2009-12-17 20:20:17 +01:00
|
|
|
## @file
|
|
|
|
|
# Manager tree structure and tests
|
|
|
|
|
|
|
|
|
|
## @class
|
|
|
|
|
# Manager tree structure and tests
|
2009-12-11 19:17:00 +01:00
|
|
|
package Lemonldap::NG::Manager::_Struct;
|
|
|
|
|
|
|
|
|
|
use strict;
|
2010-01-28 18:58:49 +01:00
|
|
|
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
|
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
our $VERSION = '0.1';
|
|
|
|
|
|
2009-12-17 20:20:17 +01:00
|
|
|
## @method protected hashref cstruct(hashref h,string k)
|
|
|
|
|
# Merge $h with the structure produced with $k and return it.
|
2010-02-22 15:38:31 +01:00
|
|
|
# Used to manage virtual hosts, and metadatas (IDP, SP).
|
2009-12-17 20:20:17 +01:00
|
|
|
#@param $h Result of struct()
|
2010-02-22 15:38:31 +01:00
|
|
|
#@param $k Full path of the key
|
2009-12-17 20:20:17 +01:00
|
|
|
#@return Tree structure
|
2009-12-11 19:17:00 +01:00
|
|
|
sub cstruct {
|
|
|
|
|
shift;
|
|
|
|
|
my ( $h, $k ) = @_;
|
2010-03-01 21:32:28 +01:00
|
|
|
my @tmp = split( /\//, $k );
|
|
|
|
|
return $h unless ( scalar(@tmp) > 1 );
|
2010-02-22 15:38:31 +01:00
|
|
|
my $k1 = $tmp[0];
|
|
|
|
|
my $k2 = $tmp[1];
|
2010-03-01 21:32:28 +01:00
|
|
|
if ( $k1 =~ /^virtualHosts/i ) {
|
|
|
|
|
%$h = (
|
|
|
|
|
%$h,
|
|
|
|
|
virtualHosts => {
|
|
|
|
|
$k2 => {
|
|
|
|
|
_nodes => [qw(rules:rules:rules headers)],
|
|
|
|
|
rules => {
|
|
|
|
|
_nodes => ["hash:/locationRules/$k2:rules:rules"],
|
|
|
|
|
_js => 'rulesRoot'
|
|
|
|
|
},
|
|
|
|
|
headers => {
|
|
|
|
|
_nodes => ["hash:/exportedHeaders/$k2"],
|
|
|
|
|
_js => 'hashRoot'
|
2010-02-22 15:38:31 +01:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
2010-03-01 21:32:28 +01:00
|
|
|
elsif ( $k1 =~ /^samlIDPMetaDataNode/i ) {
|
|
|
|
|
%$h = (
|
|
|
|
|
%$h,
|
|
|
|
|
samlIDPMetaDataNode => {
|
|
|
|
|
$k2 => {
|
|
|
|
|
_nodes => [
|
2010-03-04 17:51:28 +01:00
|
|
|
qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)
|
2010-02-22 15:38:31 +01:00
|
|
|
],
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPMetaDataExportedAttributes => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
"hash:/samlIDPMetaDataExportedAttributes/$k2"
|
|
|
|
|
. ":samlIDPMetaDataExportedAttributes:samlAttribute"
|
2010-02-22 15:38:31 +01:00
|
|
|
],
|
2010-03-01 21:32:28 +01:00
|
|
|
_js => 'samlAttributeRoot'
|
|
|
|
|
},
|
|
|
|
|
samlIDPMetaDataXML => "samlmetadata:/samlIDPMetaDataXML/$k2"
|
2010-03-11 17:43:21 +01:00
|
|
|
. ":samlIDPMetaDataXML:filearea",
|
2010-03-04 16:44:03 +01:00
|
|
|
samlIDPMetaDataOptions => {
|
|
|
|
|
_nodes => [
|
2010-06-28 14:28:48 +02:00
|
|
|
qw(samlIDPMetaDataOptionsResolutionRule samlIDPMetaDataOptionsAuthnRequest samlIDPMetaDataOptionsSession samlIDPMetaDataOptionsSignature samlIDPMetaDataOptionsBinding samlIDPMetaDataOptionsSecurity)
|
2010-03-04 17:51:28 +01:00
|
|
|
],
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsResolutionRule =>
|
|
|
|
|
"textarea:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsResolutionRule",
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsAuthnRequest => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsNameIDFormat samlIDPMetaDataOptionsForceAuthn samlIDPMetaDataOptionsIsPassive samlIDPMetaDataOptionsAllowProxiedAuthn samlIDPMetaDataOptionsAllowLoginFromIDP samlIDPMetaDataOptionsRequestedAuthnContext)
|
|
|
|
|
],
|
|
|
|
|
|
2010-03-04 17:51:28 +01:00
|
|
|
samlIDPMetaDataOptionsNameIDFormat =>
|
2010-03-25 17:19:10 +01:00
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsNameIDFormat"
|
|
|
|
|
. ":default:nameIdFormatParams",
|
2010-03-04 17:51:28 +01:00
|
|
|
samlIDPMetaDataOptionsForceAuthn =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsForceAuthn",
|
2010-04-01 16:40:29 +02:00
|
|
|
samlIDPMetaDataOptionsIsPassive =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsIsPassive",
|
2010-03-04 17:51:28 +01:00
|
|
|
samlIDPMetaDataOptionsAllowProxiedAuthn =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsAllowProxiedAuthn",
|
2010-03-24 14:01:14 +01:00
|
|
|
samlIDPMetaDataOptionsAllowLoginFromIDP =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsAllowLoginFromIDP",
|
2010-06-28 14:28:48 +02:00
|
|
|
samlIDPMetaDataOptionsRequestedAuthnContext =>
|
|
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsRequestedAuthnContext"
|
|
|
|
|
. ":default:authnContextParams",
|
|
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsSession => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsAdaptSessionUtime samlIDPMetaDataOptionsForceUTF8)
|
|
|
|
|
],
|
|
|
|
|
|
2010-03-25 11:02:53 +01:00
|
|
|
samlIDPMetaDataOptionsAdaptSessionUtime =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsAdaptSessionUtime",
|
2010-06-28 14:28:48 +02:00
|
|
|
samlIDPMetaDataOptionsForceUTF8 =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsForceUTF8",
|
|
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsSignature => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsSignSSOMessage samlIDPMetaDataOptionsCheckSSOMessageSignature samlIDPMetaDataOptionsSignSLOMessage samlIDPMetaDataOptionsCheckSLOMessageSignature)
|
|
|
|
|
],
|
|
|
|
|
|
2010-04-01 16:18:37 +02:00
|
|
|
samlIDPMetaDataOptionsSignSSOMessage =>
|
2010-07-01 18:05:57 +02:00
|
|
|
"trool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSignSSOMessage",
|
2010-04-01 16:18:37 +02:00
|
|
|
samlIDPMetaDataOptionsCheckSSOMessageSignature =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckSSOMessageSignature",
|
|
|
|
|
samlIDPMetaDataOptionsSignSLOMessage =>
|
2010-07-01 18:05:57 +02:00
|
|
|
"trool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSignSLOMessage",
|
2010-04-01 16:18:37 +02:00
|
|
|
samlIDPMetaDataOptionsCheckSLOMessageSignature =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckSLOMessageSignature",
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsBinding => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsSSOBinding samlIDPMetaDataOptionsSLOBinding)
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsSSOBinding =>
|
|
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSSOBinding"
|
|
|
|
|
. ":default:bindingParams",
|
|
|
|
|
samlIDPMetaDataOptionsSLOBinding =>
|
|
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSLOBinding"
|
|
|
|
|
. ":default:bindingParams",
|
|
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsSecurity => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsEncryptionMode samlIDPMetaDataOptionsCheckConditions)
|
|
|
|
|
],
|
|
|
|
|
|
2010-06-04 17:54:52 +02:00
|
|
|
samlIDPMetaDataOptionsEncryptionMode =>
|
|
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsEncryptionMode:default:encryptionModeParams",
|
2010-06-10 17:01:05 +02:00
|
|
|
samlIDPMetaDataOptionsCheckConditions =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckConditions",
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
2010-03-04 17:51:28 +01:00
|
|
|
},
|
2010-03-01 21:32:28 +01:00
|
|
|
}
|
2009-12-11 19:17:00 +01:00
|
|
|
}
|
2010-03-01 21:32:28 +01:00
|
|
|
);
|
2010-02-22 15:38:31 +01:00
|
|
|
}
|
2010-03-25 15:38:54 +01:00
|
|
|
elsif ( $k1 =~ /^samlSPMetaDataNode/i ) {
|
|
|
|
|
%$h = (
|
|
|
|
|
%$h,
|
|
|
|
|
samlSPMetaDataNode => {
|
|
|
|
|
$k2 => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions)
|
|
|
|
|
],
|
|
|
|
|
samlSPMetaDataExportedAttributes => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
"hash:/samlSPMetaDataExportedAttributes/$k2"
|
|
|
|
|
. ":samlSPMetaDataExportedAttributes:samlAttribute"
|
|
|
|
|
],
|
|
|
|
|
_js => 'samlAttributeRoot'
|
|
|
|
|
},
|
|
|
|
|
samlSPMetaDataXML => "samlmetadata:/samlSPMetaDataXML/$k2"
|
|
|
|
|
. ":samlSPMetaDataXML:filearea",
|
|
|
|
|
samlSPMetaDataOptions => {
|
2010-05-20 12:25:00 +02:00
|
|
|
_nodes => [
|
2010-06-28 14:28:48 +02:00
|
|
|
qw(samlSPMetaDataOptionsAuthnResponse samlSPMetaDataOptionsSignature samlSPMetaDataOptionsSecurity)
|
2010-05-20 12:25:00 +02:00
|
|
|
],
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
samlSPMetaDataOptionsAuthnResponse => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsOneTimeUse)
|
|
|
|
|
],
|
|
|
|
|
|
2010-05-20 17:57:51 +02:00
|
|
|
samlSPMetaDataOptionsNameIDFormat =>
|
|
|
|
|
"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDFormat"
|
|
|
|
|
. ":default:nameIdFormatParams",
|
2010-04-02 10:12:59 +02:00
|
|
|
samlSPMetaDataOptionsOneTimeUse =>
|
|
|
|
|
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsOneTimeUse",
|
2010-06-28 14:28:48 +02:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlSPMetaDataOptionsSignature => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPMetaDataOptionsSignSSOMessage samlSPMetaDataOptionsCheckSSOMessageSignature samlSPMetaDataOptionsSignSLOMessage samlSPMetaDataOptionsCheckSLOMessageSignature)
|
|
|
|
|
],
|
|
|
|
|
|
2010-05-20 12:25:00 +02:00
|
|
|
samlSPMetaDataOptionsSignSSOMessage =>
|
2010-07-01 18:05:57 +02:00
|
|
|
"trool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsSignSSOMessage",
|
2010-05-20 12:25:00 +02:00
|
|
|
samlSPMetaDataOptionsCheckSSOMessageSignature =>
|
|
|
|
|
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsCheckSSOMessageSignature",
|
|
|
|
|
samlSPMetaDataOptionsSignSLOMessage =>
|
2010-07-01 18:05:57 +02:00
|
|
|
"trool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsSignSLOMessage",
|
2010-05-20 12:25:00 +02:00
|
|
|
samlSPMetaDataOptionsCheckSLOMessageSignature =>
|
|
|
|
|
