2009-12-17 20:20:17 +01:00
|
|
|
## @file
|
|
|
|
|
# Manager tree structure and tests
|
|
|
|
|
|
|
|
|
|
## @class
|
|
|
|
|
# Manager tree structure and tests
|
2009-12-11 19:17:00 +01:00
|
|
|
package Lemonldap::NG::Manager::_Struct;
|
|
|
|
|
|
|
|
|
|
use strict;
|
2010-01-28 18:58:49 +01:00
|
|
|
use Lemonldap::NG::Common::Conf::SAML::Metadata;
|
2010-09-23 09:17:24 +02:00
|
|
|
use Lemonldap::NG::Common::Regexp;
|
2010-01-28 18:58:49 +01:00
|
|
|
|
2012-08-20 10:14:48 +02:00
|
|
|
our $VERSION = '1.2.2';
|
2009-12-11 19:17:00 +01:00
|
|
|
|
2009-12-17 20:20:17 +01:00
|
|
|
## @method protected hashref cstruct(hashref h,string k)
|
|
|
|
|
# Merge $h with the structure produced with $k and return it.
|
2010-02-22 15:38:31 +01:00
|
|
|
# Used to manage virtual hosts, and metadatas (IDP, SP).
|
2009-12-17 20:20:17 +01:00
|
|
|
#@param $h Result of struct()
|
2010-02-22 15:38:31 +01:00
|
|
|
#@param $k Full path of the key
|
2009-12-17 20:20:17 +01:00
|
|
|
#@return Tree structure
|
2009-12-11 19:17:00 +01:00
|
|
|
sub cstruct {
|
|
|
|
|
shift;
|
|
|
|
|
my ( $h, $k ) = @_;
|
2010-03-01 21:32:28 +01:00
|
|
|
my @tmp = split( /\//, $k );
|
|
|
|
|
return $h unless ( scalar(@tmp) > 1 );
|
2010-02-22 15:38:31 +01:00
|
|
|
my $k1 = $tmp[0];
|
|
|
|
|
my $k2 = $tmp[1];
|
2010-03-01 21:32:28 +01:00
|
|
|
if ( $k1 =~ /^virtualHosts/i ) {
|
|
|
|
|
%$h = (
|
|
|
|
|
%$h,
|
|
|
|
|
virtualHosts => {
|
|
|
|
|
$k2 => {
|
2010-10-11 18:12:04 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(rules:rules:rules headers post:post:post vhostOptions)
|
|
|
|
|
],
|
2010-10-14 11:50:23 +02:00
|
|
|
rules => {
|
2010-03-01 21:32:28 +01:00
|
|
|
_nodes => ["hash:/locationRules/$k2:rules:rules"],
|
2010-11-01 08:05:51 +01:00
|
|
|
_js => 'rulesRoot',
|
|
|
|
|
_help => 'rules',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
|
|
|
|
headers => {
|
|
|
|
|
_nodes => ["hash:/exportedHeaders/$k2"],
|
2010-11-01 08:05:51 +01:00
|
|
|
_js => 'hashRoot',
|
|
|
|
|
_help => 'headers',
|
2010-02-22 15:38:31 +01:00
|
|
|
},
|
2010-09-30 14:22:18 +02:00
|
|
|
post => {
|
|
|
|
|
_nodes => ["post:/post/$k2:post:post"],
|
2010-11-01 08:05:51 +01:00
|
|
|
_js => 'postRoot',
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'post',
|
2010-09-30 14:22:18 +02:00
|
|
|
},
|
2010-10-11 18:12:04 +02:00
|
|
|
vhostOptions => {
|
2012-02-29 18:19:11 +01:00
|
|
|
_nodes => [qw(vhostPort vhostHttps vhostMaintenance)],
|
2010-10-11 18:12:04 +02:00
|
|
|
vhostPort => "int:/vhostOptions/$k2/vhostPort",
|
|
|
|
|
vhostHttps => "trool:/vhostOptions/$k2/vhostHttps",
|
2012-02-29 18:19:11 +01:00
|
|
|
vhostMaintenance =>
|
|
|
|
|
"bool:/vhostOptions/$k2/vhostMaintenance",
|
|
|
|
|
_help => 'vhostOptions',
|
2010-10-11 18:12:04 +02:00
|
|
|
},
|
2010-02-22 15:38:31 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
2010-03-01 21:32:28 +01:00
|
|
|
elsif ( $k1 =~ /^samlIDPMetaDataNode/i ) {
|
|
|
|
|
%$h = (
|
|
|
|
|
%$h,
|
|
|
|
|
samlIDPMetaDataNode => {
|
|
|
|
|
$k2 => {
|
|
|
|
|
_nodes => [
|
2010-03-04 17:51:28 +01:00
|
|
|
qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)
|
2010-02-22 15:38:31 +01:00
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPMetaDataExportedAttributes => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
"hash:/samlIDPMetaDataExportedAttributes/$k2"
|
|
|
|
|
. ":samlIDPMetaDataExportedAttributes:samlAttribute"
|
2010-02-22 15:38:31 +01:00
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_js => 'samlAttributeRoot',
|
|
|
|
|
_help => 'samlIDPExportedAttributes',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-11-26 11:11:02 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPMetaDataXML => "samlmetadata:/samlIDPMetaDataXML/$k2"
|
2010-03-11 17:43:21 +01:00
|
|
|
. ":samlIDPMetaDataXML:filearea",
|
2010-11-26 11:11:02 +01:00
|
|
|
|
2010-03-04 16:44:03 +01:00
|
|
|
samlIDPMetaDataOptions => {
|
|
|
|
|
_nodes => [
|
2010-06-28 14:28:48 +02:00
|
|
|
qw(samlIDPMetaDataOptionsResolutionRule samlIDPMetaDataOptionsAuthnRequest samlIDPMetaDataOptionsSession samlIDPMetaDataOptionsSignature samlIDPMetaDataOptionsBinding samlIDPMetaDataOptionsSecurity)
|
2010-03-04 17:51:28 +01:00
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlIDPOptions',
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsResolutionRule =>
|
|
|
|
|
"textarea:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsResolutionRule",
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsAuthnRequest => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsNameIDFormat samlIDPMetaDataOptionsForceAuthn samlIDPMetaDataOptionsIsPassive samlIDPMetaDataOptionsAllowProxiedAuthn samlIDPMetaDataOptionsAllowLoginFromIDP samlIDPMetaDataOptionsRequestedAuthnContext)
|
|
|
|
|
],
|
|
|
|
|
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsNameIDFormat =>
|
2010-03-25 17:19:10 +01:00
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsNameIDFormat"
|
2010-11-26 11:11:02 +01:00
|
|
|
. ":samlIDPOptions:nameIdFormatParams",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsForceAuthn =>
|
2010-03-04 17:51:28 +01:00
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsForceAuthn",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsIsPassive =>
|
2010-04-01 16:40:29 +02:00
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsIsPassive",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsAllowProxiedAuthn =>
|
2010-03-04 17:51:28 +01:00
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsAllowProxiedAuthn",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsAllowLoginFromIDP =>
|
2010-03-24 14:01:14 +01:00
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsAllowLoginFromIDP",
|
2010-06-28 14:28:48 +02:00
|
|
|
samlIDPMetaDataOptionsRequestedAuthnContext =>
|
|
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsRequestedAuthnContext"
|
2010-11-26 11:11:02 +01:00
|
|
|
. ":samlIDPOptions:authnContextParams",
|
2010-06-28 14:28:48 +02:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsSession => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsAdaptSessionUtime samlIDPMetaDataOptionsForceUTF8)
|
|
|
|
|
],
|
|
|
|
|
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsAdaptSessionUtime =>
|
2010-03-25 11:02:53 +01:00
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsAdaptSessionUtime",
|
2010-06-28 14:28:48 +02:00
|
|
|
samlIDPMetaDataOptionsForceUTF8 =>
|
|
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsForceUTF8",
|
|
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsSignature => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsSignSSOMessage samlIDPMetaDataOptionsCheckSSOMessageSignature samlIDPMetaDataOptionsSignSLOMessage samlIDPMetaDataOptionsCheckSLOMessageSignature)
|
|
|
|
|
],
|
|
|
|
|
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsSignSSOMessage =>
|
2010-07-01 18:05:57 +02:00
|
|
|
"trool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSignSSOMessage",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsCheckSSOMessageSignature =>
|
2010-04-01 16:18:37 +02:00
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckSSOMessageSignature",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsSignSLOMessage =>
|
2010-07-01 18:05:57 +02:00
|
|
|
"trool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSignSLOMessage",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsCheckSLOMessageSignature =>
|
2010-04-01 16:18:37 +02:00
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckSLOMessageSignature",
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsBinding => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsSSOBinding samlIDPMetaDataOptionsSLOBinding)
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsSSOBinding =>
|
|
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSSOBinding"
|
2010-11-26 11:11:02 +01:00
|
|
|
. ":samlIDPOptions:bindingParams",
|
2010-06-28 14:28:48 +02:00
|
|
|
samlIDPMetaDataOptionsSLOBinding =>
|
|
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSLOBinding"
|
2010-11-26 11:11:02 +01:00
|
|
|
. ":samlIDPOptions:bindingParams",
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlIDPMetaDataOptionsSecurity => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPMetaDataOptionsEncryptionMode samlIDPMetaDataOptionsCheckConditions)
|
|
|
|
|
],
|
|
|
|
|
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsEncryptionMode =>
|
2010-11-26 11:11:02 +01:00
|
|
|
"text:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsEncryptionMode:samlIDPOptions:encryptionModeParams",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlIDPMetaDataOptionsCheckConditions =>
|
2010-06-10 17:01:05 +02:00
|
|
|
"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckConditions",
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
2010-03-04 17:51:28 +01:00
|
|
|
},
|
2010-03-01 21:32:28 +01:00
|
|
|
}
|
2009-12-11 19:17:00 +01:00
|
|
|
}
|
2010-03-01 21:32:28 +01:00
|
|
|
);
|
2010-02-22 15:38:31 +01:00
|
|
|
}
|
2010-03-25 15:38:54 +01:00
|
|
|
elsif ( $k1 =~ /^samlSPMetaDataNode/i ) {
|
|
|
|
|
%$h = (
|
|
|
|
|
%$h,
|
|
|
|
|
samlSPMetaDataNode => {
|
|
|
|
|
$k2 => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions)
|
|
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataExportedAttributes => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
"hash:/samlSPMetaDataExportedAttributes/$k2"
|
|
|
|
|
. ":samlSPMetaDataExportedAttributes:samlAttribute"
|
|
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_js => 'samlAttributeRoot',
|
|
|
|
|
_help => 'samlSPExportedAttributes',
|
2010-03-25 15:38:54 +01:00
|
|
|
},
|
2010-11-26 11:11:02 +01:00
|
|
|
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataXML => "samlmetadata:/samlSPMetaDataXML/$k2"
|
|
|
|
|
. ":samlSPMetaDataXML:filearea",
|
2010-11-26 11:11:02 +01:00
|
|
|
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataOptions => {
|
2010-05-20 12:25:00 +02:00
|
|
|
_nodes => [
|
2010-06-28 14:28:48 +02:00
|
|
|
qw(samlSPMetaDataOptionsAuthnResponse samlSPMetaDataOptionsSignature samlSPMetaDataOptionsSecurity)
|
2010-05-20 12:25:00 +02:00
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlSPOptions',
|
2010-06-28 14:28:48 +02:00
|
|
|
|
|
|
|
|
samlSPMetaDataOptionsAuthnResponse => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPMetaDataOptionsNameIDFormat samlSPMetaDataOptionsOneTimeUse)
|
|
|
|
|
],
|
|
|
|
|
|
2010-08-16 13:01:39 +02:00
|
|
|
samlSPMetaDataOptionsNameIDFormat =>
|
2010-05-20 17:57:51 +02:00
|
|
|
"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsNameIDFormat"
|
2010-11-26 11:11:02 +01:00
|
|
|
. ":samlSPOptions:nameIdFormatParams",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlSPMetaDataOptionsOneTimeUse =>
|
2010-04-02 10:12:59 +02:00
|
|
|
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsOneTimeUse",
|
2010-06-28 14:28:48 +02:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlSPMetaDataOptionsSignature => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPMetaDataOptionsSignSSOMessage samlSPMetaDataOptionsCheckSSOMessageSignature samlSPMetaDataOptionsSignSLOMessage samlSPMetaDataOptionsCheckSLOMessageSignature)
|
|
|
|
|
],
|
|
|
|
|
|
2010-08-16 13:01:39 +02:00
|
|
|
samlSPMetaDataOptionsSignSSOMessage =>
|
2010-07-01 18:05:57 +02:00
|
|
|
"trool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsSignSSOMessage",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlSPMetaDataOptionsCheckSSOMessageSignature =>
|
2010-05-20 12:25:00 +02:00
|
|
|
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsCheckSSOMessageSignature",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlSPMetaDataOptionsSignSLOMessage =>
|
2010-07-01 18:05:57 +02:00
|
|
|
"trool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsSignSLOMessage",
|
2010-08-16 13:01:39 +02:00
|
|
|
samlSPMetaDataOptionsCheckSLOMessageSignature =>
|
2010-05-20 12:25:00 +02:00
|
|
|
"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsCheckSLOMessageSignature",
|
2010-06-28 14:28:48 +02:00
|
|
|
},
|
|
|
|
|
samlSPMetaDataOptionsSecurity => {
|
|
|
|
|
|
2010-07-01 11:48:50 +02:00
|
|
|
_nodes => [qw(samlSPMetaDataOptionsEncryptionMode)],
|
2010-06-28 14:28:48 +02:00
|
|
|
|
2010-08-16 13:01:39 +02:00
|
|
|
samlSPMetaDataOptionsEncryptionMode =>
|
2010-11-26 11:11:02 +01:00
|
|
|
"text:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsEncryptionMode:samlSPOptions:encryptionModeParams",
|
2010-08-16 13:01:39 +02:00
|
|
|
},
|
2010-06-28 14:28:48 +02:00
|
|
|
},
|
2010-03-25 15:38:54 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
2009-12-11 19:17:00 +01:00
|
|
|
return $h;
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-17 20:20:17 +01:00
|
|
|
## @method protected hashref struct(hashref h,string k)
|
|
|
|
|
# Returns the tree structure
|
|
|
|
|
#@return Tree structure
|
2009-12-11 19:17:00 +01:00
|
|
|
sub struct {
|
2009-12-23 10:37:38 +01:00
|
|
|
my $self = shift;
|
2009-12-11 19:17:00 +01:00
|
|
|
return {
|
2010-03-01 21:32:28 +01:00
|
|
|
_nodes => [
|
2010-03-25 15:38:54 +01:00
|
|
|
qw(n:generalParameters n:variables n:virtualHosts n:samlServiceMetaData n:samlIDPMetaDataNode n:samlSPMetaDataNode)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
|
|
|
|
_help => 'default',
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
######################
|
|
|
|
|
# GENERAL PARAMETERS #
|
|
|
|
|
######################
|
2009-12-11 19:17:00 +01:00
|
|
|
generalParameters => {
|
|
|
|
|
_nodes => [
|
2012-01-11 12:42:42 +01:00
|
|
|
qw(n:portalParams n:authParams n:issuerParams n:logParams n:cookieParams n:sessionParams cn:reloadUrls n:advancedParams)
|
2009-12-11 19:17:00 +01:00
|
|
|
],
|
2010-03-01 21:32:28 +01:00
|
|
|
_help => 'default',
|
2010-01-22 17:04:15 +01:00
|
|
|
|
|
|
|
|
# PORTAL PARAMETERS
|
|
|
|
|
portalParams => {
|
2010-09-20 17:23:03 +02:00
|
|
|
_nodes => [qw(portal n:portalMenu n:portalCustomization)],
|
2010-03-15 21:24:02 +01:00
|
|
|
_help => 'portalParams',
|
|
|
|
|
|
2010-03-21 13:00:04 +01:00
|
|
|
portal => 'text:/portal:portal:text',
|
2010-03-15 21:24:02 +01:00
|
|
|
|
2010-09-20 17:23:03 +02:00
|
|
|
portalMenu => {
|
