Merge branch 'v2.0' into apache-ssoaas-client-2739
This commit is contained in:
commit
2bb7a1dbfe
22
Makefile
22
Makefile
|
@ -887,23 +887,9 @@ install_examples_site:
|
|||
install_doc_site:
|
||||
# Offline documentation install
|
||||
@rm -rf $(RDEFDOCDIR)
|
||||
# Install doc directories
|
||||
@install -v -d -m 755 $(RDEFDOCDIR)
|
||||
@cd doc && find * -type d |(cd $(RDEFDOCDIR); xargs install -v -d -m 755) && cd -
|
||||
# Install HTML files
|
||||
@cd doc && for f in `find * -type f -name '*.html'`; do \
|
||||
echo "Installing $$f"; \
|
||||
../scripts/transform-templates \
|
||||
usedebianlibs $(USEDEBIANLIBS) \
|
||||
useexternallibs $(USEEXTERNALLIBS) \
|
||||
jsminified $(JSCOMPRESS) \
|
||||
cssminified $(CSSCOMPRESS) <$$f \
|
||||
> $(RDEFDOCDIR)/$$f; \
|
||||
done && cd -
|
||||
# Install other files
|
||||
@cd doc && for f in `find * -type f ! -name '*.html'`; do \
|
||||
install -v -m 644 $$f $(RDEFDOCDIR)/$$f; \
|
||||
done && cd -
|
||||
@cd doc && find index.html pages/* -type f ! -path '*/.*' -exec install -v -m 644 -D '{}' $(RDEFDOCDIR)/'{}' \; && cd -
|
||||
|
||||
# Remove js
|
||||
@cd $(RDEFDOCDIR) && if test "$(USEEXTERNALLIBS)" = "yes"; then \
|
||||
rm -rvf $(DOCEXTERNALLIBS); \
|
||||
|
@ -1178,13 +1164,13 @@ test-diff:
|
|||
done
|
||||
|
||||
tidy: clean
|
||||
@if perltidy -v|grep v20210717 >/dev/null; then \
|
||||
@if perltidy -v|grep v20220217 >/dev/null; then \
|
||||
for f in `find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \)`; do \
|
||||
echo -n $$f; \
|
||||
perltidy -se -b $$f; \
|
||||
echo; \
|
||||
done; \
|
||||
else echo "Wrong perltidy version, please install Perl::Tidy@20210717" ; exit 1 ;\
|
||||
else echo "Wrong perltidy version, please install Perl::Tidy@20220217" ; exit 1 ;\
|
||||
fi
|
||||
find lemon*/ -name '*.bak' -delete
|
||||
$(MAKE) json
|
||||
|
|
|
@ -764,7 +764,7 @@
|
|||
"type" : "object",
|
||||
"properties" : {
|
||||
"service" : {
|
||||
"type" : "string"
|
||||
"type" : "array"
|
||||
},
|
||||
"userAttribute" : {
|
||||
"type" : "string",
|
||||
|
@ -880,6 +880,9 @@
|
|||
"type" : "string",
|
||||
"format" : "url"
|
||||
},
|
||||
"logoutBypassConfirm" : {
|
||||
"type" : "boolean"
|
||||
},
|
||||
"clientSecret" : {
|
||||
"type" : "string",
|
||||
"format" : "password"
|
||||
|
|
|
@ -136,7 +136,7 @@ Application Configuration
|
|||
.. image:: applications/simplesamlphp_logo.png :doc:`simpleSAMLphp<applications/simplesamlphp>` ✔
|
||||
.. image:: applications/spring_logo.png :doc:`Spring<applications/spring>` ✔
|
||||
.. image:: applications/symfony_logo.png :doc:`Symfony<applications/symfony>` ✔
|
||||
.. image:: applications/sympa_logo.png :doc:`Sympa<applications/sympa>` ✔
|
||||
.. image:: applications/sympa_logo.png :doc:`Sympa<applications/sympa>` ✔ ✔
|
||||
.. image:: applications/tomcat_logo.png :doc:`Tomcat<applications/tomcat>` ✔
|
||||
.. image:: applications/wekan-logo.png :doc:`Wekan<applications/wekan>` ✔
|
||||
.. image:: applications/wiki.js.svg :doc:`Wiki.js<applications/wikijs>` ✔
|
||||
|
|
|
@ -8,9 +8,59 @@ Presentation
|
|||
|
||||
`Sympa <http://www.sympa.org>`__ is a mailing list manager.
|
||||
|
||||
To configure SSO with Sympa, use **Magic authentication**: a special SSO
|
||||
URL is protected by LL::NG, Sympa will display a button for users who
|
||||
wants to use this feature.
|
||||
To configure SSO with Sympa, you have the choice between:
|
||||
* CAS
|
||||
* **Magic authentication**: a special SSO URL is protected by LL::NG, Sympa will display a button for users who wants to use this feature.
|
||||
|
||||
We recommend to use CAS.
|
||||
|
||||
CAS
|
||||
---
|
||||
|
||||
|
||||
Sympa configuration
|
||||
~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Edit the file "auth.conf", for example:
|
||||
|
||||
::
|
||||
|
||||
vi /etc/sympa/auth.conf
|
||||
|
||||
And fill it:
|
||||
|
||||
::
|
||||
|
||||
cas
|
||||
base_url https://auth.example.com/cas
|
||||
non_blocking_redirection on
|
||||
auth_service_name SSO
|
||||
ldap_host ldap.example.com:389
|
||||
ldap_get_email_by_uid_filter (uid=[uid])
|
||||
ldap_timeout 7
|
||||
ldap_suffix dc=example,dc=com
|
||||
ldap_scope sub
|
||||
ldap_email_attribute mail
|
||||
|
||||
Restart services:
|
||||
|
||||
::
|
||||
|
||||
service sympa restart
|
||||
service apache2 restart
|
||||
|
||||
See also `official documentation <https://sympa-community.github.io/manual/customize/cas.html>`__
|
||||
|
||||
LemonLDAP::NG configuration
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Declare CAS application in the configuration, register the service URL.
|
||||
|
||||
No attributes are needed.
|
||||
|
||||
|
||||
Magic authentication
|
||||
--------------------
|
||||
|
||||
|
||||
.. tip::
|
||||
|
@ -19,9 +69,6 @@ wants to use this feature.
|
|||
removed since it works only with Sympa-5 which has been deprecated
|
||||
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
Sympa configuration
|
||||
~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
|
@ -63,23 +63,48 @@ Then, go in ``CAS parameters``:
|
|||
|
||||
- **Authentication level**: authentication level for this module.
|
||||
|
||||
Then create the list of CAS servers in the manager. For each, set:
|
||||
Then create the list of CAS servers in the manager.
|
||||
|
||||
Options
|
||||
~~~~~~~
|
||||
|
||||
- **Server URL** *(required)*: CAS server URL (must use https://)
|
||||
- **Renew authentication** *(default: disabled)*: force authentication
|
||||
renewal on CAS server
|
||||
- **Gateways authentication** *(default: disabled)*: force transparent
|
||||
authentication on CAS server
|
||||
|
||||
Proxied services
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
In this section, set the list of services for which a proxy ticket is
|
||||
requested:
|
||||
|
||||
- **Key**: Service ID
|
||||
- **Value** Service URL (CAS service identifier)
|
||||
|
||||
Display
|
||||
~~~~~~~
|
||||
- **Display Name**: Name to display. Required if you have more than 1
|
||||
CAS server declared
|
||||
- **Icon**: Path to CAS Server icon. Used only if you have more than 1
|
||||
CAS server declared
|
||||
- **Order**: Number to sort CAS Servers display
|
||||
- **Proxied services**: list of services for which a proxy ticket is
|
||||
requested:
|
||||
- **Resolution Rule**: rule that will be applied to preselect a CAS server for
|
||||
a user. You have access to all environment variable *(like user IP address)*
|
||||
and all session keys.
|
||||
|
||||
- **Key**: Service ID
|
||||
- **Value** Service URL (CAS service identifier)
|
||||
For example, to preselect this server for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this server when the ``MY_SRV`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_SRV"
|
||||
|
||||
- **Order**: Number to sort CAS Servers display
|
||||
|
||||
|
||||
.. tip::
|
||||
|
|
|
@ -39,7 +39,7 @@ must set:
|
|||
- overloaded parameters: you can redefine any LLNG string parameters.
|
||||
For example, if you use 2 different LDAP, the first can use normal
|
||||
configuration and for the second, overwritten parameter can redefine
|
||||
ldapServer,...
|
||||
ldapServer or any existing parameter.
|
||||
|
||||
|
||||
.. note::
|
||||
|
@ -63,12 +63,13 @@ parameters.
|
|||
For example, if DBI is configured to use PostgreSQL but DB2 is a MySQL
|
||||
DB, you can override the "dbiChain" parameter.
|
||||
|
||||
You can also override a complex key like ldapExportedVars, by setting a
|
||||
JSON value:
|
||||
The over parameter is a HASH ref where keys are attributes names and values are the overriden value.
|
||||
To override a complex key like ldapExportedVars, you must use a JSON value, as the over parameter
|
||||
expect string values:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{"cn" => "cn", "uid" => "sAMAccounName", "mail" => "mail"}
|
||||
{"cn": "cn", "uid": "sAMAccounName", "mail": "mail"}
|
||||
|
||||
|
||||
.. attention::
|
||||
|
|
|
@ -74,12 +74,12 @@ Connection
|
|||
|
||||
- More than one server can be set here separated by spaces or
|
||||
commas. They will be tested in the specified order.
|
||||
- To use TLS, set ``ldap+tls://server`` and to use LDAPS, set
|
||||
- To use StartTLS, set ``ldap+tls://server`` and to use LDAPS, set
|
||||
``ldaps://server`` instead of server name.
|
||||
- If you use TLS, you can set any of the
|
||||
- If you use StartTLS or LDAPS, you can set any of the
|
||||
`Net::LDAP <http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod>`__
|
||||
start_tls() sub like
|
||||
``ldap+tls://server/verify=none&capath=/etc/ssl``. You can
|
||||
start_tls() options in the URL, such as ``ldap+tls://server/verify=none``
|
||||
or ``ldaps://server/cafile=/etc/ssl/ca.pem&sslversion=tlsv1_2``. You can
|
||||
also use cafile and capath parameters.
|
||||
|
||||
- **Server port**: TCP port used by LDAP server if different from the standard
|
||||
|
@ -208,7 +208,7 @@ Password
|
|||
- **Allow a user to reset his expired password**: if activated, the
|
||||
user will be prompted to change password if his password is expired
|
||||
(default: disabled)
|
||||
- **Search for user before password change**: this option forces the password
|
||||
- **Search for user before password change**: this option forces the password
|
||||
change module to search for the user again, refreshing its DN. This feature
|
||||
is only useful in rare cases when you use LDAP as the password module, but
|
||||
not as the UserDB module. (default: enabled)
|
||||
|
|
|
@ -210,42 +210,59 @@ So you can define by example:
|
|||
Options
|
||||
^^^^^^^
|
||||
|
||||
- **Configuration**:
|
||||
Configuration
|
||||
"""""""""""""
|
||||
|
||||
- **Configuration endpoint**: URL of OP configuration endpoint
|
||||
- **JWKS data timeout**: After this time, LL::NG will do a request
|
||||
to get a fresh version of JWKS data. Set to 0 to disable it.
|
||||
- **Client ID**: Client ID given by OP
|
||||
- **Client secret**: Client secret given by OP
|
||||
- **Store ID token**: Allows one to store the ID Token (JWT) inside
|
||||
user session. Do not enable it unless you need to replay this token
|
||||
on an application, or if you need the id_token_hint parameter when
|
||||
using logout.
|
||||
- **Configuration endpoint**: URL of OP configuration endpoint
|
||||
- **JWKS data timeout**: After this time, LL::NG will do a request
|
||||
to get a fresh version of JWKS data. Set to 0 to disable it.
|
||||
- **Client ID**: Client ID given by OP
|
||||
- **Client secret**: Client secret given by OP
|
||||
- **Store ID token**: Allows one to store the ID Token (JWT) inside
|
||||
user session. Do not enable it unless you need to replay this token
|
||||
on an application, or if you need the id_token_hint parameter when
|
||||
using logout.
|
||||
|
||||
- **Protocol**:
|
||||
Protocol
|
||||
""""""""
|
||||
- **Scope**: Value of scope parameter (example: openid profile). The
|
||||
``openid`` scope is mandatory.
|
||||
- **Display**: Value of display parameter (example: page)
|
||||
- **Prompt**: Value of prompt parameter (example: consent)
|
||||
- **Max age**: Value of max_age parameter (example: 3600)
|
||||
- **UI locales**: Value of ui_locales parameter (example: en-GB en
|
||||
fr-FR fr)
|
||||
- **ACR values**: Value acr_values parameters (example: loa-1)
|
||||
- **Token endpoint authentication method**: Choice between
|
||||
``client_secret_post`` and ``client_secret_basic``
|
||||
- **Check JWT signature**: Set to 0 to disable JWT signature
|
||||
checking
|
||||
- **ID Token max age**: If defined, LL::NG will check the ID Token
|
||||
date and reject it if too old
|
||||
- **Use Nonce**: If enabled, a nonce will be sent, and verified from
|
||||
the ID Token
|
||||
|
||||
- **Scope**: Value of scope parameter (example: openid profile). The
|
||||
``openid`` scope is mandatory.
|
||||
- **Display**: Value of display parameter (example: page)
|
||||
- **Prompt**: Value of prompt parameter (example: consent)
|
||||
- **Max age**: Value of max_age parameter (example: 3600)
|
||||
- **UI locales**: Value of ui_locales parameter (example: en-GB en
|
||||
fr-FR fr)
|
||||
- **ACR values**: Value acr_values parameters (example: loa-1)
|
||||
- **Token endpoint authentication method**: Choice between
|
||||
``client_secret_post`` and ``client_secret_basic``
|
||||
- **Check JWT signature**: Set to 0 to disable JWT signature
|
||||
checking
|
||||
- **ID Token max age**: If defined, LL::NG will check the ID Token
|
||||
date and reject it if too old
|
||||
- **Use Nonce**: If enabled, a nonce will be sent, and verified from
|
||||
the ID Token
|
||||
Display
|
||||
"""""""
|
||||
|
||||
- **Display**:
|
||||
- **Display name**: Name of the application
|
||||
- **Logo**: Logo of the application
|
||||
- **Resolution Rule**: rule that will be applied to preselect an OP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
- **Display name**: Name of the application
|
||||
- **Logo**: Logo of the application
|
||||
- **Order**: Number to sort buttons
|
||||
For example, to preselect this OP for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this OP when the ``MY_OP`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_OP"
|
||||
|
||||
- **Order**: Number to sort buttons
|
||||
|
||||
|
||||
.. attention::
|
||||
|
@ -254,4 +271,4 @@ Options
|
|||
with ``verify_hostname => 0`` and ``SSL_verify_mode => 0``.
|
||||
|
||||
|
||||
Go to: ``General Parameters > Advanced Parameters > Security > SSL options for server requests``
|
||||
Go to: ``General Parameters > Advanced Parameters > Security > SSL options for server requests``
|
||||
|
|
|
@ -111,20 +111,6 @@ For each attribute, you can set:
|
|||
Options
|
||||
^^^^^^^
|
||||
|
||||
General options
|
||||
'''''''''''''''
|
||||
|
||||
- **Resolution Rule**: rule that will be applied to preselect an IDP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
For example, to preselect this IDP for users coming from 129.168.0.0/16
|
||||
network and member of "admin" group:
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/ and $groups =~ /\badmin\b/
|
||||
|
||||
Authentication request
|
||||
''''''''''''''''''''''
|
||||
|
||||
|
@ -212,8 +198,6 @@ Used only if at least 2 SAML Identity Providers are declared
|
|||
|
||||
- **Display name**: Name of the IDP
|
||||
- **Logo**: Logo of the IDP
|
||||
- **Order**: Number used for sorting IDP display
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
|
@ -222,6 +206,23 @@ Used only if at least 2 SAML Identity Providers are declared
|
|||
icon file name directly in the field and copy the logo file in portal
|
||||
icons directory
|
||||
|
||||
- **Resolution Rule**: rule that will be applied to preselect an IDP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
For example, to preselect this IDP for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this IDP when the ``MY_IDP`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_IDP"
|
||||
|
||||
- **Order**: Number used for sorting IDP display
|
||||
|
||||
.. |image0| image:: /documentation/manager-saml-metadata.png
|
||||
:class: align-center
|
||||
.. |image1| image:: /documentation/manager-saml-attributes.png
|
||||
|
|
|
@ -31,3 +31,18 @@ Go in ``General parameters`` > ``Portal`` > ``Captcha``:
|
|||
- **Activation in register form**: set to 1 to display captcha in
|
||||
register form
|
||||
- **Size**: length of captcha
|
||||
- **Captcha module**: allows you to use a custom Captcha module, see
|
||||
:ref:`below <customcaptcha>`. Leave it blank to use the default Captcha
|
||||
implementation
|
||||
- **Captcha module options**: options for the custom Captcha module
|
||||
|
||||
.. _customcaptcha:
|
||||
|
||||
Custom Captcha modules
|
||||
----------------------
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
If the default Captcha does not meet your requirements, you can replace it with
|
||||
a different implementation. See the ``Lemonldap::NG::Portal::Captcha`` manual
|
||||
page for details on how to implement a Captcha module.
|
||||
|
|
|
@ -301,7 +301,7 @@ In this example we have:
|
|||
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
|
||||
addKey \
|
||||
casAppMetaDataExportedVars/testapp mail mail \
|
||||
casAppMetaDataExportedVars/testapp cn cn
|
||||
casAppMetaDataExportedVars/testapp cn cn \
|
||||
casAppMetaDataOptions/testapp casAppMetaDataOptionsService 'https://testapp.example.com/'
|
||||
|
||||
Configure SAML Identity Provider
|
||||
|
|
|
@ -50,7 +50,7 @@ master_doc = 'start'
|
|||
|
||||
# General information about the project.
|
||||
project = u'LemonLDAP::NG'
|
||||
copyright = u'2021, LemonLDAP::NG'
|
||||
copyright = u'2022, LemonLDAP::NG'
|
||||
author = u'LemonLDAP::NG'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
|
@ -138,6 +138,8 @@ if 'LLNGSPHINXWEBSITE' in os.environ:
|
|||
import sphinx_rtd_theme
|
||||
html_theme = 'sphinx_rtd_theme'
|
||||
html_theme_options = {}
|
||||
else:
|
||||
html_copy_source = False
|
||||
|
||||
|
||||
# html_theme_options = {}
|
||||
|
|
|
@ -128,6 +128,21 @@ configuration.
|
|||
instanceName = LLNG_Demo
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
|
||||
It is possible to use environment variable placeholders anywhere in
|
||||
configuration. Those placeholders will be replaced by each LLNG component
|
||||
using environment variables set locally.
|
||||
The format is: ``%SERVERENV:VariableName%``.
|
||||
To enable this feature, you must edit ``lemonldap-ng.ini`` to set
|
||||
``useServerEnv`` value in [configuration] section:
|
||||
|
||||
.. code:: ini
|
||||
|
||||
[configuration]
|
||||
useServerEnv = 1
|
||||
|
||||
|
||||
Manager API
|
||||
-----------
|
||||
|
|
|
@ -58,7 +58,7 @@ As *root:*
|
|||
|
||||
apt install aptitude
|
||||
aptitude install vim make devscripts yui-compressor git git-gui libjs-uglify coffeescript cpanminus autopkgtest pkg-perl-autopkgtest
|
||||
aptitude install libauth-yubikey-webclient-perl libnet-smtp-server-perl libtime-fake-perl libtest-output-perl libtest-pod-perl libtest-leaktrace-perl libtest-mockobject-perl uglifyjs
|
||||
aptitude install libauth-yubikey-webclient-perl libnet-smtp-server-perl libtime-fake-perl libtest-output-perl libtest-pod-perl libtest-leaktrace-perl libtest-mockobject-perl uglifyjs libdbd-sqlite3-perl libauthen-webauthn-perl libauthen-oath-perl
|
||||
|
||||
cpanm Authen::U2F Authen::U2F::Tester Crypt::U2F::Server::Simple
|
||||
|
||||
|
|
|
@ -16,19 +16,19 @@ DecryptValue plugin can be allowed or denied for specific users.
|
|||
- **Use rule**: Select which users may use this plugin
|
||||
- **Decrypt functions**: Set functions used for decrypting ciphered
|
||||
values. Each function is tested until one succeeds. Let it blank
|
||||
to use internal decrypt function.
|
||||
to use internal ``decrypt`` extended function.
|
||||
|
||||
|
||||
.. danger::
|
||||
.. attention::
|
||||
|
||||
The ciphered value is the first parameter passed to custom functions.
|
||||
|
||||
The ``Encryption key`` is passed to custom funtions as second parameter
|
||||
(see :ref:`Security settings<security-configure-security-settings>`).
|
||||
|
||||
Custom functions must be defined into
|
||||
``Lemonldap::NG::Portal::My::Plugin`` and set:
|
||||
``My::Plugin`` and set:
|
||||
|
||||
::
|
||||
|
||||
My::Plugin::function1 My::Plugin::function2
|
||||
|
||||
|
||||
|
||||
.. |image0| image:: /documentation/beta.png
|
||||
:width: 100px
|
||||
|
|
|
@ -5,109 +5,109 @@ Error codes list
|
|||
|
||||
This page references all Portal error codes.