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsCheckSLOMessageSignature",
|
2010-06-28 14:28:48 +02:00
|
|
|
},
|
|
|
|
|
samlSPMetaDataOptionsSecurity => {
|
|
|
|
|
|
2010-07-01 11:48:50 +02:00
|
|
|
_nodes => [qw(samlSPMetaDataOptionsEncryptionMode)],
|
2010-06-28 14:28:48 +02:00
|
|
|
|
2010-06-04 17:54:52 +02:00
|
|
|
samlSPMetaDataOptionsEncryptionMode =>
|
|
|
|
|
"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsEncryptionMode:default:encryptionModeParams",
|
2010-03-25 15:38:54 +01:00
|
|
|
},
|
2010-06-28 14:28:48 +02:00
|
|
|
},
|
2010-03-25 15:38:54 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
2009-12-11 19:17:00 +01:00
|
|
|
return $h;
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-17 20:20:17 +01:00
|
|
|
## @method protected hashref struct(hashref h,string k)
|
|
|
|
|
# Returns the tree structure
|
|
|
|
|
#@return Tree structure
|
2009-12-11 19:17:00 +01:00
|
|
|
sub struct {
|
2009-12-23 10:37:38 +01:00
|
|
|
my $self = shift;
|
2009-12-11 19:17:00 +01:00
|
|
|
return {
|
2010-03-01 21:32:28 +01:00
|
|
|
_nodes => [
|
2010-03-25 15:38:54 +01:00
|
|
|
qw(n:generalParameters n:variables n:virtualHosts n:samlServiceMetaData n:samlIDPMetaDataNode n:samlSPMetaDataNode)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
|
|
|
|
_help => 'default',
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
######################
|
|
|
|
|
# GENERAL PARAMETERS #
|
|
|
|
|
######################
|
2009-12-11 19:17:00 +01:00
|
|
|
generalParameters => {
|
|
|
|
|
_nodes => [
|
2010-03-15 21:24:02 +01:00
|
|
|
qw(n:portalParams n:authParams n:logParams n:cookieParams n:sessionParams n:advancedParams)
|
2009-12-11 19:17:00 +01:00
|
|
|
],
|
2010-03-01 21:32:28 +01:00
|
|
|
_help => 'default',
|
2010-01-22 17:04:15 +01:00
|
|
|
|
|
|
|
|
# PORTAL PARAMETERS
|
|
|
|
|
portalParams => {
|
2010-03-14 15:38:39 +01:00
|
|
|
_nodes => [qw(portal n:portalModules n:portalCustomization)],
|
2010-03-15 21:24:02 +01:00
|
|
|
_help => 'portalParams',
|
|
|
|
|
|
2010-03-21 13:00:04 +01:00
|
|
|
portal => 'text:/portal:portal:text',
|
2010-03-15 21:24:02 +01:00
|
|
|
|
|
|
|
|
portalModules => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(portalDisplayLogout portalDisplayResetPassword portalDisplayChangePassword portalDisplayAppslist)
|
|
|
|
|
],
|
|
|
|
|
portalDisplayLogout => 'text:/portalDisplayLogout',
|
|
|
|
|
portalDisplayResetPassword =>
|
|
|
|
|
'text:/portalDisplayResetPassword',
|
|
|
|
|
portalDisplayChangePassword =>
|
|
|
|
|
'text:/portalDisplayChangePassword',
|
|
|
|
|
portalDisplayAppslist => 'text:/portalDisplayAppslist',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
portalCustomization => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(portalSkin portalAutocomplete portalRequireOldPassword portalUserAttr portalOpenLinkInNewWindow)
|
|
|
|
|
],
|
|
|
|
|
|
2010-03-24 23:06:43 +01:00
|
|
|
portalSkin => 'text:/portalSkin:portalParams:skinSelect',
|
2010-03-15 21:24:02 +01:00
|
|
|
portalAutocomplete => 'bool:/portalAutocomplete',
|
2010-03-14 15:29:15 +01:00
|
|
|
portalRequireOldPassword =>
|
|
|
|
|
'bool:/portalRequireOldPassword',
|
2010-03-15 21:24:02 +01:00
|
|
|
portalUserAttr => 'text:/portalUserAttr',
|
2010-03-14 15:29:15 +01:00
|
|
|
portalOpenLinkInNewWindow =>
|
|
|
|
|
'bool:/portalOpenLinkInNewWindow',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-01-22 17:04:15 +01:00
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
|
|
|
|
|
# AUTHENTICATION AND USERDB PARAMETERS
|
2009-12-11 19:17:00 +01:00
|
|
|
authParams => {
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# Displayed nodes depend on authentication/userDB modules choosed
|
2009-12-23 10:37:38 +01:00
|
|
|
_nodes => sub {
|
|
|
|
|
my $self = shift;
|
2009-12-29 18:03:24 +01:00
|
|
|
my $auth = $self->conf->{authentication}
|
2009-12-23 10:37:38 +01:00
|
|
|
|| $self->defaultConf()->{authentication};
|
2009-12-29 18:03:24 +01:00
|
|
|
my $udb = $self->conf->{userDB}
|
2009-12-23 10:37:38 +01:00
|
|
|
|| $self->defaultConf()->{userDB};
|
2010-03-15 21:24:02 +01:00
|
|
|
my $pdb = $self->conf->{passwordDB}
|
|
|
|
|
|| $self->defaultConf()->{passwordDB};
|
2010-03-25 16:00:48 +01:00
|
|
|
my $idb = $self->conf->{issurDB}
|
|
|
|
|
|| $self->defaultConf()->{issuerDB};
|
2009-12-23 10:37:38 +01:00
|
|
|
$auth = lc($auth);
|
|
|
|
|
$udb = lc($udb);
|
2010-03-15 21:24:02 +01:00
|
|
|
$pdb = lc($pdb);
|
2010-03-15 11:44:44 +01:00
|
|
|
my %res;
|
2010-03-15 21:24:02 +01:00
|
|
|
|
|
|
|
|
foreach my $mod (
|
|
|
|
|
(
|
|
|
|
|
$auth,
|
2010-03-25 16:00:48 +01:00
|
|
|
( $udb ne ( $auth or $pdb or $idb ) ? $udb : () ),
|
|
|
|
|
( $pdb ne ( $auth or $udb or $idb ) ? $pdb : () ),
|
|
|
|
|
( $idb ne ( $auth or $udb or $pdb ) ? $idb : () ),
|
2010-03-15 21:24:02 +01:00
|
|
|
)
|
|
|
|
|
)
|
2009-12-23 10:37:38 +01:00
|
|
|
{
|
|
|
|
|
my $tmp = {
|
2010-03-15 21:24:02 +01:00
|
|
|
ldap => ['ldapParams'],
|
|
|
|
|
ssl => [qw(ldapParams sslParams)],
|
|
|
|
|
cas => ['casParams'],
|
|
|
|
|
remote => ['remoteParams'],
|
|
|
|
|
proxy => ['proxyParams'],
|
|
|
|
|
openid => ['openIdParams'],
|
2010-03-15 14:47:36 +01:00
|
|
|
twitter => ['twitterParams'],
|
2010-03-18 22:46:38 +01:00
|
|
|
dbi => ['dbiParams'],
|
2009-12-23 10:37:38 +01:00
|
|
|
}->{$mod};
|
|
|
|
|
if ($tmp) {
|
|
|
|
|
$res{$_}++ foreach (@$tmp);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
my @u = keys %res;
|
2010-03-15 11:44:44 +01:00
|
|
|
|
2010-03-25 16:00:48 +01:00
|
|
|
# Add authentication, userDB, passwordDB and issuerDB nodes at the beginning
|
|
|
|
|
unshift( @u, "issuerDB" );
|
2010-03-15 21:24:02 +01:00
|
|
|
unshift( @u, "passwordDB" );
|
2010-03-15 11:44:44 +01:00
|
|
|
unshift( @u, "userDB" );
|
|
|
|
|
unshift( @u, "authentication" );
|
|
|
|
|
|
|
|
|
|
# Return nodes
|
2009-12-23 10:37:38 +01:00
|
|
|
return \@u;
|
|
|
|
|
},
|
2010-03-15 11:44:44 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
_help => 'authParams',
|
2010-03-15 11:44:44 +01:00
|
|
|
|
2009-12-23 10:37:38 +01:00
|
|
|
authentication => 'text:/authentication:authParams:authParams',
|
2010-03-17 16:45:53 +01:00
|
|
|
userDB => 'text:/userDB:authParams:userdbParams',
|
2010-03-20 18:14:28 +01:00
|
|
|
passwordDB => 'text:/passwordDB:authParams:passworddbParams',
|
2010-03-25 16:00:48 +01:00
|
|
|
issuerDB => 'text:/issuerDB:authParams:issuerdbParams',
|
2010-03-15 11:44:44 +01:00
|
|
|
|
|
|
|
|
# LDAP
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapParams => {
|
2009-12-23 10:37:38 +01:00
|
|
|
_nodes => [
|
2010-03-15 21:24:02 +01:00
|
|
|
qw(n:ldapConnection n:ldapFilters n:ldapGroups n:ldapPassword)
|
2009-12-23 10:37:38 +01:00
|
|
|
],
|
2010-03-15 21:24:02 +01:00
|
|
|
_help => 'ldap',
|
|
|
|
|
|
|
|
|
|
ldapConnection => {
|
|
|
|
|
_nodes => [
|
2010-07-28 12:00:30 +02:00
|
|
|
qw(ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw)
|
2010-03-15 21:24:02 +01:00
|
|
|
],
|
|
|
|
|
ldapServer => 'text:/ldapServer',
|
|
|
|
|
ldapPort => 'int:/ldapPort',
|
|
|
|
|
ldapBase => 'text:/ldapBase',
|
|
|
|
|
managerDn => 'text:/managerDn',
|
|
|
|
|
managerPassword => 'text:/managerPassword',
|
2010-07-28 12:00:30 +02:00
|
|
|
ldapTimeout => 'int:/ldapTimeout',
|
|
|
|
|
ldapVersion => 'int:/ldapVersion',
|
|
|
|
|
ldapRaw => 'text:/ldapRaw',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-03-14 22:45:49 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapFilters => {
|
2010-03-14 22:45:49 +01:00
|
|
|
_nodes =>
|
2010-03-15 10:03:24 +01:00
|
|
|
[qw(LDAPFilter AuthLDAPFilter mailLDAPFilter)],
|
2010-03-15 21:24:02 +01:00
|
|
|
LDAPFilter => 'text:/LDAPFilter',
|
|
|
|
|
AuthLDAPFilter => 'text:/AuthLDAPFilter',
|
|
|
|
|
mailLDAPFilter => 'text:/mailLDAPFilter',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
ldapGroups => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup)
|
|
|
|
|
],
|
|
|
|
|
ldapGroupBase => 'text:/ldapGroupBase',
|
|
|
|
|
ldapGroupObjectClass => 'text:/ldapGroupObjectClass',
|
2010-03-14 22:45:49 +01:00
|
|
|
ldapGroupAttributeName =>
|
|
|
|
|
'text:/ldapGroupAttributeName',
|
|
|
|
|
ldapGroupAttributeNameUser =>
|
|
|
|
|
'text:/ldapGroupAttributeNameUser',
|
2010-03-15 10:03:24 +01:00
|
|
|
ldapGroupAttributeNameSearch =>
|
|
|
|
|
'text:/ldapGroupAttributeNameSearch',
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapGroupRecursive => 'bool:/ldapGroupRecursive',
|
2010-03-14 22:45:49 +01:00
|
|
|
ldapGroupAttributeNameGroup =>
|
|
|
|
|
'text:/ldapGroupAttributeNameGroup',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-03-14 22:45:49 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapPassword => {
|
2010-03-24 11:00:52 +01:00
|
|
|
_nodes => [
|
2010-06-21 16:47:27 +02:00
|
|
|
qw(ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc)
|
2010-03-24 11:00:52 +01:00
|
|
|
],
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapPpolicyControl => 'bool:/ldapPpolicyControl',
|
|
|
|
|
ldapSetPassword => 'bool:/ldapSetPassword',
|
2010-03-24 11:00:52 +01:00
|
|
|
ldapChangePasswordAsUser =>
|
|
|
|
|
'bool:/ldapChangePasswordAsUser',
|
2010-06-21 16:47:27 +02:00
|
|
|
ldapPwdEnc => 'text:/ldapPwdEnc',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
|
|
|
|
|
2010-03-14 22:45:49 +01:00
|
|
|
},
|
|
|
|
|
|
2010-03-15 11:44:44 +01:00
|
|
|
# SSL
|
2010-03-15 21:24:02 +01:00
|
|
|
sslParams => {
|
|
|
|
|
_nodes => [qw(SSLVar SSLLDAPField SSLRequire)],
|
|
|
|
|
SSLVar => 'text:/SSLVar',
|
|
|
|
|