2010-09-21 17:38:13 +02:00
|
|
|
_nodes => [qw(portalModules applicationList)],
|
2010-11-17 06:07:33 +01:00
|
|
|
_help => 'menu',
|
2010-09-23 18:41:39 +02:00
|
|
|
portalModules => {
|
|
|
|
|
_nodes => [
|
2012-01-10 20:54:30 +01:00
|
|
|
qw(portalDisplayLogout portalDisplayChangePassword portalDisplayAppslist portalDisplayLoginHistory)
|
2010-09-23 18:41:39 +02:00
|
|
|
],
|
2010-11-18 16:30:21 +01:00
|
|
|
portalDisplayLogout =>
|
|
|
|
|
'text:/portalDisplayLogout:menu:boolOrPerlExpr',
|
2010-09-23 18:41:39 +02:00
|
|
|
portalDisplayChangePassword =>
|
2010-11-18 16:30:21 +01:00
|
|
|
'text:/portalDisplayChangePassword:menu:boolOrPerlExpr',
|
|
|
|
|
portalDisplayAppslist =>
|
|
|
|
|
'text:/portalDisplayAppslist:menu:boolOrPerlExpr',
|
2012-01-10 20:54:30 +01:00
|
|
|
portalDisplayLoginHistory =>
|
|
|
|
|
'text:/portalDisplayLoginHistory:menu:boolOrPerlExpr',
|
2010-09-23 18:41:39 +02:00
|
|
|
},
|
2010-09-20 17:23:03 +02:00
|
|
|
applicationList => {
|
|
|
|
|
_nodes => [
|
2010-11-25 11:24:59 +01:00
|
|
|
'applicationlist:/applicationList:menuCatAndApp:applicationListCategory'
|
2010-09-20 17:23:03 +02:00
|
|
|
],
|
2010-12-08 11:42:53 +01:00
|
|
|
_js => 'applicationListCategoryRoot',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'menuCatAndApp',
|
2010-09-20 17:23:03 +02:00
|
|
|
},
|
|
|
|
|
},
|
2010-03-15 21:24:02 +01:00
|
|
|
|
|
|
|
|
portalCustomization => {
|
|
|
|
|
_nodes => [
|
2012-02-27 21:16:09 +01:00
|
|
|
qw(portalSkin portalAutocomplete portalCheckLogins portalUserAttr portalOpenLinkInNewWindow portalAntiFrame passwordManagement)
|
2010-03-15 21:24:02 +01:00
|
|
|
],
|
2010-11-24 19:04:03 +01:00
|
|
|
_help => 'portalcustom',
|
2010-03-15 21:24:02 +01:00
|
|
|
|
2010-11-25 11:24:59 +01:00
|
|
|
portalSkin => 'text:/portalSkin:portalcustom:skinSelect',
|
2010-03-15 21:24:02 +01:00
|
|
|
portalAutocomplete => 'bool:/portalAutocomplete',
|
2012-02-27 21:16:09 +01:00
|
|
|
portalCheckLogins => 'bool:/portalCheckLogins',
|
2011-11-09 12:02:53 +01:00
|
|
|
portalUserAttr => 'text:/portalUserAttr',
|
2010-03-14 15:29:15 +01:00
|
|
|
portalOpenLinkInNewWindow =>
|
|
|
|
|
'bool:/portalOpenLinkInNewWindow',
|
2010-10-22 12:03:42 +02:00
|
|
|
portalAntiFrame => 'bool:/portalAntiFrame',
|
2011-11-09 12:02:53 +01:00
|
|
|
|
|
|
|
|
passwordManagement => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(portalDisplayResetPassword portalRequireOldPassword hideOldPassword mailOnPasswordChange)
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
portalDisplayResetPassword =>
|
|
|
|
|
'bool:/portalDisplayResetPassword',
|
|
|
|
|
portalRequireOldPassword =>
|
|
|
|
|
'bool:/portalRequireOldPassword',
|
|
|
|
|
hideOldPassword => 'bool:/hideOldPassword',
|
|
|
|
|
mailOnPasswordChange => 'bool:/mailOnPasswordChange',
|
|
|
|
|
},
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-01-22 17:04:15 +01:00
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
|
2012-01-11 12:42:42 +01:00
|
|
|
# AUTHENTICATION / USERDB / PASSWORDDB PARAMETERS
|
2009-12-11 19:17:00 +01:00
|
|
|
authParams => {
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# Displayed nodes depend on authentication/userDB modules choosed
|
2009-12-23 10:37:38 +01:00
|
|
|
_nodes => sub {
|
|
|
|
|
my $self = shift;
|
2009-12-29 18:03:24 +01:00
|
|
|
my $auth = $self->conf->{authentication}
|
2009-12-23 10:37:38 +01:00
|
|
|
|| $self->defaultConf()->{authentication};
|
2009-12-29 18:03:24 +01:00
|
|
|
my $udb = $self->conf->{userDB}
|
2009-12-23 10:37:38 +01:00
|
|
|
|| $self->defaultConf()->{userDB};
|
2010-03-15 21:24:02 +01:00
|
|
|
my $pdb = $self->conf->{passwordDB}
|
|
|
|
|
|| $self->defaultConf()->{passwordDB};
|
2009-12-23 10:37:38 +01:00
|
|
|
$auth = lc($auth);
|
2010-09-15 14:00:55 +02:00
|
|
|
$auth =~ s/\s.*$//; # For Multi
|
2010-09-23 18:41:39 +02:00
|
|
|
$udb = lc($udb);
|
|
|
|
|
$pdb = lc($pdb);
|
2010-03-15 11:44:44 +01:00
|
|
|
my %res;
|
2010-03-15 21:24:02 +01:00
|
|
|
|
|
|
|
|
foreach my $mod (
|
|
|
|
|
(
|
|
|
|
|
$auth,
|
2010-08-23 15:27:16 +02:00
|
|
|
( $udb ne ( $auth or $pdb ) ? $udb : () ),
|
|
|
|
|
( $pdb ne ( $auth or $udb ) ? $pdb : () ),
|
2010-03-15 21:24:02 +01:00
|
|
|
)
|
|
|
|
|
)
|
2009-12-23 10:37:38 +01:00
|
|
|
{
|
|
|
|
|
my $tmp = {
|
2010-03-15 21:24:02 +01:00
|
|
|
ldap => ['ldapParams'],
|
|
|
|
|
ssl => [qw(ldapParams sslParams)],
|
|
|
|
|
cas => ['casParams'],
|
2011-11-17 16:38:01 +01:00
|
|
|
radius => ['radiusParams'],
|
2010-03-15 21:24:02 +01:00
|
|
|
remote => ['remoteParams'],
|
|
|
|
|
proxy => ['proxyParams'],
|
|
|
|
|
openid => ['openIdParams'],
|
2010-03-15 14:47:36 +01:00
|
|
|
twitter => ['twitterParams'],
|
2010-03-18 22:46:38 +01:00
|
|
|
dbi => ['dbiParams'],
|
2010-09-01 18:06:01 +02:00
|
|
|
apache => ['apacheParams'],
|
|
|
|
|
null => ['nullParams'],
|
2010-12-08 07:04:57 +01:00
|
|
|
slave => ['slaveParams'],
|
2010-09-06 17:05:54 +02:00
|
|
|
choice => [
|
2011-11-17 16:38:01 +01:00
|
|
|
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams twitterParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams)
|
2010-09-15 14:00:55 +02:00
|
|
|
],
|
|
|
|
|
multi => [
|
2011-11-17 16:38:01 +01:00
|
|
|
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams twitterParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams)
|
2010-09-15 14:00:55 +02:00
|
|
|
],
|
2011-04-21 12:28:18 +02:00
|
|
|
yubikey => ['yubikeyParams'],
|
2009-12-23 10:37:38 +01:00
|
|
|
}->{$mod};
|
|
|
|
|
if ($tmp) {
|
|
|
|
|
$res{$_}++ foreach (@$tmp);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
my @u = keys %res;
|
2010-03-15 11:44:44 +01:00
|
|
|
|
2010-03-25 16:00:48 +01:00
|
|
|
# Add authentication, userDB, passwordDB and issuerDB nodes at the beginning
|
2010-03-15 21:24:02 +01:00
|
|
|
unshift( @u, "passwordDB" );
|
2010-03-15 11:44:44 +01:00
|
|
|
unshift( @u, "userDB" );
|
|
|
|
|
unshift( @u, "authentication" );
|
|
|
|
|
|
|
|
|
|
# Return nodes
|
2009-12-23 10:37:38 +01:00
|
|
|
return \@u;
|
|
|
|
|
},
|
2010-03-15 11:44:44 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
_help => 'authParams',
|
2010-03-15 11:44:44 +01:00
|
|
|
|
2009-12-23 10:37:38 +01:00
|
|
|
authentication => 'text:/authentication:authParams:authParams',
|
2010-03-17 16:45:53 +01:00
|
|
|
userDB => 'text:/userDB:authParams:userdbParams',
|
2010-03-20 18:14:28 +01:00
|
|
|
passwordDB => 'text:/passwordDB:authParams:passworddbParams',
|
2010-08-23 15:27:16 +02:00
|
|
|
|
2010-03-15 11:44:44 +01:00
|
|
|
# LDAP
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapParams => {
|
2009-12-23 10:37:38 +01:00
|
|
|
_nodes => [
|
2010-09-01 18:06:01 +02:00
|
|
|
qw(ldapAuthnLevel n:ldapConnection n:ldapFilters n:ldapGroups n:ldapPassword)
|
2009-12-23 10:37:38 +01:00
|
|
|
],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authLDAP',
|
2010-11-25 11:24:59 +01:00
|
|
|
ldapAuthnLevel => 'int:/ldapAuthnLevel:authLDAPLevel:int',
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapConnection => {
|
|
|
|
|
_nodes => [
|
2010-07-28 12:00:30 +02:00
|
|
|
qw(ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw)
|
2010-03-15 21:24:02 +01:00
|
|
|
],
|
|
|
|
|
ldapServer => 'text:/ldapServer',
|
|
|
|
|
ldapPort => 'int:/ldapPort',
|
|
|
|
|
ldapBase => 'text:/ldapBase',
|
|
|
|
|
managerDn => 'text:/managerDn',
|
|
|
|
|
managerPassword => 'text:/managerPassword',
|
2010-07-28 12:00:30 +02:00
|
|
|
ldapTimeout => 'int:/ldapTimeout',
|
|
|
|
|
ldapVersion => 'int:/ldapVersion',
|
|
|
|
|
ldapRaw => 'text:/ldapRaw',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authLDAPConnection',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-03-14 22:45:49 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapFilters => {
|
2010-03-14 22:45:49 +01:00
|
|
|
_nodes =>
|
2010-03-15 10:03:24 +01:00
|
|
|
[qw(LDAPFilter AuthLDAPFilter mailLDAPFilter)],
|
2010-03-15 21:24:02 +01:00
|
|
|
LDAPFilter => 'text:/LDAPFilter',
|
|
|
|
|
AuthLDAPFilter => 'text:/AuthLDAPFilter',
|
|
|
|
|
mailLDAPFilter => 'text:/mailLDAPFilter',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authLDAPFilters',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
ldapGroups => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup)
|
|
|
|
|
],
|
|
|
|
|
ldapGroupBase => 'text:/ldapGroupBase',
|
|
|
|
|
ldapGroupObjectClass => 'text:/ldapGroupObjectClass',
|
2010-03-14 22:45:49 +01:00
|
|
|
ldapGroupAttributeName =>
|
|
|
|
|
'text:/ldapGroupAttributeName',
|
|
|
|
|
ldapGroupAttributeNameUser =>
|
|
|
|
|
'text:/ldapGroupAttributeNameUser',
|
2010-03-15 10:03:24 +01:00
|
|
|
ldapGroupAttributeNameSearch =>
|
|
|
|
|
'text:/ldapGroupAttributeNameSearch',
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapGroupRecursive => 'bool:/ldapGroupRecursive',
|
2010-03-14 22:45:49 +01:00
|
|
|
ldapGroupAttributeNameGroup =>
|
|
|
|
|
'text:/ldapGroupAttributeNameGroup',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authLDAPGroups',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-03-14 22:45:49 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapPassword => {
|
2010-03-24 11:00:52 +01:00
|
|
|
_nodes => [
|
2011-06-23 15:03:06 +02:00
|
|
|
qw(ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue)
|
2010-03-24 11:00:52 +01:00
|
|
|
],
|
2010-03-15 21:24:02 +01:00
|
|
|
ldapPpolicyControl => 'bool:/ldapPpolicyControl',
|
|
|
|
|
ldapSetPassword => 'bool:/ldapSetPassword',
|
2010-03-24 11:00:52 +01:00
|
|
|
ldapChangePasswordAsUser =>
|
|
|
|
|
'bool:/ldapChangePasswordAsUser',
|
2010-06-21 16:47:27 +02:00
|
|
|
ldapPwdEnc => 'text:/ldapPwdEnc',
|
2011-06-23 15:03:06 +02:00
|
|
|
ldapUsePasswordResetAttribute =>
|
|
|
|
|
'bool:/ldapUsePasswordResetAttribute',
|
|
|
|
|
ldapPasswordResetAttribute =>
|
|
|
|
|
'text:/ldapPasswordResetAttribute',
|
|
|
|
|
ldapPasswordResetAttributeValue =>
|
|
|
|
|
'text:/ldapPasswordResetAttributeValue',
|
|
|
|
|
_help => 'authLDAPPassword',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
|
|
|
|
|
2010-03-14 22:45:49 +01:00
|
|
|
},
|
|
|
|
|
|
2010-03-15 11:44:44 +01:00
|
|
|
# SSL
|
2010-03-15 21:24:02 +01:00
|
|
|
sslParams => {
|
2012-07-26 04:47:27 +02:00
|
|
|
_nodes => [qw(SSLAuthnLevel SSLVar)],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authSSL',
|
2010-09-01 18:06:01 +02:00
|
|
|
SSLAuthnLevel => 'int:/SSLAuthnLevel',
|
|
|
|
|
SSLVar => 'text:/SSLVar',
|
2010-08-27 17:34:03 +02:00
|
|
|
},
|
|
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
# CAS
|
|
|
|
|
casParams => {
|
2010-08-27 14:39:27 +02:00
|
|
|
_nodes => [
|
2010-09-01 18:06:01 +02:00
|
|
|
qw(CAS_authnLevel CAS_url CAS_CAFile CAS_renew CAS_gateway CAS_pgtFile cn:CAS_proxiedServices)
|
2010-08-27 14:39:27 +02:00
|
|
|
],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authCAS',
|
2010-09-01 18:06:01 +02:00
|
|
|
CAS_authnLevel => 'int:/CAS_authnLevel',
|
2010-09-01 14:56:15 +02:00
|
|
|
CAS_url => 'text:/CAS_url',
|
|
|
|
|
CAS_CAFile => 'text:/CAS_CAFile',
|
2010-08-30 15:41:45 +02:00
|
|
|
CAS_renew => 'bool:/CAS_renew',
|
|
|
|
|
CAS_gateway => 'bool:/CAS_gateway',
|
2010-08-27 14:39:27 +02:00
|
|
|
CAS_pgtFile => 'text:/CAS_pgtFile',
|
|
|
|
|
CAS_proxiedServices => {
|
2010-11-25 11:24:59 +01:00
|
|
|
_nodes => ['hash:/CAS_proxiedServices:authCAS:btext'],
|
2010-08-27 14:39:27 +02:00
|
|
|
_js => 'hashRoot',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authCAS',
|
2010-08-27 14:39:27 +02:00
|
|
|
},
|
|
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
|
|
|
|
|
2011-11-17 16:38:01 +01:00
|
|
|
# Radius
|
|
|
|
|
radiusParams => {
|
2011-12-05 15:53:13 +01:00
|
|
|
_nodes => [qw(radiusAuthnLevel radiusSecret radiusServer)],
|
|
|
|
|
_help => 'authRadius',
|
|
|
|
|
radiusAuthnLevel => 'int:/radiusAuthnLevel',
|
|
|
|
|
radiusSecret => 'text:/radiusSecret',
|
|
|
|
|
radiusServer => 'text:/radiusServer',
|
2011-11-17 16:38:01 +01:00
|
|
|
},
|
|
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
# Remote
|
|
|
|
|
remoteParams => {
|
|
|
|
|
_nodes => [
|
2010-08-27 14:39:27 +02:00
|
|
|
qw(remotePortal remoteCookieName remoteGlobalStorage cn:remoteGlobalStorageOptions)
|
2010-03-15 21:24:02 +01:00
|
|
|
],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authRemote',
|
2010-09-01 14:56:15 +02:00
|
|
|
remotePortal => 'text:/remotePortal',
|
|
|
|
|
remoteCookieName => 'text:/remoteCookieName',
|
|
|
|
|
remoteGlobalStorage => 'text:/remoteGlobalStorage',
|
2010-08-27 14:39:27 +02:00
|
|
|
remoteGlobalStorageOptions => {
|
|
|
|
|
_nodes =>
|
2010-11-25 11:24:59 +01:00
|
|
|
['hash:/remoteGlobalStorageOptions:authRemote:btext'],
|
2010-08-27 14:39:27 +02:00
|
|
|
_js => 'hashRoot',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authRemote',
|
2010-08-27 14:39:27 +02:00
|
|
|
},
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Proxy
|
|
|
|
|
proxyParams => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(soapAuthService remoteCookieName soapSessionService)],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authProxy',
|
2010-03-15 21:24:02 +01:00
|
|
|
soapAuthService => 'text:/soapAuthService',
|
|
|
|
|
remoteCookieName => 'text:/remoteCookieName',
|
|
|
|
|
soapSessionService => 'text:/soapSessionService',
|
|
|
|
|
},
|
2010-03-15 17:47:50 +01:00
|
|
|
|
2010-03-15 11:44:44 +01:00
|
|
|
# OpenID
|
|
|
|
|
openIdParams => {
|
2010-10-14 11:50:23 +02:00
|
|
|
_nodes => [qw(openIdAuthnLevel openIdSecret openIdIDPList)],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authOpenID',
|
2010-09-01 18:06:01 +02:00
|
|
|
openIdAuthnLevel => 'int:/openIdAuthnLevel',
|
|
|
|
|
openIdSecret => 'text:/openIdSecret',
|
2010-10-11 18:12:04 +02:00
|
|
|
openIdIDPList =>
|
2010-11-25 11:24:59 +01:00
|
|
|
'text:/openIdIDPList:authOpenID:openididplist',
|
2010-03-15 14:47:36 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Twitter
|
|
|
|
|
twitterParams => {
|
2010-09-01 18:06:01 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName)
|
|
|
|
|
],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authTwitter',
|
2010-09-01 18:06:01 +02:00
|
|
|
twitterAuthnLevel => 'int:/twitterAuthnLevel',
|
|
|
|
|
twitterKey => 'text:/twitterKey',
|
|
|
|
|
