From 01031d8c4f3d79adae152fe225b57e4a1bb4135d Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 9 Oct 2020 22:26:00 +0200 Subject: [PATCH 1/6] Code refactoring (#2339) --- .../Plugins/AdaptativeAuthenticationLevel.pm | 4 +- .../Lemonldap/NG/Portal/Plugins/AutoSignin.pm | 1 + .../NG/Portal/Plugins/BruteForceProtection.pm | 11 ++++- .../Portal/Plugins/CertificateResetByMail.pm | 2 +- .../Lemonldap/NG/Portal/Plugins/CheckState.pm | 7 ++-- .../Lemonldap/NG/Portal/Plugins/CheckUser.pm | 10 ++--- .../Lemonldap/NG/Portal/Plugins/ForceAuthn.pm | 7 +++- .../NG/Portal/Plugins/GrantSession.pm | 17 +++----- .../Lemonldap/NG/Portal/Plugins/History.pm | 13 ++++-- .../NG/Portal/Plugins/Impersonation.pm | 10 +++-- .../NG/Portal/Plugins/MailPasswordReset.pm | 41 +++++++++++-------- .../NG/Portal/Plugins/Notifications.pm | 12 +++--- .../NG/Portal/Plugins/PublicPages.pm | 10 +++-- .../Lemonldap/NG/Portal/Plugins/RESTServer.pm | 10 +++-- .../Lemonldap/NG/Portal/Plugins/Refresh.pm | 10 +++-- .../Lemonldap/NG/Portal/Plugins/Register.pm | 29 +++++++------ .../Lemonldap/NG/Portal/Plugins/SOAPServer.pm | 41 +++++++++++-------- .../NG/Portal/Plugins/SingleSession.pm | 10 +++-- .../lib/Lemonldap/NG/Portal/Plugins/Status.pm | 7 ++-- .../NG/Portal/Plugins/StayConnected.pm | 3 +- .../Lemonldap/NG/Portal/Plugins/Upgrade.pm | 20 +++++---- 21 files changed, 160 insertions(+), 115 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AdaptativeAuthenticationLevel.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AdaptativeAuthenticationLevel.pm index 0a2b8bee7..b9249e8e2 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AdaptativeAuthenticationLevel.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AdaptativeAuthenticationLevel.pm @@ -1,5 +1,6 @@ package Lemonldap::NG::Portal::Plugins::AdaptativeAuthenticationLevel; +use strict; use Mouse; use Lemonldap::NG::Portal::Main::Constants qw( PE_OK @@ -29,6 +30,7 @@ sub init { next unless $rule; $self->rules->{$_} = $rule; } + return 1; } @@ -74,9 +76,7 @@ sub adaptAuthenticationLevel { 'authenticationLevel' => $updatedAuthenticationLevel } ); - } - return PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm index 47ff94794..9f6ce745b 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm @@ -42,6 +42,7 @@ sub init { push @{ $self->rules }, [ $sub, $id ]; } } + return 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm index 92d98f9cd..5ee3988c0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm @@ -2,9 +2,12 @@ package Lemonldap::NG::Portal::Plugins::BruteForceProtection; use strict; use Mouse; -use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_WAIT); +use Lemonldap::NG::Portal::Main::Constants qw( + PE_OK + PE_WAIT +); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; @@ -30,11 +33,13 @@ sub init { ); return 0; } + unless ( $self->conf->{loginHistoryEnabled} ) { $self->logger->error( '"BruteForceProtection" plugin enabled WITHOUT "History" plugin'); return 0; } + unless ( $self->conf->{failedLoginNumber} > $self->conf->{bruteForceProtectionMaxFailed} ) { @@ -45,6 +50,7 @@ sub init { . ')' ); return 0; } + if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) { my $lockTimes = @{ $self->lockTimes } = sort { $a <=> $b } @@ -87,6 +93,7 @@ sub init { else { $self->maxAge( $self->conf->{bruteForceProtectionMaxAge} ); } + return 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm index 31ec12591..b2bdb5d03 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm @@ -107,7 +107,7 @@ sub init { '::CertificateResetByMail::' . $self->conf->{registerDB} ) ) or return 0; - + return 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm index 321b8c4be..3c26cdc78 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm @@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::Plugins::CheckState; use strict; use Mouse; -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; @@ -21,8 +21,9 @@ sub init { 'checkStateSecret is required for "check state" plugin'); return 0; } - $self->addUnauthRoute( checkstate => 'check', ['GET'] ); - $self->addAuthRoute( checkstate => 'check', ['GET'] ); + $self->addUnauthRoute( checkstate => 'check', ['GET'] ) + ->addAuthRoute( checkstate => 'check', ['GET'] ); + return 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm index e63d7090a..4a652569c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm @@ -3,10 +3,10 @@ package Lemonldap::NG::Portal::Plugins::CheckUser; use strict; use Mouse; use Lemonldap::NG::Portal::Main::Constants qw( - PE_BADCREDENTIALS - PE_MALFORMEDUSER - PE_TOKENEXPIRED PE_NOTOKEN + PE_TOKENEXPIRED + PE_MALFORMEDUSER + PE_BADCREDENTIALS ); our $VERSION = '2.0.10'; @@ -49,8 +49,8 @@ sub persistentAttrs { sub init { my ($self) = @_; - $self->addAuthRoute( checkuser => 'check', ['POST'] ); - $self->addAuthRouteWithRedirect( checkuser => 'display', ['GET'] ); + $self->addAuthRoute( checkuser => 'check', ['POST'] ) + ->addAuthRouteWithRedirect( checkuser => 'display', ['GET'] ); # Parse checkUser rules $self->idRule( diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ForceAuthn.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ForceAuthn.pm index 19632e732..bc47336ed 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ForceAuthn.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ForceAuthn.pm @@ -2,9 +2,12 @@ package Lemonldap::NG::Portal::Plugins::ForceAuthn; use strict; use Mouse; -use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_MUSTAUTHN); +use Lemonldap::NG::Portal::Main::Constants qw( + PE_OK + PE_MUSTAUTHN +); -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm index 444f39263..26c9c4eb0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm @@ -4,11 +4,11 @@ use strict; use Mouse; use Lemonldap::NG::Portal::Main::Constants qw( PE_OK - PE_SESSIONNOTGRANTED PE_BADCREDENTIALS + PE_SESSIONNOTGRANTED ); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; @@ -18,20 +18,13 @@ has rules => ( is => 'rw', default => sub { {} } ); sub init { my ($self) = @_; - my $hd = $self->p->HANDLER; foreach ( keys %{ $self->conf->{grantSessionRules} // {} } ) { $self->logger->debug("GrantRule key -> $_"); $self->logger->debug( "GrantRule value -> " . $self->conf->{grantSessionRules}->{$_} ); - my $rule = - $hd->buildSub( - $hd->substitute( $self->conf->{grantSessionRules}->{$_} ) ); - unless ($rule) { - my $error = $hd->tsv->{jail}->error || '???'; - $self->logger->error("Bad grantSession rule -> $error"); - $self->logger->debug("Skipping GrantSession rule \"$_\""); - next; - } + my $rule = $self->p->buildRule( $self->conf->{grantSessionRules}->{$_}, + 'grantSessionRules' ); + next unless ($rule); $self->rules->{$_} = $rule; } return 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm index 8dcba826d..2c2a4bf6e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm @@ -2,12 +2,17 @@ package Lemonldap::NG::Portal::Plugins::History; use strict; use Mouse; -use Lemonldap::NG::Portal::Main::Constants qw(PE_INFO PE_OK); +use Lemonldap::NG::Portal::Main::Constants qw( + PE_OK + PE_INFO +); -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; -extends 'Lemonldap::NG::Portal::Main::Plugin', - 'Lemonldap::NG::Portal::Lib::OtherSessions'; +extends qw( + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Portal::Lib::OtherSessions +); # INITIALIZATION diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm index f91c2584f..9f110a6a7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm @@ -3,15 +3,17 @@ package Lemonldap::NG::Portal::Plugins::Impersonation; use strict; use Mouse; use Lemonldap::NG::Portal::Main::Constants qw( + PE_MALFORMEDUSER PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED - PE_MALFORMEDUSER ); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; -extends 'Lemonldap::NG::Portal::Main::Plugin', - 'Lemonldap::NG::Portal::Lib::_tokenRule'; +extends qw( + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Portal::Lib::_tokenRule + ); # INITIALIZATION diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm index 47b579f1f..e581ddbdb 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm @@ -6,36 +6,39 @@ use Mouse; use POSIX qw(strftime); use Lemonldap::NG::Common::FormEncode; use Lemonldap::NG::Portal::Main::Constants qw( - PE_BADCREDENTIALS + PE_OK + PE_MAILOK + PE_NOTOKEN + PE_MAILERROR + PE_PASSWORD_OK PE_BADMAILTOKEN PE_CAPTCHAEMPTY PE_CAPTCHAERROR - PE_MAILCONFIRMATION_ALREADY_SENT - PE_MAILCONFIRMOK - PE_MAILERROR - PE_MAILFIRSTACCESS - PE_MAILFORMEMPTY PE_MAILNOTFOUND - PE_MAILOK + PE_TOKENEXPIRED + PE_USERNOTFOUND + PE_MAILCONFIRMOK PE_MALFORMEDUSER - PE_NOTOKEN - PE_OK - PE_PASSWORDFIRSTACCESS + PE_MAILFORMEMPTY + PE_BADCREDENTIALS + PE_MAILFIRSTACCESS PE_PASSWORDFORMEMPTY PE_PASSWORD_MISMATCH - PE_PASSWORD_OK - PE_PP_INSUFFICIENT_PASSWORD_QUALITY + PE_PASSWORDFIRSTACCESS PE_PP_PASSWORD_TOO_SHORT PE_PP_PASSWORD_TOO_YOUNG PE_PP_PASSWORD_IN_HISTORY - PE_TOKENEXPIRED - PE_USERNOTFOUND + PE_MAILCONFIRMATION_ALREADY_SENT + PE_PP_INSUFFICIENT_PASSWORD_QUALITY ); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; -extends 'Lemonldap::NG::Portal::Main::Plugin', - 'Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Lib::_tokenRule'; +extends qw( + Lemonldap::NG::Portal::Lib::SMTP + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Portal::Lib::_tokenRule +); # PROPERTIES @@ -352,7 +355,9 @@ sub _reset { $body =~ s/\$url/$url/g; $body =~ s/\$(\w+)/$req->{sessionInfo}->{$1} || ''/ge; - $self->logger->info("User ".$req->data->{mailAddress}." is trying to reset his/her password"); + $self->logger->info( "User " + . $req->data->{mailAddress} + . " is trying to reset his/her password" ); # Send mail unless ( diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Notifications.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Notifications.pm index 5f5a70fc2..40712537a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Notifications.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Notifications.pm @@ -15,12 +15,12 @@ use strict; use Mouse; use MIME::Base64; use Lemonldap::NG::Portal::Main::Constants qw( - PE_NOTIFICATION - PE_ERROR PE_OK + PE_ERROR + PE_NOTIFICATION ); -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; @@ -40,8 +40,8 @@ sub init { my ($self) = @_; # Declare new routes - $self->addUnauthRoute( notifback => 'getNotifBack', [ 'POST', 'GET' ] ); - $self->addAuthRoute( notifback => 'getNotifBack', ['POST'] ); + $self->addUnauthRoute( notifback => 'getNotifBack', [ 'POST', 'GET' ] ) + ->addAuthRoute( notifback => 'getNotifBack', ['POST'] ); $self->addAuthRouteWithRedirect( mynotifications => { '*' => 'myNotifs' }, ['GET'] @@ -104,7 +104,7 @@ sub init { return 0; } - 1; + return 1; } #sub checkNotifForAuthUser { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PublicPages.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PublicPages.pm index 045e98637..6383ee72c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PublicPages.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PublicPages.pm @@ -5,27 +5,31 @@ use Mouse; extends 'Lemonldap::NG::Portal::Main::Plugin'; -our $VERSION = '2.0.0'; +our $VERSION = '2.0.10'; sub init { my ($self) = @_; - $self->addAuthRoute( public => { ':tpl' => 'run' }, ['GET'] ); - $self->addUnauthRoute( public => { ':tpl' => 'run' }, ['GET'] ); + $self->addAuthRoute( public => { ':tpl' => 'run' }, ['GET'] ) + ->addUnauthRoute( public => { ':tpl' => 'run' }, ['GET'] ); + return 1; } sub run { my ( $self, $req ) = @_; my $tpl = $req->param('tpl'); + unless ( $tpl =~ /^[\w\.\-]+$/ ) { $self->userLogger->error("Bad public path $tpl"); return $self->p->sendError( $req, 'File not found', 404 ); } + $tpl = "public/$tpl"; my $path = $self->conf->{templateDir} . '/' . $self->conf->{portalSkin} . "/$tpl.tpl"; + unless ( -e $path ) { $self->userLogger->warn("File not found: $path"); return $self->p->sendError( $req, 'File not found', 404 ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm index b029dfd20..adb75de83 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm @@ -59,15 +59,17 @@ use Mouse; use JSON qw(from_json to_json); use MIME::Base64; use Lemonldap::NG::Portal::Main::Constants qw( - portalConsts PE_OK + portalConsts PE_PASSWORD_OK ); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; -extends - qw (Lemonldap::NG::Portal::Main::Plugin Lemonldap::NG::Portal::Lib::Captcha); +extends qw( + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Portal::Lib::Captcha +); has configStorage => ( is => 'ro', diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Refresh.