Get an application

get https://{hostname}/crux/v1/mgmt-pop/apps/{applicationId}

Lists a specified application.

Response

Response body

object

advanced_settings

object

Application config version advanced settings.

acceleration

string

Enables traffic acceleration for the application. Either true or false.

true false

allow_cors

string

Allows cross-origin resource sharing between domains. Either true or false.

true false

anonymous_server_conn_limit

string

The maximum number of concurrent anonymous server connections.

anonymous_server_request_limit

string

The maximum number of concurrent anonymous server requests.

app_auth

string

The application-facing authentication mechanism. Default is none.

app_auth_domain

string | null

Specifies the active directory domain where the application's service account was created. Used if the application supports Kerberos. Specify null if you want to provide this later.

app_client_cert_auth

string

Enables client certificate authentication. Either true or false.

true false

app_cookie_domain

string | null

The domain to be used in application cookies. Specify null if you want to provide this later.

app_location

string | null

The application's location. Specify null if you want to provide this later.

app_server_read_timeout

string

The maximum time for an application server to fulfill a user request. The default is 60 seconds.

authenticated_server_conn_limit

string

The maximum number of authenticated server connections allowed.

authenticated_server_request_limit

string

The maximum number of authenticated server connections allowed.

client_cert_auth

string

Enables client certificate authorization. Either true or false.

true false

client_cert_user_param

string

Relevant certificate parameters for client authentication.

cookie_domain

string

The domain to use for cookies if your application uses iFrames. Specify null if you want to provide this later.

cors_header_list

string

Defaults to unbounded

Controls which origins are populated in the Access-Control-Allow-Origin`` header. Defaults to unbounded, which echoes back the value of the Origin` header which was sent by the browser.

cors_max_age

string

The maximum time in seconds that can lapse before preflight information expires. After this time a new preflight request needs to be made for an unsafe request.

cors_method_list

string

Controls which HTTP methods are populated in the Access-Control-Allow-Methods header in response to a preflight request.

cors_origin_list

string

Controls which origins are populated in the Access-Control-Allow-Origin header. The default value of unbounded echoes back the value of the Origin header sent by the browser.

cors_support_credential

string

Enables the application to respond with the Access-Control-Allow-Credentials: true header set. Either on or off. If off, authentication between applications fails. If a cookie is sent to a cross-origin and the response does not include this header, the browser ignores the response. Either off or on.

off on

custom_headers

array of strings or null

Custom headers for application connections.

custom_headers

domain_exception_list

string

A list of domains to except from content rewrite.

edge_authentication_enabled

string

Enables edge authentication for the application. Either true or false.

true false

edge_cookie_key

string

The edge key to share with your ION configuration.

external_cookie_domain

string | null

The external domain to use for cookies if your application uses iFrames. Specify null if you want to provide this later.

force_mfa

string

Forces multi-factor authentication. Either off or on.

on off

forward_ticket_granting_ticket

string

Enables Kerberos forward ticket grants, instead of using a keytab file. Either true or false.

true false

g2o_enabled

string

Enables G2O on an application configuration. Either true or false.

true false

g2o_key

string | null

The G2O key to share with your ION configuration.

g2o_nonce

string | null

The G2O nonce to share with your ION configuration.

health_check_fall

string

The number of consecutive missed heartbeats before the connector considers an application server to be unreachable.

health_check_http_host_header

string | null

The host header to use for HTTP health checks.

health_check_http_url

string

The URL to use for HTTP health checks.

health_check_http_version

string

The HTTP version to use for the health check.

health_check_interval

string

The interval between successive heartbeats in seconds.

health_check_rise

string

The number of consecutive successful heartbeats that connectors need to receive before considering an application server to be healthy. The default is two.

health_check_timeout

string

The time in seconds that the connector waits before considering a heartbeat attempt to have failed.

health_check_type

string

The type of health check to perform on all the associated servers to verify service availability. Either 0 for default, 1 for http, 2 for https, 3 for tls, 4 for sslv3, 5 for 6 for tcp, or 7 for disable.