twitterSecret => 'text:/twitterSecret',
|
|
|
|
|
twitterAppName => 'text:/twitterAppName',
|
2010-03-15 14:47:36 +01:00
|
|
|
},
|
2010-03-18 22:46:38 +01:00
|
|
|
|
|
|
|
|
# DBI
|
|
|
|
|
dbiParams => {
|
2010-09-01 18:06:01 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(dbiAuthnLevel n:dbiConnection n:dbiSchema n:dbiPassword)
|
|
|
|
|
],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authDBI',
|
2010-11-25 11:24:59 +01:00
|
|
|
dbiAuthnLevel => 'int:/dbiAuthnLevel:authDBILevel:int',
|
2010-03-18 22:46:38 +01:00
|
|
|
dbiConnection => {
|
|
|
|
|
_nodes => [qw(n:dbiConnectionAuth n:dbiConnectionUser)],
|
|
|
|
|
dbiConnectionAuth => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(dbiAuthChain dbiAuthUser dbiAuthPassword)],
|
|
|
|
|
dbiAuthChain => 'text:/dbiAuthChain',
|
|
|
|
|
dbiAuthUser => 'text:/dbiAuthUser',
|
|
|
|
|
dbiAuthPassword => 'text:/dbiAuthPassword',
|
|
|
|
|
},
|
|
|
|
|
dbiConnectionUser => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(dbiUserChain dbiUserUser dbiUserPassword)],
|
|
|
|
|
dbiUserChain => 'text:/dbiUserChain',
|
|
|
|
|
dbiUserUser => 'text:/dbiUserUser',
|
|
|
|
|
dbiUserPassword => 'text:/dbiUserPassword',
|
|
|
|
|
},
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authDBIConnection',
|
2010-03-18 22:46:38 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
dbiSchema => {
|
|
|
|
|
_nodes => [
|
2010-10-25 14:54:30 +02:00
|
|
|
qw(dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot)
|
2010-03-18 22:46:38 +01:00
|
|
|
],
|
|
|
|
|
dbiAuthTable => 'text:/dbiAuthTable',
|
|
|
|
|
dbiUserTable => 'text:/dbiUserTable',
|
|
|
|
|
dbiAuthLoginCol => 'text:/dbiAuthLoginCol',
|
|
|
|
|
dbiAuthPasswordCol => 'text:/dbiAuthPasswordCol',
|
2010-10-25 14:54:30 +02:00
|
|
|
dbiPasswordMailCol => 'text:/dbiPasswordMailCol',
|
2010-03-18 22:46:38 +01:00
|
|
|
userPivot => 'text:/userPivot',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authDBISchema',
|
2010-03-18 22:46:38 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
dbiPassword => {
|
|
|
|
|
_nodes => [qw(dbiAuthPasswordHash)],
|
|
|
|
|
dbiAuthPasswordHash => 'text:/dbiAuthPasswordHash',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authDBIPassword',
|
2010-03-18 22:46:38 +01:00
|
|
|
},
|
|
|
|
|
},
|
2010-09-01 18:06:01 +02:00
|
|
|
|
|
|
|
|
# Apache
|
|
|
|
|
apacheParams => {
|
|
|
|
|
_nodes => [qw(apacheAuthnLevel)],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authApache',
|
2010-09-01 18:06:01 +02:00
|
|
|
apacheAuthnLevel => 'int:/apacheAuthnLevel',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Null
|
|
|
|
|
nullParams => {
|
|
|
|
|
_nodes => [qw(nullAuthnLevel)],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authNull',
|
2010-09-01 18:06:01 +02:00
|
|
|
nullAuthnLevel => 'int:/nullAuthnLevel',
|
|
|
|
|
},
|
|
|
|
|
|
2010-12-08 07:04:57 +01:00
|
|
|
# Slave
|
|
|
|
|
slaveParams => {
|
2012-02-27 22:27:52 +01:00
|
|
|
_nodes =>
|
|
|
|
|
[qw(slaveAuthnLevel slaveUserHeader slaveMasterIP)],
|
2010-12-08 11:42:53 +01:00
|
|
|
_help => 'authSlave',
|
2010-12-08 07:04:57 +01:00
|
|
|
slaveAuthnLevel => 'int:/slaveAuthnLevel',
|
2011-07-01 18:16:11 +02:00
|
|
|
slaveUserHeader => 'text:/slaveUserHeader',
|
2012-02-13 18:35:44 +01:00
|
|
|
slaveMasterIP => 'text:/slaveMasterIP',
|
2010-12-08 07:04:57 +01:00
|
|
|
},
|
|
|
|
|
|
2010-09-06 17:05:54 +02:00
|
|
|
# Choice
|
|
|
|
|
choiceParams => {
|
|
|
|
|
_nodes => [qw(authChoiceParam n:authChoiceModules)],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'authChoice',
|
2010-09-23 18:41:39 +02:00
|
|
|
authChoiceParam => 'text:/authChoiceParam',
|
2010-09-06 17:05:54 +02:00
|
|
|
authChoiceModules => {
|
|
|
|
|
_nodes =>
|
2010-11-25 11:24:59 +01:00
|
|
|
['hash:/authChoiceModules:authChoice:authChoice'],
|
2010-09-06 17:05:54 +02:00
|
|
|
_js => 'authChoiceRoot',
|
2010-11-25 11:24:59 +01:00
|
|
|
_help => 'authChoice',
|
2010-09-06 17:05:54 +02:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2011-04-21 12:28:18 +02:00
|
|
|
# Yubikey
|
|
|
|
|
yubikeyParams => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(yubikeyAuthnLevel yubikeyClientID yubikeySecretKey yubikeyPublicIDSize)
|
|
|
|
|
],
|
|
|
|
|
_help => 'authYubikey',
|
|
|
|
|
yubikeyAuthnLevel => 'int:/yubikeyAuthnLevel',
|
|
|
|
|
yubikeyClientID => 'text:/yubikeyClientID',
|
|
|
|
|
yubikeySecretKey => 'text:/yubikeySecretKey',
|
|
|
|
|
yubikeyPublicIDSize => 'int:/yubikeyPublicIDSize',
|
|
|
|
|
},
|
|
|
|
|
|
2009-12-23 10:37:38 +01:00
|
|
|
},
|
|
|
|
|
|
2010-10-04 11:55:50 +02:00
|
|
|
# ISSUERDB PARAMETERS
|
|
|
|
|
issuerParams => {
|
|
|
|
|
_nodes => [qw(issuerDBSAML issuerDBCAS issuerDBOpenID)],
|
2010-11-17 06:07:33 +01:00
|
|
|
_help => 'issuerdb',
|
2010-10-04 11:55:50 +02:00
|
|
|
issuerDBSAML => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)
|
|
|
|
|
],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'issuerdbSAML',
|
2010-10-04 11:55:50 +02:00
|
|
|
issuerDBSAMLActivation => 'bool:/issuerDBSAMLActivation',
|
|
|
|
|
issuerDBSAMLPath => 'text:/issuerDBSAMLPath',
|
2010-11-18 16:30:21 +01:00
|
|
|
issuerDBSAMLRule =>
|
2010-11-25 18:28:49 +01:00
|
|
|
'text:/issuerDBSAMLRule:issuerdbSAML:boolOrPerlExpr',
|
2010-10-04 11:55:50 +02:00
|
|
|
},
|
|
|
|
|
issuerDBCAS => {
|
|
|
|
|
_nodes => [
|
2010-10-07 16:30:58 +02:00
|
|
|
qw(issuerDBCASActivation issuerDBCASPath issuerDBCASRule issuerDBCASOptions)
|
2010-10-04 11:55:50 +02:00
|
|
|
],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'issuerdbCAS',
|
2010-10-04 11:55:50 +02:00
|
|
|
issuerDBCASActivation => 'bool:/issuerDBCASActivation',
|
|
|
|
|
issuerDBCASPath => 'text:/issuerDBCASPath',
|
2010-11-18 16:30:21 +01:00
|
|
|
issuerDBCASRule =>
|
2010-11-25 18:28:49 +01:00
|
|
|
'text:/issuerDBCASRule:issuerdbCAS:boolOrPerlExpr',
|
2010-12-08 11:42:53 +01:00
|
|
|
issuerDBCASOptions => {
|
2011-09-15 12:07:05 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(casAttr casAccessControlPolicy casStorage cn:casStorageOptions)
|
|
|
|
|
],
|
|
|
|
|
casAttr => 'text:/casAttr',
|
|
|
|
|
casAccessControlPolicy =>
|
|
|
|
|
'select:/casAccessControlPolicy:issuerdbCAS:casAccessControlPolicyParams',
|
2010-10-07 16:30:58 +02:00
|
|
|
casStorage => 'text:/casStorage',
|
|
|
|
|
casStorageOptions => {
|
2010-11-25 18:28:49 +01:00
|
|
|
_nodes =>
|
|
|
|
|
['hash:/casStorageOptions:issuerDBCAS:btext'],
|
2010-12-08 11:42:53 +01:00
|
|
|
_js => 'hashRoot',
|
2010-11-25 18:28:49 +01:00
|
|
|
_help => 'issuerdbCAS',
|
2010-10-07 16:30:58 +02:00
|
|
|
},
|
|
|
|
|
},
|
2010-10-04 11:55:50 +02:00
|
|
|
},
|
|
|
|
|
issuerDBOpenID => {
|
|
|
|
|
_nodes => [
|
2010-10-12 15:32:18 +02:00
|
|
|
qw(issuerDBOpenIDActivation issuerDBOpenIDPath issuerDBOpenIDRule n:issuerDBOpenIDOptions)
|
2010-10-04 11:55:50 +02:00
|
|
|
],
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'issuerdbOpenID',
|
2010-10-04 11:55:50 +02:00
|
|
|
issuerDBOpenIDActivation =>
|
|
|
|
|
'bool:/issuerDBOpenIDActivation',
|
2010-12-08 11:42:53 +01:00
|
|
|
issuerDBOpenIDPath => 'text:/issuerDBOpenIDPath',
|
2010-11-18 16:30:21 +01:00
|
|
|
issuerDBOpenIDRule =>
|
2010-11-25 18:28:49 +01:00
|
|
|
'text:/issuerDBOpenIDRule:issuerdbOpenID:boolOrPerlExpr',
|
2010-10-04 11:55:50 +02:00
|
|
|
issuerDBOpenIDOptions => {
|
2010-10-12 15:32:18 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(openIdIssuerSecret openIdAttr openIdSPList n:openIdSreg)
|
|
|
|
|
],
|
2010-10-04 11:55:50 +02:00
|
|
|
openIdIssuerSecret => 'text:/openIdIssuerSecret',
|
2010-11-25 18:28:49 +01:00
|
|
|
openIdAttr => 'text:/openIdAttr',
|
2010-10-12 15:32:18 +02:00
|
|
|
openIdSPList =>
|
2010-11-25 18:28:49 +01:00
|
|
|
'text:/openIdSPList:issuerdbOpenID:openididplist',
|
2010-10-14 11:50:23 +02:00
|
|
|
openIdSreg => {
|
2010-10-04 11:55:50 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(openIdSreg_fullname openIdSreg_nickname openIdSreg_language openIdSreg_postcode openIdSreg_timezone openIdSreg_country openIdSreg_gender openIdSreg_email openIdSreg_dob)
|
|
|
|
|
],
|
|
|
|
|
openIdSreg_fullname => 'text:openIdSreg_fullname',
|
|
|
|
|
openIdSreg_nickname => 'text:openIdSreg_nickname',
|
|
|
|
|
openIdSreg_language => 'text:openIdSreg_language',
|
|
|
|
|
openIdSreg_postcode => 'text:openIdSreg_postcode',
|
|
|
|
|
openIdSreg_timezone => 'text:openIdSreg_timezone',
|
|
|
|
|
openIdSreg_country => 'text:openIdSreg_country',
|
|
|
|
|
openIdSreg_gender => 'text:openIdSreg_gender',
|
|
|
|
|
openIdSreg_email => 'text:openIdSreg_email',
|
|
|
|
|
openIdSreg_dob => 'text:openIdSreg_dob',
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# LOGS PARAMETERS
|
2009-12-23 10:37:38 +01:00
|
|
|
logParams => {
|
2009-12-30 18:02:23 +01:00
|
|
|
_nodes => [qw(syslog useXForwardedForIP whatToTrace)],
|
2010-11-17 06:07:33 +01:00
|
|
|
_help => 'logs',
|
2009-12-30 18:02:23 +01:00
|
|
|
syslog => 'text:/syslog',
|
2009-12-30 15:22:24 +01:00
|
|
|
useXForwardedForIP => 'bool:/useXForwardedForIP',
|
2010-11-25 18:28:49 +01:00
|
|
|
whatToTrace => 'text:/whatToTrace',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# COOKIE PARAMETERS
|
2009-12-11 19:17:00 +01:00
|
|
|
cookieParams => {
|
2011-10-05 10:44:59 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(cookieName domain cda securedCookie httpOnly cookieExpiration)
|
|
|
|
|
],
|
2009-12-19 09:57:59 +01:00
|
|
|
_help => 'cookies',
|
2010-11-25 18:28:49 +01:00
|
|
|
cookieName => 'text:/cookieName',
|
|
|
|
|
domain => 'text:/domain',
|
2010-03-14 15:38:39 +01:00
|
|
|
cda => 'bool:/cda',
|
2009-12-11 19:17:00 +01:00
|
|
|
securedCookie =>
|
2010-11-25 18:28:49 +01:00
|
|
|
'select:/securedCookie:cookies:securedCookieValues',
|
2011-10-05 10:44:59 +02:00
|
|
|
httpOnly => 'bool:/httpOnly',
|
2009-12-14 15:01:46 +01:00
|
|
|
cookieExpiration => 'text:/cookieExpiration',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# SESSIONS PARAMETERS
|
2009-12-11 19:17:00 +01:00
|
|
|
sessionParams => {
|
2009-12-23 10:37:38 +01:00
|
|
|
_nodes => [
|
2012-01-12 18:30:06 +01:00
|
|
|
qw(storePassword timeout timeoutActivity cn:grantSessionRules n:sessionStorage n:multipleSessions n:persistentSessions)
|
2009-12-23 10:37:38 +01:00
|
|
|
],
|
2010-11-25 18:28:49 +01:00
|
|
|
_help => 'sessions',
|
2010-03-15 21:24:02 +01:00
|
|
|
|
2012-02-27 22:27:52 +01:00
|
|
|
storePassword => 'bool:/storePassword',
|
|
|
|
|
timeout => 'int:/timeout',
|
2010-05-12 06:04:10 +02:00
|
|
|
timeoutActivity =>
|
2010-11-25 18:28:49 +01:00
|
|
|
'text:/timeoutActivity:sessions:timeoutActivityParams',
|
2010-03-15 21:24:02 +01:00
|
|
|
|
2012-01-12 18:30:06 +01:00
|
|
|
grantSessionRules => {
|
2012-02-27 22:27:52 +01:00
|
|
|
_nodes => [
|
|
|
|
|
'hash:/grantSessionRules:grantSessionRules:grantSessionRules'
|
|
|
|
|
],
|
|
|
|
|
_js => 'grantSessionRulesRoot',
|
2012-01-12 18:30:06 +01:00
|
|
|
},
|
|
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
sessionStorage => {
|
2010-08-27 14:39:27 +02:00
|
|
|
_nodes => [qw(globalStorage cn:globalStorageOptions)],
|
2010-11-17 06:07:33 +01:00
|
|
|
_help => 'sessionsdb',
|
2010-09-01 14:56:15 +02:00
|
|
|
globalStorage => 'text:/globalStorage',
|
2009-12-11 19:17:00 +01:00
|
|
|
globalStorageOptions => {
|
2010-11-25 18:28:49 +01:00
|
|
|
_nodes =>
|
|
|
|
|
['hash:/globalStorageOptions:sessionsdb:btext'],
|
2010-12-08 11:42:53 +01:00
|
|
|
_js => 'hashRoot',
|
2010-11-25 18:28:49 +01:00
|
|
|
_help => 'sessionsdb',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
|
|
|
|
},
|
2010-03-15 21:24:02 +01:00
|
|
|
|
|
|
|
|
multipleSessions => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(singleSession singleIP singleUserByIP notifyDeleted notifyOther)
|
|
|
|
|
],
|
|
|
|
|
singleSession => 'bool:/singleSession',
|
|
|
|
|
singleIP => 'bool:/singleIP',
|
|
|
|
|
singleUserByIP => 'bool:/singleUserByIP',
|
|
|
|
|
notifyDeleted => 'bool:/notifyDeleted',
|
|
|
|
|
notifyOther => 'bool:/notifyOther',
|
|
|
|
|
},
|
2011-06-10 14:23:15 +02:00
|
|
|
|
|
|
|
|
persistentSessions => {
|
2011-06-21 12:04:29 +02:00
|
|
|
_nodes =>
|
|
|
|
|
[qw(persistentStorage cn:persistentStorageOptions)],
|
|
|
|
|
_help => 'sessionsdb',
|
2011-06-10 14:23:15 +02:00
|
|
|
persistentStorage => 'text:/persistentStorage',
|
|
|
|
|
persistentStorageOptions => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
['hash:/persistentStorageOptions:sessionsdb:btext'],
|
|
|
|
|
_js => 'hashRoot',
|
|
|
|
|
_help => 'sessionsdb',
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2012-01-11 12:42:42 +01:00
|
|
|
# RELOAD URLS
|
|
|
|
|
reloadUrls => {
|
|
|
|
|
_nodes => ['hash:/reloadUrls:reloadUrls:btext'],
|
2012-02-27 22:27:52 +01:00
|
|
|
_js => 'hashRoot',
|
|
|
|
|
_help => 'reloadUrls',
|
2012-01-11 12:42:42 +01:00
|
|
|
},
|
|
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
# OTHER PARAMETERS
|
2009-12-14 15:01:46 +01:00
|
|
|
advancedParams => {
|
|
|
|
|
_nodes => [
|
2012-02-09 16:00:35 +01:00
|
|
|
qw(customFunctions n:soap n:loginHistory n:notifications n:passwordManagement n:security n:redirection n:portalRedirection n:specialHandlers cn:logoutServices)
|
2009-12-14 15:01:46 +01:00
|
|
|
],
|
2010-11-25 18:28:49 +01:00
|
|
|
_help => 'advanced',
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2010-11-25 18:28:49 +01:00
|
|
|
customFunctions => 'text:/customFunctions:customfunctions:text',
|
2010-03-17 09:23:20 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
soap => {
|
2010-10-28 17:30:40 +02:00
|
|
|
_nodes => [qw(Soap exportedAttr)],
|
2010-10-30 21:25:38 +02:00
|
|
|
Soap => 'bool:/Soap',
|
|
|
|
|
exportedAttr => 'text:/exportedAttr',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2012-02-09 16:00:35 +01:00
|
|
|
loginHistory => {
|
2012-02-27 22:27:52 +01:00
|
|
|
_nodes => [
|
|
|
|
|
qw(loginHistoryEnabled successLoginNumber failedLoginNumber cn:sessionDataToRemember)
|
|
|
|
|
],
|
|
|
|
|
_help => 'loginHistory',
|
|
|
|
|
loginHistoryEnabled => 'bool:/loginHistoryEnabled',
|
|
|
|
|
successLoginNumber => 'int:/successLoginNumber',
|
|
|
|
|
failedLoginNumber => 'int:/failedLoginNumber',
|
2012-02-09 16:00:35 +01:00
|
|
|