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Refresh.pm index 84fa75975..dc8bfb742 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Refresh.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Refresh.pm @@ -3,14 +3,18 @@ package Lemonldap::NG::Portal::Plugins::Refresh; use strict; use Mouse; -our $VERSION = '2.0.7'; +our $VERSION = '2.0.10'; -extends 'Lemonldap::NG::Portal::Main::Plugin', - 'Lemonldap::NG::Portal::Lib::OtherSessions'; +extends qw( + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Portal::Lib::OtherSessions +); sub init { my ($self) = @_; $self->addUnauthRoute( refreshsessions => 'run', ['POST'] ); + + return 1; } sub run { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Register.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Register.pm index f6c8b6936..acac9f795 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Register.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Register.pm @@ -6,26 +6,29 @@ use Mouse; use POSIX qw(strftime); use Lemonldap::NG::Common::FormEncode; use Lemonldap::NG::Portal::Main::Constants qw( + PE_OK + PE_MAILOK + PE_NOTOKEN + PE_MAILERROR PE_BADMAILTOKEN PE_CAPTCHAEMPTY PE_CAPTCHAERROR - PE_MALFORMEDUSER - PE_MAILCONFIRMATION_ALREADY_SENT - PE_MAILCONFIRMOK - PE_MAILERROR - PE_MAILOK - PE_NOTOKEN - PE_OK - PE_REGISTERALREADYEXISTS - PE_REGISTERFIRSTACCESS - PE_REGISTERFORMEMPTY PE_TOKENEXPIRED + PE_MAILCONFIRMOK + PE_MALFORMEDUSER + PE_REGISTERFORMEMPTY + PE_REGISTERFIRSTACCESS + PE_REGISTERALREADYEXISTS + PE_MAILCONFIRMATION_ALREADY_SENT ); -our $VERSION = '2.0.6'; +our $VERSION = '2.0.10'; -extends 'Lemonldap::NG::Portal::Main::Plugin', - 'Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Lib::_tokenRule'; +extends qw( + Lemonldap::NG::Portal::Lib::SMTP + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Portal::Lib::_tokenRule +); # PROPERTIES diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm index b197b763e..87c4bf6a0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm @@ -13,12 +13,17 @@ package Lemonldap::NG::Portal::Plugins::SOAPServer; use strict; use Mouse; -use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_FORMEMPTY); +use Lemonldap::NG::Portal::Main::Constants qw( + PE_OK + PE_FORMEMPTY +); -our $VERSION = '2.0.6'; +our $VERSION = '2.0.10'; -extends 'Lemonldap::NG::Portal::Main::Plugin', - 'Lemonldap::NG::Common::Conf::AccessLib'; +extends qw( + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Common::Conf::AccessLib +); has server => ( is => 'rw' ); @@ -112,29 +117,33 @@ sub init { $self->addUnauthRoute( sessions => { '*' => 'unauthSessions' }, ['POST'] - ); - $self->addUnauthRoute( + ) + + ->addUnauthRoute( adminSessions => 'unauthAdminSessions', ['POST'] - ); - $self->addAuthRoute( + ) + + ->addAuthRoute( sessions => { '*' => 'badSoapRequest' }, ['POST'] - ); - $self->addAuthRoute( + ) + + ->addAuthRoute( adminSessions => { '*' => 'badSoapRequest' }, ['POST'] - ); + ); } if ( $self->conf->{soapConfigServer} ) { - $self->addUnauthRoute( config => { '*' => 'config' }, ['POST'] ); - $self->addAuthRoute( config => { '*' => 'badSoapRequest' }, ['POST'] ); + $self->addUnauthRoute( config => { '*' => 'config' }, ['POST'] ) + ->addAuthRoute( config => { '*' => 'badSoapRequest' }, ['POST'] ); } if ( $self->conf->{wsdlServer} ) { - $self->addUnauthRoute( 'portal.wsdl' => 'getWsdl', ['GET'] ); - $self->addAuthRoute( 'portal.wsdl' => 'getWsdl', ['GET'] ); + $self->addUnauthRoute( 'portal.wsdl' => 'getWsdl', ['GET'] ) + ->addAuthRoute( 'portal.wsdl' => 'getWsdl', ['GET'] ); } - 1; + + return 1; } # SOAP DISPATCHERS diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SingleSession.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SingleSession.pm index a6c974745..fc19d11c2 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SingleSession.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SingleSession.pm @@ -7,14 +7,16 @@ use JSON qw(from_json to_json); use Lemonldap::NG::Portal::Main::Constants qw( PE_OK PE_ERROR - PE_TOKENEXPIRED PE_NOTOKEN + PE_TOKENEXPIRED ); -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; -extends 'Lemonldap::NG::Portal::Main::Plugin', - 'Lemonldap::NG::Portal::Lib::OtherSessions'; +extends qw( + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Portal::Lib::OtherSessions +); use constant endAuth => 'run'; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Status.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Status.pm index 3129ae57e..c3717373c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Status.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Status.pm @@ -11,7 +11,7 @@ use JSON qw(from_json); use MIME::Base64; use IO::Socket::INET; -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; @@ -19,8 +19,9 @@ extends 'Lemonldap::NG::Portal::Main::Plugin'; sub init { my ($self) = @_; - $self->addUnauthRoute( portalStatus => 'status', ['GET'] ); - $self->addAuthRoute( portalStatus => 'status', ['GET'] ); + $self->addUnauthRoute( portalStatus => 'status', ['GET'] ) + ->addAuthRoute( portalStatus => 'status', ['GET'] ); + return 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm index 2b0936208..f9abbf98c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm @@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_SENDRESPONSE ); -our $VERSION = '2.0.7'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; @@ -45,6 +45,7 @@ has timeout => ( sub init { my ($self) = @_; $self->addAuthRoute( registerbrowser => 'storeBrowser', ['POST'] ); + return 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm index c2d84f0e2..de5cfc291 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm @@ -3,12 +3,12 @@ package Lemonldap::NG::Portal::Plugins::Upgrade; use strict; use Mouse; use Lemonldap::NG::Portal::Main::Constants qw( - PE_CONFIRM PE_OK + PE_CONFIRM PE_TOKENEXPIRED ); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; @@ -32,10 +32,12 @@ sub init { "-> Upgrade tokens will be stored into global storage"); $self->ott->cache(undef); } - $self->addAuthRoute( upgradesession => 'askUpgrade', ['GET'] ); - $self->addAuthRoute( upgradesession => 'confirmUpgrade', ['POST'] ); - $self->addAuthRoute( renewsession => 'askRenew', ['GET'] ); - $self->addAuthRoute( renewsession => 'confirmRenew', ['POST'] ); + $self->addAuthRoute( upgradesession => 'askUpgrade', ['GET'] ) + ->addAuthRoute( upgradesession => 'confirmUpgrade', ['POST'] ) + ->addAuthRoute( renewsession => 'askRenew', ['GET'] ) + ->addAuthRoute( renewsession => 'confirmRenew', ['POST'] ); + + return 1; } sub askUpgrade { @@ -107,14 +109,15 @@ sub confirm { } } } + $req->steps( ['controlUrl'] ); my $res = $self->p->process($req); - return $self->p->do( $req, [ sub { $res } ] ) if ($res); + return $self->p->do( $req, [ sub { $res } ] ) if $res; + if ( $upg or $req->param('confirm') == 1 ) { $req->data->{noerror} = 1; if ($sfOnly) { - $req->data->{doingSfUpgrade} = 1; # Short circuit the first part of login, only do a 2FA step @@ -134,7 +137,6 @@ sub confirm { '', 0 ); # Insert token # Do a regular login - # Do a regular login return $self->p->login($req); } } From 9245fc4ee132b57532b153670d9a62b592a1761e Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 9 Oct 2020 22:29:56 +0200 Subject: [PATCH 2/6] Append unit test (#2338) --- lemonldap-ng-portal/MANIFEST | 6 +- .../Lemonldap/NG/Portal/2F/Register/TOTP.pm | 32 +- .../Lemonldap/NG/Portal/2F/Register/U2F.pm | 34 +- .../NG/Portal/2F/Register/Yubikey.pm | 32 +- .../htdocs/static/common/js/2fregistration.js | 2 +- .../static/common/js/2fregistration.min.js | 2 +- .../common/js/2fregistration.min.js.map | 2 +- .../site/htdocs/static/common/js/autoRenew.js | 2 +- .../site/htdocs/static/common/js/captcha.js | 2 +- .../site/htdocs/static/common/js/confirm.js | 2 +- .../htdocs/static/common/js/globalLogout.js | 2 +- .../site/htdocs/static/common/js/idpchoice.js | 2 +- .../site/htdocs/static/common/js/info.js | 2 +- .../site/htdocs/static/common/js/kerberos.js | 2 +- .../htdocs/static/common/js/kerberosChoice.js | 2 +- .../htdocs/static/common/js/notifications.js | 2 +- .../static/common/js/oidcchecksession.js | 2 +- .../static/common/js/oidcchecksession.min.js | 2 +- .../common/js/oidcchecksession.min.js.map | 2 +- .../site/htdocs/static/common/js/redirect.js | 2 +- .../static/common/js/registerbrowser.js | 1 - .../static/common/js/registerbrowser.min.js | 2 +- .../common/js/registerbrowser.min.js.map | 2 +- .../site/htdocs/static/common/js/ssl.js | 2 +- .../site/htdocs/static/common/js/sslChoice.js | 2 +- .../static/common/js/totpregistration.min.js | 2 +- .../common/js/totpregistration.min.js.map | 2 +- .../site/htdocs/static/common/js/u2fcheck.js | 2 +- .../t/68-ContextSwitching-with-2F-allowed.t | 469 ++++++++++++++++++ .../t/68-ContextSwitching-with-2F.t | 469 ++++++++++++++++++ .../68-ContextSwitching-with-Impersonation.t | 2 +- .../t/68-ContextSwitching-with-Logout.t | 2 +- ...textSwitching-with-TOTP-and-Notification.t | 2 +- ...8-ContextSwitching-with-UnrestrictedUser.t | 2 +- lemonldap-ng-portal/t/68-ContextSwitching.t | 2 +- ...-with-SFA.t => 68-Impersonation-with-2F.t} | 1 - 36 files changed, 1030 insertions(+), 70 deletions(-) create mode 100644 lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t create mode 100644 lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t rename lemonldap-ng-portal/t/{68-Impersonation-with-SFA.t => 68-Impersonation-with-2F.t} (99%) diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST index 36031605c..48f227bf8 100644 --- a/lemonldap-ng-portal/MANIFEST +++ b/lemonldap-ng-portal/MANIFEST @@ -223,13 +223,11 @@ site/htdocs/static/bwr/font-awesome/fonts/fontawesome-webfont.woff site/htdocs/static/bwr/font-awesome/fonts/fontawesome-webfont.woff2 site/htdocs/static/bwr/jquery-ui/jquery-ui.js site/htdocs/static/bwr/jquery-ui/jquery-ui.min.js -site/htdocs/static/bwr/jquery-ui/jquery-ui.min.js.map site/htdocs/static/bwr/jquery.cookie/jquery.cookie.js site/htdocs/static/bwr/jquery.cookie/jquery.cookie.min.js site/htdocs/static/bwr/jquery.cookie/jquery.cookie.min.js.map site/htdocs/static/bwr/jquery/dist/jquery.js site/htdocs/static/bwr/jquery/dist/jquery.min.js -site/htdocs/static/bwr/jquery/dist/jquery.min.js.map site/htdocs/static/bwr/jquery/dist/jquery.min.map site/htdocs/static/bwr/qrious/dist/qrious.js site/htdocs/static/bwr/qrious/dist/qrious.js.map @@ -658,16 +656,18 @@ t/67-CheckUser-with-rules.t t/67-CheckUser-with-token.t t/67-CheckUser-with-UnrestrictedUser.t t/67-CheckUser.t +t/68-ContextSwitching-with-2F-allowed.t +t/68-ContextSwitching-with-2F.t t/68-ContextSwitching-with-Impersonation.t t/68-ContextSwitching-with-Logout.t t/68-ContextSwitching-with-TOTP-and-Notification.t t/68-ContextSwitching-with-UnrestrictedUser.t t/68-ContextSwitching.t +t/68-Impersonation-with-2F.t t/68-Impersonation-with-doubleCookies.t t/68-Impersonation-with-filtered-merge.t t/68-Impersonation-with-History.t t/68-Impersonation-with-merge.t -t/68-Impersonation-with-SFA.t t/68-Impersonation-with-TOTP.t t/68-Impersonation-with-UnrestrictedUser.t t/68-Impersonation.t diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm index 158d26d54..d6827707c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm @@ -38,7 +38,7 @@ sub run { # Check if TOTP can be updated return $self->p->sendError( $req, 'notAuthorized', 400 ) - unless $self->allowedUpdateSfa($req, $action); + unless $self->allowedUpdateSfa( $req, $action ); # Verification that user has a valid TOTP app if ( $action eq 'verify' ) { @@ -292,18 +292,26 @@ sub run { if ( $_->{epoch} eq $epoch ) { $TOTPName = $_->{name}; () } else { $_ } } @$_2fDevices; - $self->logger->debug( + if ($TOTPName) { + $self->logger->debug( "Delete 2F Device: { type => 'TOTP', epoch => $epoch, name => $TOTPName }" - ); - $self->p->updatePersistentSession( $req, - { _2fDevices => to_json($_2fDevices) } ); - $self->userLogger->notice( - "TOTP $TOTPName unregistration succeeds for $user"); - return [ - 200, - [ 'Content-Type' => 'application/json', 'Content-Length' => 12, ], - ['{"result":1}'] - ]; + ); + $self->p->updatePersistentSession( $req, + { _2fDevices => to_json($_2fDevices) } ); + $self->userLogger->notice( + "TOTP $TOTPName unregistration succeeds for $user"); + return [ + 200, + [ + 'Content-Type' => 'application/json', + 'Content-Length' => 12, + ], + ['{"result":1}'] + ]; + } + else { + $self->p->sendError( $req, '2FDeviceNotFound', 200 ); + } } else { $self->logger->error("Unknown TOTP action -> $action"); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm index 9d27162f9..a8cb2103d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm @@ -35,7 +35,7 @@ sub run { # Check if U2F key can be updated return $self->p->sendError( $req, 'notAuthorized', 400 ) - unless $self->allowedUpdateSfa($req, $action); + unless $self->allowedUpdateSfa( $req, $action ); if ( $action eq 'register' ) { @@ -279,18 +279,26 @@ sub run { if ( $_->{epoch} eq $epoch ) { $keyName = $_->{name}; () } else { $_ } } @$_2fDevices; - $self->logger->debug( -"Delete 2F Device : { type => 'U2F', epoch => $epoch, name => $keyName }" - ); - $self->p->updatePersistentSession( $req, - { _2fDevices => to_json($_2fDevices) } ); - $self->userLogger->notice( - "U2F key $keyName unregistration succeeds for $user"); - return [ - 200, - [ 'Content-Type' => 'application/json', 'Content-Length' => 12, ], - ['{"result":1}'] - ]; + if ($keyName) { + $self->logger->debug( +"Delete 2F Device: { type => 'U2F', epoch => $epoch, name => $keyName }" + ); + $self->p->updatePersistentSession( $req, + { _2fDevices => to_json($_2fDevices) } ); + $self->userLogger->notice( + "U2F key $keyName unregistration succeeds for $user"); + return [ + 200, + [ + 'Content-Type' => 'application/json', + 'Content-Length' => 12, + ], + ['{"result":1}'] + ]; + } + else { + $self->p->sendError( $req, '2FDeviceNotFound', 200 ); + } } else { $self->logger->error("Unknown U2F action -> $action"); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm index 5e18551de..58d16f478 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm @@ -42,7 +42,7 @@ sub run { RAW_ERROR => 'notAuthorized', AUTH_ERROR_TYPE => 'warning', } - ) unless $self->allowedUpdateSfa($req, $action); + ) unless $self->allowedUpdateSfa( $req, $action ); if ( $action eq 'register' ) { my $otp = $req->param('otp'); @@ -190,18 +190,26 @@ sub run { if ( $_->{epoch} eq $epoch ) { $UBKName = $_->{name}; () } else { $_ } } @$_2fDevices; - $self->logger->debug( + if ($UBKName) { + $self->logger->debug( "Delete 2F Device: { type => 'UBK', epoch => $epoch, name => $UBKName }" - ); - $self->p->updatePersistentSession( $req, - { _2fDevices => to_json($_2fDevices) } ); - $self->userLogger->notice( - "Yubikey $UBKName unregistration succeeds for $user"); - return [ - 200, - [ 'Content-Type' => 'application/json', 'Content-Length' => 12, ], - ['{"result":1}'] - ]; + ); + $self->p->updatePersistentSession( $req, + { _2fDevices => to_json($_2fDevices) } ); + $self->userLogger->notice( + "Yubikey $UBKName unregistration succeeds for $user"); + return [ + 200, + [ + 'Content-Type' => 'application/json', + 'Content-Length' => 12, + ], + ['{"result":1}'] + ]; + } + else { + $self->p->sendError( $req, '2FDeviceNotFound', 200 ); + } } else { $self->logger->error("Unknown Yubikey action -> $action"); diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.js b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.js index c18ec9eb4..3196e5410 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 /* LemonLDAP::NG 2F registration script diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js index 9ac8ff2e0..82bd4d42b 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js @@ -1 +1 @@ -(function(){var e,t,o;o=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning alert-success alert-warning"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},t=function(e,r,t){var n;if(console.log("Error",t),(n=JSON.parse(e.responseText))&&n.error)return n=n.error.replace(/.* /,""),console.log("Returned error",n),n.match(/module/)?o("notAuthorized","warning"):o(n,"warning")},e=function(e,r){return"U2F"===e?e="u":"UBK"===e?e="yubikey":"TOTP"===e?e="totp":o("u2fFailed","warning"),$.ajax({type:"POST",url:portal+"2fregisters/"+e+"/delete",data:{epoch:r},dataType:"json",error:t,success:function(e){return e.error?e.error.match(/notAuthorized/)?o("notAuthorized","warning"):o("unknownAction","warning"):e.result?($("#delete-"+r).hide(),o("yourKeyIsUnregistered","positive")):void 0}})},$(document).ready(function(){return $("body").on("click",".btn-danger",function(){return e($(this).attr("device"),$(this).attr("epoch"))}),$("#goback").attr("href",portal),$(".data-epoch").each(function(){var e;return e=new Date(1e3*$(this).text()),$(this).text(e.toLocaleString())})})}).call(this); \ No newline at end of file +(function(){var e,t,o;o=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning alert-success alert-warning"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},t=function(e,r,t){var n;if(console.log("Error",t),(n=JSON.parse(e.responseText))&&n.error)return n=n.error.replace(/.* /,""),console.log("Returned error",n),n.match(/module/)?o("notAuthorized","warning"):o(n,"warning")},e=function(e,r){return"U2F"===e?e="u":"UBK"===e?e="yubikey":"TOTP"===e?e="totp":o("u2fFailed","warning"),$.ajax({type:"POST",url:portal+"2fregisters/"+e+"/delete",data:{epoch:r},dataType:"json",error:t,success:function(e){return e.error?e.error.match(/notAuthorized/)?o("notAuthorized","warning"):o("unknownAction","warning"):e.result?($("#delete-"+r).hide(),o("yourKeyIsUnregistered","positive")):void 0},error:t})},$(document).ready(function(){return $("body").on("click",".btn-danger",function(){return e($(this).attr("device"),$(this).attr("epoch"))}),$("#goback").attr("href",portal),$(".data-epoch").each(function(){var e;return e=new Date(1e3*$(this).text()),$(this).text(e.toLocaleString())})})}).call(this); \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js.map index ac2a8ffd1..3436c92c5 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js.map +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["2fregistration.js"],"names":["delete2F","displayError","setMsg","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","match","device","epoch","ajax","type","url","portal","data","dataType","success","resp","result","hide","document","ready","on","this","attr","each","myDate","Date","text","toLocaleString","call"],"mappings":"CAMA,WACE,IAAIA,EAAUC,EAAcC,EAE5BA,EAAS,SAASC,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,gEACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCH,EAAe,SAASU,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GAC1BA,EAAIQ,MAAM,UACLpB,EAAO,gBAAiB,WAExBA,EAAOY,EAAK,YAKzBd,EAAW,SAASuB,EAAQC,GAU1B,MATe,QAAXD,EACFA,EAAS,IACW,QAAXA,EACTA,EAAS,UACW,SAAXA,EACTA,EAAS,OAETrB,EAAO,YAAa,WAEfG,EAAEoB,KAAK,CAAAC,KACN,OADMC,IAEPC,OAAS,eAAiBL,EAAS,UAF5BM,KAGN,CACJL,MAAOA,GAJGM,SAMF,OANEV,MAoBLnB,EApBK8B,QAQH,SAASC,GAChB,OAAIA,EAAKZ,MACHY,EAAKZ,MAAME,MAAM,iBACZpB,EAAO,gBAAiB,WAExBA,EAAO,gBAAiB,WAExB8B,EAAKC,QACd5B,EAAE,WAAamB,GAAOU,OACfhC,EAAO,wBAAyB,kBAFlC,MASbG,EAAE8B,UAAUC,MAAM,WAKhB,OAJA/B,EAAE,QAAQgC,GAAG,QAAS,cAAe,WACnC,OAAOrC,EAASK,EAAEiC,MAAMC,KAAK,UAAWlC,EAAEiC,MAAMC,KAAK,YAEvDlC,EAAE,WAAWkC,KAAK,OAAQX,QACnBvB,EAAE,eAAemC,KAAK,WAC3B,IAAIC,EAEJ,OADAA,EAAS,IAAIC,KAAsB,IAAjBrC,EAAEiC,MAAMK,QACnBtC,EAAEiC,MAAMK,KAAKF,EAAOG,wBAI9BC,KAAKP"} \ No newline at end of file +{"version":3,"sources":["2fregistration.js"],"names":["delete2F","displayError","setMsg","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","match","device","epoch","ajax","type","url","portal","data","dataType","success","resp","result","hide","document","ready","on","this","attr","each","myDate","Date","text","toLocaleString","call"],"mappings":"CAMA,WACE,IAAIA,EAAUC,EAAcC,EAE5BA,EAAS,SAASC,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,gEACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCH,EAAe,SAASU,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GAC1BA,EAAIQ,MAAM,UACLpB,EAAO,gBAAiB,WAExBA,EAAOY,EAAK,YAKzBd,EAAW,SAASuB,EAAQC,GAU1B,MATe,QAAXD,EACFA,EAAS,IACW,QAAXA,EACTA,EAAS,UACW,SAAXA,EACTA,EAAS,OAETrB,EAAO,YAAa,WAEfG,EAAEoB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,eAAiBL,EAAS,UACxCM,KAAM,CACJL,MAAOA,GAETM,SAAU,OACVV,MAAOnB,EACP8B,QAAS,SAASC,GAChB,OAAIA,EAAKZ,MACHY,EAAKZ,MAAME,MAAM,iBACZpB,EAAO,gBAAiB,WAExBA,EAAO,gBAAiB,WAExB8B,EAAKC,QACd5B,EAAE,WAAamB,GAAOU,OACfhC,EAAO,wBAAyB,kBAFlC,GAKTkB,MAAOnB,KAIXI,EAAE8B,UAAUC,MAAM,WAKhB,OAJA/B,EAAE,QAAQgC,GAAG,QAAS,cAAe,WACnC,OAAOrC,EAASK,EAAEiC,MAAMC,KAAK,UAAWlC,EAAEiC,MAAMC,KAAK,YAEvDlC,EAAE,WAAWkC,KAAK,OAAQX,QACnBvB,EAAE,eAAemC,KAAK,WAC3B,IAAIC,EAEJ,OADAA,EAAS,IAAIC,KAAsB,IAAjBrC,EAAEiC,MAAMK,QACnBtC,EAAEiC,MAAMK,KAAKF,EAAOG,wBAI9BC,KAAKP"} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js b/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js index 137d3077d..d81876f31 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { $(document).ready(function() { return $('#upgrd').submit(); diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/captcha.js b/lemonldap-ng-portal/site/htdocs/static/common/js/captcha.js index 0d8797a93..220b180da 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/captcha.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/captcha.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { var renewCaptcha; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js index 8fca7d160..2d63e379f 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { var go, i, timer, timerIsEnabled; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/globalLogout.js b/lemonldap-ng-portal/site/htdocs/static/common/js/globalLogout.js index fad1f323e..ea03c28c6 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/globalLogout.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/globalLogout.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { var go, i, timer; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js index 69ddfed0a..02947496c 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { $(document).ready(function() { return $(".idploop").on('click', function() { diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/info.js b/lemonldap-ng-portal/site/htdocs/static/common/js/info.js index 6bf8ecf1f..81246c62a 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/info.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/info.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { var _go, go, i, stop, timer; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js index 6168144a1..c8779304c 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { $(document).ready(function() { return $.ajax((window.location.href.match(/\/upgradesession/) ? window.location.href : portal) + '?kerberos=1', { diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.js b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.js index 329b94055..c6c4f7f48 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { $(document).ready(function() { return $.ajax(portal + '?kerberos=1', { diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/notifications.js b/lemonldap-ng-portal/site/htdocs/static/common/js/notifications.js index cb108ec9f..c2315d22a 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/notifications.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/notifications.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 /* LemonLDAP::NG Notifications script diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.js b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.js index e11f8eb23..c0607384b 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { var values; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js index d91f5a301..05d834a13 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js @@ -1 +1 @@ -(function(){var o;o={},$(document).ready(function(){return $("script[type='application/init']").each(function(){var e,n,t;try{for(e in t=JSON.parse($(this).text()),n=[],t)n.push(o[e]=t[e]);return n}catch(e){return console.log("Parsing error",e)}}),window.addEventListener("message",function(e){var n,t,o,r,i;return t=e.data,console.log("message=",t),n=decodeURIComponent(t.split(" ")[0]),r=decodeURIComponent(t.split(" ")[1]),o=decodeURIComponent(r.split(".")