SSLLDAPField => 'text:/SSLLDAPField',
|
|
|
|
|
SSLRequire => 'bool:/SSLRequire',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# CAS
|
|
|
|
|
casParams => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(CAS_url CAS_loginUrl CAS_validationUrl CAS_CAFile)],
|
|
|
|
|
CAS_url => 'text:/CAS_url',
|
|
|
|
|
CAS_loginUrl => 'text:/CAS_loginUrl',
|
|
|
|
|
CAS_validationUrl => 'text:/CAS_validationUrl',
|
|
|
|
|
CAS_CAFile => 'text:/CAS_CAFile',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Remote
|
|
|
|
|
remoteParams => {
|
|
|
|
|
_nodes => [
|
2010-05-11 13:05:24 +02:00
|
|
|
qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)
|
2010-03-15 21:24:02 +01:00
|
|
|
],
|
|
|
|
|
remotePortal => 'text:/remotePortal',
|
2010-05-11 13:05:24 +02:00
|
|
|
remoteCookieName => 'text:/remoteCookieName',
|
2010-03-15 21:24:02 +01:00
|
|
|
remoteGlobalStorage => 'text:/remoteGlobalStorage',
|
|
|
|
|
remoteGlobalStorageOptions =>
|
|
|
|
|
{ _nodes => ['hash:/remoteGlobalStorageOptions'], },
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Proxy
|
|
|
|
|
proxyParams => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(soapAuthService remoteCookieName soapSessionService)],
|
|
|
|
|
soapAuthService => 'text:/soapAuthService',
|
|
|
|
|
remoteCookieName => 'text:/remoteCookieName',
|
|
|
|
|
soapSessionService => 'text:/soapSessionService',
|
|
|
|
|
},
|
2010-03-15 17:47:50 +01:00
|
|
|
|
2010-03-15 11:44:44 +01:00
|
|
|
# OpenID
|
|
|
|
|
openIdParams => {
|
2010-03-15 14:47:36 +01:00
|
|
|
_nodes => [qw(openIdSecret)],
|
2010-03-15 11:44:44 +01:00
|
|
|
openIdSecret => 'text:/openIdSecret',
|
2010-03-15 14:47:36 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Twitter
|
|
|
|
|
twitterParams => {
|
|
|
|
|
_nodes => [qw(twitterKey twitterSecret twitterAppName)],
|
|
|
|
|
twitterKey => 'text:/twitterKey',
|
|
|
|
|
twitterSecret => 'text:/twitterSecret',
|
|
|
|
|
twitterAppName => 'text:/twitterAppName',
|
|
|
|
|
},
|
2010-03-18 22:46:38 +01:00
|
|
|
|
|
|
|
|
# DBI
|
|
|
|
|
dbiParams => {
|
|
|
|
|
_nodes => [qw(n:dbiConnection n:dbiSchema n:dbiPassword)],
|
|
|
|
|
|
|
|
|
|
dbiConnection => {
|
|
|
|
|
_nodes => [qw(n:dbiConnectionAuth n:dbiConnectionUser)],
|
|
|
|
|
|
|
|
|
|
dbiConnectionAuth => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(dbiAuthChain dbiAuthUser dbiAuthPassword)],
|
|
|
|
|
dbiAuthChain => 'text:/dbiAuthChain',
|
|
|
|
|
dbiAuthUser => 'text:/dbiAuthUser',
|
|
|
|
|
dbiAuthPassword => 'text:/dbiAuthPassword',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
dbiConnectionUser => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(dbiUserChain dbiUserUser dbiUserPassword)],
|
|
|
|
|
dbiUserChain => 'text:/dbiUserChain',
|
|
|
|
|
dbiUserUser => 'text:/dbiUserUser',
|
|
|
|
|
dbiUserPassword => 'text:/dbiUserPassword',
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
dbiSchema => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiAuthMailCol userPivot)
|
|
|
|
|
],
|
|
|
|
|
dbiAuthTable => 'text:/dbiAuthTable',
|
|
|
|
|
dbiUserTable => 'text:/dbiUserTable',
|
|
|
|
|
dbiAuthLoginCol => 'text:/dbiAuthLoginCol',
|
|
|
|
|
dbiAuthPasswordCol => 'text:/dbiAuthPasswordCol',
|
|
|
|
|
dbiAuthMailCol => 'text:/dbiAuthMailCol',
|
|
|
|
|
userPivot => 'text:/userPivot',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
dbiPassword => {
|
|
|
|
|
_nodes => [qw(dbiAuthPasswordHash)],
|
|
|
|
|
dbiAuthPasswordHash => 'text:/dbiAuthPasswordHash',
|
|
|
|
|
},
|
|
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
},
|
|
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# LOGS PARAMETERS
|
2009-12-23 10:37:38 +01:00
|
|
|
logParams => {
|
2009-12-30 18:02:23 +01:00
|
|
|
_nodes => [qw(syslog useXForwardedForIP whatToTrace)],
|
|
|
|
|
syslog => 'text:/syslog',
|
2009-12-30 15:22:24 +01:00
|
|
|
useXForwardedForIP => 'bool:/useXForwardedForIP',
|
2009-12-19 09:57:59 +01:00
|
|
|
whatToTrace => 'text:/whatToTrace:whatToTrace:text',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# COOKIE PARAMETERS
|
2009-12-11 19:17:00 +01:00
|
|
|
cookieParams => {
|
2009-12-14 15:01:46 +01:00
|
|
|
_nodes =>
|
2010-03-14 15:38:39 +01:00
|
|
|
[qw(cookieName domain cda securedCookie cookieExpiration)],
|
2009-12-19 09:57:59 +01:00
|
|
|
_help => 'cookies',
|
2009-12-11 19:17:00 +01:00
|
|
|
cookieName => 'text:/cookieName:cookieName:text',
|
|
|
|
|
domain => 'text:/domain:domain:text',
|
2010-03-14 15:38:39 +01:00
|
|
|
cda => 'bool:/cda',
|
2009-12-11 19:17:00 +01:00
|
|
|
securedCookie =>
|
2010-03-18 16:22:10 +01:00
|
|
|
'select:/securedCookie:securedCookie:securedCookieValues',
|
2009-12-14 15:01:46 +01:00
|
|
|
cookieExpiration => 'text:/cookieExpiration',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# SESSIONS PARAMETERS
|
2009-12-11 19:17:00 +01:00
|
|
|
sessionParams => {
|
2009-12-23 10:37:38 +01:00
|
|
|
_nodes => [
|
2010-05-07 12:00:55 +02:00
|
|
|
qw(grantSessionRule storePassword timeout timeoutActivity n:sessionStorage n:multipleSessions)
|
2009-12-23 10:37:38 +01:00
|
|
|
],
|
2010-03-15 21:24:02 +01:00
|
|
|
_help => 'storage',
|
|
|
|
|
|
|
|
|
|
grantSessionRule => 'textarea:/grantSessionRule',
|
|
|
|
|
storePassword => 'bool:/storePassword',
|
|
|
|
|
timeout => 'text:/timeout:timeout:text',
|
2010-05-12 06:04:10 +02:00
|
|
|
timeoutActivity =>
|
|
|
|
|
'text:/timeoutActivity:timeoutActivity:timeoutActivityParams',
|
2010-03-15 21:24:02 +01:00
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
sessionStorage => {
|
|
|
|
|
_nodes => [qw(globalStorage globalStorageOptions)],
|
|
|
|
|
globalStorage => 'text:/globalStorage',
|
|
|
|
|
globalStorageOptions => {
|
|
|
|
|
_nodes => ['hash:/globalStorageOptions'],
|
|
|
|
|
_js => 'hashRoot'
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-03-15 21:24:02 +01:00
|
|
|
|
|
|
|
|
multipleSessions => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(singleSession singleIP singleUserByIP notifyDeleted notifyOther)
|
|
|
|
|
],
|
|
|
|
|
singleSession => 'bool:/singleSession',
|
|
|
|
|
singleIP => 'bool:/singleIP',
|
|
|
|
|
singleUserByIP => 'bool:/singleUserByIP',
|
|
|
|
|
notifyDeleted => 'bool:/notifyDeleted',
|
|
|
|
|
notifyOther => 'bool:/notifyOther',
|
|
|
|
|
},
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# OTHER PARAMETERS
|
2009-12-14 15:01:46 +01:00
|
|
|
advancedParams => {
|
|
|
|
|
_nodes => [
|
2010-05-07 12:42:38 +02:00
|
|
|
qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers)
|
2009-12-14 15:01:46 +01:00
|
|
|
],
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2010-03-17 09:23:20 +01:00
|
|
|
customFunctions => 'text:/customFunctions',
|
|
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
soap => {
|
2010-03-14 15:38:39 +01:00
|
|
|
_nodes => [qw(Soap exportedAttr trustedDomains)],
|
2010-03-15 21:24:02 +01:00
|
|
|
Soap => 'bool:/Soap',
|
|
|
|
|
exportedAttr => 'text:/exportedAttr',
|
|
|
|
|
trustedDomains => 'text:/trustedDomains',
|
|
|
|
|
},
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2009-12-14 15:01:46 +01:00
|
|
|
notifications => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(notification notificationStorage notificationStorageOptions)
|
|
|
|
|
],
|
2009-12-19 09:57:59 +01:00
|
|
|
_help => 'notifications',
|
2009-12-30 15:22:24 +01:00
|
|
|
notification => 'bool:/notification',
|
2009-12-19 09:57:59 +01:00
|
|
|
notificationStorage => 'text:/notificationStorage',
|
2009-12-14 15:01:46 +01:00
|
|
|
notificationStorageOptions => {
|
|
|
|
|
_nodes => ['hash:/notificationStorageOptions'],
|
|
|
|
|
_js => 'hashRoot'
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2009-12-14 15:01:46 +01:00
|
|
|
passwordManagement => {
|
|
|
|
|
_nodes => [
|
2010-03-15 21:24:02 +01:00
|
|
|
qw(SMTPServer mailUrl mailFrom mailSubject mailBody mailConfirmSubject mailConfirmBody randomPasswordRegexp)
|
2009-12-14 15:01:46 +01:00
|
|
|
],
|
|
|
|
|
SMTPServer => 'text:/SMTPServer',
|
2010-03-14 15:29:15 +01:00
|
|
|
mailUrl => 'text:/mailUrl',
|
2009-12-14 15:01:46 +01:00
|
|
|
mailFrom => 'text:/mailFrom',
|
|
|
|
|
mailSubject => 'text:/mailSubject',
|
2010-03-14 15:29:15 +01:00
|
|
|
mailBody => 'textarea:/mailBody',
|
|
|
|
|
mailConfirmSubject => 'text:/mailConfirmSubject',
|
|
|
|
|
mailConfirmBody => 'textarea:/mailConfirmBody',
|
2009-12-14 15:01:46 +01:00
|
|
|
randomPasswordRegexp => 'text:/randomPasswordRegexp',
|
|
|
|
|
},
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
security => {
|
2010-05-19 16:59:43 +02:00
|
|
|
_nodes =>
|
|
|
|
|
[qw(userControl portalForceAuthn issuerActivationRule)],
|
2010-03-15 21:24:02 +01:00
|
|
|
userControl => 'text:/userControl:userControl:text',
|
|
|
|
|
portalForceAuthn =>
|
|
|
|
|
'bool:/portalForceAuthn:portalForceAuthn:bool',
|
2010-05-19 16:59:43 +02:00
|
|
|
issuerActivationRule => 'textarea:/issuerActivationRule',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2010-03-17 09:23:20 +01:00
|
|
|
redirection => {
|
|
|
|
|
_nodes => [qw(https port)],
|
|
|
|
|
https => 'bool:/https',
|
|
|
|
|
port => 'int:/port',
|
2010-05-07 12:42:38 +02:00
|
|
|
},
|
2010-03-17 09:23:20 +01:00
|
|
|
|
2010-05-07 12:42:38 +02:00
|
|
|
specialHandlers => {
|
2010-05-21 17:53:54 +02:00
|
|
|
_nodes => [qw(zimbraHandler sympaHandler)],
|
2010-05-07 12:42:38 +02:00
|
|
|
|
|
|
|
|
# Zimbra
|
|
|
|
|
zimbraHandler => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(zimbraPreAuthKey zimbraAccountKey zimbraBy zimbraUrl zimbraSsoUrl)