0 1 2 3 4 5 6 7

hidden_app

string

Used to hide the application from the login portal. Either true or false.

true false

host_key

string | null

The host secret key.

hsts_age

string

The maximum age of the HTTP Strict Transport Security activity period, in seconds.

http_only_cookie

string

Indicates whether cookies created for this application are only used for HTTP content. If your application uses a Java applet, you may want to disable this option. Either true or false.

true false

https_sslv3

string

Enables the application to interact with the connector using SSLv3. Either true or false.

true false

idle_close_time_seconds

string

The number of seconds a session may remain idle before it's closed.

idle_conn_ceil

string

The maximum number of user access TLS sessions to applications pre-created by a given connector.

idle_conn_floor

string

The minimum number of user access TLS sessions to applications pre-created by a given connector.

idle_conn_step

string

The incremental number of user access TLS sessions to launch for applications by a given connector.

idp_idle_expiry

string | null

The number of seconds before an idle session with the IDP expires. Specify null if you want to provide this later.

idp_max_expiry

string | null

The maximum number of seconds to maintain an IDP session. Specify null if you want to provide this later.

ignore_bypass_mfa

string

Ignores MFA bypass attempts on the application. Either off or on.

off on

ignore_cname_resolution

string

Ignore CNAME DNS resolutions for the application. Either true or false.

true false

inject_ajax_javascript

string

Enables custom JavaScript injection when rewriting websocket and XHR requests. Either off or on.

off on

internal_host_port

string

The internal host port to perform CNAME redirection on. Specify null if not applicable.

internal_hostname

string | null

The internal hostname to perform CNAME redirection on. Specify null if not applicable.

ip_access_allow

string

Allows access to IP based applications hosted in internal networks though EAA Client connector. Either true or false.

true false

is_ssl_verification_enabled

string

Indicates if SSL verification is enabled for the application. Either true or false.

true false

keepalive_connection_pool

string

The maximum number of connections allowed in the keepalive pool.

keepalive_enable

string

Enables connection keepalives. Either true or false.

true false

keepalive_timeout

string

The keepalive timeout period in seconds.

kerberos_negotiate_once

string

Configures the application to perform Kerberos authentication only on the initial login URL. Either on or off.

keyed_keepalive_enable

string

Allows a connection between two devices to remain open, even when no data is being transmitted. Either true or false.

true false

keytab

string

A unique keytab for Kerberos delegation.

load_balancing_metric

string

The load-balancing metric for the application. Either round-robin or ip-hash.

round-robin ip-hash

logging_enabled

string

Enables logging for the application. Either true or false.

true false

login_timeout

string

The number of seconds before a login attempt times out.

login_url

string | null

The URL for which authentication tokens need to be generated. Specify null if not applicable.

logout_url

string | null

The single-sign out URL triggered when a user logs out of an SSO application. Specify null if not applicable.

mdc_enable

string

Enables multi-data center connections. Either true or false.

true false

mfa

string

Enables multi-factor authentication for the application. Either enable, disable, or inherit.

enable disable inherit

offload_onpremise_traffic

string

Enables on-premises users to bypass the EAA cloud to access applications. Either true or false.

true false

pass_phrase

string | null

The passphrase for the certificate.

preauth_consent

string

Enables consent for OIDC pre-authorization. Either true or false.

true false

preauth_enforce_url

string

The URL that users are directed to when authenticating with a third party IdP. By default users are directed to the EAA application page.

private_key

string | null

Private key for the certificate.

proxy_buffer_size_kb

string | null

The size of the proxy's buffer, in kilobytes.

proxy_disable_clipboard

string

Prevents users from copying information from a RDP session. Either true or false.

true false

rate_limit

string

Enables rate limiting for the application. Either on or off.

on off

rdp_initial_program

string | null

The program that initializes when the user logs in to the remote environment. Specify null if not applicable.

rdp_legacy_mode

string

Enables legacy mode RDP connections to the application. Either true or false.

