2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:variables< / title >
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,variables" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "variables.html" / >
< link rel = "contents" href = "variables.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : v a r i a b l e s " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#modules" > Modules< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#connection" > Connection< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#authentication" > Authentication< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#dates" > Dates< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#saml" > SAML< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#notifications" > Notifications< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#login_history" > Login history< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#ldap" > LDAP< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#openid" > OpenID< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#openid_connect" > OpenID Connect< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#other" > Other< / a > < / div > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "variables" > Variables< / h1 >
< div class = "level1" >
< / div >
<!-- EDIT1 SECTION "Variables" [1 - 25] -->
< h2 class = "sectionedit2" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
Variables can be used in rules and headers. All rules are concerned:
< / p >
< ul >
< li class = "level1" > < div class = "li" > Access rule in virtual host< / div >
< / li >
< li class = "level1" > < div class = "li" > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > IDP preselection< / div >
< / li >
< li class = "level1" > < div class = "li" > Session opening< / div >
< / li >
< li class = "level1" > < div class = "li" > …< / div >
< / li >
< / ul >
< p >
Variables are stored in the user session. We can distinguish several kind of variables:
< / p >
< ul >
< li class = "level1" > < div class = "li" > internal variables, managed by LemonLDAP::NG< / div >
< / li >
< li class = "level1" > < div class = "li" > < a href = "exportedvars.html" class = "wikilink1" title = "documentation:2.0:exportedvars" > exported variables< / a > collected from UserDB backend< / div >
< / li >
< li class = "level1" > < div class = "li" > < a href = "performances.html#macros_and_groups" class = "wikilink1" title = "documentation:2.0:performances" > macro and groups< / a > < / div >
< / li >
< / ul >
< p >
When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if < code > uid< / code > variable match < code > coudot< / code > :
< / p >
< pre class = "code" > $uid eq " coudot" < / pre >
< div class = "notetip" > You can inspect a user session with the sessions explorer (in Manager)
< / div >
< p >
Below are documented internal variables.
< / p >
< / div >
<!-- EDIT2 SECTION "Presentation" [26 - 794] -->
< h2 class = "sectionedit3" id = "modules" > Modules< / h2 >
< div class = "level2" >
< p >
Register what module was used for authentication, user data, password, …
< / p >
< div class = "table sectionedit4" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 centeralign" > _auth < / td > < td class = "col1 leftalign" > Authentication module < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 centeralign" > _userDB < / td > < td class = "col1 leftalign" > User module < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 centeralign" > _passwordDB < / td > < td class = "col1 leftalign" > Password module < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0 centeralign" > _issuerDB < / td > < td class = "col1 leftalign" > Issuer module (can be multivalued) < / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0 centeralign" > _authChoice < / td > < td class = "col1 leftalign" > User choice done if < a href = "authchoice.html" class = "wikilink1" title = "documentation:2.0:authchoice" > authentication choice< / a > was used < / td >
< / tr >
< tr class = "row6 roweven" >
< td class = "col0 centeralign" > _authMulti < / td > < td class = "col1 leftalign" > Full name of authentication module (with < code > #label< / code > ) used in Multi < / td >
< / tr >
< tr class = "row7 rowodd" >
< td class = "col0 centeralign" > _userDBMulti < / td > < td class = "col1 leftalign" > Full name of user module (with < code > #label< / code > ) used in Multi < / td >
< / tr >
< / table > < / div >
<!-- EDIT4 TABLE [891 - 1328] -->
< / div >
<!-- EDIT3 SECTION "Modules" [795 - 1328] -->
< h2 class = "sectionedit5" id = "connection" > Connection< / h2 >
< div class = "level2" >
< p >
Datas concerning the first connection to the portal
< / p >
< div class = "table sectionedit6" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > ipAddr < / td > < td class = "col1 leftalign" > < abbr title = "Internet Protocol" > IP< / abbr > of the user (can be the X Forwarded For < abbr title = "Internet Protocol" > IP< / abbr > if trusted proxies are configured) < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > _timezone < / td > < td class = "col1" > Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 leftalign" > _url < / td > < td class = "col1 leftalign" > < abbr title = "Uniform Resource Locator" > URL< / abbr > used before being redirected to the portal (empty if portal was used as entry point) < / td >
< / tr >
< / table > < / div >
<!-- EDIT6 TABLE [1406 - 1770] -->
< / div >
<!-- EDIT5 SECTION "Connection" [1329 - 1771] -->
< h2 class = "sectionedit7" id = "authentication" > Authentication< / h2 >
< div class = "level2" >
< p >
Datas around the authentication process.