sessionDataToRemember => {
|
2012-02-27 22:27:52 +01:00
|
|
|
_nodes =>
|
|
|
|
|
['hash:/sessionDataToRemember:loginHistory:btext'],
|
|
|
|
|
_js => 'hashRoot',
|
2012-02-09 16:00:35 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2009-12-14 15:01:46 +01:00
|
|
|
notifications => {
|
|
|
|
|
_nodes => [
|
2011-07-07 14:47:05 +02:00
|
|
|
qw(notification notificationStorage cn:notificationStorageOptions notificationWildcard notificationXSLTfile)
|
2009-12-14 15:01:46 +01:00
|
|
|
],
|
2009-12-19 09:57:59 +01:00
|
|
|
_help => 'notifications',
|
2009-12-30 15:22:24 +01:00
|
|
|
notification => 'bool:/notification',
|
2009-12-19 09:57:59 +01:00
|
|
|
notificationStorage => 'text:/notificationStorage',
|
2009-12-14 15:01:46 +01:00
|
|
|
notificationStorageOptions => {
|
2010-08-27 14:39:27 +02:00
|
|
|
_nodes => [
|
|
|
|
|
'hash:/notificationStorageOptions:notifications:btext'
|
|
|
|
|
],
|
|
|
|
|
_js => 'hashRoot',
|
|
|
|
|
_help => 'notifications',
|
2009-12-14 15:01:46 +01:00
|
|
|
},
|
2011-07-07 14:47:05 +02:00
|
|
|
notificationWildcard => 'text:/notificationWildcard',
|
|
|
|
|
notificationXSLTfile => 'text:/notificationXSLTfile',
|
2009-12-14 15:01:46 +01:00
|
|
|
},
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2009-12-14 15:01:46 +01:00
|
|
|
passwordManagement => {
|
2011-06-01 14:50:10 +02:00
|
|
|
_nodes => [qw(SMTP mailHeaders mailContent mailOther)],
|
|
|
|
|
_help => 'password',
|
|
|
|
|
SMTP => {
|
|
|
|
|
_nodes => [qw(SMTPServer SMTPAuthUser SMTPAuthPass)],
|
|
|
|
|
SMTPServer => 'text:/SMTPServer',
|
|
|
|
|
SMTPAuthUser => 'text:/SMTPAuthUser',
|
|
|
|
|
SMTPAuthPass => 'text:/SMTPAuthPass',
|
|
|
|
|
},
|
|
|
|
|
mailHeaders => {
|
|
|
|
|
_nodes => [qw(mailFrom mailReplyTo mailCharset)],
|
|
|
|
|
mailFrom => 'text:/mailFrom',
|
|
|
|
|
mailReplyTo => 'text:/mailReplyTo',
|
|
|
|
|
mailCharset => 'text:/mailCharset',
|
|
|
|
|
},
|
|
|
|
|
mailContent => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(mailSubject mailBody mailConfirmSubject mailConfirmBody)
|
|
|
|
|
],
|
|
|
|
|
mailSubject => 'text:/mailSubject',
|
|
|
|
|
mailBody => 'textarea:/mailBody',
|
|
|
|
|
mailConfirmSubject => 'text:/mailConfirmSubject',
|
|
|
|
|
mailConfirmBody => 'textarea:/mailConfirmBody',
|
|
|
|
|
},
|
|
|
|
|
mailOther => {
|
2011-06-22 18:27:27 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(mailUrl randomPasswordRegexp mailTimeout mailSessionKey)
|
|
|
|
|
],
|
2011-06-01 14:50:10 +02:00
|
|
|
mailUrl => 'text:/mailUrl',
|
|
|
|
|
randomPasswordRegexp => 'text:/randomPasswordRegexp',
|
|
|
|
|
mailTimeout => 'int:/mailTimeout',
|
2011-06-22 18:27:27 +02:00
|
|
|
mailSessionKey => 'text:/mailSessionKey',
|
2011-06-01 14:50:10 +02:00
|
|
|
},
|
2009-12-14 15:01:46 +01:00
|
|
|
},
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
security => {
|
2011-02-07 18:19:36 +01:00
|
|
|
_nodes => [
|
2012-02-27 22:27:52 +01:00
|
|
|
qw(userControl portalForceAuthn key trustedDomains useSafeJail checkXSS)
|
2011-02-07 18:19:36 +01:00
|
|
|
],
|
2010-11-25 18:28:49 +01:00
|
|
|
_help => 'security',
|
|
|
|
|
userControl => 'text:/userControl',
|
|
|
|
|
portalForceAuthn => 'bool:/portalForceAuthn',
|
|
|
|
|
key => 'text:/key',
|
2010-12-08 11:42:53 +01:00
|
|
|
trustedDomains => 'text:/trustedDomains',
|
2011-02-07 18:19:36 +01:00
|
|
|
useSafeJail => 'bool:/useSafeJail',
|
2012-02-27 22:27:52 +01:00
|
|
|
checkXSS => 'bool:/checkXSS',
|
2010-03-15 21:24:02 +01:00
|
|
|
},
|
2010-03-14 15:29:15 +01:00
|
|
|
|
2010-03-17 09:23:20 +01:00
|
|
|
redirection => {
|
2010-10-20 22:05:32 +02:00
|
|
|
_nodes => [
|
2012-02-29 18:19:11 +01:00
|
|
|
qw(https port useRedirectOnForbidden useRedirectOnError maintenance)
|
2010-10-20 22:05:32 +02:00
|
|
|
],
|
2010-11-17 06:07:33 +01:00
|
|
|
_help => 'redirections',
|
2010-10-30 21:25:38 +02:00
|
|
|
https => 'bool:/https',
|
|
|
|
|
port => 'int:/port',
|
2010-09-28 16:40:50 +02:00
|
|
|
useRedirectOnForbidden => 'bool:/useRedirectOnForbidden',
|
2010-10-20 22:05:32 +02:00
|
|
|
useRedirectOnError => 'bool:/useRedirectOnError',
|
2012-02-29 18:19:11 +01:00
|
|
|
maintenance => 'bool:/maintenance',
|
2010-05-07 12:42:38 +02:00
|
|
|
},
|
2010-03-17 09:23:20 +01:00
|
|
|
|
2012-02-01 11:20:50 +01:00
|
|
|
portalRedirection => {
|
2012-02-27 22:27:52 +01:00
|
|
|
_nodes => [qw(jsRedirect)],
|
|
|
|
|
_help => 'portalRedirections',
|
|
|
|
|
jsRedirect =>
|
|
|
|
|
'text:/jsRedirect:portalRedirections:boolOrPerlExpr',
|
2012-02-01 11:20:50 +01:00
|
|
|
},
|
|
|
|
|
|
2010-05-07 12:42:38 +02:00
|
|
|
specialHandlers => {
|
2011-07-06 11:36:15 +02:00
|
|
|
_nodes =>
|
|
|
|
|
[qw(zimbraHandler sympaHandler secureTokenHandler)],
|
2010-05-07 12:42:38 +02:00
|
|
|
|
|
|
|
|
# Zimbra
|
|
|
|
|
zimbraHandler => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(zimbraPreAuthKey zimbraAccountKey zimbraBy zimbraUrl zimbraSsoUrl)
|
|
|
|
|
],
|
2010-11-25 18:28:49 +01:00
|
|
|
_help => 'zimbra',
|
2010-05-07 12:42:38 +02:00
|
|
|
zimbraPreAuthKey => 'text:/zimbraPreAuthKey',
|
|
|
|
|
zimbraAccountKey => 'text:/zimbraAccountKey',
|
|
|
|
|
zimbraBy => 'text:/zimbraBy:default:zimbraByParams',
|
|
|
|
|
zimbraUrl => 'text:/zimbraUrl',
|
|
|
|
|
zimbraSsoUrl => 'text:/zimbraSsoUrl',
|
|
|
|
|
},
|
2010-05-21 17:53:54 +02:00
|
|
|
|
|
|
|
|
# Sympa
|
|
|
|
|
sympaHandler => {
|
|
|
|
|
_nodes => [qw(sympaSecret sympaMailKey)],
|
2010-11-25 18:28:49 +01:00
|
|
|
_help => 'sympa',
|
2010-06-21 17:29:59 +02:00
|
|
|
sympaSecret => 'text:/sympaSecret',
|
2010-05-21 17:53:54 +02:00
|
|
|
sympaMailKey => 'text:/sympaMailKey',
|
|
|
|
|
},
|
2011-07-06 11:36:15 +02:00
|
|
|
|
|
|
|
|
# Secure Token
|
|
|
|
|
secureTokenHandler => {
|
|
|
|
|
_nodes => [
|
2011-09-27 14:04:15 +02:00
|
|
|
qw(secureTokenMemcachedServers secureTokenExpiration secureTokenAttribute secureTokenUrls secureTokenHeader secureTokenAllowOnError)
|
2011-07-06 11:36:15 +02:00
|
|
|
],
|
|
|
|
|
_help => 'securetoken',
|
|
|
|
|
secureTokenMemcachedServers =>
|
|
|
|
|
'text:/secureTokenMemcachedServers',
|
|
|
|
|
secureTokenExpiration => 'int:/secureTokenExpiration',
|
|
|
|
|
secureTokenAttribute => 'text:secureTokenAttribute',
|
|
|
|
|
secureTokenUrls => 'text:/secureTokenUrls',
|
|
|
|
|
secureTokenHeader => 'text:/secureTokenHeader',
|
2011-09-27 14:04:15 +02:00
|
|
|
secureTokenAllowOnError =>
|
|
|
|
|
'bool:/secureTokenAllowOnError',
|
2011-07-06 11:36:15 +02:00
|
|
|
},
|
2010-05-07 12:42:38 +02:00
|
|
|
},
|
|
|
|
|
|
2010-08-30 17:46:26 +02:00
|
|
|
logoutServices => {
|
2010-11-25 18:28:49 +01:00
|
|
|
_nodes => ['hash:/logoutServices:logoutforward:btext'],
|
2010-08-30 17:46:26 +02:00
|
|
|
_js => 'hashRoot',
|
2010-11-25 18:28:49 +01:00
|
|
|
_help => 'logoutforward',
|
2010-08-30 17:46:26 +02:00
|
|
|
},
|
|
|
|
|
|
2010-05-07 12:42:38 +02:00
|
|
|
},
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-15 17:40:47 +01:00
|
|
|
#############
|
|
|
|
|
# VARIABLES #
|
|
|
|
|
#############
|
|
|
|
|
|
|
|
|
|
variables => {
|
2010-03-04 14:41:59 +01:00
|
|
|
_nodes => [qw(cn:exportedVars cn:macros cn:groups)],
|
2010-02-16 10:42:29 +01:00
|
|
|
_help => 'default',
|
2010-01-15 17:40:47 +01:00
|
|
|
|
2010-02-16 10:42:29 +01:00
|
|
|
# EXPORTED ATTRIBUTES
|
|
|
|
|
exportedVars => {
|
|
|
|
|
_nodes => ['hash:/exportedVars:vars:btext'],
|
2010-01-27 15:06:02 +01:00
|
|
|
_js => 'hashRoot',
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'exportedVars',
|
2010-02-16 10:42:29 +01:00
|
|
|
},
|
2010-01-15 17:40:47 +01:00
|
|
|
|
2010-02-16 10:42:29 +01:00
|
|
|
# MACROS
|
|
|
|
|
macros => {
|
|
|
|
|
_nodes => ['hash:/macros:macros:btext'],
|
2010-01-27 15:06:02 +01:00
|
|
|
_js => 'hashRoot',
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'macrosandgroups',
|
2010-02-16 10:42:29 +01:00
|
|
|
},
|
2010-01-15 17:40:47 +01:00
|
|
|
|
2010-02-16 10:42:29 +01:00
|
|
|
# GROUPS
|
|
|
|
|
groups => {
|
|
|
|
|
_nodes => ['hash:/groups:groups:btext'],
|
|
|
|
|
_js => 'hashRoot',
|
2010-11-21 10:22:39 +01:00
|
|
|
_help => 'macrosandgroups',
|
2010-02-16 10:42:29 +01:00
|
|
|
},
|
2010-01-15 17:40:47 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
|
2010-01-11 17:04:36 +01:00
|
|
|
#################
|
|
|
|
|
# VIRTUAL HOSTS #
|
|
|
|
|
#################
|
2009-12-19 09:57:59 +01:00
|
|
|
virtualHosts => {
|
2009-12-30 16:40:37 +01:00
|
|
|
_nodes => ['nhash:/locationRules:virtualHosts:vhost'],
|
2010-10-12 10:25:13 +02:00
|
|
|
_upload => [qw(/exportedHeaders /post /vhostOptions)],
|
2010-03-22 11:38:37 +01:00
|
|
|
_help => 'virtualHosts',
|
2010-03-13 17:21:55 +01:00
|
|
|
_js => 'vhostRoot',
|
2009-12-19 09:57:59 +01:00
|
|
|
},
|
2010-01-28 18:58:49 +01:00
|
|
|
|
2010-02-03 13:07:58 +01:00
|
|
|
########
|
|
|
|
|
# SAML #
|
|
|
|
|
########
|
2010-03-01 21:32:28 +01:00
|
|
|
# virtual keys should not begin like configuration keys.
|
|
|
|
|
samlIDPMetaDataNode => {
|
|
|
|
|
_nodes => [
|
2010-03-25 15:38:54 +01:00
|
|
|
'nhash:/samlIDPMetaDataExportedAttributes:samlIDPMetaDataNode:samlIdpMetaData'
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
2010-03-11 16:00:59 +01:00
|
|
|
_upload => [ '/samlIDPMetaDataXML', '/samlIDPMetaDataOptions' ],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlIDP',
|
2010-03-13 17:21:55 +01:00
|
|
|
_js => 'samlIdpRoot',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-16 11:44:03 +01:00
|
|
|
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataNode => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
'nhash:/samlSPMetaDataExportedAttributes:samlSPMetaDataNode:samlSpMetaData'
|
|
|
|
|
],
|
|
|
|
|
_upload => [ '/samlSPMetaDataXML', '/samlSPMetaDataOptions' ],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlSP',
|
2010-03-25 15:38:54 +01:00
|
|
|
_js => 'samlSpRoot',
|
|
|
|
|
},
|
|
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlServiceMetaData => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlEntityID
|
2010-06-04 15:39:00 +02:00
|
|
|
n:samlServiceSecurity
|
2010-05-21 11:03:29 +02:00
|
|
|
n:samlNameIDFormatMap
|
2010-09-02 11:09:10 +02:00
|
|
|
n:samlAuthnContextMap
|
2010-03-01 21:32:28 +01:00
|
|
|
n:samlOrganization
|
|
|
|
|
n:samlSPSSODescriptor
|
2010-05-31 12:37:43 +02:00
|
|
|
n:samlIDPSSODescriptor
|
2010-07-05 16:35:06 +02:00
|
|
|
n:samlAttributeAuthorityDescriptor
|
|
|
|
|
n:samlAdvanced)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlService',
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
# GLOBAL INFORMATIONS
|
2010-11-26 11:11:02 +01:00
|
|
|
samlEntityID => 'text:/samlEntityID:samlServiceEntityID:text',
|
2010-05-31 12:37:43 +02:00
|
|
|
|
2010-06-04 15:39:00 +02:00
|
|
|
# SECURITY NODE
|
|
|
|
|
samlServiceSecurity => {
|
2010-06-21 17:29:59 +02:00
|
|
|
_nodes =>
|
|
|
|
|
[qw(n:samlServiceSecuritySig n:samlServiceSecurityEnc)],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceSecurity',
|
2010-06-14 16:45:06 +02:00
|
|
|
samlServiceSecuritySig => {
|
2010-06-21 17:29:59 +02:00
|
|
|
_nodes => [
|
|
|
|
|
qw(samlServicePrivateKeySig
|
|
|
|
|
samlServicePrivateKeySigPwd
|
|
|
|
|
samlServicePublicKeySig)
|
|
|
|
|
],
|
|
|
|
|
samlServicePrivateKeySig =>
|
2010-11-26 11:11:02 +01:00
|
|
|
'filearea:/samlServicePrivateKeySig',
|
2010-06-21 17:29:59 +02:00
|
|
|
samlServicePrivateKeySigPwd =>
|
|
|
|
|
'text:/samlServicePrivateKeySigPwd',
|
|
|
|
|
samlServicePublicKeySig =>
|
2010-11-26 11:11:02 +01:00
|
|
|
'filearea:/samlServicePublicKeySig',
|
2010-06-21 17:29:59 +02:00
|
|
|
},
|
|
|
|
|
samlServiceSecurityEnc => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlServicePrivateKeyEnc
|
2010-06-14 16:45:06 +02:00
|
|
|
samlServicePrivateKeyEncPwd
|
|
|
|
|
samlServicePublicKeyEnc)
|
2010-06-21 17:29:59 +02:00
|
|
|
],
|
|
|
|
|
samlServicePrivateKeyEnc =>
|
2010-11-26 11:11:02 +01:00
|
|
|
'filearea:/samlServicePrivateKeyEnc',
|
2010-06-21 17:29:59 +02:00
|
|
|
samlServicePrivateKeyEncPwd =>
|
|
|
|
|
'text:/samlServicePrivateKeyEncPwd',
|
|
|
|
|
samlServicePublicKeyEnc =>
|
2010-11-26 11:11:02 +01:00
|
|
|
'filearea:/samlServicePublicKeyEnc',
|
2010-06-21 17:29:59 +02:00
|
|
|
},
|
2010-06-14 16:45:06 +02:00
|
|
|
},
|
2010-06-04 15:39:00 +02:00
|
|
|
|
2010-05-31 12:37:43 +02:00
|
|
|
# NAMEID FORMAT MAP
|
2010-05-21 11:03:29 +02:00
|
|
|
samlNameIDFormatMap => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos)
|
|
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceNameIDFormats',
|
2010-05-21 11:03:29 +02:00
|
|
|
samlNameIDFormatMapEmail => 'text:/samlNameIDFormatMapEmail',
|
|
|
|
|
samlNameIDFormatMapX509 => 'text:/samlNameIDFormatMapX509',
|
|
|
|
|
samlNameIDFormatMapWindows =>
|
|
|
|
|
'text:/samlNameIDFormatMapWindows',
|
|
|
|
|
samlNameIDFormatMapKerberos =>
|
|
|
|
|
'text:/samlNameIDFormatMapKerberos',
|
|
|
|
|
},
|
2010-05-31 12:37:43 +02:00
|
|
|
|
2010-09-02 11:09:10 +02:00
|
|
|
# AUTHN CONTEXT MAP
|
|
|
|
|
samlAuthnContextMap => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos)
|
|
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceAuthnContexts',
|
2010-09-02 11:09:10 +02:00
|
|
|
samlAuthnContextMapPassword =>
|
|
|
|
|
'int:/samlAuthnContextMapPassword',
|
|
|
|
|
samlAuthnContextMapPasswordProtectedTransport =>
|
|
|
|
|
'int:/samlAuthnContextMapPasswordProtectedTransport',
|
|
|
|
|
samlAuthnContextMapTLSClient =>
|
|
|
|
|
'int:/samlAuthnContextMapTLSClient',
|
|
|
|
|
samlAuthnContextMapKerberos =>
|
|
|
|
|
'int:/samlAuthnContextMapKerberos',
|
|
|
|
|
},
|
|
|
|
|
|
2010-05-31 12:37:43 +02:00
|
|
|
# ORGANIZATION
|
2010-03-01 21:32:28 +01:00
|
|
|
samlOrganization => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlOrganizationDisplayName
|
|
|
|
|
samlOrganizationName
|
|
|
|
|
samlOrganizationURL)
|
|
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceOrganization',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlOrganizationDisplayName =>
|
|
|
|
|
'text:/samlOrganizationDisplayName',
|
|
|
|
|
samlOrganizationURL => 'text:/samlOrganizationURL',
|
|
|
|
|
samlOrganizationName => 'text:/samlOrganizationName',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# SERVICE PROVIDER
|
|
|
|
|
