dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0' into apache-ssoaas-client-2739

This commit is contained in:
Clément OUDOT 2022-07-13 17:49:35 +02:00
parent 713144ea3d fef3f2e1db
commit 2bb7a1dbfe
256 changed files with 5663 additions and 2006 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Makefile
View File

@ -887,23 +887,9 @@ install_examples_site:
install_doc_site:
# Offline documentation install
@rm -rf $(RDEFDOCDIR)
# Install doc directories
@install -v -d -m 755 $(RDEFDOCDIR)
@cd doc && find * -type d |(cd $(RDEFDOCDIR); xargs install -v -d -m 755) && cd -
# Install HTML files
@cd doc && for f in `find * -type f -name '*.html'`; do \
echo "Installing $$f"; \
../scripts/transform-templates \
usedebianlibs $(USEDEBIANLIBS) \
useexternallibs $(USEEXTERNALLIBS) \
jsminified $(JSCOMPRESS) \
cssminified $(CSSCOMPRESS) <$$f \
> $(RDEFDOCDIR)/$$f; \
done && cd -
# Install other files
@cd doc && for f in `find * -type f ! -name '*.html'`; do \
install -v -m 644 $$f $(RDEFDOCDIR)/$$f; \
done && cd -
@cd doc && find index.html pages/* -type f ! -path '*/.*' -exec install -v -m 644 -D '{}' $(RDEFDOCDIR)/'{}' \; && cd -
# Remove js
@cd $(RDEFDOCDIR) && if test "$(USEEXTERNALLIBS)" = "yes"; then \
rm -rvf $(DOCEXTERNALLIBS); \
@ -1178,13 +1164,13 @@ test-diff:
done
tidy: clean
@if perltidy -v|grep v20210717 >/dev/null; then \
@if perltidy -v|grep v20220217 >/dev/null; then \
for f in `find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \)`; do \
echo -n $$f; \
perltidy -se -b $$f; \
echo; \
done; \
else echo "Wrong perltidy version, please install Perl::Tidy@20210717" ; exit 1 ;\
else echo "Wrong perltidy version, please install Perl::Tidy@20220217" ; exit 1 ;\
fi
find lemon*/ -name '*.bak' -delete
$(MAKE) json

5
doc/pages/manager-api/index.html
View File

@ -764,7 +764,7 @@
"type" : "object",
"properties" : {
"service" : {
"type" : "string"
"type" : "array"
},
"userAttribute" : {
"type" : "string",
@ -880,6 +880,9 @@
"type" : "string",
"format" : "url"
},
"logoutBypassConfirm" : {
"type" : "boolean"
},
"clientSecret" : {
"type" : "string",
"format" : "password"

2
doc/sources/admin/applications.rst
View File

@ -136,7 +136,7 @@ Application Configuration
.. image:: applications/simplesamlphp_logo.png :doc:`simpleSAMLphp<applications/simplesamlphp>`
.. image:: applications/spring_logo.png :doc:`Spring<applications/spring>`
.. image:: applications/symfony_logo.png :doc:`Symfony<applications/symfony>`
.. image:: applications/sympa_logo.png :doc:`Sympa<applications/sympa>`
.. image:: applications/sympa_logo.png :doc:`Sympa<applications/sympa>`
.. image:: applications/tomcat_logo.png :doc:`Tomcat<applications/tomcat>`
.. image:: applications/wekan-logo.png :doc:`Wekan<applications/wekan>`
.. image:: applications/wiki.js.svg :doc:`Wiki.js<applications/wikijs>`

59
doc/sources/admin/applications/sympa.rst
View File

@ -8,9 +8,59 @@ Presentation
`Sympa <http://www.sympa.org>`__ is a mailing list manager.
To configure SSO with Sympa, use **Magic authentication**: a special SSO
URL is protected by LL::NG, Sympa will display a button for users who
wants to use this feature.
To configure SSO with Sympa, you have the choice between:
* CAS
* **Magic authentication**: a special SSO URL is protected by LL::NG, Sympa will display a button for users who wants to use this feature.
We recommend to use CAS.
CAS
---
Sympa configuration
~~~~~~~~~~~~~~~~~~~
Edit the file "auth.conf", for example:
::
vi /etc/sympa/auth.conf
And fill it:
::
cas
base_url https://auth.example.com/cas
non_blocking_redirection on
auth_service_name SSO
ldap_host ldap.example.com:389
ldap_get_email_by_uid_filter (uid=[uid])
ldap_timeout 7
ldap_suffix dc=example,dc=com
ldap_scope sub
ldap_email_attribute mail
Restart services:
::
service sympa restart
service apache2 restart
See also `official documentation <https://sympa-community.github.io/manual/customize/cas.html>`__
LemonLDAP::NG configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Declare CAS application in the configuration, register the service URL.
No attributes are needed.
Magic authentication
--------------------
.. tip::
@ -19,9 +69,6 @@ wants to use this feature.
removed since it works only with Sympa-5 which has been deprecated
Configuration
-------------
Sympa configuration
~~~~~~~~~~~~~~~~~~~