|
||||
|
||||
.. code-block:: perl
|
||||
|
||||
PE_IDPCHOICE => -5,
|
||||
PE_SENDRESPONSE => -4,
|
||||
PE_INFO => -3,
|
||||
PE_REDIRECT => -2,
|
||||
PE_DONE => -1,
|
||||
PE_OK => 0,
|
||||
PE_SESSIONEXPIRED => 1,
|
||||
PE_FORMEMPTY => 2,
|
||||
PE_WRONGMANAGERACCOUNT => 3,
|
||||
PE_USERNOTFOUND => 4,
|
||||
PE_BADCREDENTIALS => 5,
|
||||
PE_LDAPCONNECTFAILED => 6,
|
||||
PE_LDAPERROR => 7,
|
||||
PE_APACHESESSIONERROR => 8,
|
||||
PE_FIRSTACCESS => 9,
|
||||
PE_BADCERTIFICATE => 10,
|
||||
PE_NO_PASSWORD_BE => 20,
|
||||
PE_PP_ACCOUNT_LOCKED => 21,
|
||||
PE_PP_PASSWORD_EXPIRED => 22,
|
||||
PE_CERTIFICATEREQUIRED => 23,
|
||||
PE_ERROR => 24,
|
||||
PE_PP_CHANGE_AFTER_RESET => 25,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
|
||||
PE_PP_PASSWORD_TOO_SHORT => 29,
|
||||
PE_PP_PASSWORD_TOO_YOUNG => 30,
|
||||
PE_PP_PASSWORD_IN_HISTORY => 31,
|
||||
PE_PP_GRACE => 32,
|
||||
PE_PP_EXP_WARNING => 33,
|
||||
PE_PASSWORD_MISMATCH => 34,
|
||||
PE_PASSWORD_OK => 35,
|
||||
PE_NOTIFICATION => 36,
|
||||
PE_BADURL => 37,
|
||||
PE_NOSCHEME => 38,
|
||||
PE_BADOLDPASSWORD => 39,
|
||||
PE_MALFORMEDUSER => 40,
|
||||
PE_SESSIONNOTGRANTED => 41,
|
||||
PE_CONFIRM => 42,
|
||||
PE_MAILFORMEMPTY => 43,
|
||||
PE_BADMAILTOKEN => 44,
|
||||
PE_MAILERROR => 45,
|
||||
PE_MAILOK => 46,
|
||||
PE_LOGOUT_OK => 47,
|
||||
PE_SAML_ERROR => 48,
|
||||
PE_SAML_LOAD_SERVICE_ERROR => 49,
|
||||
PE_SAML_LOAD_IDP_ERROR => 50,
|
||||
PE_SAML_SSO_ERROR => 51,
|
||||
PE_SAML_UNKNOWN_ENTITY => 52,
|
||||
PE_SAML_DESTINATION_ERROR => 53,
|
||||
PE_SAML_CONDITIONS_ERROR => 54,
|
||||
PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
|
||||
PE_SAML_SLO_ERROR => 56,
|
||||
PE_SAML_SIGNATURE_ERROR => 57,
|
||||
PE_SAML_ART_ERROR => 58,
|
||||
PE_SAML_SESSION_ERROR => 59,
|
||||
PE_SAML_LOAD_SP_ERROR => 60,
|
||||
PE_SAML_ATTR_ERROR => 61,
|
||||
PE_OPENID_EMPTY => 62,
|
||||
PE_OPENID_BADID => 63,
|
||||
PE_MISSINGREQATTR => 64,
|
||||
PE_BADPARTNER => 65,
|
||||
PE_MAILCONFIRMATION_ALREADY_SENT => 66,
|
||||
PE_PASSWORDFORMEMPTY => 67,
|
||||
PE_CAS_SERVICE_NOT_ALLOWED => 68,
|
||||
PE_MAILFIRSTACCESS => 69,
|
||||
PE_MAILNOTFOUND => 70,
|
||||
PE_PASSWORDFIRSTACCESS => 71,
|
||||
PE_MAILCONFIRMOK => 72,
|
||||
PE_RADIUSCONNECTFAILED => 73,
|
||||
PE_MUST_SUPPLY_OLD_PASSWORD => 74,
|
||||
PE_FORBIDDENIP => 75,
|
||||
PE_CAPTCHAERROR => 76,
|
||||
PE_CAPTCHAEMPTY => 77,
|
||||
PE_REGISTERFIRSTACCESS => 78,
|
||||
PE_REGISTERFORMEMPTY => 79,
|
||||
PE_REGISTERALREADYEXISTS => 80,
|
||||
PE_NOTOKEN => 81,
|
||||
PE_TOKENEXPIRED => 82,
|
||||
PE_U2FFAILED => 83,
|
||||
PE_UNAUTHORIZEDPARTNER => 84,
|
||||
PE_RENEWSESSION => 85,
|
||||
PE_WAIT => 86,
|
||||
PE_MUSTAUTHN => 87,
|
||||
PE_MUSTHAVEMAIL => 88,
|
||||
PE_SAML_SERVICE_NOT_ALLOWED => 89,
|
||||
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
|
||||
PE_OID_SERVICE_NOT_ALLOWED => 91,
|
||||
PE_GET_SERVICE_NOT_ALLOWED => 92,
|
||||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
|
||||
PE_ISSUERMISSINGREQATTR => 94,
|
||||
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
|
||||
PE_BADOTP => 96,
|
||||
PE_RESETCERTIFICATE_INVALID => 97,
|
||||
PE_RESETCERTIFICATE_FORMEMPTY => 98,
|
||||
PE_RESETCERTIFICATE_FIRSTACCESS => 99,
|
||||
PE_PP_NOT_ALLOWED_CHARACTER => 100,
|
||||
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
|
||||
PE_UPGRADESESSION => 102,
|
||||
PE_NO_SECOND_FACTORS => 103,
|
||||
PE_BAD_DEVOPS_FILE => 104,
|
||||
PE_FILENOTFOUND => 105,
|
||||
PE_OIDC_AUTH_ERROR => 106
|
||||
|
||||
```
|
||||
PE_IDPCHOICE => -5,
|
||||
PE_SENDRESPONSE => -4,
|
||||
PE_INFO => -3,
|
||||
PE_REDIRECT => -2,
|
||||
PE_DONE => -1,
|
||||
PE_OK => 0,
|
||||
PE_SESSIONEXPIRED => 1,
|
||||
PE_FORMEMPTY => 2,
|
||||
PE_WRONGMANAGERACCOUNT => 3,
|
||||
PE_USERNOTFOUND => 4,
|
||||
PE_BADCREDENTIALS => 5,
|
||||
PE_LDAPCONNECTFAILED => 6,
|
||||
PE_LDAPERROR => 7,
|
||||
PE_APACHESESSIONERROR => 8,
|
||||
PE_FIRSTACCESS => 9,
|
||||
PE_BADCERTIFICATE => 10,
|
||||
PE_NO_PASSWORD_BE => 20,
|
||||
PE_PP_ACCOUNT_LOCKED => 21,
|
||||
PE_PP_PASSWORD_EXPIRED => 22,
|
||||
PE_CERTIFICATEREQUIRED => 23,
|
||||
PE_ERROR => 24,
|
||||
PE_PP_CHANGE_AFTER_RESET => 25,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
|
||||
PE_PP_PASSWORD_TOO_SHORT => 29,
|
||||
PE_PP_PASSWORD_TOO_YOUNG => 30,
|
||||
PE_PP_PASSWORD_IN_HISTORY => 31,
|
||||
PE_PP_GRACE => 32,
|
||||
PE_PP_EXP_WARNING => 33,
|
||||
PE_PASSWORD_MISMATCH => 34,
|
||||
PE_PASSWORD_OK => 35,
|
||||
PE_NOTIFICATION => 36,
|
||||
PE_BADURL => 37,
|
||||
PE_NOSCHEME => 38,
|
||||
PE_BADOLDPASSWORD => 39,
|
||||
PE_MALFORMEDUSER => 40,
|
||||
PE_SESSIONNOTGRANTED => 41,
|
||||
PE_CONFIRM => 42,
|
||||
PE_MAILFORMEMPTY => 43,
|
||||
PE_BADMAILTOKEN => 44,
|
||||
PE_MAILERROR => 45,
|
||||
PE_MAILOK => 46,
|
||||
PE_LOGOUT_OK => 47,
|
||||
PE_SAML_ERROR => 48,
|
||||
PE_SAML_LOAD_SERVICE_ERROR => 49,
|
||||
PE_SAML_LOAD_IDP_ERROR => 50,
|
||||
PE_SAML_SSO_ERROR => 51,
|
||||
PE_SAML_UNKNOWN_ENTITY => 52,
|
||||
PE_SAML_DESTINATION_ERROR => 53,
|
||||
PE_SAML_CONDITIONS_ERROR => 54,
|
||||
PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
|
||||
PE_SAML_SLO_ERROR => 56,
|
||||
PE_SAML_SIGNATURE_ERROR => 57,
|
||||
PE_SAML_ART_ERROR => 58,
|
||||
PE_SAML_SESSION_ERROR => 59,
|
||||
PE_SAML_LOAD_SP_ERROR => 60,
|
||||
PE_SAML_ATTR_ERROR => 61,
|
||||
PE_OPENID_EMPTY => 62,
|
||||
PE_OPENID_BADID => 63,
|
||||
PE_MISSINGREQATTR => 64,
|
||||
PE_BADPARTNER => 65,
|
||||
PE_MAILCONFIRMATION_ALREADY_SENT => 66,
|
||||
PE_PASSWORDFORMEMPTY => 67,
|
||||
PE_CAS_SERVICE_NOT_ALLOWED => 68,
|
||||
PE_MAILFIRSTACCESS => 69,
|
||||
PE_MAILNOTFOUND => 70,
|
||||
PE_PASSWORDFIRSTACCESS => 71,
|
||||
PE_MAILCONFIRMOK => 72,
|
||||
PE_RADIUSCONNECTFAILED => 73,
|
||||
PE_MUST_SUPPLY_OLD_PASSWORD => 74,
|
||||
PE_FORBIDDENIP => 75,
|
||||
PE_CAPTCHAERROR => 76,
|
||||
PE_CAPTCHAEMPTY => 77,
|
||||
PE_REGISTERFIRSTACCESS => 78,
|
||||
PE_REGISTERFORMEMPTY => 79,
|
||||
PE_REGISTERALREADYEXISTS => 80,
|
||||
PE_NOTOKEN => 81,
|
||||
PE_TOKENEXPIRED => 82,
|
||||
PE_U2FFAILED => 83,
|
||||
PE_UNAUTHORIZEDPARTNER => 84,
|
||||
PE_RENEWSESSION => 85,
|
||||
PE_WAIT => 86,
|
||||
PE_MUSTAUTHN => 87,
|
||||
PE_MUSTHAVEMAIL => 88,
|
||||
PE_SAML_SERVICE_NOT_ALLOWED => 89,
|
||||
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
|
||||
PE_OID_SERVICE_NOT_ALLOWED => 91,
|
||||
PE_GET_SERVICE_NOT_ALLOWED => 92,
|
||||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
|
||||
PE_ISSUERMISSINGREQATTR => 94,
|
||||
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
|
||||
PE_BADOTP => 96,
|
||||
PE_RESETCERTIFICATE_INVALID => 97,
|
||||
PE_RESETCERTIFICATE_FORMEMPTY => 98,
|
||||
PE_RESETCERTIFICATE_FIRSTACCESS => 99,
|
||||
PE_PP_NOT_ALLOWED_CHARACTER => 100,
|
||||
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
|
||||
PE_UPGRADESESSION => 102,
|
||||
PE_NO_SECOND_FACTORS => 103,
|
||||
PE_BAD_DEVOPS_FILE => 104,
|
||||
PE_FILENOTFOUND => 105,
|
||||
PE_OIDC_AUTH_ERROR => 106
|
||||
```
|
|
@ -51,13 +51,20 @@ portal:
|
|||
- macros are used to extend (or rewrite)
|
||||
:doc:`exported variables<exportedvars>`. A macro is stored as
|
||||
attributes: it can contain boolean results or any string
|
||||
- macros can also be used to import environment variables *(these
|
||||
- macros can also be used for importing environment variables *(these
|
||||
variables are in CGI format)*. Example: ``$ENV{HTTP_COOKIE}``
|
||||
- groups are stored as a string with values separated by ''; ''
|
||||
(default values separator) in the special attribute ``groups``: it
|
||||
contains the names of groups whose rules were returned true for the
|
||||
(default multivalues separator) in the special attribute ``groups``: it
|
||||
contains names of groups whose rules were returned true for the
|
||||
current user. For example:
|
||||
|
||||
.. danger::
|
||||
|
||||
Macros can be used for rewriting or overloading exported variables
|
||||
but it can lead to some side effects. Be aware of alphabetical order
|
||||
and keep in mind that exported variables are set. Then macros and
|
||||
groups are computed.
|
||||
|
||||
.. code-block:: perl
|
||||
|
||||
$groups = group3; admin
|
||||
|
|
|
@ -18,12 +18,12 @@ This is also true for:
|
|||
|
||||
Inside this jail, you can access to:
|
||||
|
||||
* all session values and CGI environment variables (through `$ENV{<HTTP_NAME>}`)
|
||||
* All session values and CGI environment variables (through `$ENV{<HTTP_NAME>}`)
|
||||
* Core Perl subroutines (split, pop, map, etc.)
|
||||
* :doc:`Custom functions<customfunctions>`
|
||||
* The `encode_base64 <http://perldoc.perl.org/MIME/Base64.html>`__ subroutine
|
||||
* Information about current request
|
||||
* Extended functions:
|
||||
* Extended functions except basic, iso2unicode and unicode2iso:
|
||||
|
||||
* basic_
|
||||
* checkDate_
|
||||
|
@ -36,9 +36,11 @@ Inside this jail, you can access to:
|
|||
* inGroup_ (|new| in version 2.0.8)
|
||||
* isInNet6_
|
||||
* iso2unicode_
|
||||
* iso2unicodeSafe_ (|new| in version 2.0.15)
|
||||
* listMatch_ (|new| in version 2.0.7)
|
||||
* token_
|
||||
* unicode2iso_
|
||||
* unicode2isoSafe_ (|new| in version 2.0.15)
|
||||
* varIsInUri_ (|new| in version 2.0.7)
|
||||
|
||||
|
||||
|
@ -53,48 +55,71 @@ Inside this jail, you can access to:
|
|||
Extended Functions List
|
||||
-----------------------
|
||||
|
||||
date
|
||||
~~~~
|
||||
basic
|
||||
~~~~~
|
||||
|
||||
Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT
|
||||
by calling ``date(1)``
|
||||
.. attention::
|
||||
|
||||
::
|
||||
This function is not compliant with the :doc:`Safe jail<safejail>`,
|
||||
you will have to disable the jail to use it.
|
||||
|
||||
For example: date(1) lt '19551018080000'
|
||||
|
||||
dateToTime
|
||||
~~~~~~~~~~
|
||||
This function builds the ``Authorization`` HTTP header employed in
|
||||
:doc:`HTTP Basic authentication scheme<applications/authbasic>`. It will
|
||||
convert `user` and `password` parameters from UTF-8 to ISO-8859-1.
|
||||
|
||||
.. versionadded:: 2.0.12
|
||||
Functions parameters:
|
||||
|
||||
Converts a string date into epoch time.
|
||||
|
||||
The date format is the LDAP date syntax, for example for the 1st March
|
||||
2009 (GMT):
|
||||
|
||||
::
|
||||
|
||||
20090301000000Z
|
||||
|
||||
The date may end with a differential timezone that is interpreted to
|
||||
adjust the epoch time, for example for the 1st March 2009 (+0100):
|
||||
|
||||
::
|
||||
|
||||
20090301000000+0100
|
||||
- **user**
|
||||
- **password**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
dateToTime($ssoStartDate) lt dateToTime(date(1))
|
||||
basic($uid,$_password)
|
||||
|
||||
checkDate
|
||||
~~~~~~~~~
|
||||
|
||||
This function checks date of current request, and compare it to
|
||||
a start date and an end date. It returns 1 if this matches, 0 else.
|
||||
|
||||
|
||||
The date format corresponds to LDAP date syntax, for example for the 1st of March
|
||||
2009 (GMT)
|
||||
|
||||
::
|
||||
|
||||
20090301000000Z
|
||||
|
||||
|new| Since version 2.0.12, the date may end with a differential timezone,
|
||||
for example for the 1st of March 2009 (+0100):
|
||||
|
||||
::
|
||||
|
||||
20090301000000+0100
|
||||
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **start**: Start date (GMT unless, |new| since version 2.0.12, a
|
||||
differential timezone is included)
|
||||
- **end**: End date (GMT unless, |new| since version 2.0.12, a
|
||||
differential timezone is included)
|
||||
- **default_access** (optional): Which result to return if **start** and
|
||||
**end** dates are empty
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
checkDate($ssoStartDate, $ssoEndDate)
|
||||
|
||||
checkLogonHours
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
This function will check the day and the hour of current request, and
|
||||
compare it to allowed days and hours. It returns 1 if this match, 0
|
||||
This function checks the day and the hour of current request, and
|
||||
compare it to allowed days and hours. It returns 1 if matches, 0
|
||||
else. By default, the allowed days and hours is an hexadecimal
|
||||
value, representing each hour of the week. A day has 24 hours, and a
|
||||
week 7 days, so the value contains 168 bits, converted into 42
|
||||
|
@ -112,12 +137,12 @@ For example, for a full access, excepted week-end:
|
|||
You can use the binary value from the logonHours attribute of Active
|
||||
Directory, or create a custom attribute in your LDAP schema.
|
||||
|
||||
Functions parameters:
|
||||
Function parameters:
|
||||
|
||||
- **logon_hours**: string representing allowed logon hours (GMT)
|
||||
- **logon_hours**: String representing allowed logon hours (GMT)
|
||||
- **syntax** (optional): ``hexadecimal`` (default) or ``octetstring``
|
||||
- **time_correction** (optional): hours to add or to subtract
|
||||
- **default_access** (optional): what result to return if
|
||||
- **time_correction** (optional): Hours to add or to subtract
|
||||
- **default_access** (optional): Which result to return if
|
||||
**logon_hours** is empty
|
||||
|
||||
Simple usage example:
|
||||
|
@ -156,113 +181,58 @@ rejected. You can allow these users instead of reject them:
|
|||
|
||||
checkLogonHours($ssoLogonHours, '', '', '1')
|
||||
|
||||
date
|
||||
~~~~
|
||||
|
||||
checkDate
|
||||
~~~~~~~~~
|
||||
|
||||
This function will check the date of current request, and compare it to
|
||||
a start date and an end date. It returns 1 if this match, 0 else.
|
||||
|
||||
|
||||
The date format is the LDAP date syntax, for example for the 1st of March
|
||||
2009 (GMT)
|
||||
Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT
|
||||
by calling ``date(1)``
|
||||
|
||||
::
|
||||
|
||||
20090301000000Z
|
||||
For example: date(1) lt '19551018080000'
|
||||
|
||||
|new| Since version 2.0.12, the date may end with a differential timezone,
|
||||
for example for the 1st of March 2009 (+0100):
|
||||
dateToTime
|
||||
~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.12
|
||||
|
||||
Used for converting a string date into epoch time.
|
||||
|
||||
The date format is the LDAP date syntax, for example for the 1st March
|
||||
2009 (GMT):
|
||||
|
||||
::
|
||||
|
||||
20090301000000Z
|
||||
|
||||
The date may end with a differential timezone that is interpreted to
|
||||
adjust the epoch time, for example for the 1st March 2009 (+0100):
|
||||
|
||||
::
|
||||
|
||||
20090301000000+0100
|
||||
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **start**: Start date (GMT unless, |new| since version 2.0.12, a
|
||||
differential timezone is included)
|
||||
- **end**: End date (GMT unless, |new| since version 2.0.12, a
|
||||
differential timezone is included)
|
||||
- **default_access** (optional): what result to return if **start** and
|
||||
**end** are empty
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
checkDate($ssoStartDate, $ssoEndDate)
|
||||
dateToTime($ssoStartDate) lt dateToTime(date(1))
|
||||
|
||||
encrypt
|
||||
~~~~~~~
|
||||
|
||||
basic
|
||||
~~~~~
|
||||
.. tip::
|
||||
|
||||
.. attention::
|
||||
Since version 2.0, this function is now compliant with
|
||||
:doc:`Safe jail<safejail>`.
|
||||
|
||||
This function is not compliant with
|
||||
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
|
||||
it.
|
||||
|
||||
This function builds the ``Authorization`` HTTP header used in
|
||||
:doc:`HTTP Basic authentication scheme<applications/authbasic>`. It will
|
||||
force conversion from UTF-8 to ISO-8859-1 of user and password data.
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **user**
|
||||
- **password**
|
||||
|
||||
Simple usage example:
|
||||
This function uses the secret key of LL::NG configuration to crypt a data.
|
||||
This can be used for anonymizing identifier given to the protected
|
||||
application.
|
||||
|
||||
::
|
||||
|
||||
basic($uid,$_password)
|
||||
|
||||
|
||||
unicode2iso
|
||||
~~~~~~~~~~~
|
||||
|
||||
|
||||
.. attention::
|
||||
|
||||
This function is not compliant with
|
||||
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
|
||||
it.
|
||||
|
||||
This function convert a string from UTF-8 to ISO-8859-1.
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
unicode2iso($name)
|
||||
|
||||
iso2unicode
|
||||
~~~~~~~~~~~
|
||||
|
||||
|
||||
.. attention::
|
||||
|
||||
This function is not compliant with
|
||||
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
|
||||
it.
|
||||
|
||||
This function convert a string from ISO-8859-1 to UTF-8.
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
iso2unicode($name)
|
||||
encrypt($_whatToTrace)
|
||||
|
||||
groupMatch
|
||||
~~~~~~~~~~
|
||||
|
@ -316,6 +286,71 @@ Example::
|
|||
|
||||
$_2fDevices =~ /"type":\s*"TOTP"/s
|
||||
|
||||
inGroup
|
||||
~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.8
|
||||
|
||||
This function lets you test if the user is in a given group. It is
|
||||
case-insensitive.
|
||||
|
||||
Usage example:
|
||||
|
||||
::
|
||||
|
||||
inGroup('admins')
|
||||
|
||||
inGroup('test users')
|
||||
|
||||
The function returns 1 if the user belongs to the given group, and 0 if
|
||||
they don't.
|
||||
|
||||
isInNet6
|
||||
~~~~~~~~
|
||||
|
||||
Function to check if an IPv6 address is in a subnet. Example *check if
|
||||
IP address is local*:
|
||||
|
||||
.. code-block:: perl
|
||||
|
||||
isInNet6($ipAddr, 'fe80::/10')
|
||||
|
||||
iso2unicode
|
||||
~~~~~~~~~~~
|
||||
|
||||
.. attention::
|
||||
|
||||
This function is not compliant with :doc:`Safe jail<safejail>`.
|
||||
You will have to disable the jail to use it.
|
||||
|
||||
This function converts a string from ISO-8859-1 to UTF-8.
|
||||
|
||||
Function parameter:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
iso2unicode($name)
|
||||
|
||||
iso2unicodeSafe
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
This function converts a string from ISO-8859-1 to UTF-8
|
||||
but it is not as portable as the original one.
