2016-10-15 19:57:54 +02:00
<!DOCTYPE html>
< html lang = "fr" dir = "ltr" >
< head >
< meta http-equiv = "content-type" content = "text/html; charset=UTF-8" >
< meta charset = "utf-8" / >
2017-02-07 17:35:26 +01:00
< title > documentation:2.0:variables< / title > <!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else --><!-- //endif -->
2016-10-15 19:57:54 +02:00
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,variables" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "variables.html" / >
< link rel = "contents" href = "variables.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
2016-10-15 19:57:54 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : v a r i a b l e s " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
2017-02-07 17:35:26 +01:00
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script > <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script > <!-- //endif --> <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.js" > < / script > <!-- //endif -->
2016-10-15 19:57:54 +02:00
< / head >
< body >
< div class = "dokuwiki export container" > <!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Présentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#modules" > Modules< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#connection" > Connexion< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#authentication" > Authentification< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#dates" > Dates< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#saml" > SAML< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#notifications" > Notifications< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#login_history" > Historique de connexion< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#ldap" > LDAP< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#openid" > OpenID< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#openid_connect" > OpenID Connect< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#other" > Autres< / a > < / div > < / li >
< / ul >
< / div >
< / div > <!-- TOC END -->
< h1 class = "sectionedit1" id = "variables" > Variables< / h1 >
< div class = "level1" >
< / div > <!-- EDIT1 SECTION "Variables" [1 - 25] -->
< h2 class = "sectionedit2" id = "presentation" > Présentation< / h2 >
< div class = "level2" >
< p >
Les variables peuvent être utilisées dans les règles et en-têtes. Toutes les règles sont concernées :
< / p >
< ul >
< li class = "level1" > < div class = "li" > Règle d'accès à un hôte virtuel< / div >
< / li >
< li class = "level1" > < div class = "li" > Préselection d'IDP < abbr title = "Security Assertion Markup Language" > SAML< / abbr > < / div >
< / li >
< li class = "level1" > < div class = "li" > Ouverture de session< / div >
< / li >
< li class = "level1" > < div class = "li" > …< / div >
< / li >
< / ul >
< p >
Les variables sont stockées dans la session utilisateur. On peut distinguer plusieurs types de variables :
< / p >
< ul >
< li class = "level1" > < div class = "li" > les variables internes, gérées par LemonLDAP::NG< / div >
< / li >
< li class = "level1" > < div class = "li" > les < a href = "exportedvars.html" class = "wikilink1" title = "documentation:2.0:exportedvars" > variables exportées< / a > collectées depuis le backend utilisateur< / div >
< / li >
< li class = "level1" > < div class = "li" > < a href = "performances.html#macros_and_groups" class = "wikilink1" title = "documentation:2.0:performances" > les macro et groupes< / a > < / div >
< / li >
< / ul >
< p >
En connaissant le nom d'une variable, il suffit de la préfixer avec un signe dollar pour l'utiliser, par exemple pour savoir si la variable < code > uid< / code > contient < code > coudot< / code > :
< / p >
< pre class = "code" > $uid eq "coudot"< / pre >
< div class = "notetip" > On peut inspecter une session utilisateur avec l'explorateur de sessions (accessible depuis le manager)
< / div >
< p >
Ci-dessous sont documentées les variables internes.