[1]),i=r===btoa(n+" "+e.origin+" "+o)+"."+o?"unchanged":"changed",e.source.postMessage(i,e.origin)},!1)})}).call(this); \ No newline at end of file +(function(){var r;r={},$(document).ready(function(){return $("script[type='application/init']").each(function(){var n,e,t,o;try{for(e in o=JSON.parse($(this).text()),t=[],o)t.push(r[e]=o[e]);return t}catch(e){return n=e,console.log("Parsing error",n)}}),window.addEventListener("message",function(e){var n,t,o,r,i;return t=e.data,console.log("message=",t),n=decodeURIComponent(t.split(" ")[0]),r=decodeURIComponent(t.split(" ")[1]),o=decodeURIComponent(r.split(".")[1]),i=r===btoa(n+" "+e.origin+" "+o)+"."+o?"unchanged":"changed",e.source.postMessage(i,e.origin)},!1)})}).call(this); \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js.map index b1077f76a..f787aa8cc 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js.map +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["oidcchecksession.js"],"names":["values","$","document","ready","each","k","results","tmp","JSON","parse","this","text","push","error","console","log","window","addEventListener","e","client_id","message","salt","session_state","stat","data","decodeURIComponent","split","btoa","origin","source","postMessage","call"],"mappings":"CACA,WACE,IAAIA,EAEJA,EAAS,GAETC,EAAEC,UAAUC,MAAM,WAehB,OAdAF,EAAE,mCAAmCG,KAAK,WACxC,IAAOC,EAAGC,EAASC,EACnB,IAGE,IAAKF,KAFLE,EAAMC,KAAKC,MAAMR,EAAES,MAAMC,QACzBL,EAAU,GACAC,EACRD,EAAQM,KAAKZ,EAAOK,GAAKE,EAAIF,IAE/B,OAAOC,EACP,MAAOO,GAEP,OAAOC,QAAQC,IAAI,gBADfF,MAIDG,OAAOC,iBAAiB,UAAW,SAASC,GACjD,IAAIC,EAAWC,EAASC,EAAMC,EAAmBC,EAYjD,OAXAH,EAAUF,EAAEM,KACZV,QAAQC,IAAI,WAAYK,GACxBD,EAAYM,mBAAmBL,EAAQM,MAAM,KAAK,IAClDJ,EAAgBG,mBAAmBL,EAAQM,MAAM,KAAK,IACtDL,EAAOI,mBAAmBH,EAAcI,MAAM,KAAK,IAGjDH,EADED,IADCK,KAAKR,EAAY,IAAMD,EAAEU,OAAS,IAAMP,GAAQ,IAAMA,EAElD,YAEA,UAEFH,EAAEW,OAAOC,YAAYP,EAAML,EAAEU,UACnC,OAGJG,KAAKrB"} \ No newline at end of file +{"version":3,"sources":["oidcchecksession.js"],"names":["values","$","document","ready","each","e","k","results","tmp","JSON","parse","this","text","push","error","console","log","window","addEventListener","client_id","message","salt","session_state","stat","data","decodeURIComponent","split","btoa","origin","source","postMessage","call"],"mappings":"CACA,WACE,IAAIA,EAEJA,EAAS,GAETC,EAAEC,UAAUC,MAAM,WAehB,OAdAF,EAAE,mCAAmCG,KAAK,WACxC,IAAIC,EAAGC,EAAGC,EAASC,EACnB,IAGE,IAAKF,KAFLE,EAAMC,KAAKC,MAAMT,EAAEU,MAAMC,QACzBL,EAAU,GACAC,EACRD,EAAQM,KAAKb,EAAOM,GAAKE,EAAIF,IAE/B,OAAOC,EACP,MAAOO,GAEP,OADAT,EAAIS,EACGC,QAAQC,IAAI,gBAAiBX,MAGjCY,OAAOC,iBAAiB,UAAW,SAASb,GACjD,IAAIc,EAAWC,EAASC,EAAMC,EAAmBC,EAYjD,OAXAH,EAAUf,EAAEmB,KACZT,QAAQC,IAAI,WAAYI,GACxBD,EAAYM,mBAAmBL,EAAQM,MAAM,KAAK,IAClDJ,EAAgBG,mBAAmBL,EAAQM,MAAM,KAAK,IACtDL,EAAOI,mBAAmBH,EAAcI,MAAM,KAAK,IAGjDH,EADED,IADCK,KAAKR,EAAY,IAAMd,EAAEuB,OAAS,IAAMP,GAAQ,IAAMA,EAElD,YAEA,UAEFhB,EAAEwB,OAAOC,YAAYP,EAAMlB,EAAEuB,UACnC,OAGJG,KAAKpB"} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.js b/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.js index 5a32e6e20..acba6e604 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { document.onreadystatechange = function() { var redirect; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.js b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.js index 300f1d77e..03318bdf9 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.js @@ -15,7 +15,6 @@ go = function() { return Fingerprint2.get(function(components) { var result, values; - console.error(components); values = components.map((function(_this) { return function(component) { return component.value; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js index d2b008001..918346ac4 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js @@ -1 +1 @@ -(function(){var n;$(document).ready(function(){return window.requestIdleCallback?requestIdleCallback(function(){return n()}):setTimeout(n,500)}),n=function(){return Fingerprint2.get(function(n){var r,t;return console.error(n),t=n.map(function(n){return n.value}),r=Fingerprint2.x64hash128(t.join(""),31),$("#fg").attr("value",r),$("#form").submit()})}}).call(this); \ No newline at end of file +(function(){var n;$(document).ready(function(){return window.requestIdleCallback?requestIdleCallback(function(){return n()}):setTimeout(n,500)}),n=function(){return Fingerprint2.get(function(n){var t,r;return r=n.map(function(n){return n.value}),t=Fingerprint2.x64hash128(r.join(""),31),$("#fg").attr("value",t),$("#form").submit()})}}).call(this); \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js.map index 92b44a523..a3bea04d9 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js.map +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["registerbrowser.js"],"names":["go","$","document","ready","window","requestIdleCallback","setTimeout","Fingerprint2","get","components","result","values","console","error","map","component","value","x64hash128","join","attr","submit","call","this"],"mappings":"CACA,WACE,IAAIA,EAEJC,EAAEC,UAAUC,MAAM,WAChB,OAAIC,OAAOC,oBACFA,oBAAoB,WACzB,OAAOL,MAGFM,WAAWN,EAAI,OAI1BA,EAAK,WACH,OAAOO,aAAaC,IAAI,SAASC,GAC/B,IAAIC,EAAQC,EASZ,OARAC,QAAQC,MAAMJ,GACdE,EAASF,EAAWK,IACX,SAASC,GACd,OAAOA,EAAUC,QAGrBN,EAASH,aAAaU,WAAWN,EAAOO,KAAK,IAAK,IAClDjB,EAAE,OAAOkB,KAAK,QAAST,GAChBT,EAAE,SAASmB,cAIrBC,KAAKC"} \ No newline at end of file +{"version":3,"sources":["registerbrowser.js"],"names":["go","$","document","ready","window","requestIdleCallback","setTimeout","Fingerprint2","get","components","result","values","map","component","value","x64hash128","join","attr","submit","call","this"],"mappings":"CACA,WACE,IAAIA,EAEJC,EAAEC,UAAUC,MAAM,WAChB,OAAIC,OAAOC,oBACFA,oBAAoB,WACzB,OAAOL,MAGFM,WAAWN,EAAI,OAI1BA,EAAK,WACH,OAAOO,aAAaC,IAAI,SAASC,GAC/B,IAAIC,EAAQC,EAQZ,OAPAA,EAASF,EAAWG,IACX,SAASC,GACd,OAAOA,EAAUC,QAGrBJ,EAASH,aAAaQ,WAAWJ,EAAOK,KAAK,IAAK,IAClDf,EAAE,OAAOgB,KAAK,QAASP,GAChBT,EAAE,SAASiB,cAIrBC,KAAKC"} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js index 4a369e024..2a9f924d3 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { var sendUrl, tryssl; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js index a2923cbb6..6495d7883 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 (function() { var sendUrl, tryssl; diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js index bcb855165..3089b99f6 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js @@ -1 +1 @@ -(function(){var a=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,t){var o;if(console.log("Error",t),(o=JSON.parse(e.responseText))&&o.error)return o=o.error.replace(/.* /,""),console.log("Returned error",o),a(o,"warning")},t="",e=function(e){return a("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:e},error:r,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),a(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?a("yourNewTotpKey","warning"):a("yourTotpKey","success"),t=e.token):a("PE24","danger")}})},o=function(){var e=$("#code").val();return e?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:t,code:e,TOTPName:$("#TOTPName").val()},error:r,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?a(e.error,"warning"):a(e.error,"danger"):a("yourKeyIsRegistered","success")}}):a("fillTheForm","warning")};$(document).ready(function(){return e(0),$("#changekey").on("click",function(){return e(1)}),$("#verify").on("click",o)})}).call(this); \ No newline at end of file +(function(){var r,e,n,t,o;n=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,t){var o;if(console.log("Error",t),(o=JSON.parse(e.responseText))&&o.error)return o=o.error.replace(/.* /,""),console.log("Returned error",o),n(o,"warning")},t="",e=function(e){return n("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:e},error:r,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),n(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?n("yourNewTotpKey","warning"):n("yourTotpKey","success"),t=e.token):n("PE24","danger")}})},o=function(){var e;return(e=$("#code").val())?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:t,code:e,TOTPName:$("#TOTPName").val()},error:r,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?n(e.error,"warning"):n(e.error,"danger"):n("yourKeyIsRegistered","success")}}):n("fillTheForm","warning")},$(document).ready(function(){return e(0),$("#changekey").on("click",function(){return e(1)}),$("#verify").on("click",function(){return o()})})}).call(this); \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map index 39652ec7c..faf728c05 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["totpregistration.js"],"names":["setMsg","msg","level","$","html","window","translate","removeClass","addClass","displayError","j","status","err","res","console","log","JSON","parse","responseText","error","replace","token","getKey","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","verify","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,IAEAA,EAAS,SAASC,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCO,EAAe,SAASC,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBb,EAAOa,EAAK,YAIvBQ,EAAQ,GAERC,EAAS,SAASC,GAEhB,OADAvB,EAAO,cAAe,WACfG,EAAEqB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJC,OAAQP,GAEVJ,MAAOV,EACPsB,QAAS,SAASF,GAChB,IAAQG,EACR,OAAIH,EAAKV,OACHU,EAAKV,MAAMc,MAAM,oBACnB9B,EAAE,cAAc+B,OAEXlC,EAAO6B,EAAKV,MAAO,YAEtBU,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvCjC,EAAE,cAAckC,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,IAAIC,OAAO,CACdC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAER3C,EAAE,eAAe4C,KAAKf,GAClBH,EAAKC,OACP9B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBqB,EAAQQ,EAAKR,OArBXrB,EAAO,OAAQ,cA0B9BgD,EAAS,WACP,IACAC,EAAM9C,EAAE,SAAS8C,MACjB,OAAKA,EAGI9C,EAAEqB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJR,MAAOA,EACP6B,KAAMD,EACNE,SAAUhD,EAAE,aAAa8C,OAE3B9B,MAAOV,EACPsB,QAAS,SAASF,GAChB,OAAIA,EAAKV,MACHU,EAAKV,MAAMc,MAAM,kBACZjC,EAAO6B,EAAKV,MAAO,WAEnBnB,EAAO6B,EAAKV,MAAO,UAGrBnB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCG,EAAEwC,UAAUS,MAAM,WAKhB,OAJA9B,EAAO,GACPnB,EAAE,cAAckD,GAAG,QAAS,WAC1B,OAAO/B,EAAO,KAETnB,EAAE,WAAWkD,GAAG,QACdL,OAIVM,KAAKC"} \ No newline at end of file +{"version":3,"sources":["totpregistration.js"],"names":["displayError","getKey","setMsg","token","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,IAAIA,EAAcC,EAAQC,EAAQC,EAAOC,EAEzCF,EAAS,SAASG,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCN,EAAe,SAASa,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBd,EAAOc,EAAK,YAIvBb,EAAQ,GAERF,EAAS,SAASuB,GAEhB,OADAtB,EAAO,cAAe,WACfK,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJC,OAAQP,GAEVF,MAAOtB,EACPgC,QAAS,SAASF,GAChB,IAAQG,EACR,OAAIH,EAAKR,OACHQ,EAAKR,MAAMY,MAAM,oBACnB3B,EAAE,cAAc4B,OAEXjC,EAAO4B,EAAKR,MAAO,YAEtBQ,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvC9B,EAAE,cAAc+B,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,IAAIC,OAAO,CACdC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAERxC,EAAE,eAAeyC,KAAKf,GAClBH,EAAKC,OACP7B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBC,EAAQ2B,EAAK3B,OArBXD,EAAO,OAAQ,cA0B9BE,EAAS,WACP,IAAI6C,EAEJ,OADAA,EAAM1C,EAAE,SAAS0C,OAIR1C,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJ3B,MAAOA,EACP+C,KAAMD,EACNE,SAAU5C,EAAE,aAAa0C,OAE3B3B,MAAOtB,EACPgC,QAAS,SAASF,GAChB,OAAIA,EAAKR,MACHQ,EAAKR,MAAMY,MAAM,kBACZhC,EAAO4B,EAAKR,MAAO,WAEnBpB,EAAO4B,EAAKR,MAAO,UAGrBpB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCK,EAAEqC,UAAUQ,MAAM,WAKhB,OAJAnD,EAAO,GACPM,EAAE,cAAc8C,GAAG,QAAS,WAC1B,OAAOpD,EAAO,KAETM,EAAE,WAAW8C,GAAG,QAAS,WAC9B,OAAOjD,UAIVkD,KAAKC"} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.js b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.js index e8a9de9d0..75bd92fd0 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.12.7 +// Generated by CoffeeScript 1.12.8 /* LemonLDAP::NG U2F verify script diff --git a/lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t