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
iso2unicodeSafe($name)
|
||||
|
||||
.. _listMatch:
|
||||
|
||||
listMatch
|
||||
|
@ -346,42 +381,6 @@ Simple usage example:
|
|||
The function returns 1 if the value was found, and 0 if it was not
|
||||
found.
|
||||
|
||||
inGroup
|
||||
~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.8
|
||||
|
||||
This function lets you test if the user is in a given group. It is
|
||||
case-insensitive.
|
||||
|
||||
Usage example:
|
||||
|
||||
::
|
||||
|
||||
inGroup('admins')
|
||||
|
||||
inGroup('test users')
|
||||
|
||||
The function returns 1 if the user belongs to the given group, and 0 if
|
||||
they don't.
|
||||
|
||||
encrypt
|
||||
~~~~~~~
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
Since version 2.0, this function is now compliant with
|
||||
:doc:`Safe jail<safejail>`.
|
||||
|
||||
This function uses the secret key of LLNG configuration to crypt a data.
|
||||
This can be used for anonymizing identifier given to the protected
|
||||
application.
|
||||
|
||||
::
|
||||
|
||||
encrypt($_whatToTrace)
|
||||
|
||||
token
|
||||
~~~~~
|
||||
|
||||
|
@ -392,16 +391,6 @@ This function generates token used for
|
|||
|
||||
token($_session_id,'webapp1.example.com','webapp2.example.com')
|
||||
|
||||
isInNet6
|
||||
~~~~~~~~
|
||||
|
||||
Function to check if an IPv6 address is in a subnet. Example *check if
|
||||
IP address is local*:
|
||||
|
||||
.. code-block:: perl
|
||||
|
||||
isInNet6($ipAddr, 'fe80::/10')
|
||||
|
||||
varIsInUri
|
||||
~~~~~~~~~~
|
||||
|
||||
|
@ -433,3 +422,39 @@ Example *check if $uid is in /check-auth/ URI*:
|
|||
:width: 35px
|
||||
.. |image1| image:: /documentation/new.png
|
||||
:width: 35px
|
||||
|
||||
unicode2iso
|
||||
~~~~~~~~~~~
|
||||
|
||||
.. attention::
|
||||
|
||||
This function is not compliant with :doc:`Safe jail<safejail>`.
|
||||
You will have to disable the jail to use it.
|
||||
|
||||
This function convert a string from UTF-8 to ISO-8859-1.
|
||||
|
||||
Function parameter:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
unicode2iso($name)
|
||||
|
||||
unicode2isoSafe
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
This function convert a string from UTF-8 to ISO-8859-1
|
||||
but it is not as portable as the original one.
|
||||
|
||||
Function parameter:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
unicode2isoSafe($name)
|
|
@ -30,6 +30,9 @@ All parameters are configured in "General Parameters » Portal Parameters
|
|||
/ Verification to an external provider. You must also use *$code*
|
||||
which is the value entered by user; Example:
|
||||
``/usr/local/bin/verify --uid $uid --code $code``
|
||||
- **Re-send interval**: Set this to a non-empty value to allow the user to
|
||||
re-send the code in case a transmission error occured. The value sets how
|
||||
many seconds the user has to wait before each attempt
|
||||
- **Authentication level** (Optional): if you want to overwrite the
|
||||
value sent by your authentication module, you can define here the new
|
||||
authentication level. Example: 5
|
||||
|
|
|
@ -178,6 +178,61 @@ Sample code::
|
|||
}
|
||||
|
||||
|
||||
oidcGotOnlineRefresh
|
||||
~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
This hook is triggered when LemonLDAP::NG handles a Refresh Token grant for an
|
||||
online session
|
||||
|
||||
The hook's parameters are:
|
||||
|
||||
* the configuration key of the relying party which received the grant
|
||||
* A hash of session data for the (internal) Refresh Token session
|
||||
* A hash of the user's session data
|
||||
|
||||
Sample code::
|
||||
|
||||
use constant hook => {
|
||||
oidcGotOnlineRefresh => 'logRefresh',
|
||||
};
|
||||
|
||||
sub logRefresh {
|
||||
my ( $self, $req, $rp, $refreshInfo, $sessionInfo ) = @_;
|
||||
my $uid = $sessionInfo->{uid};
|
||||
$self->userLogger->info("OIDC application $rp requested a new access token for $uid");
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
oidcGotOfflineRefresh
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
This hook is triggered when LemonLDAP::NG handles a Refresh Token grant for an
|
||||
offline session
|
||||
|
||||
The hook's parameters are:
|
||||
|
||||
* the configuration key of the relying party which received the grant
|
||||
* A hash of session data for the (internal) Refresh Token session, which also
|
||||
contains user attributes
|
||||
|
||||
Sample code::
|
||||
|
||||
use constant hook => {
|
||||
oidcGotOfflineRefresh => 'logRefreshOffline',
|
||||
};
|
||||
|
||||
sub logRefreshOffline {
|
||||
my ( $self, $req, $rp, $refreshInfo ) = @_;
|
||||
my $uid = $refreshInfo->{uid};
|
||||
$self->userLogger->info("OIDC application $rp used offline access for $uid");
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
|
||||
SAML Issuer hooks
|
||||
-----------------
|
||||
|
||||
|
|
|
@ -340,6 +340,8 @@ Options
|
|||
|
||||
- **Logout**
|
||||
|
||||
- **Bypass confirm**: Bypass logout confirmation when logout is initiated
|
||||
by relaying party
|
||||
- **Allowed redirection addresses for logout**: A space-separated list of
|
||||
URLs that this client can redirect the user to once the logout is done
|
||||
(through ``post_logout_redirect_uri``)
|
||||
|
|
|
@ -28,5 +28,6 @@ Plugins
|
|||
resetpassword
|
||||
resetcertificate
|
||||
restservices
|
||||
restauthuserpwdbackend
|
||||
soapservices
|
||||
stayconnected
|
||||
|
|
|
@ -6,6 +6,7 @@ Portal configuration
|
|||
|
||||
portal
|
||||
portalcustom
|
||||
jqueryevents
|
||||
portalmenu
|
||||
portalservers
|
||||
captcha
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
Available JQuery Events
|
||||
========================
|
||||
|
||||
Some portal functions (such as 2FA registration) are performed by Javascript.
|
||||
|
||||
We offer a few custom events that let you react to certain high-level Javascript events
|
||||
|
||||
Second factor management
|
||||
------------------------
|
||||
|
||||
mfaAdded
|
||||
~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
This event is triggered when a TOTP, WebAuthn or U2F device is registered
|
||||
|
||||
Sample code:
|
||||
|
||||
.. code:: javascript
|
||||
|
||||
$(document).on( "mfaAdded", { }, function( event, info ) {
|
||||
console.log( "Added MFA of type" + info.type );
|
||||
// Your code here
|
||||
});
|
||||
|
||||
|
||||
mfaDeleted
|
||||
~~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
This event is triggered when a TOTP, WebAuthn or U2F device is removed
|
||||
|
||||
Sample code:
|
||||
|
||||
.. code:: javascript
|
||||
|
||||
$(document).on( "mfaDeleted", { }, function( event, info ) {
|
||||
console.log( "Removed MFA of type" + info.type );
|
||||
// Your code here
|
||||
});
|
|
@ -45,6 +45,9 @@ Mail second factor".
|
|||
- **Mail body**: The plain text content of the email the user will
|
||||
receive. If you leave it blank, the ``mail_2fcode`` HTML template
|
||||
will be used. The one-time code is stored in the ``$code`` variable
|
||||
- **Re-send interval**: Set this to a non-empty value to allow the user to
|
||||
re-send the code in case a transmission error occured. The value sets how
|
||||
many seconds the user has to wait before each attempt
|
||||
- **Authentication level** (Optional): if you want to overwrite the
|
||||
value sent by your authentication module, you can define here the new
|
||||
authentication level. Example: 5
|
||||
|
|
|
@ -12,13 +12,13 @@ Examples
|
|||
|
||||
**Important things**:
|
||||
|
||||
- The above examples below are written for version 0.6.0 in CommonJS
|
||||
but Node.js handler can be used in ES7 and/or Typescript code
|
||||
- Rules and headers must be written in javascript for these hosts
|
||||
(example ``$uid eq "dwho"`` becomes ``$uid === "dwho"``)
|
||||
- Multi-lines are not supported in lemonldap-ng.ini
|
||||
- Virtualhosts handled by node-lemonldap-ng-handler must be explicitly
|
||||
declared in your ``lemonldap-ng.ini`` file in ``[node-handler]``
|
||||
section (**NB**: section ``[handler]`` isn't used by node
|
||||
handler):
|
||||
section
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
|
@ -40,12 +40,14 @@ FastCGI server
|
|||
configStorage: {
|
||||
"confFile": "/path/to/lemonldap-ng.ini"
|
||||
}
|
||||
});
|
||||
}).then( () => {
|
||||
|
||||
handler.nginxServer({
|
||||
"mode": "fcgi", // or "http", default: fcgi
|
||||
"port": 9090, // default value
|
||||
"ip": 'localhost' // default value
|
||||
});
|
||||
|
||||
handler.nginxServer({
|
||||
"mode": "fcgi", // or "http", default: fcgi
|
||||
"port": 9090, // default value
|
||||
"ip": 'localhost' // default value
|
||||
});
|
||||
|
||||
Nginx configuration
|
||||
|
@ -98,16 +100,17 @@ Use it to protect an express app
|
|||
configStorage: {
|
||||
"confFile":"test/lemonldap-ng.ini"
|
||||
}
|
||||
});
|
||||
|
||||
// and load it
|
||||
app.use(handler.run);
|
||||
|
||||
// Then simply use your express app
|
||||
app.get('/', function(req, res) {
|
||||
return res.send('Hello ' + req.headers['Auth-User'] + ' !');
|
||||
});
|
||||
app.listen(3000, function() {
|
||||
return console.log('Example app listening on port 3000!');
|
||||
}).then( () => {
|
||||
|
||||
// and load it
|
||||
app.use(handler.run);
|
||||
|
||||
// Then simply use your express app
|
||||
app.get('/', function(req, res) {
|
||||
return res.send('Hello ' + req.headers['Auth-User'] + ' !');
|
||||
});
|
||||
app.listen(3000, function() {
|
||||
return console.log('Example app listening on port 3000!');
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
@ -10,9 +10,10 @@ Issuer identifier
|
|||
~~~~~~~~~~~~~~~~~
|
||||
|
||||
Set the issuer identifier, which should be the portal URL.
|
||||
|
||||
For example: http://auth.example.com
|
||||
|
||||
Set a blank value to use Portal URL.
|
||||
|
||||
Endpoints
|
||||
~~~~~~~~~~
|
||||
|
||||
|
|
|
@ -562,6 +562,7 @@ sfEngine Second factor engine
|
|||
sfExtra Extra second factors ✔
|
||||
sfManagerRule Rule to display second factor Manager link ✔
|
||||
sfOnlyUpgrade Only trigger second factor on session upgrade ✔
|
||||
sfLoginTimeout Timeout for 2F login process ✔
|
||||
sfRegisterTimeout Timeout for 2F registration process ✔
|
||||
sfRemovedMsgRule Display a message if at leat one expired SF has been removed ✔
|
||||
sfRemovedNotifMsg Notification message ✔
|
||||
|
|
|
@ -15,13 +15,25 @@ Portal > Customization > Main logo.
|
|||
|
||||
A blank value disables Main logo display.
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
- Logo files must be stored in lemonldap-ng-portal/site/htdocs/static/my/path directory
|
||||
- Logo file path must be like my/path/logo.png
|
||||
- Main logo is included in Portal templates AND mail body
|
||||
|
||||
Favicon
|
||||
~~~~~~~
|
||||
|
||||
You can change the default favicon in Manager: General Parameters >
|
||||
Portal > Customization > Favicon.
|
||||
|
||||
A blank value displays default favicon ``common/favicon.ico``.
|
||||
|
||||
.. tip::
|
||||
|
||||
- Logo files must be stored in lemonldap-ng-portal/site/htdocs/static/my/path directory
|
||||
- Logo file path must be like my/path/logo.ico
|
||||
|
||||
Show languages choice
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
@ -33,12 +45,18 @@ Option enabled by default.
|
|||
|
||||
.. tip::
|
||||
|
||||
|
||||
|
||||
If languages choice is disabled, Portal displays accepted languages by
|
||||
your browser (EN by default).
|
||||
|
||||
|
||||
Scroll to top button
|
||||
~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
You can display a button to go to back to the top after <value> pixels scrolling.
|
||||
|
||||
.. tip::
|
||||
|
||||
A blank or null value disable this feature.
|
||||
|
||||
Custom CSS file
|
||||
~~~~~~~~~~~~~~~
|
||||
|
@ -202,6 +220,12 @@ To change CSS, two options:
|
|||
|
||||
<link href="<TMPL_VAR NAME="STATIC_PREFIX">myskin/css/myskin.css" rel="stylesheet" type="text/css" />
|
||||
|
||||
To add custom JS, create a new file in myskin/js/custom.js and load it in customhead.tpl ::
|
||||
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/js/custom.js"></script>
|
||||
|
||||
In this file, you can access JQuery functions, and hook your code to :doc:`JQuery events <jqueryevents>`
|
||||
|
||||
Put then all custom HTML code in the custom template files.
|
||||
|
||||
To configure your new skin in Manager, select the custom skin, and enter
|
||||
|
@ -361,7 +385,7 @@ Password Policy
|
|||
- **Minimal upper characters**: leave 0 to bypass the check
|
||||
- **Minimal digit characters**: leave 0 to bypass the check
|
||||
- **Minimal special characters**: leave 0 to bypass the check
|
||||
- **Allowed special characters**: set '__ALL__' value to allow ALL special characters. A blanck value forbids ALL special characters (Note that ``_`` is not a special character)
|
||||
- **Allowed special characters**: set '__ALL__' value to allow ALL special characters. A blank value forbids ALL special characters (Note that ``_`` is not a special character)
|
||||
|
||||
.. _portalcustom-other-parameters:
|
||||
|
||||
|
|
|
@ -95,6 +95,8 @@ Second factor
|
|||
|
||||
- Crypt::U2F::Server::Simple (U2F keys)
|
||||
- Convert::Base32 (TOTP)
|
||||
- Authen::WebAuthn (FIDO2 WebAuthen)
|
||||
- Authen::OATH (OTP)
|
||||
|
||||
Specific authentication backends
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
@ -138,6 +140,7 @@ Unit tests
|
|||
- Authen::U2F::Tester
|
||||
- Crypt::U2F::Server
|
||||
- Test::MockObject
|
||||
- DBD::SQLite
|
||||
- Test::Output
|
||||
- Test::POD
|
||||
- Time::Fake
|
||||
|
|
|
@ -84,8 +84,6 @@ Then go in Manager, ``General Parameters`` » ``Plugins`` »
|
|||
- **Display generate password box**: display a checkbox to allow
|
||||
user to generate a new password instead of choosing one (default:
|
||||
disabled)
|
||||
|
||||
::
|
||||
|
||||
* **Regexp for password generation**: Regular expression used to generate the password (default: [A-Z]{3}[a-z]{5}.\d{2})
|
||||
- **Regexp for password generation**: Regular expression used to generate the password. Set a blank value to use
|
||||
password policy if enabled or default regexp will be employed: [A-Z]{3}[a-z]{5}.\d{2}
|
||||
|
||||
|
|
|
@ -12,11 +12,17 @@ All parameters are set in "General Parameters » Portal Parameters »
|
|||
Second Factors » REST 2nd Factor".
|
||||
|
||||
- **Activation**
|
||||
- **Code regex**: regular expression to create an OTP code. If this option is
|
||||
set, LemonLDAP::NG will generate the code and send it through the Init URL,
|
||||
then verify it internally.
|
||||
- **Init URL** *(optional)*: REST URL to initialize dialog *(send
|
||||
OTP)*. Leave it blank if your API doesn't need any initialization
|
||||
- **Init arguments**: list of arguments to send *(see below)*
|
||||
- **Verify URL** *(required)*: REST URL to verify code
|
||||
- **Verify arguments**: list of arguments to send *(see below)*
|
||||
- **Re-send interval**: Set this to a non-empty value to allow the user to
|
||||
re-send the code in case a transmission error occured. The value sets how
|
||||
many seconds the user has to wait before each attempt
|
||||
- **Authentication level** (Optional): if you want to overwrite the
|
||||
value sent by your authentication module, you can define here the new
|
||||
authentication level. Example: 5
|
||||
|
@ -31,20 +37,31 @@ Arguments are a list of key/value. Key is the name of JSON entry, value
|
|||
is attribute or macro name.
|
||||
|
||||
|
||||
.. attention::
|
||||
|
||||
For Verify URL, you should send ``$code`` at least
|
||||
|
||||
REST Dialog
|
||||
REST Dialog
|
||||
-----------
|
||||
|
||||
|
||||
REST web services have just to reply with a "result" key in a JSON file.
|
||||
Auth/UserDB can add an "info" array. It will be stored in session data
|
||||
(without reading "Exported variables").
|
||||
|
||||
If *Code regex* is set
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
========== ================================================ ====================================
|
||||
URL Query Response
|
||||
========== ================================================ ====================================
|
||||
Init URL JSON file: ``{"user":$user,...}`` JSON file: ``{"result":true/false}``
|
||||
Verify URL JSON file: ``{"user":$user,"code":"$code",...}`` JSON file: ``{"result":true/false}``
|
||||
Init URL JSON body: ``{"user":$user,"code":"$code",...}`` JSON body: ``{"result":true/false}``
|
||||
========== ================================================ ====================================
|
||||
|
||||
The Verify URL is not called, since the code is checked against the internally saved value
|
||||
|
||||
If *Code regex* is not set
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
========== ================================================ ====================================
|
||||
URL Query Response
|
||||
========== ================================================ ====================================
|
||||
Init URL JSON body: ``{"user":$user,...}`` JSON body: ``{"result":true/false}``
|
||||
Verify URL JSON body: ``{"user":$user,"code":"$code",...}`` JSON body: ``{"result":true/false}``
|
||||
========== ================================================ ====================================
|
||||
|
|
|
@ -0,0 +1,90 @@
|
|||
REST auth/user/password backend
|
||||
===============================
|
||||
|
||||
LL::NG Portal provides REST end points for auth/user/password:
|
||||
|
||||
- POST /proxy/pwdConfirm: check password
|
||||
- POST /proxy/getUser: get user data
|
||||
- POST /proxy/pwdReset: update password
|
||||
|
||||
These end points can be used to connect another LemonLDAP::NG server using :doc:`REST authentication backend<authrest>`.
|
||||
|
||||
API
|
||||
---
|
||||
|
||||
Password confirm
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
POST a JSON structure with ``user`` and ``password``.
|
||||
It will return a JSON structure with ``result`` parameter (``true`` or ``false``).
|
||||
|
||||
Request:
|
||||
|
||||
.. code::
|
||||
|
||||
curl -H "Accept: application/json" -d '{"user":"dwho","password":"dwho"}' https://auth.example.com/proxy/pwdConfirm
|
||||
|
||||
Response:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{"result":true}
|
||||
|
||||
Get user data
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
POST a JSON structure with ``user``.
|
||||
It will return a JSON structure with ``result`` and ``info`` parameters.
|
||||
|
||||
Request:
|
||||
|
||||
.. code::
|
||||
|
||||
curl -H "Accept: application/json" -d '{"user":"rtyler"}' https://auth.example.com/proxy/getUser
|
||||
|
||||
Response:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{"info":{"_utime":1651055131,"hGroups":{"users":{"name":"users"},"earthlings":{"name":"earthlings"}},"ipAddr":"127.0.0.1","_auth":"Demo","_url":null,"uid":"rtyler","mail":"rtyler@badwolf.org","_userDB":"Demo","_startTime":"20220427122531","UA":"curl/7.68.0","cn":"Rose Tyler","_user":"rtyler","_language":"en","groups":"users; earthlings","_whatToTrace":"rtyler"},"result":true}
|
||||
|
||||
Update password
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
POST a JSON structure with ``user`` or ``mail`` and ``password``.
|
||||
It will return a JSON structure with ``result`` parameter.
|
||||
|
||||
Request:
|
||||
|
||||
.. code::
|
||||
|
||||
curl -H "Accept: application/json" -d '{"user":"rtyler","password":"secret"}' https://auth.example.com/proxy/pwdReset
|
||||
|
||||
Response:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{"result":true}
|
||||
|
||||
Setup
|
||||
-----
|
||||
|
||||
Manager
|
||||
~~~~~~~
|
||||
|
||||
First, activate REST in ``General parameters`` » ``Plugins`` »
|
||||
``Portal servers`` » ``REST authentication server`` and ``REST password reset server``.
|
||||
|
||||
Apache
|
||||
~~~~~~
|
||||
|
||||
REST end points access must be allowed in Apache portal
|
||||
configuration (for example, access by IP range):
|
||||
|
||||
.. code-block:: apache
|
||||
|
||||
# REST/SOAP functions for proxy auth and password reset (disabled by default)
|
||||
<Location /index.fcgi/proxy>
|
||||
Require ip 192.168.2.0/24
|
||||
</Location>
|
||||
|
|
@ -21,6 +21,9 @@ example:
|
|||
|
||||
$env->{HTTP_ACCEPT} !~ m:application/json:
|
||||
|
||||
|
||||
Another solution is using the :doc:`REST auth/user/password backend<restauthuserpwdbackend>`.
