primary connection (Identity Management Advanced Query)
Statement introduced in Junos OS Release 15.1X49-D100.
IPv6 address support introduced in Junos OS Release 18.3R1.
Configure parameters that the SRX Series device uses to connect to the Juniper Identity Management Service (JIMS) primary server and authenticate to it to obtain an access token. JIMS requires that the SRX Series device use OAuth2 to authenticate to it before the SRX Series device is allowed to query the JIMS server for user identity information. The SRX Series device must provide the JIMS server with credentials, including a client ID and a client secret. If the client is authenticated–-in this case the SRX Series device—it is granted an access token. (See RFC 6749.) Both the client ID and the client secret must be consistent with the API client configured on the JIMS primary server.
In addition to configuring the client ID and the client secret, you configure the filename of the JIMS’s ca-certificate. The certificate enables the SRX Series device to verify the identity of JIMS and that it is trusted for the SSL connection.
If the deployment configuration consists of more than one JIMS server, a primary and secondary relationship is established. The SRX Series device always attempts to connect to the primary server. When one or more queries to the primary server fails, the system falls back to the secondary server.
Before you use this feature, you must disable any other actively used options under the [edit services user-identification] hierarchy. You cannot commit this configuration if active directory authentication and the ClearPass query and webapi functions are configured and committed.
The SRX Series device supports a self signed + BASE64 encoded X.509 certificate only.