b/lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t new file mode 100644 index 000000000..694513e95 --- /dev/null +++ b/lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t @@ -0,0 +1,469 @@ +use Test::More; +use strict; +use IO::String; +use JSON qw(to_json from_json); + +BEGIN { + require 't/test-lib.pm'; +} +my $maintests = 64; + +SKIP: { + require Lemonldap::NG::Common::TOTP; + eval { require Crypt::U2F::Server; require Authen::U2F::Tester }; + if ( $@ or $Crypt::U2F::Server::VERSION < 0.42 ) { + skip 'Missing U2F libraries', $maintests; + } + eval { require Convert::Base32 }; + if ($@) { + skip 'Convert::Base32 is missing'; + } + my $res; + my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + authentication => 'Demo', + userDB => 'Same', + portalMainLogo => 'common/logos/logo_llng_old.png', + contextSwitchingRule => 1, + contextSwitchingStopWithLogout => 0, + contextSwitchingAllowed2fModifications => 1, + totp2fSelfRegistration => 1, + totp2fActivation => 1, + u2fSelfRegistration => 1, + u2fActivation => 1, + } + } + ); + + ## Try to authenticate + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + my ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password' ); + + $query =~ s/user=/user=rtyler/; + $query =~ s/password=/password=rtyler/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Auth query' + ); + my $id = expectCookie($res); + expectRedirection( $res, 'http://auth.example.com/' ); + + # Get Menu + # ------------------------ + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu', + ); + expectOK($res); + ok( + $res->[2]->[0] =~ + m%Connected as rtyler%, + 'Connected as rtyler' + ) or print STDERR Dumper( $res->[2]->[0] ); + expectAuthenticatedAs( $res, 'rtyler' ); + ok( + $res->[2]->[0] =~ + m%contextSwitching_ON%, + 'contextSwitching allowed' + ) or print STDERR Dumper( $res->[2]->[0] ); + + ## Try to register a TOTP + # TOTP form + my ( $key, $token, $code ); + ok( + $res = $client->_get( + '/2fregisters/totp', + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' ); + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + + # JS query + ok( + $res = $client->_post( + '/2fregisters/totp/getkey', IO::String->new(''), + cookie => "lemonldap=$id", + length => 0, + ), + 'Get new key' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + ok( $key = $res->{secret}, 'Found secret' ) or print STDERR Dumper($res); + ok( $token = $res->{token}, 'Found token' ) or print STDERR Dumper($res); + ok( $res->{user} eq 'rtyler', 'Found user' ) + or print STDERR Dumper($res); + $key = Convert::Base32::decode_base32($key); + + # Post code + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + ok( $code =~ /^\d{6}$/, 'Code contains 6 digits' ); + my $s = "code=$code&token=$token&TOTPName=myTOTP"; + ok( + $res = $client->_post( + '/2fregisters/totp/verify', + IO::String->new($s), + length => length($s), + cookie => "lemonldap=$id", + ), + 'Post code' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + ok( $res->{result} == 1, 'TOTP is registered' ); + + ## Try to register an U2F key + ok( + $res = $client->_get( + '/2fregisters/u', + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /u2fregistration\.(?:min\.)?js/, 'Found U2F js' ); + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + + # Ajax registration request + ok( + $res = $client->_post( + '/2fregisters/u/register', IO::String->new(''), + accept => 'application/json', + cookie => "lemonldap=$id", + length => 0, + ), + 'Get registration challenge' + ); + expectOK($res); + my $data; + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( ( $data->{challenge} and $data->{appId} ), ' Get challenge and appId' ) + or explain( $data, 'challenge and appId' ); + + # Build U2F tester + my $tester = Authen::U2F::Tester->new( + certificate => Crypt::OpenSSL::X509->new_from_string( + '-----BEGIN CERTIFICATE----- +MIIB6DCCAY6gAwIBAgIJAJKuutkN2sAfMAoGCCqGSM49BAMCME8xCzAJBgNVBAYT +AlVTMQ4wDAYDVQQIDAVUZXhhczEaMBgGA1UECgwRVW50cnVzdGVkIFUyRiBPcmcx +FDASBgNVBAMMC3ZpcnR1YWwtdTJmMB4XDTE4MDMyODIwMTc1OVoXDTI3MTIyNjIw +MTc1OVowTzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRowGAYDVQQKDBFV +bnRydXN0ZWQgVTJGIE9yZzEUMBIGA1UEAwwLdmlydHVhbC11MmYwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQTij+9mI1FJdvKNHLeSQcOW4ob3prvIXuEGJMrQeJF +6OYcgwxrVqsmNMl5w45L7zx8ryovVOti/mtqkh2pQjtpo1MwUTAdBgNVHQ4EFgQU +QXKKf+rrZwA4WXDCU/Vebe4gYXEwHwYDVR0jBBgwFoAUQXKKf+rrZwA4WXDCU/Ve +be4gYXEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAiCdOEmw5 +hknzHR1FoyFZKRrcJu17a1PGcqTFMJHTC70CIHeCZ8KVuuMIPjoofQd1l1E221rv +RJY1Oz1fUNbrIPsL +-----END CERTIFICATE-----', Crypt::OpenSSL::X509::FORMAT_PEM() + ), + key => Crypt::PK::ECC->new( + \'-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIOdbZw1swQIL+RZoDQ9zwjWY5UjA1NO81WWjwbmznUbgoAoGCCqGSM49 +AwEHoUQDQgAEE4o/vZiNRSXbyjRy3kkHDluKG96a7yF7hBiTK0HiRejmHIMMa1ar +JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ== +-----END EC PRIVATE KEY-----' + ), + ); + my $r = $tester->register( $data->{appId}, $data->{challenge} ); + ok( $r->is_success, ' Good challenge value' ) + or diag( $r->error_message ); + + my $registrationData = JSON::to_json( { + clientData => $r->client_data, + errorCode => 0, + registrationData => $r->registration_data, + version => "U2F_V2" + } + ); + ( $host, $url, $query ); + $query = Lemonldap::NG::Common::FormEncode::build_urlencoded( + registration => $registrationData, + challenge => $res->[2]->[0], + ); + + ok( + $res = $client->_post( + '/2fregisters/u/registration', IO::String->new($query), + length => length($query), + accept => 'application/json', + cookie => "lemonldap=$id", + ), + 'Push registration data' + ); + expectOK($res); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( $data->{result} == 1, 'U2F key is registered' ) + or explain( $data, '"result":1' ); + + $client->logout($id); + + ## Try to authenticate + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password' ); + + $query =~ s/user=/user=rtyler/; + $query =~ s/password=/password=rtyler/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Auth query' + ); + ( $host, $url, $query ) = expectForm( $res, undef, '/2fchoice', 'token' ); + $query .= '&sf=totp'; + ok( + $res = $client->_post( + '/2fchoice', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post TOTP choice' + ); + ( $host, $url, $query ) = + expectForm( $res, undef, '/totp2fcheck', 'token' ); + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + $query =~ s/code=/code=$code/; + ok( + $res = $client->_post( + '/totp2fcheck', IO::String->new($query), + length => length($query), + ), + 'Post code' + ); + $id = expectCookie($res); + + # Get Menu + # ------------------------ + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu', + ); + expectOK($res); + expectAuthenticatedAs( $res, 'rtyler' ); + + # Try to switch context 'dwho' + # ContextSwitching form + ok( + $res = $client->_get( + '/switchcontext', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'ContextSwitching form', + ); + + ( $host, $url, $query ) = + expectForm( $res, undef, '/switchcontext', 'spoofId' ); + ok( $res->[2]->[0] =~ m%%, + 'Found trspan="contextSwitching_ON"' ) + or explain( $res->[2]->[0], 'trspan="contextSwitching_ON"' ); + + ## POST form + $query =~ s/spoofId=/spoofId=dwho/; + ok( + $res = $client->_post( + '/switchcontext', + IO::String->new($query), + cookie => "lemonldap=$id", + length => length($query), + accept => 'text/html', + ), + 'POST switchcontext' + ); + expectRedirection( $res, 'http://auth.example.com/' ); + my $id2 = expectCookie($res); + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id2", + accept => 'text/html' + ), + 'Get Menu', + ); + expectAuthenticatedAs( $res, 'dwho' ); + ok( $res->[2]->[0] =~ m%%, + 'Found trspan="contextSwitching_OFF"' ) + or explain( $res->[2]->[0], 'trspan="contextSwitching_OFF"' ); + + # 2fregisters + ok( + $res = $client->_get( + '/2fregisters', + cookie => "lemonldap=$id2", + accept => 'text/html', + ), + 'Form 2fregisters' + ); + ok( $res->[2]->[0] =~ //, + 'Found choose 2F' ) + or print STDERR Dumper( $res->[2]->[0] ); + my $devices; + ok( $devices = $res->[2]->[0] =~ s%[2]->[0] ); + ok( $devices == 2, 'two 2F devices found' ) + or explain( $devices, 'Two 2F devices registered' ); + + ## Try to register a TOTP + # TOTP form + ok( + $res = $client->_get( + '/2fregisters/totp', + cookie => "lemonldap=$id2", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' ) + or print STDERR Dumper( $res->[2]->[0] ); + + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + + # JS query + ok( + $res = $client->_post( + '/2fregisters/totp/getkey', IO::String->new(''), + cookie => "lemonldap=$id2", + length => 0, + ), + 'Get new key' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + ok( $res->{error} eq 'totpExistingKey', 'TOTP already registered' ) + or explain( $res, 'Bad result' ); + + # Try to unregister TOTP + ok( + $res = $client->_post( + '/2fregisters/totp/delete', + IO::String->new("epoch=1234567890"), + length => 16, + cookie => "lemonldap=$id2", + ), + 'Delete TOTP query' + ); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( + $data->{error} eq '2FDeviceNotFound', '2F device not found' + ) or explain( $data, 'Bad result' ); + + # Try to verify TOTP + $s = "code=123456&token=1234567890&TOTPName=myTOTP"; + ok( + $res = $client->_post( + '/2fregisters/totp/verify', + IO::String->new($s), + length => length($s), + cookie => "lemonldap=$id2", + ), + 'Post code' + ); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( $data->{error} eq 'PE82', 'PE82' ) + or explain( $data, 'Bad result' ); + + ## Try to register an U2F key + # U2F form + ok( + $res = $client->_get( + '/2fregisters/u', + cookie => "lemonldap=$id2", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /u2fregistration\.(?:min\.)?js/, 'Found U2F js' ); + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + + # Ajax registration request + ok( + $res = $client->_post( + '/2fregisters/u/register', IO::String->new(''), + accept => 'application/json', + cookie => "lemonldap=$id2", + length => 0, + ), + 'Get registration challenge' + ); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( + $data->{challenge} =~ /\w+/, 'Get challenge' + ) or explain( $data, 'Bad result' ); + + # Try to unregister U2F key + ok( + $res = $client->_post( + '/2fregisters/u/delete', + IO::String->new("epoch=1234567890"), + length => 16, + cookie => "lemonldap=$id2", + ), + 'Delete U2F key query' + ); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( + $data->{error} eq '2FDeviceNotFound', '2F device not found' + ) or explain( $data, 'Bad result' ); + + $client->logout($id); + $client->logout($id2); +} + +count($maintests); + +clean_sessions(); +done_testing( count() ); diff --git a/lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t b/lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t new file mode 100644 index 000000000..9f017d3ae --- /dev/null +++ b/lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t @@ -0,0 +1,469 @@ +use Test::More; +use strict; +use IO::String; +use JSON qw(to_json from_json); + +BEGIN { + require 't/test-lib.pm'; +} +my $maintests = 63; + +SKIP: { + require Lemonldap::NG::Common::TOTP; + eval { require Crypt::U2F::Server; require Authen::U2F::Tester }; + if ( $@ or $Crypt::U2F::Server::VERSION < 0.42 ) { + skip 'Missing U2F libraries', $maintests; + } + eval { require Convert::Base32 }; + if ($@) { + skip 'Convert::Base32 is missing'; + } + my $res; + my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + authentication => 'Demo', + userDB => 'Same', + portalMainLogo => 'common/logos/logo_llng_old.png', + contextSwitchingRule => 1, + contextSwitchingStopWithLogout => 0, + contextSwitchingAllowed2fModifications => 0, + totp2fSelfRegistration => 1, + totp2fActivation => 1, + u2fSelfRegistration => 1, + u2fActivation => 1, + } + } + ); + + ## Try to authenticate + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + my ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password' ); + + $query =~ s/user=/user=rtyler/; + $query =~ s/password=/password=rtyler/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Auth