|
||||
|
||||
API
|
||||
^^^
|
||||
|
||||
|
@ -46,7 +49,8 @@ The JSON response fields are:
|
|||
- ``error``: error code, the corresponding error can be found in
|
||||
:doc:`Portal error codes<error_codes>`
|
||||
- ``id``: if authentication succeed, the session id is returned in this
|
||||
field
|
||||
field. This id is not returned if you call the REST endpoint with the
|
||||
session cookie (which means you are already authenticated).
|
||||
|
||||
|
||||
.. tip::
|
||||
|
@ -59,7 +63,7 @@ The JSON response fields are:
|
|||
|
||||
Before version 2.0.4, the response to a success
|
||||
authentication had no ``id`` field, and ``error`` field was named
|
||||
``code`` (use Cookie header to get id value).
|
||||
``code``.
|
||||
|
||||
Example
|
||||
^^^^^^^
|
||||
|
|
|
@ -76,10 +76,19 @@ of doing a complete reauthentication.
|
|||
|
||||
.. |beta| image:: /documentation/beta.png
|
||||
|
||||
Login timeout
|
||||
-------------
|
||||
|
||||
Allowed time for the user to authenticate using their second factor. By default
|
||||
it is set to 2 minutes, but some complex second factor types (TOTP, email...)
|
||||
may require more time to be used.
|
||||
|
||||
Registration timeout
|
||||
--------------------
|
||||
|
||||
Allowed time to register a TOTP.
|
||||
Allowed time for the user to register their new second factor. By default it is
|
||||
set to 2 minutes, but some complex second factor types (TOTP...) may require
|
||||
more time to be registered.
|
||||
|
||||
Second factor expiration
|
||||
------------------------
|
||||
|
|
|
@ -310,7 +310,7 @@ Go in Manager, ``General parameters`` » ``Advanced parameters`` »
|
|||
authentication renewal cannot be forced, used to prevent to loose the
|
||||
current authentication during the main process. If you experience
|
||||
slow network performances, you can increase this value.
|
||||
- **Encryption key**: key used to crypt some data, should not be known
|
||||
- **Encryption key**: key used for crypting some data, should not be known
|
||||
by other applications
|
||||
- **Trusted domains**: domains on which the user can be redirected
|
||||
after login on portal.
|
||||
|
|
|
@ -5,16 +5,16 @@ In modern applications, web application may need to request some other
|
|||
web applications on behalf of the authenticated users. There are three
|
||||
ways to do this:
|
||||
|
||||
- the Ugly : provide to all applications SSO cookie. Not secured
|
||||
- the Ugly: provide to all applications SSO cookie. Not secured
|
||||
because SSO cookie can be caught and used everywhere, every time by
|
||||
everyone!!! **NOT RECOMMENDED**.
|
||||
- the Bad (:doc:`Secure Token Handler<securetoken>`)
|
||||
: **Deprecated**. Can be used in specific cases
|
||||
- the Good (Service Token Handler): See below ! (Thanks Sergio...)
|
||||
- the Bad (:doc:`Secure Token Handler<securetoken>`): **Deprecated**.
|
||||
Should be used for specific cases
|
||||
- the Good (Service Token Handler): See below! (Thanks Sergio...)
|
||||
|
||||
The "Bad" method consists to give the token (cookie value) to WebApp1
|
||||
which uses it as cookie header in its request. Since 2.0 version, LL::NG
|
||||
gives a better way (the Good !) to do this by using limited scope
|
||||
gives a better way (the Good!) to do this by using limited scope
|
||||
tokens.
|
||||
|
||||
Tokens are time limited (30 seconds by default) and URL restricted.
|
||||
|
@ -24,22 +24,22 @@ Tokens are time limited (30 seconds by default) and URL restricted.
|
|||
Webapp1 handler configuration
|
||||
-----------------------------
|
||||
|
||||
Select **Main** handler type to protect WebApp1 and insert a header
|
||||
named **X-Llng-Token** filled with this value:
|
||||
Select **Main** handler type to protect WebApp1 and append a header containing:
|
||||
|
||||
.. code-block:: perl
|
||||
|
||||
token( $_session_id, 'webapp2.example.com', 'webapp3.example.com', 'serviceHeader1=webapp1.example.com', "testHeader=$uid" )
|
||||
|
||||
WebApp1 can read this header and use it in its requests by setting the
|
||||
``X-Llng-Token`` header. The token is built by using the session ID and
|
||||
authorized virtualhosts list. By default, the Service Token is only
|
||||
available during 30 seconds and for specified virtualhosts. The token
|
||||
can be use to send service headers to webapp2 like origin host by
|
||||
example.
|
||||
``X-LLNG-TOKEN`` header. The token is built by using the ``token`` extended
|
||||
with session ID and authorized virtualhosts list parameters. A Service Token is valide
|
||||
for the specified virtual hosts only and during 30 seconds by default. It can also be
|
||||
used for sending service headers (headerName1=headerValue1) to requested
|
||||
apps. Can be useful to send the origin host by example. Service headers are
|
||||
sent to ALL requested applications.
|
||||
|
||||
You can set ServiceToken TTL in the virtualHost options in Manager for
|
||||
each required virtualHost.
|
||||
You can set Service Token TTL by editing virtualHost options in Manager
|
||||
for each requested virtualHost.
|
||||
|
||||
You can also set ServiceToken default timeout (30 seconds) by editing
|
||||
``lemonldap-ng.ini`` in section [handler]:
|
||||
|
@ -58,7 +58,7 @@ Webapp2 handler configuration
|
|||
-----------------------------
|
||||
|
||||
Change handler type to **ServiceToken**. So it is able to manage both
|
||||
user and server connections. And that's all !
|
||||
user and server connections. And that's all!
|
||||
|
||||
.. |Kinematic| image:: documentation/server_to_server.png
|
||||
|
||||
|
|
|
@ -288,7 +288,7 @@ Name Description
|
|||
:doc:`Context switching<contextswitching>` [7]_\ |new| Switch context other users
|
||||
:doc:`CrowdSec<crowdsec>` [8]_\ |new| CrowdSec bouncer
|
||||
:doc:`Custom<plugincustom>` Write a custom plugin
|
||||
:doc:`Decrypt value<decryptvalue>` [9]_\ |beta| Decrypt ciphered values
|
||||
:doc:`Decrypt value<decryptvalue>` [9]_\ Decrypt ciphered values
|
||||
:doc:`Display login history<loginhistory>` Display Success/Fails logins
|
||||
:doc:`Force Authentication<forcereauthn>` Force authentication to access to Portal
|
||||
:doc:`Global Logout<globallogout>` [10]_ Suggest to close all opened sessions at logout
|
||||
|
|
|
@ -47,8 +47,26 @@ In the manager (advanced parameters), you just have to enable it:
|
|||
TOTP
|
||||
- **Issuer name** (Optional): default to portal hostname
|
||||
- **Interval**: interval for TOTP algorithm (default: 30)
|
||||
- **Range of attempts**: number of additional intervals to test (default: 1)
|
||||
|
||||
.. warning::
|
||||
|
||||
Many mobile applications only support the default value
|
||||
|
||||
- **Range of attempts**: number of additional intervals to test (default: 1).
|
||||
Use this settings if your server and phone clocks are not perfectly in sync,
|
||||
at the cost of weaker security.
|
||||
|
||||
.. note::
|
||||
|
||||
Range is tested backward and forward to prevent
|
||||
positive or negative clock drift.
|
||||
|
||||
- **Number of digits**: number of digit by codes (default: 6)
|
||||
|
||||
.. warning::
|
||||
|
||||
Many mobile applications only support the default value
|
||||
|
||||
- **Authentication level**: you can overwrite here auth level for TOTP
|
||||
registered users. Leave it blank keeps auth level provided by first
|
||||
authentication module *(default: 2 for user/password based modules)*.
|
||||
|
|
|
@ -26,6 +26,81 @@ Known regressions in the latest released version
|
|||
|
||||
None
|
||||
|
||||
2.0.15
|
||||
------
|
||||
|
||||
New Captcha API
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
It is now possible to create your own Captcha modules to replace the one provided by default.
|
||||
|
||||
In order for custom Captcha modules to work, you need to modify your custom ``standardform.tpl``, ``mail.tpl`` and ``register.tpl`` template files:
|
||||
|
||||
.. code:: diff
|
||||
|
||||
- <TMPL_IF NAME=CAPTCHA_SRC>
|
||||
- <TMPL_INCLUDE NAME="captcha.tpl">
|
||||
+ <TMPL_IF NAME=CAPTCHA_HTML>
|
||||
+ <TMPL_VAR NAME=CAPTCHA_HTML>
|
||||
</TMPL_IF>
|
||||
|
||||
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
|
||||
|
||||
Re-send 2FA code
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
The :doc:`mail <mail2f>`, :doc:`external <external2f>` and :doc:`REST <rest2f>` based 2FA types can now re-send the user code if delivery failed for some reason. If you use custom templates, you must update ``ext2fcheck.tpl``
|
||||
|
||||
.. code:: diff
|
||||
|
||||
--- a/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
|
||||
+++ b/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
|
||||
@@ -26,6 +26,12 @@
|
||||
</button>
|
||||
</div>
|
||||
<div class="buttons">
|
||||
+ <TMPL_IF "RESENDTARGET">
|
||||
+ <button type="submit" class="btn btn-primary" formaction="<TMPL_VAR "RESENDTARGET">">
|
||||
+ <span class="fa fa-repeat"></span>
|
||||
+ <span trspan="resendCode">Re-send code</span>
|
||||
+ </button>
|
||||
+ </TMPL_IF>
|
||||
<a href="<TMPL_VAR NAME="PORTAL_URL">?cancel=1&skin=<TMPL_VAR NAME="SKIN">" class="btn btn-primary" role="button">
|
||||
<span class="fa fa-home"></span>
|
||||
<span trspan="cancel">Cancel</span>
|
||||
|
||||
|
||||
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
|
||||
|
||||
Customizing the 2FA logo in the registration screen
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The 2FA registration screen now displays the custom logo and label set in configuration. If you use custom templates, you should update ``2fregisters.tpl``
|
||||
|
||||
.. code:: diff
|
||||
|
||||
@@ -77,10 +77,16 @@
|
||||
<div class="card border-secondary">
|
||||
<div class="card-body py-3">
|
||||
<a href="<TMPL_VAR NAME="URL">" class="nodecor">
|
||||
- <img src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/<TMPL_VAR NAME="LOGO">" alt="<TMPL_VAR NAME="CODE">2F" title="<TMPL_VAR NAME="CODE">2F" />
|
||||
+ <img src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/<TMPL_VAR NAME="LOGO">" alt="<TMPL_VAR NAME="CODE">2f" title="<TMPL_VAR NAME="LABEL">" />
|
||||
</a>
|
||||
</div>
|
||||
- <div class="card-footer text-white text-uppercase bg-secondary"><TMPL_VAR NAME="CODE">2F</div>
|
||||
+ <div class="card-footer text-white text-uppercase bg-secondary">
|
||||
+ <TMPL_IF LABEL>
|
||||
+ <p><TMPL_VAR NAME="LABEL"></p>
|
||||
+ <TMPL_ELSE>
|
||||
+ <p trspan="<TMPL_VAR NAME="CODE">2f"></p>
|
||||
+ </TMPL_IF>
|
||||
+ </div>
|
||||
</div>
|
||||
</div>
|
||||
</TMPL_LOOP>
|
||||
|
||||
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
|
||||
|
||||
2.0.14
|
||||
------
|
||||
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
Use an outgoing proxy
|
||||
=====================
|
||||
|
||||
For some protocols, LL::NG has to directly contact the external server.
|
||||
For some protocols, LemonLDAP::NG has to directly contact the external server.
|
||||
This is the case for example with CAS authentication (validation of
|
||||
service ticket) or OpenID Connect authentication (access to token
|
||||
endpoint and userinfo endpoint).
|
||||
|
||||
If the LL::NG server needs a proxy for outgoing connections, then you
|
||||
need to configure some environment variables.
|
||||
need to configure some environment variables. By default, only connections
|
||||
to external systems (CAS, OIDC, etc.) are done through the proxy, while HTTP
|
||||
connections in between LemonLDAP::NG components are not.
|
||||
|
||||
Apache
|
||||
------
|
||||
|
@ -21,6 +23,11 @@ In Apache configuration, set:
|
|||
# on Centos7, you need LWP::Protocol::connect
|
||||
# FcgidInitialEnv https_proxy connect://X.X.X.X:X
|
||||
|
||||
# Optional: use this to force ALL http connections to go
|
||||
# through the proxy. This is only useful in some scenarios
|
||||
# FcgidInitialEnv PERL_LWP_ENV_PROXY 1
|
||||
# FcgidInitialEnv no_proxy <urls-without-proxy>
|
||||
|
||||
Nginx/FastCGI
|
||||
-------------
|
||||
|
||||
|
@ -33,3 +40,8 @@ add in ``/etc/default/lemonldap-ng-fastcgi-server`` :
|
|||
# on Centos7, you need LWP::Protocol::connect
|
||||
# https_proxy=connect://X.X.X.X:X
|
||||
|
||||
# Optional: use this to force ALL http connections to go
|
||||
# through the proxy. This is only useful in some scenarios
|
||||
# PERL_LWP_ENV_PROXY=1
|
||||
# no_proxy=<urls-without-proxy>
|
||||
|
||||
|
|
|
@ -46,6 +46,7 @@ Key Description
|
|||
\_auth Authentication module
|
||||
\_userDB User module
|
||||
\_passwordDB Password module
|
||||
\_2f Second factor (if 2FA was used)
|
||||
\_issuerDB Issuer module (can be multivalued)
|
||||
\_authChoice User choice done if :doc:`authentication choice<authchoice>` was used
|
||||
\_authMulti Full name of authentication module (with ``#label``) used in Multi
|
||||
|
@ -147,15 +148,17 @@ Key Description
|
|||
OpenID Connect
|
||||
--------------
|
||||
|
||||
============================ ===============================================
|
||||
============================ ======================================================================
|
||||
Key Description
|
||||
============================ ===============================================
|
||||
============================ ======================================================================
|
||||
\_oidc_id_token ID Token
|
||||
\_oidc_OP Configuration key of OP used for authentication
|
||||
\_oidc_access_token OAuth2 Access Token used to get UserInfo data
|
||||
\_oidc_access_token_eol Timestamp after which the Access Token should no longer be valid
|
||||
\_oidc_refresh_token OAuth2 Refresh Token. This should never be transmitted to applications
|
||||
\_oidc_consent_scope\_\ *rp* Scope for which consent was given for RP *rp*
|
||||
\_oidc_consent_time\_\ *rp* Time when consent was given for RP *rp*
|
||||
============================ ===============================================
|
||||
============================ ======================================================================
|
||||
|
||||
Other
|
||||
-----
|
||||
|
|
|
@ -1198,6 +1198,8 @@ components:
|
|||
logoutUrl:
|
||||
type: string
|
||||
format: url
|
||||
logoutBypassConfirm:
|
||||
type: boolean
|
||||
clientSecret:
|
||||
type: string
|
||||
format: password
|
||||
|
|
|
@ -40,6 +40,7 @@ viewerAllowDiff = 1
|
|||
|
||||
staticPrefix = /static
|
||||
instanceName = Demo
|
||||
;customCSS = css/custom.css
|
||||
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
|
||||
templateDir = __pwd__/lemonldap-ng-manager/site/templates
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@ viewerAllowDiff = 1
|
|||
|
||||
staticPrefix = /static
|
||||
instanceName = Demo
|
||||
;customCSS = css/custom.css
|
||||
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
|
||||
templateDir = __pwd__/lemonldap-ng-manager/site/templates
|
||||
|
||||
|
|
|
@ -48,6 +48,7 @@ viewerAllowBrowser = 1
|
|||
viewerAllowDiff = 1
|
||||
|
||||
staticPrefix = /static
|
||||
;customCSS = css/custom.css
|
||||
instanceName = Demo
|
||||
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
|
||||
templateDir = __pwd__/lemonldap-ng-manager/site/templates
|
||||
|
|
|
@ -84,6 +84,7 @@ scripts/lmMigrateConfFiles2ini
|
|||
scripts/rotateOidcKeys
|
||||
t/01-Common-Conf.t
|
||||
t/02-Common-Conf-File.t
|
||||
t/02-Common-Conf-ServerEnv.t
|
||||
t/03-Common-Conf-CDBI.t
|
||||
t/03-Common-Conf-RDBI.t
|
||||
t/05-Common-Conf-LDAP.t
|
||||
|
|
|
@ -23,8 +23,10 @@
|
|||
"build" : {
|
||||
"requires" : {
|
||||
"IO::String" : "0",
|
||||
"MIME::Entity" : "0",
|
||||
"Net::LDAP" : "0",
|
||||
"String::Random" : "0",
|
||||
"Test::Output" : "0",
|
||||
"Test::Pod" : "1"
|
||||
}
|
||||
},
|
||||
|
@ -61,7 +63,6 @@
|
|||
"JSON::XS" : "0",
|
||||
"Mouse" : "0",
|
||||
"Plack" : "0",
|
||||
"Test::Pod" : "1",
|
||||
"URI" : "0"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,8 +4,10 @@ author:
|
|||
- 'Xavier Guimard <x.guimard@free.fr>, Clement Oudot <clement@oodo.net>, Christophe Maudoux <chrmdx@gmail.com>, Maxime Besson <maxime.besson@worteks.com>'
|
||||
build_requires:
|
||||
IO::String: '0'
|
||||
MIME::Entity: '0'
|
||||
Net::LDAP: '0'
|
||||
String::Random: '0'
|
||||
Test::Output: '0'
|
||||
Test::Pod: '1'
|
||||
configure_requires:
|
||||
ExtUtils::MakeMaker: '0'
|
||||
|
@ -46,7 +48,6 @@ requires:
|
|||
JSON::XS: '0'
|
||||
Mouse: '0'
|
||||
Plack: '0'
|
||||
Test::Pod: '1'
|
||||
URI: '0'
|
||||
resources:
|
||||
MailingList: mailto:lemonldap-ng-dev@ow2.org
|
||||
|
|
|
@ -37,6 +37,7 @@ WriteMakefile(
|
|||
LICENSE => 'gpl',
|
||||
BUILD_REQUIRES => {
|
||||
'IO::String' => 0,
|
||||
'MIME::Entity' => 0,
|
||||
'Net::LDAP' => 0,
|
||||
'String::Random' => 0,
|
||||
'Test::Pod' => 1.00,
|
||||
|
|
|
@ -376,9 +376,12 @@ protection = manager
|
|||
|
||||
; staticPrefix: relative (or URL) location of static HTML components
|
||||
staticPrefix = __MANAGERSTATICDIR__
|
||||
;
|
||||
|
||||
; instanceName: Display current LLNG instance into Manager
|
||||
;instanceName = Demo
|
||||
; customCSS: CSS file to customize Manager
|
||||
;customCSS = css/custom.css
|
||||
|
||||
; location of HTML templates directory
|
||||
templateDir = __MANAGERTEMPLATESDIR__
|
||||
|
||||
|
|
|
@ -31,6 +31,8 @@ our $VERSION = '2.0.14';
|
|||
our $msg = '';
|
||||
our $iniObj;
|
||||
|
||||
our $PlaceHolderRe = '%SERVERENV:(.*?)%';
|
||||
|
||||
BEGIN {
|
||||
eval {
|
||||
require threads::shared;