true false

rdp_remote_apps

array of strings or null

Remote RDP applications.

rdp_remote_apps

rdp_tls1

string

Enables TLS v1 for RDP connections. Either true or false.

true false

refresh_sticky_cookie

string

Enables refresh of cookies used for session stickiness. Either on or off.

off on

remote_spark_audio

string

Enables audio integration for Cisco Webex Spark application. Either true or false.

true false

remote_spark_disk

string

Name of the disk for Cisco Webex Spark application.

remote_spark_mapClipboard

string

Enables map clipboard integration for Cisco Webex Spark application. Either on or off.

on off

remote_spark_mapDisk

string

Enables map disk integration for Cisco Webex Spark application. Either true or false.

true false

remote_spark_mapPrinter

string

Enables map printer integration for Cisco Webex Spark application. Either true or false.

true false

remote_spark_printer

string

Name of the printer for Cisco Webex Spark application.

remote_spark_recording

string

Enables recording integration for Cisco Webex Spark application. Either true or false.

true false

request_body_rewrite

string

Enables the application to rewrite request body data. Either true or false.

true false

request_parameters

string | null

The HTTP request parameter to use. For example, GET. Specify null if not applicable.

saas_enabled

string

Enables SaaS for the application. Either true or false.

true false

sentry_redirect_401

string

Enables the Sentry module to redirect requests that receive a 401 response.

server_cert_validate

string

Enables EAA to fo origin server certification validation for HTTPS applications. Either true or false.

true false

server_request_burst

string

The server request threshold for burst monitoring.

service_principle_name

string | null

The application's Kerberos service principal name (SPN). If your application uses a different service principal name, specify the configuration suitable for your application. Specify null if not applicable.

session_sticky

string | null

Enables session stickiness to ensure that a given session always traverses the same connector when interacting with the application. Either true or false. Specify null if not applicable.

true false

session_sticky_cookie_maxage

string

Sets the maximum age in seconds for the session stickiness cookie.

session_sticky_server_cookie

string | null

Enables refresh of a sticky cookie to ensure that the content goes to the same connector to prevent session lag or content loss in a session, even after the session length has passed. Omit it if not applicable, and the value subsequently reflects back as null.

single_host_content_rw

string

Enables single host content rewrite. Either true or false.

true false

single_host_cookie_domain

string

Enables single host cookie domains. Either true or false.

true false

single_host_enable

string

Enables single host FQDN for the application. Either true or false.

true false

single_host_fqdn

string

The single host fully qualified domain name used to host multiple applications.

single_host_path

string

The single host path used to host multiple applications.

sla_object_url

string

The SLA object URL to share with your ION configuration.

spdy_enabled

string

Enables SPDY traffic management. Either true or false.

true false

ssh_audit_enabled

string

Enables ssh session auditing. Either true or false.

true false

sso

string

Enables SSO authentication for the application. Either true or false.

true false

sticky_agent

string

Enables connector persistence for connections. Either true or false.

true false

user_name

string | null

The username to use for application authentication. Specify null if not applicable.

wapp_auth

string

The authentication method for the application. Either form, basic, basic+cookie, or certificate_only.

form basic basic+cookie certificate_only

websocket_enabled

string

Indicates that this application uses WebSockets for HTTP transport. Either true or false.

true false

wildcard_internal_hostname

string

Enables an optional wildcard string for internal hostnames. Either true or false.

true false

agents

array of objects

length ≥ 1

Target connectors for deploying the application configuration.

agents

object

compatible

boolean

required

Whether the target connector is compatible with the application configuration.

name

string

required

length ≥ 1

The name of the connector.

uuid_url

string

required

length ≥ 1

The UUID URL of the connector.

app

object

Specifies the application for the application directory.

app_uuid_url

string

required

length ≥ 1

The application UUID URL.

name

string

required

length ≥ 1

The application name.

app_category

object

Specifies the category the application belongs to.

name

string

length ≥ 1

The name of the category.

uuid_url

string

length ≥ 1

The UUID of the category.

app_deployed

boolean

Whether the application configuration is deployed.

app_logo

string

length ≥ 1

A URL identifying the application configuration's logo icon.

app_operational

integer

Defaults to 1

The operational status of the application configuration. Either 1 for No, 2 for Pending, or 3 for Okay.

