |
| BACKENDFLD_USERNAME_ATTRIBUTE | Optional |
The following attributes will be specified in the results output parameter of this command:
Table: BACKENDCMD_CREATE (Suppored output attributes) | Attribute name | Returned? |
|---|
| BACKENDFLD_BACKEND_PROTOCOL_ID | Always |
| BACKENDFLD_BACKEND_SERVER_ID | Always |
| BACKENDFLD_CHARACTER_ENCODING | If defined |
| BACKENDFLD_CUSTOM_REALM | If defined |
| BACKENDFLD_DOMAIN | If defined |
| BACKENDFLD_EMAIL_ATTRIBUTE | If defined |
| BACKENDFLD_INCLUDE_REALM | If defined |
| BACKENDFLD_MOBILE_ATTRIBUTE | If defined |
| BACKENDFLD_MODIFY_TIME | Always |
| BACKENDFLD_MODIFY_TIME | Always |
| BACKENDFLD_PHONE_ATTRIBUTE | If defined |
| BACKENDFLD_PRIORITY | If defined |
| BACKENDFLD_RADIUS_ACCT_IP_ADDRESS | If defined |
| BACKENDFLD_RADIUS_ACCT_PORT | If defined |
| BACKENDFLD_RADIUS_AUTH_IP_ADDRESS | If defined |
| BACKENDFLD_RADIUS_AUTH_PORT | If defined |
| BACKENDFLD_RADIUS_RETRIES | If defined |
BACKENDFLD_RADIUS_MSG_AUTHENTICATOR_VALIDATION
| If defined |
| BACKENDFLD_RADIUS_SHARED_SECRET | If defined |
| BACKENDFLD_RADIUS_TIMEOUT | If defined |
| BACKENDFLD_USERNAME_ATTRIBUTE | If defined |
BACKENDCMD_VIEW
Only the BACKENDFLD_BACKEND_SERVER_ID attribute can be specified in the back-end attribute set input parameter of this command. This attribute is mandatory.
The following attributes will be specified in the results output parameter of this command:
Table: BACKENDCMD_VIEW (Supported output attributes) | Attribute name | Returned? |
|---|
| BACKENDFLD_AUTH_IP_ADDRESS | If defined |
| BACKENDFLD_AUTH_PORT | If defined |
| BACKENDFLD_BACKEND_PROTOCOL_ID | If defined |
| BACKENDFLD_BACKEND_SERVER_ID | Always |
| BACKENDFLD_CHARACTER_ENCODING | If defined |
| BACKENDFLD_CUSTOM_REALM | If defined |
| BACKENDFLD_DOMAIN | If defined |
| BACKENDFLD_EMAIL_ATTRIBUTE | If defined |
| BACKENDFLD_INCLUDE_REALM | If defined |
| BACKENDFLD_MOBILE_ATTRIBUTE | If defined |
| BACKENDFLD_MODIFY_TIME | Always |
| BACKENDFLD_MODIFY_TIME | Always |
| BACKENDFLD_PHONE_ATTRIBUTE | If defined |
| BACKENDFLD_PRIORITY | If defined |
| BACKENDFLD_RADIUS_ACCT_IP_ADDRESS | If defined |
| BACKENDFLD_RADIUS_ACCT_PORT | If defined |
BACKENDFLD_RADIUS_MSG_AUTHENTICATOR_VALIDATION
| If defined |
| BACKENDFLD_RADIUS_SHARED_SECRET | If defined |
| BACKENDFLD_RETRIES | If defined |
| BACKENDFLD_TIMEOUT | If defined |
| BACKENDFLD_USERNAME_ATTRIBUTE | If defined |
BACKENDCMD_UDPATE
The following attributes can be specified in the attributeSet input parameter of this command:
Table: BACKENDCMD_UDPATE (Supported input attributes) | Attribute name | Optionality |
|---|
| BACKENDFLD_AUTH_IP_ADDRESS | Optional |
| BACKENDFLD_AUTH_PORT | Optional |
| BACKENDFLD_BACKEND_PROTOCOL_ID | Mandatory |
| BACKENDFLD_BACKEND_SERVER_ID | Mandatory |
| BACKENDFLD_CHARACTER_ENCODING | Optional |
| BACKENDFLD_CUSTOM_REALM | Optional |
| BACKENDFLD_DOMAIN | Optional |
| BACKENDFLD_EMAIL_ATTRIBUTE | Optional |
| BACKENDFLD_INCLUDE_REALM | Optional |
| BACKENDFLD_MOBILE_ATTRIBUTE | Optional |
| BACKENDFLD_PHONE_ATTRIBUTE | Optional |
| BACKENDFLD_PRIORITY | Optional |
| BACKENDFLD_RADIUS_ACCT_IP_ADDRESS | Optional |
| BACKENDFLD_RADIUS_ACCT_PORT | Optional |
BACKENDFLD_RADIUS_MSG_AUTHENTICATOR_VALIDATION
| Optional |
| BACKENDFLD_RADIUS_SHARED_SECRET | Optional |
| BACKENDFLD_RETRIES | Optional |
| BACKENDFLD_TIMEOUT | Optional |
| BACKENDFLD_USERNAME_ATTRIBUTE | Optional |
The following attributes will be specified in the results output parameter of this command:
Table: BACKENDCMD_UDPATE (Supported output attributes) | Attribute name | Returned? |
|---|
| BACKENDFLD_AUTH_IP_ADDRESS | If defined |
| BACKENDFLD_AUTH_PORT | If defined |
| BACKENDFLD_BACKEND_PROTOCOL_ID | If defined |
| BACKENDFLD_BACKEND_SERVER_ID | Always |
| BACKENDFLD_CHARACTER_ENCODING | If defined |
| BACKENDFLD_CUSTOM_REALM | If defined |
| BACKENDFLD_DOMAIN_NAME | If defined |
| BACKENDFLD_EMAIL_ATTRIBUTE | If defined |
| BACKENDFLD_INCLUDE_REALM | If defined |
| BACKENDFLD_MOBILE_ATTRIBUTE | If defined |
| BACKENDFLD_MODIFY_TIME | Always |
| BACKENDFLD_PHONE_ATTRIBUTE | If defined |
| BACKENDFLD_PRIORITY | If defined |
| BACKENDFLD_RADIUS_ACCT_IP_ADDRESS | If defined |
| BACKENDFLD_RADIUS_ACCT_PORT | If defined |
BACKENDFLD_RADIUS_MSG_AUTHENTICATOR_VALIDATION
| If defined |
| BACKENDFLD_RADIUS_SHARED_SECRET | If defined |
| BACKENDFLD_RETRIES | If defined |
| BACKENDFLD_TIMEOUT | If defined |
| BACKENDFLD_USERNAME_ATTRIBUTE | If defined |
BACKENDCMD_DELETE
Only the BACKENDFLD_BACKEND_SERVER_ID attribute can be specified in the back-end attribute set input parameter of this command. This attribute is mandatory and serves as a unique back-end server identifier.
This command returns no result attributes.