'samlSPSSODescriptor' => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPSSODescriptorAuthnRequestsSigned
|
2010-05-31 12:37:43 +02:00
|
|
|
samlSPSSODescriptorWantAssertionsSigned
|
2010-03-01 21:32:28 +01:00
|
|
|
n:samlSPSSODescriptorSingleLogoutService
|
|
|
|
|
n:samlSPSSODescriptorAssertionConsumerService
|
2010-04-02 10:40:35 +02:00
|
|
|
n:samlSPSSODescriptorArtifactResolutionService
|
2010-05-31 12:37:43 +02:00
|
|
|
)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceSP',
|
2010-03-01 21:32:28 +01:00
|
|
|
|
|
|
|
|
samlSPSSODescriptorAuthnRequestsSigned =>
|
|
|
|
|
'bool:/samlSPSSODescriptorAuthnRequestsSigned',
|
2010-05-31 12:37:43 +02:00
|
|
|
samlSPSSODescriptorWantAssertionsSigned =>
|
|
|
|
|
'bool:/samlSPSSODescriptorWantAssertionsSigned',
|
2010-03-01 21:32:28 +01:00
|
|
|
|
|
|
|
|
samlSPSSODescriptorSingleLogoutService => {
|
2010-02-05 11:20:16 +01:00
|
|
|
_nodes => [
|
2010-05-28 12:35:24 +02:00
|
|
|
qw(samlSPSSODescriptorSingleLogoutServiceHTTPRedirect
|
|
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPPost
|
2010-03-01 21:32:28 +01:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceSOAP)
|
|
|
|
|
],
|
2010-05-28 12:35:24 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
|
|
|
|
'samlService:/samlSPSSODescriptorSingleLogoutServiceHTTPRedirect',
|
|
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPPost =>
|
|
|
|
|
'samlService:/samlSPSSODescriptorSingleLogoutServiceHTTPPost',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceSOAP =>
|
|
|
|
|
'samlService:/samlSPSSODescriptorSingleLogoutServiceSOAP',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
samlSPSSODescriptorAssertionConsumerService => {
|
2010-02-05 11:20:16 +01:00
|
|
|
_nodes => [
|
2010-03-01 21:32:28 +01:00
|
|
|
qw(samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact
|
2010-08-26 10:05:25 +02:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPPost)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
|
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlAssertion:/samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPPost =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlAssertion:/samlSPSSODescriptorAssertionConsumerServiceHTTPPost',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-09 21:49:23 +01:00
|
|
|
|
2010-04-02 10:40:35 +02:00
|
|
|
samlSPSSODescriptorArtifactResolutionService => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlSPSSODescriptorArtifactResolutionServiceArtifact)
|
|
|
|
|
],
|
|
|
|
|
samlSPSSODescriptorArtifactResolutionServiceArtifact =>
|
|
|
|
|
'samlAssertion:/samlSPSSODescriptorArtifactResolutionServiceArtifact',
|
|
|
|
|
},
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# IDENTITY PROVIDER
|
|
|
|
|
samlIDPSSODescriptor => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPSSODescriptorWantAuthnRequestsSigned
|
|
|
|
|
n:samlIDPSSODescriptorSingleSignOnService
|
|
|
|
|
n:samlIDPSSODescriptorSingleLogoutService
|
2010-05-31 12:37:43 +02:00
|
|
|
n:samlIDPSSODescriptorArtifactResolutionService)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceIDP',
|
2010-03-01 21:32:28 +01:00
|
|
|
|
|
|
|
|
samlIDPSSODescriptorWantAuthnRequestsSigned =>
|
|
|
|
|
'bool:/samlIDPSSODescriptorWantAuthnRequestsSigned',
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleSignOnService => {
|
2010-02-05 11:20:16 +01:00
|
|
|
_nodes => [
|
2010-05-28 12:35:24 +02:00
|
|
|
qw(samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect
|
|
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPPost
|
2010-07-01 11:48:50 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceSOAP)
|
|
|
|
|
],
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect',
|
|
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPPost =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPPost',
|
2010-07-01 11:48:50 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceSOAP =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlService:/samlIDPSSODescriptorSingleSignOnServiceSOAP',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleLogoutService => {
|
|
|
|
|
_nodes => [
|
2010-05-28 12:35:24 +02:00
|
|
|
qw(samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect
|
|
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPPost
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceSOAP)
|
|
|
|
|
],
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect',
|
|
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPPost =>
|
|
|
|
|
'samlService:/samlIDPSSODescriptorSingleLogoutServiceHTTPPost',
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceSOAP =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlService:/samlIDPSSODescriptorSingleLogoutServiceSOAP',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
samlIDPSSODescriptorArtifactResolutionService => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlIDPSSODescriptorArtifactResolutionServiceArtifact)
|
|
|
|
|
],
|
|
|
|
|
samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
|
2010-02-09 21:49:23 +01:00
|
|
|
'samlAssertion:/samlIDPSSODescriptorArtifactResolutionServiceArtifact',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2010-02-09 21:49:23 +01:00
|
|
|
|
2010-06-21 17:29:59 +02:00
|
|
|
},
|
2010-02-05 11:20:16 +01:00
|
|
|
|
2010-05-31 12:37:43 +02:00
|
|
|
# ATTRIBUTE AUTHORITY
|
|
|
|
|
samlAttributeAuthorityDescriptor => {
|
|
|
|
|
_nodes =>
|
|
|
|
|
[qw(n:samlAttributeAuthorityDescriptorAttributeService)],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceAA',
|
|
|
|
|
|
2010-05-31 12:37:43 +02:00
|
|
|
samlAttributeAuthorityDescriptorAttributeService => {
|
2010-03-01 21:32:28 +01:00
|
|
|
_nodes => [
|
2010-05-31 12:37:43 +02:00
|
|
|
qw(samlAttributeAuthorityDescriptorAttributeServiceSOAP)
|
2010-03-01 21:32:28 +01:00
|
|
|
],
|
2010-05-31 12:37:43 +02:00
|
|
|
samlAttributeAuthorityDescriptorAttributeServiceSOAP =>
|
|
|
|
|
'samlService:/samlAttributeAuthorityDescriptorAttributeServiceSOAP',
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
|
|
|
|
},
|
2010-05-31 12:37:43 +02:00
|
|
|
|
2010-07-05 16:35:06 +02:00
|
|
|
# ADVANCED SAML PARAMETERS
|
|
|
|
|
samlAdvanced => {
|
|
|
|
|
_nodes => [
|
2010-10-12 15:32:18 +02:00
|
|
|
qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions n:samlCommonDomainCookie)
|
2010-07-05 16:35:06 +02:00
|
|
|
],
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceAdvanced',
|
2010-07-05 16:35:06 +02:00
|
|
|
|
|
|
|
|
samlIdPResolveCookie => 'text:/samlIdPResolveCookie',
|
|
|
|
|
samlMetadataForceUTF8 => 'bool:/samlMetadataForceUTF8',
|
2010-08-16 13:01:39 +02:00
|
|
|
samlStorage => 'text:/samlStorage',
|
|
|
|
|
samlStorageOptions => {
|
2010-11-26 11:11:02 +01:00
|
|
|
_nodes =>
|
|
|
|
|
['hash:/samlStorageOptions:samlServiceAdvanced:btext'],
|
2010-12-08 11:42:53 +01:00
|
|
|
_js => 'hashRoot',
|
2010-11-26 11:11:02 +01:00
|
|
|
_help => 'samlServiceAdvanced',
|
2010-08-16 13:01:39 +02:00
|
|
|
},
|
2010-09-27 12:09:06 +02:00
|
|
|
samlCommonDomainCookie => {
|
|
|
|
|
_nodes => [
|
|
|
|
|
qw(samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter)
|
|
|
|
|
],
|
|
|
|
|
samlCommonDomainCookieActivation =>
|
|
|
|
|
'bool:/samlCommonDomainCookieActivation',
|
|
|
|
|
samlCommonDomainCookieDomain =>
|
|
|
|
|
'text:/samlCommonDomainCookieDomain',
|
|
|
|
|
samlCommonDomainCookieReader =>
|
|
|
|
|
'text:/samlCommonDomainCookieReader',
|
|
|
|
|
samlCommonDomainCookieWriter =>
|
|
|
|
|
'text:/samlCommonDomainCookieWriter',
|
|
|
|
|
},
|
2010-07-05 16:35:06 +02:00
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
2010-03-01 21:32:28 +01:00
|
|
|
},
|
2009-12-11 19:17:00 +01:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-17 20:20:17 +01:00
|
|
|
## @method protected hashref testStruct()
|
|
|
|
|
# Returns the tests to do with the datas uploaded.
|
|
|
|
|
# @return hashref
|
2009-12-11 19:17:00 +01:00
|
|
|
sub testStruct {
|
2012-02-27 22:27:52 +01:00
|
|
|
my $safe = Safe->new();
|
|
|
|
|
my $perlExpr = sub {
|
2009-12-11 19:17:00 +01:00
|
|
|
my $e = shift;
|
2010-01-11 17:04:36 +01:00
|
|
|
$safe->reval( $e, 1 );
|
|
|
|
|
return 1 unless ($@);
|
2010-03-18 22:46:38 +01:00
|
|
|
return 1
|
|
|
|
|
if ( $@ =~ /Global symbol "\$.*requires explicit package/ );
|
2010-01-11 17:04:36 +01:00
|
|
|
return ( 1,
|
|
|
|
|
"Function \"<b>$1</b>\" must be declared in customFunctions" )
|
|
|
|
|
if ( $@ =~ /Bareword "(.*?)" not allowed while "strict subs"/ );
|
2010-01-04 14:28:10 +01:00
|
|
|
return ( 0, $@ );
|
2009-12-11 19:17:00 +01:00
|
|
|
};
|
2012-01-12 18:30:06 +01:00
|
|
|
my $noAssign = sub {
|
2012-02-27 22:27:52 +01:00
|
|
|
my $e = shift;
|
2012-01-12 18:30:06 +01:00
|
|
|
my $assignTest = qr/(?<=[^=<!>\|\?])=(?![=~])/;
|
2012-02-27 22:27:52 +01:00
|
|
|
return $e =~ $assignTest ? ( 0, "contains an assignment" ) : 1;
|
2012-01-12 18:30:06 +01:00
|
|
|
};
|
2009-12-14 15:01:46 +01:00
|
|
|
my $boolean = { test => qr/^(?:0|1)?$/, msgFail => 'Value must be 0 or 1' };
|
2010-09-01 18:06:01 +02:00
|
|
|
my $integer =
|
|
|
|
|
{ test => qr/^(?:\d)+$/, msgFail => 'Value must be an integer' };
|
2009-12-19 09:57:59 +01:00
|
|
|
my $pcre = sub {
|
|
|
|
|
my $r = shift;
|
|
|
|
|
my $q;
|
|
|
|
|
eval { $q = qr/$r/ };
|
|
|
|
|
return ( $@ ? ( 0, $@ ) : 1 );
|
|
|
|
|
};
|
2012-01-11 12:42:42 +01:00
|
|
|
my $domainNameOrIp = sub {
|
|
|
|
|
my $n = shift;
|
2012-02-27 22:27:52 +01:00
|
|
|
return
|
|
|
|
|
$n =~ /^(\d{1,3}\.){3}\d{1,3}$/
|
|
|
|
|
|| $n =~ Lemonldap::NG::Common::Regexp::HOSTNAME()
|
|
|
|
|
|| ( 0, 'Bad server name or IP' );
|
2012-01-11 12:42:42 +01:00
|
|
|
};
|
2009-12-19 09:57:59 +01:00
|
|
|
my $testNotDefined = { test => sub { 1 }, msgFail => 'Ok' };
|
2010-10-07 07:57:21 +02:00
|
|
|
my $lmAttrOrMacro = {
|
2010-10-08 10:45:12 +02:00
|
|
|
test => qr/^\$?[a-zA-Z_]\w*$/,
|
2010-10-07 07:57:21 +02:00
|
|
|
msgFail => 'Value must be in the form $attr'
|
|
|
|
|
};
|
2009-12-11 19:17:00 +01:00
|
|
|
return {
|
2010-09-20 17:23:03 +02:00
|
|
|
applicationList => {
|
|
|
|
|
keyTest => qr/^(\d*)?\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad category ID',
|
|
|
|
|
},
|
2011-05-27 16:08:49 +02:00
|
|
|
mailCharset => $testNotDefined,
|
2009-12-19 09:57:59 +01:00
|
|
|
mailFrom => $testNotDefined,
|
2011-05-27 11:41:13 +02:00
|
|
|
mailReplyTo => $testNotDefined,
|
2009-12-19 09:57:59 +01:00
|
|
|
trustedDomains => $testNotDefined,
|
|
|
|
|
exportedAttr => $testNotDefined,
|
|
|
|
|
mailSubject => $testNotDefined,
|
|
|
|
|
randomPasswordRegexp => $testNotDefined,
|
|
|
|
|
passwordDB => $testNotDefined,
|
|
|
|
|
mailBody => $testNotDefined,
|
|
|
|
|
SMTPServer => $testNotDefined,
|
2011-04-15 11:44:15 +02:00
|
|
|
SMTPAuthUser => $testNotDefined,
|
|
|
|
|
SMTPAuthPass => $testNotDefined,
|
2009-12-19 09:57:59 +01:00
|
|
|
cookieExpiration => $testNotDefined,
|
|
|
|
|
notificationStorage => $testNotDefined,
|
2011-07-07 14:47:05 +02:00
|
|
|
notificationWildcard => $testNotDefined,
|
|
|
|
|
notificationXSLTfile => $testNotDefined,
|
2010-03-15 10:03:24 +01:00
|
|
|
mailUrl => $testNotDefined,
|
2011-06-01 14:50:10 +02:00
|
|
|
mailTimeout => $integer,
|
2011-06-22 18:27:27 +02:00
|
|
|
mailSessionKey => $testNotDefined,
|
2010-03-15 10:03:24 +01:00
|
|
|
mailConfirmSubject => $testNotDefined,
|
|
|
|
|
mailConfirmBody => $testNotDefined,
|
2009-12-19 09:57:59 +01:00
|
|
|
authentication => {
|
2011-05-16 11:44:05 +02:00
|
|
|
test => sub {
|
|
|
|
|
my $e = shift;
|
|
|
|
|
|
|
|
|
|
# Do not check syntax for Multi
|
|
|
|
|
return 1 if ( $e =~ /^multi/i );
|
|
|
|
|
|
|
|
|
|
# Else, check the authentication module is valid
|
|
|
|
|
return ( $e =~ qr/^[a-zA-Z]+$/ );
|
|
|
|
|
},
|
2009-12-11 19:17:00 +01:00
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
2009-12-19 09:57:59 +01:00
|
|
|
cda => $boolean,
|
2012-02-27 22:27:52 +01:00
|
|
|
checkXSS => $boolean,
|
2009-12-11 19:17:00 +01:00
|
|
|
cookieName => {
|
|
|
|
|
test => qr/^[a-zA-Z]\w*$/,
|
|
|
|
|
msgFail => 'Bad cookie name',
|
|
|
|
|
},
|
2010-03-17 09:23:20 +01:00
|
|
|
customFunctions => $testNotDefined,
|
2010-03-20 18:14:28 +01:00
|
|
|
domain => {
|
2010-05-26 17:17:51 +02:00
|
|
|
test => qr/^\.?[\w\-]+(?:\.[a-zA-Z][\w\-]*)*(?:\.[a-zA-Z]+)$/,
|
2009-12-11 19:17:00 +01:00
|
|
|
msgFail => 'Bad domain',
|
|
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
exportedHeaders => {
|
2010-10-30 21:25:38 +02:00
|
|
|
keyTest => Lemonldap::NG::Common::Regexp::HOSTNAME(),
|
2009-12-23 10:37:38 +01:00
|
|
|
keyMsgFail => 'Bad virtual host name',
|
|
|
|
|
'*' => {
|
|
|
|
|
keyTest => qr/^\w([\w\-]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad header name',
|
|
|
|
|
test => $perlExpr,
|
2012-01-12 18:30:06 +01:00
|
|
|
warnTest => $noAssign,
|
2009-12-23 10:37:38 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
exportedVars => {
|
2010-09-24 16:21:19 +02:00
|
|
|
keyTest => qr/^!?[a-zA-Z][\w-]*$/,
|
2009-12-23 10:37:38 +01:00
|
|
|
keyMsgFail => 'Bad variable name',
|
2010-09-13 17:19:30 +02:00
|
|
|
test => qr/^[a-zA-Z][\w-]*$/,
|
2009-12-23 10:37:38 +01:00
|
|
|
msgFail => 'Bad attribute name',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2012-01-10 20:54:30 +01:00
|
|
|
failedLoginNumber => $integer,
|
2012-02-27 22:27:52 +01:00
|
|
|
globalStorage => {
|
2009-12-11 19:17:00 +01:00
|
|
|
test => qr/^[\w:]+$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
globalStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
2012-01-12 18:30:06 +01:00
|
|
|
grantSessionRules => {
|
|
|
|
|
keyTest => $perlExpr,
|
|
|
|
|
warnKeyTest => $noAssign,
|
2010-01-22 17:04:15 +01:00
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
groups => {
|
|
|
|
|
keyTest => qr/^\w[\w-]*$/,
|
|
|
|
|
keyMsgFail => 'Bad group name',
|
|
|
|
|
test => $perlExpr,
|
2012-01-12 18:30:06 +01:00
|
|
|
warnTest => $noAssign,
|
2009-12-23 10:37:38 +01:00
|
|
|
},
|
2011-10-05 10:44:59 +02:00
|
|
|
httpOnly => $boolean,
|
2010-09-01 14:56:15 +02:00
|
|
|
https => $boolean,
|
2010-08-27 15:01:54 +02:00
|
|
|
issuerDBSAMLActivation => $boolean,
|
2010-09-01 14:56:15 +02:00
|
|
|
issuerDBSAMLPath => $testNotDefined,
|
|
|
|