|
|
|
|
|
],
|
|
|
|
|
zimbraPreAuthKey => 'text:/zimbraPreAuthKey',
|
|
|
|
|
zimbraAccountKey => 'text:/zimbraAccountKey',
|
|
|
|
|
zimbraBy => 'text:/zimbraBy:default:zimbraByParams',
|
|
|
|
|
zimbraUrl => 'text:/zimbraUrl',
|
|
|
|
|
zimbraSsoUrl => 'text:/zimbraSsoUrl',
|
|
|
|
|
},
|
2010-05-21 17:53:54 +02:00
|
|
|
|
|
|
|
|
# Sympa
|
|
|
|
|
sympaHandler => {
|
|
|
|
|
_nodes => [qw(sympaSecret sympaMailKey)],
|
2010-06-21 17:29:59 +02:00
|
|
|
sympaSecret => 'text:/sympaSecret',
|
2010-05-21 17:53:54 +02:00
|
|
|
sympaMailKey => 'text:/sympaMailKey',
|
|
|
|
|
},
|
2010-05-07 12:42:38 +02:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
},
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-15 17:40:47 +01:00
|
|
|
#############
|
|
|
|
|
# VARIABLES #
|
|
|
|
|
#############
|
|
|
|
|
|
|
|
|
|
variables => {
|
2010-03-04 14:41:59 +01:00
|
|
|
_nodes => [qw(cn:exportedVars cn:macros cn:groups)],
|
2010-02-16 10:42:29 +01:00
|
|
|
_help => 'default',
|
2010-01-15 17:40:47 +01:00
|
|
|
|
2010-02-16 10:42:29 +01:00
|
|
|
# EXPORTED ATTRIBUTES
|
|
|
|
|
exportedVars => {
|
|
|
|
|
_nodes => ['hash:/exportedVars:vars:btext'],
|
2010-01-27 15:06:02 +01:00
|
|
|
_js => 'hashRoot',
|
2010-03-24 23:06:43 +01:00
|
|
|
_help => 'vars',
|
2010-02-16 10:42:29 +01:00
|
|
|
},
|
2010-01-15 17:40:47 +01:00
|
|
|
|
2010-02-16 10:42:29 +01:00
|
|
|
# MACROS
|
|
|
|
|
macros => {
|
|
|
|
|
_nodes => ['hash:/macros:macros:btext'],
|
2010-01-27 15:06:02 +01:00
|
|
|
_js => 'hashRoot',
|
2010-03-24 23:06:43 +01:00
|
|
|
_help => 'macros',
|
2010-02-16 10:42:29 +01:00
|
|
|
},
|
2010-01-15 17:40:47 +01:00
|
|
|
|
2010-02-16 10:42:29 +01:00
|
|
|
# GROUPS
|
|
|
|
|
groups => {
|
|
|
|
|
_nodes => ['hash:/groups:groups:btext'],
|
|
|
|
|
_js => 'hashRoot',
|
2010-03-24 23:06:43 +01:00
|
|
|
_help => 'groups',
|
2010-02-16 10:42:29 +01:00
|
|
|
},
|
2010-01-15 17:40:47 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
#################
|
|
|
|
|
# VIRTUAL HOSTS #
|
|
|
|
|
#################
|
2009-12-19 09:57:59 +01:00
|
|
|
virtualHosts => {
|
2009-12-30 16:40:37 +01:00
|
|
|
_nodes => ['nhash:/locationRules:virtualHosts:vhost'],
|
2009-12-19 09:57:59 +01:00
|
|
|
_upload => ['/exportedHeaders'],
|
2010-03-22 11:38:37 +01:00
|
|
|
_help => 'virtualHosts',
|
2010-03-13 17:21:55 +01:00
|
|
|
_js => 'vhostRoot',
|
2009-12-19 09:57:59 +01:00
|
|
|
},
|
2010-01-28 18:58:49 +01:00
|
|
|
|
2010-02-03 13:07:58 +01:00
|
|
|
########
|
|
|
|
|
# SAML #
|
|
|
|
|
########
|
2010-03-01 21:32:28 +01:00
|
|
|
# virtual keys should not begin like configuration keys.
|
|
|
|
|
samlIDPMetaDataNode => {
|
|
|
|
|
_nodes => [
|
2010-03-25 15:38:54 +01:00
|
|
|
'nhash:/samlIDPMetaDataExportedAttributes:samlIDPMetaDataNode:samlIdpMetaData'
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
2010-03-11 16:00:59 +01:00
|
|
|
_upload => [ '/samlIDPMetaDataXML', '/samlIDPMetaDataOptions' ],
|
2010-03-01 21:32:28 +01:00
|
|
|
_help => 'default',
|
2010-03-13 17:21:55 +01:00
|
|
|
_js => 'samlIdpRoot',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-16 11:44:03 +01:00
|
|
|
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataNode => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
'nhash:/samlSPMetaDataExportedAttributes:samlSPMetaDataNode:samlSpMetaData'
|
|
|
|
|
],
|
|
|
|
|
_upload => [ '/samlSPMetaDataXML', '/samlSPMetaDataOptions' ],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
_js => 'samlSpRoot',
|
|
|
|
|
},
|
|
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlServiceMetaData => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlEntityID
|
2010-06-04 15:39:00 +02:00
|
|
|
n:samlServiceSecurity
|
2010-05-21 11:03:29 +02:00
|
|
|
n:samlNameIDFormatMap
|
2010-03-01 21:32:28 +01:00
|
|
|
n:samlOrganization
|
|
|
|
|
n:samlSPSSODescriptor
|
2010-05-31 12:37:43 +02:00
|
|
|
n:samlIDPSSODescriptor
|
2010-07-05 16:35:06 +02:00
|
|
|
n:samlAttributeAuthorityDescriptor
|
|
|
|
|
n:samlAdvanced)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
|
|
|
|
_help => 'default',
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
# GLOBAL INFORMATIONS
|
|
|
|
|
samlEntityID => 'text:/samlEntityID',
|
2010-05-31 12:37:43 +02:00
|
|
|
|
2010-06-04 15:39:00 +02:00
|
|
|
# SECURITY NODE
|
|
|
|
|
samlServiceSecurity => {
|
2010-06-21 17:29:59 +02:00
|
|
|
_nodes =>
|
|
|
|
|
[qw(n:samlServiceSecuritySig n:samlServiceSecurityEnc)],
|
|
|
|
|
_help => 'default',
|
2010-06-14 16:45:06 +02:00
|
|
|
samlServiceSecuritySig => {
|
2010-06-21 17:29:59 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(samlServicePrivateKeySig
|
|
|
|
|
samlServicePrivateKeySigPwd
|
|
|
|
|
samlServicePublicKeySig)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
samlServicePrivateKeySig =>
|
2010-06-04 15:39:00 +02:00
|
|
|
'filearea:/samlServicePrivateKeySig:samlServicePrivateKeySig:filearea',
|
2010-06-21 17:29:59 +02:00
|
|
|
samlServicePrivateKeySigPwd =>
|
|
|
|
|
'text:/samlServicePrivateKeySigPwd',
|
|
|
|
|
samlServicePublicKeySig =>
|
2010-06-04 15:39:00 +02:00
|
|
|
'filearea:/samlServicePublicKeySig:samlServicePublicKeySig:filearea',
|
2010-06-21 17:29:59 +02:00
|
|
|
},
|
|
|
|
|
samlServiceSecurityEnc => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlServicePrivateKeyEnc
|
2010-06-14 16:45:06 +02:00
|
|
|
samlServicePrivateKeyEncPwd
|
|
|
|
|
samlServicePublicKeyEnc)
|
2010-06-21 17:29:59 +02:00
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
samlServicePrivateKeyEnc =>
|
2010-06-04 15:39:00 +02:00
|
|
|
'filearea:/samlServicePrivateKeyEnc:samlServicePrivateKeyEnc:filearea',
|
2010-06-21 17:29:59 +02:00
|
|
|
samlServicePrivateKeyEncPwd =>
|
|
|
|
|
'text:/samlServicePrivateKeyEncPwd',
|
|
|
|
|
samlServicePublicKeyEnc =>
|
2010-06-04 15:39:00 +02:00
|
|
|
'filearea:/samlServicePublicKeyEnc:samlServicePublicKeyEnc:filearea',
|
2010-06-21 17:29:59 +02:00
|
|
|
},
|
2010-06-14 16:45:06 +02:00
|
|
|
},
|
2010-06-04 15:39:00 +02:00
|
|
|
|
2010-05-31 12:37:43 +02:00
|
|
|
# NAMEID FORMAT MAP
|
2010-05-21 11:03:29 +02:00
|
|
|
samlNameIDFormatMap => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
samlNameIDFormatMapEmail => 'text:/samlNameIDFormatMapEmail',
|
|
|
|
|
samlNameIDFormatMapX509 => 'text:/samlNameIDFormatMapX509',
|
|
|
|
|
samlNameIDFormatMapWindows =>
|
|
|
|
|
'text:/samlNameIDFormatMapWindows',
|
|
|
|
|
samlNameIDFormatMapKerberos =>
|
|
|
|
|
'text:/samlNameIDFormatMapKerberos',
|
|
|
|
|
},
|
2010-05-31 12:37:43 +02:00
|
|
|
|
|
|
|
|
# ORGANIZATION
|
2010-03-01 21:32:28 +01:00
|
|
|
samlOrganization => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlOrganizationDisplayName
|
|
|
|
|
samlOrganizationName
|
|
|
|
|
samlOrganizationURL)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