1 2 3

app_profile

integer

Defaults to 1

The access application profile. Either 1 for HTTP, 2 for SharePoint, 3 for Jira, 4 for RDP, 5 for VNC, 6 for ssh, 7 for Jenkins, 8 for Confluence, or 9 for TCP.

1 2 3 4 5 6 7 8 9

app_status

integer

Defaults to 1

The status of the application configuration. Either 1 for not ready, 2 for ready, 3 for pending, 4 for deployed, 5 for failed, 6 for cloud deployed, or 7 for connector deployed.

1 2 3 4 5 6 7

app_type

integer

The type of application configuration. Either 1 for Enterprise Hosted, 2 for SAAS, 3 for Bookmark, 4 for Tunnel, or 5 for Enterprise Threat Protector.

1 2 3 4 5

auth_agent

string | null

The connector for the application.

auth_enabled

string

length ≥ 1

Defaults to true

Enables authentication.

auth_type

integer

Defaults to 1

The type of authentication used. Either 1 for Cloud, 2 for Enterprise, or 3 for Third Party.

1 2 3

bookmark_url

string

length ≥ 0

The Okta Bookmark app URL.

cert

string | null

A valid certificate string for front-end SSL connections. Used if you configure your domain as the external hostname. Specify null if you want to name it later.

client_app_mode

integer

Defaults to 1

The mode of client app. 1 for TCP or 2 for Tunnel.

1 2

cname

string | null

The upstream URL for a CNAME redirect.

created_at

string

Read-only ISO 8601 timestamp marking the application object's creation.

data_agent

string | null

The data connector for the application.

description

string

length ≥ 1

A description of the application.

directories

array of objects

length ≥ 1

Application directory details for validating user accounts.

directories

object

name

string

required

length ≥ 1

The name of the directory.

type

integer

required

The type of directory. Select 1 for EAA Cloud Directory, 2 for Active Directory, 3 for LDAP, or 4 for Active Directory LDS.

1 2 3 4

user_count

integer

required

≥ 0

The total number of user accounts configured on the directory.

uuid_url

string

required

length ≥ 1

The UUID URL of the directory.

directory

object

Directory properties.

directory_uuid_url

string

The directory's unique ID.

name

string

The directory name.

domain

integer

Defaults to 1

The type of access domain. Select 1 for custom or 2 for Akamai.

1 2

domain_suffix

string

length ≥ 0

The domain suffix. For example, .com.

enable_mfa

string

Enables multifactor authentication. Either enable or use to inherit to use the IDP's MFA settings.

inherit enable

host

string | null

The external default hostname for the application.

idp

object

Specifies the identity provider (IDP) for authenticating user requests.

client_cert_auth

string

Enables client certificate authorization. Either true or false.

true false

client_cert_user_param

string

length ≥ 0

Relevant cert based parameters for client authentication.

idp_id

string

length ≥ 1

The ID of the IDP configuration.

name

string

length ≥ 0

The name of the IDP configuration.

type

integer

Defaults to 1

The type of IDP. Select 1 for Default, 2 for EAA, 3 for SAML, 4 for Okta, 5 for PingOne, 6 for OneLogin, 7 for Google, 8 for OIDC, or 9 for Azure.