37
doc/sources/admin/authcas.rst
View File

@ -63,23 +63,48 @@ Then, go in ``CAS parameters``:
- **Authentication level**: authentication level for this module.
Then create the list of CAS servers in the manager. For each, set:
Then create the list of CAS servers in the manager.
Options
~~~~~~~
- **Server URL** *(required)*: CAS server URL (must use https://)
- **Renew authentication** *(default: disabled)*: force authentication
renewal on CAS server
- **Gateways authentication** *(default: disabled)*: force transparent
authentication on CAS server
Proxied services
~~~~~~~~~~~~~~~~
In this section, set the list of services for which a proxy ticket is
requested:
- **Key**: Service ID
- **Value** Service URL (CAS service identifier)
Display
~~~~~~~
- **Display Name**: Name to display. Required if you have more than 1
CAS server declared
- **Icon**: Path to CAS Server icon. Used only if you have more than 1
CAS server declared
- **Order**: Number to sort CAS Servers display
- **Proxied services**: list of services for which a proxy ticket is
requested:
- **Resolution Rule**: rule that will be applied to preselect a CAS server for
a user. You have access to all environment variable *(like user IP address)*
and all session keys.
- **Key**: Service ID
- **Value** Service URL (CAS service identifier)
For example, to preselect this server for users coming from 129.168.0.0/16
network
::
$ENV{REMOTE_ADDR} =~ /^192\.168/
To preselect this server when the ``MY_SRV`` :doc:`choice <authchoice>` is selected ::
$_choice eq "MY_SRV"
- **Order**: Number to sort CAS Servers display
.. tip::

9
doc/sources/admin/authcombination.rst
View File

@ -39,7 +39,7 @@ must set:
- overloaded parameters: you can redefine any LLNG string parameters.
For example, if you use 2 different LDAP, the first can use normal
configuration and for the second, overwritten parameter can redefine
ldapServer,...
ldapServer or any existing parameter.
.. note::
@ -63,12 +63,13 @@ parameters.
For example, if DBI is configured to use PostgreSQL but DB2 is a MySQL
DB, you can override the "dbiChain" parameter.
You can also override a complex key like ldapExportedVars, by setting a
JSON value:
The over parameter is a HASH ref where keys are attributes names and values are the overriden value.
To override a complex key like ldapExportedVars, you must use a JSON value, as the over parameter
expect string values:
.. code-block:: javascript
{"cn" => "cn", "uid" => "sAMAccounName", "mail" => "mail"}
{"cn": "cn", "uid": "sAMAccounName", "mail": "mail"}
.. attention::

10
doc/sources/admin/authldap.rst
View File

@ -74,12 +74,12 @@ Connection
- More than one server can be set here separated by spaces or
commas. They will be tested in the specified order.
- To use TLS, set ``ldap+tls://server`` and to use LDAPS, set
- To use StartTLS, set ``ldap+tls://server`` and to use LDAPS, set
``ldaps://server`` instead of server name.
- If you use TLS, you can set any of the
- If you use StartTLS or LDAPS, you can set any of the
`Net::LDAP <http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod>`__
start_tls() sub like
``ldap+tls://server/verify=none&capath=/etc/ssl``. You can
start_tls() options in the URL, such as ``ldap+tls://server/verify=none``
or ``ldaps://server/cafile=/etc/ssl/ca.pem&sslversion=tlsv1_2``. You can
also use cafile and capath parameters.
- **Server port**: TCP port used by LDAP server if different from the standard
@ -208,7 +208,7 @@ Password
- **Allow a user to reset his expired password**: if activated, the
user will be prompted to change password if his password is expired
(default: disabled)
- **Search for user before password change**: this option forces the password
- **Search for user before password change**: this option forces the password
change module to search for the user again, refreshing its DN. This feature
is only useful in rare cases when you use LDAP as the password module, but
not as the UserDB module. (default: enabled)

81
doc/sources/admin/authopenidconnect.rst
View File

@ -210,42 +210,59 @@ So you can define by example:
Options
^^^^^^^
- **Configuration**:
Configuration
"""""""""""""
- **Configuration endpoint**: URL of OP configuration endpoint
- **JWKS data timeout**: After this time, LL::NG will do a request
to get a fresh version of JWKS data. Set to 0 to disable it.
- **Client ID**: Client ID given by OP
- **Client secret**: Client secret given by OP
- **Store ID token**: Allows one to store the ID Token (JWT) inside
user session. Do not enable it unless you need to replay this token
on an application, or if you need the id_token_hint parameter when
using logout.
- **Configuration endpoint**: URL of OP configuration endpoint
- **JWKS data timeout**: After this time, LL::NG will do a request
to get a fresh version of JWKS data. Set to 0 to disable it.
- **Client ID**: Client ID given by OP
- **Client secret**: Client secret given by OP
- **Store ID token**: Allows one to store the ID Token (JWT) inside
user session. Do not enable it unless you need to replay this token
on an application, or if you need the id_token_hint parameter when
using logout.
- **Protocol**:
Protocol
""""""""
- **Scope**: Value of scope parameter (example: openid profile). The
``openid`` scope is mandatory.
- **Display**: Value of display parameter (example: page)
- **Prompt**: Value of prompt parameter (example: consent)
- **Max age**: Value of max_age parameter (example: 3600)
- **UI locales**: Value of ui_locales parameter (example: en-GB en
fr-FR fr)
- **ACR values**: Value acr_values parameters (example: loa-1)
- **Token endpoint authentication method**: Choice between
``client_secret_post`` and ``client_secret_basic``
- **Check JWT signature**: Set to 0 to disable JWT signature
checking
- **ID Token max age**: If defined, LL::NG will check the ID Token
date and reject it if too old
- **Use Nonce**: If enabled, a nonce will be sent, and verified from
the ID Token
- **Scope**: Value of scope parameter (example: openid profile). The
``openid`` scope is mandatory.
- **Display**: Value of display parameter (example: page)
- **Prompt**: Value of prompt parameter (example: consent)
- **Max age**: Value of max_age parameter (example: 3600)
- **UI locales**: Value of ui_locales parameter (example: en-GB en
fr-FR fr)
- **ACR values**: Value acr_values parameters (example: loa-1)
- **Token endpoint authentication method**: Choice between
``client_secret_post`` and ``client_secret_basic``
- **Check JWT signature**: Set to 0 to disable JWT signature
checking
- **ID Token max age**: If defined, LL::NG will check the ID Token
date and reject it if too old
- **Use Nonce**: If enabled, a nonce will be sent, and verified from
the ID Token
Display
"""""""
- **Display**:
- **Display name**: Name of the application
- **Logo**: Logo of the application
- **Resolution Rule**: rule that will be applied to preselect an OP
for a user. You have access to all environment variable *(like user
IP address)* and all session keys.
- **Display name**: Name of the application
- **Logo**: Logo of the application
- **Order**: Number to sort buttons
For example, to preselect this OP for users coming from 129.168.0.0/16
network
::
$ENV{REMOTE_ADDR} =~ /^192\.168/
To preselect this OP when the ``MY_OP`` :doc:`choice <authchoice>` is selected ::
$_choice eq "MY_OP"
- **Order**: Number to sort buttons
.. attention::
@ -254,4 +271,4 @@ Options
with ``verify_hostname => 0`` and ``SSL_verify_mode => 0``.
Go to: ``General Parameters > Advanced Parameters > Security > SSL options for server requests``
Go to: ``General Parameters > Advanced Parameters > Security > SSL options for server requests``

33
doc/sources/admin/authsaml.rst
View File

@ -111,20 +111,6 @@ For each attribute, you can set:
Options
^^^^^^^
General options
'''''''''''''''
- **Resolution Rule**: rule that will be applied to preselect an IDP
for a user. You have access to all environment variable *(like user
IP address)* and all session keys.
For example, to preselect this IDP for users coming from 129.168.0.0/16
network and member of "admin" group:
::
$ENV{REMOTE_ADDR} =~ /^192\.168/ and $groups =~ /\badmin\b/
Authentication request
''''''''''''''''''''''
@ -212,8 +198,6 @@ Used only if at least 2 SAML Identity Providers are declared
- **Display name**: Name of the IDP
- **Logo**: Logo of the IDP
- **Order**: Number used for sorting IDP display
.. tip::
@ -222,6 +206,23 @@ Used only if at least 2 SAML Identity Providers are declared
icon file name directly in the field and copy the logo file in portal
icons directory
- **Resolution Rule**: rule that will be applied to preselect an IDP
for a user. You have access to all environment variable *(like user
IP address)* and all session keys.
For example, to preselect this IDP for users coming from 129.168.0.0/16
network
::
$ENV{REMOTE_ADDR} =~ /^192\.168/
To preselect this IDP when the ``MY_IDP`` :doc:`choice <authchoice>` is selected ::
$_choice eq "MY_IDP"
- **Order**: Number used for sorting IDP display
.. |image0| image:: /documentation/manager-saml-metadata.png
:class: align-center
.. |image1| image:: /documentation/manager-saml-attributes.png

15
doc/sources/admin/captcha.rst
View File

@ -31,3 +31,18 @@ Go in ``General parameters`` > ``Portal`` > ``Captcha``:
- **Activation in register form**: set to 1 to display captcha in
register form
- **Size**: length of captcha
- **Captcha module**: allows you to use a custom Captcha module, see
:ref:`below <customcaptcha>`. Leave it blank to use the default Captcha
implementation
- **Captcha module options**: options for the custom Captcha module
.. _customcaptcha:
Custom Captcha modules
----------------------
.. versionadded:: 2.0.15
If the default Captcha does not meet your requirements, you can replace it with
a different implementation. See the ``Lemonldap::NG::Portal::Captcha`` manual
page for details on how to implement a Captcha module.

2
doc/sources/admin/cli_examples.rst
View File

@ -301,7 +301,7 @@ In this example we have:
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
casAppMetaDataExportedVars/testapp mail mail \
casAppMetaDataExportedVars/testapp cn cn
casAppMetaDataExportedVars/testapp cn cn \
casAppMetaDataOptions/testapp casAppMetaDataOptionsService 'https://testapp.example.com/'
Configure SAML Identity Provider

4
doc/sources/admin/conf.py
View File

@ -50,7 +50,7 @@ master_doc = 'start'
# General information about the project.
project = u'LemonLDAP::NG'
copyright = u'2021, LemonLDAP::NG'
copyright = u'2022, LemonLDAP::NG'
author = u'LemonLDAP::NG'
# The version info for the project you're documenting, acts as replacement for
@ -138,6 +138,8 @@ if 'LLNGSPHINXWEBSITE' in os.environ:
import sphinx_rtd_theme
html_theme = 'sphinx_rtd_theme'
html_theme_options = {}
else:
html_copy_source = False
# html_theme_options = {}

15
doc/sources/admin/configlocation.rst
View File

@ -128,6 +128,21 @@ configuration.
instanceName = LLNG_Demo
.. tip::
It is possible to use environment variable placeholders anywhere in
configuration. Those placeholders will be replaced by each LLNG component
using environment variables set locally.
The format is: ``%SERVERENV:VariableName%``.
To enable this feature, you must edit ``lemonldap-ng.ini`` to set
``useServerEnv`` value in [configuration] section:
.. code:: ini
[configuration]
useServerEnv = 1
Manager API
-----------

2
doc/sources/admin/contribute.rst
View File

@ -58,7 +58,7 @@ As *root:*
apt install aptitude
aptitude install vim make devscripts yui-compressor git git-gui libjs-uglify coffeescript cpanminus autopkgtest pkg-perl-autopkgtest
aptitude install libauth-yubikey-webclient-perl libnet-smtp-server-perl libtime-fake-perl libtest-output-perl libtest-pod-perl libtest-leaktrace-perl libtest-mockobject-perl uglifyjs
aptitude install libauth-yubikey-webclient-perl libnet-smtp-server-perl libtime-fake-perl libtest-output-perl libtest-pod-perl libtest-leaktrace-perl libtest-mockobject-perl uglifyjs libdbd-sqlite3-perl libauthen-webauthn-perl libauthen-oath-perl
cpanm Authen::U2F Authen::U2F::Tester Crypt::U2F::Server::Simple

16
doc/sources/admin/decryptvalue.rst
View File

@ -16,19 +16,19 @@ DecryptValue plugin can be allowed or denied for specific users.
- **Use rule**: Select which users may use this plugin
- **Decrypt functions**: Set functions used for decrypting ciphered
values. Each function is tested until one succeeds. Let it blank
to use internal decrypt function.
to use internal ``decrypt`` extended function.
.. danger::
.. attention::
The ciphered value is the first parameter passed to custom functions.
The ``Encryption key`` is passed to custom funtions as second parameter
(see :ref:`Security settings<security-configure-security-settings>`).
Custom functions must be defined into
``Lemonldap::NG::Portal::My::Plugin`` and set:
``My::Plugin`` and set:
::
My::Plugin::function1 My::Plugin::function2
.. |image0| image:: /documentation/beta.png
:width: 100px

210
doc/sources/admin/error_codes.rst
View File

@ -5,109 +5,109 @@ Error codes list
This page references all Portal error codes.
.. code-block:: perl
PE_IDPCHOICE => -5,
PE_SENDRESPONSE => -4,
PE_INFO => -3,
PE_REDIRECT => -2,
PE_DONE => -1,
PE_OK => 0,
PE_SESSIONEXPIRED => 1,
PE_FORMEMPTY => 2,
PE_WRONGMANAGERACCOUNT => 3,
PE_USERNOTFOUND => 4,
PE_BADCREDENTIALS => 5,
PE_LDAPCONNECTFAILED => 6,
PE_LDAPERROR => 7,
PE_APACHESESSIONERROR => 8,
PE_FIRSTACCESS => 9,
PE_BADCERTIFICATE => 10,
PE_NO_PASSWORD_BE => 20,
PE_PP_ACCOUNT_LOCKED => 21,
PE_PP_PASSWORD_EXPIRED => 22,
PE_CERTIFICATEREQUIRED => 23,
PE_ERROR => 24,
PE_PP_CHANGE_AFTER_RESET => 25,
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
PE_PP_PASSWORD_TOO_SHORT => 29,
PE_PP_PASSWORD_TOO_YOUNG => 30,
PE_PP_PASSWORD_IN_HISTORY => 31,
PE_PP_GRACE => 32,
PE_PP_EXP_WARNING => 33,
PE_PASSWORD_MISMATCH => 34,
PE_PASSWORD_OK => 35,
PE_NOTIFICATION => 36,
PE_BADURL => 37,
PE_NOSCHEME => 38,
PE_BADOLDPASSWORD => 39,
PE_MALFORMEDUSER => 40,
PE_SESSIONNOTGRANTED => 41,
PE_CONFIRM => 42,
PE_MAILFORMEMPTY => 43,
PE_BADMAILTOKEN => 44,
PE_MAILERROR => 45,
PE_MAILOK => 46,
PE_LOGOUT_OK => 47,
PE_SAML_ERROR => 48,
PE_SAML_LOAD_SERVICE_ERROR => 49,
PE_SAML_LOAD_IDP_ERROR => 50,
PE_SAML_SSO_ERROR => 51,
PE_SAML_UNKNOWN_ENTITY => 52,
PE_SAML_DESTINATION_ERROR => 53,
PE_SAML_CONDITIONS_ERROR => 54,
PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
PE_SAML_SLO_ERROR => 56,
PE_SAML_SIGNATURE_ERROR => 57,
PE_SAML_ART_ERROR => 58,
PE_SAML_SESSION_ERROR => 59,
PE_SAML_LOAD_SP_ERROR => 60,
PE_SAML_ATTR_ERROR => 61,
PE_OPENID_EMPTY => 62,
PE_OPENID_BADID => 63,
PE_MISSINGREQATTR => 64,
PE_BADPARTNER => 65,
PE_MAILCONFIRMATION_ALREADY_SENT => 66,
PE_PASSWORDFORMEMPTY => 67,
PE_CAS_SERVICE_NOT_ALLOWED => 68,
PE_MAILFIRSTACCESS => 69,
PE_MAILNOTFOUND => 70,
PE_PASSWORDFIRSTACCESS => 71,
PE_MAILCONFIRMOK => 72,
PE_RADIUSCONNECTFAILED => 73,
PE_MUST_SUPPLY_OLD_PASSWORD => 74,
PE_FORBIDDENIP => 75,
PE_CAPTCHAERROR => 76,
PE_CAPTCHAEMPTY => 77,
PE_REGISTERFIRSTACCESS => 78,
PE_REGISTERFORMEMPTY => 79,
PE_REGISTERALREADYEXISTS => 80,
PE_NOTOKEN => 81,
PE_TOKENEXPIRED => 82,
PE_U2FFAILED => 83,
PE_UNAUTHORIZEDPARTNER => 84,
PE_RENEWSESSION => 85,
PE_WAIT => 86,
PE_MUSTAUTHN => 87,
PE_MUSTHAVEMAIL => 88,
PE_SAML_SERVICE_NOT_ALLOWED => 89,
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
PE_OID_SERVICE_NOT_ALLOWED => 91,
PE_GET_SERVICE_NOT_ALLOWED => 92,
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
PE_ISSUERMISSINGREQATTR => 94,
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
PE_BADOTP => 96,
PE_RESETCERTIFICATE_INVALID => 97,
PE_RESETCERTIFICATE_FORMEMPTY => 98,
PE_RESETCERTIFICATE_FIRSTACCESS => 99,
PE_PP_NOT_ALLOWED_CHARACTER => 100,
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
PE_UPGRADESESSION => 102,
PE_NO_SECOND_FACTORS => 103,
PE_BAD_DEVOPS_FILE => 104,
PE_FILENOTFOUND => 105,
PE_OIDC_AUTH_ERROR => 106
```
PE_IDPCHOICE => -5,
PE_SENDRESPONSE => -4,
PE_INFO => -3,
PE_REDIRECT => -2,
PE_DONE => -1,
PE_OK => 0,
PE_SESSIONEXPIRED => 1,
PE_FORMEMPTY => 2,
PE_WRONGMANAGERACCOUNT => 3,
PE_USERNOTFOUND => 4,
PE_BADCREDENTIALS => 5,
PE_LDAPCONNECTFAILED => 6,
PE_LDAPERROR => 7,
PE_APACHESESSIONERROR => 8,
PE_FIRSTACCESS => 9,
PE_BADCERTIFICATE => 10,
PE_NO_PASSWORD_BE => 20,
PE_PP_ACCOUNT_LOCKED => 21,
PE_PP_PASSWORD_EXPIRED => 22,
PE_CERTIFICATEREQUIRED => 23,
PE_ERROR => 24,
PE_PP_CHANGE_AFTER_RESET => 25,
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
PE_PP_PASSWORD_TOO_SHORT => 29,
PE_PP_PASSWORD_TOO_YOUNG => 30,
PE_PP_PASSWORD_IN_HISTORY => 31,
PE_PP_GRACE => 32,
PE_PP_EXP_WARNING => 33,
PE_PASSWORD_MISMATCH => 34,
PE_PASSWORD_OK => 35,
PE_NOTIFICATION => 36,
PE_BADURL => 37,
PE_NOSCHEME => 38,
PE_BADOLDPASSWORD => 39,
PE_MALFORMEDUSER => 40,
PE_SESSIONNOTGRANTED => 41,
PE_CONFIRM => 42,
PE_MAILFORMEMPTY => 43,
PE_BADMAILTOKEN => 44,
PE_MAILERROR => 45,
PE_MAILOK => 46,
PE_LOGOUT_OK => 47,
PE_SAML_ERROR => 48,
PE_SAML_LOAD_SERVICE_ERROR => 49,
PE_SAML_LOAD_IDP_ERROR => 50,
PE_SAML_SSO_ERROR => 51,
PE_SAML_UNKNOWN_ENTITY => 52,
PE_SAML_DESTINATION_ERROR => 53,
PE_SAML_CONDITIONS_ERROR => 54,
PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
PE_SAML_SLO_ERROR => 56,
PE_SAML_SIGNATURE_ERROR => 57,
PE_SAML_ART_ERROR => 58,
PE_SAML_SESSION_ERROR => 59,
PE_SAML_LOAD_SP_ERROR => 60,
PE_SAML_ATTR_ERROR => 61,
PE_OPENID_EMPTY => 62,
PE_OPENID_BADID => 63,
PE_MISSINGREQATTR => 64,
PE_BADPARTNER => 65,
PE_MAILCONFIRMATION_ALREADY_SENT => 66,
PE_PASSWORDFORMEMPTY => 67,
PE_CAS_SERVICE_NOT_ALLOWED => 68,
PE_MAILFIRSTACCESS => 69,
PE_MAILNOTFOUND => 70,
PE_PASSWORDFIRSTACCESS => 71,
PE_MAILCONFIRMOK => 72,
PE_RADIUSCONNECTFAILED => 73,
PE_MUST_SUPPLY_OLD_PASSWORD => 74,
PE_FORBIDDENIP => 75,
PE_CAPTCHAERROR => 76,
PE_CAPTCHAEMPTY => 77,
PE_REGISTERFIRSTACCESS => 78,
PE_REGISTERFORMEMPTY => 79,
PE_REGISTERALREADYEXISTS => 80,
PE_NOTOKEN => 81,
PE_TOKENEXPIRED => 82,
PE_U2FFAILED => 83,
PE_UNAUTHORIZEDPARTNER => 84,
PE_RENEWSESSION => 85,
PE_WAIT => 86,
PE_MUSTAUTHN => 87,
PE_MUSTHAVEMAIL => 88,
PE_SAML_SERVICE_NOT_ALLOWED => 89,
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
PE_OID_SERVICE_NOT_ALLOWED => 91,
PE_GET_SERVICE_NOT_ALLOWED => 92,
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
PE_ISSUERMISSINGREQATTR => 94,
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
PE_BADOTP => 96,
PE_RESETCERTIFICATE_INVALID => 97,
PE_RESETCERTIFICATE_FORMEMPTY => 98,
PE_RESETCERTIFICATE_FIRSTACCESS => 99,
PE_PP_NOT_ALLOWED_CHARACTER => 100,
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
PE_UPGRADESESSION => 102,
PE_NO_SECOND_FACTORS => 103,
PE_BAD_DEVOPS_FILE => 104,
PE_FILENOTFOUND => 105,
PE_OIDC_AUTH_ERROR => 106
```

13
doc/sources/admin/exportedvars.rst
View File

@ -51,13 +51,20 @@ portal:
- macros are used to extend (or rewrite)
:doc:`exported variables<exportedvars>`. A macro is stored as
attributes: it can contain boolean results or any string
- macros can also be used to import environment variables *(these
- macros can also be used for importing environment variables *(these
variables are in CGI format)*. Example: ``$ENV{HTTP_COOKIE}``
- groups are stored as a string with values separated by ''; ''
(default values separator) in the special attribute ``groups``: it
contains the names of groups whose rules were returned true for the
(default multivalues separator) in the special attribute ``groups``: it
contains names of groups whose rules were returned true for the
current user. For example:
.. danger::
Macros can be used for rewriting or overloading exported variables
but it can lead to some side effects. Be aware of alphabetical order
and keep in mind that exported variables are set. Then macros and
groups are computed.
.. code-block:: perl
$groups = group3; admin

357
doc/sources/admin/extendedfunctions.rst
View File

@ -18,12 +18,12 @@ This is also true for:
Inside this jail, you can access to:
* all session values and CGI environment variables (through `$ENV{<HTTP_NAME>}`)
* All session values and CGI environment variables (through `$ENV{<HTTP_NAME>}`)
* Core Perl subroutines (split, pop, map, etc.)
* :doc:`Custom functions<customfunctions>`
* The `encode_base64 <http://perldoc.perl.org/MIME/Base64.html>`__ subroutine
* Information about current request
* Extended functions:
* Extended functions except basic, iso2unicode and unicode2iso:
* basic_
* checkDate_
@ -36,9 +36,11 @@ Inside this jail, you can access to:
* inGroup_ (|new| in version 2.0.8)
* isInNet6_
* iso2unicode_
* iso2unicodeSafe_ (|new| in version 2.0.15)
* listMatch_ (|new| in version 2.0.7)
* token_
* unicode2iso_
* unicode2isoSafe_ (|new| in version 2.0.15)
* varIsInUri_ (|new| in version 2.0.7)
@ -53,48 +55,71 @@ Inside this jail, you can access to:
Extended Functions List
-----------------------
date
~~~~
basic
~~~~~
Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT
by calling ``date(1)``
.. attention::
::
This function is not compliant with the :doc:`Safe jail<safejail>`,
you will have to disable the jail to use it.
For example: date(1) lt '19551018080000'
dateToTime
~~~~~~~~~~
This function builds the ``Authorization`` HTTP header employed in
:doc:`HTTP Basic authentication scheme<applications/authbasic>`. It will
convert `user` and `password` parameters from UTF-8 to ISO-8859-1.
.. versionadded:: 2.0.12
Functions parameters:
Converts a string date into epoch time.
The date format is the LDAP date syntax, for example for the 1st March
2009 (GMT):
::
20090301000000Z
The date may end with a differential timezone that is interpreted to
adjust the epoch time, for example for the 1st March 2009 (+0100):
::
20090301000000+0100
- **user**
- **password**
Simple usage example:
::
dateToTime($ssoStartDate) lt dateToTime(date(1))
basic($uid,$_password)
checkDate
~~~~~~~~~
This function checks date of current request, and compare it to
a start date and an end date. It returns 1 if this matches, 0 else.
The date format corresponds to LDAP date syntax, for example for the 1st of March
2009 (GMT)
::
20090301000000Z
|new| Since version 2.0.12, the date may end with a differential timezone,
for example for the 1st of March 2009 (+0100):
::
20090301000000+0100
Functions parameters:
- **start**: Start date (GMT unless, |new| since version 2.0.12, a
differential timezone is included)
- **end**: End date (GMT unless, |new| since version 2.0.12, a
differential timezone is included)
- **default_access** (optional): Which result to return if **start** and
**end** dates are empty
Simple usage example:
::
checkDate($ssoStartDate, $ssoEndDate)
checkLogonHours
~~~~~~~~~~~~~~~
This function will check the day and the hour of current request, and
compare it to allowed days and hours. It returns 1 if this match, 0
This function checks the day and the hour of current request, and
compare it to allowed days and hours. It returns 1 if matches, 0
else. By default, the allowed days and hours is an hexadecimal
value, representing each hour of the week. A day has 24 hours, and a
week 7 days, so the value contains 168 bits, converted into 42
@ -112,12 +137,12 @@ For example, for a full access, excepted week-end:
You can use the binary value from the logonHours attribute of Active
Directory, or create a custom attribute in your LDAP schema.
Functions parameters:
Function parameters:
- **logon_hours**: string representing allowed logon hours (GMT)
- **logon_hours**: String representing allowed logon hours (GMT)
- **syntax** (optional): ``hexadecimal`` (default) or ``octetstring``
- **time_correction** (optional): hours to add or to subtract
- **default_access** (optional): what result to return if
- **time_correction** (optional): Hours to add or to subtract
- **default_access** (optional): Which result to return if
**logon_hours** is empty
Simple usage example:
@ -156,113 +181,58 @@ rejected. You can allow these users instead of reject them:
checkLogonHours($ssoLogonHours, '', '', '1')
date
~~~~
checkDate
~~~~~~~~~
This function will check the date of current request, and compare it to
a start date and an end date. It returns 1 if this match, 0 else.
The date format is the LDAP date syntax, for example for the 1st of March
2009 (GMT)
Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT
by calling ``date(1)``
::
20090301000000Z
For example: date(1) lt '19551018080000'
|new| Since version 2.0.12, the date may end with a differential timezone,
for example for the 1st of March 2009 (+0100):
dateToTime
~~~~~~~~~~
.. versionadded:: 2.0.12
Used for converting a string date into epoch time.
The date format is the LDAP date syntax, for example for the 1st March
2009 (GMT):
::
20090301000000Z
The date may end with a differential timezone that is interpreted to
adjust the epoch time, for example for the 1st March 2009 (+0100):
::
20090301000000+0100
Functions parameters:
- **start**: Start date (GMT unless, |new| since version 2.0.12, a
differential timezone is included)
- **end**: End date (GMT unless, |new| since version 2.0.12, a
differential timezone is included)
- **default_access** (optional): what result to return if **start** and
**end** are empty
Simple usage example:
::
checkDate($ssoStartDate, $ssoEndDate)
dateToTime($ssoStartDate) lt dateToTime(date(1))
encrypt
~~~~~~~
basic
~~~~~
.. tip::
.. attention::
Since version 2.0, this function is now compliant with
:doc:`Safe jail<safejail>`.
This function is not compliant with
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
it.
This function builds the ``Authorization`` HTTP header used in
:doc:`HTTP Basic authentication scheme<applications/authbasic>`. It will
force conversion from UTF-8 to ISO-8859-1 of user and password data.
Functions parameters:
- **user**
- **password**
Simple usage example:
This function uses the secret key of LL::NG configuration to crypt a data.
This can be used for anonymizing identifier given to the protected
application.
::
basic($uid,$_password)
unicode2iso
~~~~~~~~~~~
.. attention::
This function is not compliant with
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
it.
This function convert a string from UTF-8 to ISO-8859-1.
Functions parameters:
- **string**
Simple usage example:
::
unicode2iso($name)
iso2unicode
~~~~~~~~~~~
.. attention::
This function is not compliant with
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
it.
This function convert a string from ISO-8859-1 to UTF-8.
Functions parameters:
- **string**
Simple usage example:
::
iso2unicode($name)
encrypt($_whatToTrace)
groupMatch
~~~~~~~~~~
@ -316,6 +286,71 @@ Example::
$_2fDevices =~ /"type":\s*"TOTP"/s
inGroup
~~~~~~~
.. versionadded:: 2.0.8
This function lets you test if the user is in a given group. It is
case-insensitive.
Usage example:
::
inGroup('admins')
inGroup('test users')
The function returns 1 if the user belongs to the given group, and 0 if
they don't.
isInNet6
~~~~~~~~
Function to check if an IPv6 address is in a subnet. Example *check if
IP address is local*:
.. code-block:: perl
isInNet6($ipAddr, 'fe80::/10')
iso2unicode
~~~~~~~~~~~
.. attention::
This function is not compliant with :doc:`Safe jail<safejail>`.
You will have to disable the jail to use it.
This function converts a string from ISO-8859-1 to UTF-8.
Function parameter:
- **string**
Simple usage example:
::
iso2unicode($name)
iso2unicodeSafe
~~~~~~~~~~~~~~~
This function converts a string from ISO-8859-1 to UTF-8
but it is not as portable as the original one.
Functions parameters:
- **string**
Simple usage example:
::
iso2unicodeSafe($name)
.. _listMatch:
listMatch
@ -346,42 +381,6 @@ Simple usage example:
The function returns 1 if the value was found, and 0 if it was not
found.
inGroup
~~~~~~~
.. versionadded:: 2.0.8
This function lets you test if the user is in a given group. It is
case-insensitive.
Usage example:
::
inGroup('admins')
inGroup('test users')
The function returns 1 if the user belongs to the given group, and 0 if
they don't.
encrypt
~~~~~~~
.. tip::
Since version 2.0, this function is now compliant with
:doc:`Safe jail<safejail>`.
This function uses the secret key of LLNG configuration to crypt a data.
This can be used for anonymizing identifier given to the protected
application.
::
encrypt($_whatToTrace)
token
~~~~~
@ -392,16 +391,6 @@ This function generates token used for
token($_session_id,'webapp1.example.com','webapp2.example.com')
isInNet6
~~~~~~~~
Function to check if an IPv6 address is in a subnet. Example *check if
IP address is local*:
.. code-block:: perl
isInNet6($ipAddr, 'fe80::/10')
varIsInUri
~~~~~~~~~~
@ -433,3 +422,39 @@ Example *check if $uid is in /check-auth/ URI*:
:width: 35px
.. |image1| image:: /documentation/new.png
:width: 35px
unicode2iso
~~~~~~~~~~~
.. attention::
This function is not compliant with :doc:`Safe jail<safejail>`.
You will have to disable the jail to use it.
This function convert a string from UTF-8 to ISO-8859-1.
Function parameter:
- **string**
Simple usage example:
::
unicode2iso($name)
unicode2isoSafe
~~~~~~~~~~~~~~~
This function convert a string from UTF-8 to ISO-8859-1
but it is not as portable as the original one.
Function parameter:
- **string**
Simple usage example:
::
unicode2isoSafe($name)

3
doc/sources/admin/external2f.rst
View File

@ -30,6 +30,9 @@ All parameters are configured in "General Parameters » Portal Parameters
/ Verification to an external provider. You must also use *$code*
which is the value entered by user; Example:
``/usr/local/bin/verify --uid $uid --code $code``
- **Re-send interval**: Set this to a non-empty value to allow the user to
re-send the code in case a transmission error occured. The value sets how
many seconds the user has to wait before each attempt
- **Authentication level** (Optional): if you want to overwrite the
value sent by your authentication module, you can define here the new
authentication level. Example: 5

55
doc/sources/admin/hooks.rst
View File

@ -178,6 +178,61 @@ Sample code::
}
oidcGotOnlineRefresh
~~~~~~~~~~~~~~~~~~~~
.. versionadded:: 2.0.15
This hook is triggered when LemonLDAP::NG handles a Refresh Token grant for an
online session
The hook's parameters are:
* the configuration key of the relying party which received the grant
* A hash of session data for the (internal) Refresh Token session
* A hash of the user's session data
Sample code::
use constant hook => {
oidcGotOnlineRefresh => 'logRefresh',
};
sub logRefresh {
my ( $self, $req, $rp, $refreshInfo, $sessionInfo ) = @_;
my $uid = $sessionInfo->{uid};
$self->userLogger->info("OIDC application $rp requested a new access token for $uid");
return PE_OK;
}
oidcGotOfflineRefresh
~~~~~~~~~~~~~~~~~~~~~
.. versionadded:: 2.0.15
This hook is triggered when LemonLDAP::NG handles a Refresh Token grant for an
offline session
The hook's parameters are:
* the configuration key of the relying party which received the grant
* A hash of session data for the (internal) Refresh Token session, which also
contains user attributes
Sample code::
use constant hook => {
oidcGotOfflineRefresh => 'logRefreshOffline',
};
sub logRefreshOffline {
my ( $self, $req, $rp, $refreshInfo ) = @_;
my $uid = $refreshInfo->{uid};
$self->userLogger->info("OIDC application $rp used offline access for $uid");
return PE_OK;
}
SAML Issuer hooks
-----------------

2
doc/sources/admin/idpopenidconnect.rst
View File

@ -340,6 +340,8 @@ Options
- **Logout**
- **Bypass confirm**: Bypass logout confirmation when logout is initiated
by relaying party
- **Allowed redirection addresses for logout**: A space-separated list of
URLs that this client can redirect the user to once the logout is done
(through ``post_logout_redirect_uri``)

1
doc/sources/admin/index_plugins.rst
View File

@ -28,5 +28,6 @@ Plugins
resetpassword
resetcertificate
restservices
restauthuserpwdbackend
soapservices
stayconnected

1
doc/sources/admin/index_portal.rst
View File

@ -6,6 +6,7 @@ Portal configuration
portal
portalcustom
jqueryevents
portalmenu
portalservers
captcha

42
doc/sources/admin/jqueryevents.rst Normal file
View File

@ -0,0 +1,42 @@
Available JQuery Events
========================
Some portal functions (such as 2FA registration) are performed by Javascript.
We offer a few custom events that let you react to certain high-level Javascript events
Second factor management
------------------------
mfaAdded
~~~~~~~~
.. versionadded:: 2.0.15
This event is triggered when a TOTP, WebAuthn or U2F device is registered
Sample code:
.. code:: javascript
$(document).on( "mfaAdded", { }, function( event, info ) {
console.log( "Added MFA of type" + info.type );
// Your code here
});
mfaDeleted
~~~~~~~~~~~
.. versionadded:: 2.0.15
This event is triggered when a TOTP, WebAuthn or U2F device is removed
Sample code:
.. code:: javascript
$(document).on( "mfaDeleted", { }, function( event, info ) {
console.log( "Removed MFA of type" + info.type );
// Your code here
});

3
doc/sources/admin/mail2f.rst
View File

@ -45,6 +45,9 @@ Mail second factor".
- **Mail body**: The plain text content of the email the user will
receive. If you leave it blank, the ``mail_2fcode`` HTML template
will be used. The one-time code is stored in the ``$code`` variable
- **Re-send interval**: Set this to a non-empty value to allow the user to
re-send the code in case a transmission error occured. The value sets how
many seconds the user has to wait before each attempt
- **Authentication level** (Optional): if you want to overwrite the
value sent by your authentication module, you can define here the new
authentication level. Example: 5

41
doc/sources/admin/nodehandler.rst
View File

@ -12,13 +12,13 @@ Examples
**Important things**:
- The above examples below are written for version 0.6.0 in CommonJS
but Node.js handler can be used in ES7 and/or Typescript code
- Rules and headers must be written in javascript for these hosts
(example ``$uid eq "dwho"`` becomes ``$uid === "dwho"``)
- Multi-lines are not supported in lemonldap-ng.ini
- Virtualhosts handled by node-lemonldap-ng-handler must be explicitly
declared in your ``lemonldap-ng.ini`` file in ``[node-handler]``
section (**NB**: section ``[handler]`` isn't used by node
handler):
section
.. code-block:: ini
@ -40,12 +40,14 @@ FastCGI server
configStorage: {
"confFile": "/path/to/lemonldap-ng.ini"
}
});
}).then( () => {
handler.nginxServer({
"mode": "fcgi", // or "http", default: fcgi
"port": 9090, // default value
"ip": 'localhost' // default value
});
handler.nginxServer({
"mode": "fcgi", // or "http", default: fcgi
"port": 9090, // default value
"ip": 'localhost' // default value
});
Nginx configuration
@ -98,16 +100,17 @@ Use it to protect an express app
configStorage: {
"confFile":"test/lemonldap-ng.ini"
}
});
// and load it
app.use(handler.run);
// Then simply use your express app
app.get('/', function(req, res) {
return res.send('Hello ' + req.headers['Auth-User'] + ' !');
});
app.listen(3000, function() {
return console.log('Example app listening on port 3000!');
}).then( () => {
// and load it
app.use(handler.run);
// Then simply use your express app
app.get('/', function(req, res) {
return res.send('Hello ' + req.headers['Auth-User'] + ' !');
});
app.listen(3000, function() {
return console.log('Example app listening on port 3000!');
});
});

3
doc/sources/admin/openidconnectservice.rst
View File

@ -10,9 +10,10 @@ Issuer identifier
~~~~~~~~~~~~~~~~~
Set the issuer identifier, which should be the portal URL.
For example: http://auth.example.com
Set a blank value to use Portal URL.
Endpoints
~~~~~~~~~~

1
doc/sources/admin/parameterlist.rst
View File

@ -562,6 +562,7 @@ sfEngine Second factor engine
sfExtra Extra second factors ✔
sfManagerRule Rule to display second factor Manager link ✔
sfOnlyUpgrade Only trigger second factor on session upgrade ✔
sfLoginTimeout Timeout for 2F login process ✔
sfRegisterTimeout Timeout for 2F registration process ✔
sfRemovedMsgRule Display a message if at leat one expired SF has been removed ✔
sfRemovedNotifMsg Notification message ✔

32
doc/sources/admin/portalcustom.rst
View File

@ -15,13 +15,25 @@ Portal > Customization > Main logo.
A blank value disables Main logo display.
.. tip::
- Logo files must be stored in lemonldap-ng-portal/site/htdocs/static/my/path directory
- Logo file path must be like my/path/logo.png
- Main logo is included in Portal templates AND mail body
Favicon
~~~~~~~
You can change the default favicon in Manager: General Parameters >
Portal > Customization > Favicon.
A blank value displays default favicon ``common/favicon.ico``.
.. tip::
- Logo files must be stored in lemonldap-ng-portal/site/htdocs/static/my/path directory
- Logo file path must be like my/path/logo.ico
Show languages choice
~~~~~~~~~~~~~~~~~~~~~
@ -33,12 +45,18 @@ Option enabled by default.
.. tip::
If languages choice is disabled, Portal displays accepted languages by
your browser (EN by default).
Scroll to top button
~~~~~~~~~~~~~~~~~~~~
You can display a button to go to back to the top after <value> pixels scrolling.
.. tip::
A blank or null value disable this feature.
Custom CSS file
~~~~~~~~~~~~~~~
@ -202,6 +220,12 @@ To change CSS, two options:
<link href="<TMPL_VAR NAME="STATIC_PREFIX">myskin/css/myskin.css" rel="stylesheet" type="text/css" />
To add custom JS, create a new file in myskin/js/custom.js and load it in customhead.tpl ::
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/js/custom.js"></script>
In this file, you can access JQuery functions, and hook your code to :doc:`JQuery events <jqueryevents>`
Put then all custom HTML code in the custom template files.
To configure your new skin in Manager, select the custom skin, and enter
@ -361,7 +385,7 @@ Password Policy
- **Minimal upper characters**: leave 0 to bypass the check
- **Minimal digit characters**: leave 0 to bypass the check
- **Minimal special characters**: leave 0 to bypass the check
- **Allowed special characters**: set '__ALL__' value to allow ALL special characters. A blanck value forbids ALL special characters (Note that ``_`` is not a special character)
- **Allowed special characters**: set '__ALL__' value to allow ALL special characters. A blank value forbids ALL special characters (Note that ``_`` is not a special character)
.. _portalcustom-other-parameters:

3
doc/sources/admin/prereq.rst
View File

@ -95,6 +95,8 @@ Second factor
- Crypt::U2F::Server::Simple (U2F keys)
- Convert::Base32 (TOTP)
- Authen::WebAuthn (FIDO2 WebAuthen)
- Authen::OATH (OTP)
Specific authentication backends
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -138,6 +140,7 @@ Unit tests
- Authen::U2F::Tester
- Crypt::U2F::Server
- Test::MockObject
- DBD::SQLite
- Test::Output
- Test::POD
- Time::Fake

6
doc/sources/admin/resetpassword.rst
View File

@ -84,8 +84,6 @@ Then go in Manager, ``General Parameters`` » ``Plugins`` »
- **Display generate password box**: display a checkbox to allow
user to generate a new password instead of choosing one (default:
disabled)
::
* **Regexp for password generation**: Regular expression used to generate the password (default: [A-Z]{3}[a-z]{5}.\d{2})
- **Regexp for password generation**: Regular expression used to generate the password. Set a blank value to use
password policy if enabled or default regexp will be employed: [A-Z]{3}[a-z]{5}.\d{2}

31
doc/sources/admin/rest2f.rst
View File

@ -12,11 +12,17 @@ All parameters are set in "General Parameters » Portal Parameters »
Second Factors » REST 2nd Factor".
- **Activation**
- **Code regex**: regular expression to create an OTP code. If this option is
set, LemonLDAP::NG will generate the code and send it through the Init URL,
then verify it internally.
- **Init URL** *(optional)*: REST URL to initialize dialog *(send
OTP)*. Leave it blank if your API doesn't need any initialization
- **Init arguments**: list of arguments to send *(see below)*
- **Verify URL** *(required)*: REST URL to verify code
- **Verify arguments**: list of arguments to send *(see below)*
- **Re-send interval**: Set this to a non-empty value to allow the user to
re-send the code in case a transmission error occured. The value sets how
many seconds the user has to wait before each attempt
- **Authentication level** (Optional): if you want to overwrite the
value sent by your authentication module, you can define here the new
authentication level. Example: 5
@ -31,20 +37,31 @@ Arguments are a list of key/value. Key is the name of JSON entry, value
is attribute or macro name.
.. attention::
For Verify URL, you should send ``$code`` at least
REST Dialog
REST Dialog
-----------
REST web services have just to reply with a "result" key in a JSON file.
Auth/UserDB can add an "info" array. It will be stored in session data
(without reading "Exported variables").
If *Code regex* is set
~~~~~~~~~~~~~~~~~~~~~~
========== ================================================ ====================================
URL Query Response
========== ================================================ ====================================
Init URL JSON file: ``{"user":$user,...}`` JSON file: ``{"result":true/false}``
Verify URL JSON file: ``{"user":$user,"code":"$code",...}`` JSON file: ``{"result":true/false}``
Init URL JSON body: ``{"user":$user,"code":"$code",...}`` JSON body: ``{"result":true/false}``
========== ================================================ ====================================
The Verify URL is not called, since the code is checked against the internally saved value
If *Code regex* is not set
~~~~~~~~~~~~~~~~~~~~~~~~~~
========== ================================================ ====================================
URL Query Response
========== ================================================ ====================================
Init URL JSON body: ``{"user":$user,...}`` JSON body: ``{"result":true/false}``
Verify URL JSON body: ``{"user":$user,"code":"$code",...}`` JSON body: ``{"result":true/false}``
========== ================================================ ====================================

90
doc/sources/admin/restauthuserpwdbackend.rst Normal file
View File

@ -0,0 +1,90 @@
REST auth/user/password backend
===============================
LL::NG Portal provides REST end points for auth/user/password:
- POST /proxy/pwdConfirm: check password
- POST /proxy/getUser: get user data
- POST /proxy/pwdReset: update password
These end points can be used to connect another LemonLDAP::NG server using :doc:`REST authentication backend<authrest>`.
API
---
Password confirm
~~~~~~~~~~~~~~~~
POST a JSON structure with ``user`` and ``password``.
It will return a JSON structure with ``result`` parameter (``true`` or ``false``).
Request:
.. code::
curl -H "Accept: application/json" -d '{"user":"dwho","password":"dwho"}' https://auth.example.com/proxy/pwdConfirm
Response:
.. code-block:: javascript
{"result":true}
Get user data
~~~~~~~~~~~~~
POST a JSON structure with ``user``.
It will return a JSON structure with ``result`` and ``info`` parameters.
Request:
.. code::
curl -H "Accept: application/json" -d '{"user":"rtyler"}' https://auth.example.com/proxy/getUser
Response:
.. code-block:: javascript
{"info":{"_utime":1651055131,"hGroups":{"users":{"name":"users"},"earthlings":{"name":"earthlings"}},"ipAddr":"127.0.0.1","_auth":"Demo","_url":null,"uid":"rtyler","mail":"rtyler@badwolf.org","_userDB":"Demo","_startTime":"20220427122531","UA":"curl/7.68.0","cn":"Rose Tyler","_user":"rtyler","_language":"en","groups":"users; earthlings","_whatToTrace":"rtyler"},"result":true}
Update password
~~~~~~~~~~~~~~~
POST a JSON structure with ``user`` or ``mail`` and ``password``.
It will return a JSON structure with ``result`` parameter.
Request:
.. code::
curl -H "Accept: application/json" -d '{"user":"rtyler","password":"secret"}' https://auth.example.com/proxy/pwdReset
Response:
.. code-block:: javascript
{"result":true}
Setup
-----
Manager
~~~~~~~
First, activate REST in ``General parameters`` » ``Plugins`` »
``Portal servers`` » ``REST authentication server`` and ``REST password reset server``.
Apache
~~~~~~
REST end points access must be allowed in Apache portal
configuration (for example, access by IP range):
.. code-block:: apache
# REST/SOAP functions for proxy auth and password reset (disabled by default)
<Location /index.fcgi/proxy>
Require ip 192.168.2.0/24
</Location>