|
issuerDBSAMLRule => {
|
2010-05-19 16:59:43 +02:00
|
|
|
test => $perlExpr,
|
2012-01-12 18:30:06 +01:00
|
|
|
warnTest => $noAssign,
|
2010-05-19 16:59:43 +02:00
|
|
|
},
|
2010-08-27 15:01:54 +02:00
|
|
|
issuerDBCASActivation => $boolean,
|
2010-09-01 14:56:15 +02:00
|
|
|
issuerDBCASPath => $testNotDefined,
|
|
|
|
|
issuerDBCASRule => {
|
2010-08-23 17:47:53 +02:00
|
|
|
test => $perlExpr,
|
2012-01-12 18:30:06 +01:00
|
|
|
warnTest => $noAssign,
|
2010-08-23 17:47:53 +02:00
|
|
|
},
|
2010-08-27 15:01:54 +02:00
|
|
|
issuerDBOpenIDActivation => $boolean,
|
|
|
|
|
issuerDBOpenIDPath => $testNotDefined,
|
|
|
|
|
issuerDBOpenIDRule => {
|
|
|
|
|
test => $perlExpr,
|
2012-01-12 18:30:06 +01:00
|
|
|
warnTest => $noAssign,
|
2010-08-27 15:01:54 +02:00
|
|
|
},
|
2012-02-01 11:20:50 +01:00
|
|
|
jsRedirect => { test => $perlExpr, },
|
2010-09-18 18:08:26 +02:00
|
|
|
key => $testNotDefined,
|
2010-09-01 18:06:01 +02:00
|
|
|
ldapAuthnLevel => $integer,
|
|
|
|
|
ldapBase => {
|
2009-12-11 19:17:00 +01:00
|
|
|
test => qr/^(?:\w+=.*|)$/,
|
|
|
|
|
msgFail => 'Bad LDAP base',
|
|
|
|
|
},
|
|
|
|
|
ldapPort => {
|
|
|
|
|
test => qr/^\d*$/,
|
|
|
|
|
msgFail => 'Bad port number'
|
|
|
|
|
},
|
|
|
|
|
ldapServer => {
|
|
|
|
|
test => sub {
|
|
|
|
|
my $l = shift;
|
|
|
|
|
my @s = split( /[\s,]+/, $l );
|
|
|
|
|
foreach my $s (@s) {
|
|
|
|
|
$s =~
|
2012-08-20 10:14:48 +02:00
|
|
|
m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$}o
|
2009-12-11 19:17:00 +01:00
|
|
|
or return ( 0, "Bad ldap uri \"$s\"" );
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-06-21 16:47:27 +02:00
|
|
|
ldapPwdEnc => {
|
|
|
|
|
test => qr/^\w[\w\-]*\w$/,
|
|
|
|
|
msgFail => 'Bad encoding',
|
|
|
|
|
},
|
2011-06-23 15:03:06 +02:00
|
|
|
ldapUsePasswordResetAttribute => $boolean,
|
|
|
|
|
ldapPasswordResetAttribute => $testNotDefined,
|
|
|
|
|
ldapPasswordResetAttributeValue => $testNotDefined,
|
|
|
|
|
ldapPpolicyControl => $boolean,
|
|
|
|
|
ldapSetPassword => $boolean,
|
|
|
|
|
ldapChangePasswordAsUser => $boolean,
|
|
|
|
|
mailLDAPFilter => $testNotDefined,
|
|
|
|
|
LDAPFilter => $testNotDefined,
|
|
|
|
|
AuthLDAPFilter => $testNotDefined,
|
|
|
|
|
ldapGroupRecursive => $boolean,
|
|
|
|
|
ldapGroupObjectClass => $testNotDefined,
|
|
|
|
|
ldapGroupBase => $testNotDefined,
|
|
|
|
|
ldapGroupAttributeName => $testNotDefined,
|
|
|
|
|
ldapGroupAttributeNameUser => $testNotDefined,
|
|
|
|
|
ldapGroupAttributeNameSearch => $testNotDefined,
|
|
|
|
|
ldapGroupAttributeNameGroup => $testNotDefined,
|
|
|
|
|
ldapTimeout => $testNotDefined,
|
|
|
|
|
ldapVersion => $testNotDefined,
|
|
|
|
|
ldapRaw => $testNotDefined,
|
|
|
|
|
locationRules => {
|
2010-10-30 21:25:38 +02:00
|
|
|
keyTest => Lemonldap::NG::Common::Regexp::HOSTNAME(),
|
2009-12-11 19:17:00 +01:00
|
|
|
msgFail => 'Bad virtual host name',
|
|
|
|
|
'*' => {
|
2009-12-19 09:57:59 +01:00
|
|
|
keyTest => $pcre,
|
|
|
|
|
test => sub {
|
2009-12-11 19:17:00 +01:00
|
|
|
my $e = shift;
|
2012-02-02 13:00:30 +01:00
|
|
|
return 1 if ( $e =~ /^(?:accept|deny|unprotect|skip)$/i );
|
2010-05-03 10:59:22 +02:00
|
|
|
if ( $e =~ s/^logout(?:_(?:app_sso|app|sso))?\s*// ) {
|
2009-12-11 19:17:00 +01:00
|
|
|
return (
|
2010-09-23 09:17:24 +02:00
|
|
|
$e eq ''
|
2010-10-30 21:25:38 +02:00
|
|
|
or $e =~ Lemonldap::NG::Common::Regexp::HTTP_URI()
|
2009-12-11 19:17:00 +01:00
|
|
|
? 1
|
|
|
|
|
: ( 0, "bad url \"$e\"" )
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
return &$perlExpr($e);
|
|
|
|
|
},
|
2012-01-12 18:30:06 +01:00
|
|
|
warnTest => $noAssign,
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
|
|
|
|
},
|
2012-02-09 16:00:35 +01:00
|
|
|
loginHistoryEnabled => $boolean,
|
2012-02-27 22:27:52 +01:00
|
|
|
logoutServices => {
|
2010-08-30 17:46:26 +02:00
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad name',
|
|
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
macros => {
|
2010-08-16 13:01:39 +02:00
|
|
|
keyTest => qr/^[_a-zA-Z]\w*$/,
|
2009-12-23 10:37:38 +01:00
|
|
|
keyMsgFail => 'Bad macro name',
|
2010-01-11 17:04:36 +01:00
|
|
|
test => $perlExpr,
|
2012-01-12 18:30:06 +01:00
|
|
|
warnTest => $noAssign,
|
2010-01-11 17:04:36 +01:00
|
|
|
},
|
2011-11-09 12:02:53 +01:00
|
|
|
mailOnPasswordChange => $boolean,
|
2012-02-29 18:19:11 +01:00
|
|
|
maintenance => $boolean,
|
2011-11-09 12:02:53 +01:00
|
|
|
managerDn => {
|
2011-06-21 12:04:29 +02:00
|
|
|
test => qr/^(?:\w+=.*)?$/,
|
2009-12-23 10:37:38 +01:00
|
|
|
msgFail => 'Bad LDAP dn',
|
|
|
|
|
},
|
|
|
|
|
managerPassword => {
|
2009-12-23 13:55:23 +01:00
|
|
|
test => qr/^\S*$/,
|
2009-12-23 10:37:38 +01:00
|
|
|
msgFail => 'Bad LDAP password',
|
2009-12-11 19:17:00 +01:00
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
notification => $boolean,
|
2009-12-23 10:37:38 +01:00
|
|
|
notificationStorage => {
|
|
|
|
|
test => qr/^[\w:]+$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
notificationStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
2011-06-21 12:04:29 +02:00
|
|
|
notifyDeleted => $boolean,
|
|
|
|
|
notifyOther => $boolean,
|
2011-06-10 14:23:15 +02:00
|
|
|
persistentStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
2011-06-21 12:04:29 +02:00
|
|
|
port => {
|
2010-03-17 09:23:20 +01:00
|
|
|
test => qr/^\d*$/,
|
|
|
|
|
msgFail => 'Bad port number'
|
|
|
|
|
},
|
2010-03-20 18:14:28 +01:00
|
|
|
portal => {
|
2009-12-23 10:37:38 +01:00
|
|
|
test => qr/^https?:\/\/\S+$/,
|
|
|
|
|
msgFail => 'Bad portal value',
|
|
|
|
|
},
|
2010-01-27 15:06:02 +01:00
|
|
|
portalAutocomplete => $boolean,
|
2012-02-27 21:16:09 +01:00
|
|
|
portalCheckLogins => $boolean,
|
2012-01-10 20:54:30 +01:00
|
|
|
portalDisplayLoginHistory => { test => $perlExpr, },
|
2010-01-22 17:04:15 +01:00
|
|
|
portalDisplayAppslist => { test => $perlExpr, },
|
|
|
|
|
portalDisplayChangePassword => { test => $perlExpr, },
|
|
|
|
|
portalDisplayLogout => { test => $perlExpr, },
|
|
|
|
|
portalDisplayResetPassword => $boolean,
|
2010-01-27 15:06:02 +01:00
|
|
|
portalForceAuthn => $boolean,
|
2010-01-22 17:04:15 +01:00
|
|
|
portalOpenLinkInNewWindow => $boolean,
|
2010-10-22 12:03:42 +02:00
|
|
|
portalAntiFrame => $boolean,
|
2010-01-22 17:04:15 +01:00
|
|
|
portalParams => $testNotDefined,
|
|
|
|
|
portalRequireOldPassword => $boolean,
|
2011-05-20 12:05:56 +02:00
|
|
|
hideOldPassword => $boolean,
|
2010-01-22 17:04:15 +01:00
|
|
|
portalSkin => {
|
|
|
|
|
test => qr/\w+$/,
|
|
|
|
|
msgFail => 'Bad skin name',
|
|
|
|
|
},
|
|
|
|
|
portalUserAttr => {
|
|
|
|
|
test => qr/\w+$/,
|
2010-01-27 15:06:02 +01:00
|
|
|
msgFail => 'Unvalid session field',
|
2010-01-22 17:04:15 +01:00
|
|
|
},
|
2010-09-30 14:22:18 +02:00
|
|
|
post => {
|
2010-10-30 21:25:38 +02:00
|
|
|
keyTest => Lemonldap::NG::Common::Regexp::HOSTNAME(),
|
2010-09-30 14:22:18 +02:00
|
|
|
keyMsgFail => 'Bad virtual host name',
|
|
|
|
|
'*' => { keyTest => $pcre, },
|
|
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
protection => {
|
2009-12-14 15:01:46 +01:00
|
|
|
keyTest => qr/^(?:none|authentificate|manager|)$/,
|
|
|
|
|
msgFail => 'must be one of none authentificate manager',
|
|
|
|
|
},
|
2012-01-11 12:42:42 +01:00
|
|
|
reloadUrls => {
|
2012-02-27 22:27:52 +01:00
|
|
|
keyTest => $domainNameOrIp,
|
|
|
|
|
test => Lemonldap::NG::Common::Regexp::HTTP_URI(),
|
|
|
|
|
msgFail => 'Bad url'
|
2012-01-11 12:42:42 +01:00
|
|
|
},
|
2010-06-21 17:29:59 +02:00
|
|
|
securedCookie => {
|
2012-01-26 16:12:09 +01:00
|
|
|
test => qr/^(?:0|1|2|3)$/,
|
|
|
|
|
msgFail => 'securedCookie must be 0, 1, 2 or 3',
|
2009-12-23 10:37:38 +01:00
|
|
|
},
|
2012-02-09 16:00:35 +01:00
|
|
|
sessionDataToRemember => {
|
2012-02-27 22:27:52 +01:00
|
|
|
keyTest => qr/^[\w-]+$/,
|
|
|
|
|
keyMsgFail => 'Invalid session data',
|
2012-01-10 20:54:30 +01:00
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
singleSession => $boolean,
|
|
|
|
|
singleIP => $boolean,
|
|
|
|
|
singleUserByIP => $boolean,
|
2012-02-13 18:35:44 +01:00
|
|
|
slaveMasterIP => {
|
2012-02-27 22:27:52 +01:00
|
|
|
test =>
|
|
|
|
|
qr/^(\s*((\d{1,3}\.){3}\d{1,3}\s+)*(\d{1,3}\.){3}\d{1,3})?\s*$/,
|
2012-02-13 18:35:44 +01:00
|
|
|
msgFail => 'Bad parameter "master\'s IP" in Slave',
|
|
|
|
|
},
|
2012-02-27 22:27:52 +01:00
|
|
|
Soap => $boolean,
|
|
|
|
|
storePassword => $boolean,
|
2012-01-10 20:54:30 +01:00
|
|
|
successLoginNumber => $integer,
|
2012-02-27 22:27:52 +01:00
|
|
|
syslog => {
|
2009-12-23 10:37:38 +01:00
|
|
|
test => qw/^(?:auth|authpriv|daemon|local\d|user)?$/,
|
|
|
|
|
msgFail =>
|
|
|
|
|
'Only auth|authpriv|daemon|local0-7|user is allowed here',
|
|
|
|
|
},
|
|
|
|
|
timeout => {
|
|
|
|
|
test => qr/^\d*$/,
|
|
|
|
|
msgFail => 'Bad number'
|
|
|
|
|
},
|
2010-05-07 12:00:55 +02:00
|
|
|
timeoutActivity => {
|
|
|
|
|
test => qr/^\d*$/,
|
|
|
|
|
msgFail => 'Bad number',
|
|
|
|
|
},
|
2010-01-11 17:04:36 +01:00
|
|
|
userControl => {
|
2009-12-19 09:57:59 +01:00
|
|
|
test => $pcre,
|
|
|
|
|
msgFail => 'Bad regular expression',
|
|
|
|
|
},
|
2009-12-23 10:37:38 +01:00
|
|
|
userDB => {
|
|
|
|
|
test => qr/^[a-zA-Z][\w\:]*$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
2010-10-20 22:05:32 +02:00
|
|
|
useRedirectOnError => $boolean,
|
2010-09-28 16:40:50 +02:00
|
|
|
useRedirectOnForbidden => $boolean,
|
2011-02-07 18:19:36 +01:00
|
|
|
useSafeJail => $boolean,
|
2010-09-29 08:28:15 +02:00
|
|
|
useXForwardedForIP => $boolean,
|
|
|
|
|
variables => $testNotDefined,
|
2010-10-11 18:12:04 +02:00
|
|
|
vhostOptions => {
|
2010-10-30 21:25:38 +02:00
|
|
|
keyTest => Lemonldap::NG::Common::Regexp::HOSTNAME(),
|
2010-10-11 18:12:04 +02:00
|
|
|
keyMsgFail => 'Bad virtual host name',
|
|
|
|
|
'*' => {
|
2012-02-29 18:19:11 +01:00
|
|
|
keyTest => qr/^vhost(Port|Https|Maintenance)$/,
|
2010-10-11 18:12:04 +02:00
|
|
|
keyMsgFail => 'Bad option name',
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-10-14 11:50:23 +02:00
|
|
|
whatToTrace => $lmAttrOrMacro,
|
2010-10-07 07:57:21 +02:00
|
|
|
|
2010-02-04 11:08:27 +01:00
|
|
|
########
|
|
|
|
|
# SAML #
|
|
|
|
|
########
|
2010-06-21 17:29:59 +02:00
|
|
|
saml => $testNotDefined,
|
|
|
|
|
samlServiceMetaData => $testNotDefined,
|
2010-02-24 17:24:17 +01:00
|
|
|
samlIDPMetaDataExportedAttributes => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
keyTest => qr/^\w([\w\-]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad attribute name',
|
2010-03-13 17:21:55 +01:00
|
|
|
test => sub { return 1; },
|
2010-02-24 17:24:17 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
samlIDPMetaDataXML => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
2010-03-01 21:32:28 +01:00
|
|
|
test => sub { return 1; },
|
|
|
|
|
keyTest => sub { return 1; },
|
2010-02-24 17:24:17 +01:00
|
|
|
},
|
|
|
|
|
},
|
2010-03-04 16:44:03 +01:00
|
|
|
samlIDPMetaDataOptions => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
test => sub { return 1; },
|
|
|
|
|
keyTest => sub { return 1; },
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataExportedAttributes => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
keyTest => qr/^\w([\w\-]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad attribute name',
|
|
|
|
|
test => sub { return 1; },
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
samlSPMetaDataXML => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
test => sub { return 1; },
|
|
|
|
|
keyTest => sub { return 1; },
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
samlSPMetaDataOptions => {
|
|
|
|
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
|
|
|
|
keyMsgFail => 'Bad metadata name',
|
|
|
|
|
'*' => {
|
|
|
|
|
test => sub { return 1; },
|
|
|
|
|
keyTest => sub { return 1; },
|
|
|
|
|
},
|
|
|
|
|
},
|
2010-06-21 17:29:59 +02:00
|
|
|
samlEntityID => $testNotDefined,
|
|
|
|
|
samlOrganizationDisplayName => $testNotDefined,
|
|
|
|
|
samlOrganizationName => $testNotDefined,
|
|
|
|
|
samlOrganizationURL => $testNotDefined,
|
|
|
|
|
samlSPSSODescriptorAuthnRequestsSigned => $boolean,
|
2010-05-31 12:37:43 +02:00
|
|
|
samlSPSSODescriptorWantAssertionsSigned => $boolean,
|
2010-05-28 12:35:24 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect => $testNotDefined,
|
|
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPPost => $testNotDefined,
|
2010-06-21 17:29:59 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceSOAP => $testNotDefined,
|
2010-02-09 21:49:23 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
|
|
|
|
|
$testNotDefined,
|
2010-09-01 14:56:15 +02:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPPost => $testNotDefined,
|
2010-04-02 10:40:35 +02:00
|
|
|
samlSPSSODescriptorArtifactResolutionServiceArtifact => $testNotDefined,
|
2010-04-14 17:37:57 +02:00
|
|
|
samlIDPSSODescriptorWantAuthnRequestsSigned => $boolean,
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect => $testNotDefined,
|
|
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPPost => $testNotDefined,
|
2010-07-01 11:48:50 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact => $testNotDefined,
|
2010-04-14 17:37:57 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceSOAP => $testNotDefined,
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect => $testNotDefined,
|
|
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPPost => $testNotDefined,
|
2010-04-14 17:37:57 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceSOAP => $testNotDefined,
|
2010-02-09 21:49:23 +01:00
|
|
|
samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
|
|
|
|
|
$testNotDefined,
|
2010-06-21 17:29:59 +02:00
|
|
|
samlNameIDFormatMapEmail => $testNotDefined,
|
|
|
|
|
samlNameIDFormatMapX509 => $testNotDefined,
|
|
|
|
|
samlNameIDFormatMapWindows => $testNotDefined,
|
|
|
|
|
samlNameIDFormatMapKerberos => $testNotDefined,
|
2010-05-31 12:37:43 +02:00
|
|
|
samlAttributeAuthorityDescriptorAttributeServiceSOAP => $testNotDefined,
|
2010-06-21 17:29:59 +02:00
|
|
|
samlServicePrivateKeySig => $testNotDefined,
|
|
|
|
|
samlServicePrivateKeySigPwd => $testNotDefined,
|
|
|
|
|
samlServicePublicKeySig => $testNotDefined,