1 2 3 4 5 6 7 8 9

modified_at

string

length ≥ 1

Name of the user who most recently modified this application object. If the object wasn't modified since first being created, the value matches createdAt.

name

string

length ≥ 0

The name of the application configuration.

oidc

boolean

Enables OpenID Connect (OIDC).

oidc_settings

object | null

JSON settings to implement OIDC.

authorization_endpoint

string

length ≥ 1

The OIDC endpoint where end users authenticate and grant the client application consent to access their identity information.

certs_uri

string

length ≥ 1

The URI of the relaying party's CA certificate.

check_session_iframe

string

length ≥ 1

The iframe URL used to check session status.

discovery_url

string

length ≥ 1

The OIDC endpoint the client uses to discover OpenID features and other provider endpoints.

end_session_endpoint

string

length ≥ 1

The OIDC endpoint that triggers single sign out.

jwks_uri

string

length ≥ 1

The publishing location of the JSON web keys (JWK). Used for both the open provider and the relaying party.

openid_metadata

string

length ≥ 1

Metadata that describes the OIDC provider's configuration.

token_endpoint

string

length ≥ 1

The OIDC endpoint that tokens and authenticates client application requests.

userinfo_endpoint

string

length ≥ 1

The OIDC endpoint where the client sends requests for identity claims.

orig_tls

string

Whether the origin host uses TLS encryption.

origin_host

string | null

The IP address or FQDN of the application origin server.

origin_port

integer

The application's origin port.

pop

string

length ≥ 0

The identifier for the target region to deploy the application.

popName

string

length ≥ 0

The target region to deploy the application. For example, US-West or US-East.

rdp_version

string

length ≥ 1

The version of remote desktop protocol (RDP).

resource

string

length ≥ 1

Name of resource mapping to an entity or set of entities. For example, apps.

resource_status

object

The most recent status of various application resources.

cert_status

integer

required

Defaults to 1

The certificate resource status. Either 1 for Not Added, 2 for Expired, 3 for Invalid CNAME, 4 for Invalid CA, 5 for No Private Key, 6 for Okay, or 7 for Invalid CA User Parameter.

1 2 3 4 5 6 7

cname_dns_status

integer

required

Defaults to 1

The CNAME DNS resource status. Either 1 for Not Configured, 2 for Configured, 3 for Ready, 4 for Not Resolved, 5 for Okay.

1 2 3 4 5

data_agent_status

integer

required

Defaults to 1

The data agent resource status. Either 1 for Not Added, 2 for Not Installed, 3 for Not Approved, 4 for Not Reachable, 5 for Okay, or 6 for Not Compatible.

1 2 3 4 5 6

dialin_server_status

integer

required

Defaults to 1

The dialin server resource status. Either 1 for Not Configured, 2 for Configured, 3 for Not Created, 4 for Not Resolved, and 5 for Okay.

1 2 3 4 5

directories_status

integer

required

Defaults to 1

The directories resource status. Either 1 for Not Added, 2 for Added, 3 for No Connector, 4 for Pending, 5 for Not Reachable, or 6 for Okay.

1 2 3 4 5 6

host_dns_status

integer

required

Defaults to 1

The host DNS resource status. Either 1 for Not Configured, 2 for Configured, 3 for Ready, 4 for Not Resolved, 5 for Not Created, 6 for Okay, or 7 for CNAME Mismatch.

1 2 3 4 5 6 7

host_reachable

boolean

required

Defaults to false

Indicates whether the host is reachable.

internal_host_status

integer

required

Defaults to 1

The internal host resource status. Either 1 for Not Configured or 2 for Okay.

1 2

origin_host_status

integer

required

Defaults to 1

The origin host resource status. Either 1 for Not Configured, 2 for Configured, 3 for Ready, 4 for Not Reachable, or 5 for Okay.

1 2 3 4 5

pop_status

integer

required

Defaults to 1

The pop resource status. Either 1 for Not Configured) or 2 for Okay.