8
doc/sources/admin/restservices.rst
View File

@ -21,6 +21,9 @@ example:
$env->{HTTP_ACCEPT} !~ m:application/json:
Another solution is using the :doc:`REST auth/user/password backend<restauthuserpwdbackend>`.
API
^^^
@ -46,7 +49,8 @@ The JSON response fields are:
- ``error``: error code, the corresponding error can be found in
:doc:`Portal error codes<error_codes>`
- ``id``: if authentication succeed, the session id is returned in this
field
field. This id is not returned if you call the REST endpoint with the
session cookie (which means you are already authenticated).
.. tip::
@ -59,7 +63,7 @@ The JSON response fields are:
Before version 2.0.4, the response to a success
authentication had no ``id`` field, and ``error`` field was named
``code`` (use Cookie header to get id value).
``code``.
Example
^^^^^^^

11
doc/sources/admin/secondfactor.rst
View File

@ -76,10 +76,19 @@ of doing a complete reauthentication.
.. |beta| image:: /documentation/beta.png
Login timeout
-------------
Allowed time for the user to authenticate using their second factor. By default
it is set to 2 minutes, but some complex second factor types (TOTP, email...)
may require more time to be used.
Registration timeout
--------------------
Allowed time to register a TOTP.
Allowed time for the user to register their new second factor. By default it is
set to 2 minutes, but some complex second factor types (TOTP...) may require
more time to be registered.
Second factor expiration
------------------------

2
doc/sources/admin/security.rst
View File

@ -310,7 +310,7 @@ Go in Manager, ``General parameters`` » ``Advanced parameters`` »
authentication renewal cannot be forced, used to prevent to loose the
current authentication during the main process. If you experience
slow network performances, you can increase this value.
- **Encryption key**: key used to crypt some data, should not be known
- **Encryption key**: key used for crypting some data, should not be known
by other applications
- **Trusted domains**: domains on which the user can be redirected
after login on portal.

30
doc/sources/admin/servertoserver.rst
View File

@ -5,16 +5,16 @@ In modern applications, web application may need to request some other
web applications on behalf of the authenticated users. There are three
ways to do this:
- the Ugly : provide to all applications SSO cookie. Not secured
- the Ugly: provide to all applications SSO cookie. Not secured
because SSO cookie can be caught and used everywhere, every time by
everyone!!! **NOT RECOMMENDED**.
- the Bad (:doc:`Secure Token Handler<securetoken>`)
: **Deprecated**. Can be used in specific cases
- the Good (Service Token Handler): See below ! (Thanks Sergio...)
- the Bad (:doc:`Secure Token Handler<securetoken>`): **Deprecated**.
Should be used for specific cases
- the Good (Service Token Handler): See below! (Thanks Sergio...)
The "Bad" method consists to give the token (cookie value) to WebApp1
which uses it as cookie header in its request. Since 2.0 version, LL::NG
gives a better way (the Good !) to do this by using limited scope
gives a better way (the Good!) to do this by using limited scope
tokens.
Tokens are time limited (30 seconds by default) and URL restricted.
@ -24,22 +24,22 @@ Tokens are time limited (30 seconds by default) and URL restricted.
Webapp1 handler configuration
-----------------------------
Select **Main** handler type to protect WebApp1 and insert a header
named **X-Llng-Token** filled with this value:
Select **Main** handler type to protect WebApp1 and append a header containing:
.. code-block:: perl
token( $_session_id, 'webapp2.example.com', 'webapp3.example.com', 'serviceHeader1=webapp1.example.com', "testHeader=$uid" )
WebApp1 can read this header and use it in its requests by setting the
``X-Llng-Token`` header. The token is built by using the session ID and
authorized virtualhosts list. By default, the Service Token is only
available during 30 seconds and for specified virtualhosts. The token
can be use to send service headers to webapp2 like origin host by
example.
``X-LLNG-TOKEN`` header. The token is built by using the ``token`` extended
with session ID and authorized virtualhosts list parameters. A Service Token is valide
for the specified virtual hosts only and during 30 seconds by default. It can also be
used for sending service headers (headerName1=headerValue1) to requested
apps. Can be useful to send the origin host by example. Service headers are
sent to ALL requested applications.
You can set ServiceToken TTL in the virtualHost options in Manager for
each required virtualHost.
You can set Service Token TTL by editing virtualHost options in Manager
for each requested virtualHost.
You can also set ServiceToken default timeout (30 seconds) by editing
``lemonldap-ng.ini`` in section [handler]:
@ -58,7 +58,7 @@ Webapp2 handler configuration
-----------------------------
Change handler type to **ServiceToken**. So it is able to manage both
user and server connections. And that's all !
user and server connections. And that's all!
.. |Kinematic| image:: documentation/server_to_server.png

2
doc/sources/admin/start.rst
View File

@ -288,7 +288,7 @@ Name Description
:doc:`Context switching<contextswitching>` [7]_\ |new| Switch context other users
:doc:`CrowdSec<crowdsec>` [8]_\ |new| CrowdSec bouncer
:doc:`Custom<plugincustom>` Write a custom plugin
:doc:`Decrypt value<decryptvalue>` [9]_\ |beta| Decrypt ciphered values
:doc:`Decrypt value<decryptvalue>` [9]_\ Decrypt ciphered values
:doc:`Display login history<loginhistory>` Display Success/Fails logins
:doc:`Force Authentication<forcereauthn>` Force authentication to access to Portal
:doc:`Global Logout<globallogout>` [10]_ Suggest to close all opened sessions at logout

20
doc/sources/admin/totp2f.rst
View File

@ -47,8 +47,26 @@ In the manager (advanced parameters), you just have to enable it:
TOTP
- **Issuer name** (Optional): default to portal hostname
- **Interval**: interval for TOTP algorithm (default: 30)
- **Range of attempts**: number of additional intervals to test (default: 1)
.. warning::
Many mobile applications only support the default value
- **Range of attempts**: number of additional intervals to test (default: 1).
Use this settings if your server and phone clocks are not perfectly in sync,
at the cost of weaker security.
.. note::
Range is tested backward and forward to prevent
positive or negative clock drift.
- **Number of digits**: number of digit by codes (default: 6)
.. warning::
Many mobile applications only support the default value
- **Authentication level**: you can overwrite here auth level for TOTP
registered users. Leave it blank keeps auth level provided by first
authentication module *(default: 2 for user/password based modules)*.

75
doc/sources/admin/upgrade_2_0_x.rst
View File

@ -26,6 +26,81 @@ Known regressions in the latest released version
None
2.0.15
------
New Captcha API
~~~~~~~~~~~~~~~
It is now possible to create your own Captcha modules to replace the one provided by default.
In order for custom Captcha modules to work, you need to modify your custom ``standardform.tpl``, ``mail.tpl`` and ``register.tpl`` template files:
.. code:: diff
- <TMPL_IF NAME=CAPTCHA_SRC>
- <TMPL_INCLUDE NAME="captcha.tpl">
+ <TMPL_IF NAME=CAPTCHA_HTML>
+ <TMPL_VAR NAME=CAPTCHA_HTML>
</TMPL_IF>
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
Re-send 2FA code
~~~~~~~~~~~~~~~~
The :doc:`mail <mail2f>`, :doc:`external <external2f>` and :doc:`REST <rest2f>` based 2FA types can now re-send the user code if delivery failed for some reason. If you use custom templates, you must update ``ext2fcheck.tpl``
.. code:: diff
--- a/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
@@ -26,6 +26,12 @@
</button>
</div>
<div class="buttons">
+ <TMPL_IF "RESENDTARGET">
+ <button type="submit" class="btn btn-primary" formaction="<TMPL_VAR "RESENDTARGET">">
+ <span class="fa fa-repeat"></span>
+ <span trspan="resendCode">Re-send code</span>
+ </button>
+ </TMPL_IF>
<a href="<TMPL_VAR NAME="PORTAL_URL">?cancel=1&skin=<TMPL_VAR NAME="SKIN">" class="btn btn-primary" role="button">
<span class="fa fa-home"></span>
<span trspan="cancel">Cancel</span>
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
Customizing the 2FA logo in the registration screen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The 2FA registration screen now displays the custom logo and label set in configuration. If you use custom templates, you should update ``2fregisters.tpl``
.. code:: diff
@@ -77,10 +77,16 @@
<div class="card border-secondary">
<div class="card-body py-3">
<a href="<TMPL_VAR NAME="URL">" class="nodecor">
- <img src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/<TMPL_VAR NAME="LOGO">" alt="<TMPL_VAR NAME="CODE">2F" title="<TMPL_VAR NAME="CODE">2F" />
+ <img src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/<TMPL_VAR NAME="LOGO">" alt="<TMPL_VAR NAME="CODE">2f" title="<TMPL_VAR NAME="LABEL">" />
</a>
</div>
- <div class="card-footer text-white text-uppercase bg-secondary"><TMPL_VAR NAME="CODE">2F</div>
+ <div class="card-footer text-white text-uppercase bg-secondary">
+ <TMPL_IF LABEL>
+ <p><TMPL_VAR NAME="LABEL"></p>
+ <TMPL_ELSE>
+ <p trspan="<TMPL_VAR NAME="CODE">2f"></p>
+ </TMPL_IF>
+ </div>
</div>
</div>
</TMPL_LOOP>
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
2.0.14
------

16
doc/sources/admin/useoutgoingproxy.rst
View File

@ -1,13 +1,15 @@
Use an outgoing proxy
=====================
For some protocols, LL::NG has to directly contact the external server.
For some protocols, LemonLDAP::NG has to directly contact the external server.
This is the case for example with CAS authentication (validation of
service ticket) or OpenID Connect authentication (access to token
endpoint and userinfo endpoint).
If the LL::NG server needs a proxy for outgoing connections, then you
need to configure some environment variables.
need to configure some environment variables. By default, only connections
to external systems (CAS, OIDC, etc.) are done through the proxy, while HTTP
connections in between LemonLDAP::NG components are not.
Apache
------
@ -21,6 +23,11 @@ In Apache configuration, set:
# on Centos7, you need LWP::Protocol::connect
# FcgidInitialEnv https_proxy connect://X.X.X.X:X
# Optional: use this to force ALL http connections to go
# through the proxy. This is only useful in some scenarios
# FcgidInitialEnv PERL_LWP_ENV_PROXY 1
# FcgidInitialEnv no_proxy <urls-without-proxy>
Nginx/FastCGI
-------------
@ -33,3 +40,8 @@ add in ``/etc/default/lemonldap-ng-fastcgi-server`` :
# on Centos7, you need LWP::Protocol::connect
# https_proxy=connect://X.X.X.X:X
# Optional: use this to force ALL http connections to go
# through the proxy. This is only useful in some scenarios
# PERL_LWP_ENV_PROXY=1
# no_proxy=<urls-without-proxy>

9
doc/sources/admin/variables.rst
View File

@ -46,6 +46,7 @@ Key Description
\_auth Authentication module
\_userDB User module
\_passwordDB Password module
\_2f Second factor (if 2FA was used)
\_issuerDB Issuer module (can be multivalued)
\_authChoice User choice done if :doc:`authentication choice<authchoice>` was used
\_authMulti Full name of authentication module (with ``#label``) used in Multi
@ -147,15 +148,17 @@ Key Description
OpenID Connect
--------------
============================ ===============================================
============================ ======================================================================
Key Description
============================ ===============================================
============================ ======================================================================
\_oidc_id_token ID Token
\_oidc_OP Configuration key of OP used for authentication
\_oidc_access_token OAuth2 Access Token used to get UserInfo data
\_oidc_access_token_eol Timestamp after which the Access Token should no longer be valid
\_oidc_refresh_token OAuth2 Refresh Token. This should never be transmitted to applications
\_oidc_consent_scope\_\ *rp* Scope for which consent was given for RP *rp*
\_oidc_consent_time\_\ *rp* Time when consent was given for RP *rp*
============================ ===============================================
============================ ======================================================================
Other
-----

2
doc/sources/manager-api/openapi-spec.yaml
View File

@ -1198,6 +1198,8 @@ components:
logoutUrl:
type: string
format: url
logoutBypassConfirm:
type: boolean
clientSecret:
type: string
format: password

1
e2e-tests/lemonldap-ng-ldap.ini
View File

@ -40,6 +40,7 @@ viewerAllowDiff = 1
staticPrefix = /static
instanceName = Demo
;customCSS = css/custom.css
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
templateDir = __pwd__/lemonldap-ng-manager/site/templates

1
e2e-tests/lemonldap-ng-sql.ini
View File

@ -37,6 +37,7 @@ viewerAllowDiff = 1
staticPrefix = /static
instanceName = Demo
;customCSS = css/custom.css
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
templateDir = __pwd__/lemonldap-ng-manager/site/templates