|
||||
|
@ -115,7 +117,7 @@ sub new {
|
|||
# Serialize $conf and call store().
|
||||
# @param $conf Lemonldap::NG configuration hashRef
|
||||
# @param %args Parameters
|
||||
# @return Number of the saved configuration, 0 in case of error.
|
||||
# @return Number of the saved configuration, <=0 in case of error.
|
||||
sub saveConf {
|
||||
my ( $self, $conf, %args ) = @_;
|
||||
|
||||
|
@ -228,9 +230,10 @@ sub getConf {
|
|||
$res = $r;
|
||||
}
|
||||
|
||||
# Create cipher object
|
||||
# Create cipher object and replace variable placeholder
|
||||
unless ( $args->{raw} ) {
|
||||
|
||||
$self->replacePlaceholders($res) if $self->{useServerEnv};
|
||||
eval {
|
||||
$res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} );
|
||||
};
|
||||
|
@ -504,6 +507,46 @@ sub logError {
|
|||
return shift->_launch( 'logError', @_ );
|
||||
}
|
||||
|
||||
sub _substPlaceHolders {
|
||||
return $_[0] unless $_[0];
|
||||
$_[0] =~ s/$PlaceHolderRe/$ENV{$1}/geo;
|
||||
return $_[0];
|
||||
}
|
||||
|
||||
## @method void replacePlaceholders(res: LLNG_Conf)
|
||||
#
|
||||
# Recursively replace %SERVERENV:VariableName% by $ENV{VariableName} value
|
||||
sub replacePlaceholders {
|
||||
my ( $self, $conf ) = @_;
|
||||
if ( ref $conf eq 'HASH' ) {
|
||||
foreach my $key ( keys %$conf ) {
|
||||
if ( $key =~ /$PlaceHolderRe/o ) {
|
||||
my $val = $conf->{$key};
|
||||
delete $conf->{$key};
|
||||
my $nk = _substPlaceHolders($key);
|
||||
$conf->{$nk} = $val;
|
||||
}
|
||||
next unless ( $conf->{$key} );
|
||||
if ( ref $conf->{$key} ) {
|
||||
$self->replacePlaceholders( $conf->{$key} );
|
||||
}
|
||||
elsif ( $conf->{$key} =~ /$PlaceHolderRe/o ) {
|
||||
$conf->{$key} = _substPlaceHolders( $conf->{$key} );
|
||||
}
|
||||
}
|
||||
}
|
||||
elsif ( ref $conf eq 'ARRAY' ) {
|
||||
for ( my $i = 0 ; $i < @$conf ; $i++ ) {
|
||||
if ( ref $conf->[$i] ) {
|
||||
$self->replacePlaceholders( $conf->[$i] );
|
||||
}
|
||||
elsif ( $conf->[$i] =~ /$PlaceHolderRe/o ) {
|
||||
$conf->[$i] = _substPlaceHolders( $conf->[$i] );
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
|
|
|
@ -4,12 +4,12 @@ use strict;
|
|||
use Mouse;
|
||||
use Lemonldap::NG::Common::Conf::ReConstants;
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub compactConf {
|
||||
my ( $self, $conf ) = @_;
|
||||
|
||||
return $conf unless ( $conf->{'compactConf'} );
|
||||
return $conf unless $conf->{compactConf};
|
||||
|
||||
# Remove unused auth parameters
|
||||
my %keep;
|
||||
|
|
|
@ -29,9 +29,9 @@ use constant DEFAULTCONFBACKEND => "File";
|
|||
use constant DEFAULTCONFBACKENDOPTIONS => (
|
||||
dirName => '/usr/local/lemonldap-ng/data/conf',
|
||||
);
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:a(?:s(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|ptchaOptions)|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnectedBypassFG|orePassword)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|State|User|XSS)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap))|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|to(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|w(?:ebauthn2fUserCanRemoveKey|sdlServer)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|findUser)$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnectedBypassFG|orePassword)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Logout(?:SessionRequired|BypassConfirm)|Re(?:freshToken|quirePKCE)|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|State|User|XSS)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap))|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|to(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|w(?:ebauthn2fUserCanRemoveKey|sdlServer)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|findUser)$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ sub defaultValues {
|
|||
},
|
||||
'authChoiceParam' => 'lmAuth',
|
||||
'authentication' => 'Demo',
|
||||
'available2F' =>
|
||||
'available2F' =>
|
||||
'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
|
||||
'available2FSelfRegistration' => 'TOTP,U2F,WebAuthn,Yubikey',
|
||||
'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600',
|
||||
|
@ -102,7 +102,7 @@ sub defaultValues {
|
|||
'globalLogoutTimer' => 1,
|
||||
'globalStorage' => 'Apache::Session::File',
|
||||
'globalStorageOptions' => {
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'generateModule' =>
|
||||
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
|
||||
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
||||
|
@ -175,20 +175,20 @@ sub defaultValues {
|
|||
'locationRules' => {
|
||||
'default' => 'deny'
|
||||
},
|
||||
'logoutServices' => {},
|
||||
'macros' => {},
|
||||
'mail2fActivation' => 0,
|
||||
'mail2fCodeRegex' => '\\d{6}',
|
||||
'mailCharset' => 'utf-8',
|
||||
'mailFrom' => 'noreply@example.com',
|
||||
'mailSessionKey' => 'mail',
|
||||
'mailTimeout' => 0,
|
||||
'mailUrl' => 'http://auth.example.com/resetpwd',
|
||||
'managerDn' => '',
|
||||
'managerPassword' => '',
|
||||
'max2FDevices' => 10,
|
||||
'max2FDevicesNameLength' => 20,
|
||||
'multiValuesSeparator' => '; ',
|
||||
'logoutServices' => {},
|
||||
'macros' => {},
|
||||
'mail2fActivation' => 0,
|
||||
'mail2fCodeRegex' => '\\d{6}',
|
||||
'mailCharset' => 'utf-8',
|
||||
'mailFrom' => 'noreply@example.com',
|
||||
'mailSessionKey' => 'mail',
|
||||
'mailTimeout' => 0,
|
||||
'mailUrl' => 'http://auth.example.com/resetpwd',
|
||||
'managerDn' => '',
|
||||
'managerPassword' => '',
|
||||
'max2FDevices' => 10,
|
||||
'max2FDevicesNameLength' => 20,
|
||||
'multiValuesSeparator' => '; ',
|
||||
'mySessionAuthorizedRWKeys' =>
|
||||
[ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ],
|
||||
'newLocationWarningLocationAttribute' => 'ipAddr',
|
||||
|
@ -196,7 +196,7 @@ sub defaultValues {
|
|||
'newLocationWarningMaxValues' => '0',
|
||||
'notificationDefaultCond' => '',
|
||||
'notificationServerPOST' => 1,
|
||||
'notificationServerSentAttributes' =>
|
||||
'notificationServerSentAttributes' =>
|
||||
'uid reference date title subtitle text check',
|
||||
'notificationsMaxRetrieve' => 3,
|
||||
'notificationStorage' => 'File',
|
||||
|
@ -250,7 +250,7 @@ sub defaultValues {
|
|||
'passwordPolicyMinUpper' => 0,
|
||||
'passwordPolicySpecialChar' => '__ALL__',
|
||||
'passwordResetAllowedRetries' => 3,
|
||||
'persistentSessionAttributes' =>
|
||||
'persistentSessionAttributes' =>
|
||||
'_loginHistory _2fDevices notification_',
|
||||
'port' => -1,
|
||||
'portal' => 'http://auth.example.com/',
|
||||
|
@ -261,11 +261,12 @@ sub defaultValues {
|
|||
'portalDisplayGeneratePassword' => 1,
|
||||
'portalDisplayLoginHistory' => 1,
|
||||
'portalDisplayLogout' => 1,
|
||||
'portalDisplayOidcConsents' =>
|
||||
'portalDisplayOidcConsents' =>
|
||||
'$_oidcConsents && $_oidcConsents =~ /\\w+/',
|
||||
'portalDisplayRefreshMyRights' => 1,
|
||||
'portalDisplayRegister' => 1,
|
||||
'portalErrorOnExpiredSession' => 1,
|
||||
'portalFavicon' => 'common/favicon.ico',
|
||||
'portalForceAuthnInterval' => 5,
|
||||
'portalMainLogo' => 'common/logos/logo_llng_400px.png',
|
||||
'portalPingInterval' => 60000,
|
||||
|
@ -289,11 +290,11 @@ sub defaultValues {
|
|||
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
|
||||
'proxy' => 'http://auth.example.com/sessions'
|
||||
},
|
||||
'requireToken' => 1,
|
||||
'rest2fActivation' => 0,
|
||||
'restAuthnLevel' => 2,
|
||||
'restClockTolerance' => 15,
|
||||
'sameSite' => '',
|
||||
'requireToken' => 1,
|
||||
'rest2fActivation' => 0,
|
||||
'restAuthnLevel' => 2,
|
||||
'restClockTolerance' => 15,
|
||||
'sameSite' => '',
|
||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
'samlAuthnContextMapKerberos' => 4,
|
||||
|
@ -333,7 +334,7 @@ sub defaultValues {
|
|||
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
|
||||
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
|
||||
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
|
||||
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
|
||||
'samlSPSSODescriptorSingleLogoutServiceHTTPPost' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
|
||||
|
@ -341,11 +342,12 @@ sub defaultValues {
|
|||
'samlSPSSODescriptorSingleLogoutServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
|
||||
'samlSPSSODescriptorWantAssertionsSigned' => 1,
|
||||
'scrollTop' => 400,
|
||||
'securedCookie' => 0,
|
||||
'sfEngine' => '::2F::Engines::Default',
|
||||
'sfManagerRule' => 1,
|
||||
'sfRemovedMsgRule' => 0,
|
||||
'sfRemovedNotifMsg' =>
|
||||
'sfRemovedNotifMsg' =>
|
||||
'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
|
||||
'sfRemovedNotifRef' => 'RemoveSF',
|
||||
'sfRemovedNotifTitle' => 'Second factor notification',
|
||||
|
|
|
@ -22,12 +22,12 @@ our $specialNodeHash = {
|
|||
};
|
||||
|
||||
our $doubleHashKeys = 'issuerDBGetParameters';
|
||||
our $simpleHashKeys = '(?:(?:c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|(?:(?:d(?:emo|bi)|webID)E|e)xportedVar|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|OPMetaDataJ(?:SON|WKS))|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))';
|
||||
our $simpleHashKeys = '(?:(?:c(?:a(?:s(?:StorageOption|Attribute)|ptchaOption)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|(?:(?:d(?:emo|bi)|webID)E|e)xportedVar|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|OPMetaDataJ(?:SON|WKS))|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))';
|
||||
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
|
||||
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|Servic|Rul)e|AuthnLevel)|(?:ExportedVar|Macro)s)';
|
||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|UserI(?:nfoSignAlg|DAttr)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)';
|
||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:Re(?:solutionRule|new)|ProxiedServices|DisplayName|SortNumber|Gateway|Icon|Url)|ExportedVars)';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|(?:ResolutionRul|MaxAg)e|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|Logout(?:SessionRequired|BypassConfirm|Type|Url)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|P(?:ostLogoutRedirectUris|ublic)|UserI(?:nfoSignAlg|DAttr)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|AuthnLevel|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
|
||||
our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|DevOpsRulesUrl|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
|
|
@ -2,19 +2,18 @@ package Lemonldap::NG::Common::Logger::Dispatch;
|
|||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub new {
|
||||
no warnings 'redefine';
|
||||
my $self = bless {}, shift;
|
||||
my ( $conf, %args ) = @_;
|
||||
my %bck;
|
||||
my $last;
|
||||
my $show = 1;
|
||||
my ( %bck, $last );
|
||||
my $root = $args{user} ? 'userLogDispatch' : 'logDispatch';
|
||||
unless ( $conf->{ $root . 'Error' } ) {
|
||||
die "At least, ${root}Error must be defined in conf";
|
||||
}
|
||||
my $show = 1;
|
||||
die "At least, ${root}Error must be defined in conf"
|
||||
unless ( $conf->{ $root . 'Error' } );
|
||||
|
||||
foreach my $l (qw(error warn notice info debug)) {
|
||||
if ($show) {
|
||||
$last = $conf->{ $root . ucfirst($l) } || $last;
|
||||
|
@ -33,9 +32,9 @@ sub new {
|
|||
eval qq'sub $l {1}';
|
||||
}
|
||||
$show = 0 if ( $conf->{logLevel} eq $l );
|
||||
|
||||
}
|
||||
die "Unknown logLevel $conf->{logLevel}" if ($show);
|
||||
die "Unknown logLevel $conf->{logLevel}" if $show;
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@ sub new {
|
|||
my ($conf) = @_;
|
||||
my $show = 1;
|
||||
$self->{raven} = Sentry::Raven->new( sentry_dsn => $conf->{sentryDsn} );
|
||||
|
||||
foreach (qw(error warn notice info debug)) {
|
||||
my $rl = $_;
|
||||
$rl = 'warning' if ( $rl = 'warn' );
|
||||
|
@ -31,7 +32,8 @@ qq'sub $_ {\$_[0]->{raven}->capture_message(\$_[1],level => "$rl")}';
|
|||
}
|
||||
$show = 0 if ( $conf->{logLevel} eq $_ );
|
||||
}
|
||||
die "Unknown logLevel $conf->{logLevel}" if ($show);
|
||||
die "Unknown logLevel $conf->{logLevel}" if $show;
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ sub new {
|
|||
no warnings 'redefine';
|
||||
my $level = $_[1]->{logLevel} || 'info';
|
||||
my $show = 1;
|
||||
|
||||
foreach (qw(error warn notice info debug)) {
|
||||
if ($show) {
|
||||
eval
|
||||
|
@ -18,7 +19,8 @@ qq'sub $_ {print STDERR "[".localtime."] [LLNG:\$\$] [$_] \$_[1]\n"}';
|
|||
}
|
||||
$show = 0 if ( $level eq $_ );
|
||||
}
|
||||
die "Unknown logLevel $level" if ($show);
|
||||
die "Unknown logLevel $level" if $show;
|
||||
|
||||
return bless {}, shift;
|
||||
}
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ sub new {
|
|||
eval { openlog( 'LLNG', $self->{options}, $self->{facility} ) };
|
||||
no warnings 'redefine';
|
||||
my $show = 1;
|
||||
|
||||
foreach (qw(error warn notice info debug)) {
|
||||
if ($show) {
|
||||
my $name = $_;
|
||||
|
@ -34,7 +35,8 @@ sub new {
|
|||
}
|
||||
$show = 0 if ( $level eq $_ );
|
||||
}
|
||||
die "Unknown logLevel $level" if ($show);
|
||||
die "Unknown logLevel $level" if $show;
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ use JSON;
|
|||
use Lemonldap::NG::Common::PSGI::Constants;
|
||||
use Lemonldap::NG::Common::PSGI::Request;
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
our $_json = JSON->new->allow_nonref;
|
||||
|
||||
|
@ -18,6 +18,7 @@ has logLevel => ( is => 'rw', isa => 'Str', default => 'info' );
|
|||
has portal => ( is => 'rw', isa => 'Str' );
|
||||
has staticPrefix => ( is => 'rw', isa => 'Str' );
|
||||
has instanceName => ( is => 'rw', isa => 'Str', default => '' );
|
||||
has customCSS => ( is => 'rw', isa => 'Str', default => '' );
|
||||
has templateDir => ( is => 'rw', isa => 'Str|ArrayRef' );
|
||||
has links => ( is => 'rw', isa => 'ArrayRef' );
|
||||
has menuLinks => ( is => 'rw', isa => 'ArrayRef' );
|
||||
|
@ -308,6 +309,7 @@ sub sendHtml {
|
|||
$htpl->param(
|
||||
STATIC_PREFIX => $sp,
|
||||
INSTANCE_NAME => $self->instanceName,
|
||||
CUSTOM_CSS => $self->customCSS,
|
||||
SCRIPTNAME => $sc,
|
||||
( $self->can('tplParams') ? ( $self->tplParams($req) ) : () ),
|
||||
(
|
||||
|
|
|
@ -38,9 +38,9 @@ sub new {
|
|||
return bless( $self, $_[0] );
|
||||
}
|
||||
|
||||
sub data { $_[0]->{data} }
|
||||
sub data { return $_[0]->{data} }
|
||||
|
||||
sub uri { $_[0]->{uri} }
|
||||
sub uri { return $_[0]->{uri} }
|
||||
|
||||
sub userData {
|
||||
my ( $self, $v ) = @_;
|
||||
|
|
|
@ -12,13 +12,13 @@ use Lemonldap::NG::Common::IPv6;
|
|||
use JSON::XS;
|
||||
use Date::Parse;
|
||||
|
||||
our $VERSION = '2.0.12';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
# Set here all the names of functions that must be available in Safe objects.
|
||||
# Not that only functions, not methods, can be written here
|
||||
# Note that only functions, not methods, can be written here
|
||||
our $functions =
|
||||
[
|
||||
qw(&checkLogonHours &date &dateToTime &checkDate &basic &unicode2iso &iso2unicode &groupMatch &isInNet6 &varIsInUri &has2f_internal)
|
||||
qw(&checkLogonHours &date &dateToTime &checkDate &basic &unicode2iso &unicode2isoSafe &iso2unicode &iso2unicodeSafe &groupMatch &isInNet6 &varIsInUri &has2f_internal)
|
||||
];
|
||||
|
||||
## @function boolean checkLogonHours(string logon_hours, string syntax, string time_correction, boolean default_access)
|
||||
|
@ -202,6 +202,21 @@ sub unicode2iso {
|
|||
return encode( "iso-8859-1", decode( "utf-8", $string ) );
|
||||
}
|
||||
|
||||
## @function string unicode2isoSafe(string string)
|
||||
## This function is compliant with the Safe jail
|
||||
## but not as portable as the original one
|
||||
# Convert UTF-8 in ISO-8859-1
|
||||
# @param string UTF-8 string
|
||||
# @return ISO string
|
||||
sub unicode2isoSafe {
|
||||
my ($string) = @_;
|
||||
|
||||
my $res = $string;
|
||||
utf8::decode($res);
|
||||
utf8::downgrade($res);
|
||||
return $res;
|
||||
}
|
||||
|
||||
## @function string iso2unicode(string string)
|
||||
# Convert ISO-8859-1 in UTF-8
|
||||
# @param string ISO string
|
||||
|
@ -212,6 +227,20 @@ sub iso2unicode {
|
|||
return encode( "utf-8", decode( "iso-8859-1", $string ) );
|
||||
}
|
||||
|
||||
## @function string iso2unicodeSafe(string string)
|
||||
## This function is compliant with the Safe jail
|
||||
## but not as portable as the original one
|
||||
# Convert ISO-8859-1 in UTF-8
|
||||
# @param string ISO string
|
||||
# @return UTF-8 string
|
||||
sub iso2unicodeSafe {
|
||||
my ($string) = @_;
|
||||
|
||||
my $res = $string;
|
||||
utf8::encode($res);
|
||||
return $res;
|
||||
}
|
||||
|
||||
## @function int groupMatch(hashref groups, string attribute, string value)
|
||||
# Check in hGroups structure if a group attribute contains a value
|
||||
# @param groups The $hGroups variable
|
||||
|
|
|
@ -112,7 +112,7 @@ foreach (@available) {
|
|||
next if ( $opts{force} );
|
||||
exit 6;
|
||||
}
|
||||
if ( my $r = $new->saveConf( $conf, %newargs ) ) {
|
||||
if ( $new->saveConf( $conf, %newargs ) > 0 ) {
|
||||
print "Conf $conf->{cfgNum} stored\n";
|
||||
next;
|
||||
}
|
||||
|
|
|
@ -466,7 +466,7 @@ if ( !$opts{'dry-run'} ) {
|
|||
print "[OK] Configuration $numConf saved\n";
|
||||
$exitCode = 0;
|
||||
}
|
||||
unless ($numConf) {
|
||||
unless ( $numConf > 0 ) {
|
||||
print "[ERROR] Unable to save configuration\n";
|
||||
$exitCode = 1;
|
||||
}
|
||||
|
|
|
@ -50,7 +50,7 @@ $conf->{oidcServicePrivateKeySig} = $keys->{private};
|
|||
$conf->{oidcServicePublicKeySig} = $keys->{public};
|
||||
$conf->{oidcServiceKeyIdSig} = $keys->{id};
|
||||
|
||||
$lmconf->saveConf($conf) or die $Lemonldap::NG::Common::Conf::msg;
|
||||
( $lmconf->saveConf($conf) > 0 ) or die $Lemonldap::NG::Common::Conf::msg;
|
||||
|
||||
print "Configuration saved\n" if $debug;
|
||||
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
use strict;
|
||||
use Test::More tests => 14;
|
||||
use Data::Dumper;
|
||||
|
||||
BEGIN { use_ok('Lemonldap::NG::Common::Conf') }
|
||||
|
||||
my $h;
|
||||
|
||||
ok(
|
||||
$h = new Lemonldap::NG::Common::Conf( {
|
||||
type => 'File',
|
||||
dirName => "t/",
|
||||
}
|
||||
),
|
||||
'type => file',
|
||||
);
|
||||
my $conf = {
|
||||
cfgNum => 1,
|
||||
test => '%SERVERENV:A%',
|
||||
test2 => '%SERVERENV:B% %SERVERENV:C%',
|
||||
'%SERVERENV:MYKEY%' => {
|
||||
test => 'Test: %SERVERENV:A%',
|
||||
array => [ 'a', '%SERVERENV:B% %SERVERENV:C%', ],
|
||||
},
|
||||
};
|
||||
|
||||
$ENV{A} = 'Aa';
|
||||
$ENV{B} = 'Bb';
|
||||
$ENV{C} = 'Cc';
|
||||
$ENV{MYKEY} = 'MyKey';
|
||||
|
||||
ok( $h->store($conf) == 1, "Conf is stored" )
|
||||
or print STDERR "$Lemonldap::NG::Common::Conf::msg $!";
|
||||
my $cfg;
|
||||
ok( $cfg = $h->getConf( { cfgNum => 1 } ), "Conf can be read" )
|
||||
or print STDERR $Lemonldap::NG::Common::Conf::msg;
|
||||
ok( $cfg->{test} eq '%SERVERENV:A%',
|
||||
'%SERVERENV:A% is not substitued into Aa without useServerEnv' )
|
||||
or print STDERR "Expect $cfg->{test} eq %SERVERENV:A%\n";
|
||||
|
||||
unlink 't/lmConf-1.json';
|
||||
|
||||
ok(
|
||||
$h = new Lemonldap::NG::Common::Conf( {
|
||||
type => 'File',
|
||||
dirName => "t/",
|
||||
useServerEnv => 1,
|
||||
}
|
||||
),
|
||||
'type => file',
|
||||
);
|
||||
ok( $h->store($conf) == 1, "Conf is stored" )
|
||||
or print STDERR "$Lemonldap::NG::Common::Conf::msg $!";
|
||||
|
||||
ok( $cfg = $h->getConf( { cfgNum => 1 } ), "Conf can be read" )
|
||||
or print STDERR $Lemonldap::NG::Common::Conf::msg;
|
||||
ok( $cfg->{test} eq 'Aa', '%SERVERENV:A% is substitued into Aa' )
|
||||
or print STDERR "Expect $cfg->{test} eq Aa\n";
|
||||
ok( $cfg->{test2} eq 'Bb Cc',
|
||||
'%SERVERENV:B% %SERVERENV:C% is substitued into Bb Cc' )
|
||||
or print STDERR "Expect $cfg->{test} eq Aa\n";
|
||||
|
||||
ok( ( !$cfg->{'%SERVERENV:MYKEY%'} and $cfg->{MyKey} ),
|
||||
'Keyname is transformed' );
|
||||
ok( (
|
||||
$cfg->{MyKey}->{array}->[0] eq 'a'
|
||||
and $cfg->{MyKey}->{array}->[1] eq 'Bb Cc'
|
||||
),
|
||||
'Values are substitued into arrays'
|
||||
);
|
||||
|
||||
ok( $cfg = $h->getConf( { cfgNum => 1, raw => 1 } ), 'Get raw conf' );
|
||||
ok( $cfg->{test} eq '%SERVERENV:A%',
|
||||
'%SERVERENV:A% is not substitued into Aa in raw mode' )
|
||||
or print STDERR "Expect $cfg->{test} eq %SERVERENV:A%\n";
|
||||
|
||||
unlink 't/lmConf-1.json';
|
|
@ -27,7 +27,7 @@
|
|||
"Env" : "0",
|
||||
"IO::Pipe" : "0",
|
||||
"Test::MockObject" : "0",
|
||||
"Test::Pod" : "0",
|
||||
"Test::Pod" : "1",
|
||||
"Time::Fake" : "0"
|
||||
}
|
||||
},
|
||||
|
|
|
@ -8,7 +8,7 @@ build_requires:
|
|||
Env: '0'
|
||||
IO::Pipe: '0'
|
||||
Test::MockObject: '0'
|
||||
Test::Pod: '0'
|
||||
Test::Pod: '1'
|
||||
Time::Fake: '0'
|
||||
configure_requires:
|
||||
ExtUtils::MakeMaker: '0'
|
||||
|
|
|
@ -104,7 +104,7 @@ q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know,
|
|||
|
||||
$class->logger->debug("DevOps handler called by $vhost");
|
||||
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
|
||||
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