1 2

resource_uri

object

Related resource URIs for the application.

apps

string

length ≥ 1

The URI location of an associated application resource.

directories

string

length ≥ 1

The URI location of an associated directory resource.

groups

string

length ≥ 1

The URI location of an associated group resource.

href

string

length ≥ 1

The URI location of an associated href resource.

pop

string

length ≥ 1

The URI location of an associated pop resource.

services

string

length ≥ 1

The URI location of an associated service resource.

sites

string

length ≥ 1

The URI location of an associated site resource.

saml

boolean

Enables SAML for the application.

saml_settings

array of objects

length ≥ 1

SAML configuration for an application.

saml_settings

object

attrmap

array of objects

required

length ≥ 1

SAML attribute mapping details.

attrmap*

object

fmt

string

required

The name format of the attribute. Either email, basic, persistent, unspecified, or transient.

email basic unspecified persistent transient

fname

string

length ≥ 0

The fname of the attribute.

name

string

required

length ≥ 1

The name of the attribute.

rule

string

length ≥ 1

The custom rule language for the attribute.

src

string

required

length ≥ 1

The source of the attribute.

val

string

length ≥ 1

The value of the attribute.

idp

object

required

Specifies identity provider (IDP) settings for the SAML configuration.

object

required

Specifies service provider (SP) settings for the SAML configuration.

subject

object

required

Specifies the subject settings for the SAML configuration.

servers

array of objects

length ≥ 0

Origin server details of the internal application within your network.

servers

object

name

string

length ≥ 1

The name of the origin server.

orig_tls

boolean

required

Enables TLS on the origin server.

origin_host

string | null

required

The IP address or FQDN of the origin server.

origin_port

integer

required

≥ 0

The port number of the origin server.

origin_protocol

string

required

The protocol of the origin server connection. Either ssh or http.

ssh http

services

array of objects

length ≥ 1

Services enabled on the application configuration.

services

object

name

string

length ≥ 1

The name of the service.

uuid_url

string

length ≥ 1

The unique ID of the service.

sites

array of strings

length ≥ 1

List of associated site resources.

sites

status

Defaults to 1

The status of the application configuration. Either 1 for not ready, 2 for ready, 3 for pending, 4 for deployed, 5 for failed, 6 for cloud deployed, or 7 for connector deployed.

uuid_url

string

length ≥ 1

A unique identifier for the application.

wsfed

boolean

Enables Web Services Federation (WSFED) identity federation.

wsfed_settings

array of objects

length ≥ 1

JSON settings to implement WSFED.

Web Services Federation (WSFED) settings

object

attrmap

array of objects

required

length ≥ 1

Mapped attributes for the WSFED configuration.

attrmap*

object

custom_fmt

string

length ≥ 1

The custom format of the attribute.

fmt

string

required

length ≥ 1

The name format of the attribute.

name

string

length ≥ 1

The name of the attribute.

rule

string

length ≥ 1

The custom rule language for the attribute.

src

string

length ≥ 1

The source of the attribute.

val

string

length ≥ 1

The value of the attribute.

idp

object

required

Specifies identity provider (IDP) settings for the WSFED configuration.

object

required

Specifies service provider settings for the WSFED configuration.

subject

object

required

Specifies subject settings for the WSFED configuration.

Language

Authentication

Remember to add your authentication credentials to run this code.

URL


xxxxxxxxxx
1
curl --request GET \
2
     --url https://hostname/crux/v1/mgmt-pop/apps/applicationId \
3
     --header 'accept: application/json'


xxxxxxxxxx
271
}
1
{
2
  "advanced_settings": {
3
    "acceleration": "false",
4
    "allow_cors": "false",
5
    "anonymous_server_conn_limit": "50",
6
    "anonymous_server_request_limit": "100",
7
    "app_auth": "none",
8
    "app_auth_domain": null,
9
    "app_client_cert_auth": "false",
10
    "app_cookie_domain": null,
11
    "app_location": null,
12
    "app_server_read_timeout": "60",
13
    "authenticated_server_conn_limit": "50",
14
    "authenticated_server_request_limit": "100",
15
    "client_cert_auth": "false",
16
    "client_cert_user_param": "",
17
    "cookie_domain": "",
18
    "cors_header_list": "unbounded",
19
    "cors_max_age": "86400",
20
    "cors_method_list": "unbounded",
21
    "cors_origin_list": "unbounded",
22
    "cors_support_credential": "on",
23
    "custom_headers": [],
24
    "domain_exception_list": "",
25
    "edge_authentication_enabled": "false",

200Successful response.