diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b826a4aeb..8384c89e3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -64,7 +64,7 @@ build_centos_7: script: - rm -f /etc/yum.repos.d/CentOS-Sources.repo - yum -y install epel-release - - make rpm-dist + - make dist - ci-build-pkg build_centos_8: @@ -74,7 +74,7 @@ build_centos_8: - yum-config-manager --enable PowerTools - yum-config-manager --enable AppStream - yum -y install epel-release - - make rpm-dist + - make dist - ci-build-pkg sign: @@ -91,7 +91,7 @@ sign: - build_buster - build_bionic - build_centos_7 -# - build_centos_8 + - build_centos_8 artifacts: expire_in: 1 day paths: diff --git a/Makefile b/Makefile index 98b9a43fe..7d0a07db1 100644 --- a/Makefile +++ b/Makefile @@ -1085,23 +1085,13 @@ manager_uninstall: manager dist: clean @mkdir -p lemonldap-ng-$(VERSION) - @cp -pRH $$(find * -maxdepth 0|grep -v -e "\(lemonldap-ng-$(VERSION)\|debian\|rpm\)") lemonldap-ng-$(VERSION) + @cp -pRH $$(find * -maxdepth 0|grep -v -e "lemonldap-ng-$(VERSION)") lemonldap-ng-$(VERSION) @find $$dir -name '*.bak' -delete @rm -rf lemonldap-ng-$(VERSION)/lemonldap-ng-$(VERSION) @rm -rf lemonldap-ng-$(VERSION)/node_modules @$(COMPRESS) lemonldap-ng-$(VERSION).$(COMPRESSSUFFIX) lemonldap-ng-$(VERSION) @rm -rf lemonldap-ng-$(VERSION) -rpm-dist: clean - @mkdir -p lemonldap-ng-$(VERSION) - @cp -pRH $$(find * -maxdepth 0|grep -v -e "\(lemonldap-ng-$(VERSION)\|debian\)") lemonldap-ng-$(VERSION) - @find $$dir -name '*.bak' -delete - @rm -rf lemonldap-ng-$(VERSION)/lemonldap-ng-$(VERSION) - @rm -rf lemonldap-ng-$(VERSION)/node_modules - @$(COMPRESS) lemonldap-ng-$(VERSION).$(COMPRESSSUFFIX) lemonldap-ng-$(VERSION) - @rm -rf lemonldap-ng-$(VERSION) - - debian-dist: clean @mkdir -p lemonldap-ng-$(VERSION) @cp -pRH $$(find * -maxdepth 0|grep -v -e "\(lemonldap-ng-$(VERSION)\|rpm\)") lemonldap-ng-$(VERSION) diff --git a/RELEASE b/RELEASE index dab1c808e..40d794624 100644 --- a/RELEASE +++ b/RELEASE @@ -60,10 +60,7 @@ $ make clean && make dist - RedHat packaging: -Create the RPM specific tarball: -$ make clean && make rpm-dist - -Next steps: see rpm/README +See rpm/README - Debian packaging: @@ -87,7 +84,7 @@ Upload modules tarballs (generated by make cpan) - OW2 Release: Upload dist and bundles on sftp://release-up.ow2.org/projects/lemonldap -- RPM: see rpm/REDAME +- RPM: see rpm/README - DEB: The DEB repository is hosted on https://lemonldap-ng.org/deb diff --git a/doc/pages/manager-api/index.html b/doc/pages/manager-api/index.html index 81e7823c5..31cfce4da 100644 --- a/doc/pages/manager-api/index.html +++ b/doc/pages/manager-api/index.html @@ -895,6 +895,11 @@ "default" : "HS512", "enum" : [ "none", "RS256", "RS384", "RS512" ] }, + "userInfoSignAlg" : { + "type" : "string", + "default" : "", + "enum" : [ "", "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" ] + }, "accessTokenJWT" : { "type" : "bool" }, diff --git a/doc/sources/admin/applications.rst b/doc/sources/admin/applications.rst index 1f929fabe..64396a0e3 100644 --- a/doc/sources/admin/applications.rst +++ b/doc/sources/admin/applications.rst @@ -34,6 +34,7 @@ Applications applications/nextcloud applications/obm applications/office365 + applications/publik applications/phpldapadmin applications/roundcube applications/salesforce @@ -113,6 +114,7 @@ Application Configuration .. image:: applications/nextcloud-logo.png :doc:`NextCloud` ✔ .. image:: applications/obm_logo.png :doc:`OBM` ✔ .. image:: applications/logo_office_365.png :doc:`Office 365` ✔ +.. image:: applications/logo-publik.png :doc:`Publik` ✔ .. image:: applications/phpldapadmin_logo.png :doc:`phpLDAPAdmin` ✔ .. image:: applications/roundcube_logo.png :doc:`Roundcube` ✔ .. image:: applications/salesforce-logo.jpg :doc:`SalesForce` ✔ diff --git a/doc/sources/admin/applications/logo-publik.png b/doc/sources/admin/applications/logo-publik.png new file mode 100644 index 000000000..50ee7ec11 Binary files /dev/null and b/doc/sources/admin/applications/logo-publik.png differ diff --git a/doc/sources/admin/applications/publik.rst b/doc/sources/admin/applications/publik.rst new file mode 100644 index 000000000..84e2febbf --- /dev/null +++ b/doc/sources/admin/applications/publik.rst @@ -0,0 +1,53 @@ +Publik +======= + +|image0| + +Presentation +------------ + +Publik is an open-source citizen relationship management tool. + +See `the official Publik website `__ for a +complete presentation. + +It feature an OpenID Connect login that work with LemonLDAP::NG. + +Configuring Publik +------------------- + +Connect to your publik instance authentic2 webui with an Admin user, in the admin panel, go to "Authentic2_Auth_Oidc" › "Oidc providers". + +Click on "Add Oidc Provider". + +* Name : LemonLDAP SSO +* Short id : lemonldap +* Provider : https://auth.example.com/ +* Client id : clientid +* Client secret : secret +* Authorization endpoint : https://auth.example.com/oauth2/authorize +* Token endpoint : https://auth.example.com/oauth2/token +* Userinfo endpoint : https://auth.example.com/oauth2/userinfo +* End session endpont : https://auth.example.com/oauth2/logout +* WebKey JSON : Copy/Paste the content of https://auth.example.com/oauth2/jwks +* Claims Enabled : yes +* Show on connection page : yes + +Strategy and Collectivity can be configured based to your needs. + +OIDC Claim mappings can be configured based on your needs. + +Configuring LemonLDAP +~~~~~~~~~~~~~~~~~~~~~ + +We now have to configure LemonLDAP::NG to recognize publik as a valid OIDC relying party. + +Add a :doc:`new OpenID Connect relying party<..//idpopenidconnect>` +with the following parameters (Options -> Basic) : + +* **Client ID**: the same you set in Publik configuration. +* **Client Secret**: the same you set in Publik configuration. +* **Allowed redirection addresses for login**: The "Callback URL" for authentic2 : https://authentic2-instance/accounts/oidc/callback/ + +.. |image0| image:: /applications/logo-publik.png + :class: align-center diff --git a/doc/sources/admin/bruteforceprotection.rst b/doc/sources/admin/bruteforceprotection.rst index 5e4288d47..8136b4f33 100644 --- a/doc/sources/admin/bruteforceprotection.rst +++ b/doc/sources/admin/bruteforceprotection.rst @@ -11,6 +11,13 @@ repeatedly trying to guess the password of an user. If disabled, automated tools may submit thousands of password attempts in a matter of seconds. +.. attention:: + This plugin relies on the Login History, stored in users' persistent sessions. + This means that the authentication and persistent session backends will be + accessed for every login attempt, even fraudulent ones. This plugin is not + meant to protect against denial of service attacks. + + Configuration ------------- diff --git a/doc/sources/admin/idpopenidconnect.rst b/doc/sources/admin/idpopenidconnect.rst index e130c9198..b0c185fbd 100644 --- a/doc/sources/admin/idpopenidconnect.rst +++ b/doc/sources/admin/idpopenidconnect.rst @@ -314,6 +314,11 @@ Options (RSXXX) or HMAC (HSXXX) based signature algorithms - **Access Token signature algorithm**: Select one of the available public key signature algorithms + - **Userinfo signature algorithm** (since version ``2.0.12``): Select one + of the available signature algorithms to release user information as a JWT + on the ``/userinfo`` endpoint. If this option is left empty, user + information will be released as a plain JSON object. The ``None`` value + will release user information as an unsigned JWT. - **Require PKCE** (since version ``2.0.4``): a code challenge is required at token endpoint (see `RFC7636 `__) diff --git a/doc/sources/admin/impersonation.rst b/doc/sources/admin/impersonation.rst index 71175691b..6758de8fe 100644 --- a/doc/sources/admin/impersonation.rst +++ b/doc/sources/admin/impersonation.rst @@ -51,17 +51,19 @@ protected from being impersonated. - .. attention:: Both spoofed and real session attributes can be used to set access rules, groups or macros. - By example : ``$real_uid eq 'dwho'`` or ``$real_groups =~ /\bsu\b/`` + By example : ``$real_uid && $real_uid eq 'dwho'`` or ``$real_groups && $real_groups =~ /\bsu\b/`` Keep in mind that real session is computed first. Afterward, if access is granted, impersonated session is computed with real and spoofed session attributes if Impersonation is allowed. + So, ``real_`` attributes are computed by second authentication process. + To avoid Perl warnings, you have to prefix regex with ``$real_var &&``. + .. attention:: diff --git a/doc/sources/admin/portalcustom.rst b/doc/sources/admin/portalcustom.rst index d4bb14edf..3f448cac4 100644 --- a/doc/sources/admin/portalcustom.rst +++ b/doc/sources/admin/portalcustom.rst @@ -89,7 +89,7 @@ configuration. |image0| To set your own background, copy your file in -``/usr/share/lemonldap-ng/portal/htdocs/skins/common/backgrounds/`` and +``/usr/share/lemonldap-ng/portal/htdocs/static/common/backgrounds/`` and register it in ``/etc/lemonldap-ng/lemonldap-ng.ini``: .. code-block:: ini diff --git a/doc/sources/admin/security.rst b/doc/sources/admin/security.rst index f1f515b7b..dd28a4697 100644 --- a/doc/sources/admin/security.rst +++ b/doc/sources/admin/security.rst @@ -354,7 +354,7 @@ Go in Manager, ``General parameters`` » ``Advanced parameters`` » to disable CSRF token by setting a special rule based on callers IP address like this : - requireToken => $env->{REMOTE_ADDR} !~ /^127\.0\.[1-3]\.1$/ + requireToken => $env->{REMOTE_ADDR} && $env->{REMOTE_ADDR} !~ /^127\.0\.[1-3]\.1$/ .. danger:: diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst index afeffc69b..01556825a 100644 --- a/doc/sources/admin/upgrade_2_0_x.rst +++ b/doc/sources/admin/upgrade_2_0_x.rst @@ -54,6 +54,15 @@ You can then remove them with :: lemonldap-ng-sessions delete +Brute-force protection plugin may cause duplicate persistent sessions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Because of `bug #2482 `__ , some users may notice that the persistent session database is filling with duplicate sessions. Some examples include: + +* An uppercase version of the regular persistent session (dwho vs DWHO) +* An unqualified version (dwho vs dwho@idp.com) + +This bug was fixed in 2.0.12, but administrators are advised to clean up their persistent session database to remove any duplicate persistent sessions remaining after the upgrade. 