samlOrganizationDisplayName =>
|
|
|
|
|
'text:/samlOrganizationDisplayName',
|
|
|
|
|
samlOrganizationURL => 'text:/samlOrganizationURL',
|
|
|
|
|
samlOrganizationName => 'text:/samlOrganizationName',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# SERVICE PROVIDER
|
|
|
|
|
'samlSPSSODescriptor' => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPSSODescriptorAuthnRequestsSigned
|
2010-05-31 12:37:43 +02:00
|
|
|
samlSPSSODescriptorWantAssertionsSigned
|
2010-03-01 21:32:28 +01:00
|
|
|
n:samlSPSSODescriptorSingleLogoutService
|
|
|
|
|
n:samlSPSSODescriptorAssertionConsumerService
|
2010-04-02 10:40:35 +02:00
|
|
|
n:samlSPSSODescriptorArtifactResolutionService
|
2010-05-31 12:37:43 +02:00
|
|
|
)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
|
|
|
|
|
samlSPSSODescriptorAuthnRequestsSigned =>
|
|
|
|
|
'bool:/samlSPSSODescriptorAuthnRequestsSigned',
|
2010-05-31 12:37:43 +02:00
|
|
|
samlSPSSODescriptorWantAssertionsSigned =>
|
|
|
|
|
'bool:/samlSPSSODescriptorWantAssertionsSigned',
|
2010-03-01 21:32:28 +01:00
|
|
|
|
|
|
|
|
samlSPSSODescriptorSingleLogoutService => {
|
2010-02-05 11:20:16 +01:00
|
|
|
_nodes => [
|
2010-05-28 12:35:24 +02:00
|
|
|
qw(samlSPSSODescriptorSingleLogoutServiceHTTPRedirect
|
|
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPPost
|
2010-03-01 21:32:28 +01:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceSOAP)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
|
|
|
|
'samlService:/samlSPSSODescriptorSingleLogoutServiceHTTPRedirect',
|
|
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPPost =>
|
|
|
|
|
'samlService:/samlSPSSODescriptorSingleLogoutServiceHTTPPost',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceSOAP =>
|
|
|
|
|
'samlService:/samlSPSSODescriptorSingleLogoutServiceSOAP',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlSPSSODescriptorAssertionConsumerService => {
|
2010-02-05 11:20:16 +01:00
|
|
|
_nodes => [
|
2010-03-01 21:32:28 +01:00
|
|
|
qw(samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact
|
|
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPPost
|
|
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlAssertion:/samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPPost =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlAssertion:/samlSPSSODescriptorAssertionConsumerServiceHTTPPost',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlAssertion:/samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-09 21:49:23 +01:00
|
|
|
|
2010-04-02 10:40:35 +02:00
|
|
|
samlSPSSODescriptorArtifactResolutionService => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPSSODescriptorArtifactResolutionServiceArtifact)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
samlSPSSODescriptorArtifactResolutionServiceArtifact =>
|
|
|
|
|
'samlAssertion:/samlSPSSODescriptorArtifactResolutionServiceArtifact',
|
|
|
|
|
},
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# IDENTITY PROVIDER
|
|
|
|
|
samlIDPSSODescriptor => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPSSODescriptorWantAuthnRequestsSigned
|
|
|
|
|
n:samlIDPSSODescriptorSingleSignOnService
|
|
|
|
|
n:samlIDPSSODescriptorSingleLogoutService
|
2010-05-31 12:37:43 +02:00
|
|
|
n:samlIDPSSODescriptorArtifactResolutionService)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
|
|
|
|
|
samlIDPSSODescriptorWantAuthnRequestsSigned =>
|
|
|
|
|
'bool:/samlIDPSSODescriptorWantAuthnRequestsSigned',
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleSignOnService => {
|
2010-02-05 11:20:16 +01:00
|
|
|
_nodes => [
|
2010-05-28 12:35:24 +02:00
|
|
|
qw(samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect
|
|
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPPost
|
2010-07-01 11:48:50 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceSOAP)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect',
|
|
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPPost =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPPost',
|
2010-07-01 11:48:50 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceSOAP =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlService:/samlIDPSSODescriptorSingleSignOnServiceSOAP',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleLogoutService => {
|
|
|
|
|
_nodes => [
|
2010-05-28 12:35:24 +02:00
|
|
|
qw(samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect
|
|
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPPost
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceSOAP)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect',
|
|
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPPost =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleLogoutServiceHTTPPost',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceSOAP =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlService:/samlIDPSSODescriptorSingleLogoutServiceSOAP',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorArtifactResolutionService => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPSSODescriptorArtifactResolutionServiceArtifact)
|
|
|
|
|
],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlAssertion:/samlIDPSSODescriptorArtifactResolutionServiceArtifact',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-09 21:49:23 +01:00
|
|
|
|
2010-06-21 17:29:59 +02:00
|
|
|
},
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-05-31 12:37:43 +02:00
|
|
|
# ATTRIBUTE AUTHORITY
|
|
|
|
|
samlAttributeAuthorityDescriptor => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(n:samlAttributeAuthorityDescriptorAttributeService)],
|
|
|
|
|
_help => 'default',
|
|
|
|
|
samlAttributeAuthorityDescriptorAttributeService => {
|
2010-03-01 21:32:28 +01:00
|
|
|
_nodes => [
|
2010-05-31 12:37:43 +02:00
|
|
|
qw(samlAttributeAuthorityDescriptorAttributeServiceSOAP)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
2010-05-31 12:37:43 +02:00
|
|
|
samlAttributeAuthorityDescriptorAttributeServiceSOAP =>
|
|
|
|
|
'samlService:/samlAttributeAuthorityDescriptorAttributeServiceSOAP',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
|
|
|
|
},
|
2010-05-31 12:37:43 +02:00
|
|
|
|
2010-07-05 16:35:06 +02:00
|
|
|
# ADVANCED SAML PARAMETERS
|
|
|
|
|
samlAdvanced => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage n:samlStorageOptions)
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
samlIdPResolveCookie => 'text:/samlIdPResolveCookie',
|
|
|
|
|
samlMetadataForceUTF8 => 'bool:/samlMetadataForceUTF8',
|
|
|
|
|
samlStorage => 'text:/samlStorage',
|
|
|
|
|
samlStorageOptions => {
|
|
|
|
|
_nodes => ['hash:/samlStorageOptions'],
|
|
|
|
|
_js => 'hashRoot',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2009-12-11 19:17:00 +01:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-17 20:20:17 +01:00
