Jump to content
Welcome to our new Citrix community!

Configure patset for AAA Authentication policy


Recommended Posts

I am triying to simplify the next expression:

 

AAA.USER.IS_MEMBER_OF("GROUP_1") || AAA.USER.IS_MEMBER_OF("GROUP_2") || AAA.USER.IS_MEMBER_OF("GROUP_3") || AAA.USER.IS_MEMBER_OF("GROUP_4") || AAA.USER.IS_MEMBER_OF("GROUP_5")

 

Can I use patset or any other function to do this configuration?, I appreciate if somebody have made that

 

I tried to create this expression but did not work

 

AAA.USER.GROUPS.EQUALS_ANY("Patset_Groups")

 

Link to comment
Share on other sites

You need the aaa.user.is_member_of_any("<ps_grouplist>") where <ps_grouplist> is your patternset of the Groups you are matching on.

Likely will be a case-sensitive comparison.

 

The _Any operators evaluate across patternsets.  Group names will likely be case-sensitive on match (though I can't test to confirm). 

aaa.user has an additional unique operator for aaa.user.is_emembe_of_all("<ps_grouplist>") which is an AND condition instead of the usual _ANY which is an OR condition. As an FYI.

 

The aaa.user.groups operator isn't compatible in this situation for what you want as it is returning a group list and can't in turn be compared to a patternset.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...