||||
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
||||
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
|
||||
$class->tsv->{https}->{$vhost} = uc $req->env->{HTTPS_REDIRECT} eq 'ON'
|
||||
if exists $req->env->{HTTPS_REDIRECT};
|
||||
|
|
|
@ -205,7 +205,8 @@ sub jailInit {
|
|||
sub defaultValuesInit {
|
||||
my ( $class, $conf ) = @_;
|
||||
|
||||
$class->tsv->{$_} = $conf->{$_} foreach ( qw(
|
||||
$class->tsv->{$_} = $conf->{$_}
|
||||
foreach ( qw(
|
||||
cookieExpiration cookieName customFunctions httpOnly
|
||||
securedCookie timeout timeoutActivity
|
||||
timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
|
||||
|
@ -214,7 +215,7 @@ sub defaultValuesInit {
|
|||
authChoiceAuthBasic authChoiceParam hiddenAttributes
|
||||
upgradeSession
|
||||
)
|
||||
);
|
||||
);
|
||||
|
||||
$class->tsv->{cipher} = Lemonldap::NG::Common::Crypto->new( $conf->{key} );
|
||||
|
||||
|
@ -550,6 +551,7 @@ sub conditionSub {
|
|||
# logout_app
|
||||
if ( $cond =~ /^logout_app(?:\s+(.*))?$/i ) {
|
||||
my $u = $1 || $class->tsv->{portal}->();
|
||||
$class->logger->debug("logout_app redirect to $u");
|
||||
eval 'use Apache2::Filter' unless ( $INC{"Apache2/Filter.pm"} );
|
||||
return (
|
||||
sub {
|
||||
|
@ -565,6 +567,7 @@ sub conditionSub {
|
|||
}
|
||||
elsif ( $cond =~ /^logout_app_sso(?:\s+(.*))?$/i ) {
|
||||
my $u = $1 || $class->tsv->{portal}->();
|
||||
$class->logger->debug("logout_app_sso redirect to $u");
|
||||
eval 'use Apache2::Filter' unless ( $INC{"Apache2/Filter.pm"} );
|
||||
return (
|
||||
sub {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Main running methods file
|
||||
package Lemonldap::NG::Handler::Main::Run;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
package Lemonldap::NG::Handler::Main;
|
||||
|
||||
|
@ -227,6 +227,7 @@ sub run {
|
|||
$class->cleanHeaders($req);
|
||||
return $class->OK;
|
||||
}
|
||||
|
||||
elsif ( $protection == $class->MAYSKIP
|
||||
and $class->grant( $req, $session, $uri, $cond ) eq '999_SKIP' )
|
||||
{
|
||||
|
@ -327,8 +328,7 @@ sub getLevel {
|
|||
}
|
||||
}
|
||||
if ($level) {
|
||||
$class->logger->debug(
|
||||
'Found AuthnLevel=' . $level . ' for "' . "$vhost$uri" . '"' );
|
||||
$class->logger->debug("Found AuthnLevel=$level for \"$vhost$uri\"");
|
||||
return $level;
|
||||
}
|
||||
else {
|
||||
|
@ -345,7 +345,7 @@ sub getLevel {
|
|||
sub grant {
|
||||
my ( $class, $req, $session, $uri, $cond, $vhost ) = @_;
|
||||
|
||||
return $cond->( $req, $session ) if ($cond);
|
||||
return $cond->( $req, $session ) if $cond;
|
||||
|
||||
$vhost ||= $class->resolveAlias($req);
|
||||
my $level = $class->getLevel( $req, $uri );
|
||||
|
@ -646,14 +646,10 @@ sub _getPort {
|
|||
return $class->tsv->{port}->{$vhost};
|
||||
}
|
||||
else {
|
||||
if ( defined $class->tsv->{port}->{_}
|
||||
and ( $class->tsv->{port}->{_} > 0 ) )
|
||||
{
|
||||
return $class->tsv->{port}->{_};
|
||||
}
|
||||
else {
|
||||
return $req->port;
|
||||
}
|
||||
return ( defined $class->tsv->{port}->{_}
|
||||
and ( $class->tsv->{port}->{_} > 0 ) )
|
||||
? $class->tsv->{port}->{_}
|
||||
: $req->port;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -670,14 +666,10 @@ sub _isHttps {
|
|||
return $class->tsv->{https}->{$vhost};
|
||||
}
|
||||
else {
|
||||
if ( defined $class->tsv->{https}->{_}
|
||||
and ( $class->tsv->{https}->{_} > -1 ) )
|
||||
{
|
||||
return $class->tsv->{https}->{_};
|
||||
}
|
||||
else {
|
||||
return $req->secure;
|
||||
}
|
||||
return ( defined $class->tsv->{https}->{_}
|
||||
and ( $class->tsv->{https}->{_} > -1 ) )
|
||||
? $class->tsv->{https}->{_}
|
||||
: $req->secure;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -715,9 +707,8 @@ sub isUnprotected {
|
|||
$i++
|
||||
)
|
||||
{
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||
return $class->tsv->{locationProtection}->{$vhost}->[$i];
|
||||
}
|
||||
return $class->tsv->{locationProtection}->{$vhost}->[$i]
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] );
|
||||
}
|
||||
return $class->tsv->{defaultProtection}->{$vhost};
|
||||
}
|
||||
|
@ -785,8 +776,8 @@ sub resolveAlias {
|
|||
|
||||
$vhost =~ s/:\d+//;
|
||||
return $class->tsv->{vhostAlias}->{$vhost}
|
||||
if ( $class->tsv->{vhostAlias}->{$vhost} );
|
||||
return $vhost if ( $class->tsv->{defaultCondition}->{$vhost} );
|
||||
if $class->tsv->{vhostAlias}->{$vhost};
|
||||
return $vhost if $class->tsv->{defaultCondition}->{$vhost};
|
||||
foreach ( @{ $class->tsv->{vhostReg} } ) {
|
||||
return $_->[1] if $vhost =~ $_->[0];
|
||||
}
|
||||
|
|
|
@ -93,6 +93,8 @@ site/htdocs/static/bwr/es5-shim/es5-shim.min.js
|
|||
site/htdocs/static/bwr/file-saver.js/FileSaver.js
|
||||
site/htdocs/static/bwr/file-saver.js/FileSaver.min.js
|
||||
site/htdocs/static/bwr/file-saver.js/FileSaver.min.js.map
|
||||
site/htdocs/static/css/custom.css
|
||||
site/htdocs/static/css/custom.min.css
|
||||
site/htdocs/static/css/manager.css
|
||||
site/htdocs/static/css/manager.min.css
|
||||
site/htdocs/static/forms/authChoice.html
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
"Email::Sender" : "0",
|
||||
"IO::String" : "0",
|
||||
"Regexp::Common" : "0",
|
||||
"Test::Output" : "0",
|
||||
"Test::Pod" : "1"
|
||||
}
|
||||
},
|
||||
|
@ -58,6 +59,6 @@
|
|||
],
|
||||
"x_MailingList" : "mailto:lemonldap-ng-dev@ow2.org"
|
||||
},
|
||||
"version" : "v2.0.14",
|
||||
"version" : "v2.0.15",
|
||||
"x_serialization_backend" : "JSON::PP version 4.04"
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ build_requires:
|
|||
Email::Sender: '0'
|
||||
IO::String: '0'
|
||||
Regexp::Common: '0'
|
||||
Test::Output: '0'
|
||||
Test::Pod: '1'
|
||||
configure_requires:
|
||||
ExtUtils::MakeMaker: '0'
|
||||
|
@ -34,5 +35,5 @@ resources:
|
|||
bugtracker: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues
|
||||
homepage: https://lemonldap-ng.org/
|
||||
license: http://opensource.org/licenses/GPL-2.0
|
||||
version: v2.0.14
|
||||
version: v2.0.15
|
||||
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
|
||||
|
|
|
@ -66,7 +66,7 @@ sub init {
|
|||
my @res = ( "Lemonldap::NG::Manager::" . ucfirst($_) );
|
||||
if ( my $tmp = $self->loadPlugin( @res, $conf ) ) {
|
||||
$self->logger->debug("Plugin $_ loaded");
|
||||
push @links, $_;
|
||||
push @links, $_;
|
||||
push @{ $self->loadedPlugins }, $tmp;
|
||||
$self->hLoadedPlugins->{$_} = $tmp;
|
||||
}
|
||||
|
@ -183,10 +183,9 @@ sub javascript {
|
|||
|
||||
return
|
||||
'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";var viewPrefix=scriptname+"view/";'
|
||||
. 'var allowDiff=' . "$res;"
|
||||
. 'var impPrefix=' . "'"
|
||||
. $impPrefix . "'" . ';'
|
||||
. 'var sessionTTL=' . "$ttl;"
|
||||
. "var allowDiff=$res;"
|
||||
. "var sessionTTL=$ttl;"
|
||||
. "var impPrefix='$impPrefix';"
|
||||
. ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
|
||||
. (
|
||||
$self->menuLinks
|
||||
|
|
|
@ -67,7 +67,7 @@ sub types {
|
|||
'hostname' => {
|
||||
'form' => 'text',
|
||||
'msgFail' => '__badHostname__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$/
|
||||
},
|
||||
'int' => {
|
||||
|
@ -257,7 +257,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
|
|||
'url' => {
|
||||
'form' => 'text',
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:^$|(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/
|
||||
}
|
||||
};
|
||||
|
@ -681,6 +681,9 @@ sub attributes {
|
|||
'default' => 30,
|
||||
'type' => 'int'
|
||||
},
|
||||
'captcha' => {
|
||||
'type' => 'PerlModule'
|
||||
},
|
||||
'captcha_login_enabled' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
|
@ -697,6 +700,9 @@ sub attributes {
|
|||
'default' => 6,
|
||||
'type' => 'int'
|
||||
},
|
||||
'captchaOptions' => {
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
'casAccessControlPolicy' => {
|
||||
'default' => 'none',
|
||||
'select' => [ {
|
||||
|
@ -797,12 +803,16 @@ sub attributes {
|
|||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'casSrvMetaDataOptionsResolutionRule' => {
|
||||
'default' => '',
|
||||
'type' => 'longtext'
|
||||
},
|
||||
'casSrvMetaDataOptionsSortNumber' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
'casSrvMetaDataOptionsUrl' => {
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -1341,7 +1351,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'domain' => {
|
||||
'default' => 'example.com',
|
||||
'msgFail' => '__badDomainName__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -1387,6 +1397,9 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
|||
'ext2fLogo' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'ext2fResendInterval' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'ext2FSendCommand' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -1484,7 +1497,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
|||
},
|
||||
'globalStorageOptions' => {
|
||||
'default' => {
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'generateModule' =>
|
||||
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
|
||||
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
||||
|
@ -1609,7 +1622,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
|||
'issuerDBGetParameters' => {
|
||||
'default' => {},
|
||||
'keyMsgFail' => '__badHostname__',
|
||||
'keyTest' =>
|
||||
'keyTest' =>
|
||||
qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/,
|
||||
'test' => {
|
||||
'keyMsgFail' => '__badKeyName__',
|
||||
|
@ -2000,6 +2013,9 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
'mail2fLogo' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'mail2fResendInterval' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'mail2fSessionKey' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -2277,6 +2293,10 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
'oidcOPMetaDataOptionsPrompt' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'oidcOPMetaDataOptionsResolutionRule' => {
|
||||
'default' => '',
|
||||
'type' => 'longtext'
|
||||
},
|
||||
'oidcOPMetaDataOptionsScope' => {
|
||||
'default' => 'openid profile',
|
||||
'type' => 'text'
|
||||
|
@ -2449,6 +2469,10 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'oidcRPMetaDataOptionsLogoutBypassConfirm' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'oidcRPMetaDataOptionsLogoutSessionRequired' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
|
@ -2808,7 +2832,7 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
'pdataDomain' => {
|
||||
'default' => '',
|
||||
'msgFail' => '__badDomainName__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -2829,7 +2853,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
|||
'portal' => {
|
||||
'default' => 'http://auth.example.com/',
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'url'
|
||||
},
|
||||
|
@ -2900,6 +2924,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'portalFavicon' => {
|
||||
'default' => 'common/favicon.ico',
|
||||
'type' => 'text'
|
||||
},
|
||||
'portalForceAuthn' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
|
@ -3136,7 +3164,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'keyTest' =>
|
||||
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$/,
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
|
@ -3171,6 +3199,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'rest2fAuthnLevel' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
'rest2fCodeActivation' => {
|
||||
'type' => 'pcre'
|
||||
},
|
||||
'rest2fInitArgs' => {
|
||||
'keyMsgFail' => '__badKeyName__',
|
||||
'keyTest' => qr/^\w+$/,
|
||||
|
@ -3187,6 +3218,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'rest2fLogo' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'rest2fResendInterval' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'rest2fVerifyArgs' => {
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
|
@ -3288,19 +3322,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'samlCommonDomainCookieDomain' => {
|
||||
'msgFail' => '__badDomainName__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
'samlCommonDomainCookieReader' => {
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'text'
|
||||
},
|
||||
'samlCommonDomainCookieWriter' => {
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -3317,7 +3351,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'samlDiscoveryProtocolURL' => {
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -3935,6 +3969,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'scrollTop' => {
|
||||
'default' => 400,
|
||||
'type' => 'int'
|
||||
},
|
||||
'securedCookie' => {
|
||||
'default' => 0,
|
||||
'select' => [ {
|
||||
|
@ -4010,6 +4048,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'type' => 'sfExtraContainer'
|
||||
},
|
||||
'sfLoginTimeout' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
'sfManagerRule' => {
|
||||
'default' => 1,
|
||||
'type' => 'boolOrExpr'
|
||||
|
@ -4110,7 +4151,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'SMTPServer' => {
|
||||
'default' => '',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
|
@ -368,6 +368,11 @@ sub attributes {
|
|||
test => $url,
|
||||
msgFail => '__badUrl__',
|
||||
},
|
||||
portalFavicon => {
|
||||
type => 'text',
|
||||
default => 'common/favicon.ico',
|
||||
documentation => 'Path to favicon file',
|
||||
},
|
||||
portalCustomCss => {
|
||||
type => 'text',
|
||||
documentation => 'Path to custom CSS file',
|
||||
|
@ -420,6 +425,11 @@ sub attributes {
|
|||
default => 1,
|
||||
documentation => 'Display langs icons',
|
||||
},
|
||||
scrollTop => {
|
||||
type => 'int',
|
||||
default => 400,
|
||||
documentation => 'Display back to top button',
|
||||
},
|
||||
staticPrefix => {
|
||||
type => 'text',
|
||||
documentation => 'Prefix of static files for HTML templates',
|
||||
|
@ -1469,6 +1479,16 @@ sub attributes {
|
|||
default => 6,
|
||||
documentation => 'Captcha size',
|
||||
},
|
||||
captcha => {
|
||||
type => 'PerlModule',
|
||||
documentation => 'Captcha backend module',
|
||||
flags => 'hp',
|
||||
},
|
||||
captchaOptions => {
|
||||
type => 'keyTextContainer',
|
||||
documentation => 'Captcha module options',
|
||||
flags => 'hp',
|
||||
},
|
||||
|
||||
# Variables
|
||||
exportedVars => {
|
||||
|
@ -2005,6 +2025,10 @@ sub attributes {
|
|||
type => 'int',
|
||||
documentation => 'Second factor code timeout',
|
||||
},
|
||||
mail2fResendInterval => {
|
||||
type => 'text',
|
||||
documentation => 'Delay before user is allowed to resend code',
|
||||
},
|
||||
mail2fAuthnLevel => {
|
||||
type => 'int',
|
||||
documentation =>
|
||||
|
@ -2042,6 +2066,10 @@ sub attributes {
|
|||
type => 'text',
|
||||
documentation => 'Validation command of External second factor',
|
||||
},
|
||||
ext2fResendInterval => {
|
||||
type => 'text',
|
||||
documentation => 'Delay before user is allowed to resend code',
|
||||
},
|
||||
ext2fAuthnLevel => {
|
||||
type => 'int',
|
||||
documentation =>
|
||||
|
@ -2093,6 +2121,10 @@ sub attributes {
|
|||
default => 0,
|
||||
documentation => 'REST second factor activation',
|
||||
},
|
||||
rest2fCodeActivation => {
|
||||
type => 'pcre',
|
||||
documentation => 'OTP generated by Portal',
|
||||
},
|
||||
rest2fInitUrl => {
|
||||
type => 'url',
|
||||
documentation => 'REST 2F init URL',
|
||||
|
@ -2117,6 +2149,10 @@ sub attributes {
|
|||
type => 'keyTextContainer',
|
||||
documentation => 'Args for REST 2F init',
|
||||
},
|
||||
rest2fResendInterval => {
|
||||
type => 'text',
|
||||
documentation => 'Delay before user is allowed to resend code',
|
||||
},
|
||||
rest2fAuthnLevel => {
|
||||
type => 'int',
|
||||
documentation =>
|
||||
|
@ -3364,6 +3400,10 @@ sub attributes {
|
|||
help => 'secondfactor.html',
|
||||
documentation => 'Notification message',
|
||||
},
|
||||
sfLoginTimeout => {
|
||||
type => 'int',
|
||||
documentation => 'Timeout for 2F login process',
|
||||
},
|
||||
sfRegisterTimeout => {
|
||||
type => 'int',
|
||||
documentation => 'Timeout for 2F registration process',
|
||||
|
@ -3668,6 +3708,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
type => 'int',
|
||||
documentation => 'Number to sort buttons',
|
||||
},
|
||||
casSrvMetaDataOptionsResolutionRule => {
|
||||
type => 'longtext',
|
||||
default => '',
|
||||
},
|
||||
|
||||
# Fake attribute: used by manager REST API to agglomerate all nodes
|
||||
# related to a CAS IDP partner
|
||||
|
@ -4367,6 +4411,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
oidcOPMetaDataOptionsIcon => { type => 'text', },
|
||||
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
|
||||
oidcOPMetaDataOptionsSortNumber => { type => 'int', },
|
||||
oidcOPMetaDataOptionsResolutionRule => {
|
||||
type => 'longtext',
|
||||
default => '',
|
||||
},
|
||||
|
||||
# OpenID Connect relying parties
|
||||
oidcRPMetaDataExportedVars => {
|
||||
|
@ -4444,7 +4492,12 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
default => 0
|
||||
},
|
||||
oidcRPMetaDataOptionsPostLogoutRedirectUris => { type => 'text', },
|
||||
oidcRPMetaDataOptionsLogoutUrl => {
|
||||
oidcRPMetaDataOptionsLogoutBypassConfirm => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
documentation => 'Bypass logout confirmation'
|
||||
},
|
||||
oidcRPMetaDataOptionsLogoutUrl => {
|
||||
type => 'url',
|
||||
documentation => 'Logout URL',
|
||||
},
|
||||
|
|
|
@ -82,7 +82,6 @@ sub cTrees {
|
|||
help => 'authsaml.html#options',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'samlIDPMetaDataOptionsResolutionRule',
|
||||
'samlIDPMetaDataOptionsNameIDFormat',
|
||||
'samlIDPMetaDataOptionsForceAuthn',
|
||||
'samlIDPMetaDataOptionsIsPassive',
|
||||
|
@ -98,6 +97,7 @@ sub cTrees {
|
|||
nodes => [
|
||||
"samlIDPMetaDataOptionsDisplayName",
|
||||
"samlIDPMetaDataOptionsIcon",
|
||||
'samlIDPMetaDataOptionsResolutionRule',
|
||||
"samlIDPMetaDataOptionsSortNumber"
|
||||
]
|
||||
}
|
||||
|
@ -186,6 +186,7 @@ sub cTrees {
|
|||
nodes => [
|
||||
'oidcOPMetaDataOptionsDisplayName',
|
||||
'oidcOPMetaDataOptionsIcon',
|
||||
'oidcOPMetaDataOptionsResolutionRule',
|
||||
'oidcOPMetaDataOptionsSortNumber'
|
||||
]
|
||||
},
|
||||
|
@ -249,6 +250,7 @@ sub cTrees {
|
|||
title => 'logout',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcRPMetaDataOptionsLogoutBypassConfirm',
|
||||
'oidcRPMetaDataOptionsPostLogoutRedirectUris',
|
||||
'oidcRPMetaDataOptionsLogoutUrl',
|
||||
'oidcRPMetaDataOptionsLogoutType',
|
||||
|
@ -285,6 +287,7 @@ sub cTrees {
|
|||
nodes => [
|
||||
'casSrvMetaDataOptionsDisplayName',
|
||||
'casSrvMetaDataOptionsIcon',
|
||||
'casSrvMetaDataOptionsResolutionRule',
|
||||
'casSrvMetaDataOptionsSortNumber',
|
||||
]
|
||||
},
|
||||
|
|
|
@ -53,7 +53,9 @@ sub tree {
|
|||
help => 'portalcustom.html',
|
||||
nodes => [
|
||||
'portalMainLogo',
|
||||
'portalFavicon',
|
||||
'showLanguages',
|
||||
'scrollTop',
|
||||
'portalCustomCss',
|
||||
'portalSkin',
|
||||
'portalSkinBackground',
|
||||
|
@ -72,14 +74,14 @@ sub tree {
|
|||
},
|
||||
{
|
||||
title => 'passwordManagement',
|
||||
help =>
|
||||
help =>
|
||||
'portalcustom.html#password-management',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'portalRequireOldPassword',
|
||||
'portalEnablePasswordDisplay',
|
||||
'hideOldPassword',
|
||||
'mailOnPasswordChange',
|
||||
'portalEnablePasswordDisplay',
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -99,7 +101,7 @@ sub tree {
|
|||
},
|
||||
{
|
||||
title => 'portalOther',
|
||||
help =>
|
||||
help =>
|
||||
'portalcustom.html#other-parameters',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
|
@ -116,20 +118,24 @@ sub tree {
|
|||
},
|
||||
{
|
||||
title => 'portalCaptcha',
|
||||
help => 'captcha.html',
|
||||
form => 'simpleInputContainer',
|
||||
help => 'captcha.html#configuration',
|
||||
nodes => [
|
||||
'captcha_login_enabled',
|
||||
'captcha_mail_enabled',
|
||||
'captcha_register_enabled',
|
||||
'captcha_size',
|
||||
{
|
||||
title => 'captchaCustom',
|
||||
help => 'captcha.html#configuration',
|
||||
nodes => [ 'captcha', 'captchaOptions', ]
|
||||
},
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
title => 'authParams',
|
||||
help =>
|
||||
help =>
|
||||
'start.html#authentication-users-and-password-databases',
|
||||
form => 'authParams',
|
||||
nodes => [
|
||||
|
@ -650,7 +656,7 @@ sub tree {
|
|||
},
|
||||
{
|
||||
title => 'soapServices',
|
||||
help =>
|
||||
help =>
|
||||
'portalservers.html#SOAP_(deprecated)',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
|
@ -684,7 +690,7 @@ sub tree {
|
|||
'notificationStorageOptions',
|
||||
{
|
||||
title => 'serverNotification',
|
||||
help =>
|
||||
help =>
|
||||
'notifications.html#notification-server',
|
||||
nodes => [
|
||||
'notificationServer',
|
||||
|
@ -884,6 +890,7 @@ sub tree {
|
|||
'sfManagerRule',
|
||||
'sfRequired',
|
||||
'sfOnlyUpgrade',
|
||||
'sfLoginTimeout',
|
||||
'sfRegisterTimeout',
|
||||
{
|
||||
title => 'utotp2f',
|
||||
|
@ -952,8 +959,8 @@ sub tree {
|
|||
'mail2fActivation', 'mail2fCodeRegex',
|
||||
'mail2fTimeout', 'mail2fSubject',
|
||||