|
|
|
## @method protected hashref testStruct()
|
|
|
|
|
# Returns the tests to do with the datas uploaded.
|
|
|
|
|
# @return hashref
|
2009-12-11 19:17:00 +01:00
|
|
|
sub testStruct {
|
2010-01-11 17:04:36 +01:00
|
|
|
my $safe = Safe->new();
|
2009-12-11 19:17:00 +01:00
|
|
|
my $assignTest = qr/(?<=[^=<!>\?])=(?![=~])/;
|
|
|
|
|
my $assignMsg = 'containsAnAssignment';
|
|
|
|
|
my $perlExpr = sub {
|
|
|
|
|
my $e = shift;
|
2010-01-11 17:04:36 +01:00
|
|
|
$safe->reval( $e, 1 );
|
|
|
|
|
return 1 unless ($@);
|
2010-03-18 22:46:38 +01:00
|
|
|
return 1
|
|
|
|
|
if ( $@ =~ /Global symbol "\$.*requires explicit package/ );
|
2010-01-11 17:04:36 +01:00
|
|
|
return ( 1,
|
|
|
|
|
"Function \"<b>$1</b>\" must be declared in customFunctions" )
|
|
|
|
|
if ( $@ =~ /Bareword "(.*?)" not allowed while "strict subs"/ );
|
2010-01-04 14:28:10 +01:00
|
|
|
return ( 0, $@ );
|
2009-12-11 19:17:00 +01:00
|
|
|
};
|
2009-12-14 15:01:46 +01:00
|
|
|
my $boolean = { test => qr/^(?:0|1)?$/, msgFail => 'Value must be 0 or 1' };
|
2009-12-19 09:57:59 +01:00
|
|
|
my $pcre = sub {
|
|
|
|
|
my $r = shift;
|
|
|
|
|
my $q;
|
|
|
|
|
eval { $q = qr/$r/ };
|
|
|
|
|
return ( $@ ? ( 0, $@ ) : 1 );
|
|
|
|
|
};
|
|
|
|
|
my $testNotDefined = { test => sub { 1 }, msgFail => 'Ok' };
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
return {
|
2009-12-19 09:57:59 +01:00
|
|
|
mailFrom => $testNotDefined,
|
|
|
|
|
trustedDomains => $testNotDefined,
|
|
|
|
|
exportedAttr => $testNotDefined,
|
|
|
|
|
mailSubject => $testNotDefined,
|
|
|
|
|
randomPasswordRegexp => $testNotDefined,
|
|
|
|
|
passwordDB => $testNotDefined,
|
|
|
|
|
mailBody => $testNotDefined,
|
|
|
|
|
SMTPServer => $testNotDefined,
|
|
|
|
|
cookieExpiration => $testNotDefined,
|
|
|
|
|
notificationStorage => $testNotDefined,
|
2010-03-15 10:03:24 +01:00
|
|
|
mailUrl => $testNotDefined,
|
|
|
|
|
mailConfirmSubject => $testNotDefined,
|
|
|
|
|
mailConfirmBody => $testNotDefined,
|
2009-12-19 09:57:59 +01:00
|
|
|
authentication => {
|
2010-03-17 16:45:53 +01:00
|
|
|
test => qr/^[a-zA-Z]+(?:\s[\w\s:;]+)?$/,
|
2009-12-11 19:17:00 +01:00
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
2009-12-19 09:57:59 +01:00
|
|
|
cda => $boolean,
|
2009-12-11 19:17:00 +01:00
|
|
|
cookieName => {
|
|
|
|
|
test => qr/^[a-zA-Z]\w*$/,
|
|
|
|
|
msgFail => 'Bad cookie name',
|
|
|
|
|
},
|
2010-03-17 09:23:20 +01:00
|
|
|
customFunctions => $testNotDefined,
|
2010-03-20 18:14:28 +01:00
|
|
|
domain => {
|
2010-05-26 17:17:51 +02:00
|
|
|
test => qr/^\.?[\w\-]+(?:\.[a-zA-Z][\w\-]*)*(?:\.[a-zA-Z]+)$/,
|
2009-12-11 19:17:00 +01:00
|
|
|
msgFail => 'Bad domain',
|
|
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
exportedHeaders => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad virtual host name',
|
|
|
|
|
'*' => {
|
|
|
|
|
keyTest => qr/^\w([\w\-]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad header name',
|
|
|
|
|
test => $perlExpr,
|
|
|
|
|
warnTest => sub {
|
|
|
|
|
my $e = shift;
|
|
|
|
|
return ( 0, $assignMsg ) if ( $e =~ $assignTest );
|
|
|
|
|
1;
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
exportedVars => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z]\w*$/,
|
|
|
|
|
keyMsgFail => 'Bad variable name',
|
|
|
|
|
test => qr/^[a-zA-Z]\w*$/,
|
|
|
|
|
msgFail => 'Bad attribute name',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
|
|
|
|
globalStorage => {
|
|
|
|
|
test => qr/^[\w:]+$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
globalStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
2010-01-22 17:04:15 +01:00
|
|
|
grantSessionRule => {
|
|
|
|
|
test => $perlExpr,
|
|
|
|
|
warnTest => sub {
|
|
|
|
|
my $e = shift;
|
|
|
|
|
return ( 0, $assignMsg ) if ( $e =~ $assignTest );
|
|
|
|
|
1;
|
|
|
|
|
},
|
|
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
groups => {
|
|
|
|
|
keyTest => qr/^\w[\w-]*$/,
|
|
|
|
|
keyMsgFail => 'Bad group name',
|
|
|
|
|
test => $perlExpr,
|
|
|
|
|
warnTest => sub {
|
|
|
|
|
my $e = shift;
|
|
|
|
|
return ( 0, $assignMsg ) if ( $e =~ $assignTest );
|
|
|
|
|
1;
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-06-21 17:29:59 +02:00
|
|
|
https => $boolean,
|
2010-05-19 16:59:43 +02:00
|
|
|
issuerActivationRule => {
|
|
|
|
|
test => $perlExpr,
|
|
|
|
|
warnTest => sub {
|
|
|
|
|
my $e = shift;
|
|
|
|
|
return ( 0, $assignMsg ) if ( $e =~ $assignTest );
|
|
|
|
|
1;
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-03-25 16:00:48 +01:00
|
|
|
issuerDB => $testNotDefined,
|
2009-12-11 19:17:00 +01:00
|
|
|
ldapBase => {
|
|
|
|
|
test => qr/^(?:\w+=.*|)$/,
|
|
|
|
|
msgFail => 'Bad LDAP base',
|
|
|
|
|
},
|
|
|
|
|
ldapPort => {
|
|
|
|
|
test => qr/^\d*$/,
|
|
|
|
|
msgFail => 'Bad port number'
|
|
|
|
|
},
|
|
|
|
|
ldapServer => {
|
|
|
|
|
test => sub {
|
|
|
|
|
my $l = shift;
|
|
|
|
|
my @s = split( /[\s,]+/, $l );
|
|
|
|
|
foreach my $s (@s) {
|
|
|
|
|
$s =~
|
|
|
|
|
/^(?:ldap(?:s|\+tls|i):\/\/)?\w[\w\-\.]+\w(?::\d{0,5})?\/?$/
|
|
|
|
|
or return ( 0, "Bad ldap uri \"$s\"" );
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-06-21 16:47:27 +02:00
|
|
|
ldapPwdEnc => {
|
|
|
|
|
test => qr/^\w[\w\-]*\w$/,
|
|
|
|
|
msgFail => 'Bad encoding',
|
|
|
|
|
},
|
2010-03-15 10:03:24 +01:00
|
|
|
ldapPpolicyControl => $boolean,
|
|
|
|
|
ldapSetPassword => $boolean,
|
2010-03-24 11:00:52 +01:00
|
|
|
ldapChangePasswordAsUser => $boolean,
|
2010-03-15 10:03:24 +01:00
|
|
|
mailLDAPFilter => $testNotDefined,
|
|
|
|
|
LDAPFilter => $testNotDefined,
|
|
|
|
|
AuthLDAPFilter => $testNotDefined,
|
|
|
|
|
ldapGroupRecursive => $boolean,
|
|
|
|
|
ldapGroupObjectClass => $testNotDefined,
|
|
|
|
|
ldapGroupBase => $testNotDefined,
|
|
|
|
|
ldapGroupAttributeName => $testNotDefined,
|
|
|
|
|
ldapGroupAttributeNameUser => $testNotDefined,
|
|
|
|
|
ldapGroupAttributeNameSearch => $testNotDefined,
|
|
|
|
|
ldapGroupAttributeNameGroup => $testNotDefined,
|
2010-07-28 12:00:30 +02:00
|
|
|
ldapTimeout => $testNotDefined,
|
|
|
|
|
ldapVersion => $testNotDefined,
|
|
|
|
|
ldapRaw => $testNotDefined,
|
2010-03-15 21:24:02 +01:00
|
|
|
locationRules => {
|
2009-12-11 19:17:00 +01:00
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
msgFail => 'Bad virtual host name',
|
|
|
|
|
'*' => {
|
2009-12-19 09:57:59 +01:00
|
|
|
keyTest => $pcre,
|
|
|
|
|
test => sub {
|
2009-12-11 19:17:00 +01:00
|
|
|
my $e = shift;
|
2010-03-09 22:42:31 +01:00
|
|
|
return 1 if ( $e =~ /^(?:accept|deny|unprotect)$/i );
|
2010-05-03 10:59:22 +02:00
|
|
|
if ( $e =~ s/^logout(?:_(?:app_sso|app|sso))?\s*// ) {
|
2009-12-11 19:17:00 +01:00
|
|
|
return (
|
|
|
|
|
$e =~ /^(?:https?:\/\/\S+)?$/
|
|
|
|
|
? 1
|
|
|
|
|
: ( 0, "bad url \"$e\"" )
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
return &$perlExpr($e);
|
|
|
|
|
},
|
|
|
|
|
warnTest => sub {
|
|
|
|
|
my $e = shift;
|
2010-03-09 22:42:31 +01:00
|
|
|
return ( 0, $assignMsg ) if ( $e =~ $assignTest );
|
2009-12-11 19:17:00 +01:00
|
|
|
1;
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
macros => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z]\w*$/,
|
|
|
|
|
keyMsgFail => 'Bad macro name',
|
2010-01-11 17:04:36 +01:00
|
|
|
test => $perlExpr,
|
|
|
|
|
warnTest => sub {
|
|
|
|
|
my $e = shift;
|
|
|
|
|
return ( 0, $assignMsg ) if ( $e =~ $assignTest );
|
|
|
|
|
1;
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
managerDn => {
|
|
|
|
|
test => qr/^(?:\w+=.*,\w+=.*)?$/,
|
|
|
|
|
msgFail => 'Bad LDAP dn',
|
|
|
|
|
},
|
|
|
|
|
managerPassword => {
|
2009-12-23 13:55:23 +01:00
|
|
|
test => qr/^\S*$/,
|
2009-12-23 10:37:38 +01:00
|
|
|
msgFail => 'Bad LDAP password',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
notification => $boolean,
|
2009-12-23 10:37:38 +01:00
|
|
|
notificationStorage => {
|
|
|
|
|
test => qr/^[\w:]+$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
notificationStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
notifyDeleted => $boolean,
|
2010-01-12 10:53:49 +01:00
|
|
|
notifyOther => $boolean,
|
2010-03-17 09:23:20 +01:00
|
|
|
port => {
|
|
|
|
|
test => qr/^\d*$/,
|
|
|
|
|
msgFail => 'Bad port number'
|
|
|
|
|
},
|
2010-03-20 18:14:28 +01:00
|
|
|
portal => {
|
2009-12-23 10:37:38 +01:00
|
|
|
test => qr/^https?:\/\/\S+$/,
|
|
|
|
|
msgFail => 'Bad portal value',
|
|
|
|
|
},
|
2010-01-27 15:06:02 +01:00
|
|
|
portalAutocomplete => $boolean,
|
2010-01-22 17:04:15 +01:00
|
|
|
portalDisplayAppslist => { test => $perlExpr, },
|
|
|
|
|
portalDisplayChangePassword => { test => $perlExpr, },
|
|
|
|
|
portalDisplayLogout => { test => $perlExpr, },
|
|
|
|
|
portalDisplayResetPassword => $boolean,
|
2010-01-27 15:06:02 +01:00
|
|
|
portalForceAuthn => $boolean,
|
2010-01-22 17:04:15 +01:00
|
|
|
portalOpenLinkInNewWindow => $boolean,
|