< / p >
< div class = "table sectionedit8" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _session_id < / td > < td class = "col1 leftalign" > Session identifier (carried in cookie) < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > _user < / td > < td class = "col1 leftalign" > User found from login process < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 leftalign" > _password < / td > < td class = "col1 leftalign" > Password found from login process (only if < a href = "passwordstore.html" class = "wikilink1" title = "documentation:2.0:passwordstore" > password store in session< / a > is configured) < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0 leftalign" > authenticationLevel < / td > < td class = "col1 leftalign" > Authentication level < / td >
< / tr >
< / table > < / div >
<!-- EDIT8 TABLE [1842 - 2139] -->
< / div >
<!-- EDIT7 SECTION "Authentication" [1772 - 2140] -->
< h2 class = "sectionedit9" id = "dates" > Dates< / h2 >
< div class = "level2" >
< div class = "table sectionedit10" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _utime < / td > < td class = "col1 leftalign" > Timestamp of session creation < / td >
< / tr >
< tr class = "row2 roweven" >
2017-03-30 07:08:56 +02:00
< td class = "col0 leftalign" > _startTime < / td > < td class = "col1 leftalign" > Date of session creation < / td >
2016-10-15 19:57:04 +02:00
< / tr >
< tr class = "row3 rowodd" >
2017-03-30 07:08:56 +02:00
< td class = "col0 leftalign" > _updateTime < / td > < td class = "col1 leftalign" > Date of session last modification < / td >
2016-10-15 19:57:04 +02:00
< / tr >
< tr class = "row4 roweven" >
< td class = "col0" > _lastAuthnUTime < / td > < td class = "col1 leftalign" > Timestamp of last authentication time < / td >
< / tr >
< / table > < / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT10 TABLE [2160 - 2389] -->
2016-10-15 19:57:04 +02:00
< / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT9 SECTION "Dates" [2141 - 2390] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit11" id = "saml" > SAML< / h2 >
< div class = "level2" >
< p >
Datas related to < abbr title = "Security Assertion Markup Language" > SAML< / abbr > protocol
< / p >
< div class = "table sectionedit12" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _idp < / td > < td class = "col1 leftalign" > Name of IDP used for authentication < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > _idpConfKey < / td > < td class = "col1 leftalign" > Configuration key of IDP used for authentication < / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0 leftalign" > _samlToken < / td > < td class = "col1 leftalign" > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > token < / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0 leftalign" > _lassoSessionDump < / td > < td class = "col1 leftalign" > Lasso session dump < / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0 leftalign" > _lassoIdentityDump < / td > < td class = "col1 leftalign" > Lasso identity dump < / td >
< / tr >
< / table > < / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT12 TABLE [2441 - 2706] -->
2016-10-15 19:57:04 +02:00
< / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT11 SECTION "SAML" [2391 - 2707] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit13" id = "notifications" > Notifications< / h2 >
< div class = "level2" >
< div class = "table sectionedit14" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _notification_< em > id< / em > < / td > < td class = "col1 leftalign" > Date of validation of the notification < em > id< / em > < / td >
< / tr >
< / table > < / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT14 TABLE [2735 - 2835] -->
2016-10-15 19:57:04 +02:00
< / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT13 SECTION "Notifications" [2708 - 2836] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit15" id = "login_history" > Login history< / h2 >
< div class = "level2" >
< div class = "table sectionedit16" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
2017-03-30 07:08:56 +02:00
< td class = "col0 leftalign" > _loginHistory < / td > < td class = "col1 leftalign" > HASH of login success and failures < / td >
2016-10-15 19:57:04 +02:00
< / tr >
< / table > < / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT16 TABLE [2864 - 2946] -->
2016-10-15 19:57:04 +02:00
< / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT15 SECTION "Login history" [2837 - 2947] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit17" id = "ldap" > LDAP< / h2 >
< div class = "level2" >
< p >
Only with UserDB LDAP.