1
e2e-tests/lemonldap-ng.ini
View File

@ -48,6 +48,7 @@ viewerAllowBrowser = 1
viewerAllowDiff = 1
staticPrefix = /static
;customCSS = css/custom.css
instanceName = Demo
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
templateDir = __pwd__/lemonldap-ng-manager/site/templates

1
lemonldap-ng-common/MANIFEST
View File

@ -84,6 +84,7 @@ scripts/lmMigrateConfFiles2ini
scripts/rotateOidcKeys
t/01-Common-Conf.t
t/02-Common-Conf-File.t
t/02-Common-Conf-ServerEnv.t
t/03-Common-Conf-CDBI.t
t/03-Common-Conf-RDBI.t
t/05-Common-Conf-LDAP.t

3
lemonldap-ng-common/META.json
View File

@ -23,8 +23,10 @@
"build" : {
"requires" : {
"IO::String" : "0",
"MIME::Entity" : "0",
"Net::LDAP" : "0",
"String::Random" : "0",
"Test::Output" : "0",
"Test::Pod" : "1"
}
},
@ -61,7 +63,6 @@
"JSON::XS" : "0",
"Mouse" : "0",
"Plack" : "0",
"Test::Pod" : "1",
"URI" : "0"
}
}

3
lemonldap-ng-common/META.yml
View File

@ -4,8 +4,10 @@ author:
- 'Xavier Guimard <x.guimard@free.fr>, Clement Oudot <clement@oodo.net>, Christophe Maudoux <chrmdx@gmail.com>, Maxime Besson <maxime.besson@worteks.com>'
build_requires:
IO::String: '0'
MIME::Entity: '0'
Net::LDAP: '0'
String::Random: '0'
Test::Output: '0'
Test::Pod: '1'
configure_requires:
ExtUtils::MakeMaker: '0'
@ -46,7 +48,6 @@ requires:
JSON::XS: '0'
Mouse: '0'
Plack: '0'
Test::Pod: '1'
URI: '0'
resources:
MailingList: mailto:lemonldap-ng-dev@ow2.org

1
lemonldap-ng-common/Makefile.PL
View File

@ -37,6 +37,7 @@ WriteMakefile(
LICENSE => 'gpl',
BUILD_REQUIRES => {
'IO::String' => 0,
'MIME::Entity' => 0,
'Net::LDAP' => 0,
'String::Random' => 0,
'Test::Pod' => 1.00,

5
lemonldap-ng-common/lemonldap-ng.ini
View File

@ -376,9 +376,12 @@ protection = manager
; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = __MANAGERSTATICDIR__
;
; instanceName: Display current LLNG instance into Manager
;instanceName = Demo
; customCSS: CSS file to customize Manager
;customCSS = css/custom.css
; location of HTML templates directory
templateDir = __MANAGERTEMPLATESDIR__

47
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm
View File

@ -31,6 +31,8 @@ our $VERSION = '2.0.14';
our $msg = '';
our $iniObj;
our $PlaceHolderRe = '%SERVERENV:(.*?)%';
BEGIN {
eval {
require threads::shared;
@ -115,7 +117,7 @@ sub new {
# Serialize $conf and call store().
# @param $conf Lemonldap::NG configuration hashRef
# @param %args Parameters
# @return Number of the saved configuration, 0 in case of error.
# @return Number of the saved configuration, <=0 in case of error.
sub saveConf {
my ( $self, $conf, %args ) = @_;
@ -228,9 +230,10 @@ sub getConf {
$res = $r;
}
# Create cipher object
# Create cipher object and replace variable placeholder
unless ( $args->{raw} ) {
$self->replacePlaceholders($res) if $self->{useServerEnv};
eval {
$res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} );
};
@ -504,6 +507,46 @@ sub logError {
return shift->_launch( 'logError', @_ );
}
sub _substPlaceHolders {
return $_[0] unless $_[0];
$_[0] =~ s/$PlaceHolderRe/$ENV{$1}/geo;
return $_[0];
}
## @method void replacePlaceholders(res: LLNG_Conf)
#
# Recursively replace %SERVERENV:VariableName% by $ENV{VariableName} value
sub replacePlaceholders {
my ( $self, $conf ) = @_;
if ( ref $conf eq 'HASH' ) {
foreach my $key ( keys %$conf ) {
if ( $key =~ /$PlaceHolderRe/o ) {
my $val = $conf->{$key};
delete $conf->{$key};
my $nk = _substPlaceHolders($key);
$conf->{$nk} = $val;
}
next unless ( $conf->{$key} );
if ( ref $conf->{$key} ) {
$self->replacePlaceholders( $conf->{$key} );
}
elsif ( $conf->{$key} =~ /$PlaceHolderRe/o ) {
$conf->{$key} = _substPlaceHolders( $conf->{$key} );
}
}
}
elsif ( ref $conf eq 'ARRAY' ) {
for ( my $i = 0 ; $i < @$conf ; $i++ ) {
if ( ref $conf->[$i] ) {
$self->replacePlaceholders( $conf->[$i] );
}
elsif ( $conf->[$i] =~ /$PlaceHolderRe/o ) {
$conf->[$i] = _substPlaceHolders( $conf->[$i] );
}
}
}
}
1;
__END__

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Compact.pm
View File

@ -4,12 +4,12 @@ use strict;
use Mouse;
use Lemonldap::NG::Common::Conf::ReConstants;
our $VERSION = '2.0.8';
our $VERSION = '2.0.15';
sub compactConf {
my ( $self, $conf ) = @_;
return $conf unless ( $conf->{'compactConf'} );
return $conf unless $conf->{compactConf};
# Remove unused auth parameters
my %keep;

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
View File

@ -29,9 +29,9 @@ use constant DEFAULTCONFBACKEND => "File";
use constant DEFAULTCONFBACKENDOPTIONS => (
dirName => '/usr/local/lemonldap-ng/data/conf',
);
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:a(?:s(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|ptchaOptions)|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnectedBypassFG|orePassword)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|State|User|XSS)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap))|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|to(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|w(?:ebauthn2fUserCanRemoveKey|sdlServer)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|findUser)$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnectedBypassFG|orePassword)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Logout(?:SessionRequired|BypassConfirm)|Re(?:freshToken|quirePKCE)|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|State|User|XSS)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap))|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|to(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|w(?:ebauthn2fUserCanRemoveKey|sdlServer)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|findUser)$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

54
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View File

@ -17,7 +17,7 @@ sub defaultValues {
},
'authChoiceParam' => 'lmAuth',
'authentication' => 'Demo',
'available2F' =>
'available2F' =>
'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
'available2FSelfRegistration' => 'TOTP,U2F,WebAuthn,Yubikey',
'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600',
@ -102,7 +102,7 @@ sub defaultValues {
'globalLogoutTimer' => 1,
'globalStorage' => 'Apache::Session::File',
'globalStorageOptions' => {
'Directory' => '/var/lib/lemonldap-ng/sessions/',
'Directory' => '/var/lib/lemonldap-ng/sessions/',
'generateModule' =>
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
@ -175,20 +175,20 @@ sub defaultValues {
'locationRules' => {
'default' => 'deny'
},
'logoutServices' => {},
'macros' => {},
'mail2fActivation' => 0,
'mail2fCodeRegex' => '\\d{6}',
'mailCharset' => 'utf-8',
'mailFrom' => 'noreply@example.com',
'mailSessionKey' => 'mail',
'mailTimeout' => 0,
'mailUrl' => 'http://auth.example.com/resetpwd',
'managerDn' => '',
'managerPassword' => '',
'max2FDevices' => 10,
'max2FDevicesNameLength' => 20,
'multiValuesSeparator' => '; ',
'logoutServices' => {},
'macros' => {},
'mail2fActivation' => 0,
'mail2fCodeRegex' => '\\d{6}',
'mailCharset' => 'utf-8',
'mailFrom' => 'noreply@example.com',
'mailSessionKey' => 'mail',
'mailTimeout' => 0,
'mailUrl' => 'http://auth.example.com/resetpwd',
'managerDn' => '',
'managerPassword' => '',
'max2FDevices' => 10,
'max2FDevicesNameLength' => 20,
'multiValuesSeparator' => '; ',
'mySessionAuthorizedRWKeys' =>
[ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ],
'newLocationWarningLocationAttribute' => 'ipAddr',
@ -196,7 +196,7 @@ sub defaultValues {
'newLocationWarningMaxValues' => '0',
'notificationDefaultCond' => '',
'notificationServerPOST' => 1,
'notificationServerSentAttributes' =>
'notificationServerSentAttributes' =>
'uid reference date title subtitle text check',
'notificationsMaxRetrieve' => 3,
'notificationStorage' => 'File',
@ -250,7 +250,7 @@ sub defaultValues {
'passwordPolicyMinUpper' => 0,
'passwordPolicySpecialChar' => '__ALL__',
'passwordResetAllowedRetries' => 3,
'persistentSessionAttributes' =>
'persistentSessionAttributes' =>
'_loginHistory _2fDevices notification_',
'port' => -1,
'portal' => 'http://auth.example.com/',
@ -261,11 +261,12 @@ sub defaultValues {
'portalDisplayGeneratePassword' => 1,
'portalDisplayLoginHistory' => 1,
'portalDisplayLogout' => 1,
'portalDisplayOidcConsents' =>
'portalDisplayOidcConsents' =>
'$_oidcConsents && $_oidcConsents =~ /\\w+/',
'portalDisplayRefreshMyRights' => 1,
'portalDisplayRegister' => 1,
'portalErrorOnExpiredSession' => 1,
'portalFavicon' => 'common/favicon.ico',
'portalForceAuthnInterval' => 5,
'portalMainLogo' => 'common/logos/logo_llng_400px.png',
'portalPingInterval' => 60000,
@ -289,11 +290,11 @@ sub defaultValues {
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
'proxy' => 'http://auth.example.com/sessions'
},
'requireToken' => 1,
'rest2fActivation' => 0,
'restAuthnLevel' => 2,
'restClockTolerance' => 15,
'sameSite' => '',
'requireToken' => 1,
'rest2fActivation' => 0,
'restAuthnLevel' => 2,
'restClockTolerance' => 15,
'sameSite' => '',
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'samlAuthnContextMapKerberos' => 4,
@ -333,7 +334,7 @@ sub defaultValues {
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
'samlSPSSODescriptorSingleLogoutServiceHTTPPost' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
@ -341,11 +342,12 @@ sub defaultValues {
'samlSPSSODescriptorSingleLogoutServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
'samlSPSSODescriptorWantAssertionsSigned' => 1,
'scrollTop' => 400,
'securedCookie' => 0,
'sfEngine' => '::2F::Engines::Default',
'sfManagerRule' => 1,
'sfRemovedMsgRule' => 0,
'sfRemovedNotifMsg' =>
'sfRemovedNotifMsg' =>
'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
'sfRemovedNotifRef' => 'RemoveSF',
'sfRemovedNotifTitle' => 'Second factor notification',

8
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
View File

@ -22,12 +22,12 @@ our $specialNodeHash = {
};
our $doubleHashKeys = 'issuerDBGetParameters';
our $simpleHashKeys = '(?:(?:c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|(?:(?:d(?:emo|bi)|webID)E|e)xportedVar|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|OPMetaDataJ(?:SON|WKS))|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))';
our $simpleHashKeys = '(?:(?:c(?:a(?:s(?:StorageOption|Attribute)|ptchaOption)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|(?:(?:d(?:emo|bi)|webID)E|e)xportedVar|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|OPMetaDataJ(?:SON|WKS))|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))';
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|Servic|Rul)e|AuthnLevel)|(?:ExportedVar|Macro)s)';
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|UserI(?:nfoSignAlg|DAttr)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)';
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:Re(?:solutionRule|new)|ProxiedServices|DisplayName|SortNumber|Gateway|Icon|Url)|ExportedVars)';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|(?:ResolutionRul|MaxAg)e|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|Logout(?:SessionRequired|BypassConfirm|Type|Url)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|P(?:ostLogoutRedirectUris|ublic)|UserI(?:nfoSignAlg|DAttr)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|AuthnLevel|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|DevOpsRulesUrl|Https|Port)|(?:exportedHeader|locationRule)s|post)';

17
lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Dispatch.pm
View File

@ -2,19 +2,18 @@ package Lemonldap::NG::Common::Logger::Dispatch;
use strict;
our $VERSION = '2.0.14';
our $VERSION = '2.0.15';
sub new {
no warnings 'redefine';
my $self = bless {}, shift;
my ( $conf, %args ) = @_;
my %bck;
my $last;
my $show = 1;
my ( %bck, $last );
my $root = $args{user} ? 'userLogDispatch' : 'logDispatch';
unless ( $conf->{ $root . 'Error' } ) {
die "At least, ${root}Error must be defined in conf";
}
my $show = 1;
die "At least, ${root}Error must be defined in conf"
unless ( $conf->{ $root . 'Error' } );
foreach my $l (qw(error warn notice info debug)) {
if ($show) {
$last = $conf->{ $root . ucfirst($l) } || $last;
@ -33,9 +32,9 @@ sub new {
eval qq'sub $l {1}';
}
$show = 0 if ( $conf->{logLevel} eq $l );
}
die "Unknown logLevel $conf->{logLevel}" if ($show);
die "Unknown logLevel $conf->{logLevel}" if $show;
return $self;
}

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Sentry.pm
View File

@ -17,6 +17,7 @@ sub new {
my ($conf) = @_;
my $show = 1;
$self->{raven} = Sentry::Raven->new( sentry_dsn => $conf->{sentryDsn} );
foreach (qw(error warn notice info debug)) {
my $rl = $_;
$rl = 'warning' if ( $rl = 'warn' );
@ -31,7 +32,8 @@ qq'sub $_ {\$_[0]->{raven}->capture_message(\$_[1],level => "$rl")}';
}
$show = 0 if ( $conf->{logLevel} eq $_ );
}
die "Unknown logLevel $conf->{logLevel}" if ($show);
die "Unknown logLevel $conf->{logLevel}" if $show;
return $self;
}

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Std.pm
View File

@ -8,6 +8,7 @@ sub new {
no warnings 'redefine';
my $level = $_[1]->{logLevel} || 'info';
my $show = 1;
foreach (qw(error warn notice info debug)) {
if ($show) {
eval
@ -18,7 +19,8 @@ qq'sub $_ {print STDERR "[".localtime."] [LLNG:\$\$] [$_] \$_[1]\n"}';
}
$show = 0 if ( $level eq $_ );
}
die "Unknown logLevel $level" if ($show);
die "Unknown logLevel $level" if $show;
return bless {}, shift;
}

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm
View File

@ -20,6 +20,7 @@ sub new {
eval { openlog( 'LLNG', $self->{options}, $self->{facility} ) };
no warnings 'redefine';
my $show = 1;
foreach (qw(error warn notice info debug)) {
if ($show) {
my $name = $_;
@ -34,7 +35,8 @@ sub new {
}
$show = 0 if ( $level eq $_ );
}
die "Unknown logLevel $level" if ($show);
die "Unknown logLevel $level" if $show;
return $self;
}

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm
View File

@ -6,7 +6,7 @@ use JSON;
use Lemonldap::NG::Common::PSGI::Constants;
use Lemonldap::NG::Common::PSGI::Request;
our $VERSION = '2.0.10';
our $VERSION = '2.0.15';
our $_json = JSON->new->allow_nonref;
@ -18,6 +18,7 @@ has logLevel => ( is => 'rw', isa => 'Str', default => 'info' );
has portal => ( is => 'rw', isa => 'Str' );
has staticPrefix => ( is => 'rw', isa => 'Str' );
has instanceName => ( is => 'rw', isa => 'Str', default => '' );
has customCSS => ( is => 'rw', isa => 'Str', default => '' );
has templateDir => ( is => 'rw', isa => 'Str|ArrayRef' );
has links => ( is => 'rw', isa => 'ArrayRef' );
has menuLinks => ( is => 'rw', isa => 'ArrayRef' );
@ -308,6 +309,7 @@ sub sendHtml {
$htpl->param(
STATIC_PREFIX => $sp,
INSTANCE_NAME => $self->instanceName,
CUSTOM_CSS => $self->customCSS,
SCRIPTNAME => $sc,
( $self->can('tplParams') ? ( $self->tplParams($req) ) : () ),
(

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm
View File

@ -38,9 +38,9 @@ sub new {
return bless( $self, $_[0] );
}
sub data { $_[0]->{data} }
sub data { return $_[0]->{data} }
sub uri { $_[0]->{uri} }
sub uri { return $_[0]->{uri} }
sub userData {
my ( $self, $v ) = @_;

35
lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm
View File

@ -12,13 +12,13 @@ use Lemonldap::NG::Common::IPv6;
use JSON::XS;
use Date::Parse;
our $VERSION = '2.0.12';
our $VERSION = '2.0.15';
# Set here all the names of functions that must be available in Safe objects.
# Not that only functions, not methods, can be written here
# Note that only functions, not methods, can be written here
our $functions =
[
qw(&checkLogonHours &date &dateToTime &checkDate &basic &unicode2iso &iso2unicode &groupMatch &isInNet6 &varIsInUri &has2f_internal)
qw(&checkLogonHours &date &dateToTime &checkDate &basic &unicode2iso &unicode2isoSafe &iso2unicode &iso2unicodeSafe &groupMatch &isInNet6 &varIsInUri &has2f_internal)
];
## @function boolean checkLogonHours(string logon_hours, string syntax, string time_correction, boolean default_access)
@ -202,6 +202,21 @@ sub unicode2iso {
return encode( "iso-8859-1", decode( "utf-8", $string ) );
}
## @function string unicode2isoSafe(string string)
## This function is compliant with the Safe jail
## but not as portable as the original one
# Convert UTF-8 in ISO-8859-1
# @param string UTF-8 string
# @return ISO string
sub unicode2isoSafe {
my ($string) = @_;
my $res = $string;
utf8::decode($res);
utf8::downgrade($res);
return $res;
}
## @function string iso2unicode(string string)
# Convert ISO-8859-1 in UTF-8
# @param string ISO string
@ -212,6 +227,20 @@ sub iso2unicode {
return encode( "utf-8", decode( "iso-8859-1", $string ) );
}
## @function string iso2unicodeSafe(string string)
## This function is compliant with the Safe jail
## but not as portable as the original one
# Convert ISO-8859-1 in UTF-8
# @param string ISO string
# @return UTF-8 string
sub iso2unicodeSafe {
my ($string) = @_;
my $res = $string;
utf8::encode($res);
return $res;
}
## @function int groupMatch(hashref groups, string attribute, string value)
# Check in hGroups structure if a group attribute contains a value
# @param groups The $hGroups variable

2
lemonldap-ng-common/scripts/convertConfig
View File

@ -112,7 +112,7 @@ foreach (@available) {
next if ( $opts{force} );
exit 6;
}
if ( my $r = $new->saveConf( $conf, %newargs ) ) {
if ( $new->saveConf( $conf, %newargs ) > 0 ) {
print "Conf $conf->{cfgNum} stored\n";
next;
}

2
lemonldap-ng-common/scripts/importMetadata
View File

@ -466,7 +466,7 @@ if ( !$opts{'dry-run'} ) {
print "[OK] Configuration $numConf saved\n";
$exitCode = 0;
}
unless ($numConf) {
unless ( $numConf > 0 ) {
print "[ERROR] Unable to save configuration\n";
$exitCode = 1;
}

2
lemonldap-ng-common/scripts/rotateOidcKeys
View File

@ -50,7 +50,7 @@ $conf->{oidcServicePrivateKeySig} = $keys->{private};
$conf->{oidcServicePublicKeySig} = $keys->{public};
$conf->{oidcServiceKeyIdSig} = $keys->{id};
$lmconf->saveConf($conf) or die $Lemonldap::NG::Common::Conf::msg;
( $lmconf->saveConf($conf) > 0 ) or die $Lemonldap::NG::Common::Conf::msg;
print "Configuration saved\n" if $debug;

77
lemonldap-ng-common/t/02-Common-Conf-ServerEnv.t Normal file
View File

@ -0,0 +1,77 @@
use strict;
use Test::More tests => 14;
use Data::Dumper;
BEGIN { use_ok('Lemonldap::NG::Common::Conf') }
my $h;
ok(
$h = new Lemonldap::NG::Common::Conf( {
type => 'File',
dirName => "t/",
}
),
'type => file',
);
my $conf = {
cfgNum => 1,
test => '%SERVERENV:A%',
test2 => '%SERVERENV:B% %SERVERENV:C%',
'%SERVERENV:MYKEY%' => {
test => 'Test: %SERVERENV:A%',
array => [ 'a', '%SERVERENV:B% %SERVERENV:C%', ],
},
};
$ENV{A} = 'Aa';
$ENV{B} = 'Bb';
$ENV{C} = 'Cc';
$ENV{MYKEY} = 'MyKey';
ok( $h->store($conf) == 1, "Conf is stored" )
or print STDERR "$Lemonldap::NG::Common::Conf::msg $!";
my $cfg;
ok( $cfg = $h->getConf( { cfgNum => 1 } ), "Conf can be read" )
or print STDERR $Lemonldap::NG::Common::Conf::msg;
ok( $cfg->{test} eq '%SERVERENV:A%',
'%SERVERENV:A% is not substitued into Aa without useServerEnv' )
or print STDERR "Expect $cfg->{test} eq %SERVERENV:A%\n";
unlink 't/lmConf-1.json';
ok(
$h = new Lemonldap::NG::Common::Conf( {
type => 'File',
dirName => "t/",
useServerEnv => 1,
}
),
'type => file',
);
ok( $h->store($conf) == 1, "Conf is stored" )
or print STDERR "$Lemonldap::NG::Common::Conf::msg $!";
ok( $cfg = $h->getConf( { cfgNum => 1 } ), "Conf can be read" )
or print STDERR $Lemonldap::NG::Common::Conf::msg;
ok( $cfg->{test} eq 'Aa', '%SERVERENV:A% is substitued into Aa' )
or print STDERR "Expect $cfg->{test} eq Aa\n";
ok( $cfg->{test2} eq 'Bb Cc',
'%SERVERENV:B% %SERVERENV:C% is substitued into Bb Cc' )
or print STDERR "Expect $cfg->{test} eq Aa\n";
ok( ( !$cfg->{'%SERVERENV:MYKEY%'} and $cfg->{MyKey} ),
'Keyname is transformed' );
ok( (
$cfg->{MyKey}->{array}->[0] eq 'a'
and $cfg->{MyKey}->{array}->[1] eq 'Bb Cc'
),
'Values are substitued into arrays'
);
ok( $cfg = $h->getConf( { cfgNum => 1, raw => 1 } ), 'Get raw conf' );
ok( $cfg->{test} eq '%SERVERENV:A%',
'%SERVERENV:A% is not substitued into Aa in raw mode' )
or print STDERR "Expect $cfg->{test} eq %SERVERENV:A%\n";
unlink 't/lmConf-1.json';