|
|
|
|
|
samlServicePrivateKeyEnc => $testNotDefined,
|
|
|
|
|
samlServicePrivateKeyEncPwd => $testNotDefined,
|
|
|
|
|
samlServicePublicKeyEnc => $testNotDefined,
|
2010-07-05 16:35:06 +02:00
|
|
|
samlIdPResolveCookie => $testNotDefined,
|
|
|
|
|
samlMetadataForceUTF8 => $boolean,
|
|
|
|
|
samlStorage => {
|
|
|
|
|
test => qr/^[\w:]*$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
samlStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
2010-09-02 11:09:10 +02:00
|
|
|
samlAuthnContextMapPassword => $integer,
|
|
|
|
|
samlAuthnContextMapPasswordProtectedTransport => $integer,
|
|
|
|
|
samlAuthnContextMapTLSClient => $integer,
|
|
|
|
|
samlAuthnContextMapKerberos => $integer,
|
2010-09-27 12:09:06 +02:00
|
|
|
samlCommonDomainCookieActivation => $boolean,
|
|
|
|
|
samlCommonDomainCookieDomain => {
|
2010-10-30 21:25:38 +02:00
|
|
|
test => Lemonldap::NG::Common::Regexp::HOSTNAME(),
|
2010-09-27 12:09:06 +02:00
|
|
|
msgFail => 'Bad domain',
|
|
|
|
|
},
|
|
|
|
|
samlCommonDomainCookieReader => {
|
2010-10-30 21:25:38 +02:00
|
|
|
test => Lemonldap::NG::Common::Regexp::HTTP_URI(),
|
2010-09-27 12:09:06 +02:00
|
|
|
msgFail => 'Bad URI',
|
|
|
|
|
},
|
|
|
|
|
samlCommonDomainCookieWriter => {
|
2010-10-30 21:25:38 +02:00
|
|
|
test => Lemonldap::NG::Common::Regexp::HTTP_URI(),
|
2010-09-27 12:09:06 +02:00
|
|
|
msgFail => 'Bad URI',
|
|
|
|
|
},
|
2010-03-15 11:44:44 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
# SSL
|
2010-09-01 18:06:01 +02:00
|
|
|
SSLAuthnLevel => $integer,
|
|
|
|
|
SSLVar => $testNotDefined,
|
2010-03-15 21:24:02 +01:00
|
|
|
|
|
|
|
|
# CAS
|
2010-09-23 18:41:39 +02:00
|
|
|
CAS_authnLevel => $integer,
|
2010-09-23 09:17:24 +02:00
|
|
|
CAS_url => {
|
2010-10-30 21:25:38 +02:00
|
|
|
test => Lemonldap::NG::Common::Regexp::HTTP_URI(),
|
2010-09-23 09:17:24 +02:00
|
|
|
msgFail => 'Bad CAS url',
|
|
|
|
|
},
|
2010-09-01 14:56:15 +02:00
|
|
|
CAS_CAFile => $testNotDefined,
|
2010-08-30 15:41:45 +02:00
|
|
|
CAS_renew => $boolean,
|
|
|
|
|
CAS_gateway => $boolean,
|
2010-08-27 14:39:27 +02:00
|
|
|
CAS_pgtFile => $testNotDefined,
|
|
|
|
|
CAS_proxiedServices => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad CAS proxied service identifier',
|
|
|
|
|
},
|
2011-09-15 12:07:05 +02:00
|
|
|
casAttr => $testNotDefined,
|
|
|
|
|
casAccessControlPolicy => $testNotDefined,
|
|
|
|
|
casStorage => {
|
2010-10-07 16:30:58 +02:00
|
|
|
test => qr/^[\w:]*$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
casStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
2010-03-15 21:24:02 +01:00
|
|
|
|
2011-11-17 16:38:01 +01:00
|
|
|
# Radius
|
2011-12-05 15:53:13 +01:00
|
|
|
radiusAuthnLevel => $integer,
|
|
|
|
|
radiusSecret => $testNotDefined,
|
|
|
|
|
radiusServer => $testNotDefined,
|
2011-11-17 16:38:01 +01:00
|
|
|
|
2010-03-15 21:24:02 +01:00
|
|
|
# Remote
|
|
|
|
|
remotePortal => $testNotDefined,
|
|
|
|
|
remoteGlobalStorage => {
|
|
|
|
|
test => qr/^[\w:]+$/,
|
|
|
|
|
msgFail => 'Bad module name',
|
|
|
|
|
},
|
|
|
|
|
remoteGlobalStorageOptions => {
|
|
|
|
|
keyTest => qr/^\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad parameter',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Proxy
|
|
|
|
|
soapAuthService => $testNotDefined,
|
|
|
|
|
remoteCookieName => $testNotDefined,
|
|
|
|
|
soapSessionService => $testNotDefined,
|
|
|
|
|
|
2010-03-15 11:44:44 +01:00
|
|
|
# OpenID
|
2010-09-01 18:06:01 +02:00
|
|
|
openIdAuthnLevel => $integer,
|
|
|
|
|
openIdSecret => $testNotDefined,
|
2010-03-15 14:47:36 +01:00
|
|
|
|
|
|
|
|
# Twitter
|
2010-09-01 18:06:01 +02:00
|
|
|
twitterAuthnLevel => $integer,
|
|
|
|
|
twitterKey => $testNotDefined,
|
|
|
|
|
twitterSecret => $testNotDefined,
|
|
|
|
|
twitterAppName => $testNotDefined,
|
2010-03-18 22:46:38 +01:00
|
|
|
|
|
|
|
|
# DBI
|
2010-09-01 18:06:01 +02:00
|
|
|
dbiAuthnLevel => $integer,
|
2010-03-18 22:46:38 +01:00
|
|
|
dbiAuthChain => $testNotDefined,
|
|
|
|
|
dbiAuthUser => $testNotDefined,
|
|
|
|
|
dbiAuthPassword => $testNotDefined,
|
|
|
|
|
dbiUserChain => $testNotDefined,
|
|
|
|
|
dbiUserUser => $testNotDefined,
|
|
|
|
|
dbiUserPassword => $testNotDefined,
|
|
|
|
|
dbiAuthTable => $testNotDefined,
|
|
|
|
|
dbiUserTable => $testNotDefined,
|
|
|
|
|
dbiAuthLoginCol => $testNotDefined,
|
|
|
|
|
dbiAuthPasswordCol => $testNotDefined,
|
2010-10-25 14:54:30 +02:00
|
|
|
dbiPasswordMailCol => $testNotDefined,
|
2010-03-18 22:46:38 +01:00
|
|
|
userPivot => $testNotDefined,
|
|
|
|
|
dbiAuthPasswordHash => $testNotDefined,
|
|
|
|
|
|
2010-09-01 18:06:01 +02:00
|
|
|
# Apache
|
|
|
|
|
apacheAuthnLevel => $integer,
|
|
|
|
|
|
|
|
|
|
# Null
|
|
|
|
|
nullAuthnLevel => $integer,
|
|
|
|
|
|
2010-12-08 07:04:57 +01:00
|
|
|
# Slave
|
|
|
|
|
slaveAuthnLevel => $integer,
|
2011-07-01 18:16:11 +02:00
|
|
|
slaveUserHeader => $testNotDefined,
|
2010-12-08 07:04:57 +01:00
|
|
|
|
2010-09-06 17:05:54 +02:00
|
|
|
# Choice
|
|
|
|
|
authChoiceParams => $testNotDefined,
|
|
|
|
|
authChoiceModules => {
|
|
|
|
|
keyTest => qr/^(\d*)?\w+$/,
|
|
|
|
|
keyMsgFail => 'Bad choice key',
|
|
|
|
|
},
|
|
|
|
|
|
2010-05-07 12:42:38 +02:00
|
|
|
# Zimbra
|
|
|
|
|
zimbraPreAuthKey => $testNotDefined,
|
|
|
|
|
zimbraAccountKey => $testNotDefined,
|
|
|
|
|
zimbraBy => $testNotDefined,
|
|
|
|
|
zimbraUrl => $testNotDefined,
|
|
|
|
|
zimbraSsoUrl => $testNotDefined,
|
|
|
|
|
|
2010-05-21 17:53:54 +02:00
|
|
|
# Sympa
|
2010-06-21 17:29:59 +02:00
|
|
|
sympaSecret => $testNotDefined,
|
2010-05-21 17:53:54 +02:00
|
|
|
sympaMailKey => $testNotDefined,
|
|
|
|
|
|
2010-10-04 11:55:50 +02:00
|
|
|
# OpenID Issuer
|
|
|
|
|
openIdIssuerSecret => $testNotDefined,
|
|
|
|
|
openIdAttr => $testNotDefined,
|
2010-10-07 07:57:21 +02:00
|
|
|
openIdSreg_fullname => $lmAttrOrMacro,
|
|
|
|
|
openIdSreg_nickname => $lmAttrOrMacro,
|
|
|
|
|
openIdSreg_language => $lmAttrOrMacro,
|
|
|
|
|
openIdSreg_postcode => $lmAttrOrMacro,
|
|
|
|
|
openIdSreg_timezone => $lmAttrOrMacro,
|
|
|
|
|
openIdSreg_country => $lmAttrOrMacro,
|
|
|
|
|
openIdSreg_gender => $lmAttrOrMacro,
|
|
|
|
|
openIdSreg_email => $lmAttrOrMacro,
|
|
|
|
|
openIdSreg_dob => $lmAttrOrMacro,
|
2010-10-04 11:55:50 +02:00
|
|
|
|
2011-04-21 12:28:18 +02:00
|
|
|
# Yubikey
|
|
|
|
|
yubikeyAuthnLevel => $integer,
|
|
|
|
|
yubikeyClientID => $testNotDefined,
|
|
|
|
|
yubikeySecretKey => $testNotDefined,
|
|
|
|
|
yubikeyPublicIDSize => $integer,
|
2011-07-06 11:36:15 +02:00
|
|
|
|
|
|
|
|
# Secure Token
|
|
|
|
|
secureTokenMemcachedServers => $testNotDefined,
|
|
|
|
|
secureTokenExpiration => $integer,
|
|
|
|
|
secureTokenAttribute => $testNotDefined,
|
|
|
|
|
secureTokenUrls => $testNotDefined,
|
|
|
|
|
secureTokenHeader => $testNotDefined,
|
2011-09-27 14:04:15 +02:00
|
|
|
secureTokenAllowOnError => $boolean,
|
2009-12-11 19:17:00 +01:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-17 20:20:17 +01:00
|
|
|
## @method protected hashref defaultConf()
|
|
|
|
|
#@return Hashref of default values
|
2009-12-11 19:17:00 +01:00
|
|
|
sub defaultConf {
|
2010-03-17 16:45:53 +01:00
|
|
|
my $self = shift;
|
2009-12-11 19:17:00 +01:00
|
|
|
return {
|
2010-09-21 17:38:13 +02:00
|
|
|
applicationList => {
|
|
|
|
|
'default' => { catname => 'Default category', type => "category" }
|
|
|
|
|
},
|
2010-09-01 14:56:15 +02:00
|
|
|
authentication => 'LDAP',
|
2010-09-06 17:05:54 +02:00
|
|
|
authChoiceParam => 'lmAuth',
|
2010-09-01 14:56:15 +02:00
|
|
|
CAS_pgtFile => '/tmp/pgt.txt',
|
2011-09-15 12:07:05 +02:00
|
|
|
casAccessControlPolicy => 'none',
|
2010-09-01 14:56:15 +02:00
|
|
|
cda => '0',
|
2012-02-27 22:27:52 +01:00
|
|
|
checkXSS => '1',
|
2010-09-01 14:56:15 +02:00
|
|
|
cookieName => 'lemonldap',
|
|
|
|
|
domain => 'example.com',
|
2012-01-10 20:54:30 +01:00
|
|
|
failedLoginNumber => '5',
|
2010-09-01 14:56:15 +02:00
|
|
|
globalStorage => 'Apache::Session::File',
|
2011-05-20 12:05:56 +02:00
|
|
|
hideOldPassword => '0',
|
2011-10-05 10:44:59 +02:00
|
|
|
httpOnly => '1',
|
2010-09-01 14:56:15 +02:00
|
|
|
https => '0',
|
2010-08-27 15:01:54 +02:00
|
|
|
issuerDBSAMLActivation => '0',
|
2010-09-01 14:56:15 +02:00
|
|
|
issuerDBSAMLPath => '^/saml/',
|
2010-08-27 15:01:54 +02:00
|
|
|
issuerDBSAMLRule => '1',
|
|
|
|
|
issuerDBCASActivation => '0',
|
2010-09-01 14:56:15 +02:00
|
|
|
issuerDBCASPath => '^/cas/',
|
2010-08-27 15:01:54 +02:00
|
|
|
issuerDBCASRule => '1',
|
|
|
|
|
issuerDBOpenIDActivation => '0',
|
2010-09-01 14:56:15 +02:00
|
|
|
issuerDBOpenIDPath => '^/openidserver/',
|
|
|
|
|
issuerDBOpenIDRule => '1',
|
2012-02-01 11:20:50 +01:00
|
|
|
jsRedirect => '0',
|
2010-09-18 18:08:26 +02:00
|
|
|
key => join( '', map { chr( int( rand(94) ) + 33 ) } ( 1 .. 16 ) ),
|
2010-09-23 18:41:39 +02:00
|
|
|
ldapBase => 'dc=example,dc=com',
|
|
|
|
|
ldapPort => '389',
|
2011-06-23 15:03:06 +02:00
|
|
|
ldapPwdEnc => 'utf-8',
|
|
|
|
|
ldapUsePasswordResetAttribute => '1',
|
|
|
|
|
ldapPasswordResetAttribute => 'pwdReset',
|
|
|
|
|
ldapPasswordResetAttributeValue => 'TRUE',
|
|
|
|
|
ldapServer => 'localhost',
|
|
|
|
|
ldapTimeout => '120',
|
|
|
|
|
ldapVersion => '3',
|
|
|
|
|
mailCharset => 'utf-8',
|
2011-11-09 12:02:53 +01:00
|
|
|
mailOnPasswordChange => '0',
|
2012-02-29 18:19:11 +01:00
|
|
|
maintenance => '0',
|
2011-06-23 15:03:06 +02:00
|
|
|
mailTimeout => '0',
|
|
|
|
|
mailSessionKey => 'mail',
|
|
|
|
|
managerDn => '',
|
|
|
|
|
managerPassword => '',
|
|
|
|
|
notification => '0',
|
|
|
|
|
notificationStorage => 'File',
|
2011-07-07 14:47:05 +02:00
|
|
|
notificationWildcard => 'allusers',
|
2011-06-23 15:03:06 +02:00
|
|
|
notifyDeleted => '1',
|
|
|
|
|
notifyOther => '0',
|
|
|
|
|
openIdSreg_fullname => 'cn',
|
|
|
|
|
openIdSreg_nickname => 'uid',
|
|
|
|
|
openIdSreg_timezone => '_timezone',
|
|
|
|
|
openIdSreg_email => 'mail',
|
|
|
|
|
portal => 'http://auth.example.com',
|
|
|
|
|
portalSkin => 'pastel',
|
|
|
|
|
portalUserAttr => '_user',
|
2012-02-27 21:16:09 +01:00
|
|
|
portalCheckLogins => '1',
|
2012-01-10 20:54:30 +01:00
|
|
|
portalDisplayLoginHistory => '1',
|
2011-06-23 15:03:06 +02:00
|
|
|
portalDisplayAppslist => '1',
|
2011-03-23 14:51:55 +01:00
|
|
|
portalDisplayChangePassword => '$_auth eq "LDAP" or $_auth eq "DBI"',
|
2010-09-15 10:29:34 +02:00
|
|
|
portalDisplayLogout => '1',
|
|
|
|
|
portalDisplayResetPassword => '1',
|
2010-10-22 12:03:42 +02:00
|
|
|
portalAntiFrame => '1',
|
2010-09-23 18:41:39 +02:00
|
|
|
protection => 'none',
|
2011-12-05 15:53:13 +01:00
|
|
|
radiusAuthnLevel => '3',
|
2010-03-15 21:24:02 +01:00
|
|
|
remoteGlobalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP',
|
|
|
|
|
securedCookie => '0',
|
2011-07-06 11:36:15 +02:00
|
|
|
secureTokenMemcachedServers => '127.0.0.1:11211',
|
|
|
|
|
secureTokenExpiration => '60',
|
|
|
|
|
secureTokenAttribute => 'uid',
|
|
|
|
|
secureTokenUrls => '.*',
|
|
|
|
|
secureTokenHeader => 'Auth-Token',
|
2011-09-27 14:04:15 +02:00
|
|
|
secureTokenAllowOnError => '1',
|
2011-07-06 11:36:15 +02:00
|
|
|
singleSession => '0',
|
|
|
|
|
singleIP => '0',
|
|
|
|
|
singleUserByIP => '0',
|
|
|
|
|
Soap => '1',
|
|
|
|
|
storePassword => '0',
|
2012-01-10 20:54:30 +01:00
|
|
|
successLoginNumber => '5',
|
2011-07-06 11:36:15 +02:00
|
|
|
syslog => '',
|
|
|
|
|
timeout => '72000',
|
|
|
|
|
timeoutActivity => '0',
|
|
|
|
|
userControl => '^[\w\.\-@]+$',
|
|
|
|
|
userDB => 'LDAP',
|
|
|
|
|
passwordDB => 'LDAP',
|
|
|
|
|
useRedirectOnError => '1',
|
|
|
|
|
useRedirectOnForbidden => '0',
|
|
|
|
|
useSafeJail => '1',
|
|
|
|
|
useXForwardedForIP => '0',
|
|
|
|
|
vhostPort => '-1',
|
|
|
|
|
vhostHttps => '-1',
|
2012-02-29 18:19:11 +01:00
|
|
|
vhostMaintenance => '0',
|
2011-07-06 11:36:15 +02:00
|
|
|
whatToTrace => '$_whatToTrace',
|
|
|
|
|
yubikeyPublicIDSize => '12',
|
2010-02-04 11:08:27 +01:00
|
|
|
########
|
|
|
|
|
# SAML #
|
|
|
|
|
########
|
2010-08-18 11:49:55 +02:00
|
|
|
samlEntityID => '#PORTAL#' . '/saml/metadata',
|
2010-09-01 14:56:15 +02:00
|
|
|
samlOrganizationDisplayName => 'Example',
|
|
|
|
|
samlOrganizationName => 'Example',
|
|
|
|
|
samlOrganizationURL => 'http://www.example.com',
|
|
|
|
|
samlIDPMetaDataOptionsNameIDFormat => '',
|
|
|
|
|
samlIDPMetaDataOptionsForceAuthn => '0',
|
|
|
|
|
samlIDPMetaDataOptionsIsPassive => '0',
|
|
|
|
|
samlIDPMetaDataOptionsAllowProxiedAuthn => '1',
|
|
|
|
|
samlIDPMetaDataOptionsSSOBinding => '',
|
|
|
|
|
samlIDPMetaDataOptionsSLOBinding => '',
|
|
|
|
|
samlIDPMetaDataOptionsResolutionRule => '',
|
|
|
|
|
samlIDPMetaDataOptionsAllowLoginFromIDP => '1',
|
|
|
|
|
samlIDPMetaDataOptionsAdaptSessionUtime => '1',
|
|
|
|
|
samlIDPMetaDataOptionsSignSSOMessage => '1',
|
2010-04-01 16:18:37 +02:00
|
|
|
samlIDPMetaDataOptionsCheckSSOMessageSignature => '1',
|
|
|
|
|
samlIDPMetaDataOptionsSignSLOMessage => '1',
|
|
|
|
|
samlIDPMetaDataOptionsCheckSLOMessageSignature => '1',
|
2010-04-01 18:32:51 +02:00
|
|
|
samlIDPMetaDataOptionsRequestedAuthnContext => '',
|
2010-05-28 17:31:20 +02:00
|
|
|
samlIDPMetaDataOptionsForceUTF8 => '0',
|
2010-06-04 17:54:52 +02:00
|
|
|
samlIDPMetaDataOptionsEncryptionMode => 'none',
|
2010-06-10 17:01:05 +02:00
|
|
|
samlIDPMetaDataOptionsCheckConditions => '1',
|
2010-05-20 17:57:51 +02:00
|
|
|
samlSPMetaDataOptionsNameIDFormat => '',
|
2010-04-02 10:12:59 +02:00
|
|
|
samlSPMetaDataOptionsOneTimeUse => '0',
|
2010-05-20 12:25:00 +02:00
|
|
|
samlSPMetaDataOptionsSignSSOMessage => '1',
|
|
|
|
|
samlSPMetaDataOptionsCheckSSOMessageSignature => '1',
|
|
|
|
|
samlSPMetaDataOptionsSignSLOMessage => '1',
|
|
|
|
|
samlSPMetaDataOptionsCheckSLOMessageSignature => '1',
|
2010-06-04 17:54:52 +02:00
|
|
|
samlSPMetaDataOptionsEncryptionMode => 'none',
|
2010-05-31 12:37:43 +02:00
|
|
|
samlSPSSODescriptorAuthnRequestsSigned => '1',
|
|
|
|
|
samlSPSSODescriptorWantAssertionsSigned => '1',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/proxySingleLogout;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/proxySingleLogoutReturn',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceHTTPPost =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-05-28 12:35:24 +02:00