'mail2fBody', 'mail2fSessionKey',
|
||||
'mail2fAuthnLevel', 'mail2fLabel',
|
||||
'mail2fLogo'
|
||||
'mail2fResendInterval', 'mail2fAuthnLevel',
|
||||
'mail2fLabel', 'mail2fLogo'
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -961,10 +968,10 @@ sub tree {
|
|||
help => 'external2f.html',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'ext2fActivation', 'ext2fCodeActivation',
|
||||
'ext2fActivation', 'ext2fCodeActivation',
|
||||
'ext2FSendCommand', 'ext2FValidateCommand',
|
||||
'ext2fAuthnLevel', 'ext2fLabel',
|
||||
'ext2fLogo'
|
||||
'ext2fResendInterval', 'ext2fAuthnLevel',
|
||||
'ext2fLabel', 'ext2fLogo',
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -987,10 +994,11 @@ sub tree {
|
|||
help => 'rest2f.html',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'rest2fActivation', 'rest2fInitUrl',
|
||||
'rest2fInitArgs', 'rest2fVerifyUrl',
|
||||
'rest2fVerifyArgs', 'rest2fAuthnLevel',
|
||||
'rest2fLabel', 'rest2fLogo'
|
||||
'rest2fActivation', 'rest2fCodeActivation',
|
||||
'rest2fInitUrl', 'rest2fInitArgs',
|
||||
'rest2fVerifyUrl', 'rest2fVerifyArgs',
|
||||
'rest2fResendInterval', 'rest2fAuthnLevel',
|
||||
'rest2fLabel', 'rest2fLogo'
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
|
@ -552,22 +552,18 @@ sub tests {
|
|||
}
|
||||
|
||||
# Use WebAuthn
|
||||
if ( $conf->{webauthn2fActivation} )
|
||||
{
|
||||
if ( $conf->{webauthn2fActivation} ) {
|
||||
eval "use Authen::WebAuthn";
|
||||
return ( 1,
|
||||
"Authen::WebAuthn module is required to enable WebAuthn"
|
||||
) if ($@);
|
||||
"Authen::WebAuthn module is required to enable WebAuthn" )
|
||||
if ($@);
|
||||
}
|
||||
|
||||
# WebAuthn requires https://
|
||||
if ( $conf->{webauthn2fActivation} )
|
||||
{
|
||||
my $portal_uri = URI->new($conf->{portal});
|
||||
unless ($portal_uri->scheme eq "https") {
|
||||
return ( 1,
|
||||
"WebAuthn requires HTTPS"
|
||||
);
|
||||
if ( $conf->{webauthn2fActivation} ) {
|
||||
my $portal_uri = URI->new( $conf->{portal} );
|
||||
unless ( $portal_uri->scheme eq "https" ) {
|
||||
return ( 1, "WebAuthn requires HTTPS" );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -110,11 +110,11 @@ categories =
|
|||
dateTitle: ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen']
|
||||
connectionTitle: ['ipAddr', '_timezone', '_url']
|
||||
authenticationTitle:['_session_id', '_user', '_password', 'authenticationLevel']
|
||||
modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti']
|
||||
modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti', '_2f']
|
||||
saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump']
|
||||
groups: ['groups', 'hGroups']
|
||||
ldap: ['dn']
|
||||
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token']
|
||||
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token', '_oidc_refresh_token', '_oidc_access_token_eol']
|
||||
sfaTitle: ['_2fDevices']
|
||||
oidcConsents: ['_oidcConsents']
|
||||
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
#navbar {
|
||||
background-color: #ffb84d;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
#navbar{background-color:#ffb84d}
|
|
@ -146,6 +146,13 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
|
||||
"title" : "casSrvMetaDataOptionsIcon"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsResolutionRule",
|
||||
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsResolutionRule",
|
||||
"title" : "casSrvMetaDataOptionsResolutionRule",
|
||||
"type" : "longtext"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
|
||||
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
|
||||
|
@ -362,6 +369,13 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
|
||||
"title" : "oidcOPMetaDataOptionsIcon"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsResolutionRule",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsResolutionRule",
|
||||
"title" : "oidcOPMetaDataOptionsResolutionRule",
|
||||
"type" : "longtext"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
|
||||
|
@ -695,6 +709,13 @@ function templates(tpl,key) {
|
|||
},
|
||||
{
|
||||
"_nodes" : [
|
||||
{
|
||||
"default" : 0,
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutBypassConfirm",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutBypassConfirm",
|
||||
"title" : "oidcRPMetaDataOptionsLogoutBypassConfirm",
|
||||
"type" : "bool"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
|
||||
|
@ -976,13 +997,6 @@ function templates(tpl,key) {
|
|||
},
|
||||
{
|
||||
"_nodes" : [
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
|
||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
|
||||
"title" : "samlIDPMetaDataOptionsResolutionRule",
|
||||
"type" : "longtext"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsNameIDFormat",
|
||||
|
@ -1114,6 +1128,13 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
|
||||
"title" : "samlIDPMetaDataOptionsIcon"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
|
||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
|
||||
"title" : "samlIDPMetaDataOptionsResolutionRule",
|
||||
"type" : "longtext"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
|
||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -122,11 +122,11 @@
|
|||
dateTitle: ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen'],
|
||||
connectionTitle: ['ipAddr', '_timezone', '_url'],
|
||||
authenticationTitle: ['_session_id', '_user', '_password', 'authenticationLevel'],
|
||||
modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti'],
|
||||
modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti', '_2f'],
|
||||
saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump'],
|
||||
groups: ['groups', 'hGroups'],
|
||||
ldap: ['dn'],
|
||||
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token'],
|
||||
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token', '_oidc_refresh_token', '_oidc_access_token_eol'],
|
||||
sfaTitle: ['_2fDevices'],
|
||||
oidcConsents: ['_oidcConsents']
|
||||
};
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"إلغاء",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"التفعيل في استمارة تسجيل الدخول",
|
||||
"captcha_mail_enabled":"التفعيل في إعادة تعيين كلمة المرور بواسطة استمارة البريد",
|
||||
"captcha_register_enabled":"التفعيل في استمارة التسجيل",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"مسارالأيقونة",
|
||||
"casSrvMetaDataOptionsProxiedServices":"خدمات البروكسي",
|
||||
"casSrvMetaDataOptionsRenew":"تجديد إثبات الهوية",
|
||||
"casSrvMetaDataOptionsResolutionRule":"حل القاعدة",
|
||||
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||
"casSrvMetaDataOptionsUrl":" يو أر ل الخادم",
|
||||
"casSrvName":"اسم خادم كاس",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Code regex",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"شعار",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"هوية تطبيق فاسيبوك",
|
||||
"facebookAppSecret":"كلمة السرلتطبيق فاسيبوك",
|
||||
"facebookAuthnLevel":"مستوى إثبات الهوية",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Code regex",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"شعار",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"مفتاح الجلسة الذي يحتوي على عنوان البريد الإلكتروني",
|
||||
"mail2fSubject":"نجاح عنوان البريد",
|
||||
"mail2fTimeout":"Code timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"الحد الأقصى للعمر",
|
||||
"oidcOPMetaDataOptionsPrompt":"عاجل",
|
||||
"oidcOPMetaDataOptionsProtocol":"بروتوكول",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"حل القاعدة",
|
||||
"oidcOPMetaDataOptionsScope":"نطاق",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"مخزن تعريف التوكن",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"خوارزمية توقيع آي دي التوكن",
|
||||
"oidcRPMetaDataOptionsIcon":"شعار",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"تجاوز تأكيد",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"جلسة مطلوب",
|
||||
"oidcRPMetaDataOptionsLogoutType":"نوع",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"يو آر إل",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalErrorOnExpiredSession":"عرض الخطأ في الجلسة المنتهية صلحيتها",
|
||||
"portalErrorOnMailNotFound":"إظهار الخطأ في البريد الغيرالموجود",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"فرض إثبات الهوية",
|
||||
"portalForceAuthnInterval":"فرض الفاصل الزمني لإثبات الهوية",
|
||||
"portalMainLogo":"Main logo",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"يتطلب توكن للإستمارة",
|
||||
"rest2f":"REST second factor",
|
||||
"rest2fActivation":"تفعيل",
|
||||
"rest2fCodeActivation":"Code regex",
|
||||
"rest2fAuthnLevel":"مستوى إثبات الهوية",
|
||||
"rest2fInitArgs":"Init arguments",
|
||||
"rest2fInitUrl":"Init URL",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"شعار",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verify arguments",
|
||||
"rest2fVerifyUrl":"Verify URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"احفظ التقرير",
|
||||
"savingConfirmation":"حفظ التأكيد",
|
||||
"scope":"نطاق",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Search...",
|
||||
"secondFactors":"Second factors",
|
||||
"securedCookie":"ملفات تعريف الارتباط المضمونة (سسل)",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"جلسة( أو جلسات )",
|
||||
"sessions":"الجلسات",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
@ -1244,4 +1257,4 @@
|
|||
"yubikey2fUrl":"خدمة أل يو أر ل",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"Cancel",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Activation in login form",
|
||||
"captcha_mail_enabled":"Activation in password reset by mail form",
|
||||
"captcha_register_enabled":"Activation in register form",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Icon path",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
|
||||
"casSrvMetaDataOptionsRenew":"Renew authentication",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||
"casSrvMetaDataOptionsUrl":"Server URL",
|
||||
"casSrvName":"CAS Server Name",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Code regex",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"Facebook application ID",
|
||||
"facebookAppSecret":"Facebook application secret",
|
||||
"facebookAuthnLevel":"Authentication level",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Code regex",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Session key containing mail address",
|
||||
"mail2fSubject":"Mail subject",
|
||||
"mail2fTimeout":"Code timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Max age",
|
||||
"oidcOPMetaDataOptionsPrompt":"Prompt",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocol",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"oidcOPMetaDataOptionsScope":"Scope",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"ID Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalErrorOnExpiredSession":"Show error on expired session",
|
||||
"portalErrorOnMailNotFound":"Show error on mail not found",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"Force authentication",
|
||||
"portalForceAuthnInterval":"Force authentication interval",
|
||||
"portalMainLogo":"Main logo",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"Require token for forms",
|
||||
"rest2f":"REST second factor",
|
||||
"rest2fActivation":"Activation",
|
||||
"rest2fCodeActivation":"Code regex",
|
||||
"rest2fAuthnLevel":"Authentication level",
|
||||
"rest2fInitArgs":"Init arguments",
|
||||
"rest2fInitUrl":"Init URL",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verify arguments",
|
||||
"rest2fVerifyUrl":"Verify URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"Save report",
|
||||
"savingConfirmation":"Saving confirmation",
|
||||
"scope":"Scope",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Search...",
|
||||
"secondFactors":"Second factors",
|
||||
"securedCookie":"Secured Cookie (SSL)",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"Sessions",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"Cancelar",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Activación en formulario de acceso",
|
||||
"captcha_mail_enabled":"Activación en formulario de restauración por correo",
|
||||
"captcha_register_enabled":"Activación en formulario de registro",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Icon path",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Servicios proxificados",
|
||||
"casSrvMetaDataOptionsRenew":"Renovar autentificación",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"casSrvMetaDataOptionsSortNumber":"Orden",
|
||||
"casSrvMetaDataOptionsUrl":"URL de servicio",
|
||||
"casSrvName":"Nombre de servidor CAS",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Expresión regular",
|
||||
"ext2fLabel":"Etiqueta",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"Facebook application ID",
|
||||
"facebookAppSecret":"Facebook application secret",
|
||||
"facebookAuthnLevel":"Nivel de autentificación",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Regex",
|
||||
"mail2fLabel":"Etiqueta",
|
||||
"mail2fLogo":"Logotipo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Clave de sesión que contiene dirección de correo",
|
||||
"mail2fSubject":"Subject del correo",
|
||||
"mail2fTimeout":"Caducidad de código",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Max age",
|
||||
"oidcOPMetaDataOptionsPrompt":"Prompt",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocolo",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"oidcOPMetaDataOptionsScope":"Ámbito",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Orden",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Guardar token ID",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algoritmo de firma del token ID",
|
||||
"oidcRPMetaDataOptionsIcon":"Logotipo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirmar",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Se requiere sesión",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Tipo",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalErrorOnExpiredSession":"Mostrar error en sesión caducada",
|
||||
"portalErrorOnMailNotFound":"Mostrar error cuando no se encuentra el email",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"Forzar autentificación",
|
||||
"portalForceAuthnInterval":"Force authentication interval",
|
||||
"portalMainLogo":"Logotipo principal",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"Require token for forms",
|
||||
"rest2f":"Previo",
|
||||
"rest2fActivation":"Activación",
|
||||
"rest2fCodeActivation":"Expresión regular",
|
||||
"rest2fAuthnLevel":"Nivel de autentificación",
|
||||
"rest2fInitArgs":"Argumentos de inicio",
|
||||
"rest2fInitUrl":"URL de inicio",
|
||||
"rest2fLabel":"Etiqueta",
|
||||
"rest2fLogo":"Logotipo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verificar argumentos",
|
||||
"rest2fVerifyUrl":"Verificar URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"Salvar informe",
|
||||
"savingConfirmation":"Salvando confirmación",
|
||||
"scope":"Ámbito",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Buscar...",
|
||||
"secondFactors":"Segundos factores",
|
||||
"securedCookie":"Cookie segura (SSL)",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"sesión(es)",
|
||||
"sessions":"Sesiones",
|
||||
"sfExtra":"Segundos factores adicionales",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
@ -1244,4 +1257,4 @@
|
|||
"yubikey2fUrl":"URL de servicio",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Temps maximum de verrouillage",
|
||||
"bruteForceProtectionTempo":"Temps de verrouillage",
|
||||
"cancel":"Annuler",
|
||||
"captcha":"Module Captcha",
|
||||
"captchaCustom":"Module Captcha personnalisé",
|
||||
"captchaOptions":"Options du module Captcha",
|
||||
"captcha_login_enabled":"Activation dans le formulaire d'authentification",
|
||||
"captcha_mail_enabled":"Activation dans le formulaire de réinitialisation par mail",
|
||||
"captcha_register_enabled":"Activation dans le formulaire de création de compte",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Chemin de l'icône",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Services mandatés",
|
||||
"casSrvMetaDataOptionsRenew":"Renouveler l'authentification",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Règle de résolution",
|
||||
"casSrvMetaDataOptionsSortNumber":"Ordre",
|
||||
"casSrvMetaDataOptionsUrl":"URL du serveur",
|
||||
"casSrvName":"Nom du serveur CAS",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Expression régulière pour la génération du code",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Intervalle de retransmission",
|
||||
"facebookAppId":"ID de l'application Facebook",
|
||||
"facebookAppSecret":"Secret de l'application Facebook",
|
||||
"facebookAuthnLevel":"Niveau d'authentification",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Expression régulière pour la génération du code",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Intervalle de retransmission",
|
||||
"mail2fSessionKey":"Clef de session contenant l'adresse email",
|
||||
"mail2fSubject":"Sujet du message d'envoi du code",
|
||||
"mail2fTimeout":"Délai d'expiration du code",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Age maximum",
|
||||
"oidcOPMetaDataOptionsPrompt":"Interaction",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocole",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Règle de résolution",
|
||||
"oidcOPMetaDataOptionsScope":"Scope",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Ordre",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Conserver le jeton d'identité",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Forcer la publication des attributs dans le jeton d'identité",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algorithme de signature des jetons d'identité",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Contourner la confirmation",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session requise",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Permettre d'afficher le mot de passe",
|
||||
"portalErrorOnExpiredSession":"Affiche une erreur si la session est expirée",
|
||||
"portalErrorOnMailNotFound":"Affiche une erreur si le mail n'est pas trouvé",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"Authentification forcée",
|
||||
"portalForceAuthnInterval":"Intervalle d'authentification forcée",
|
||||
"portalMainLogo":"Logo principal",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"Exiger un jeton pour les formulaires",
|
||||
"rest2f":"Second facteur REST",
|
||||
"rest2fActivation":"Activation",
|
||||
"rest2fCodeActivation":"Expression régulière pour la génération du code",
|
||||
"rest2fAuthnLevel":"Niveau d'authentification",
|
||||
"rest2fInitArgs":"Arguments d'initialisation",
|
||||
"rest2fInitUrl":"URL d'initialisation",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Intervalle de retransmission",
|
||||
"rest2fVerifyArgs":"Arguments de vérification",
|
||||
"rest2fVerifyUrl":"URL de vérification",
|
||||
"restAuthServer":"Serveur d'authentification",
|
||||
|
@ -1053,7 +1064,8 @@
|
|||
"saveReport":"Rapport de sauvegarde",
|
||||
"savingConfirmation":"Confirmation de sauvegarde",
|
||||
"scope":"Scope",
|
||||
"search":"Rechercher ...",
|
||||
"scrollTop":"Retour en haut de page",
|
||||
"search":"Rechercher...",
|
||||
"secondFactors":"Seconds facteurs",
|
||||
"securedCookie":"Cookie sécurisé (HTTPS)",
|
||||
"security":"Sécurité",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"Sessions",
|
||||
"sfExtra":"Seconds facteurs additionnels",
|
||||
"sfLoginTimeout":"Délai maximum d'authentification",
|
||||
"sfManagerRule":"Afficher le lien du Gestionnaire",
|
||||
"sfOnlyUpgrade":"Utiliser le SF pour augmenter le niveau d'authentification",
|
||||
"sfRegisterTimeout":"Délai d'expiration de l'enregistrement",
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"זמן הנעילה המרבי",
|
||||
"bruteForceProtectionTempo":"זמן נעילה",
|
||||
"cancel":"ביטול",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"הפעלה בטופס הכניסה",
|
||||
"captcha_mail_enabled":"הפעלה באיפוס סיסמה בטופס בדוא״ל",
|
||||
"captcha_register_enabled":"הפעלה בטופס הרשמה",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"נתיב לסמל",
|
||||
"casSrvMetaDataOptionsProxiedServices":"שירותים מתווכים",
|
||||
"casSrvMetaDataOptionsRenew":"חידוש אימות",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"casSrvMetaDataOptionsSortNumber":"סדר",
|
||||
"casSrvMetaDataOptionsUrl":"כתובת שרת",
|
||||
"casSrvName":"CAS Server Name",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Code regex",
|
||||
"ext2fLabel":"תווית",
|
||||
"ext2fLogo":"לוגו",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"מזהה יישום פייסבוק",
|
||||
"facebookAppSecret":"סוג יישום פייסבוק",
|
||||
"facebookAuthnLevel":"דרגת אימות",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Code regex",
|
||||
"mail2fLabel":"תווית",
|
||||
"mail2fLogo":"לוגו",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"מפתח הפעלה שמכיל כתובת דוא״ל",