2
lemonldap-ng-handler/META.json
View File

@ -27,7 +27,7 @@
"Env" : "0",
"IO::Pipe" : "0",
"Test::MockObject" : "0",
"Test::Pod" : "0",
"Test::Pod" : "1",
"Time::Fake" : "0"
}
},

2
lemonldap-ng-handler/META.yml
View File

@ -8,7 +8,7 @@ build_requires:
Env: '0'
IO::Pipe: '0'
Test::MockObject: '0'
Test::Pod: '0'
Test::Pod: '1'
Time::Fake: '0'
configure_requires:
ExtUtils::MakeMaker: '0'

2
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm
View File

@ -104,7 +104,7 @@ q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know,
$class->logger->debug("DevOps handler called by $vhost");
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
$class->headersInit( undef, { $vhost => $json->{headers} } );
$class->headersInit( undef, { $vhost => $json->{headers} } );
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
$class->tsv->{https}->{$vhost} = uc $req->env->{HTTPS_REDIRECT} eq 'ON'
if exists $req->env->{HTTPS_REDIRECT};

7
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
View File

@ -205,7 +205,8 @@ sub jailInit {
sub defaultValuesInit {
my ( $class, $conf ) = @_;
$class->tsv->{$_} = $conf->{$_} foreach ( qw(
$class->tsv->{$_} = $conf->{$_}
foreach ( qw(
cookieExpiration cookieName customFunctions httpOnly
securedCookie timeout timeoutActivity
timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
@ -214,7 +215,7 @@ sub defaultValuesInit {
authChoiceAuthBasic authChoiceParam hiddenAttributes
upgradeSession
)
);
);
$class->tsv->{cipher} = Lemonldap::NG::Common::Crypto->new( $conf->{key} );
@ -550,6 +551,7 @@ sub conditionSub {
# logout_app
if ( $cond =~ /^logout_app(?:\s+(.*))?$/i ) {
my $u = $1 || $class->tsv->{portal}->();
$class->logger->debug("logout_app redirect to $u");
eval 'use Apache2::Filter' unless ( $INC{"Apache2/Filter.pm"} );
return (
sub {
@ -565,6 +567,7 @@ sub conditionSub {
}
elsif ( $cond =~ /^logout_app_sso(?:\s+(.*))?$/i ) {
my $u = $1 || $class->tsv->{portal}->();
$class->logger->debug("logout_app_sso redirect to $u");
eval 'use Apache2::Filter' unless ( $INC{"Apache2/Filter.pm"} );
return (
sub {

41
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
View File

@ -1,7 +1,7 @@
# Main running methods file
package Lemonldap::NG::Handler::Main::Run;
our $VERSION = '2.0.14';
our $VERSION = '2.0.15';
package Lemonldap::NG::Handler::Main;
@ -227,6 +227,7 @@ sub run {
$class->cleanHeaders($req);
return $class->OK;
}
elsif ( $protection == $class->MAYSKIP
and $class->grant( $req, $session, $uri, $cond ) eq '999_SKIP' )
{
@ -327,8 +328,7 @@ sub getLevel {
}
}
if ($level) {
$class->logger->debug(
'Found AuthnLevel=' . $level . ' for "' . "$vhost$uri" . '"' );
$class->logger->debug("Found AuthnLevel=$level for \"$vhost$uri\"");
return $level;
}
else {
@ -345,7 +345,7 @@ sub getLevel {
sub grant {
my ( $class, $req, $session, $uri, $cond, $vhost ) = @_;
return $cond->( $req, $session ) if ($cond);
return $cond->( $req, $session ) if $cond;
$vhost ||= $class->resolveAlias($req);
my $level = $class->getLevel( $req, $uri );
@ -646,14 +646,10 @@ sub _getPort {
return $class->tsv->{port}->{$vhost};
}
else {
if ( defined $class->tsv->{port}->{_}
and ( $class->tsv->{port}->{_} > 0 ) )
{
return $class->tsv->{port}->{_};
}
else {
return $req->port;
}
return ( defined $class->tsv->{port}->{_}
and ( $class->tsv->{port}->{_} > 0 ) )
? $class->tsv->{port}->{_}
: $req->port;
}
}
@ -670,14 +666,10 @@ sub _isHttps {
return $class->tsv->{https}->{$vhost};
}
else {
if ( defined $class->tsv->{https}->{_}
and ( $class->tsv->{https}->{_} > -1 ) )
{
return $class->tsv->{https}->{_};
}
else {
return $req->secure;
}
return ( defined $class->tsv->{https}->{_}
and ( $class->tsv->{https}->{_} > -1 ) )
? $class->tsv->{https}->{_}
: $req->secure;
}
}
@ -715,9 +707,8 @@ sub isUnprotected {
$i++
)
{
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
return $class->tsv->{locationProtection}->{$vhost}->[$i];
}
return $class->tsv->{locationProtection}->{$vhost}->[$i]
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] );
}
return $class->tsv->{defaultProtection}->{$vhost};
}
@ -785,8 +776,8 @@ sub resolveAlias {
$vhost =~ s/:\d+//;
return $class->tsv->{vhostAlias}->{$vhost}
if ( $class->tsv->{vhostAlias}->{$vhost} );
return $vhost if ( $class->tsv->{defaultCondition}->{$vhost} );
if $class->tsv->{vhostAlias}->{$vhost};
return $vhost if $class->tsv->{defaultCondition}->{$vhost};
foreach ( @{ $class->tsv->{vhostReg} } ) {
return $_->[1] if $vhost =~ $_->[0];
}

2
lemonldap-ng-manager/MANIFEST
View File

@ -93,6 +93,8 @@ site/htdocs/static/bwr/es5-shim/es5-shim.min.js
site/htdocs/static/bwr/file-saver.js/FileSaver.js
site/htdocs/static/bwr/file-saver.js/FileSaver.min.js
site/htdocs/static/bwr/file-saver.js/FileSaver.min.js.map
site/htdocs/static/css/custom.css
site/htdocs/static/css/custom.min.css
site/htdocs/static/css/manager.css
site/htdocs/static/css/manager.min.css
site/htdocs/static/forms/authChoice.html

3
lemonldap-ng-manager/META.json
View File

@ -25,6 +25,7 @@
"Email::Sender" : "0",
"IO::String" : "0",
"Regexp::Common" : "0",
"Test::Output" : "0",
"Test::Pod" : "1"
}
},
@ -58,6 +59,6 @@
],
"x_MailingList" : "mailto:lemonldap-ng-dev@ow2.org"
},
"version" : "v2.0.14",
"version" : "v2.0.15",
"x_serialization_backend" : "JSON::PP version 4.04"
}

3
lemonldap-ng-manager/META.yml
View File

@ -6,6 +6,7 @@ build_requires:
Email::Sender: '0'
IO::String: '0'
Regexp::Common: '0'
Test::Output: '0'
Test::Pod: '1'
configure_requires:
ExtUtils::MakeMaker: '0'
@ -34,5 +35,5 @@ resources:
bugtracker: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues
homepage: https://lemonldap-ng.org/
license: http://opensource.org/licenses/GPL-2.0
version: v2.0.14
version: v2.0.15
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'

9
lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
View File

@ -66,7 +66,7 @@ sub init {
my @res = ( "Lemonldap::NG::Manager::" . ucfirst($_) );
if ( my $tmp = $self->loadPlugin( @res, $conf ) ) {
$self->logger->debug("Plugin $_ loaded");
push @links, $_;
push @links, $_;
push @{ $self->loadedPlugins }, $tmp;
$self->hLoadedPlugins->{$_} = $tmp;
}
@ -183,10 +183,9 @@ sub javascript {
return
'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";var viewPrefix=scriptname+"view/";'
. 'var allowDiff=' . "$res;"
. 'var impPrefix=' . "'"
. $impPrefix . "'" . ';'
. 'var sessionTTL=' . "$ttl;"
. "var allowDiff=$res;"
. "var sessionTTL=$ttl;"
. "var impPrefix='$impPrefix';"
. ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
. (
$self->menuLinks

69
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -67,7 +67,7 @@ sub types {
'hostname' => {
'form' => 'text',
'msgFail' => '__badHostname__',
'test' =>
'test' =>
qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$/
},
'int' => {
@ -257,7 +257,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
'url' => {
'form' => 'text',
'msgFail' => '__badUrl__',
'test' =>
'test' =>
qr/(?:^$|(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/
}
};
@ -681,6 +681,9 @@ sub attributes {
'default' => 30,
'type' => 'int'
},
'captcha' => {
'type' => 'PerlModule'
},
'captcha_login_enabled' => {
'default' => 0,
'type' => 'bool'
@ -697,6 +700,9 @@ sub attributes {
'default' => 6,
'type' => 'int'
},
'captchaOptions' => {
'type' => 'keyTextContainer'
},
'casAccessControlPolicy' => {
'default' => 'none',
'select' => [ {
@ -797,12 +803,16 @@ sub attributes {
'default' => 0,
'type' => 'bool'
},
'casSrvMetaDataOptionsResolutionRule' => {
'default' => '',
'type' => 'longtext'
},
'casSrvMetaDataOptionsSortNumber' => {
'type' => 'int'
},
'casSrvMetaDataOptionsUrl' => {
'msgFail' => '__badUrl__',
'test' =>
'test' =>
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
'type' => 'text'
},
@ -1341,7 +1351,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'domain' => {
'default' => 'example.com',
'msgFail' => '__badDomainName__',
'test' =>
'test' =>
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
'type' => 'text'
},
@ -1387,6 +1397,9 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
'ext2fLogo' => {
'type' => 'text'
},
'ext2fResendInterval' => {
'type' => 'text'
},
'ext2FSendCommand' => {
'type' => 'text'
},
@ -1484,7 +1497,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
},
'globalStorageOptions' => {
'default' => {
'Directory' => '/var/lib/lemonldap-ng/sessions/',
'Directory' => '/var/lib/lemonldap-ng/sessions/',
'generateModule' =>
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
@ -1609,7 +1622,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
'issuerDBGetParameters' => {
'default' => {},
'keyMsgFail' => '__badHostname__',
'keyTest' =>
'keyTest' =>
qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/,
'test' => {
'keyMsgFail' => '__badKeyName__',
@ -2000,6 +2013,9 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
'mail2fLogo' => {
'type' => 'text'
},
'mail2fResendInterval' => {
'type' => 'text'
},
'mail2fSessionKey' => {
'type' => 'text'
},
@ -2277,6 +2293,10 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
'oidcOPMetaDataOptionsPrompt' => {
'type' => 'text'
},
'oidcOPMetaDataOptionsResolutionRule' => {
'default' => '',
'type' => 'longtext'
},
'oidcOPMetaDataOptionsScope' => {
'default' => 'openid profile',
'type' => 'text'
@ -2449,6 +2469,10 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
],
'type' => 'select'
},
'oidcRPMetaDataOptionsLogoutBypassConfirm' => {
'default' => 0,
'type' => 'bool'
},
'oidcRPMetaDataOptionsLogoutSessionRequired' => {
'default' => 0,
'type' => 'bool'
@ -2808,7 +2832,7 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
'pdataDomain' => {
'default' => '',
'msgFail' => '__badDomainName__',
'test' =>
'test' =>
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
'type' => 'text'
},
@ -2829,7 +2853,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
'portal' => {
'default' => 'http://auth.example.com/',
'msgFail' => '__badUrl__',
'test' =>
'test' =>
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
'type' => 'url'
},
@ -2900,6 +2924,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'bool'
},
'portalFavicon' => {
'default' => 'common/favicon.ico',
'type' => 'text'
},
'portalForceAuthn' => {
'default' => 0,
'type' => 'bool'
@ -3136,7 +3164,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'keyTest' =>
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$/,
'msgFail' => '__badUrl__',
'test' =>
'test' =>
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
'type' => 'keyTextContainer'
},
@ -3171,6 +3199,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'rest2fAuthnLevel' => {
'type' => 'int'
},
'rest2fCodeActivation' => {
'type' => 'pcre'
},
'rest2fInitArgs' => {
'keyMsgFail' => '__badKeyName__',
'keyTest' => qr/^\w+$/,
@ -3187,6 +3218,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'rest2fLogo' => {
'type' => 'text'
},
'rest2fResendInterval' => {
'type' => 'text'
},
'rest2fVerifyArgs' => {
'type' => 'keyTextContainer'
},
@ -3288,19 +3322,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
},
'samlCommonDomainCookieDomain' => {
'msgFail' => '__badDomainName__',
'test' =>
'test' =>
qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/,
'type' => 'text'
},
'samlCommonDomainCookieReader' => {
'msgFail' => '__badUrl__',
'test' =>
'test' =>
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
'type' => 'text'
},
'samlCommonDomainCookieWriter' => {
'msgFail' => '__badUrl__',
'test' =>
'test' =>
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
'type' => 'text'
},
@ -3317,7 +3351,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
},
'samlDiscoveryProtocolURL' => {
'msgFail' => '__badUrl__',
'test' =>
'test' =>
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
'type' => 'text'
},
@ -3935,6 +3969,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'bool'
},
'scrollTop' => {
'default' => 400,
'type' => 'int'
},
'securedCookie' => {
'default' => 0,
'select' => [ {
@ -4010,6 +4048,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
},
'type' => 'sfExtraContainer'
},
'sfLoginTimeout' => {
'type' => 'int'
},
'sfManagerRule' => {
'default' => 1,
'type' => 'boolOrExpr'
@ -4110,7 +4151,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
},
'SMTPServer' => {
'default' => '',
'test' =>
'test' =>
qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/,
'type' => 'text'
},

55
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -368,6 +368,11 @@ sub attributes {
test => $url,
msgFail => '__badUrl__',
},
portalFavicon => {
type => 'text',
default => 'common/favicon.ico',
documentation => 'Path to favicon file',
},
portalCustomCss => {
type => 'text',
documentation => 'Path to custom CSS file',
@ -420,6 +425,11 @@ sub attributes {
default => 1,
documentation => 'Display langs icons',
},
scrollTop => {
type => 'int',
default => 400,
documentation => 'Display back to top button',
},
staticPrefix => {
type => 'text',
documentation => 'Prefix of static files for HTML templates',
@ -1469,6 +1479,16 @@ sub attributes {
default => 6,
documentation => 'Captcha size',
},
captcha => {
type => 'PerlModule',
documentation => 'Captcha backend module',
flags => 'hp',
},
captchaOptions => {
type => 'keyTextContainer',
documentation => 'Captcha module options',
flags => 'hp',
},
# Variables
exportedVars => {
@ -2005,6 +2025,10 @@ sub attributes {
type => 'int',
documentation => 'Second factor code timeout',
},
mail2fResendInterval => {
type => 'text',
documentation => 'Delay before user is allowed to resend code',
},
mail2fAuthnLevel => {
type => 'int',
documentation =>
@ -2042,6 +2066,10 @@ sub attributes {
type => 'text',
documentation => 'Validation command of External second factor',
},
ext2fResendInterval => {
type => 'text',
documentation => 'Delay before user is allowed to resend code',
},
ext2fAuthnLevel => {
type => 'int',
documentation =>
@ -2093,6 +2121,10 @@ sub attributes {
default => 0,
documentation => 'REST second factor activation',
},
rest2fCodeActivation => {
type => 'pcre',
documentation => 'OTP generated by Portal',
},
rest2fInitUrl => {
type => 'url',
documentation => 'REST 2F init URL',
@ -2117,6 +2149,10 @@ sub attributes {
type => 'keyTextContainer',
documentation => 'Args for REST 2F init',
},
rest2fResendInterval => {
type => 'text',
documentation => 'Delay before user is allowed to resend code',
},
rest2fAuthnLevel => {
type => 'int',
documentation =>
@ -3364,6 +3400,10 @@ sub attributes {
help => 'secondfactor.html',
documentation => 'Notification message',
},
sfLoginTimeout => {
type => 'int',
documentation => 'Timeout for 2F login process',
},
sfRegisterTimeout => {
type => 'int',
documentation => 'Timeout for 2F registration process',
@ -3668,6 +3708,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
type => 'int',
documentation => 'Number to sort buttons',
},
casSrvMetaDataOptionsResolutionRule => {
type => 'longtext',
default => '',
},
# Fake attribute: used by manager REST API to agglomerate all nodes
# related to a CAS IDP partner
@ -4367,6 +4411,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
oidcOPMetaDataOptionsIcon => { type => 'text', },
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
oidcOPMetaDataOptionsSortNumber => { type => 'int', },
oidcOPMetaDataOptionsResolutionRule => {
type => 'longtext',
default => '',
},
# OpenID Connect relying parties
oidcRPMetaDataExportedVars => {
@ -4444,7 +4492,12 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => 0
},
oidcRPMetaDataOptionsPostLogoutRedirectUris => { type => 'text', },
oidcRPMetaDataOptionsLogoutUrl => {
oidcRPMetaDataOptionsLogoutBypassConfirm => {
type => 'bool',
default => 0,
documentation => 'Bypass logout confirmation'
},
oidcRPMetaDataOptionsLogoutUrl => {
type => 'url',
documentation => 'Logout URL',
},

5
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
View File

@ -82,7 +82,6 @@ sub cTrees {
help => 'authsaml.html#options',
form => 'simpleInputContainer',
nodes => [
'samlIDPMetaDataOptionsResolutionRule',
'samlIDPMetaDataOptionsNameIDFormat',
'samlIDPMetaDataOptionsForceAuthn',
'samlIDPMetaDataOptionsIsPassive',
@ -98,6 +97,7 @@ sub cTrees {
nodes => [
"samlIDPMetaDataOptionsDisplayName",
"samlIDPMetaDataOptionsIcon",
'samlIDPMetaDataOptionsResolutionRule',
"samlIDPMetaDataOptionsSortNumber"
]
}
@ -186,6 +186,7 @@ sub cTrees {
nodes => [
'oidcOPMetaDataOptionsDisplayName',
'oidcOPMetaDataOptionsIcon',
'oidcOPMetaDataOptionsResolutionRule',
'oidcOPMetaDataOptionsSortNumber'
]
},
@ -249,6 +250,7 @@ sub cTrees {
title => 'logout',
form => 'simpleInputContainer',
nodes => [
'oidcRPMetaDataOptionsLogoutBypassConfirm',
'oidcRPMetaDataOptionsPostLogoutRedirectUris',
'oidcRPMetaDataOptionsLogoutUrl',
'oidcRPMetaDataOptionsLogoutType',
@ -285,6 +287,7 @@ sub cTrees {
nodes => [
'casSrvMetaDataOptionsDisplayName',
'casSrvMetaDataOptionsIcon',
'casSrvMetaDataOptionsResolutionRule',
'casSrvMetaDataOptionsSortNumber',
]
},