< / p >
< / div > <!-- EDIT2 SECTION "Presentation" [26 - 794] -->
< h2 class = "sectionedit3" id = "modules" > Modules< / h2 >
< div class = "level2" >
< p >
Enregistre les modules utilisés pour l'authentification, les données utilisateurs, les mots-de-passe, …
< / p >
< div class = "table sectionedit4" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 centeralign" > _auth < / td > < td class = "col1 leftalign" > Module d'authentication < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 centeralign" > _userDB < / td > < td class = "col1 leftalign" > Module utilisateurs < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 centeralign" > _passwordDB < / td > < td class = "col1 leftalign" > Module mots-de-passe < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0 centeralign" > _issuerDB < / td > < td class = "col1 leftalign" > Module fournisseur (peut-être multivalué) < / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0 centeralign" > _authChoice < / td > < td class = "col1 leftalign" > Choix de l'utilisateur si le < a href = "authchoice.html" class = "wikilink1" title = "documentation:2.0:authchoice" > backend d'authentification Choice< / a > a été utilisé < / td >
< / tr >
< tr class = "row6 roweven" >
< td class = "col0 centeralign" > _authMulti < / td > < td class = "col1 leftalign" > Full name of authentication module (with < code > #label< / code > ) used in Multi < / td >
< / tr >
< tr class = "row7 rowodd" >
< td class = "col0 centeralign" > _userDBMulti < / td > < td class = "col1 leftalign" > Full name of user module (with < code > #label< / code > ) used in Multi < / td >
< / tr >
< / table > < / div > <!-- EDIT4 TABLE [891 - 1328] -->
< / div > <!-- EDIT3 SECTION "Modules" [795 - 1328] -->
< h2 class = "sectionedit5" id = "connection" > Connexion< / h2 >
< div class = "level2" >
< p >
Données concernant la première connexion au portail
< / p >
< div class = "table sectionedit6" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > ipAddr < / td > < td class = "col1 leftalign" > < abbr title = "Internet Protocol" > IP< / abbr > de l'utilisateur (peut être celle de l'en-tête X-Forwarded-For si des proxies agréés ont été configurés) < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > _timezone < / td > < td class = "col1" > Timezone de l'utilisateur, renseignée par javascript dans le formulaire d'authentification (vide si une autres méthode d'authentification est utilisée) < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 leftalign" > _url < / td > < td class = "col1 leftalign" > < abbr title = "Uniform Resource Locator" > URL< / abbr > utilisée avant d'être redirigé vers le portail (vide si le portail a été utilisé comme point d'entrée) < / td >
< / tr >
< / table > < / div > <!-- EDIT6 TABLE [1406 - 1770] -->
< / div > <!-- EDIT5 SECTION "Connection" [1329 - 1771] -->
< h2 class = "sectionedit7" id = "authentication" > Authentification< / h2 >
< div class = "level2" >
< p >
Données concernant le processus d'authentification.
< / p >
< div class = "table sectionedit8" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _session_id < / td > < td class = "col1 leftalign" > Identifiant de session (porté par le cookie) < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > _user < / td > < td class = "col1 leftalign" > Nom d'utilisateur trouvé dans le processus d'authentification < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 leftalign" > _password < / td > < td class = "col1 leftalign" > Mot-de-passe fournit lors du processus d'authentification (seulement si le < a href = "passwordstore.html" class = "wikilink1" title = "documentation:2.0:passwordstore" > stockage du mot-de-passe dans la sessions< / a > est configuré) < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0 leftalign" > authenticationLevel < / td > < td class = "col1 leftalign" > Niveau d'authentification < / td >
< / tr >
< / table > < / div > <!-- EDIT8 TABLE [1842 - 2139] -->
< / div > <!-- EDIT7 SECTION "Authentication" [1772 - 2140] -->
< h2 class = "sectionedit9" id = "dates" > Dates< / h2 >
< div class = "level2" >
< div class = "table sectionedit10" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _utime < / td > < td class = "col1 leftalign" > Date et heure (timestamp) de la création de la session < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > startTime < / td > < td class = "col1 leftalign" > Date et heure (timestamp) de la création de la session < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 leftalign" > updateTime < / td > < td class = "col1 leftalign" > Date de la dernière modification de la session < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0" > _lastAuthnUTime < / td > < td class = "col1 leftalign" > Date et heure (timestamp) de la dernière authentification < / td >
< / tr >