query' + ); + my $id = expectCookie($res); + expectRedirection( $res, 'http://auth.example.com/' ); + + # Get Menu + # ------------------------ + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu', + ); + expectOK($res); + ok( + $res->[2]->[0] =~ + m%Connected as rtyler%, + 'Connected as rtyler' + ) or print STDERR Dumper( $res->[2]->[0] ); + expectAuthenticatedAs( $res, 'rtyler' ); + ok( + $res->[2]->[0] =~ + m%contextSwitching_ON%, + 'contextSwitching allowed' + ) or print STDERR Dumper( $res->[2]->[0] ); + + ## Try to register a TOTP + # TOTP form + my ( $key, $token, $code ); + ok( + $res = $client->_get( + '/2fregisters/totp', + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' ); + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + + # JS query + ok( + $res = $client->_post( + '/2fregisters/totp/getkey', IO::String->new(''), + cookie => "lemonldap=$id", + length => 0, + ), + 'Get new key' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + ok( $key = $res->{secret}, 'Found secret' ) or print STDERR Dumper($res); + ok( $token = $res->{token}, 'Found token' ) or print STDERR Dumper($res); + ok( $res->{user} eq 'rtyler', 'Found user' ) + or print STDERR Dumper($res); + $key = Convert::Base32::decode_base32($key); + + # Post code + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + ok( $code =~ /^\d{6}$/, 'Code contains 6 digits' ); + my $s = "code=$code&token=$token&TOTPName=myTOTP"; + ok( + $res = $client->_post( + '/2fregisters/totp/verify', + IO::String->new($s), + length => length($s), + cookie => "lemonldap=$id", + ), + 'Post code' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + ok( $res->{result} == 1, 'TOTP is registered' ); + + ## Try to register an U2F key + ok( + $res = $client->_get( + '/2fregisters/u', + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /u2fregistration\.(?:min\.)?js/, 'Found U2F js' ); + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + + # Ajax registration request + ok( + $res = $client->_post( + '/2fregisters/u/register', IO::String->new(''), + accept => 'application/json', + cookie => "lemonldap=$id", + length => 0, + ), + 'Get registration challenge' + ); + expectOK($res); + my $data; + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( ( $data->{challenge} and $data->{appId} ), ' Get challenge and appId' ) + or explain( $data, 'challenge and appId' ); + + # Build U2F tester + my $tester = Authen::U2F::Tester->new( + certificate => Crypt::OpenSSL::X509->new_from_string( + '-----BEGIN CERTIFICATE----- +MIIB6DCCAY6gAwIBAgIJAJKuutkN2sAfMAoGCCqGSM49BAMCME8xCzAJBgNVBAYT +AlVTMQ4wDAYDVQQIDAVUZXhhczEaMBgGA1UECgwRVW50cnVzdGVkIFUyRiBPcmcx +FDASBgNVBAMMC3ZpcnR1YWwtdTJmMB4XDTE4MDMyODIwMTc1OVoXDTI3MTIyNjIw +MTc1OVowTzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRowGAYDVQQKDBFV +bnRydXN0ZWQgVTJGIE9yZzEUMBIGA1UEAwwLdmlydHVhbC11MmYwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQTij+9mI1FJdvKNHLeSQcOW4ob3prvIXuEGJMrQeJF +6OYcgwxrVqsmNMl5w45L7zx8ryovVOti/mtqkh2pQjtpo1MwUTAdBgNVHQ4EFgQU +QXKKf+rrZwA4WXDCU/Vebe4gYXEwHwYDVR0jBBgwFoAUQXKKf+rrZwA4WXDCU/Ve +be4gYXEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAiCdOEmw5 +hknzHR1FoyFZKRrcJu17a1PGcqTFMJHTC70CIHeCZ8KVuuMIPjoofQd1l1E221rv +RJY1Oz1fUNbrIPsL +-----END CERTIFICATE-----', Crypt::OpenSSL::X509::FORMAT_PEM() + ), + key => Crypt::PK::ECC->new( + \'-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIOdbZw1swQIL+RZoDQ9zwjWY5UjA1NO81WWjwbmznUbgoAoGCCqGSM49 +AwEHoUQDQgAEE4o/vZiNRSXbyjRy3kkHDluKG96a7yF7hBiTK0HiRejmHIMMa1ar +JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ== +-----END EC PRIVATE KEY-----' + ), + ); + my $r = $tester->register( $data->{appId}, $data->{challenge} ); + ok( $r->is_success, ' Good challenge value' ) + or diag( $r->error_message ); + + my $registrationData = JSON::to_json( { + clientData => $r->client_data, + errorCode => 0, + registrationData => $r->registration_data, + version => "U2F_V2" + } + ); + ( $host, $url, $query ); + $query = Lemonldap::NG::Common::FormEncode::build_urlencoded( + registration => $registrationData, + challenge => $res->[2]->[0], + ); + + ok( + $res = $client->_post( + '/2fregisters/u/registration', IO::String->new($query), + length => length($query), + accept => 'application/json', + cookie => "lemonldap=$id", + ), + 'Push registration data' + ); + expectOK($res); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( $data->{result} == 1, 'U2F key is registered' ) + or explain( $data, '"result":1' ); + + $client->logout($id); + + ## Try to authenticate + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password' ); + + $query =~ s/user=/user=rtyler/; + $query =~ s/password=/password=rtyler/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Auth query' + ); + ( $host, $url, $query ) = expectForm( $res, undef, '/2fchoice', 'token' ); + $query .= '&sf=totp'; + ok( + $res = $client->_post( + '/2fchoice', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post TOTP choice' + ); + ( $host, $url, $query ) = + expectForm( $res, undef, '/totp2fcheck', 'token' ); + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + $query =~ s/code=/code=$code/; + ok( + $res = $client->_post( + '/totp2fcheck', IO::String->new($query), + length => length($query), + ), + 'Post code' + ); + $id = expectCookie($res); + + # Get Menu + # ------------------------ + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu', + ); + expectOK($res); + expectAuthenticatedAs( $res, 'rtyler' ); + + # Try to switch context 'dwho' + # ContextSwitching form + ok( + $res = $client->_get( + '/switchcontext', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'ContextSwitching form', + ); + + ( $host, $url, $query ) = + expectForm( $res, undef, '/switchcontext', 'spoofId' ); + ok( $res->[2]->[0] =~ m%%, + 'Found trspan="contextSwitching_ON"' ) + or explain( $res->[2]->[0], 'trspan="contextSwitching_ON"' ); + + ## POST form + $query =~ s/spoofId=/spoofId=dwho/; + ok( + $res = $client->_post( + '/switchcontext', + IO::String->new($query), + cookie => "lemonldap=$id", + length => length($query), + accept => 'text/html', + ), + 'POST switchcontext' + ); + expectRedirection( $res, 'http://auth.example.com/' ); + my $id2 = expectCookie($res); + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id2", + accept => 'text/html' + ), + 'Get Menu', + ); + expectAuthenticatedAs( $res, 'dwho' ); + ok( $res->[2]->[0] =~ m%%, + 'Found trspan="contextSwitching_OFF"' ) + or explain( $res->[2]->[0], 'trspan="contextSwitching_OFF"' ); + + # 2fregisters + ok( + $res = $client->_get( + '/2fregisters', + cookie => "lemonldap=$id2", + accept => 'text/html', + ), + 'Form 2fregisters' + ); + ok( $res->[2]->[0] =~ //, + 'Found choose 2F' ) + or print STDERR Dumper( $res->[2]->[0] ); + ok( $res->[2]->[0] !~ m%[2]->[0] ); + + ## Try to register a TOTP + # TOTP form + ok( + $res = $client->_get( + '/2fregisters/totp', + cookie => "lemonldap=$id2", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' ) + or print STDERR Dumper( $res->[2]->[0] ); + + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + + # JS query + ok( + $res = $client->_post( + '/2fregisters/totp/getkey', IO::String->new(''), + cookie => "lemonldap=$id2", + length => 0, + ), + 'Get new key' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + ok( $res->{error} eq 'notAuthorized', 'Not authorized to register a TOTP' ) + or explain( $res, 'Bad result' ); + + # Try to unregister TOTP + ok( + $res = $client->_post( + '/2fregisters/totp/delete', + IO::String->new("epoch=1234567890"), + length => 16, + cookie => "lemonldap=$id2", + ), + 'Delete TOTP query' + ); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( + $data->{error} eq 'notAuthorized', + 'Not authorized to unregister a TOTP' + ) or explain( $data, 'Bad result' ); + + # Try to verify TOTP + $s = "code=123456&token=1234567890&TOTPName=myTOTP"; + ok( + $res = $client->_post( + '/2fregisters/totp/verify', + IO::String->new($s), + length => length($s), + cookie => "lemonldap=$id2", + ), + 'Post code' + ); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( $data->{error} eq 'notAuthorized', 'Not authorized to verify a TOTP' ) + or explain( $data, 'Bad result' ); + + ## Try to register an U2F key + # U2F form + ok( + $res = $client->_get( + '/2fregisters/u', + cookie => "lemonldap=$id2", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /u2fregistration\.(?:min\.)?js/, 'Found U2F js' ); + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + + # Ajax registration request + ok( + $res = $client->_post( + '/2fregisters/u/register', IO::String->new(''), + accept => 'application/json', + cookie => "lemonldap=$id2", + length => 0, + ), + 'Get registration challenge' + ); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( + $data->{error} eq 'notAuthorized', + 'Not authorized to register an U2F key' + ) or explain( $data, 'Bad result' ); + + # Try to unregister U2F key + ok( + $res = $client->_post( + '/2fregisters/u/delete', + IO::String->new("epoch=1234567890"), + length => 16, + cookie => "lemonldap=$id2", + ), + 'Delete U2F key query' + ); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( + $data->{error} eq 'notAuthorized', + 'Not authorized to unregister an U2F key' + ) or explain( $data, 'Bad result' ); + + $client->logout($id); + $client->logout($id2); +} + +count($maintests); + +clean_sessions(); +done_testing( count() ); diff --git a/lemonldap-ng-portal/t/68-ContextSwitching-with-Impersonation.t b/lemonldap-ng-portal/t/68-ContextSwitching-with-Impersonation.t index 969f18648..2dd8658c3 100644 --- a/lemonldap-ng-portal/t/68-ContextSwitching-with-Impersonation.t +++ b/lemonldap-ng-portal/t/68-ContextSwitching-with-Impersonation.t @@ -68,7 +68,7 @@ expectAuthenticatedAs( $res, 'dwho' ); ok( $res->[2]->[0] =~ m%contextSwitching_ON%, - 'Connected as dwho' + 'contextSwitching allowed' ) or print STDERR Dumper( $res->[2]->[0] ); count(3); diff --git a/lemonldap-ng-portal/t/68-ContextSwitching-with-Logout.t b/lemonldap-ng-portal/t/68-ContextSwitching-with-Logout.t index fa3260e47..122f5c045 100644 --- a/lemonldap-ng-portal/t/68-ContextSwitching-with-Logout.t +++ b/lemonldap-ng-portal/t/68-ContextSwitching-with-Logout.t @@ -72,7 +72,7 @@ expectAuthenticatedAs( $res, 'rtyler' ); ok( $res->[2]->[0] =~ m%contextSwitching_ON%, - 'Connected as rtyler' + 'contextSwitching allowed' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); diff --git a/lemonldap-ng-portal/t/68-ContextSwitching-with-TOTP-and-Notification.t b/lemonldap-ng-portal/t/68-ContextSwitching-with-TOTP-and-Notification.t index adcec646f..84229a9bc 100644 --- a/lemonldap-ng-portal/t/68-ContextSwitching-with-TOTP-and-Notification.t +++ b/lemonldap-ng-portal/t/68-ContextSwitching-with-TOTP-and-Notification.t @@ -135,7 +135,7 @@ expectAuthenticatedAs( $res, 'rtyler' ); ok( $res->[2]->[0] =~ m%contextSwitching_ON%, - 'Connected as rtyler' + 'contextSwitching allowed' ) or print STDERR Dumper( $res->[2]->[0] ); count(3); diff --git a/lemonldap-ng-portal/t/68-ContextSwitching-with-UnrestrictedUser.t b/lemonldap-ng-portal/t/68-ContextSwitching-with-UnrestrictedUser.t index 51e26cb21..be219ed01 100644 --- a/lemonldap-ng-portal/t/68-ContextSwitching-with-UnrestrictedUser.t +++ b/lemonldap-ng-portal/t/68-ContextSwitching-with-UnrestrictedUser.t @@ -71,7 +71,7 @@ expectAuthenticatedAs( $res, 'rtyler' ); ok( $res->[2]->[0] =~ m%contextSwitching_ON%, - 'Connected as rtyler' + 'contextSwitching allowed' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); diff --git a/lemonldap-ng-portal/t/68-ContextSwitching.t b/lemonldap-ng-portal/t/68-ContextSwitching.t index 95ed39d94..24ac8e683 100644 --- a/lemonldap-ng-portal/t/68-ContextSwitching.t +++ b/lemonldap-ng-portal/t/68-ContextSwitching.t @@ -113,7 +113,7 @@ expectAuthenticatedAs( $res, 'dwho' ); ok( $res->[2]->[0] =~ m%contextSwitching_ON%, - 'Connected as dwho' + 'contextSwitching allowed' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); diff --git a/lemonldap-ng-portal/t/68-Impersonation-with-SFA.t b/lemonldap-ng-portal/t/68-Impersonation-with-2F.t similarity index 99% rename from lemonldap-ng-portal/t/68-Impersonation-with-SFA.t rename to lemonldap-ng-portal/t/68-Impersonation-with-2F.t index e5d233e64..d7606ce26 100644 --- a/lemonldap-ng-portal/t/68-Impersonation-with-SFA.t +++ b/lemonldap-ng-portal/t/68-Impersonation-with-2F.t @@ -29,7 +29,6 @@ SKIP: { impersonationRule => 1, totp2fSelfRegistration => 1, totp2fActivation => 1, - totp2fAuthnLevel => 8, u2fSelfRegistration => 1, u2fActivation => 1, } From 0b29eb1389a65dd7f42443ca87b1bee50bb0b390 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 12 Oct 2020 14:56:07 +0200 Subject: [PATCH 3/6] Fix typos --- lemonldap-ng-portal/site/templates/bootstrap/menu.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemonldap-ng-portal/site/templates/bootstrap/menu.tpl b/lemonldap-ng-portal/site/templates/bootstrap/menu.tpl index 535238b1a..d5a499ff9 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/menu.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/menu.tpl @@ -41,7 +41,7 @@