2.0.11 ------ diff --git a/doc/sources/manager-api/openapi-spec.yaml b/doc/sources/manager-api/openapi-spec.yaml index 911e36bc4..f2414964c 100644 --- a/doc/sources/manager-api/openapi-spec.yaml +++ b/doc/sources/manager-api/openapi-spec.yaml @@ -1213,6 +1213,18 @@ components: - RS384 - RS512 default: HS512 + userInfoSignAlg: + type: string + enum: + - "" + - none + - HS256 + - HS384 + - HS512 + - RS256 + - RS384 + - RS512 + default: "" accessTokenJWT: type: bool accessTokenClaims: diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm index 0a7df0320..ee90e7dcc 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm @@ -27,7 +27,7 @@ our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaData our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|Servic|Rul)e|AuthnLevel)|(?:ExportedVar|Macro)s)'; our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)'; our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))'; -our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|ScopeRule|Macro)s)'; +our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|UserI(?:nfoSignAlg|DAttr)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)'; our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)'; our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|AuthnLevel|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)'; our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)'; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm index f8895f35a..2443c31df 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm @@ -122,7 +122,7 @@ sub encrypt { } sub token { - return encrypt( join( ':', time, @_ ) ); + return $_[0] ? encrypt( join( ':', time, @_ ) ) : encrypt(time); } ## @method reval diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm index 5626a845c..63649922d 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm @@ -139,7 +139,9 @@ sub run { } # Try to recover cookie and user session - if ( $id = $class->fetchId($req) + $id = $class->fetchId($req); + $class->data( {} ) unless($id); + if ( $id and $session = $class->retrieveSession( $req, $id ) ) { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index c15e8c980..b25d1cc77 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -2453,6 +2453,43 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: 'oidcRPMetaDataOptionsUserIDAttr' => { 'type' => 'text' }, + 'oidcRPMetaDataOptionsUserInfoSignAlg' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'HS256', + 'v' => 'HS256' + }, + { + 'k' => 'HS384', + 'v' => 'HS384' + }, + { + 'k' => 'HS512', + 'v' => 'HS512' + }, + { + 'k' => 'RS256', + 'v' => 'RS256' + }, + { + 'k' => 'RS384', + 'v' => 'RS384' + }, + { + 'k' => 'RS512', + 'v' => 'RS512' + } + ], + 'type' => 'select' + }, 'oidcRPMetaDataScopeRules' => { 'default' => {}, 'test' => { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 7c1a4626f..2436fb132 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -4262,6 +4262,20 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: ], default => 'RS256', }, + oidcRPMetaDataOptionsUserInfoSignAlg => { + type => 'select', + select => [ + { k => '', v => '' }, + { k => 'none', v => 'None' }, + { k => 'HS256', v => 'HS256' }, + { k => 'HS384', v => 'HS384' }, + { k => 'HS512', v => 'HS512' }, + { k => 'RS256', v => 'RS256' }, + { k => 'RS384', v => 'RS384' }, + { k => 'RS512', v => 'RS512' }, + ], + default => '', + }, oidcRPMetaDataOptionsAccessTokenJWT => { type => 'bool', default => 0 }, oidcRPMetaDataOptionsAccessTokenClaims => { type => 'bool', default => 0 }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index ed63412b3..99104632a 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -224,6 +224,7 @@ sub cTrees { nodes => [ 'oidcRPMetaDataOptionsIDTokenSignAlg', 'oidcRPMetaDataOptionsAccessTokenSignAlg', + 'oidcRPMetaDataOptionsUserInfoSignAlg', 'oidcRPMetaDataOptionsRequirePKCE', 'oidcRPMetaDataOptionsAllowOffline', 'oidcRPMetaDataOptionsAllowPasswordGrant', diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js index df27d9788..392fbabc5 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js @@ -567,6 +567,47 @@ function templates(tpl,key) { "title" : "oidcRPMetaDataOptionsAccessTokenSignAlg", "type" : "select" }, + { + "default" : "", + "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsUserInfoSignAlg", + "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsUserInfoSignAlg", + "select" : [ + { + "k" : "", + "v" : "" + }, + { + "k" : "none", + "v" : "None" + }, + { + "k" : "HS256", + "v" : "HS256" + }, + { + "k" : "HS384", + "v" : "HS384" + }, + { + "k" : "HS512", + "v" : "HS512" + }, + { + "k" : "RS256", + "v" : "RS256" + }, + { + "k" : "RS384", + "v" : "RS384" + }, + { + "k" : "RS512", + "v" : "RS512" + } + ], + "title" : "oidcRPMetaDataOptionsUserInfoSignAlg", + "type" : "select" + }, { "default" : 0, "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRequirePKCE", diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js index 8869045d4..1c77696ad 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js @@ -1 +1 @@ -function templates(t,a){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+a+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casAppMetaDataOptionsService",id:t+"s/"+a+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{get:t+"s/"+a+"/casAppMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/casAppMetaDataOptionsAuthnLevel",title:"casAppMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/casAppMetaDataOptionsRule",id:t+"s/"+a+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{cnodes:t+"s/"+a+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+a+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsUrl",id:t+"s/"+a+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsRenew",id:t+"s/"+a+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsGateway",id:t+"s/"+a+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/casSrvMetaDataOptionsIcon",id:t+"s/"+a+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"int"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+a+"/oidcOPMetaDataJSON",id:t+"s/"+a+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+a+"/oidcOPMetaDataJWKS",id:t+"s/"+a+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+a+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+a+"/oidcOPMetaDataOptionsScope",id:t+"s/"+a+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"client_secret_post",get:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"int"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{cnodes:t+"s/"+a+"/oidcRPMetaDataExportedVars",default:[{data:["mail","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/email",title:"email",type:"oidcAttribute"},{data:["sn","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"oidcAttribute"},{data:["cn","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/name",title:"name",type:"oidcAttribute"}],id:t+"s/"+a+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"oidcAttributeContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",default:[],id:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"}],id:"oidcRPMetaDataOptionsBasic",title:"oidcRPMetaDataOptionsBasic",type:"simpleInputContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",help:"openidconnectclaims.html",id:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenJWT",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenJWT",title:"oidcRPMetaDataOptionsAccessTokenJWT",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenClaims",title:"oidcRPMetaDataOptionsAccessTokenClaims",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAdditionalAudiences",id:t+"s/"+a+"/oidcRPMetaDataOptionsAdditionalAudiences",title:"oidcRPMetaDataOptionsAdditionalAudiences"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"}],id:"oidcRPMetaDataOptionsAdvanced",title:"oidcRPMetaDataOptionsAdvanced",type:"simpleInputContainer"},{_nodes:[{default:"HS512",get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{default:"RS256",get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenSignAlg",select:[{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsAccessTokenSignAlg",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowPasswordGrant",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowPasswordGrant",title:"oidcRPMetaDataOptionsAllowPasswordGrant",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",title:"oidcRPMetaDataOptionsAllowClientCredentialsGrant",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthnLevel",title:"oidcRPMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRule",id:t+"s/"+a+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"}],id:"security",title:"security",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"int"}],id:"oidcRPMetaDataOptionsTimeouts",title:"oidcRPMetaDataOptionsTimeouts",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{default:"front",get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"}],id:"logout",title:"logout",type:"simpleInputContainer"}],help:"idpopenidconnect.html#options",id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+a+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataScopeRules",default:[],help:"idpopenidconnect.html#scope-rules",id:t+"s/"+a+"/oidcRPMetaDataScopeRules",title:"oidcRPMetaDataScopeRules",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+a+"/samlIDPMetaDataXML",id:t+"s/"+a+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported-attributes",id:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSignatureMethod",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlIDPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"int"}],id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