< / table > < / div > <!-- EDIT10 TABLE [2160 - 2387] -->
< / div > <!-- EDIT9 SECTION "Dates" [2141 - 2388] -->
< h2 class = "sectionedit11" id = "saml" > SAML< / h2 >
< div class = "level2" >
< p >
Donnée relative au protocole < abbr title = "Security Assertion Markup Language" > SAML< / abbr >
< / p >
< div class = "table sectionedit12" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _idp < / td > < td class = "col1 leftalign" > Nom de l'IDP utilisé pour l'authentification < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > _idpConfKey < / td > < td class = "col1 leftalign" > Clef de configuration de l'IDP utilisé pour l'authentification < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 leftalign" > _samlToken < / td > < td class = "col1 leftalign" > Jeton < abbr title = "Security Assertion Markup Language" > SAML< / abbr > < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0 leftalign" > _lassoSessionDump < / td > < td class = "col1 leftalign" > Dump de session Lasso < / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0 leftalign" > _lassoIdentityDump < / td > < td class = "col1 leftalign" > Dump de l'identité Lasso < / td >
< / tr >
< / table > < / div > <!-- EDIT12 TABLE [2439 - 2704] -->
< / div > <!-- EDIT11 SECTION "SAML" [2389 - 2705] -->
< h2 class = "sectionedit13" id = "notifications" > Notifications< / h2 >
< div class = "level2" >
< div class = "table sectionedit14" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _notification_< em > id< / em > < / td > < td class = "col1 leftalign" > Date de validation de la notification < em > id< / em > < / td >
< / tr >
< / table > < / div > <!-- EDIT14 TABLE [2733 - 2833] -->
< / div > <!-- EDIT13 SECTION "Notifications" [2706 - 2834] -->
< h2 class = "sectionedit15" id = "login_history" > Historique de connexion< / h2 >
< div class = "level2" >
< div class = "table sectionedit16" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > loginHistory < / td > < td class = "col1 leftalign" > Table des connexion réussies ou échouées < / td >
< / tr >
< / table > < / div > <!-- EDIT16 TABLE [2862 - 2943] -->
< / div > <!-- EDIT15 SECTION "Login history" [2835 - 2944] -->
< h2 class = "sectionedit17" id = "ldap" > LDAP< / h2 >
< div class = "level2" >
< p >
Only with UserDB LDAP.
< / p >
< div class = "table sectionedit18" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > dn < / td > < td class = "col1" > Nom distinct (distinguished name) < / td >
< / tr >
< / table > < / div > <!-- EDIT18 TABLE [2987 - 3041] -->
< / div > <!-- EDIT17 SECTION "LDAP" [2945 - 3042] -->
< h2 class = "sectionedit19" id = "openid" > OpenID< / h2 >
< div class = "level2" >
< div class = "table sectionedit20" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _openid_< em > id< / em > < / td > < td class = "col1 leftalign" > Consentement de partage de l'attribut < em > id< / em > via OpenID < / td >
< / tr >
< / table > < / div > <!-- EDIT20 TABLE [3063 - 3159] -->
< / div > <!-- EDIT19 SECTION "OpenID" [3043 - 3160] -->
< h2 class = "sectionedit21" id = "openid_connect" > OpenID Connect< / h2 >
< div class = "level2" >
< div class = "table sectionedit22" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > OpenIDConnect_IDToken < / td > < td class = "col1 leftalign" > ID Token < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > OpenIDConnect_OP < / td > < td class = "col1 leftalign" > Configuration key of OP used for authentication < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 leftalign" > OpenIDConnect_access_token < / td > < td class = "col1 leftalign" > OAuth2 Access Token used to get UserInfo data < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0" > _oidc_consent_scope_< em > rp< / em > < / td > < td class = "col1 leftalign" > Scope for which consent was given for RP < em > rp< / em > < / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0" > _oidc_consent_time_< em > rp< / em > < / td > < td class = "col1 leftalign" > Time when consent was given for RP < em > rp< / em > < / td >
< / tr >
< / table > < / div > <!-- EDIT22 TABLE [3189 - 3564] -->
< / div > <!-- EDIT21 SECTION "OpenID Connect" [3161 - 3565] -->
< h2 class = "sectionedit23" id = "other" > Autres< / h2 >
< div class = "level2" >
< div class = "table sectionedit24" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Clef < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > appsListOrder < / td > < td class = "col1 leftalign" > Ordre des catégories dans le menu < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > _session_kind < / td > < td class = "col1 leftalign" > Type of session (< abbr title = "Authentification unique (Single Sign On)" > SSO< / abbr > , Persistent, …) < / td >
< / tr >
< / table > < / div > <!-- EDIT24 TABLE [3585 - 3725] -->
< / div > <!-- EDIT23 SECTION "Other" [3566 - ] -->
< / div >
< / body >
< / html >