  • - common/icons/oidc.png" width="16" height="16" alt="login history" /> + common/icons/oidc.png" width="16" height="16" alt="OIDC consents" /> OIDC Consent
    • @@ -82,13 +82,13 @@
  • - common/icons/decryptValue.png" width="20" height="20" alt="DecryptValue" /> + common/icons/decryptValue.png" width="20" height="20" alt="DecryptCipheredValue" /> decryptCipheredValue
  • - common/icons/switchcontext_.png" width="20" height="20" alt="ContentSwitching" /> + common/icons/switchcontext_.png" width="20" height="20" alt="ContextSwitching" /> ">contextSwitching_
    • From 9f57ec474b6a23530f078a25227310a0230578c2 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 12 Oct 2020 15:03:21 +0200 Subject: [PATCH 4/6] Code refactoring (#2339) --- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 33 +++++++++++-------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index c42c31d50..89896a952 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -380,8 +380,8 @@ sub tests { && $conf->{samlServicePublicKeySig} ); return 1; }, + samlSignatureOverrideNeedsCertificate => sub { - return 1 if $conf->{samlServicePublicKeySig} =~ /CERTIFICATE/; my @offenders; @@ -399,20 +399,23 @@ sub tests { push @offenders, $sp; } } - return 1 unless @offenders; - return ( 0, - "Cannot set non-default signature method on " + return @offenders + ? ( + 0, + "Cannot set non-default signature method on " . join( ", ", @offenders ) - . " unless SAML signature key is in certificate form" ); + . " unless SAML signature key is in certificate form" + ) + : 1; }, - samlSignatureUnsupportedAlg => sub { - my $oldlasso = eval + samlSignatureUnsupportedAlg => sub { + return 1 + unless eval 'use Lasso; Lasso::check_version( 2, 5, 1, Lasso::Constants::CHECK_VERSION_NUMERIC) ? 0:1'; - return 1 unless ($oldlasso); my $allsha1 = 1; - $allsha1 = 0 + undef $allsha1 unless $conf->{samlServiceSignatureMethod} eq "RSA_SHA1"; for my $idp ( keys %{ $conf->{samlIDPMetaDataOptions} } ) { @@ -423,7 +426,7 @@ sub tests { ->{samlIDPMetaDataOptionsSignatureMethod} ne "RSA_SHA1" ) { - $allsha1 = 0; + undef $allsha1; break; } } @@ -435,15 +438,17 @@ sub tests { if ( $conf->{samlSPMetaDataOptions}->{$sp} ->{samlSPMetaDataOptionsSignatureMethod} ne "RSA_SHA1" ) { - $allsha1 = 0; + undef $allsha1; break; } } } - return 1 if $allsha1; - return ( 0, + return $allsha1 + ? 1 + : ( + 0, "Algorithms other than SHA1 are only supported on Lasso>=2.5.1" - ); + ); }, # Try to parse combination with declared modules From d76438b1e81790cc9965635a1f193942d29db88a Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 12 Oct 2020 15:16:55 +0200 Subject: [PATCH 5/6] Update langs & error code (#2238) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm | 2 +- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm | 2 +- .../lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm | 2 +- lemonldap-ng-portal/site/htdocs/static/languages/ar.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/de.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/en.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/es.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/fi.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/fr.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/it.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/nl.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/pl.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/pt.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/ro.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/tr.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/vi.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/zh.json | 1 + 17 files changed, 17 insertions(+), 3 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm index d6827707c..32bceaf3c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm @@ -310,7 +310,7 @@ sub run { ]; } else { - $self->p->sendError( $req, '2FDeviceNotFound', 200 ); + $self->p->sendError( $req, '2FDeviceNotFound', 400 ); } } else { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm index a8cb2103d..403a58695 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm @@ -297,7 +297,7 @@ sub run { ]; } else { - $self->p->sendError( $req, '2FDeviceNotFound', 200 ); + $self->p->sendError( $req, '2FDeviceNotFound', 400 ); } } else { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm index 58d16f478..c0446770b 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm @@ -208,7 +208,7 @@ sub run { ]; } else { - $self->p->sendError( $req, '2FDeviceNotFound', 200 ); + $self->p->sendError( $req, '2FDeviceNotFound', 400 ); } } else { diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json index 82e592bea..08299349d 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.", "accept":"قبول", "accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/de.json b/lemonldap-ng-portal/site/htdocs/static/languages/de.json index d9cb6e636..5245d1a7a 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/de.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.", "accept":"Akzeptieren", "accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/en.json b/lemonldap-ng-portal/site/htdocs/static/languages/en.json index ab968b0ef..25d7522f1 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.", "accept":"Accept", "accessDenied":"You have no access authorization for this application", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/es.json b/lemonldap-ng-portal/site/htdocs/static/languages/es.json index cf52cc86c..bd7c35fb6 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/es.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"Este servicio necesita la autenticación de dos factores. Registre un dispositivo ahora, luego reingrese al portal.", "accept":"Aceptar", "accessDenied":"No está autorizado a acceder a esta aplicación", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json index 370e5331c..3f55a3e19 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.", "accept":"Hyväksy", "accessDenied":"Sinulla ei ole käyttöoikeutta tähän sovellukseen", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json index 50b643fbc..acaee5a01 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json @@ -93,6 +93,7 @@ "PE101":"Le mot de passe contient des caractères interdits", "PE102":"Mise à niveau de la session", "PE103":"Aucun second facteur disponible pour votre compte", +"2FDeviceNotFound":"Second facteur non trouvé", "2fRegRequired":"Ce service requiert une authentification à deux facteurs. Enregistrez un équipement ici et retournez au portail.", "accept":"Accepter", "accessDenied":"Vous n'avez pas les droits d'accès à cette application", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/it.json b/lemonldap-ng-portal/site/htdocs/static/languages/it.json index e36716b17..21cdd39b4 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/it.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.", "accept":"Accetta", "accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json index 41e2955b2..60bc7b065 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.", "accept":"Accept", "accessDenied":"You have no access authorization for this application", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/pl.json b/lemonldap-ng-portal/site/htdocs/static/languages/pl.json index f8763afa7..4b1a5d201 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/pl.json @@ -93,6 +93,7 @@ "PE101":"Hasło zawiera niedozwolone znaki", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"Ta usługa wymaga podwójnego uwierzytelnienia. Zarejestruj urządzenie 2ndFA teraz, a następnie wróć do portalu.", "accept":"Akceptuj", "accessDenied":"Nie masz dostępu do tej aplikacji", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json index 8ef1f637d..af7e49465 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.", "accept":"Accept", "accessDenied":"You have no access authorization for this application", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json index adc2beb6a..35e3f9d74 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.", "accept":"Accept", "accessDenied":"You have no access authorization for this application", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/tr.json b/lemonldap-ng-portal/site/htdocs/static/languages/tr.json index 44b2cf460..623f22ce8 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/tr.json @@ -93,6 +93,7 @@ "PE101":"Parola izin verilmeyen karakterler içeriyor", "PE102":"Oturum yükseltilmeli", "PE103":"Hesabınız için ikinci faktör kullanılabilir değil", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"Bu servis iki adımlı kimlik doğrulama gerektiriyor. Şimdi bir cihaz ekleyin ve ardından portala geri dönün", "accept":"Kabul Et", "accessDenied":"Bu uygulamaya erişim yetkiniz yok", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json index 0378943e7..c0961cd54 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.", "accept":"Chấp nhận", "accessDenied":"Bạn không có quyền truy cập vào ứng dụng này", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json index a7d8834dc..7ceff4d50 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json @@ -93,6 +93,7 @@ "PE101":"Password contains not allowed characters", "PE102":"Session must be upgraded", "PE103":"No second factors available for your account", +"2FDeviceNotFound":"2F device not found", "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.", "accept":"Accept 方法", "accessDenied":"您无权访问此应用", From 1c574f03dad9b2e1a97b4c9b8c0b83e6cd144442 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 12 Oct 2020 15:38:57 +0200 Subject: [PATCH 6/6] Rule is not parsed -> convert to bool & be more consistent (#1605) --- .../lib/Lemonldap/NG/Common/Conf/Constants.pm | 2 +- .../lib/Lemonldap/NG/Common/Conf/DefaultValues.pm | 11 +++++------ .../lib/Lemonldap/NG/Manager/Attributes.pm | 2 +- .../lib/Lemonldap/NG/Manager/Build/Attributes.pm | 4 ++-- .../site/htdocs/static/languages/ar.json | 2 +- .../site/htdocs/static/languages/de.json | 2 +- .../site/htdocs/static/languages/en.json | 2 +- .../site/htdocs/static/languages/fr.json | 2 +- .../site/htdocs/static/languages/it.json | 2 +- .../site/htdocs/static/languages/pl.json | 2 +- .../site/htdocs/static/languages/tr.json | 2 +- .../site/htdocs/static/languages/vi.json | 2 +- .../site/htdocs/static/languages/zh.json | 2 +- lemonldap-ng-manager/site/htdocs/static/struct.json | 2 +- .../site/templates/bootstrap/standardform.tpl | 2 +- 15 files changed, 20 insertions(+), 21 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm index 6b2e47e06..5050ea0e7 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm @@ -30,7 +30,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => ( dirName => '/usr/local/lemonldap-ng/data/conf', ); our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/; -our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/; +our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/; our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' ); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index e5947349e..744478e01 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -236,12 +236,11 @@ sub defaultValues { 'passwordResetAllowedRetries' => 3, 'persistentSessionAttributes' => '_loginHistory _2fDevices notification_', - 'port' => -1, - 