+a+"/samlSPMetaDataXML",id:t+"s/"+a+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported-attributes",id:t+"s/"+a+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsSignatureMethod",id:t+"s/"+a+"/samlSPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlSPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+a+"/samlSPMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/samlSPMetaDataOptionsAuthnLevel",title:"samlSPMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/samlSPMetaDataOptionsRule",id:t+"s/"+a+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+a+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+a+"/locationRules",default:[{data:"deny",id:t+"s/"+a+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+a+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+a+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+a+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/post",help:"formreplay.html",id:t+"s/"+a+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/vhostPort",id:t+"s/"+a+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+a+"/vhostHttps",id:t+"s/"+a+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+a+"/vhostMaintenance",id:t+"s/"+a+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+a+"/vhostAliases",id:t+"s/"+a+"/vhostAliases",title:"vhostAliases"},{default:"",get:t+"s/"+a+"/vhostAccessToTrace",id:t+"s/"+a+"/vhostAccessToTrace",title:"vhostAccessToTrace"},{default:"Main",get:t+"s/"+a+"/vhostType",id:t+"s/"+a+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+a+"/vhostAuthnLevel",id:t+"s/"+a+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"int"},{default:-1,get:t+"s/"+a+"/vhostServiceTokenTTL",id:t+"s/"+a+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file +function templates(t,a){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+a+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casAppMetaDataOptionsService",id:t+"s/"+a+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{get:t+"s/"+a+"/casAppMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/casAppMetaDataOptionsAuthnLevel",title:"casAppMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/casAppMetaDataOptionsRule",id:t+"s/"+a+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{cnodes:t+"s/"+a+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+a+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsUrl",id:t+"s/"+a+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsRenew",id:t+"s/"+a+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsGateway",id:t+"s/"+a+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/casSrvMetaDataOptionsIcon",id:t+"s/"+a+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"int"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+a+"/oidcOPMetaDataJSON",id:t+"s/"+a+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+a+"/oidcOPMetaDataJWKS",id:t+"s/"+a+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+a+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+a+"/oidcOPMetaDataOptionsScope",id:t+"s/"+a+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"client_secret_post",get:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"int"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{cnodes:t+"s/"+a+"/oidcRPMetaDataExportedVars",default:[{data:["mail","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/email",title:"email",type:"oidcAttribute"},{data:["sn","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"oidcAttribute"},{data:["cn","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/name",title:"name",type:"oidcAttribute"}],id:t+"s/"+a+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"oidcAttributeContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",default:[],id:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"}],id:"oidcRPMetaDataOptionsBasic",title:"oidcRPMetaDataOptionsBasic",type:"simpleInputContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",help:"openidconnectclaims.html",id:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenJWT",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenJWT",title:"oidcRPMetaDataOptionsAccessTokenJWT",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenClaims",title:"oidcRPMetaDataOptionsAccessTokenClaims",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAdditionalAudiences",id:t+"s/"+a+"/oidcRPMetaDataOptionsAdditionalAudiences",title:"oidcRPMetaDataOptionsAdditionalAudiences"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"}],id:"oidcRPMetaDataOptionsAdvanced",title:"oidcRPMetaDataOptionsAdvanced",type:"simpleInputContainer"},{_nodes:[{default:"HS512",get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{default:"RS256",get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenSignAlg",select:[{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsAccessTokenSignAlg",type:"select"},{default:"",get:t+"s/"+a+"/oidcRPMetaDataOptionsUserInfoSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserInfoSignAlg",select:[{k:"",v:""},{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsUserInfoSignAlg",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowPasswordGrant",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowPasswordGrant",title:"oidcRPMetaDataOptionsAllowPasswordGrant",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",title:"oidcRPMetaDataOptionsAllowClientCredentialsGrant",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthnLevel",title:"oidcRPMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRule",id:t+"s/"+a+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"}],id:"security",title:"security",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"int"}],id:"oidcRPMetaDataOptionsTimeouts",title:"oidcRPMetaDataOptionsTimeouts",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{default:"front",get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"}],id:"logout",title:"logout",type:"simpleInputContainer"}],help:"idpopenidconnect.html#options",id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+a+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataScopeRules",default:[],help:"idpopenidconnect.html#scope-rules",id:t+"s/"+a+"/oidcRPMetaDataScopeRules",title:"oidcRPMetaDataScopeRules",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+a+"/samlIDPMetaDataXML",id:t+"s/"+a+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported-attributes",id:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSignatureMethod",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlIDPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"int"}],id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+a+"/samlSPMetaDataXML",id:t+"s/"+a+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported-attributes",id:t+"s/"+a+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsSignatureMethod",id:t+"s/"+a+"/samlSPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlSPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+a+"/samlSPMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/samlSPMetaDataOptionsAuthnLevel",title:"samlSPMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/samlSPMetaDataOptionsRule",id:t+"s/"+a+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+a+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+a+"/locationRules",default:[{data:"deny",id:t+"s/"+a+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+a+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+a+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+a+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/post",help:"formreplay.html",id:t+"s/"+a+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/vhostPort",id:t+"s/"+a+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+a+"/vhostHttps",id:t+"s/"+a+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+a+"/vhostMaintenance",id:t+"s/"+a+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+a+"/vhostAliases",id:t+"s/"+a+"/vhostAliases",title:"vhostAliases"},{default:"",get:t+"s/"+a+"/vhostAccessToTrace",id:t+"s/"+a+"/vhostAccessToTrace",title:"vhostAccessToTrace"},{default:"Main",get:t+"s/"+a+"/vhostType",id:t+"s/"+a+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+a+"/vhostAuthnLevel",id:t+"s/"+a+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"int"},{default:-1,get:t+"s/"+a+"/vhostServiceTokenTTL",id:t+"s/"+a+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map index ed8d0ff3a..ebbbeb5c0 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,gCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,sCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wCACxBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,4BACrBI,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,4BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,+BACVC,KAAS,SAGfF,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,MACNC,EAAM,QAGZP,MAAU,+BACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,+BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAI,gDACrBI,GAAOL,EAAI,KAAKC,EAAI,gDACpBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,sBAET,CACGD,EAAM,sBACNC,EAAM,wBAGZP,MAAU,+CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,gCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfF,GAAO,wBACPC,MAAU,yBAEb,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,CACN,OACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,QACVC,KAAS,iBAEZ,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,cACVC,KAAS,iBAEZ,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,kBAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,0BAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZE,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,sCAGhBD,GAAO,6BACPC,MAAU,6BACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBS,KAAS,2BACTL,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,mCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,4CAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,0CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,WACPC,MAAU,WACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBK,MAAU,+CAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,kBAGZP,MAAU,kCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,SAGfF,GAAO,SACPC,MAAU,SACVC,KAAS,yBAGfG,KAAS,gCACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,4BACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,2BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,qCACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,wCAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,eAGZP,MAAU,wCACVC,KAAS,UAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,SAGfF,GAAO,kCACPC,MAAU,kCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,eACNC,EAAM,iBAGZP,MAAU,mCACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,YACNC,EAAM,SAGZP,MAAU,mCACVC,KAAS,WAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,YAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,qCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,+BACNC,EAAM,gCAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,2BAGZP,MAAU,8CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfG,KAAS,wBACTL,GAAO,yBACPC,MAAU,yBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,qCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,qBACrBI,GAAOL,EAAI,KAAKC,EAAI,qBACpBK,MAAU,oBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,oCACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,mDACrBI,GAAOL,EAAI,KAAKC,EAAI,mDACpBK,MAAU,kDACVC,KAAS,OAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,2CACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,iCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,eAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfG,KAAS,uBACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,iBACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,yBACpBa,GAAO,UACPR,MAAU,UACVC,KAAS,SAGfG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAI,iBACpBK,MAAU,gBACVC,KAAS,iBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,mBACxBS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,QACxBS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAI,QACpBK,MAAU,OACVC,KAAS,iBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBK,MAAU,YACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,cACrBI,GAAOL,EAAI,KAAKC,EAAI,cACpBK,MAAU,aACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oBACrBI,GAAOL,EAAI,KAAKC,EAAI,oBACpBK,MAAU,mBACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gBACrBI,GAAOL,EAAI,KAAKC,EAAI,gBACpBK,MAAU,gBAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,sBAEb,CACGH,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,MACNC,EAAM,OAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,eACNC,EAAM,gBAET,CACGD,EAAM,gBACNC,EAAM,kBAGZP,MAAU,YACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mBACrBI,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wBACrBI,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,QAGfG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,yBAIb,QACE,MAAO,IAIX,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,QACnBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG"} \ No newline at end of file +{"version":3,"sources":["conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,gCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,sCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wCACxBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,4BACrBI,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,4BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,+BACVC,KAAS,SAGfF,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,MACNC,EAAM,QAGZP,MAAU,+BACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,+BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAI,gDACrBI,GAAOL,EAAI,KAAKC,EAAI,gDACpBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,sBAET,CACGD,EAAM,sBACNC,EAAM,wBAGZP,MAAU,+CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,gCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfF,GAAO,wBACPC,MAAU,yBAEb,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,CACN,OACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,QACVC,KAAS,iBAEZ,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,cACVC,KAAS,iBAEZ,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,kBAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,0BAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZE,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,sCAGhBD,GAAO,6BACPC,MAAU,6BACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBS,KAAS,2BACTL,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,mCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,4CAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,0CACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,WACPC,MAAU,WACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBK,MAAU,+CAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,kBAGZP,MAAU,kCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,SAGfF,GAAO,SACPC,MAAU,SACVC,KAAS,yBAGfG,KAAS,gCACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,4BACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,2BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,qCACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,wCAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,eAGZP,MAAU,wCACVC,KAAS,UAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,SAGfF,GAAO,kCACPC,MAAU,kCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,eACNC,EAAM,iBAGZP,MAAU,mCACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,YACNC,EAAM,SAGZP,MAAU,mCACVC,KAAS,WAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,YAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,qCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,+BACNC,EAAM,gCAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,2BAGZP,MAAU,8CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfG,KAAS,wBACTL,GAAO,yBACPC,MAAU,yBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,qCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,qBACrBI,GAAOL,EAAI,KAAKC,EAAI,qBACpBK,MAAU,oBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,oCACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,mDACrBI,GAAOL,EAAI,KAAKC,EAAI,mDACpBK,MAAU,kDACVC,KAAS,OAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,2CACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,iCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,eAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfG,KAAS,uBACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,iBACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,yBACpBa,GAAO,UACPR,MAAU,UACVC,KAAS,SAGfG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAI,iBACpBK,MAAU,gBACVC,KAAS,iBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,mBACxBS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,QACxBS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAI,QACpBK,MAAU,OACVC,KAAS,iBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBK,MAAU,YACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,cACrBI,GAAOL,EAAI,KAAKC,EAAI,cACpBK,MAAU,aACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oBACrBI,GAAOL,EAAI,KAAKC,EAAI,oBACpBK,MAAU,mBACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gBACrBI,GAAOL,EAAI,KAAKC,EAAI,gBACpBK,MAAU,gBAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,sBAEb,CACGH,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,MACNC,EAAM,OAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,eACNC,EAAM,gBAET,CACGD,EAAM,gBACNC,EAAM,kBAGZP,MAAU,YACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mBACrBI,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wBACrBI,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,QAGfG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,yBAIb,QACE,MAAO,IAIX,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,QACnBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG"} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 71e414220..494abd20a 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"قاعدة الدخول", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"خاصّيّة المستخدم", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"اسم أوبين أيدي كونيكت RP", "oidcRPStateTimeout":"حالة مهلة الجلسة", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"خدمة أل يو أر ل", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول" -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index e3374bc27..b68e9d518 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Access rule", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"User attribute", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"State session timeout", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"Service URL", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"Server has no configuration. Use template to save the first." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index 00d509776..19f7c861f 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Access rule", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"User attribute", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"State session timeout", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/es.json b/lemonldap-ng-manager/site/htdocs/static/languages/es.json index fc2dc585d..d08bc131f 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Regla de acceso", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"Atributo de usuario", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"Caducidad de estado de sesión", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"Service URL", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"Server has no configuration. Use template to save the first." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index effbd5dc8..cb5c8e115 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Règle d'accès", "oidcRPMetaDataOptionsTimeouts":"Expiration", "oidcRPMetaDataOptionsUserIDAttr":"Attribut de l'utilisateur", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Algorithme de signature des informations utilisateur", "oidcRPMetaDataScopeRules":"Règles de scope", "oidcRPName":"Nom du client OpenID Connect", "oidcRPStateTimeout":"Durée d'une session state", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index 10450ca91..c61c921fa 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Regola di accesso", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"Attributo utente", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"Nome di OpenID Connect RP", "oidcRPStateTimeout":"Durata della sessione stato", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"URL del servizio", "yubikey2fUserCanRemoveKey":"Autorizza l'utente a rimuovere la Yubikey", "zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json index ae9b62d08..b5c625d3c 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Reguła dostępu", "oidcRPMetaDataOptionsTimeouts":"Limit czasu", "oidcRPMetaDataOptionsUserIDAttr":"Atrybut użytkownika", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Zasady dotyczące zakresu", "oidcRPName":"Nazwa RP OpenID Connect", "oidcRPStateTimeout":"Limit czasu sesji stanowej", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"URL usługi", "yubikey2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć Yubikey", "zeroConfExplanations":"Serwer nie ma konfiguracji. Użyj szablonu, aby zapisać pierwszy." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index 662ec0df8..d663a8380 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Erişim kuralı", "oidcRPMetaDataOptionsTimeouts":"Zaman aşımları", "oidcRPMetaDataOptionsUserIDAttr":"Kullanıcı niteliği", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Kapsam kuralları", "oidcRPName":"OpenID Connect RP Adı", "oidcRPStateTimeout":"Oturum zaman aşımını belirle", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"Servis URL'si", "yubikey2fUserCanRemoveKey":"Yubikey'i kaldırmak için kullanıcıya izin ver", "zeroConfExplanations":"Sunucunun yapılandırması yok. Şimdi bir tane kaydetmek için şablonu kullanın." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index c1816d946..e3ce18ba3 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Quy tắc truy cập", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"thuộc tính người dùng", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"Thời gian chờ của trạng thái phiên làm việc", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"Dịch vụ URL", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. " -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index 3160ec16b..e1c7beeda 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"Access rule", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"User attribute", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"State session timeout", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"Service URL", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"Server has no configuration. Use template to save the first." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json index 3ff27216c..b384359ce 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json @@ -689,6 +689,7 @@ "oidcRPMetaDataOptionsRule":"存取規則", "oidcRPMetaDataOptionsTimeouts":"逾時", "oidcRPMetaDataOptionsUserIDAttr":"使用者屬性", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID 連線 RP 名稱", "oidcRPStateTimeout":"狀態工作階段逾時", @@ -1210,4 +1211,4 @@ "yubikey2fUrl":"服務 URL", "yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey", "zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。" -} \ No newline at end of file +} diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST index a46775819..5b765b4b1 100644 --- a/lemonldap-ng-portal/MANIFEST +++ b/lemonldap-ng-portal/MANIFEST @@ -485,6 +485,7 @@ t/01-Handler-redirection-and-URL-check-by-portal.t t/01-pdata.t t/01-Reject-Hashes-in-URL.t t/01-Unauth-Logout.t +t/02-Password-Demo-Hook.t t/02-Password-Demo-Local-noPpolicy.t t/02-Password-Demo-Local-Ppolicy.t t/02-Password-Demo-Local-SpeChars-Ppolicy.t @@ -552,6 +553,7 @@ t/31-Auth-and-issuer-CAS-proxied.t t/31-Auth-and-issuer-CAS-with-choice-and-cancel.t t/31-Auth-and-issuer-CAS-with-choice.t t/31-Auth-and-issuer-CAS-XSS-on-logout.t +t/32-Auth-and-issuer-OIDC-authorization_code-jwt-userinfo.t t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t @@ -563,6 +565,7 @@ t/32-Auth-and-issuer-OIDC-implicit-no-token.t t/32-Auth-and-issuer-OIDC-implicit.t t/32-Auth-and-issuer-OIDC-sorted.t t/32-CAS-10.t +t/32-CAS-Hooks.t t/32-CAS-Macros.t t/32-CAS-Prefix.t t/32-OIDC-ClaimTypes.t @@ -631,6 +634,7 @@ t/43-MailPasswordReset-Choice.t t/43-MailPasswordReset-Combination-LDAP.t t/43-MailPasswordReset-Combination.t t/43-MailPasswordReset-DBI.t +t/43-MailPasswordReset-Hook.t t/43-MailPasswordReset-LDAP.t t/43-MailPasswordReset-with-captcha.t t/43-MailPasswordReset-with-token.t @@ -748,9 +752,11 @@ t/78-2F-UpgradeOnly.t t/79-2F-Yubikey-from-Session.t t/79-2F-Yubikey.t t/90-Translations.t +t/91-handler-cache-cleaned.t t/91-Memory-Leak.t t/99-Dont-load-Dumper.t t/99-pod.t +t/CasHookPlugin.pm t/gpghome/key.asc t/gpghome/openpgp-revocs.d/9482CEFB055809CBAFE6D71AAB2D5542891D1677.rev t/gpghome/private-keys-v1.d/A076B0E7DB141A919271EE8B581CDFA8DA42F333.key @@ -767,6 +773,7 @@ t/lib/Lemonldap/NG/Portal/Custom.pm t/lmConf-1.json t/oidc-lib.pm t/OidcHookPlugin.pm +t/PasswordHookPlugin.pm t/pdata.pm t/README.md t/saml-lib.pm diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index 0c67b56c5..fdd20caec 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -368,6 +368,7 @@ sub run { ->{$idp_initiated_spConfKey} ->{samlSPMetaDataOptionsNameIDFormat} || "email"; eval { + $login->request()->NameIDPolicy() ->Format( $self->getNameIDFormat($nameIDFormatKey) ); }; @@ -458,7 +459,9 @@ sub run { } unless ($result) { - $self->logger->error("Could not verify signature of incoming SSO request from $spConfKey"); + $self->logger->error( +"Could not verify signature of incoming SSO request from $spConfKey" + ); return PE_SAML_SIGNATURE_ERROR; } else { @@ -469,11 +472,35 @@ sub run { $self->logger->debug("Message signature will not be checked"); } + my $nameIDFormat; + + # Check NameID Policy in request + if ( $login->request()->NameIDPolicy ) { + $nameIDFormat = $login->request()->NameIDPolicy->Format(); + $self->logger->debug( + "Get NameID format $nameIDFormat from request"); + } + + # Get default NameID Format from configuration + # Set to "email" if no value in configuration + my $nameIDFormatKey = + $self->conf->{samlSPMetaDataOptions}->{$spConfKey} + ->{samlSPMetaDataOptionsNameIDFormat} || "email"; + + # NameID unspecified is forced to default NameID format + if ( !$nameIDFormat + or $nameIDFormat eq $self->getNameIDFormat("unspecified") ) + { + $nameIDFormat = $self->getNameIDFormat($nameIDFormatKey); + eval { + $login->request()->NameIDPolicy()->Format($nameIDFormat); + }; + } + # Force AllowCreate to TRUE for transient/persistent NameIDPolicy if ( $login->request()->NameIDPolicy ) { - my $nif = $login->request()->NameIDPolicy->Format(); - if ( $nif eq $self->getNameIDFormat("transient") - or $nif eq $self->getNameIDFormat("persistent") ) + if ( $nameIDFormat eq $self->getNameIDFormat("transient") + or $nameIDFormat eq $self->getNameIDFormat("persistent") ) { $self->logger->debug( "Force AllowCreate flag in NameIDPolicy"); @@ -566,27 +593,6 @@ sub run { $self->logger->debug("SSO: assertion is built"); - # Get default NameID Format from configuration - # Set to "email" if no value in configuration - my $nameIDFormatKey = - $self->conf->{samlSPMetaDataOptions}->{$spConfKey} - ->{samlSPMetaDataOptionsNameIDFormat} || "email"; - my $nameIDFormat; - - # Check NameID Policy in request - if ( $login->request()->NameIDPolicy ) { - $nameIDFormat = $login->request()->NameIDPolicy->Format(); - $self->logger->debug( - "Get NameID format $nameIDFormat from request"); - } - - # NameID unspecified is forced to default NameID format - if ( !$nameIDFormat - or $nameIDFormat eq $self->getNameIDFormat("unspecified") ) - { - $nameIDFormat = $self->getNameIDFormat($nameIDFormatKey); - } - # Get session key associated with NameIDFormat # Not for unspecified, transient, persistent, entity, encrypted my $nameIDFormatConfiguration = { @@ -599,7 +605,9 @@ sub run { }; my $nameIDSessionKey = - $self->conf->{ $nameIDFormatConfiguration->{$nameIDFormat} }; + $nameIDFormatConfiguration->{$nameIDFormat} + ? $self->conf->{ $nameIDFormatConfiguration->{$nameIDFormat} } + : ''; # Override default NameID Mapping if ( $self->conf->{samlSPMetaDataOptions}->{$spConfKey} @@ -611,12 +619,16 @@ sub run { } my $nameIDContent; - if ( $self->spMacros->{$sp}->{$nameIDSessionKey} ) { + if ( $nameIDSessionKey + and $self->spMacros->{$sp}->{$nameIDSessionKey} ) + { $nameIDContent = $self->spMacros->{$sp}->{$nameIDSessionKey} ->( $req, $req->{sessionInfo} ); } - elsif ( defined $req->{sessionInfo}->{$nameIDSessionKey} ) { + elsif ( $nameIDSessionKey + and ( defined $req->{sessionInfo}->{$nameIDSessionKey} ) ) + { $nameIDContent = $self->p->getFirstValue( $req->{sessionInfo}->{$nameIDSessionKey} ); @@ -650,8 +662,8 @@ sub run { $self->logger->debug( "NameID Format is " . $login->nameIdentifier->Format ); - $self->logger->debug( - "NameID Content is " . $login->nameIdentifier->content ); + $self->logger->debug( "NameID Content is " + . ( $login->nameIdentifier->content || "" ) ); # Push attributes my @attributes; @@ -700,7 +712,8 @@ sub run { } $self->logger->debug( - "SAML2 attribute $name will be set with $_ session key ($sp)"); +"SAML2 attribute $name will be set with $_ session key ($sp)" + ); # SAML2 attribute my $attribute = @@ -1317,8 +1330,7 @@ sub soapSloServer { "SLO response signature according to metadata"); } - $h = - $self->p->processHook( $req, 'samlBuildLogoutResponse', $logout ); + $h = $self->p->processHook( $req, 'samlBuildLogoutResponse', $logout ); if ( $h != PE_OK ) { return $self->p->sendError( $req, "SLO: samlBuildLogoutResponse hook returned error", 400 ); @@ -1976,7 +1988,9 @@ sub sloServer { if ($checkSLOMessageSignature) { unless ( $self->checkSignatureStatus($logout) ) { - $self->logger->error("Could not verify signature of incoming SLO request from $spConfKey"); + $self->logger->error( +"Could not verify signature of incoming SLO request from $spConfKey" + ); $self->imgnok($req); } else { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm index 13b969328..84ae932b9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm @@ -434,6 +434,7 @@ sub display { ), ( $req->token ? ( TOKEN => $req->token ) : () ), ( $req->data->{waitingMessage} ? ( WAITING_MESSAGE => 1 ) : () ), + ENABLE_PASSWORD_DISPLAY => $self->conf->{portalEnablePasswordDisplay}, ); # Disable all forms on: diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm index a49c62b57..5c2664994 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm @@ -396,7 +396,7 @@ sub authenticate { $req->steps( [ 'setSessionInfo', 'setMacros', 'setPersistentSessionInfo', 'storeHistory', - @{ $self->afterData }, sub { PE_BADCREDENTIALS } + @{ $self->afterData }, sub { PE_BADCREDENTIALS } ] ); @@ -475,13 +475,12 @@ sub setGroups { } sub setPersistentSessionInfo { - - # $user passed by BruteForceProtection plugin - my ( $self, $req, $user ) = @_; + my ( $self, $req ) = @_; # Do not restore infos if session already opened unless ( $req->id ) { - my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} } || $user; + my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} }; + return PE_OK unless ( $key and length($key) ); my $persistentSession = $self->getPersistentSession($key); @@ -620,9 +619,9 @@ sub secondFactor { } sub storeHistory { - my ( $self, $req, $uid ) = @_; # $uid passed by BruteForceProtection plugin + my ( $self, $req ) = @_; if ( $self->conf->{loginHistoryEnabled} ) { - $self->registerLogin( $req, $uid ); + $self->registerLogin($req); } PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index ba7594d35..2888041aa 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -1047,9 +1047,7 @@ sub tplParams { } sub registerLogin { - - # $user passed by BruteForceProtection plugin - my ( $self, $req, $uid ) = @_; + my ( $self, $req ) = @_; return unless ( $self->conf->{loginHistoryEnabled} and defined $req->authResult ); @@ -1079,8 +1077,7 @@ sub registerLogin { } } } - $self->updatePersistentSession( $req, { 'loginHistory' => undef }, - $uid ); + $self->updatePersistentSession( $req, { 'loginHistory' => undef } ); delete $req->sessionInfo->{loginHistory}; } @@ -1105,7 +1102,7 @@ sub registerLogin { if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } ); # Save into persistent session - $self->updatePersistentSession( $req, { _loginHistory => $history }, $uid ); + $self->updatePersistentSession( $req, { _loginHistory => $history, } ); PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm index 0325b2c35..f70729e7e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm @@ -12,7 +12,7 @@ our $VERSION = '2.1.0'; extends 'Lemonldap::NG::Portal::Main::Plugin'; # INITIALIZATION -use constant aroundSub => { authenticate => 'check' }; +use constant afterSub => { setPersistentSessionInfo => 'run' }; has lockTimes => ( is => 'rw', @@ -61,7 +61,9 @@ sub init { sort { $a <=> $b } map { $_ =~ s/\D//; - abs $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? abs $_ : () + abs $_ < $self->conf->{bruteForceProtectionMaxLockTime} + ? abs $_ + : () } grep { /\d+/ } split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes}; @@ -99,13 +101,9 @@ sub init { } # RUNNING METHOD -sub check { - my ( $self, $sub, $req ) = @_; - my $now = time; - $self->p->setSessionInfo($req); - $self->logger->debug("Retrieve $req->{user} logins history"); - $self->p->setPersistentSessionInfo( $req, $req->{user} ); - +sub run { + my ( $self, $req ) = @_; + my $now = time; my $countFailed = my @failedLogins = map { ( $now - $_->{_utime} ) <= $self->maxAge ? $_ : () } @{ $req->sessionInfo->{_loginHistory}->{failedLogin} }; @@ -115,7 +113,7 @@ sub check { my $lastFailedLoginEpoch = $failedLogins[0]->{_utime} || undef; if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) { - return $sub->($req) unless $lastFailedLoginEpoch; + return PE_OK unless $lastFailedLoginEpoch; # Delta between current attempt and last failed login my $delta = $now - $lastFailedLoginEpoch; @@ -148,10 +146,10 @@ sub check { $req->lockTime( $waitingTime - $delta ); return PE_WAIT; } - return $sub->($req); + return PE_OK; } - return $sub->($req) + return PE_OK if ( $countFailed < $self->maxFailed ); # Delta between current attempt and last failed login @@ -159,7 +157,7 @@ sub check { $self->logger->debug(" -> Delta = $delta"); # Delta < Tempo => wait - return $sub->($req) + return PE_OK unless ( $delta < $self->conf->{bruteForceProtectionTempo} && $countFailed ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GlobalLogout.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GlobalLogout.pm index 1f3852367..00e9120ab 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GlobalLogout.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GlobalLogout.pm @@ -172,50 +172,52 @@ sub activeSessions { my $customParam = $self->conf->{globalLogoutCustomParam} || ''; # Try to retrieve sessions from sessions DB - $self->logger->debug('Try to retrieve sessions from DB'); - my $moduleOptions = $self->conf->{globalStorageOptions} || {}; - $moduleOptions->{backend} = $self->conf->{globalStorage}; - $self->logger->debug("Looking for \"$user\" sessions..."); - $sessions = - $self->module->searchOn( $moduleOptions, $self->conf->{whatToTrace}, - $user ); + if ($user) { + $self->logger->debug('Try to retrieve sessions from DB'); + my $moduleOptions = $self->conf->{globalStorageOptions} || {}; + $moduleOptions->{backend} = $self->conf->{globalStorage}; + $self->logger->debug("Looking for \"$user\" sessions..."); + $sessions = + $self->module->searchOn( $moduleOptions, $self->conf->{whatToTrace}, + $user ); - $self->logger->debug('Remove non-SSO session(s)...'); - my $other = 0; - foreach ( keys %$sessions ) { - unless ( $sessions->{$_}->{_session_kind} eq 'SSO' ) { - delete $sessions->{$_}; - $other++; + $self->logger->debug('Skip non-SSO session(s)...'); + my $other = 0; + foreach ( keys %$sessions ) { + unless ( $sessions->{$_}->{_session_kind} eq 'SSO' ) { + delete $sessions->{$_}; + $other++; + } } - } - $self->logger->info("$other non-SSO session(s) removed") - if $other; + $self->logger->info("$other non-SSO session(s) skipped") + if $other; - $self->logger->debug('Build an array ref with sessions info...'); - @$activeSessions = - map { - my $epoch; - my $regex = '^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$'; - $_->{startTime} =~ /$regex/; - $epoch = timelocal( $6, $5, $4, $3, $2 - 1, $1 ); - $_->{startTime} = $epoch; - if ( $_->{updateTime} ) { - $_->{updateTime} =~ /$regex/; + $self->logger->debug('Build an array ref with sessions info...'); + @$activeSessions = + map { + my $epoch; + my $regex = '^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$'; + $_->{startTime} =~ /$regex/; $epoch = timelocal( $6, $5, $4, $3, $2 - 1, $1 ); - $_->{updateTime} = $epoch; - } - $_; - } - sort { $b->{startTime} cmp $a->{startTime} } map { { - id => $_, - customParam => $sessions->{$_}->{$customParam}, - ipAddr => $sessions->{$_}->{ipAddr}, - authLevel => $sessions->{$_}->{authenticationLevel}, - startTime => $sessions->{$_}->{_startTime}, - updateTime => $sessions->{$_}->{_updateTime} - }; - } keys %$sessions; - + $_->{startTime} = $epoch; + if ( $_->{updateTime} ) { + $_->{updateTime} =~ /$regex/; + $epoch = timelocal( $6, $5, $4, $3, $2 - 1, $1 ); + $_->{updateTime} = $epoch; + } + $_; + } + sort { $b->{startTime} cmp $a->{startTime} } map { { + id => $_, + customParam => $sessions->{$_}->{$customParam}, + ipAddr => $sessions->{$_}->{ipAddr}, + authLevel => $sessions->{$_}->{authenticationLevel}, + startTime => $sessions->{$_}->{_startTime}, + updateTime => $sessions->{$_}->{_updateTime} + }; + } keys %$sessions; + } + return $activeSessions; } diff --git a/lemonldap-ng-portal/site/coffee/portal.coffee b/lemonldap-ng-portal/site/coffee/portal.coffee index af6f2c870..32bbbec9c 100644 --- a/lemonldap-ng-portal/site/coffee/portal.coffee +++ b/lemonldap-ng-portal/site/coffee/portal.coffee @@ -515,6 +515,14 @@ $(window).on 'load', () -> if window.datas.ppolicy? and $('#newpassword').length $('#reset').change togglecheckpassword + if datas['enablePasswordDisplay'] + $(".toggle-password").mousedown (e) -> + $(this).toggleClass("fa-eye fa-eye-slash"); + $("input[name=password]").attr("type", "text"); + $(".toggle-password").mouseup (e) -> + $(this).toggleClass("fa-eye fa-eye-slash"); + $("input[name=password]").attr("type", "password"); + # Ping if asked if datas['pingInterval'] and datas['pingInterval'] > 0 window.setTimeout ping, datas['pingInterval'] @@ -577,4 +585,4 @@ $(window).on 'load', () -> console.log 'Error', err if err res = JSON.parse j.responseText if j if res and res.error - console.log 'Returned error', res \ No newline at end of file + console.log 'Returned error', res diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js index b32b11d3c..d4237a225 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js @@ -561,6 +561,16 @@ LemonLDAP::NG Portal jQuery scripts if ((window.datas.ppolicy != null) && $('#newpassword').length) { $('#reset').change(togglecheckpassword); } + if (datas['enablePasswordDisplay']) { + $(".toggle-password").mousedown(function(e) { + $(this).toggleClass("fa-eye fa-eye-slash"); + return $("input[name=password]").attr("type", "text"); + }); + $(".toggle-password").mouseup(function(e) { + $(this).toggleClass("fa-eye fa-eye-slash"); + return $("input[name=password]").attr("type", "password"); + }); + } if (datas['pingInterval'] && datas['pingInterval'] > 0) { window.setTimeout(ping, datas['pingInterval']); } diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js index ed812d014..3089b99f6 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js @@ -1 +1 @@ -!function(){var o=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,t){if(console.log("Error",t),(e=JSON.parse(e.responseText))&&e.error)return e=e.error.replace(/.