42
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View File

@ -53,7 +53,9 @@ sub tree {
help => 'portalcustom.html',
nodes => [
'portalMainLogo',
'portalFavicon',
'showLanguages',
'scrollTop',
'portalCustomCss',
'portalSkin',
'portalSkinBackground',
@ -72,14 +74,14 @@ sub tree {
},
{
title => 'passwordManagement',
help =>
help =>
'portalcustom.html#password-management',
form => 'simpleInputContainer',
nodes => [
'portalRequireOldPassword',
'portalEnablePasswordDisplay',
'hideOldPassword',
'mailOnPasswordChange',
'portalEnablePasswordDisplay',
]
},
{
@ -99,7 +101,7 @@ sub tree {
},
{
title => 'portalOther',
help =>
help =>
'portalcustom.html#other-parameters',
form => 'simpleInputContainer',
nodes => [
@ -116,20 +118,24 @@ sub tree {
},
{
title => 'portalCaptcha',
help => 'captcha.html',
form => 'simpleInputContainer',
help => 'captcha.html#configuration',
nodes => [
'captcha_login_enabled',
'captcha_mail_enabled',
'captcha_register_enabled',
'captcha_size',
{
title => 'captchaCustom',
help => 'captcha.html#configuration',
nodes => [ 'captcha', 'captchaOptions', ]
},
]
}
]
},
{
title => 'authParams',
help =>
help =>
'start.html#authentication-users-and-password-databases',
form => 'authParams',
nodes => [
@ -650,7 +656,7 @@ sub tree {
},
{
title => 'soapServices',
help =>
help =>
'portalservers.html#SOAP_(deprecated)',
form => 'simpleInputContainer',
nodes => [
@ -684,7 +690,7 @@ sub tree {
'notificationStorageOptions',
{
title => 'serverNotification',
help =>
help =>
'notifications.html#notification-server',
nodes => [
'notificationServer',
@ -884,6 +890,7 @@ sub tree {
'sfManagerRule',
'sfRequired',
'sfOnlyUpgrade',
'sfLoginTimeout',
'sfRegisterTimeout',
{
title => 'utotp2f',
@ -952,8 +959,8 @@ sub tree {
'mail2fActivation', 'mail2fCodeRegex',
'mail2fTimeout', 'mail2fSubject',
'mail2fBody', 'mail2fSessionKey',
'mail2fAuthnLevel', 'mail2fLabel',
'mail2fLogo'
'mail2fResendInterval', 'mail2fAuthnLevel',
'mail2fLabel', 'mail2fLogo'
]
},
{
@ -961,10 +968,10 @@ sub tree {
help => 'external2f.html',
form => 'simpleInputContainer',
nodes => [
'ext2fActivation', 'ext2fCodeActivation',
'ext2fActivation', 'ext2fCodeActivation',
'ext2FSendCommand', 'ext2FValidateCommand',
'ext2fAuthnLevel', 'ext2fLabel',
'ext2fLogo'
'ext2fResendInterval', 'ext2fAuthnLevel',
'ext2fLabel', 'ext2fLogo',
]
},
{
@ -987,10 +994,11 @@ sub tree {
help => 'rest2f.html',
form => 'simpleInputContainer',
nodes => [
'rest2fActivation', 'rest2fInitUrl',
'rest2fInitArgs', 'rest2fVerifyUrl',
'rest2fVerifyArgs', 'rest2fAuthnLevel',
'rest2fLabel', 'rest2fLogo'
'rest2fActivation', 'rest2fCodeActivation',
'rest2fInitUrl', 'rest2fInitArgs',
'rest2fVerifyUrl', 'rest2fVerifyArgs',
'rest2fResendInterval', 'rest2fAuthnLevel',
'rest2fLabel', 'rest2fLogo'
]
},
{

18
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
View File

@ -552,22 +552,18 @@ sub tests {
}
# Use WebAuthn
if ( $conf->{webauthn2fActivation} )
{
if ( $conf->{webauthn2fActivation} ) {
eval "use Authen::WebAuthn";
return ( 1,
"Authen::WebAuthn module is required to enable WebAuthn"
) if ($@);
"Authen::WebAuthn module is required to enable WebAuthn" )
if ($@);
}
# WebAuthn requires https://
if ( $conf->{webauthn2fActivation} )
{
my $portal_uri = URI->new($conf->{portal});
unless ($portal_uri->scheme eq "https") {
return ( 1,
"WebAuthn requires HTTPS"
);
if ( $conf->{webauthn2fActivation} ) {
my $portal_uri = URI->new( $conf->{portal} );
unless ( $portal_uri->scheme eq "https" ) {
return ( 1, "WebAuthn requires HTTPS" );
}
}

4
lemonldap-ng-manager/site/coffee/sessions.coffee
View File

@ -110,11 +110,11 @@ categories =
dateTitle: ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen']
connectionTitle: ['ipAddr', '_timezone', '_url']
authenticationTitle:['_session_id', '_user', '_password', 'authenticationLevel']
modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti']
modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti', '_2f']
saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump']
groups: ['groups', 'hGroups']
ldap: ['dn']
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token']
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token', '_oidc_refresh_token', '_oidc_access_token_eol']
sfaTitle: ['_2fDevices']
oidcConsents: ['_oidcConsents']

3
lemonldap-ng-manager/site/htdocs/static/css/custom.css Normal file
View File

@ -0,0 +1,3 @@
#navbar {
background-color: #ffb84d;
}

1
lemonldap-ng-manager/site/htdocs/static/css/custom.min.css vendored Normal file
View File

@ -0,0 +1 @@
#navbar{background-color:#ffb84d}

35
lemonldap-ng-manager/site/htdocs/static/js/conftree.js
View File

@ -146,6 +146,13 @@ function templates(tpl,key) {
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
"title" : "casSrvMetaDataOptionsIcon"
},
{
"default" : "",
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsResolutionRule",
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsResolutionRule",
"title" : "casSrvMetaDataOptionsResolutionRule",
"type" : "longtext"
},
{
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
@ -362,6 +369,13 @@ function templates(tpl,key) {
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
"title" : "oidcOPMetaDataOptionsIcon"
},
{
"default" : "",
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsResolutionRule",
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsResolutionRule",
"title" : "oidcOPMetaDataOptionsResolutionRule",
"type" : "longtext"
},
{
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
@ -695,6 +709,13 @@ function templates(tpl,key) {
},
{
"_nodes" : [
{
"default" : 0,
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutBypassConfirm",
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutBypassConfirm",
"title" : "oidcRPMetaDataOptionsLogoutBypassConfirm",
"type" : "bool"
},
{
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
@ -976,13 +997,6 @@ function templates(tpl,key) {
},
{
"_nodes" : [
{
"default" : "",
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
"title" : "samlIDPMetaDataOptionsResolutionRule",
"type" : "longtext"
},
{
"default" : "",
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsNameIDFormat",
@ -1114,6 +1128,13 @@ function templates(tpl,key) {
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
"title" : "samlIDPMetaDataOptionsIcon"
},
{
"default" : "",
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
"title" : "samlIDPMetaDataOptionsResolutionRule",
"type" : "longtext"
},
{
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",

2
lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
View File

File diff suppressed because one or more lines are too long

4
lemonldap-ng-manager/site/htdocs/static/js/sessions.js
View File

@ -122,11 +122,11 @@
dateTitle: ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen'],
connectionTitle: ['ipAddr', '_timezone', '_url'],
authenticationTitle: ['_session_id', '_user', '_password', 'authenticationLevel'],
modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti'],
modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti', '_2f'],
saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump'],
groups: ['groups', 'hGroups'],
ldap: ['dn'],
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token'],
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token', '_oidc_refresh_token', '_oidc_access_token_eol'],
sfaTitle: ['_2fDevices'],
oidcConsents: ['_oidcConsents']
};

2
lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js.map
View File

File diff suppressed because one or more lines are too long

15
lemonldap-ng-manager/site/htdocs/static/languages/ar.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"Maximum lock time",
"bruteForceProtectionTempo":"Lock time",
"cancel":"إلغاء",
"captcha":"Captcha module",
"captchaCustom":"Custom Captcha module",
"captchaOptions":"Captcha module options",
"captcha_login_enabled":"التفعيل في استمارة تسجيل الدخول",
"captcha_mail_enabled":"التفعيل في إعادة تعيين كلمة المرور بواسطة استمارة البريد",
"captcha_register_enabled":"التفعيل في استمارة التسجيل",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"مسارالأيقونة",
"casSrvMetaDataOptionsProxiedServices":"خدمات البروكسي",
"casSrvMetaDataOptionsRenew":"تجديد إثبات الهوية",
"casSrvMetaDataOptionsResolutionRule":"حل القاعدة",
"casSrvMetaDataOptionsSortNumber":"Order",
"casSrvMetaDataOptionsUrl":" يو أر ل الخادم",
"casSrvName":"اسم خادم كاس",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"Code regex",
"ext2fLabel":"Label",
"ext2fLogo":"شعار",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"هوية تطبيق فاسيبوك",
"facebookAppSecret":"كلمة السرلتطبيق فاسيبوك",
"facebookAuthnLevel":"مستوى إثبات الهوية",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Code regex",
"mail2fLabel":"Label",
"mail2fLogo":"شعار",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"مفتاح الجلسة الذي يحتوي على عنوان البريد الإلكتروني",
"mail2fSubject":"نجاح عنوان البريد",
"mail2fTimeout":"Code timeout",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"الحد الأقصى للعمر",
"oidcOPMetaDataOptionsPrompt":"عاجل",
"oidcOPMetaDataOptionsProtocol":"بروتوكول",
"oidcOPMetaDataOptionsResolutionRule":"حل القاعدة",
"oidcOPMetaDataOptionsScope":"نطاق",
"oidcOPMetaDataOptionsSortNumber":"Order",
"oidcOPMetaDataOptionsStoreIDToken":"مخزن تعريف التوكن",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
"oidcRPMetaDataOptionsIDTokenSignAlg":"خوارزمية توقيع آي دي التوكن",
"oidcRPMetaDataOptionsIcon":"شعار",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"تجاوز تأكيد",
"oidcRPMetaDataOptionsLogoutSessionRequired":"جلسة مطلوب",
"oidcRPMetaDataOptionsLogoutType":"نوع",
"oidcRPMetaDataOptionsLogoutUrl":"يو آر إل",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"عرض الخطأ في الجلسة المنتهية صلحيتها",
"portalErrorOnMailNotFound":"إظهار الخطأ في البريد الغيرالموجود",
"portalFavicon":"Favicon",
"portalForceAuthn":"فرض إثبات الهوية",
"portalForceAuthnInterval":"فرض الفاصل الزمني لإثبات الهوية",
"portalMainLogo":"Main logo",
@ -882,11 +891,13 @@
"requireToken":"يتطلب توكن للإستمارة",
"rest2f":"REST second factor",
"rest2fActivation":"تفعيل",
"rest2fCodeActivation":"Code regex",
"rest2fAuthnLevel":"مستوى إثبات الهوية",
"rest2fInitArgs":"Init arguments",
"rest2fInitUrl":"Init URL",
"rest2fLabel":"Label",
"rest2fLogo":"شعار",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"Verify arguments",
"rest2fVerifyUrl":"Verify URL",
"restAuthServer":"Authentication server",
@ -1053,6 +1064,7 @@
"saveReport":"احفظ التقرير",
"savingConfirmation":"حفظ التأكيد",
"scope":"نطاق",
"scrollTop":"Scroll to top button",
"search":"Search...",
"secondFactors":"Second factors",
"securedCookie":"ملفات تعريف الارتباط المضمونة (سسل)",
@ -1072,6 +1084,7 @@
"session_s":"جلسة( أو جلسات )",
"sessions":"الجلسات",
"sfExtra":"Additional second factors",
"sfLoginTimeout":"Login timeout",
"sfManagerRule":"Display Manager link",
"sfOnlyUpgrade":"Use 2FA for session upgrade",
"sfRegisterTimeout":"Registration timeout",
@ -1244,4 +1257,4 @@
"yubikey2fUrl":"خدمة أل يو أر ل",
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
"zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول"
}
}

13
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"Maximum lock time",
"bruteForceProtectionTempo":"Lock time",
"cancel":"Cancel",
"captcha":"Captcha module",
"captchaCustom":"Custom Captcha module",
"captchaOptions":"Captcha module options",
"captcha_login_enabled":"Activation in login form",
"captcha_mail_enabled":"Activation in password reset by mail form",
"captcha_register_enabled":"Activation in register form",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"Icon path",
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
"casSrvMetaDataOptionsRenew":"Renew authentication",
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
"casSrvMetaDataOptionsSortNumber":"Order",
"casSrvMetaDataOptionsUrl":"Server URL",
"casSrvName":"CAS Server Name",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"Code regex",
"ext2fLabel":"Label",
"ext2fLogo":"Logo",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"Facebook application ID",
"facebookAppSecret":"Facebook application secret",
"facebookAuthnLevel":"Authentication level",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Code regex",
"mail2fLabel":"Label",
"mail2fLogo":"Logo",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"Session key containing mail address",
"mail2fSubject":"Mail subject",
"mail2fTimeout":"Code timeout",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"Max age",
"oidcOPMetaDataOptionsPrompt":"Prompt",
"oidcOPMetaDataOptionsProtocol":"Protocol",
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
"oidcOPMetaDataOptionsScope":"Scope",
"oidcOPMetaDataOptionsSortNumber":"Order",
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
"oidcRPMetaDataOptionsIDTokenSignAlg":"ID Token signature algorithm",
"oidcRPMetaDataOptionsIcon":"Logo",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
"oidcRPMetaDataOptionsLogoutType":"Type",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Show error on expired session",
"portalErrorOnMailNotFound":"Show error on mail not found",
"portalFavicon":"Favicon",
"portalForceAuthn":"Force authentication",
"portalForceAuthnInterval":"Force authentication interval",
"portalMainLogo":"Main logo",
@ -882,11 +891,13 @@
"requireToken":"Require token for forms",
"rest2f":"REST second factor",
"rest2fActivation":"Activation",
"rest2fCodeActivation":"Code regex",
"rest2fAuthnLevel":"Authentication level",
"rest2fInitArgs":"Init arguments",
"rest2fInitUrl":"Init URL",
"rest2fLabel":"Label",
"rest2fLogo":"Logo",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"Verify arguments",
"rest2fVerifyUrl":"Verify URL",
"restAuthServer":"Authentication server",
@ -1053,6 +1064,7 @@
"saveReport":"Save report",
"savingConfirmation":"Saving confirmation",
"scope":"Scope",
"scrollTop":"Scroll to top button",
"search":"Search...",
"secondFactors":"Second factors",
"securedCookie":"Secured Cookie (SSL)",
@ -1072,6 +1084,7 @@
"session_s":"session(s)",
"sessions":"Sessions",
"sfExtra":"Additional second factors",
"sfLoginTimeout":"Login timeout",
"sfManagerRule":"Display Manager link",
"sfOnlyUpgrade":"Use 2FA for session upgrade",
"sfRegisterTimeout":"Registration timeout",

15
lemonldap-ng-manager/site/htdocs/static/languages/es.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"Maximum lock time",
"bruteForceProtectionTempo":"Lock time",
"cancel":"Cancelar",
"captcha":"Captcha module",
"captchaCustom":"Custom Captcha module",
"captchaOptions":"Captcha module options",
"captcha_login_enabled":"Activación en formulario de acceso",
"captcha_mail_enabled":"Activación en formulario de restauración por correo",
"captcha_register_enabled":"Activación en formulario de registro",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"Icon path",
"casSrvMetaDataOptionsProxiedServices":"Servicios proxificados",
"casSrvMetaDataOptionsRenew":"Renovar autentificación",
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
"casSrvMetaDataOptionsSortNumber":"Orden",
"casSrvMetaDataOptionsUrl":"URL de servicio",
"casSrvName":"Nombre de servidor CAS",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"Expresión regular",
"ext2fLabel":"Etiqueta",
"ext2fLogo":"Logo",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"Facebook application ID",
"facebookAppSecret":"Facebook application secret",
"facebookAuthnLevel":"Nivel de autentificación",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Regex",
"mail2fLabel":"Etiqueta",
"mail2fLogo":"Logotipo",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"Clave de sesión que contiene dirección de correo",
"mail2fSubject":"Subject del correo",
"mail2fTimeout":"Caducidad de código",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"Max age",
"oidcOPMetaDataOptionsPrompt":"Prompt",
"oidcOPMetaDataOptionsProtocol":"Protocolo",
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
"oidcOPMetaDataOptionsScope":"Ámbito",
"oidcOPMetaDataOptionsSortNumber":"Orden",
"oidcOPMetaDataOptionsStoreIDToken":"Guardar token ID",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algoritmo de firma del token ID",
"oidcRPMetaDataOptionsIcon":"Logotipo",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirmar",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Se requiere sesión",
"oidcRPMetaDataOptionsLogoutType":"Tipo",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Mostrar error en sesión caducada",
"portalErrorOnMailNotFound":"Mostrar error cuando no se encuentra el email",
"portalFavicon":"Favicon",
"portalForceAuthn":"Forzar autentificación",
"portalForceAuthnInterval":"Force authentication interval",
"portalMainLogo":"Logotipo principal",
@ -882,11 +891,13 @@
"requireToken":"Require token for forms",
"rest2f":"Previo",
"rest2fActivation":"Activación",
"rest2fCodeActivation":"Expresión regular",
"rest2fAuthnLevel":"Nivel de autentificación",
"rest2fInitArgs":"Argumentos de inicio",
"rest2fInitUrl":"URL de inicio",
"rest2fLabel":"Etiqueta",
"rest2fLogo":"Logotipo",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"Verificar argumentos",
"rest2fVerifyUrl":"Verificar URL",
"restAuthServer":"Authentication server",
@ -1053,6 +1064,7 @@
"saveReport":"Salvar informe",
"savingConfirmation":"Salvando confirmación",
"scope":"Ámbito",
"scrollTop":"Scroll to top button",
"search":"Buscar...",
"secondFactors":"Segundos factores",
"securedCookie":"Cookie segura (SSL)",
@ -1072,6 +1084,7 @@
"session_s":"sesión(es)",
"sessions":"Sesiones",
"sfExtra":"Segundos factores adicionales",
"sfLoginTimeout":"Login timeout",
"sfManagerRule":"Display Manager link",
"sfOnlyUpgrade":"Use 2FA for session upgrade",
"sfRegisterTimeout":"Registration timeout",
@ -1244,4 +1257,4 @@
"yubikey2fUrl":"URL de servicio",
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
}
}

15
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"Temps maximum de verrouillage",
"bruteForceProtectionTempo":"Temps de verrouillage",
"cancel":"Annuler",
"captcha":"Module Captcha",
"captchaCustom":"Module Captcha personnalisé",
"captchaOptions":"Options du module Captcha",
"captcha_login_enabled":"Activation dans le formulaire d'authentification",
"captcha_mail_enabled":"Activation dans le formulaire de réinitialisation par mail",
"captcha_register_enabled":"Activation dans le formulaire de création de compte",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"Chemin de l'icône",
"casSrvMetaDataOptionsProxiedServices":"Services mandatés",
"casSrvMetaDataOptionsRenew":"Renouveler l'authentification",
"casSrvMetaDataOptionsResolutionRule":"Règle de résolution",
"casSrvMetaDataOptionsSortNumber":"Ordre",
"casSrvMetaDataOptionsUrl":"URL du serveur",
"casSrvName":"Nom du serveur CAS",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"Expression régulière pour la génération du code",
"ext2fLabel":"Label",
"ext2fLogo":"Logo",
"ext2fResendInterval":"Intervalle de retransmission",
"facebookAppId":"ID de l'application Facebook",
"facebookAppSecret":"Secret de l'application Facebook",
"facebookAuthnLevel":"Niveau d'authentification",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Expression régulière pour la génération du code",
"mail2fLabel":"Label",
"mail2fLogo":"Logo",
"mail2fResendInterval":"Intervalle de retransmission",
"mail2fSessionKey":"Clef de session contenant l'adresse email",
"mail2fSubject":"Sujet du message d'envoi du code",
"mail2fTimeout":"Délai d'expiration du code",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"Age maximum",
"oidcOPMetaDataOptionsPrompt":"Interaction",
"oidcOPMetaDataOptionsProtocol":"Protocole",
"oidcOPMetaDataOptionsResolutionRule":"Règle de résolution",
"oidcOPMetaDataOptionsScope":"Scope",
"oidcOPMetaDataOptionsSortNumber":"Ordre",
"oidcOPMetaDataOptionsStoreIDToken":"Conserver le jeton d'identité",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"Forcer la publication des attributs dans le jeton d'identité",
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algorithme de signature des jetons d'identité",
"oidcRPMetaDataOptionsIcon":"Logo",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Contourner la confirmation",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session requise",
"oidcRPMetaDataOptionsLogoutType":"Type",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Permettre d'afficher le mot de passe",
"portalErrorOnExpiredSession":"Affiche une erreur si la session est expirée",
"portalErrorOnMailNotFound":"Affiche une erreur si le mail n'est pas trouvé",
"portalFavicon":"Favicon",
"portalForceAuthn":"Authentification forcée",
"portalForceAuthnInterval":"Intervalle d'authentification forcée",
"portalMainLogo":"Logo principal",
@ -882,11 +891,13 @@
"requireToken":"Exiger un jeton pour les formulaires",
"rest2f":"Second facteur REST",
"rest2fActivation":"Activation",
"rest2fCodeActivation":"Expression régulière pour la génération du code",
"rest2fAuthnLevel":"Niveau d'authentification",
"rest2fInitArgs":"Arguments d'initialisation",
"rest2fInitUrl":"URL d'initialisation",
"rest2fLabel":"Label",
"rest2fLogo":"Logo",
"rest2fResendInterval":"Intervalle de retransmission",
"rest2fVerifyArgs":"Arguments de vérification",
"rest2fVerifyUrl":"URL de vérification",
"restAuthServer":"Serveur d'authentification",
@ -1053,7 +1064,8 @@
"saveReport":"Rapport de sauvegarde",
"savingConfirmation":"Confirmation de sauvegarde",
"scope":"Scope",
"search":"Rechercher ...",
"scrollTop":"Retour en haut de page",
"search":"Rechercher...",
"secondFactors":"Seconds facteurs",
"securedCookie":"Cookie sécurisé (HTTPS)",
"security":"Sécurité",
@ -1072,6 +1084,7 @@
"session_s":"session(s)",
"sessions":"Sessions",
"sfExtra":"Seconds facteurs additionnels",
"sfLoginTimeout":"Délai maximum d'authentification",
"sfManagerRule":"Afficher le lien du Gestionnaire",
"sfOnlyUpgrade":"Utiliser le SF pour augmenter le niveau d'authentification",
"sfRegisterTimeout":"Délai d'expiration de l'enregistrement",