< / p >
< div class = "table sectionedit18" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
2017-03-30 07:08:56 +02:00
< td class = "col0 leftalign" > _dn < / td > < td class = "col1" > Distinguished name < / td >
2016-10-15 19:57:04 +02:00
< / tr >
< / table > < / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT18 TABLE [2990 - 3045] -->
2016-10-15 19:57:04 +02:00
< / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT17 SECTION "LDAP" [2948 - 3046] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit19" id = "openid" > OpenID< / h2 >
< div class = "level2" >
< div class = "table sectionedit20" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0 leftalign" > _openid_< em > id< / em > < / td > < td class = "col1 leftalign" > Consent to share attribute < em > id< / em > trough OpenID < / td >
< / tr >
< / table > < / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT20 TABLE [3067 - 3163] -->
2016-10-15 19:57:04 +02:00
< / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT19 SECTION "OpenID" [3047 - 3164] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit21" id = "openid_connect" > OpenID Connect< / h2 >
< div class = "level2" >
< div class = "table sectionedit22" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
2017-03-30 07:08:56 +02:00
< td class = "col0 leftalign" > _oidc_id_token < / td > < td class = "col1 leftalign" > ID Token < / td >
2016-10-15 19:57:04 +02:00
< / tr >
< tr class = "row2 roweven" >
2017-03-30 07:08:56 +02:00
< td class = "col0 leftalign" > _oidc_OP < / td > < td class = "col1 leftalign" > Configuration key of OP used for authentication < / td >
2016-10-15 19:57:04 +02:00
< / tr >
< tr class = "row3 rowodd" >
2017-03-30 07:08:56 +02:00
< td class = "col0 leftalign" > _oidc_access_token < / td > < td class = "col1 leftalign" > OAuth2 Access Token used to get UserInfo data < / td >
2016-10-15 19:57:04 +02:00
< / tr >
< tr class = "row4 roweven" >
< td class = "col0" > _oidc_consent_scope_< em > rp< / em > < / td > < td class = "col1 leftalign" > Scope for which consent was given for RP < em > rp< / em > < / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0" > _oidc_consent_time_< em > rp< / em > < / td > < td class = "col1 leftalign" > Time when consent was given for RP < em > rp< / em > < / td >
< / tr >
< / table > < / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT22 TABLE [3193 - 3545] -->
2016-10-15 19:57:04 +02:00
< / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT21 SECTION "OpenID Connect" [3165 - 3546] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit23" id = "other" > Other< / h2 >
< div class = "level2" >
< div class = "table sectionedit24" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0 centeralign" > Key < / th > < th class = "col1 centeralign" > Description < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
2017-03-30 07:08:56 +02:00
< td class = "col0 leftalign" > _appsListOrder < / td > < td class = "col1 leftalign" > Order of categories in the menu < / td >
2016-10-15 19:57:04 +02:00
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > _session_kind < / td > < td class = "col1 leftalign" > Type of session (< abbr title = "Single Sign On" > SSO< / abbr > , Persistent, …) < / td >
< / tr >
< / table > < / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT24 TABLE [3566 - 3707] -->
2016-10-15 19:57:04 +02:00
< / div >
2017-03-30 07:08:56 +02:00
<!-- EDIT23 SECTION "Other" [3547 - ] --> < / div >
2016-10-15 19:57:04 +02:00
< / body >
< / html >