* /,""),console.log("Returned error",e),o(e,"warning")},t="",e=function(e){return o("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:e},error:r,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),o(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?o("yourNewTotpKey","warning"):o("yourTotpKey","success"),t=e.token):o("PE24","danger")}})},n=function(){var e=$("#code").val();return e?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:t,code:e,TOTPName:$("#TOTPName").val()},error:r,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?o(e.error,"warning"):o(e.error,"danger"):o("yourKeyIsRegistered","success")}}):o("fillTheForm","warning")};$(document).ready(function(){return e(0),$("#changekey").on("click",function(){return e(1)}),$("#verify").on("click",n)})}.call(this); \ No newline at end of file +(function(){var r,e,n,t,o;n=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,t){var o;if(console.log("Error",t),(o=JSON.parse(e.responseText))&&o.error)return o=o.error.replace(/.* /,""),console.log("Returned error",o),n(o,"warning")},t="",e=function(e){return n("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:e},error:r,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),n(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?n("yourNewTotpKey","warning"):n("yourTotpKey","success"),t=e.token):n("PE24","danger")}})},o=function(){var e;return(e=$("#code").val())?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:t,code:e,TOTPName:$("#TOTPName").val()},error:r,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?n(e.error,"warning"):n(e.error,"danger"):n("yourKeyIsRegistered","success")}}):n("fillTheForm","warning")},$(document).ready(function(){return e(0),$("#changekey").on("click",function(){return e(1)}),$("#verify").on("click",function(){return o()})})}).call(this); \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map index 4624734b5..faf728c05 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["totpregistration.js"],"names":["setMsg","msg","level","$","html","window","translate","removeClass","addClass","displayError","j","status","err","console","log","res","JSON","parse","responseText","error","replace","token","getKey","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","verify","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,IAEAA,EAAS,SAASC,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCO,EAAe,SAASC,EAAGC,EAAQC,GAIjC,GAFAC,QAAQC,IAAI,QAASF,IACrBG,EAAMC,KAAKC,MAAMP,EAAEQ,gBACRH,EAAII,MAGb,OAFAJ,EAAMA,EAAII,MAAMC,QAAQ,MAAO,IAC/BP,QAAQC,IAAI,iBAAkBC,GACvBf,EAAOe,EAAK,YAIvBM,EAAQ,GAERC,EAAS,SAASC,GAEhB,OADAvB,EAAO,cAAe,WACfG,EAAEqB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJC,OAAQP,GAEVJ,MAAOV,EACPsB,QAAS,SAASF,GAChB,IAAQG,EACR,OAAIH,EAAKV,OACHU,EAAKV,MAAMc,MAAM,oBACnB9B,EAAE,cAAc+B,OAEXlC,EAAO6B,EAAKV,MAAO,YAEtBU,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvCjC,EAAE,cAAckC,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,IAAIC,OAAO,CACdC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAER3C,EAAE,eAAe4C,KAAKf,GAClBH,EAAKC,OACP9B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBqB,EAAQQ,EAAKR,OArBXrB,EAAO,OAAQ,cA0B9BgD,EAAS,WACP,IACAC,EAAM9C,EAAE,SAAS8C,MACjB,OAAKA,EAGI9C,EAAEqB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJR,MAAOA,EACP6B,KAAMD,EACNE,SAAUhD,EAAE,aAAa8C,OAE3B9B,MAAOV,EACPsB,QAAS,SAASF,GAChB,OAAIA,EAAKV,MACHU,EAAKV,MAAMc,MAAM,kBACZjC,EAAO6B,EAAKV,MAAO,WAEnBnB,EAAO6B,EAAKV,MAAO,UAGrBnB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCG,EAAEwC,UAAUS,MAAM,WAKhB,OAJA9B,EAAO,GACPnB,EAAE,cAAckD,GAAG,QAAS,WAC1B,OAAO/B,EAAO,KAETnB,EAAE,WAAWkD,GAAG,QACdL,MAIVM,KAAKC"} \ No newline at end of file +{"version":3,"sources":["totpregistration.js"],"names":["displayError","getKey","setMsg","token","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,IAAIA,EAAcC,EAAQC,EAAQC,EAAOC,EAEzCF,EAAS,SAASG,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCN,EAAe,SAASa,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBd,EAAOc,EAAK,YAIvBb,EAAQ,GAERF,EAAS,SAASuB,GAEhB,OADAtB,EAAO,cAAe,WACfK,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJC,OAAQP,GAEVF,MAAOtB,EACPgC,QAAS,SAASF,GAChB,IAAQG,EACR,OAAIH,EAAKR,OACHQ,EAAKR,MAAMY,MAAM,oBACnB3B,EAAE,cAAc4B,OAEXjC,EAAO4B,EAAKR,MAAO,YAEtBQ,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvC9B,EAAE,cAAc+B,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,IAAIC,OAAO,CACdC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAERxC,EAAE,eAAeyC,KAAKf,GAClBH,EAAKC,OACP7B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBC,EAAQ2B,EAAK3B,OArBXD,EAAO,OAAQ,cA0B9BE,EAAS,WACP,IAAI6C,EAEJ,OADAA,EAAM1C,EAAE,SAAS0C,OAIR1C,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJ3B,MAAOA,EACP+C,KAAMD,EACNE,SAAU5C,EAAE,aAAa0C,OAE3B3B,MAAOtB,EACPgC,QAAS,SAASF,GAChB,OAAIA,EAAKR,MACHQ,EAAKR,MAAMY,MAAM,kBACZhC,EAAO4B,EAAKR,MAAO,WAEnBpB,EAAO4B,EAAKR,MAAO,UAGrBpB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCK,EAAEqC,UAAUQ,MAAM,WAKhB,OAJAnD,EAAO,GACPM,EAAE,cAAc8C,GAAG,QAAS,WAC1B,OAAOpD,EAAO,KAETM,EAAE,WAAW8C,GAAG,QAAS,WAC9B,OAAOjD,UAIVkD,KAAKC"} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl b/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl index 18a6a8354..b9a1a9177 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl @@ -20,6 +20,11 @@ + +
+ +
+ diff --git a/lemonldap-ng-portal/site/templates/common/script.tpl b/lemonldap-ng-portal/site/templates/common/script.tpl index 9b6dfd9c6..19f678a24 100644 --- a/lemonldap-ng-portal/site/templates/common/script.tpl +++ b/lemonldap-ng-portal/site/templates/common/script.tpl @@ -26,7 +26,7 @@ "scriptname":"", "activeTimer":, "pingInterval":, - "trOver":, + "trOver":, "ppolicy": { "display": "", "minsize": "", @@ -36,7 +36,8 @@ "nopolicy": "", "allowedspechar": "", "minspechar": "" - } + }, + "enablePasswordDisplay": } diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-NameID.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-NameID.t new file mode 100644 index 000000000..c3b22063f --- /dev/null +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-NameID.t @@ -0,0 +1,345 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; + require 't/saml-lib.pm'; +} + +my $debug = 'error'; +my ( $issuer, $sp, $res ); + +# Redefine LWP methods for tests +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + fail('POST should not launch SOAP requests'); + count(1); + return [ 500, [], [] ]; + } +); + +sub runTest { + my ( $req_nif, $res_nif, $force_attr, $expect_req_nif, $expect_res_nif, + $expect_nameid ) + = @_; + + # Initialization + $issuer = register( 'issuer', sub { issuer( $res_nif, $force_attr ) } ); + $sp = register( 'sp', sub { sp($req_nif) } ); + + # Simple SP access + my $res; + ok( + $res = $sp->_get( + '/', accept => 'text/html', + ), + 'Unauth SP request' + ); + count(1); + + expectOK($res); + my ( $host, $url, $s ) = + expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', + 'SAMLRequest' ); + + my $sr = expectSamlRequest($s); + expectXPath( + $sr, '/samlp:AuthnRequest/samlp:NameIDPolicy/@Format', + $expect_req_nif, 'Found expected NameID Format in request', + ); + + # Push SAML request to IdP + ok( + $res = $issuer->_post( + $url, + IO::String->new($s), + accept => 'text/html', + length => length($s) + ), + 'Post SAML request to IdP' + ); + count(1); + expectOK($res); + my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); + + # Try to authenticate with an authorized user to IdP + $s = "user=french&password=french&$s"; + ok( + $res = $issuer->_post( + $url, + IO::String->new($s), + accept => 'text/html', + cookie => $pdata, + length => length($s), + ), + 'Post authentication' + ); + count(1); + my $idpId = expectCookie($res); + + # Expect pdata to be cleared + $pdata = expectCookie( $res, 'lemonldappdata' ); + ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' ) + or explain( $pdata, 'not issuerRequestsaml' ); + count(1); + + ( $host, $url, $s ) = + expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost', + 'SAMLResponse' ); + + my ($sr) = expectSamlResponse($s); + expectXPath( + $sr, '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID/@Format', + $expect_res_nif, 'Found expected NameID Format in response', + ); + + if ($expect_nameid) { + my $nameidvalue = expectXPath( $sr, + '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID/text()' ); + if ( ref($expect_nameid) eq "Regexp" ) { + like( $nameidvalue, $expect_nameid, "NameID matches" ); + } + else { + is( $nameidvalue, $expect_nameid, "NameID matches" ); + } + } +} + +SKIP: { + eval "use Lasso"; + if ($@) { + skip 'Lasso not found'; + } + + # Default settings use the email NIF + runTest( + # requested NameIDFormat (sp side) + undef, + + # returned NameIDFormat (idp side) + undef, + + # Name ID session key + undef, + + # Expected NameIDFormat in SAMLRequest + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + + # Expected NameIDFormat in SAMLResponse + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + + # Expected NameID value + 'fa@badwolf.org' + ); + + # Override session key + runTest( + undef, + undef, + "uid", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + 'french' + ); + + # Using email explicitely return the email + runTest( + "email", + "email", + undef, + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + 'fa@badwolf.org' + ); + + # Changing the format on the IDP side has no effect if the client + # specifies a NIF + runTest( + "email", + "kerberos", + undef, + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + 'fa@badwolf.org' + ); + + # Using unspecified on the requesting side causes IDP settings to be honored + # specifies a NIF + runTest( + "unspecified", + "kerberos", + undef, + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + 'french' + ); + + # Unspecified both ways + no forced key returns no value + runTest( + "unspecified", + "unspecified", + undef, + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + undef, + ); + + # Unspecified both ways returns forced key in unspecified format + runTest( + "unspecified", + "unspecified", + 'mail', + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + 'fa@badwolf.org', + ); + + # persistent asked by SP returns a value + runTest( + "persistent", + "email", + undef, + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + qr/./, + ); + + # persistent chosen by IDP returns a value + runTest( + "unspecified", + "persistent", + undef, + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + qr/./, + ); + +} + +clean_sessions(); +done_testing(); + +sub issuer { + my ( $res_nif, $force_attr ) = @_; + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.idp.