15
lemonldap-ng-manager/site/htdocs/static/languages/he.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"זמן הנעילה המרבי",
"bruteForceProtectionTempo":"זמן נעילה",
"cancel":"ביטול",
"captcha":"Captcha module",
"captchaCustom":"Custom Captcha module",
"captchaOptions":"Captcha module options",
"captcha_login_enabled":"הפעלה בטופס הכניסה",
"captcha_mail_enabled":"הפעלה באיפוס סיסמה בטופס בדוא״ל",
"captcha_register_enabled":"הפעלה בטופס הרשמה",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"נתיב לסמל",
"casSrvMetaDataOptionsProxiedServices":"שירותים מתווכים",
"casSrvMetaDataOptionsRenew":"חידוש אימות",
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
"casSrvMetaDataOptionsSortNumber":"סדר",
"casSrvMetaDataOptionsUrl":"כתובת שרת",
"casSrvName":"CAS Server Name",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"Code regex",
"ext2fLabel":"תווית",
"ext2fLogo":"לוגו",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"מזהה יישום פייסבוק",
"facebookAppSecret":"סוג יישום פייסבוק",
"facebookAuthnLevel":"דרגת אימות",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Code regex",
"mail2fLabel":"תווית",
"mail2fLogo":"לוגו",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"מפתח הפעלה שמכיל כתובת דוא״ל",
"mail2fSubject":"נושא הדוא״ל",
"mail2fTimeout":"Code timeout",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"גיל מרבי",
"oidcOPMetaDataOptionsPrompt":"Prompt",
"oidcOPMetaDataOptionsProtocol":"פרוטוקול",
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
"oidcOPMetaDataOptionsScope":"היקף",
"oidcOPMetaDataOptionsSortNumber":"סדר",
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
"oidcRPMetaDataOptionsIDTokenSignAlg":"אלגוריתם חתימת אסימון זיהוי",
"oidcRPMetaDataOptionsIcon":"לוגו",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"עקוף את האישור",
"oidcRPMetaDataOptionsLogoutSessionRequired":"נדרשת הפעלה",
"oidcRPMetaDataOptionsLogoutType":"סוג",
"oidcRPMetaDataOptionsLogoutUrl":"כתובת",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Show error on expired session",
"portalErrorOnMailNotFound":"Show error on mail not found",
"portalFavicon":"Favicon",
"portalForceAuthn":"אילוץ אימות",
"portalForceAuthnInterval":"Force authentication interval",
"portalMainLogo":"לוגו ראשי",
@ -882,11 +891,13 @@
"requireToken":"דרישת אסימון לטפסים",
"rest2f":"אימות דו־שלבי ב־REST",
"rest2fActivation":"הפעלה",
"rest2fCodeActivation":"Code regex",
"rest2fAuthnLevel":"דרגת אימות",
"rest2fInitArgs":"Init arguments",
"rest2fInitUrl":"כתובת אתחול",
"rest2fLabel":"תווית",
"rest2fLogo":"לוגו",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"Verify arguments",
"rest2fVerifyUrl":"כתובת וידוא",
"restAuthServer":"שרת אימות",
@ -1053,6 +1064,7 @@
"saveReport":"שמירת דוח",
"savingConfirmation":"Saving confirmation",
"scope":"היקף",
"scrollTop":"Scroll to top button",
"search":"חיפוש…",
"secondFactors":"Second factors",
"securedCookie":"Secured Cookie (SSL)",
@ -1072,6 +1084,7 @@
"session_s":"session(s)",
"sessions":"הפעלות",
"sfExtra":"Additional second factors",
"sfLoginTimeout":"Login timeout",
"sfManagerRule":"Display Manager link",
"sfOnlyUpgrade":"Use 2FA for session upgrade",
"sfRegisterTimeout":"Registration timeout",
@ -1244,4 +1257,4 @@
"yubikey2fUrl":"כתובת שירות",
"yubikey2fUserCanRemoveKey":"לאפשר למשתמש להסיר Yubikey",
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
}
}

15
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"Maximum lock time",
"bruteForceProtectionTempo":"Lock time",
"cancel":"Cancella",
"captcha":"Captcha module",
"captchaCustom":"Custom Captcha module",
"captchaOptions":"Captcha module options",
"captcha_login_enabled":"Attivazione nel modulo di login",
"captcha_mail_enabled":"Attivazione della reimpostazione della password tramite modulo di posta",
"captcha_register_enabled":"Attivazione nel formulario di registro",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"Path icona",
"casSrvMetaDataOptionsProxiedServices":"Servizi Proxied",
"casSrvMetaDataOptionsRenew":"Rinnova l'autenticazione",
"casSrvMetaDataOptionsResolutionRule":"Regola di risoluzione",
"casSrvMetaDataOptionsSortNumber":"Ordine",
"casSrvMetaDataOptionsUrl":"URL del server",
"casSrvName":"NOme del Server CAS",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"Codice regex",
"ext2fLabel":"Label",
"ext2fLogo":"Logo",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"ID dell'applicazione Facebook",
"facebookAppSecret":"Segreto dell'applicazione Facebook",
"facebookAuthnLevel":"Livello di autenticazione",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Codice regex",
"mail2fLabel":"Label",
"mail2fLogo":"Logo",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"Chiave di sessione contenente l'indirizzo di posta",
"mail2fSubject":"Oggetto della mail",
"mail2fTimeout":"Codice timeout",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"Età massima",
"oidcOPMetaDataOptionsPrompt":"Richiesta",
"oidcOPMetaDataOptionsProtocol":"Protocollo",
"oidcOPMetaDataOptionsResolutionRule":"Regola di risoluzione",
"oidcOPMetaDataOptionsScope":"Scopo",
"oidcOPMetaDataOptionsSortNumber":"Ordine",
"oidcOPMetaDataOptionsStoreIDToken":"Immagazzina ID Token",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algoritmo di firma di identificazione di Token",
"oidcRPMetaDataOptionsIcon":"Logo",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Conferma di bypass",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Sessione necessaria",
"oidcRPMetaDataOptionsLogoutType":"Tipo",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Mostra errore nella sessione scaduta",
"portalErrorOnMailNotFound":"Mostra errore sulla posta non trovata",
"portalFavicon":"Favicon",
"portalForceAuthn":"Forza l'autenticazione",
"portalForceAuthnInterval":"Forza intervallo di autenticazione",
"portalMainLogo":"Logo principale",
@ -882,11 +891,13 @@
"requireToken":"Richiede il token per i moduli",
"rest2f":"REST secondo fattore",
"rest2fActivation":"Attivazione",
"rest2fCodeActivation":"Codice regex",
"rest2fAuthnLevel":"Livello di autenticazione",
"rest2fInitArgs":"Argomenti di init",
"rest2fInitUrl":"URL iniziale",
"rest2fLabel":"Label",
"rest2fLogo":"Logo",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"Verifica argomenti",
"rest2fVerifyUrl":"Verifica UR",
"restAuthServer":"Authentication server",
@ -1053,6 +1064,7 @@
"saveReport":"Salva report",
"savingConfirmation":"Salvataggio della conferma",
"scope":"Ambito",
"scrollTop":"Scroll to top button",
"search":"Cerca...",
"secondFactors":"Secondi fattori",
"securedCookie":"Cookie protetti (SSL)",
@ -1072,6 +1084,7 @@
"session_s":"sessione(i)",
"sessions":"Sessioni",
"sfExtra":"Additional second factors",
"sfLoginTimeout":"Login timeout",
"sfManagerRule":"Display Manager link",
"sfOnlyUpgrade":"Use 2FA for session upgrade",
"sfRegisterTimeout":"Registration timeout",
@ -1244,4 +1257,4 @@
"yubikey2fUrl":"URL del servizio",
"yubikey2fUserCanRemoveKey":"Autorizza l'utente a rimuovere la Yubikey",
"zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo."
}
}

133
lemonldap-ng-manager/site/htdocs/static/languages/pl.json
View File

@ -76,8 +76,8 @@
"authAndUserdb":"Authz i baza danych użytkownika",
"authChain":"Łańcuch uwierzytelnienia",
"authChoice":"Wybór uwierzytelnienia",
"authChoiceAuthBasic":"Choice used for password authentication",
"authChoiceFindUser":"Choice used for searching user account",
"authChoiceAuthBasic":"Wybór używany do uwierzytelniania hasłem",
"authChoiceFindUser":"Wybór używany do wyszukiwania konta użytkownika",
"authChoiceModules":"Dozwolone moduły",
"authChoiceParam":"Parametr adresu URL",
"authOnly":"Tylko uwierzytelnianie",
@ -128,9 +128,12 @@
"bruteForceProtectionLockTimes":"Przyrostowe czasy blokady",
"bruteForceProtectionMaxAge":"Maksymalny czas ważności",
"bruteForceProtectionMaxFailed":"Dozwolone nieudane logowania",
"bruteForceProtectionMaxLockTime":"Maximum lock time",
"bruteForceProtectionMaxLockTime":"Maksymalny czas blokady",
"bruteForceProtectionTempo":"Czas blokady",
"cancel":"Anuluj",
"captcha":"Captcha module",
"captchaCustom":"Custom Captcha module",
"captchaOptions":"Captcha module options",
"captcha_login_enabled":"Aktywacja w formularzu logowania",
"captcha_mail_enabled":"Aktywacja przy resetowaniu hasła za pomocą formularza pocztowego",
"captcha_register_enabled":"Aktywacja w formularzu rejestracji",
@ -161,13 +164,14 @@
"casSrvMetaDataOptionsIcon":"Ścieżka ikony",
"casSrvMetaDataOptionsProxiedServices":"Usługi proxy",
"casSrvMetaDataOptionsRenew":"Odnów uwierzytelnianie",
"casSrvMetaDataOptionsResolutionRule":"Reguła rozstrzygania",
"casSrvMetaDataOptionsSortNumber":"Kolejność",
"casSrvMetaDataOptionsUrl":"URL serwera",
"casSrvName":"Nazwa serwera CAS",
"casStorage":"Nazwa modułu sesji CAS",
"casStorageOptions":"Opcje modułu sesji CAS",
"casStrictMatching":"Use strict URL matching",
"casTicketExpiration":"Temporary ticket lifetime",
"casStrictMatching":"Użyj ścisłego dopasowania adresów URL",
"casTicketExpiration":"Czas życia biletu tymczasowego",
"categoryName":"Nazwa Kategorii",
"cda":"Wiele domen",
"certificateMailContent":"Treść wiadomości",
@ -183,9 +187,9 @@
"cfgLog":"Podsumowanie",
"cfgVersion":"Wersja konfiguracji",
"checkDevOps":"Aktywacja",
"checkDevOpsCheckSessionAttributes":"Check session attributes",
"checkDevOpsDisplayNormalizedHeaders":"Display normalized headers",
"checkDevOpsDownload":"Download file",
"checkDevOpsCheckSessionAttributes":"Sprawdź atrybuty sesji",
"checkDevOpsDisplayNormalizedHeaders":"Wyświetl znormalizowane nagłówki",
"checkDevOpsDownload":"Pobieranie pliku",
"checkState":"Aktywacja",
"checkStateSecret":"Współdzielony sekret",
"checkUser":"Aktywacja",
@ -194,7 +198,7 @@
"checkUserDisplayEmptyHeaders":"Puste nagłówki",
"checkUserDisplayEmptyValues":"Puste wartości",
"checkUserDisplayHiddenAttributes":"Ukryte atrybuty",
"checkUserDisplayHistory":"History",
"checkUserDisplayHistory":"Historia",
"checkUserDisplayNormalizedHeaders":"Znormalizowane nagłówki",
"checkUserDisplayPersistentInfo":"Trwałe dane sesji",
"checkUserHiddenAttributes":"Ukryte atrybuty",
@ -249,7 +253,7 @@
"crowdsec":"Aktywacja",
"crowdsecAction":"Akcja",
"crowdsecKey":"Klucz API",
"crowdsecUrl":"Base URL of local API",
"crowdsecUrl":"Podstawowy adres URL lokalnego API",
"cspConnect":"Miejsca docelowe Ajax",
"cspDefault":"Domyślna wartość",
"cspFont":"Źródło czcionek",
@ -285,8 +289,8 @@
"dbiAuthUser":"Użytkownik",
"dbiAuthnLevel":"Poziom uwierzytelnienia",
"dbiConnection":"Połączenie",
"dbiConnectionAuth":"Authentication process",
"dbiConnectionUser":"User process",
"dbiConnectionAuth":"Proces uwierzytelniania",
"dbiConnectionUser":"Proces użytkownika",
"dbiDynamicHash":"dynamiczne haszowanie",
"dbiDynamicHashEnabled":"aktywacja dynamicznego haszowania",
"dbiDynamicHashNewPasswordScheme":"Dynamiczny schemat haszowania dla nowych haseł",
@ -315,7 +319,7 @@
"demoParams":"Parametry demonstracyjne",
"description":"Opis",
"dest":"Odbiorca",
"devOpsCheck":"Check DevOps handler file",
"devOpsCheck":"Sprawdź plik obsługi DevOps",
"diffViewer":"Przeglądarka różnic",
"diffWithPrevious":"różnica w stosunku do poprzednich",
"disablePersistentStorage":"Wyłącz przechowywanie",
@ -350,13 +354,14 @@
"ext2fCodeActivation":"Wyrażenie regularne kodu",
"ext2fLabel":"Etykieta",
"ext2fLogo":"Logo",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"Identyfikator aplikacji na Facebooku",
"facebookAppSecret":"Sekret aplikacji na Facebooku",
"facebookAuthnLevel":"Poziom uwierzytelnienia",
"facebookExportedVars":"Wyeksportowane zmienne",
"facebookParams":"Parametry Facebooka",
"facebookUserField":"Pole zawierające identyfikator użytkownika",
"failedLoginNumber":"Max failed logins count",
"failedLoginNumber":"Maksymalna liczba nieudanych logowań",
"fileToUpload":"Plik do przesłania",
"findUser":"Aktywacja",
"findUserControl":"Kontrola parametrów",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Wyrażenie regularne kodu",
"mail2fLabel":"Etykieta",
"mail2fLogo":"Logo",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"Klucz sesji zawierający adres e-mail",
"mail2fSubject":"Temat wiadomości",
"mail2fTimeout":"Limit czasu kodu",
@ -575,13 +581,13 @@
"newGrantRule":"Nowa reguła przyznawania",
"newHost":"Nowy host",
"newLocationWarning":"Aktywacja",
"newLocationWarningLocationAttribute":"Session attribute containing location",
"newLocationWarningLocationDisplayAttribute":"Session attribute to display",
"newLocationWarningMailAttribute":"Session mail attribute",
"newLocationWarningMailBody":"Warning mail content",
"newLocationWarningMailSubject":"Warning mail subject",
"newLocationWarningMaxValues":"Maximum number of locations to consider",
"newLocationWarnings":"New location warning",
"newLocationWarningLocationAttribute":"Atrybut sesji zawierający lokalizację",
"newLocationWarningLocationDisplayAttribute":"Atrybut sesji do wyświetlenia",
"newLocationWarningMailAttribute":"Atrybut poczty sesji",
"newLocationWarningMailBody":"Treść wiadomości z ostrzeżeniem",
"newLocationWarningMailSubject":"Temat wiadomości z ostrzeżeniem",
"newLocationWarningMaxValues":"Maksymalna liczba lokalizacji do rozważenia",
"newLocationWarnings":"Ostrzeżenie o nowej lokalizacji",
"newPost":"Nowy formularz powtórzenia",
"newPostVar":"Nowa zmienna",
"newRSAKey":"Nowe klucze",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"Maksymalny czas ważności",
"oidcOPMetaDataOptionsPrompt":"Prompt",
"oidcOPMetaDataOptionsProtocol":"Protokół",
"oidcOPMetaDataOptionsResolutionRule":"Reguła rozstrzygania",
"oidcOPMetaDataOptionsScope":"Zakres",
"oidcOPMetaDataOptionsSortNumber":"Kolejność",
"oidcOPMetaDataOptionsStoreIDToken":"Przechowuj token identyfikacyjny",
@ -662,13 +669,13 @@
"oidcParams":"Parametry OpenID Connect",
"oidcRP":"Strona zależna od OpenID Connect",
"oidcRPCallbackGetParam":"Parametr GET wywołania zwrotnego",
"oidcRPMetaDataExportedVars":"Exported attributes (claims)",
"oidcRPMetaDataExportedVars":"Wyeksportowane atrybuty (claims)",
"oidcRPMetaDataMacros":"Makra",
"oidcRPMetaDataNode":"Strony zależne od OpenID Connect",
"oidcRPMetaDataNodes":"Strony zależne od OpenID Connect",
"oidcRPMetaDataOptions":"Opcje",
"oidcRPMetaDataOptionsAccessTokenClaims":"Zwolnij oświadczenia w tokenie dostępu",
"oidcRPMetaDataOptionsAccessTokenExpiration":"Access Tokens",
"oidcRPMetaDataOptionsAccessTokenExpiration":"Tokeny dostępowy",
"oidcRPMetaDataOptionsAccessTokenJWT":"Użyj formatu JWT dla tokenu dostępu",
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Algorytm podpisu tokena dostępu",
"oidcRPMetaDataOptionsAdditionalAudiences":"Dodatkowi odbiorcy",
@ -677,18 +684,19 @@
"oidcRPMetaDataOptionsAllowOffline":"Zezwalaj na dostęp offline",
"oidcRPMetaDataOptionsAllowPasswordGrant":"Zezwól na przyznanie hasła OAuth2.0",
"oidcRPMetaDataOptionsAuthnLevel":"Poziom uwierzytelnienia",
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Codes",
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Kody autoryzacyjne",
"oidcRPMetaDataOptionsBasic":"Podstawowy",
"oidcRPMetaDataOptionsBypassConsent":"Obejdź zgodę",
"oidcRPMetaDataOptionsClientID":"Identyfikator klienta",
"oidcRPMetaDataOptionsClientSecret":"Sekret klienta",
"oidcRPMetaDataOptionsDisplay":"Wyświetlanie",
"oidcRPMetaDataOptionsDisplayName":"Wyświetlana nazwa",
"oidcRPMetaDataOptionsExtraClaims":"Scope values content",
"oidcRPMetaDataOptionsIDTokenExpiration":"ID Tokens",
"oidcRPMetaDataOptionsExtraClaims":"Treść wartości zakresu",
"oidcRPMetaDataOptionsIDTokenExpiration":"Tokeny identyfikacyjne",
"oidcRPMetaDataOptionsIDTokenForceClaims":"Wymuś zwrot roszczeń w tokenie identyfikacyjnym",
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algorytm podpisu tokena identyfikacyjnego",
"oidcRPMetaDataOptionsIcon":"Logo",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Potwierdzenie obejścia",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Wymagana sesja",
"oidcRPMetaDataOptionsLogoutType":"Rodzaj",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
@ -701,7 +709,7 @@
"oidcRPMetaDataOptionsRule":"Reguła dostępu",
"oidcRPMetaDataOptionsTimeouts":"Limit czasu",
"oidcRPMetaDataOptionsUserIDAttr":"Atrybut użytkownika",
"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format",
"oidcRPMetaDataOptionsUserInfoSignAlg":"Format odpowiedzi UserInfo",
"oidcRPMetaDataScopeRules":"Zasady dotyczące zakresu",
"oidcRPName":"Nazwa RP OpenID Connect",
"oidcRPStateTimeout":"Limit czasu sesji stanowej",
@ -711,10 +719,10 @@
"oidcServiceAllowHybridFlow":"Przepływ hybrydowy",
"oidcServiceAllowImplicitFlow":"Implikowany przepływ",
"oidcServiceAllowOffline":"Zezwalaj na dostęp offline",
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
"oidcServiceAuthorizationCodeExpiration":"Authorization Code",
"oidcServiceDynamicRegistration":"Dynamic registration",
"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
"oidcServiceAllowOnlyDeclaredScopes":"Zezwalaj tylko na zadeklarowane zakresy",
"oidcServiceAuthorizationCodeExpiration":"Kod autoryzacji",
"oidcServiceDynamicRegistration":"Rejestracja dynamiczna",
"oidcServiceDynamicRegistrationExportedVars":"Wyeksportowane zmienne",
"oidcServiceDynamicRegistrationExtraClaims":"Dodatkowe roszczenia",
"oidcServiceIDTokenExpiration":"Token identyfikacyjny",
"oidcServiceKeyIdSig":"Identyfikator klucza podpisu",
@ -723,7 +731,7 @@
"oidcServiceMetaDataAuthorizeURI":"Autoryzacja",
"oidcServiceMetaDataBackChannelURI":"Identyfikator URI kanału zwrotnego",
"oidcServiceMetaDataCheckSessionURI":"Sprawdź sesję",
"oidcServiceMetaDataEndPoints":"Endpoints",
"oidcServiceMetaDataEndPoints":"Punkty końcowe",
"oidcServiceMetaDataEndSessionURI":"Koniec sesji",
"oidcServiceMetaDataFrontChannelURI":"Identyfikator URI kanału przedniego",
"oidcServiceMetaDataIntrospectionURI":"Introspekcja",
@ -734,9 +742,9 @@
"oidcServiceMetaDataSecurity":"Bezpieczeństwo",
"oidcServiceMetaDataSessions":"Sesje",
"oidcServiceMetaDataTimeouts":"Limit czasu",
"oidcServiceMetaDataTokenURI":"Tokens",
"oidcServiceMetaDataTokenURI":"Tokeny",
"oidcServiceMetaDataUserInfoURI":"Informacja o użytkowniku",
"oidcServiceOfflineSessionExpiration":"Offline session",
"oidcServiceOfflineSessionExpiration":"Sesja offline",
"oidcServicePrivateKeySig":"Klucz prywatny podpisu",
"oidcServicePublicKeySig":"Klucz publiczny podpisu",
"oidcStorage":"Nazwa modułu sesji",
@ -803,9 +811,10 @@
"portalDisplayRefreshMyRights":"Wyświetl link do odświeżania praw",
"portalDisplayRegister":"Zarejestruj Nowe Konto",
"portalDisplayResetPassword":"Zresetuj hasło",
"portalEnablePasswordDisplay":"Allow to display password",
"portalEnablePasswordDisplay":"Zezwól na wyświetlenie hasła",
"portalErrorOnExpiredSession":"Pokaż błąd w wygasłej sesji",
"portalErrorOnMailNotFound":"Pokaż błąd w poczcie nie znaleziono",
"portalFavicon":"Favicon",
"portalForceAuthn":"Wymuś uwierzytelnienie",
"portalForceAuthnInterval":"Wymuś interwał uwierzytelnienia",
"portalMainLogo":"Główne logo",
@ -830,12 +839,12 @@
"previous":"Poprzedni",
"privateKey":"Prywatny klucz",
"proxyAuthService":"URL",
"proxyAuthServiceChoiceParam":"Choice parameter",
"proxyAuthServiceChoiceValue":"Choice value",
"proxyAuthServiceChoiceParam":"Parametr wyboru",
"proxyAuthServiceChoiceValue":"Wybór wartości",
"proxyAuthServiceImpersonation":"Personifikacja",
"proxyAuthnLevel":"Poziom uwierzytelnienia",
"proxyCookieName":"Nazwa ciasteczka",
"proxyInternalPortal":"Internal Portal",
"proxyInternalPortal":"Portal wewnętrzny",
"proxyParams":"Parametry proxy",
"proxySessionService":"Adres URL usługi sesji",
"proxyUseSoap":"Użyj SOAP zamiast REST",
@ -863,11 +872,11 @@
"regexp":"Wyrażenie regularne",
"regexps":"Wyrażenia regularne",
"register":"Zarejestruj nowe konto",
"registerConfirmBody":"Body for verification mail",
"registerConfirmSubject":"Subject for verification mail",
"registerConfirmBody":"Treść poczty weryfikacyjnej",
"registerConfirmSubject":"Temat wiadomości weryfikacyjnej",
"registerDB":"Moduł rejestracji",
"registerDoneBody":"Body for credentials mail",
"registerDoneSubject":"Subject for credentials mail",
"registerDoneBody":"Treść poczty uwierzytelniającej",
"registerDoneSubject":"Temat wiadomości z danymi uwierzytelniającymi",
"registerTimeout":"Termin ważności wniosku o rejestrację",
"registerUrl":"Zarejestruj adres URL strony",
"reloadParams":"Załaduj ponownie konfigurację",
@ -882,26 +891,28 @@
"requireToken":"Wymagaj tokena do formularzy",
"rest2f":"Drugi czynnik REST",
"rest2fActivation":"Aktywacja",
"rest2fCodeActivation":"Wyrażenie regularne kodu",
"rest2fAuthnLevel":"Poziom uwierzytelnienia",
"rest2fInitArgs":"Początkowe argumenty",
"rest2fInitUrl":"Początkowy adres URL",
"rest2fLabel":"Etykieta",
"rest2fLogo":"Logo",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"Zweryfikuj argumenty",
"rest2fVerifyUrl":"Zweryfikuj adres URL",
"restAuthServer":"Authentication server",
"restAuthServer":"Serwer uwierzytelniania",
"restAuthUrl":"Adres URL uwierzytelnienia",
"restAuthnLevel":"Poziom uwierzytelnienia",
"restClockTolerance":"Server clock tolerance",
"restConfigServer":"Configuration server",
"restExportSecretKeys":"Export secret attributes",
"restClockTolerance":"Tolerancja zegara serwera",
"restConfigServer":"Serwer konfiguracji",
"restExportSecretKeys":"Eksportuj tajne atrybuty",
"restFindUserDBUrl":"Adres URL kont użytkowników",
"restParams":"Parametry REST",
"restPasswordServer":"Password reset server",
"restPasswordServer":"Serwer resetowania hasła",
"restPwdConfirmUrl":"Adres URL potwierdzenia hasła",
"restPwdModifyUrl":"URL zmiany hasła",
"restServices":"Usługa REST",
"restSessionServer":"Session server",
"restSessionServer":"Serwer sesji",
"restUserDBUrl":"Adres URL danych użytkownika",
"restore":"Przywróć",
"restoreConf":"Przywróć konfigurację",
@ -1053,6 +1064,7 @@
"saveReport":"Zapisz raport",
"savingConfirmation":"Zapisuję potwierdzenie",
"scope":"Zakres",
"scrollTop":"Scroll to top button",
"search":"Szukaj...",
"secondFactors":"Drugi czynnik",
"securedCookie":"Bezpieczne pliki cookie (SSL)",
@ -1072,9 +1084,10 @@
"session_s":"sesja/e",
"sessions":"Sesje",
"sfExtra":"Dodatkowe drugie czynniki",
"sfLoginTimeout":"Login timeout",
"sfManagerRule":"Link do Menedżera wyświetlania",
"sfOnlyUpgrade":"Użyj 2FA do aktualizacji sesji",
"sfRegisterTimeout":"Registration timeout",
"sfRegisterTimeout":"Limit czasu rejestracji",
"sfRemovedMsg":"Wyświetl komunikat, gdy przeterminowany 2FA został usunięty",
"sfRemovedMsgRule":"Aktywacja",
"sfRemovedNotifMsg":"Powiadomienie",
@ -1100,9 +1113,9 @@
"slaveMasterIP":"Adres IP mastera",
"slaveParams":"Parametry slave",
"slaveUserHeader":"Nagłówek logowania użytkownika",
"soapConfigServer":"Configuration server",
"soapConfigServer":"Serwer konfiguracji",
"soapServices":"Usługa SOAP",
"soapSessionServer":"Session server",
"soapSessionServer":"Serwer sesji",
"specialRule":"Reguła specjalna",
"sslByAjax":"Użyj żądania Ajax",
"sslHost":"Ajax SSL URL",
@ -1111,13 +1124,13 @@
"stateCheck":"Kontrola stanu",
"stayConnect":"Trwałe połączenia",
"stayConnected":"Aktywacja",
"stayConnectedBypassFG":"Do not check fingerprint",
"stayConnectedBypassFG":"Nie sprawdzaj odcisku palca",
"stayConnectedCookieName":"Nazwa ciasteczka",
"stayConnectedTimeout":"Data ważności",
"storePassword":"Przechowuj hasło użytkownika w sesji",
"string":"Łańcuch znaków",
"subtitle":"Podtytuł",
"successLoginNumber":"Max successful logins count",
"successLoginNumber":"Maksymalna liczba udanych logowań",
"successfullySaved":"Pomyślnie zapisano",
"sympaHandler":"Sympa",
"sympaMailKey":"Klucz sesji e-mail",
@ -1135,9 +1148,9 @@
"totp2fActivation":"Aktywacja",
"totp2fAuthnLevel":"Poziom uwierzytelnienia",
"totp2fDigits":"Ilość cyfr",
"totp2fEncryptSecret":"Encrypt TOTP secrets",
"totp2fEncryptSecret":"Szyfruj sekrety TOTP",
"totp2fInterval":"Interwał",
"totp2fIssuer":"Issuer name",
"totp2fIssuer":"Nazwa wystawcy",
"totp2fLabel":"Etykieta",
"totp2fLogo":"Logo",
"totp2fRange":"Zakres prób",
@ -1196,7 +1209,7 @@
"vhostAccessToTrace":"Dostęp do śledzenia",
"vhostAliases":"Aliasy",
"vhostAuthnLevel":"Wymagany poziom uwierzytelnienia",
"vhostDevOpsRulesUrl":"DevOps rules file URL",
"vhostDevOpsRulesUrl":"Adres URL pliku reguł DevOps",
"vhostHttps":"HTTPS",
"vhostMaintenance":"Tryb konserwacji",
"vhostOptions":"Opcje",
@ -1222,9 +1235,9 @@
"webauthn2fLogo":"Logo",
"webauthn2fSelfRegistration":"Samodzielna rejestracja",
"webauthn2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć WebAuthn",
"webauthn2fUserVerification":"User verification",
"webauthnDisplayNameAttr":"User Display Name attribute",
"webauthnRpName":"Relying Party display name",
"webauthn2fUserVerification":"Weryfikacja użytkownika",
"webauthnDisplayNameAttr":"Atrybut nazwy wyświetlanej użytkownika",
"webauthnRpName":"Wyświetlana nazwa strony uzależnionej",
"webidParams":"Parametry WebID",
"whatToTrace":"REMOTE_USER",
"whiteList":"Biała lista",
@ -1244,4 +1257,4 @@
"yubikey2fUrl":"URL usługi",
"yubikey2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć Yubikey",
"zeroConfExplanations":"Serwer nie ma konfiguracji. Użyj szablonu, aby zapisać pierwszy."
}
}