|
|
|
. '/saml/proxySingleLogout;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-05-28 12:35:24 +02:00
|
|
|
. '/saml/proxySingleLogoutReturn',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlSPSSODescriptorSingleLogoutServiceSOAP =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/proxySingleLogoutSOAP;',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/proxySingleSignOnArtifact',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlSPSSODescriptorAssertionConsumerServiceHTTPPost =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/proxySingleSignOnPost',
|
2010-04-02 10:40:35 +02:00
|
|
|
samlSPSSODescriptorArtifactResolutionServiceArtifact =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-04-02 10:40:35 +02:00
|
|
|
. '/saml/artifact',
|
2010-05-31 12:37:43 +02:00
|
|
|
samlIDPSSODescriptorWantAuthnRequestsSigned => '1',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/singleSignOn;',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPPost =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-05-28 12:35:24 +02:00
|
|
|
. '/saml/singleSignOn;',
|
2010-07-01 11:48:50 +02:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-07-01 11:48:50 +02:00
|
|
|
. '/saml/singleSignOnArtifact;',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlIDPSSODescriptorSingleSignOnServiceSOAP =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/singleSignOnSOAP;',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/singleLogout;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/singleLogoutReturn',
|
2010-05-28 12:35:24 +02:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceHTTPPost =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-05-28 12:35:24 +02:00
|
|
|
. '/saml/singleLogout;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-05-28 12:35:24 +02:00
|
|
|
. '/saml/singleLogoutReturn',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlIDPSSODescriptorSingleLogoutServiceSOAP =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/singleLogoutSOAP;',
|
2010-02-04 17:41:58 +01:00
|
|
|
samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-03-20 18:14:28 +01:00
|
|
|
. '/saml/artifact',
|
2010-06-21 17:29:59 +02:00
|
|
|
samlNameIDFormatMapEmail => 'mail',
|
|
|
|
|
samlNameIDFormatMapX509 => 'mail',
|
|
|
|
|
samlNameIDFormatMapWindows => 'uid',
|
|
|
|
|
samlNameIDFormatMapKerberos => 'uid',
|
2010-05-31 12:37:43 +02:00
|
|
|
samlAttributeAuthorityDescriptorAttributeServiceSOAP =>
|
2010-09-01 14:56:15 +02:00
|
|
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
|
2010-08-18 11:49:55 +02:00
|
|
|
. '#PORTAL#'
|
2010-05-31 12:37:43 +02:00
|
|
|
. '/saml/AA/SOAP;',
|
2010-09-23 18:41:39 +02:00
|
|
|
samlServicePrivateKeySig => '',
|
|
|
|
|
samlServicePrivateKeySigPwd => '',
|
|
|
|
|
samlServicePublicKeySig => '',
|
|
|
|
|
samlServicePrivateKeyEnc => '',
|
|
|
|
|
samlServicePrivateKeyEncPwd => '',
|
|
|
|
|
samlServicePublicKeyEnc => '',
|
|
|
|
|
samlMetadataForceUTF8 => 1,
|
2010-09-02 11:09:10 +02:00
|
|
|
samlAuthnContextMapPassword => 2,
|
|
|
|
|
samlAuthnContextMapPasswordProtectedTransport => 3,
|
|
|
|
|
samlAuthnContextMapTLSClient => 5,
|
|
|
|
|
samlAuthnContextMapKerberos => 4,
|
2010-09-27 12:09:06 +02:00
|
|
|
samlCommonDomainCookieActivation => 0,
|
2010-05-31 12:37:43 +02:00
|
|
|
|
2010-09-01 18:06:01 +02:00
|
|
|
# Authentication levels
|
|
|
|
|
ldapAuthnLevel => 2,
|
|
|
|
|
dbiAuthnLevel => 2,
|
|
|
|
|
SSLAuthnLevel => 5,
|
|
|
|
|
CAS_authnLevel => 1,
|
|
|
|
|
openIdAuthnLevel => 1,
|
|
|
|
|
twitterAuthnLevel => 1,
|
|
|
|
|
apacheAuthnLevel => 4,
|
|
|
|
|
nullAuthnLevel => 0,
|
2010-12-08 07:04:57 +01:00
|
|
|
slaveAuthnLevel => 2,
|
2011-04-21 12:28:18 +02:00
|
|
|
yubikeyAuthnLevel => 3,
|
2010-10-04 11:55:50 +02:00
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-29 18:03:24 +01:00
|
|
|
sub subDefaultConf {
|
|
|
|
|
return {
|
2010-09-01 14:56:15 +02:00
|
|
|
exportedHeaders => { 'Auth-User' => '$uid' },
|
2010-08-16 16:05:27 +02:00
|
|
|
exportedVars => { cn => 'cn', mail => 'mail', uid => 'uid', },
|
|
|
|
|
globalStorageOptions => {
|
|
|
|
|
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
|
|
|
|
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
|
|
|
|
},
|
|
|
|
|
locationRules => { default => 'deny' },
|
|
|
|
|
macros => {
|
|
|
|
|
'_whatToTrace' =>
|
2011-03-23 14:51:55 +01:00
|
|
|
'$_auth eq "SAML" ? "$_user\\@$_idpConfKey" : "$_user"'
|
2010-08-16 16:05:27 +02:00
|
|
|
},
|
|
|
|
|
notificationStorageOptions =>
|
|
|
|
|
{ dirName => '/var/lib/lemonldap-ng/notifications', },
|
2010-09-30 14:22:18 +02:00
|
|
|
post => { none => { expr => {}, }, },
|
2010-03-15 21:24:02 +01:00
|
|
|
remoteGlobalStorageOptions => {
|
|
|
|
|
'proxy' => 'https://remote/index.pl/sessions',
|
|
|
|
|
'ns' => 'https://remote/Lemonldap/NG/Common/CGI/SOAPService',
|
|
|
|
|
},
|
|
|
|
|
samlIDPMetaDataExportedAttributes => { 'uid' => '0;uid;;' },
|
2010-03-25 15:38:54 +01:00
|
|
|
samlSPMetaDataExportedAttributes => { 'uid' => '0;uid;;' },
|
2009-12-29 18:03:24 +01:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2010-10-03 21:58:07 +02:00
|
|
|
## @method hashref globalTests(hashref conf)
|
|
|
|
|
# Return a hash ref where keys are the names of the tests and values
|
2010-10-03 22:06:13 +02:00
|
|
|
# subroutines to execute.
|
|
|
|
|
#
|
|
|
|
|
# Subroutines can return one of the followings :
|
2010-10-30 21:25:38 +02:00
|
|
|
# - (1) : everything is OK
|
|
|
|
|
# - (1,message) : OK with a warning
|
|
|
|
|
# - (0,message) : NOK
|
|
|
|
|
# - (-1,message) : OK, but must be confirmed (ignored if confirm parameter is
|
|
|
|
|
# set
|
2010-10-03 22:06:13 +02:00
|
|
|
#
|
|
|
|
|
# Those subroutines can also modify configuration.
|
|
|
|
|
#
|
2010-10-03 21:58:07 +02:00
|
|
|
# @param $conf Configuration to test
|
|
|
|
|
# @return hash ref where keys are the names of the tests and values
|
|
|
|
|
sub globalTests {
|
|
|
|
|
my ( $self, $conf ) = splice @_;
|
|
|
|
|
return {
|
|
|
|
|
|
2010-10-04 07:48:22 +02:00
|
|
|
# 1. CHECKS
|
|
|
|
|
|
|
|
|
|
# Check if portal is in domain
|
2010-10-03 23:43:22 +02:00
|
|
|
portalIsInDomain => sub {
|
2010-10-03 21:58:07 +02:00
|
|
|
return (
|
|
|
|
|
1,
|
|
|
|
|
(
|
|
|
|
|
index( $conf->{portal}, $conf->{domain} ) > 0
|
|
|
|
|
? ''
|
|
|
|
|
: "Portal seems not to be in the domain $conf->{domain}"
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
},
|
2010-10-03 23:43:22 +02:00
|
|
|
|
2010-10-04 07:48:22 +02:00
|
|
|
# Check if virtual hosts are in the domain
|
2010-10-03 23:43:22 +02:00
|
|
|
vhostInDomainOrCDA => sub {
|
|
|
|
|
return 1 if ( $conf->{cda} );
|
|
|
|
|
my @pb;
|
|
|
|
|
foreach my $vh ( keys %{ $conf->{locationRules} } ) {
|
|
|
|
|
push @pb, $vh unless ( index( $vh, $conf->{domain} ) >= 0 );
|
|
|
|
|
}
|
|
|
|
|
return (
|
|
|
|
|
1,
|
|
|
|
|
(
|
|
|
|
|
@pb
|
|
|
|
|
? 'Virtual hosts '
|
|
|
|
|
. join( ', ', @pb )
|
|
|
|
|
. " are not in $conf->{domain} and cross-domain-authentication is not set"
|
|
|
|
|
: undef
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
|
2012-03-03 16:39:06 +01:00
|
|
|
# Check if virtual host do not contain a port
|
|
|
|
|
vhostWithPort => sub {
|
|
|
|
|
my @pb;
|
|
|
|
|
foreach my $vh ( keys %{ $conf->{locationRules} } ) {
|
|
|
|
|
push @pb, $vh if ( $vh =~ /:/ );
|
|
|
|
|
}
|
|
|
|
|
if (@pb) {
|
|
|
|
|
return ( 0,
|
|
|
|
|
'Virtual hosts '
|
|
|
|
|
. join( ', ', @pb )
|
|
|
|
|
. " contain a port, this is not allowed" );
|
|
|
|
|
}
|
|
|
|
|
else { return 1; }
|
|
|
|
|
},
|
|
|
|
|
|
2010-10-04 07:48:22 +02:00
|
|
|
# Check if "userDB" and "authentication" are consistent
|
|
|
|
|
authAndUserDBConsistency => sub {
|
|
|
|
|
foreach my $type (qw(OpenID SAML)) {
|
|
|
|
|
return ( 0,
|
|
|
|
|
"\"$type\" can not be used as user database without using \"$type\" for authentication"
|
2010-10-07 07:57:21 +02:00
|
|
|
)
|
|
|
|
|
if ( $conf->{userDB} =~ /$type/
|
|
|
|
|
and $conf->{authentication} !~ /$type/ );
|
2010-10-04 07:48:22 +02:00
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
},
|
|
|
|
|
|
2010-10-07 07:57:21 +02:00
|
|
|
# Check that OpenID macros exists
|
|
|
|
|
checkAttrAndMacros => sub {
|
|
|
|
|
my @tmp;
|
|
|
|
|
foreach my $k ( keys %$conf ) {
|
|
|
|
|
if ( $k =~
|
|
|
|
|
/^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
my $v = $conf->{$k};
|
|
|
|
|
$v =~ s/^$//;
|
|
|
|
|
next if ( $v =~ /^_/ );
|
|
|
|
|
push @tmp, $k
|
|
|
|
|
unless (
|
|
|
|
|
defined(
|
|
|
|
|
$conf->{exportedVars}->{$v}
|
|
|
|
|
or defined( $conf->{macros}->{$v} )
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return (
|
|
|
|
|
1,
|
|
|
|
|
(
|
|
|
|
|
@tmp
|
|
|
|
|
? 'Values of parameters '
|
|
|
|
|
. join( ',', @tmp )
|
|
|
|
|
. ' are not defined in exported attributes or macros'
|
|
|
|
|
: ''
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
|
2010-10-30 21:25:38 +02:00
|
|
|
# Try to use Apache::Session module
|
|
|
|
|
testApacheSession => sub {
|
|
|
|
|
my ( $id, %h );
|
2010-11-17 06:07:33 +01:00
|
|
|
return 1
|
|
|
|
|
if ( $Lemonldap::NG::Handler::CGI::globalStorage eq
|
|
|
|
|
$conf->{globalStorage}
|
|
|
|
|
or $conf->{globalStorage} eq
|
|
|
|
|
'Lemonldap::NG::Common::Apache::Session::SOAP' );
|
2010-10-30 21:25:38 +02:00
|
|
|
eval "use $conf->{globalStorage}";
|
|
|
|
|
return ( -1, "Unknown package $conf->{globalStorage}" ) if ($@);
|
|
|
|
|
eval {
|
|
|
|
|
tie %h, $conf->{globalStorage}, undef,
|
|
|
|
|
$conf->{globalStorageOptions};
|
|
|
|
|
};
|
|
|
|
|
return ( -1, "Unable to create a session ($@)" )
|
|
|
|
|
if ( $@ or not tied(%h) );
|
|
|
|
|
eval {
|
|
|
|
|
$h{a} = 1;
|
|
|
|
|
$id = $h{_session_id} or return ( -1, 'No _session_id' );
|
|
|
|
|
untie(%h);
|
|
|
|
|
tie %h, $conf->{globalStorage}, $id,
|
|
|
|
|
$conf->{globalStorageOptions};
|
|
|
|
|
};
|
|
|
|
|
return ( -1, "Unable to insert datas ($@)" ) if ($@);
|
|
|
|
|
return ( -1, "Unable to recover data stored" )
|
|
|
|
|
unless ( $h{a} == 1 );
|
|
|
|
|
eval { tied(%h)->delete; };
|
|
|
|
|
return ( -1, "Unable to delete session ($@)" ) if ($@);
|
|
|
|
|
my $gc = $Lemonldap::NG::Handler::CGI::globalStorage;
|
|
|
|
|
return ( -1,
|
|
|
|
|
'All sessions may be lost and you <b>must</b> restart all your Apache servers'
|
|
|
|
|
) if ( $conf->{globalStorage} ne $gc );
|
|
|
|
|
return 1;
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Warn if cookie name has changed
|
|
|
|
|
cookieNameChanged => sub {
|
|
|
|
|
return (
|
|
|
|
|
1,
|
|
|
|
|
(
|
|
|
|
|
$Lemonldap::NG::Handler::CGI::cookieName ne
|
|
|
|
|
$conf->{cookieName}
|
|
|
|
|
? 'Cookie name has changed, you <b>must</b> restart all your Apache servers'
|
|
|
|
|
: ()
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# Warn if manager seems to be unprotected
|
|
|
|
|
managerProtection => sub {
|
|
|
|
|
return (
|
|
|
|
|
1,
|
|
|
|
|
(
|
|
|
|
|
$conf->{cfgAuthor} eq 'anonymous'
|
|
|
|
|
? 'Your manager seems to be unprotected'
|
|
|
|
|
: ''
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
|
2011-04-15 11:44:15 +02:00
|
|
|
# Test SMTP connection and authentication
|
|
|
|
|
smtpConnectionAuthentication => sub {
|
|
|
|
|
|
|
|
|
|
# Skip test if no SMTP configuration
|
|
|
|
|
return 1 unless ( $conf->{SMTPServer} );
|
|
|
|
|
|
|
|
|
|
# Use SMTP
|
|
|
|
|
eval "use Net::SMTP";
|
|
|
|
|
return ( 0, "Net::SMTP module is required to use SMTP server" )
|
|
|
|
|
if ($@);
|
|
|
|
|
|
|
|
|
|
# Create SMTP object
|
|
|
|
|
my $smtp = Net::SMTP->new( $conf->{SMTPServer} );
|
|
|
|
|
return ( 0,
|
|
|
|
|
"SMTP connection to " . $conf->{SMTPServer} . " failed" )
|
|
|
|
|
unless ($smtp);
|
|
|
|
|
|
|
|
|
|
# Skip other tests if no authentication
|
2012-03-03 16:39:06 +01:00
|
|
|
return 1
|
|
|
|
|
unless ( $conf->{SMTPAuthUser} and $conf->{SMTPAuthPass} );
|
2011-04-15 11:44:15 +02:00
|
|
|
|
|
|
|
|
# Try authentication
|
|
|
|
|
return ( 0, "SMTP authentication failed" )
|
|
|
|
|
unless $smtp->auth( $conf->{SMTPAuthUser},
|
2011-04-21 12:28:18 +02:00
|
|
|
$conf->{SMTPAuthPass} );
|
2011-04-15 11:44:15 +02:00
|
|
|
|
|
|
|
|
# Return
|
|
|
|
|
return 1;
|
|
|
|
|
},
|
|
|
|
|
|
2010-10-04 07:48:22 +02:00
|
|
|
# 2. MODIFICATIONS
|
|
|
|
|
|
2010-10-04 11:07:30 +02:00
|
|
|
# Remove unused and non-customized parameters
|
2010-10-03 23:43:22 +02:00
|
|
|
compactModules => sub {
|
|
|
|
|
foreach my $k ( keys %$conf ) {
|
2010-10-04 07:48:22 +02:00
|
|
|
|
|
|
|
|
# No analysis for hash keys
|
2010-10-03 23:43:22 +02:00
|
|
|
next if ( ref $conf->{$k} );
|
2010-10-04 07:48:22 +02:00
|
|
|
|
|
|
|
|
# Check federation modules
|
|
|
|
|
foreach my $type (qw(CAS OpenID SAML)) {
|
2010-10-04 11:07:30 +02:00
|
|
|
|
|
|
|
|
# Check authChoice values
|
|
|
|
|
my ( $authChoice, $userDBChoice ) = ( undef, undef );
|
|
|
|
|
if ( $conf->{authentication} eq 'Choice'
|
|
|
|
|
and defined $conf->{authChoiceModules} )
|
|
|
|
|
{
|
|
|
|
|
foreach ( keys %{ $conf->{authChoiceModules} } ) {
|
|
|
|
|
my ( $auth, $userDB, $passwordDB ) =
|
|
|
|
|
split( '|', $conf->{authChoiceModules}->{$_} );
|
|
|
|
|
$authChoice = 1 if $auth =~ /$type/i;
|
|
|
|
|
$userDBChoice = 1 if $userDB =~ /$type/i;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-10-04 07:48:22 +02:00
|
|
|
if (
|
|
|
|
|
(
|
|
|
|
|
$k =~ /^$type/i
|
|
|
|
|
and not( $conf->{"issuerDB${type}Activation"} )
|
|
|
|
|
and not( $conf->{authentication} =~ /$type/i )
|
|
|
|
|
and not( $conf->{userDB} =~ /$type/i )
|
2010-10-04 11:07:30 +02:00
|
|
|
and not( defined $authChoice
|
|
|
|
|
or defined $userDBChoice )
|
2010-10-04 07:48:22 +02:00
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
my $v = $self->defaultConf()->{$k};
|
|
|
|
|
if ( defined($v) and $conf->{$k} eq $v ) {
|
|
|
|
|
delete $conf->{$k};
|
|
|
|
|
}
|
2010-10-03 23:43:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
2010-10-04 07:48:22 +02:00
|
|
|
return 1;
|
2010-10-03 23:43:22 +02:00
|
|
|
}
|
|
|
|
|
},
|
2010-10-03 21:58:07 +02:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-11 19:17:00 +01:00
|
|
|
1;
|
2010-10-03 22:06:13 +02:00
|
|
|
|