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBSAMLActivation => 1, + issuerDBSAMLRule => '$uid eq "french"', + samlSPMetaDataOptions => { + 'sp.com' => { + samlSPMetaDataOptionsEncryptionMode => 'none', + samlSPMetaDataOptionsSignSSOMessage => 1, + samlSPMetaDataOptionsSignSLOMessage => 1, + samlSPMetaDataOptionsCheckSSOMessageSignature => 0, + samlSPMetaDataOptionsCheckSLOMessageSignature => 0, + ( + $res_nif + ? ( samlSPMetaDataOptionsNameIDFormat => $res_nif, ) + : () + ), + ( + $force_attr + ? ( samlSPMetaDataOptionsNameIDSessionKey => + $force_attr, ) + : () + ), + } + }, + samlSPMetaDataExportedAttributes => { + 'sp.com' => { + cn => +'1;cn;urn:oasis:names:tc:SAML:2.0:attrname-format:basic', + uid => +'1;uid;urn:oasis:names:tc:SAML:2.0:attrname-format:basic', + } + }, + samlOrganizationDisplayName => "IDP", + samlOrganizationName => "IDP", + samlOrganizationURL => "http://www.idp.com/", + samlServicePrivateKeyEnc => saml_key_idp_private_enc, + samlServicePrivateKeySig => saml_key_idp_private_sig, + samlServicePublicKeyEnc => saml_key_idp_public_enc, + samlServicePublicKeySig => saml_key_idp_public_sig, + samlSPMetaDataXML => { + "sp.com" => { + samlSPMetaDataXML => + samlSPMetaDataXML( 'sp', 'HTTP-POST' ) + }, + }, + } + } + ); +} + +sub sp { + my ($req_nif) = @_; + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'sp.com', + portal => 'http://auth.sp.com', + authentication => 'SAML', + userDB => 'Same', + issuerDBSAMLActivation => 0, + restSessionServer => 1, + samlIDPMetaDataExportedAttributes => { + idp => { + mail => "0;mail;;", + uid => "1;uid", + cn => "0;cn" + } + }, + samlIDPMetaDataOptions => { + idp => { + samlIDPMetaDataOptionsEncryptionMode => 'none', + samlIDPMetaDataOptionsSSOBinding => 'post', + samlIDPMetaDataOptionsSLOBinding => 'post', + samlIDPMetaDataOptionsSignSSOMessage => 1, + samlIDPMetaDataOptionsSignSLOMessage => 1, + samlIDPMetaDataOptionsCheckSSOMessageSignature => 1, + samlIDPMetaDataOptionsCheckSLOMessageSignature => 1, + samlIDPMetaDataOptionsForceUTF8 => 1, + samlIDPMetaDataOptionsSignSSOMessage => 0, + ( + $req_nif + ? ( samlIDPMetaDataOptionsNameIDFormat => $req_nif, + ) + : () + ), + } + }, + samlIDPMetaDataExportedAttributes => { + idp => { + "uid" => "0;uid;;", + "cn" => "1;cn;;", + }, + }, + samlIDPMetaDataXML => { + idp => { + samlIDPMetaDataXML => + samlIDPMetaDataXML( 'idp', 'HTTP-POST' ) + } + }, + samlOrganizationDisplayName => "SP", + samlOrganizationName => "SP", + samlOrganizationURL => "http://www.sp.com", + samlServicePublicKeySig => saml_key_sp_public_sig, + samlServicePrivateKeyEnc => saml_key_sp_private_enc, + samlServicePrivateKeySig => saml_key_sp_private_sig, + samlServicePublicKeyEnc => saml_key_sp_public_enc, + samlSPSSODescriptorAuthnRequestsSigned => 1, + }, + } + ); +} diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t index 74ba5fcf0..7ba27665b 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t @@ -11,7 +11,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 21; +my $maintests = 22; my $debug = 'error'; my ( $issuer, $sp, $res ); @@ -35,8 +35,22 @@ SKIP: { $issuer = register( 'issuer', \&issuer ); $sp = register( 'sp', \&sp ); - # Simple SP access + # Try to authenticate + # ------------------- + switch ('issuer'); my $res; + ok( + $res = $issuer->_post( + '/', IO::String->new('user=french&password=french'), + length => 27 + ), + 'Auth query' + ); + expectOK($res); + my $id = expectCookie($res); + + # Simple SP access + switch ('sp'); ok( $res = $sp->_get( '/', accept => 'text/html', @@ -140,7 +154,7 @@ SKIP: { # Verify authentication on SP expectRedirection( $res, 'http://auth.sp.com' ); - my $spId = expectCookie($res); + my $spId = expectCookie($res); $rawCookie = getHeader( $res, 'Set-Cookie' ); ok( $rawCookie =~ /;\s*SameSite=None/, 'Found SameSite=None' ); @@ -236,6 +250,8 @@ sub issuer { portal => 'http://auth.idp.com', authentication => 'Demo', userDB => 'Same', + globalLogoutRule => 1, + globalLogoutTimer => 0, issuerDBSAMLActivation => 1, issuerDBSAMLRule => '$uid eq "french"', samlSPMetaDataOptions => { diff --git a/lemonldap-ng-portal/t/75-2F-Registers.t b/lemonldap-ng-portal/t/75-2F-Registers.t index 6bb3d5644..4ece30bca 100644 --- a/lemonldap-ng-portal/t/75-2F-Registers.t +++ b/lemonldap-ng-portal/t/75-2F-Registers.t @@ -439,6 +439,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ== ), 'Push U2F signature' ); + $id = expectCookie($res); ok( $res = $client->_get( '/2fregisters', diff --git a/lemonldap-ng-portal/t/91-handler-cache-cleaned.t b/lemonldap-ng-portal/t/91-handler-cache-cleaned.t new file mode 100644 index 000000000..8a15df27b --- /dev/null +++ b/lemonldap-ng-portal/t/91-handler-cache-cleaned.t @@ -0,0 +1,120 @@ +use Test::More; +use strict; +use IO::String; +use Data::Dumper; + +require 't/test-lib.pm'; +require 't/smtp.pm'; + +use_ok('Lemonldap::NG::Common::FormEncode'); +count(1); + +my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'debug', + mail2fActivation => '$uid eq "msmith"', + mail2fAuthnLevel => 3, + mail2fCodeRegex => '\d{4}', + authentication => 'Demo', + userDB => 'Same', + } + } +); + +# Login as dwho +ok( + my $res = $client->_post( + '/', + IO::String->new('user=dwho&password=dwho'), + length => 23, + accept => 'text/html', + ), + 'Auth query' +); +count(1); +my $dwho_id = expectCookie($res); + +ok( + $res = $client->_get( + '/', cookie => "lemonldap=$dwho_id", + ), + 'Get portal' +); +expectAuthenticatedAs($res, 'dwho'); +count(1); + +# Start logging in as msmith +my $s = buildForm({ + user => 'msmith', + password => 'msmith', + }); +ok( + $res = $client->_post( + '/', + IO::String->new($s), + length => length($s), + accept => 'text/html', + ), + 'Auth query' +); +count(1); + +my ( $host, $url, $query ) = + expectForm( $res, undef, '/mail2fcheck?skin=bootstrap', 'token', 'code' ); + +ok( + $res->[2]->[0] =~ +qr%%, + 'Found EXTCODE input' +) or print STDERR Dumper( $res->[2]->[0] ); +count(1); + +ok( mail() =~ m%(\d{4})%, 'Found 2F code in mail' ) + or print STDERR Dumper( mail() ); + +my $code = $1; +count(1); + +# Fill the handler cache with dwho session info +ok( + $res = $client->_get( + '/', cookie => "lemonldap=$dwho_id", + ), + 'Get portal' +); +count(1); + +# Finish logging in as msmith, +# this corrupts the dwho cache with msmith macros +$query =~ s/code=/code=${code}/; +ok( + $res = $client->_post( + '/mail2fcheck', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post code' +); +count(1); +diag Dumper($res); + +# Reuse the corrupted cache +ok( + $res = $client->_get( + '/', cookie => "lemonldap=$dwho_id", + ), + 'Get portal' +); +count(1); + + +TODO: { + local $TODO = "Fix 2539"; + expectAuthenticatedAs($res, 'dwho'); +} + +clean_sessions(); + +done_testing( count() ); + diff --git a/lemonldap-ng-portal/t/saml-lib.pm b/lemonldap-ng-portal/t/saml-lib.pm index 62f364e47..ccc611249 100644 --- a/lemonldap-ng-portal/t/saml-lib.pm +++ b/lemonldap-ng-portal/t/saml-lib.pm @@ -1,3 +1,7 @@ +use XML::LibXML; +use URI::Escape; +use MIME::Base64; + sub saml_key_proxy_private_enc { "-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA2vzoUiQ4GsM5qLjoxslEDKj+RrPh/A743JCWe1Hbadjd5yD4 @@ -800,4 +804,60 @@ EOF ; } +=head4 expectXPath($xml_string, $xpath, $namespaces, $value, $message) + +Match a XPath expression against the provided string, and verify that the correct value is + +=cut + +sub expectXPath { + my ( $xml_string, $xpath, $value, $message ) = @_; + my $dom = XML::LibXML->load_xml( string => $xml_string ); + return unless ok( $dom, 'XML successfully parsed' ); + + my $xpc = XML::LibXML::XPathContext->new($dom); + my $namespaces = { + samlp => 'urn:oasis:names:tc:SAML:2.0:protocol', + saml => 'urn:oasis:names:tc:SAML:2.0:assertion', + }; + if ( ref($namespaces) eq "HASH" ) { + for my $key ( keys %{$namespaces} ) { + $xpc->registerNs( $key, $namespaces->{$key} ); + } + } + + my ($match1) = $xpc->findnodes($xpath); + return unless ok( $match1, 'Found a match for XPath Expression ' . $xpath ); + + if ( ref($match1) eq 'XML::LibXML::Attr' ) { + if ($value) { + is( $match1->value, $value, $message ); + } + return $match1->value; + } + elsif ( ref($match1) eq 'XML::LibXML::Text' ) { + if ($value) { + is( $match1->data, $value, $message ); + } + return $match1->data; + } + else { + fail( "Unexpected XPath result: " . ref($match1) ); + } +} + +sub expectSamlRequest { + my ($string) = @_; + my ($sr) = $string =~ m/SAMLRequest=([^&]*)/; + ok( $sr, "Found SAMLRequest" ); + return decode_base64( uri_unescape($sr) ); +} + +sub expectSamlResponse { + my ($string) = @_; + my ($sr) = $string =~ m/SAMLResponse=([^&]*)/; + ok( $sr, "Found SAMLResponse" ); + return decode_base64( uri_unescape($sr) ); +} + 1; diff --git a/lemonldap-ng-portal/t/test-lib.pm b/lemonldap-ng-portal/t/test-lib.pm index 83a89b9a1..95f0c3489 100644 --- a/lemonldap-ng-portal/t/test-lib.pm +++ b/lemonldap-ng-portal/t/test-lib.pm @@ -337,9 +337,7 @@ Verify that result has a C header and value is $user sub expectAuthenticatedAs { my ( $res, $user ) = @_; - ok( getHeader( $res, 'Lm-Remote-User' ) eq $user, - " Authenticated as $user" ) - or explain( $res->[1], "Lm-Remote-User => $user" ); + is( getHeader( $res, 'Lm-Remote-User' ), $user, "Authenticated as $user" ); count(1); }