15
lemonldap-ng-manager/site/htdocs/static/languages/tr.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"Maksimum kilit süresi",
"bruteForceProtectionTempo":"Kilit süresi",
"cancel":"İptal Et",
"captcha":"Captcha modülü",
"captchaCustom":"Captcha modülünü özelleştir",
"captchaOptions":"Captcha modülü seçenekleri",
"captcha_login_enabled":"Giriş formunda aktivasyon",
"captcha_mail_enabled":"E-posta formu tarafından parola sıfırlamada aktivasyon",
"captcha_register_enabled":"Kayıt formunda aktivasyon",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"İkon yolu",
"casSrvMetaDataOptionsProxiedServices":"Vekil sunucu servisleri",
"casSrvMetaDataOptionsRenew":"Kimlik doğrulamayı yenile",
"casSrvMetaDataOptionsResolutionRule":"Çözünürlük kuralı",
"casSrvMetaDataOptionsSortNumber":"Sıra",
"casSrvMetaDataOptionsUrl":"Sunucu URL'si",
"casSrvName":"CAS Sunucu Adı",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"Düzenli ifade kodla",
"ext2fLabel":"Etiket",
"ext2fLogo":"Logo",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"Facebook uygulama ID",
"facebookAppSecret":"Facebook uygulama gizli anahtar",
"facebookAuthnLevel":"Doğrulama seviyesi",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Düzenli ifade kodla",
"mail2fLabel":"Etiket",
"mail2fLogo":"Logo",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"Oturum anahtarı e-posta adresini içeriyor",
"mail2fSubject":"E-posta konusu",
"mail2fTimeout":"Kod zaman aşımı",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"Maksimum ömür",
"oidcOPMetaDataOptionsPrompt":"İstem",
"oidcOPMetaDataOptionsProtocol":"Protokol",
"oidcOPMetaDataOptionsResolutionRule":"Çözünürlük kuralı",
"oidcOPMetaDataOptionsScope":"Kapsam",
"oidcOPMetaDataOptionsSortNumber":"Sıra",
"oidcOPMetaDataOptionsStoreIDToken":"ID Jetonu Sakla",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"ID Jetonunda özelliklerin yayınlanmasını zorla",
"oidcRPMetaDataOptionsIDTokenSignAlg":"ID Token imzalama algoritması",
"oidcRPMetaDataOptionsIcon":"Logo",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Onayı atla",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Oturum gerekli",
"oidcRPMetaDataOptionsLogoutType":"Tür",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Parolayı göstermeye izin ver",
"portalErrorOnExpiredSession":"Süresi dolmuş oturumda hatayı göster",
"portalErrorOnMailNotFound":"E-posta bulunamadığında hatayı göster",
"portalFavicon":"Favicon",
"portalForceAuthn":"Kimlik doğrulamaya zorla",
"portalForceAuthnInterval":"Kimlik doğrulama aralığını zorla",
"portalMainLogo":"Ana logo",
@ -882,11 +891,13 @@
"requireToken":"Formlar için jeton gerekir",
"rest2f":"REST ile ikinci faktör",
"rest2fActivation":"Aktivasyon",
"rest2fCodeActivation":"Düzenli ifade kodla",
"rest2fAuthnLevel":"Doğrulama seviyesi",
"rest2fInitArgs":"Başlangıç argümanları",
"rest2fInitUrl":"Başlangıç URL",
"rest2fLabel":"Etiket",
"rest2fLogo":"Logo",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"Argümanları Doğrula",
"rest2fVerifyUrl":"URL'yi Doğrula",
"restAuthServer":"Doğrulama sunucusu",
@ -1053,6 +1064,7 @@
"saveReport":"Raporu kaydet",
"savingConfirmation":"Doğrulama kaydediliyor",
"scope":"Kapsam",
"scrollTop":"Üst butonu kaydır",
"search":"Ara...",
"secondFactors":"İki faktörlü kimlik doğrulama",
"securedCookie":"Güvenli Çerez (SSL)",
@ -1072,6 +1084,7 @@
"session_s":"oturum(lar)",
"sessions":"Oturumlar",
"sfExtra":"Ek ikinci faktörler",
"sfLoginTimeout":"Oturum zaman aşımı",
"sfManagerRule":"Yönetici bağlantısını görüntüle",
"sfOnlyUpgrade":"Oturum yükseltme için 2FA kullan",
"sfRegisterTimeout":"Kayıtlanma zaman aşımı",
@ -1244,4 +1257,4 @@
"yubikey2fUrl":"Servis URL'si",
"yubikey2fUserCanRemoveKey":"Yubikey'i kaldırmak için kullanıcıya izin ver",
"zeroConfExplanations":"Sunucunun yapılandırması yok. Şimdi bir tane kaydetmek için şablonu kullanın."
}
}

15
lemonldap-ng-manager/site/htdocs/static/languages/vi.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"Maximum lock time",
"bruteForceProtectionTempo":"Lock time",
"cancel":"Hủy",
"captcha":"Captcha module",
"captchaCustom":"Custom Captcha module",
"captchaOptions":"Captcha module options",
"captcha_login_enabled":"Kích hoạt ở dạng đăng nhập",
"captcha_mail_enabled":"Kích hoạt đặt lại mật khẩu bằng biểu mẫu thư",
"captcha_register_enabled":"Kích hoạt trong biểu mẫu đăng ký",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"Đường dẫn Icon",
"casSrvMetaDataOptionsProxiedServices":"Dịch vụ proxy",
"casSrvMetaDataOptionsRenew":"Gia hạn chứng thực",
"casSrvMetaDataOptionsResolutionRule":"Quy tắc phân giải ",
"casSrvMetaDataOptionsSortNumber":"Order",
"casSrvMetaDataOptionsUrl":"URL máy chủ",
"casSrvName":"Tên máy chủ CAS",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"Code regex",
"ext2fLabel":"Label",
"ext2fLogo":"Logo",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"ID ứng dụng Facebook ",
"facebookAppSecret":"Ứng dụng Facebook bí mật",
"facebookAuthnLevel":"Mức xác thực",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"Code regex",
"mail2fLabel":"Label",
"mail2fLogo":"Logo",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"Khóa phiên chứa địa chỉ thư",
"mail2fSubject":"Mail subject",
"mail2fTimeout":"Code timeout",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"Thời hạn tối đa",
"oidcOPMetaDataOptionsPrompt":"Nhắc nhở",
"oidcOPMetaDataOptionsProtocol":"Giao thức",
"oidcOPMetaDataOptionsResolutionRule":"Quy tắc phân giải ",
"oidcOPMetaDataOptionsScope":"Phạm vi",
"oidcOPMetaDataOptionsSortNumber":"Order",
"oidcOPMetaDataOptionsStoreIDToken":"Mã thông báo Cửa hàng",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
"oidcRPMetaDataOptionsIDTokenSignAlg":"Thuật toán chữ ký ID Token",
"oidcRPMetaDataOptionsIcon":"Logo",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Phiên yêu cầu",
"oidcRPMetaDataOptionsLogoutType":"Loại",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Show error on expired session",
"portalErrorOnMailNotFound":"Show error on mail not found",
"portalFavicon":"Favicon",
"portalForceAuthn":"Bắt buộc xác thực",
"portalForceAuthnInterval":"Khoảng thời gian bắt buộc xác thực",
"portalMainLogo":"Main logo",
@ -882,11 +891,13 @@
"requireToken":"Yêu cầu token cho các biểu mẫu",
"rest2f":"REST second factor",
"rest2fActivation":"Kích hoạt",
"rest2fCodeActivation":"Code regex",
"rest2fAuthnLevel":"Mức xác thực",
"rest2fInitArgs":"Init arguments",
"rest2fInitUrl":"Init URL",
"rest2fLabel":"Label",
"rest2fLogo":"Logo",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"Verify arguments",
"rest2fVerifyUrl":"Verify URL",
"restAuthServer":"Authentication server",
@ -1053,6 +1064,7 @@
"saveReport":"Lưu báo cáo",
"savingConfirmation":"Lưu xác nhận",
"scope":"Phạm vi",
"scrollTop":"Scroll to top button",
"search":"Search...",
"secondFactors":"Second factors",
"securedCookie":"Cookie bảo mật (SSL)",
@ -1072,6 +1084,7 @@
"session_s":"session (s)",
"sessions":"Phiên",
"sfExtra":"Additional second factors",
"sfLoginTimeout":"Login timeout",
"sfManagerRule":"Display Manager link",
"sfOnlyUpgrade":"Use 2FA for session upgrade",
"sfRegisterTimeout":"Registration timeout",
@ -1244,4 +1257,4 @@
"yubikey2fUrl":"Dịch vụ URL",
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
"zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. "
}
}

15
lemonldap-ng-manager/site/htdocs/static/languages/zh.json
View File

@ -131,6 +131,9 @@
"bruteForceProtectionMaxLockTime":"Maximum lock time",
"bruteForceProtectionTempo":"鎖時間",
"cancel":"取消",
"captcha":"Captcha module",
"captchaCustom":"Custom Captcha module",
"captchaOptions":"Captcha module options",
"captcha_login_enabled":" 登录激活",
"captcha_mail_enabled":"通过邮件进行密码重置 激活",
"captcha_register_enabled":"注册 激活",
@ -161,6 +164,7 @@
"casSrvMetaDataOptionsIcon":"图标路径",
"casSrvMetaDataOptionsProxiedServices":"代理服务",
"casSrvMetaDataOptionsRenew":"更新驗證",
"casSrvMetaDataOptionsResolutionRule":"解析規則",
"casSrvMetaDataOptionsSortNumber":"順序",
"casSrvMetaDataOptionsUrl":"服务器 URL",
"casSrvName":"CAS 服务器名称",
@ -350,6 +354,7 @@
"ext2fCodeActivation":"代碼正規表示式",
"ext2fLabel":"標籤",
"ext2fLogo":"Logo",
"ext2fResendInterval":"Re-send interval",
"facebookAppId":"Facebook 應用程式 ID",
"facebookAppSecret":"Facebook 應用程式祕密",
"facebookAuthnLevel":"认证级别",
@ -527,6 +532,7 @@
"mail2fCodeRegex":"代碼正規表示式",
"mail2fLabel":"標籤",
"mail2fLogo":"Logo",
"mail2fResendInterval":"Re-send interval",
"mail2fSessionKey":"包含郵件地址的工作階段金鑰",
"mail2fSubject":"郵件主旨",
"mail2fTimeout":"代碼逾時",
@ -652,6 +658,7 @@
"oidcOPMetaDataOptionsMaxAge":"最大時間",
"oidcOPMetaDataOptionsPrompt":"提示",
"oidcOPMetaDataOptionsProtocol":"協定",
"oidcOPMetaDataOptionsResolutionRule":"解析規則",
"oidcOPMetaDataOptionsScope":"範圍",
"oidcOPMetaDataOptionsSortNumber":"順序",
"oidcOPMetaDataOptionsStoreIDToken":"儲存 ID 權杖",
@ -689,6 +696,7 @@
"oidcRPMetaDataOptionsIDTokenForceClaims":"強制要求以 ID 權杖回傳",
"oidcRPMetaDataOptionsIDTokenSignAlg":"ID 權杖簽章演算法",
"oidcRPMetaDataOptionsIcon":"Logo",
"oidcRPMetaDataOptionsLogoutBypassConfirm":"绕过确认",
"oidcRPMetaDataOptionsLogoutSessionRequired":"需要工作階段",
"oidcRPMetaDataOptionsLogoutType":"類型",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
@ -806,6 +814,7 @@
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"在過期的工作階段上顯示錯誤",
"portalErrorOnMailNotFound":"找不到郵件時顯示錯誤",
"portalFavicon":"Favicon",
"portalForceAuthn":"強制驗證",
"portalForceAuthnInterval":"強制驗證間隔",
"portalMainLogo":"主圖示",
@ -882,11 +891,13 @@
"requireToken":"需要表單權杖",
"rest2f":"REST 第二因素",
"rest2fActivation":"激活",
"rest2fCodeActivation":"代碼正規表示式",
"rest2fAuthnLevel":"认证等级",
"rest2fInitArgs":"初始化參數",
"rest2fInitUrl":"初始化 URL",
"rest2fLabel":"標籤",
"rest2fLogo":"Logo",
"rest2fResendInterval":"Re-send interval",
"rest2fVerifyArgs":"驗證參數",
"rest2fVerifyUrl":"驗證 URL",
"restAuthServer":"Authentication server",
@ -1053,6 +1064,7 @@
"saveReport":"儲存回報",
"savingConfirmation":"正在儲存確認",
"scope":"範圍",
"scrollTop":"Scroll to top button",
"search":"搜尋……",
"secondFactors":"雙因素",
"securedCookie":"安全 Cookie (SSL)",
@ -1072,6 +1084,7 @@
"session_s":"工作階段",
"sessions":"工作階段",
"sfExtra":"額外的第二因素",
"sfLoginTimeout":"Login timeout",
"sfManagerRule":"顯示管理程式連結",
"sfOnlyUpgrade":"使用 2FA 進行工作階段升級",
"sfRegisterTimeout":"Registration timeout",
@ -1244,4 +1257,4 @@
"yubikey2fUrl":"服务 URL",
"yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey",
"zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。"
}
}

Some files were not shown because too many files have changed in this diff Show More