|
|
|
|
portalParams => $testNotDefined,
|
|
|
|
|
portalRequireOldPassword => $boolean,
|
|
|
|
|
portalSkin => {
|
|
|
|
|
test => qr/\w+$/,
|
|
|
|
|
msgFail => 'Bad skin name',
|
|
|
|
|
},
|
|
|
|
|
portalUserAttr => {
|
|
|
|
|
test => qr/\w+$/,
|
2010-01-27 15:06:02 +01:00
|
|
|
msgFail => 'Unvalid session field',
|
2010-01-22 17:04:15 +01:00
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
protection => {
|
2009-12-14 15:01:46 +01:00
|
|
|
keyTest => qr/^(?:none|authentificate|manager|)$/,
|
|
|
|
|
msgFail => 'must be one of none authentificate manager',
|
|
|
|
|
},
|
2010-06-21 17:29:59 +02:00
|
|
|
securedCookie => {
|
2009-12-23 10:37:38 +01:00
|
|
|
test => qr/^(?:0|1|2)$/,
|
|
|
|
|
msgFail => 'securedCookie must be 0, 1 or 2',
|
|
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
singleSession => $boolean,
|
|
|
|
|
singleIP => $boolean,
|
|
|
|
|
singleUserByIP => $boolean,
|
2009-12-23 10:37:38 +01:00
|
|
|
Soap => $boolean,
|
|
|
|
|
storePassword => $boolean,
|
|
|
|
|
syslog => {
|
|
|
|
|
test => qw/^(?:auth|authpriv|daemon|local\d|user)?$/,
|
|
|
|
|
msgFail =>
|
|
|
|
|
'Only auth|authpriv|daemon|local0-7|user is allowed here',
|
|
|
|
|
},
|
|
|
|
|
timeout => {
|
|
|
|
|
test => qr/^\d*$/,
|
|
|
|
|
msgFail => 'Bad number'
|
|
|
|
|
},
|
2010-05-07 12:00:55 +02:00
|
|
|
timeoutActivity => {
|
|
|
|
|
test => qr/^\d*$/,
|
|
|
|
|
msgFail => 'Bad number',
|
|
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
userControl => {
|
2009-12-19 09:57:59 +01:00
|
|
|
test => $pcre,
|
|
|
|
|
msgFail => 'Bad regular expression',
|
|
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
userDB => {
|
|
|
|
|
test => qr/^[a-zA-Z][\w\:]*$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
useXForwardedForIP => $boolean,
|
2010-01-18 23:49:22 +01:00
|
|
|
variables => $testNotDefined,
|
2009-12-23 10:37:38 +01:00
|
|
|
whatToTrace => {
|
2010-04-15 15:46:45 +02:00
|
|
|
test => qr/^\$?_?[a-zA-Z]\w*$/,
|
2009-12-23 10:37:38 +01:00
|
|
|
msgFail => 'Bad value',
|
|
|
|
|
},
|
2010-02-04 11:08:27 +01:00
|
|
|
########
|
|
|
|
|
# SAML #
|
|
|
|
|
########
|
2010-06-21 17:29:59 +02:00
|
|
|
saml => $testNotDefined,
|
|
|
|
|
samlServiceMetaData => $testNotDefined,
|
2010-02-24 17:24:17 +01:00
|
|
|
samlIDPMetaDataExportedAttributes => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
keyTest => qr/^\w([\w\-]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad attribute name',
|
2010-03-13 17:21:55 +01:00
|
|
|
test => sub { return 1; },
|
2010-02-24 17:24:17 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
samlIDPMetaDataXML => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
2010-03-01 21:32:28 +01:00
|
|
|
test => sub { return 1; },
|
|
|
|
|
keyTest => sub { return 1; },
|
2010-02-24 17:24:17 +01:00
|
|
|
},
|
|
|
|
|
},
|
2010-03-04 16:44:03 +01:00
|
|
|
samlIDPMetaDataOptions => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
test => sub { return 1; },
|
|
|
|
|
keyTest => sub { return 1; },
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataExportedAttributes => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
keyTest => qr/^\w([\w\-]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad attribute name',
|
|
|
|
|
test => sub { return 1; },
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
samlSPMetaDataXML => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
test => sub { return 1; },
|
|
|
|
|
keyTest => sub { return 1; },
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
samlSPMetaDataOptions => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
test => sub { return 1; },
|
|
|
|
|
keyTest => sub { return 1; },
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-06-21 17:29:59 +02:00
|
|
|
samlEntityID => $testNotDefined,
|
|
|
|
|
samlOrganizationDisplayName => $testNotDefined,
|
|
|
|
|
samlOrganizationName => $testNotDefined,
|
|
|
|
|
samlOrganizationURL => $testNotDefined,
|
|
|
|
|
samlSPSSODescriptorAuthnRequestsSigned => $boolean,
|
2010-05-31 12:37:43 +02:00
|
|
|
samlSPSSODescriptorWantAssertionsSigned => $boolean,
|
2010-05-28 12:35:24 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect => $testNotDefined,
|
|
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPPost => $testNotDefined,
|
2010-06-21 17:29:59 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceSOAP => $testNotDefined,
|
2010-02-09 21:49:23 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
|
|
|
|
|
$testNotDefined,
|
2010-02-04 11:08:27 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPPost => $testNotDefined,
|
2010-02-09 21:49:23 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect =>
|
|
|
|
|
$testNotDefined,
|
2010-04-02 10:40:35 +02:00
|
|
|
samlSPSSODescriptorArtifactResolutionServiceArtifact => $testNotDefined,
|
2010-04-14 17:37:57 +02:00
|
|
|
samlIDPSSODescriptorWantAuthnRequestsSigned => $boolean,
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect => $testNotDefined,
|
|
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPPost => $testNotDefined,
|
2010-07-01 11:48:50 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact => $testNotDefined,
|
2010-04-14 17:37:57 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceSOAP => $testNotDefined,
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect => $testNotDefined,
|
|
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPPost => $testNotDefined,
|
2010-04-14 17:37:57 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceSOAP => $testNotDefined,
|
2010-02-09 21:49:23 +01:00
|
|
|
samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
|
|
|
|
|
$testNotDefined,
|
2010-06-21 17:29:59 +02:00
|
|
|
samlNameIDFormatMapEmail => $testNotDefined,
|
|
|
|
|
samlNameIDFormatMapX509 => $testNotDefined,
|
|
|
|
|
samlNameIDFormatMapWindows => $testNotDefined,
|
|
|
|
|
samlNameIDFormatMapKerberos => $testNotDefined,
|
2010-05-31 12:37:43 +02:00
|
|
|
samlAttributeAuthorityDescriptorAttributeServiceSOAP => $testNotDefined,
|
2010-06-21 17:29:59 +02:00
|
|
|
samlServicePrivateKeySig => $testNotDefined,
|
|
|
|
|
samlServicePrivateKeySigPwd => $testNotDefined,
|
|
|
|
|
samlServicePublicKeySig => $testNotDefined,
|
|
|
|
|
samlServicePrivateKeyEnc => $testNotDefined,
|
|
|
|
|
samlServicePrivateKeyEncPwd => $testNotDefined,
|
|
|
|
|
samlServicePublicKeyEnc => $testNotDefined,
|
2010-07-05 16:35:06 +02:00
|
|
|
samlIdPResolveCookie => $testNotDefined,
|
|
|
|
|
samlMetadataForceUTF8 => $boolean,
|
|
|
|
|
samlStorage => {
|
|
|
|
|
test => qr/^[\w:]*$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
samlStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
2010-03-15 11:44:44 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
# SSL
|
|
|
|
|
SSLVar => $testNotDefined,
|
|
|
|
|
SSLLDAPField => $testNotDefined,
|
|
|
|
|
SSLRequire => $boolean,
|
|
|
|
|
|
|
|
|
|
# CAS
|
|
|
|
|
CAS_url => $testNotDefined,
|
|
|
|
|
CAS_loginUrl => $testNotDefined,
|
|
|
|
|
CAS_validationUrl => $testNotDefined,
|
|
|
|
|
CAS_CAFile => $testNotDefined,
|
|
|
|
|
|
|
|
|
|
# Remote
|
|
|
|
|
remotePortal => $testNotDefined,
|
|
|
|
|
remoteGlobalStorage => {
|
|
|
|
|
test => qr/^[\w:]+$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
remoteGlobalStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Proxy
|
|
|
|
|
soapAuthService => $testNotDefined,
|
|
|
|
|
remoteCookieName => $testNotDefined,
|
|
|
|
|
soapSessionService => $testNotDefined,
|
|
|
|
|
|
2010-03-15 11:44:44 +01:00
|
|
|
# OpenID
|
|
|
|
|
openIdSecret => $testNotDefined,
|
2010-03-15 14:47:36 +01:00
|
|
|
|
|
|
|
|
# Twitter
|
|
|
|
|
twitterKey => $testNotDefined,
|
|
|
|
|
twitterSecret => $testNotDefined,
|
|
|
|
|
twitterAppName => $testNotDefined,
|
2010-03-18 22:46:38 +01:00
|
|
|
|
|
|
|
|
# DBI
|
|
|
|
|
dbiAuthChain => $testNotDefined,
|
|
|
|
|
dbiAuthUser => $testNotDefined,
|
|
|
|
|
dbiAuthPassword => $testNotDefined,
|
|
|
|
|
dbiUserChain => $testNotDefined,
|
|
|
|
|
dbiUserUser => $testNotDefined,
|
|
|
|
|
dbiUserPassword => $testNotDefined,
|
|
|
|
|
dbiAuthTable => $testNotDefined,
|
|
|
|
|
dbiUserTable => $testNotDefined,
|
|
|
|
|
dbiAuthLoginCol => $testNotDefined,
|
|
|
|
|
dbiAuthPasswordCol => $testNotDefined,
|
|
|
|
|
dbiAuthMailCol => $testNotDefined,
|
|
|
|
|
userPivot => $testNotDefined,
|
|
|
|
|
dbiAuthPasswordHash => $testNotDefined,
|
|
|
|
|
|
2010-05-07 12:42:38 +02:00
|
|
|
# Zimbra
|
|
|
|
|
zimbraPreAuthKey => $testNotDefined,
|
|
|
|
|
zimbraAccountKey => $testNotDefined,
|
|
|
|
|
zimbraBy => $testNotDefined,
|
|
|
|
|
zimbraUrl => $testNotDefined,
|
|
|
|
|
zimbraSsoUrl => $testNotDefined,
|
|
|
|
|
|
2010-05-21 17:53:54 +02:00
|
|
|
# Sympa
|
2010-06-21 17:29:59 +02:00
|
|
|
sympaSecret => $testNotDefined,
|
2010-05-21 17:53:54 +02:00
|
|
|
sympaMailKey => $testNotDefined,