'portal' => 'http://auth.example.com/', - 'portalAntiFrame' => 1, - 'portalCheckLogins' => 1, - 'portalDisplayAppslist' => 1, - 'portalDisplayCertificateResetByMail' => 0, + 'port' => -1, + 'portal' => 'http://auth.example.com/', + 'portalAntiFrame' => 1, + 'portalCheckLogins' => 1, + 'portalDisplayAppslist' => 1, 'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/', 'portalDisplayGeneratePassword' => 1, 'portalDisplayLoginHistory' => 1, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index d42809016..617cbb2cc 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -2610,7 +2610,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] }, 'portalDisplayCertificateResetByMail' => { 'default' => 0, - 'type' => 'boolOrExpr' + 'type' => 'bool' }, 'portalDisplayChangePassword' => { 'default' => '$_auth =~ /^(LDAP|DBI|Demo)$/', diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 8ca16fa1d..a0c6ee4d6 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -1085,9 +1085,9 @@ sub attributes { documentation => 'Display logout tab in portal', }, portalDisplayCertificateResetByMail => { - type => 'boolOrExpr', + type => 'bool', default => 0, - documentation => 'Display Certificate Reset by mail tab in portal', + documentation => 'Display certificate reset by mail button in portal', }, portalDisplayRegister => { default => 1, diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 6d0284f6d..3603612a5 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Confirmation mail subject", "certificateResetByMailStep2Body":"Confirmation mail content", "certificateResetByMailValidityDelay":"Minimum duration before expiration", -"portalDisplayCertificateResetByMail":"Reset your certificate", "contentSecurityPolicy":"السياسة الأمنية للمحتوى", "contextSwitching":"Switch context another user", "contextSwitchingAllowed2fModifications":"Allow 2FA modifications", @@ -728,6 +727,7 @@ "portalCustomCss":"تخصيص ملف CSS", "portalCustomization":"التخصيص", "portalDisplayAppslist":"قائمة التطبيقات", +"portalDisplayCertificateResetByMail":"Reset your certificate", "portalDisplayChangePassword":"تغيير كلمة المرور", "portalDisplayGeneratePassword":"Display generate password box", "portalDisplayLoginHistory":"سجل تسجيل الدخول", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index b089b485e..f74b9135b 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Confirmation mail subject", "certificateResetByMailStep2Body":"Confirmation mail content", "certificateResetByMailValidityDelay":"Minimum duration before expiration", -"portalDisplayCertificateResetByMail":"Reset your certificate", "contentSecurityPolicy":"Content security policy", "contextSwitching":"Switch context another user", "contextSwitchingAllowed2fModifications":"Allow 2FA modifications", @@ -728,6 +727,7 @@ "portalCustomCss":"Custom CSS file", "portalCustomization":"Customization", "portalDisplayAppslist":"Applications list", +"portalDisplayCertificateResetByMail":"Reset your certificate", "portalDisplayChangePassword":"Password change", "portalDisplayGeneratePassword":"Display generate password box", "portalDisplayLoginHistory":"Login History", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index 9abdb1117..0145385ef 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Confirmation mail subject", "certificateResetByMailStep2Body":"Confirmation mail content", "certificateResetByMailValidityDelay":"Minimum duration before expiration", -"portalDisplayCertificateResetByMail":"Reset your certificate", "contentSecurityPolicy":"Content security policy", "contextSwitching":"Switch context another user", "contextSwitchingAllowed2fModifications":"Allow 2FA modifications", @@ -728,6 +727,7 @@ "portalCustomCss":"Custom CSS file", "portalCustomization":"Customization", "portalDisplayAppslist":"Applications list", +"portalDisplayCertificateResetByMail":"Reset your certificate", "portalDisplayChangePassword":"Password change", "portalDisplayGeneratePassword":"Display generate password box", "portalDisplayLoginHistory":"Login History", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index 3fc810145..504bb2392 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Sujet du message de confirmation", "certificateResetByMailStep2Body":"Contenu du message de confirmation", "certificateResetByMailValidityDelay":"Durée minimun avant expiration", -"portalDisplayCertificateResetByMail":"Réinitialiser votre certificat", "contentSecurityPolicy":"Politique de sécurité de contenu", "contextSwitching":"Endossement d'identité", "contextSwitchingAllowed2fModifications":"Autoriser les modifications des SF", @@ -728,6 +727,7 @@ "portalCustomCss":"Fichier CSS personnalisé", "portalCustomization":"Personnalisation", "portalDisplayAppslist":"Liste des applications", +"portalDisplayCertificateResetByMail":"Réinitialisation du certificat", "portalDisplayChangePassword":"Changement de mot de passe", "portalDisplayGeneratePassword":"Afficher la boite de génération du mot de passe", "portalDisplayLoginHistory":"Historique des connexions", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index 4c7c8f08c..32e370235 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Soggetto della mail di conferma", "certificateResetByMailStep2Body":"Confirmation mail content", "certificateResetByMailValidityDelay":"Minimum duration before expiration", -"portalDisplayCertificateResetByMail":"Reset your certificate", "contentSecurityPolicy":"Politica di protezione dei contenuti", "contextSwitching":"Switch context another user", "contextSwitchingAllowed2fModifications":"Allow 2FA modifications", @@ -728,6 +727,7 @@ "portalCustomCss":"Custom CSS file", "portalCustomization":"Personalizzazione", "portalDisplayAppslist":"Lista delle applicazioni", +"portalDisplayCertificateResetByMail":"Reset your certificate", "portalDisplayChangePassword":"Cambio password", "portalDisplayGeneratePassword":"Display generate password box", "portalDisplayLoginHistory":"Cronologia login", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json index 5c2ecabda..236d74f63 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Temat wiadomości potwierdzającej", "certificateResetByMailStep2Body":"Treść wiadomości potwierdzającej", "certificateResetByMailValidityDelay":"Minimalny czas do wygaśnięcia", -"portalDisplayCertificateResetByMail":"Zresetuj swój certyfikat", "contentSecurityPolicy":"Polityka bezpieczeństwa treści", "contextSwitching":"Przełącz kontekst innego użytkownika", "contextSwitchingAllowed2fModifications":"Allow 2FA modifications", @@ -728,6 +727,7 @@ "portalCustomCss":"Niestandardowy plik CSS", "portalCustomization":"Dostosowywanie", "portalDisplayAppslist":"Lista aplikacji", +"portalDisplayCertificateResetByMail":"Zresetuj swój certyfikat", "portalDisplayChangePassword":"Zmiana hasła", "portalDisplayGeneratePassword":"Wyświetl pole generowania hasła", "portalDisplayLoginHistory":"Historia logowania", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index b9669596e..871cc7f71 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Doğrulama e-postası konusu", "certificateResetByMailStep2Body":"Doğrulama e-postası içeriği", "certificateResetByMailValidityDelay":"Sona ermeden önceki minimum süre", -"portalDisplayCertificateResetByMail":"Sertifikanızı sıfırlayın", "contentSecurityPolicy":"İçerik güvenlik ilkesi", "contextSwitching":"İçeriği başka bir kullanıcıyla değiştir", "contextSwitchingAllowed2fModifications":"Allow 2FA modifications", @@ -728,6 +727,7 @@ "portalCustomCss":"Özelleştirilmiş CSS dosyası", "portalCustomization":"Özelleştirme", "portalDisplayAppslist":"Uygulamalar listesi", +"portalDisplayCertificateResetByMail":"Sertifikanızı sıfırlayın", "portalDisplayChangePassword":"Parola değişimi", "portalDisplayGeneratePassword":"Parola oluşturma kutusunu görüntüle", "portalDisplayLoginHistory":"Giriş Geçmişi", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index fd420cdd6..6622cb213 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Xác nhận chủ đề thư", "certificateResetByMailStep2Body":"Xác nhận nội dung thư", "certificateResetByMailValidityDelay":"Minimum duration before expiration", -"portalDisplayCertificateResetByMail":"Reset your certificate", "contentSecurityPolicy":"Chính sách bảo mật nội dung", "contextSwitching":"Switch context another user", "contextSwitchingAllowed2fModifications":"Allow 2FA modifications", @@ -728,6 +727,7 @@ "portalCustomCss":"Tùy chỉnh tệp CSS", "portalCustomization":"Tùy chỉnh", "portalDisplayAppslist":"Danh sách ứng dụng", +"portalDisplayCertificateResetByMail":"Reset your certificate", "portalDisplayChangePassword":"Thay đổi mật khẩu", "portalDisplayGeneratePassword":"Display generate password box", "portalDisplayLoginHistory":"Lịch sử đăng nhập", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index 018eb009e..70dc0e5f4 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -159,7 +159,6 @@ "certificateResetByMailStep2Subject":"Confirmation mail subject", "certificateResetByMailStep2Body":"Confirmation mail content", "certificateResetByMailValidityDelay":"Minimum duration before expiration", -"portalDisplayCertificateResetByMail":"Reset your certificate", "contentSecurityPolicy":"Content security policy", "contextSwitching":"Switch context another user", "contextSwitchingAllowed2fModifications":"Allow 2FA modifications", @@ -728,6 +727,7 @@ "portalCustomCss":"Custom CSS file", "portalCustomization":"Customization", "portalDisplayAppslist":"Applications list", +"portalDisplayCertificateResetByMail":"Reset your certificate", "portalDisplayChangePassword":"Password change", "portalDisplayGeneratePassword":"Display generate password box", "portalDisplayLoginHistory":"Login History", diff --git a/lemonldap-ng-manager/site/htdocs/static/struct.json b/lemonldap-ng-manager/site/htdocs/static/struct.json index 5918cee37..db19206b1 100644 --- a/lemonldap-ng-manager/site/htdocs/static/struct.json +++ b/lemonldap-ng-manager/site/htdocs/static/struct.json @@ -1 +1 @@ -[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"boolOrExpr"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":120,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"_nodes":[{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"},{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"help":"portalservers.html","id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetcertificate.html","id":"certificateResetByMailManagement","title":"certificateResetByMailManagement"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"}],"help":"impersonation.html","id":"impersonation","title":"impersonation","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"default":0,"id":"totp2fDisplayExistingSecret","title":"totp2fDisplayExistingSecret","type":"bool"},{"default":0,"id":"totp2fUserCanChangeKey","title":"totp2fUserCanChangeKey","type":"bool"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"5, 15, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file +[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":120,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"_nodes":[{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"},{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"help":"portalservers.html","id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetcertificate.html","id":"certificateResetByMailManagement","title":"certificateResetByMailManagement"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"}],"help":"impersonation.html","id":"impersonation","title":"impersonation","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"default":0,"id":"totp2fDisplayExistingSecret","title":"totp2fDisplayExistingSecret","type":"bool"},{"default":0,"id":"totp2fUserCanChangeKey","title":"totp2fUserCanChangeKey","type":"bool"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"5, 15, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file diff --git a/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl b/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl index ecd393528..38e38e20f 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl @@ -45,7 +45,7 @@ - ?skin=&=&url="> + ?skin=&=&url="> Reset my certificate