|
|
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-17 20:20:17 +01:00
|
|
|
## @method protected hashref defaultConf()
|
|
|
|
|
#@return Hashref of default values
|
2009-12-11 19:17:00 +01:00
|
|
|
sub defaultConf {
|
2010-03-17 16:45:53 +01:00
|
|
|
my $self = shift;
|
2010-03-20 18:14:28 +01:00
|
|
|
my $portal =
|
|
|
|
|
defined $self->{portal} ? $self->{portal} : 'http://auth.example.com';
|
2010-03-17 16:45:53 +01:00
|
|
|
$portal =~ s/\/$//;
|
2009-12-11 19:17:00 +01:00
|
|
|
return {
|
2010-01-11 17:04:36 +01:00
|
|
|
authentication => 'LDAP',
|
|
|
|
|
cda => '0',
|
|
|
|
|
cookieName => 'lemonldap',
|
|
|
|
|
domain => 'example.com',
|
2009-12-29 18:03:24 +01:00
|
|
|
exportedHeaders => { 'test.example.com' => { 'Auth-User' => '$uid' }, },
|
2010-01-11 17:04:36 +01:00
|
|
|
exportedVars => { cn => 'cn', mail => 'mail', uid => 'uid', },
|
|
|
|
|
globalStorage => 'Apache::Session::File',
|
2009-12-14 15:01:46 +01:00
|
|
|
globalStorageOptions => {
|
2009-12-19 09:57:59 +01:00
|
|
|
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
2009-12-14 15:01:46 +01:00
|
|
|
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
|
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
https => '0',
|
2010-03-25 16:00:48 +01:00
|
|
|
issuerDB => 'Null',
|
2010-01-11 17:04:36 +01:00
|
|
|
ldapBase => 'dc=example,dc=com',
|
|
|
|
|
ldapPort => '389',
|
2010-06-21 16:47:27 +02:00
|
|
|
ldapPwdEnc => 'utf-8',
|
2010-01-11 17:04:36 +01:00
|
|
|
ldapServer => 'localhost',
|
2010-07-28 12:00:30 +02:00
|
|
|
ldapTimeout => '120',
|
|
|
|
|
ldapVersion => '3',
|
2009-12-29 18:03:24 +01:00
|
|
|
locationRules => { 'test.example.com' => { default => 'accept' }, },
|
2010-01-11 17:04:36 +01:00
|
|
|
managerDn => '',
|
|
|
|
|
managerPassword => '',
|
|
|
|
|
notification => '0',
|
2009-12-19 09:57:59 +01:00
|
|
|
notificationStorage => 'File',
|
2009-12-23 10:37:38 +01:00
|
|
|
notificationStorageOptions =>
|
|
|
|
|
{ dirName => '/var/lib/lemonldap-ng/notifications', },
|
2010-03-15 21:24:02 +01:00
|
|
|
notifyDeleted => '1',
|
|
|
|
|
notifyOther => '1',
|
2010-03-17 16:45:53 +01:00
|
|
|
portal => $portal,
|
2010-03-15 21:24:02 +01:00
|
|
|
portalSkin => 'pastel',
|
|
|
|
|
portalUserAttr => '_user',
|
|
|
|
|
protection => 'none',
|
|
|
|
|
remoteGlobalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP',
|
|
|
|
|
securedCookie => '0',
|
|
|
|
|
singleSession => '0',
|
|
|
|
|
singleIP => '0',
|
|
|
|
|
singleUserByIP => '0',
|
|
|
|
|
Soap => '1',
|
|
|
|
|
SSLRequired => '0',
|
|
|
|
|
storePassword => '0',
|
|
|
|
|
syslog => '',
|
|
|
|
|
timeout => '7200',
|
2010-05-07 12:00:55 +02:00
|
|
|
timeoutActivity => '0',
|
2010-03-15 21:24:02 +01:00
|
|
|
userControl => '^[\w\.\-@]+$',
|
|
|
|
|
userDB => 'LDAP',
|
2010-03-17 16:50:44 +01:00
|
|
|
passwordDB => 'LDAP',
|
2010-03-15 21:24:02 +01:00
|
|
|
useXForwardedForIP => '0',
|
|
|
|
|
whatToTrace => '$uid',
|
2010-02-04 11:08:27 +01:00
|
|
|
########
|
|
|
|
|
# SAML #
|
|
|
|
|
########
|
2010-03-24 23:06:43 +01:00
|
|
|
samlEntityID => $portal . '/saml/metadata',
|
|
|
|
|
samlOrganizationDisplayName => 'Example',
|
|
|
|
|
samlOrganizationName => 'Example',
|
|
|
|
|
samlOrganizationURL => 'http://www.example.com',
|
2010-03-25 15:38:54 +01:00
|
|
|
samlIDPMetaDataOptionsNameIDFormat => '',
|
|
|
|
|
samlIDPMetaDataOptionsForceAuthn => '0',
|
2010-04-01 16:40:29 +02:00
|
|
|
samlIDPMetaDataOptionsIsPassive => '0',
|
2010-03-25 15:38:54 +01:00
|
|
|
samlIDPMetaDataOptionsAllowProxiedAuthn => '1',
|
|
|
|
|
samlIDPMetaDataOptionsSSOBinding => '',
|
|
|
|
|
samlIDPMetaDataOptionsSLOBinding => '',
|
|
|
|
|
samlIDPMetaDataOptionsResolutionRule => '',
|
|
|
|
|
samlIDPMetaDataOptionsAllowLoginFromIDP => '1',
|
|
|
|
|
samlIDPMetaDataOptionsAdaptSessionUtime => '1',
|
2010-04-01 16:18:37 +02:00
|
|
|
samlIDPMetaDataOptionsSignSSOMessage => '1',
|
|
|
|
|
samlIDPMetaDataOptionsCheckSSOMessageSignature => '1',
|
|
|
|
|
samlIDPMetaDataOptionsSignSLOMessage => '1',
|
|
|
|
|
samlIDPMetaDataOptionsCheckSLOMessageSignature => '1',
|
2010-04-01 18:32:51 +02:00
|
|
|
samlIDPMetaDataOptionsRequestedAuthnContext => '',
|
2010-05-28 17:31:20 +02:00
|
|
|
samlIDPMetaDataOptionsForceUTF8 => '0',
|
2010-06-04 17:54:52 +02:00
|
|
|
samlIDPMetaDataOptionsEncryptionMode => 'none',
|
2010-06-10 17:01:05 +02:00
|
|
|
samlIDPMetaDataOptionsCheckConditions => '1',
|
2010-05-20 17:57:51 +02:00
|
|
|
samlSPMetaDataOptionsNameIDFormat => '',
|
2010-04-02 10:12:59 +02:00
|
|
|
samlSPMetaDataOptionsOneTimeUse => '0',
|
2010-05-20 12:25:00 +02:00
|
|
|
samlSPMetaDataOptionsSignSSOMessage => '1',
|
|
|
|
|
samlSPMetaDataOptionsCheckSSOMessageSignature => '1',
|
|
|
|
|
samlSPMetaDataOptionsSignSLOMessage => '1',
|
|
|
|
|
samlSPMetaDataOptionsCheckSLOMessageSignature => '1',
|
2010-06-04 17:54:52 +02:00
|
|
|
samlSPMetaDataOptionsEncryptionMode => 'none',
|
2010-05-31 12:37:43 +02:00
|
|
|
samlSPSSODescriptorAuthnRequestsSigned => '1',
|
|
|
|
|
samlSPSSODescriptorWantAssertionsSigned => '1',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/proxySingleLogout;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/proxySingleLogoutReturn',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPPost =>
|
|
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/proxySingleLogout;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/proxySingleLogoutReturn',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceSOAP =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/proxySingleLogoutSOAP;',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/proxySingleSignOnArtifact',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPPost =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/proxySingleSignOnPost',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPRedirect =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'0;2;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/proxySingleSignOnRedirect',
|
2010-04-02 10:40:35 +02:00
|
|
|
samlSPSSODescriptorArtifactResolutionServiceArtifact =>
|
|
|
|
|
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/artifact',
|
2010-05-31 12:37:43 +02:00
|
|
|
samlIDPSSODescriptorWantAuthnRequestsSigned => '1',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleSignOn;',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPPost =>
|
|
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleSignOn;',
|
2010-07-01 11:48:50 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact =>
|
|
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleSignOnArtifact;',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceSOAP =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleSignOnSOAP;',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleLogout;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleLogoutReturn',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPPost =>
|
|
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleLogout;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleLogoutReturn',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceSOAP =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/singleLogoutSOAP;',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
|
2010-03-20 18:14:28 +01:00
|
|
|
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/artifact',
|
2010-06-21 17:29:59 +02:00
|
|
|
samlNameIDFormatMapEmail => 'mail',
|
|
|
|
|
samlNameIDFormatMapX509 => 'mail',
|
|
|
|
|
samlNameIDFormatMapWindows => 'uid',
|
|
|
|
|
samlNameIDFormatMapKerberos => 'uid',
|
2010-05-31 12:37:43 +02:00
|
|
|
samlAttributeAuthorityDescriptorAttributeServiceSOAP =>
|
|
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
|
|
|
|
. $portal
|
|
|
|
|
. '/saml/AA/SOAP;',
|
2010-06-21 17:29:59 +02:00
|
|
|
samlServicePrivateKeySig => '',
|
|
|
|
|
samlServicePrivateKeySigPwd => '',
|
|
|
|
|
samlServicePublicKeySig => '',
|
|
|
|
|
samlServicePrivateKeyEnc => '',
|
|
|
|
|
samlServicePrivateKeyEncPwd => '',
|
|
|
|
|
samlServicePublicKeyEnc => '',
|
2010-07-05 16:35:06 +02:00
|
|
|
samlMetadataForceUTF8 => 1,
|
2010-05-31 12:37:43 +02:00
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-29 18:03:24 +01:00
|
|
|
sub subDefaultConf {
|
|
|
|
|
return {
|
2010-03-15 21:24:02 +01:00
|
|
|
locationRules => { default => 'deny' },
|
|
|
|
|
exportedHeaders => { 'Auth-User' => '$uid' },
|
|
|
|
|
remoteGlobalStorageOptions => {
|
|
|
|
|
'proxy' => 'https://remote/index.pl/sessions',
|
|
|
|
|
'ns' => 'https://remote/Lemonldap/NG/Common/CGI/SOAPService',
|
|
|
|
|
},
|
|
|
|
|
samlIDPMetaDataExportedAttributes => { 'uid' => '0;uid;;' },
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataExportedAttributes => { 'uid' => '0;uid;;' },
|
2009-12-29 18:03:24 +01:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
1;
|