|
||||
"mail2fSubject":"נושא הדוא״ל",
|
||||
"mail2fTimeout":"Code timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"גיל מרבי",
|
||||
"oidcOPMetaDataOptionsPrompt":"Prompt",
|
||||
"oidcOPMetaDataOptionsProtocol":"פרוטוקול",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"oidcOPMetaDataOptionsScope":"היקף",
|
||||
"oidcOPMetaDataOptionsSortNumber":"סדר",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"אלגוריתם חתימת אסימון זיהוי",
|
||||
"oidcRPMetaDataOptionsIcon":"לוגו",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"עקוף את האישור",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"נדרשת הפעלה",
|
||||
"oidcRPMetaDataOptionsLogoutType":"סוג",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"כתובת",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalErrorOnExpiredSession":"Show error on expired session",
|
||||
"portalErrorOnMailNotFound":"Show error on mail not found",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"אילוץ אימות",
|
||||
"portalForceAuthnInterval":"Force authentication interval",
|
||||
"portalMainLogo":"לוגו ראשי",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"דרישת אסימון לטפסים",
|
||||
"rest2f":"אימות דו־שלבי ב־REST",
|
||||
"rest2fActivation":"הפעלה",
|
||||
"rest2fCodeActivation":"Code regex",
|
||||
"rest2fAuthnLevel":"דרגת אימות",
|
||||
"rest2fInitArgs":"Init arguments",
|
||||
"rest2fInitUrl":"כתובת אתחול",
|
||||
"rest2fLabel":"תווית",
|
||||
"rest2fLogo":"לוגו",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verify arguments",
|
||||
"rest2fVerifyUrl":"כתובת וידוא",
|
||||
"restAuthServer":"שרת אימות",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"שמירת דוח",
|
||||
"savingConfirmation":"Saving confirmation",
|
||||
"scope":"היקף",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"חיפוש…",
|
||||
"secondFactors":"Second factors",
|
||||
"securedCookie":"Secured Cookie (SSL)",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"הפעלות",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
@ -1244,4 +1257,4 @@
|
|||
"yubikey2fUrl":"כתובת שירות",
|
||||
"yubikey2fUserCanRemoveKey":"לאפשר למשתמש להסיר Yubikey",
|
||||
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"Cancella",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Attivazione nel modulo di login",
|
||||
"captcha_mail_enabled":"Attivazione della reimpostazione della password tramite modulo di posta",
|
||||
"captcha_register_enabled":"Attivazione nel formulario di registro",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Path icona",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Servizi Proxied",
|
||||
"casSrvMetaDataOptionsRenew":"Rinnova l'autenticazione",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Regola di risoluzione",
|
||||
"casSrvMetaDataOptionsSortNumber":"Ordine",
|
||||
"casSrvMetaDataOptionsUrl":"URL del server",
|
||||
"casSrvName":"NOme del Server CAS",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Codice regex",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"ID dell'applicazione Facebook",
|
||||
"facebookAppSecret":"Segreto dell'applicazione Facebook",
|
||||
"facebookAuthnLevel":"Livello di autenticazione",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Codice regex",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Chiave di sessione contenente l'indirizzo di posta",
|
||||
"mail2fSubject":"Oggetto della mail",
|
||||
"mail2fTimeout":"Codice timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Età massima",
|
||||
"oidcOPMetaDataOptionsPrompt":"Richiesta",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocollo",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Regola di risoluzione",
|
||||
"oidcOPMetaDataOptionsScope":"Scopo",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Ordine",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Immagazzina ID Token",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algoritmo di firma di identificazione di Token",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Conferma di bypass",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Sessione necessaria",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Tipo",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalErrorOnExpiredSession":"Mostra errore nella sessione scaduta",
|
||||
"portalErrorOnMailNotFound":"Mostra errore sulla posta non trovata",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"Forza l'autenticazione",
|
||||
"portalForceAuthnInterval":"Forza intervallo di autenticazione",
|
||||
"portalMainLogo":"Logo principale",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"Richiede il token per i moduli",
|
||||
"rest2f":"REST secondo fattore",
|
||||
"rest2fActivation":"Attivazione",
|
||||
"rest2fCodeActivation":"Codice regex",
|
||||
"rest2fAuthnLevel":"Livello di autenticazione",
|
||||
"rest2fInitArgs":"Argomenti di init",
|
||||
"rest2fInitUrl":"URL iniziale",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verifica argomenti",
|
||||
"rest2fVerifyUrl":"Verifica UR",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"Salva report",
|
||||
"savingConfirmation":"Salvataggio della conferma",
|
||||
"scope":"Ambito",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Cerca...",
|
||||
"secondFactors":"Secondi fattori",
|
||||
"securedCookie":"Cookie protetti (SSL)",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"sessione(i)",
|
||||
"sessions":"Sessioni",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
@ -1244,4 +1257,4 @@
|
|||
"yubikey2fUrl":"URL del servizio",
|
||||
"yubikey2fUserCanRemoveKey":"Autorizza l'utente a rimuovere la Yubikey",
|
||||
"zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -76,8 +76,8 @@
|
|||
"authAndUserdb":"Authz i baza danych użytkownika",
|
||||
"authChain":"Łańcuch uwierzytelnienia",
|
||||
"authChoice":"Wybór uwierzytelnienia",
|
||||
"authChoiceAuthBasic":"Choice used for password authentication",
|
||||
"authChoiceFindUser":"Choice used for searching user account",
|
||||
"authChoiceAuthBasic":"Wybór używany do uwierzytelniania hasłem",
|
||||
"authChoiceFindUser":"Wybór używany do wyszukiwania konta użytkownika",
|
||||
"authChoiceModules":"Dozwolone moduły",
|
||||
"authChoiceParam":"Parametr adresu URL",
|
||||
"authOnly":"Tylko uwierzytelnianie",
|
||||
|
@ -128,9 +128,12 @@
|
|||
"bruteForceProtectionLockTimes":"Przyrostowe czasy blokady",
|
||||
"bruteForceProtectionMaxAge":"Maksymalny czas ważności",
|
||||
"bruteForceProtectionMaxFailed":"Dozwolone nieudane logowania",
|
||||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionMaxLockTime":"Maksymalny czas blokady",
|
||||
"bruteForceProtectionTempo":"Czas blokady",
|
||||
"cancel":"Anuluj",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Aktywacja w formularzu logowania",
|
||||
"captcha_mail_enabled":"Aktywacja przy resetowaniu hasła za pomocą formularza pocztowego",
|
||||
"captcha_register_enabled":"Aktywacja w formularzu rejestracji",
|
||||
|
@ -161,13 +164,14 @@
|
|||
"casSrvMetaDataOptionsIcon":"Ścieżka ikony",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Usługi proxy",
|
||||
"casSrvMetaDataOptionsRenew":"Odnów uwierzytelnianie",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Reguła rozstrzygania",
|
||||
"casSrvMetaDataOptionsSortNumber":"Kolejność",
|
||||
"casSrvMetaDataOptionsUrl":"URL serwera",
|
||||
"casSrvName":"Nazwa serwera CAS",
|
||||
"casStorage":"Nazwa modułu sesji CAS",
|
||||
"casStorageOptions":"Opcje modułu sesji CAS",
|
||||
"casStrictMatching":"Use strict URL matching",
|
||||
"casTicketExpiration":"Temporary ticket lifetime",
|
||||
"casStrictMatching":"Użyj ścisłego dopasowania adresów URL",
|
||||
"casTicketExpiration":"Czas życia biletu tymczasowego",
|
||||
"categoryName":"Nazwa Kategorii",
|
||||
"cda":"Wiele domen",
|
||||
"certificateMailContent":"Treść wiadomości",
|
||||
|
@ -183,9 +187,9 @@
|
|||
"cfgLog":"Podsumowanie",
|
||||
"cfgVersion":"Wersja konfiguracji",
|
||||
"checkDevOps":"Aktywacja",
|
||||
"checkDevOpsCheckSessionAttributes":"Check session attributes",
|
||||
"checkDevOpsDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkDevOpsDownload":"Download file",
|
||||
"checkDevOpsCheckSessionAttributes":"Sprawdź atrybuty sesji",
|
||||
"checkDevOpsDisplayNormalizedHeaders":"Wyświetl znormalizowane nagłówki",
|
||||
"checkDevOpsDownload":"Pobieranie pliku",
|
||||
"checkState":"Aktywacja",
|
||||
"checkStateSecret":"Współdzielony sekret",
|
||||
"checkUser":"Aktywacja",
|
||||
|
@ -194,7 +198,7 @@
|
|||
"checkUserDisplayEmptyHeaders":"Puste nagłówki",
|
||||
"checkUserDisplayEmptyValues":"Puste wartości",
|
||||
"checkUserDisplayHiddenAttributes":"Ukryte atrybuty",
|
||||
"checkUserDisplayHistory":"History",
|
||||
"checkUserDisplayHistory":"Historia",
|
||||
"checkUserDisplayNormalizedHeaders":"Znormalizowane nagłówki",
|
||||
"checkUserDisplayPersistentInfo":"Trwałe dane sesji",
|
||||
"checkUserHiddenAttributes":"Ukryte atrybuty",
|
||||
|
@ -249,7 +253,7 @@
|
|||
"crowdsec":"Aktywacja",
|
||||
"crowdsecAction":"Akcja",
|
||||
"crowdsecKey":"Klucz API",
|
||||
"crowdsecUrl":"Base URL of local API",
|
||||
"crowdsecUrl":"Podstawowy adres URL lokalnego API",
|
||||
"cspConnect":"Miejsca docelowe Ajax",
|
||||
"cspDefault":"Domyślna wartość",
|
||||
"cspFont":"Źródło czcionek",
|
||||
|
@ -285,8 +289,8 @@
|
|||
"dbiAuthUser":"Użytkownik",
|
||||
"dbiAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"dbiConnection":"Połączenie",
|
||||
"dbiConnectionAuth":"Authentication process",
|
||||
"dbiConnectionUser":"User process",
|
||||
"dbiConnectionAuth":"Proces uwierzytelniania",
|
||||
"dbiConnectionUser":"Proces użytkownika",
|
||||
"dbiDynamicHash":"dynamiczne haszowanie",
|
||||
"dbiDynamicHashEnabled":"aktywacja dynamicznego haszowania",
|
||||
"dbiDynamicHashNewPasswordScheme":"Dynamiczny schemat haszowania dla nowych haseł",
|
||||
|
@ -315,7 +319,7 @@
|
|||
"demoParams":"Parametry demonstracyjne",
|
||||
"description":"Opis",
|
||||
"dest":"Odbiorca",
|
||||
"devOpsCheck":"Check DevOps handler file",
|
||||
"devOpsCheck":"Sprawdź plik obsługi DevOps",
|
||||
"diffViewer":"Przeglądarka różnic",
|
||||
"diffWithPrevious":"różnica w stosunku do poprzednich",
|
||||
"disablePersistentStorage":"Wyłącz przechowywanie",
|
||||
|
@ -350,13 +354,14 @@
|
|||
"ext2fCodeActivation":"Wyrażenie regularne kodu",
|
||||
"ext2fLabel":"Etykieta",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"Identyfikator aplikacji na Facebooku",
|
||||
"facebookAppSecret":"Sekret aplikacji na Facebooku",
|
||||
"facebookAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"facebookExportedVars":"Wyeksportowane zmienne",
|
||||
"facebookParams":"Parametry Facebooka",
|
||||
"facebookUserField":"Pole zawierające identyfikator użytkownika",
|
||||
"failedLoginNumber":"Max failed logins count",
|
||||
"failedLoginNumber":"Maksymalna liczba nieudanych logowań",
|
||||
"fileToUpload":"Plik do przesłania",
|
||||
"findUser":"Aktywacja",
|
||||
"findUserControl":"Kontrola parametrów",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Wyrażenie regularne kodu",
|
||||
"mail2fLabel":"Etykieta",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Klucz sesji zawierający adres e-mail",
|
||||
"mail2fSubject":"Temat wiadomości",
|
||||
"mail2fTimeout":"Limit czasu kodu",
|
||||
|
@ -575,13 +581,13 @@
|
|||
"newGrantRule":"Nowa reguła przyznawania",
|
||||
"newHost":"Nowy host",
|
||||
"newLocationWarning":"Aktywacja",
|
||||
"newLocationWarningLocationAttribute":"Session attribute containing location",
|
||||
"newLocationWarningLocationDisplayAttribute":"Session attribute to display",
|
||||
"newLocationWarningMailAttribute":"Session mail attribute",
|
||||
"newLocationWarningMailBody":"Warning mail content",
|
||||
"newLocationWarningMailSubject":"Warning mail subject",
|
||||
"newLocationWarningMaxValues":"Maximum number of locations to consider",
|
||||
"newLocationWarnings":"New location warning",
|
||||
"newLocationWarningLocationAttribute":"Atrybut sesji zawierający lokalizację",
|
||||
"newLocationWarningLocationDisplayAttribute":"Atrybut sesji do wyświetlenia",
|
||||
"newLocationWarningMailAttribute":"Atrybut poczty sesji",
|
||||
"newLocationWarningMailBody":"Treść wiadomości z ostrzeżeniem",
|
||||
"newLocationWarningMailSubject":"Temat wiadomości z ostrzeżeniem",
|
||||
"newLocationWarningMaxValues":"Maksymalna liczba lokalizacji do rozważenia",
|
||||
"newLocationWarnings":"Ostrzeżenie o nowej lokalizacji",
|
||||
"newPost":"Nowy formularz powtórzenia",
|
||||
"newPostVar":"Nowa zmienna",
|
||||
"newRSAKey":"Nowe klucze",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Maksymalny czas ważności",
|
||||
"oidcOPMetaDataOptionsPrompt":"Prompt",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protokół",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Reguła rozstrzygania",
|
||||
"oidcOPMetaDataOptionsScope":"Zakres",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Kolejność",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Przechowuj token identyfikacyjny",
|
||||
|
@ -662,13 +669,13 @@
|
|||
"oidcParams":"Parametry OpenID Connect",
|
||||
"oidcRP":"Strona zależna od OpenID Connect",
|
||||
"oidcRPCallbackGetParam":"Parametr GET wywołania zwrotnego",
|
||||
"oidcRPMetaDataExportedVars":"Exported attributes (claims)",
|
||||
"oidcRPMetaDataExportedVars":"Wyeksportowane atrybuty (claims)",
|
||||
"oidcRPMetaDataMacros":"Makra",
|
||||
"oidcRPMetaDataNode":"Strony zależne od OpenID Connect",
|
||||
"oidcRPMetaDataNodes":"Strony zależne od OpenID Connect",
|
||||
"oidcRPMetaDataOptions":"Opcje",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Zwolnij oświadczenia w tokenie dostępu",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Access Tokens",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Tokeny dostępowy",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Użyj formatu JWT dla tokenu dostępu",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Algorytm podpisu tokena dostępu",
|
||||
"oidcRPMetaDataOptionsAdditionalAudiences":"Dodatkowi odbiorcy",
|
||||
|
@ -677,18 +684,19 @@
|
|||
"oidcRPMetaDataOptionsAllowOffline":"Zezwalaj na dostęp offline",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Zezwól na przyznanie hasła OAuth2.0",
|
||||
"oidcRPMetaDataOptionsAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Codes",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Kody autoryzacyjne",
|
||||
"oidcRPMetaDataOptionsBasic":"Podstawowy",
|
||||
"oidcRPMetaDataOptionsBypassConsent":"Obejdź zgodę",
|
||||
"oidcRPMetaDataOptionsClientID":"Identyfikator klienta",
|
||||
"oidcRPMetaDataOptionsClientSecret":"Sekret klienta",
|
||||
"oidcRPMetaDataOptionsDisplay":"Wyświetlanie",
|
||||
"oidcRPMetaDataOptionsDisplayName":"Wyświetlana nazwa",
|
||||
"oidcRPMetaDataOptionsExtraClaims":"Scope values content",
|
||||
"oidcRPMetaDataOptionsIDTokenExpiration":"ID Tokens",
|
||||
"oidcRPMetaDataOptionsExtraClaims":"Treść wartości zakresu",
|
||||
"oidcRPMetaDataOptionsIDTokenExpiration":"Tokeny identyfikacyjne",
|
||||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Wymuś zwrot roszczeń w tokenie identyfikacyjnym",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algorytm podpisu tokena identyfikacyjnego",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Potwierdzenie obejścia",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Wymagana sesja",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Rodzaj",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -701,7 +709,7 @@
|
|||
"oidcRPMetaDataOptionsRule":"Reguła dostępu",
|
||||
"oidcRPMetaDataOptionsTimeouts":"Limit czasu",
|
||||
"oidcRPMetaDataOptionsUserIDAttr":"Atrybut użytkownika",
|
||||
"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format",
|
||||
"oidcRPMetaDataOptionsUserInfoSignAlg":"Format odpowiedzi UserInfo",
|
||||
"oidcRPMetaDataScopeRules":"Zasady dotyczące zakresu",
|
||||
"oidcRPName":"Nazwa RP OpenID Connect",
|
||||
"oidcRPStateTimeout":"Limit czasu sesji stanowej",
|
||||
|
@ -711,10 +719,10 @@
|
|||
"oidcServiceAllowHybridFlow":"Przepływ hybrydowy",
|
||||
"oidcServiceAllowImplicitFlow":"Implikowany przepływ",
|
||||
"oidcServiceAllowOffline":"Zezwalaj na dostęp offline",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Authorization Code",
|
||||
"oidcServiceDynamicRegistration":"Dynamic registration",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Zezwalaj tylko na zadeklarowane zakresy",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Kod autoryzacji",
|
||||
"oidcServiceDynamicRegistration":"Rejestracja dynamiczna",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Wyeksportowane zmienne",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Dodatkowe roszczenia",
|
||||
"oidcServiceIDTokenExpiration":"Token identyfikacyjny",
|
||||
"oidcServiceKeyIdSig":"Identyfikator klucza podpisu",
|
||||
|
@ -723,7 +731,7 @@
|
|||
"oidcServiceMetaDataAuthorizeURI":"Autoryzacja",
|
||||
"oidcServiceMetaDataBackChannelURI":"Identyfikator URI kanału zwrotnego",
|
||||
"oidcServiceMetaDataCheckSessionURI":"Sprawdź sesję",
|
||||
"oidcServiceMetaDataEndPoints":"Endpoints",
|
||||
"oidcServiceMetaDataEndPoints":"Punkty końcowe",
|
||||
"oidcServiceMetaDataEndSessionURI":"Koniec sesji",
|
||||
"oidcServiceMetaDataFrontChannelURI":"Identyfikator URI kanału przedniego",
|
||||
"oidcServiceMetaDataIntrospectionURI":"Introspekcja",
|
||||
|
@ -734,9 +742,9 @@
|
|||
"oidcServiceMetaDataSecurity":"Bezpieczeństwo",
|
||||
"oidcServiceMetaDataSessions":"Sesje",
|
||||
"oidcServiceMetaDataTimeouts":"Limit czasu",
|
||||
"oidcServiceMetaDataTokenURI":"Tokens",
|
||||
"oidcServiceMetaDataTokenURI":"Tokeny",
|
||||
"oidcServiceMetaDataUserInfoURI":"Informacja o użytkowniku",
|
||||
"oidcServiceOfflineSessionExpiration":"Offline session",
|
||||
"oidcServiceOfflineSessionExpiration":"Sesja offline",
|
||||
"oidcServicePrivateKeySig":"Klucz prywatny podpisu",
|
||||
"oidcServicePublicKeySig":"Klucz publiczny podpisu",
|
||||
"oidcStorage":"Nazwa modułu sesji",
|
||||
|
@ -803,9 +811,10 @@
|
|||
"portalDisplayRefreshMyRights":"Wyświetl link do odświeżania praw",
|
||||
"portalDisplayRegister":"Zarejestruj Nowe Konto",
|
||||
"portalDisplayResetPassword":"Zresetuj hasło",
|
||||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalEnablePasswordDisplay":"Zezwól na wyświetlenie hasła",
|
||||
"portalErrorOnExpiredSession":"Pokaż błąd w wygasłej sesji",
|
||||
"portalErrorOnMailNotFound":"Pokaż błąd w poczcie nie znaleziono",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"Wymuś uwierzytelnienie",
|
||||
"portalForceAuthnInterval":"Wymuś interwał uwierzytelnienia",
|
||||
"portalMainLogo":"Główne logo",
|
||||
|
@ -830,12 +839,12 @@
|
|||
"previous":"Poprzedni",
|
||||
"privateKey":"Prywatny klucz",
|
||||
"proxyAuthService":"URL",
|
||||
"proxyAuthServiceChoiceParam":"Choice parameter",
|
||||
"proxyAuthServiceChoiceValue":"Choice value",
|
||||
"proxyAuthServiceChoiceParam":"Parametr wyboru",
|
||||
"proxyAuthServiceChoiceValue":"Wybór wartości",
|
||||
"proxyAuthServiceImpersonation":"Personifikacja",
|
||||
"proxyAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"proxyCookieName":"Nazwa ciasteczka",
|
||||
"proxyInternalPortal":"Internal Portal",
|
||||
"proxyInternalPortal":"Portal wewnętrzny",
|
||||
"proxyParams":"Parametry proxy",
|
||||
"proxySessionService":"Adres URL usługi sesji",
|
||||
"proxyUseSoap":"Użyj SOAP zamiast REST",
|
||||
|
@ -863,11 +872,11 @@
|
|||
"regexp":"Wyrażenie regularne",
|
||||
"regexps":"Wyrażenia regularne",
|
||||
"register":"Zarejestruj nowe konto",
|
||||
"registerConfirmBody":"Body for verification mail",
|
||||
"registerConfirmSubject":"Subject for verification mail",
|
||||
"registerConfirmBody":"Treść poczty weryfikacyjnej",
|
||||
"registerConfirmSubject":"Temat wiadomości weryfikacyjnej",
|
||||
"registerDB":"Moduł rejestracji",
|
||||
"registerDoneBody":"Body for credentials mail",
|
||||
"registerDoneSubject":"Subject for credentials mail",
|
||||
"registerDoneBody":"Treść poczty uwierzytelniającej",
|
||||
"registerDoneSubject":"Temat wiadomości z danymi uwierzytelniającymi",
|
||||
"registerTimeout":"Termin ważności wniosku o rejestrację",
|
||||
"registerUrl":"Zarejestruj adres URL strony",
|
||||
"reloadParams":"Załaduj ponownie konfigurację",
|
||||
|
@ -882,26 +891,28 @@
|
|||
"requireToken":"Wymagaj tokena do formularzy",
|
||||
"rest2f":"Drugi czynnik REST",
|
||||
"rest2fActivation":"Aktywacja",
|
||||
"rest2fCodeActivation":"Wyrażenie regularne kodu",
|
||||
"rest2fAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"rest2fInitArgs":"Początkowe argumenty",
|
||||
"rest2fInitUrl":"Początkowy adres URL",
|
||||
"rest2fLabel":"Etykieta",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Zweryfikuj argumenty",
|
||||
"rest2fVerifyUrl":"Zweryfikuj adres URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
"restAuthServer":"Serwer uwierzytelniania",
|
||||
"restAuthUrl":"Adres URL uwierzytelnienia",
|
||||
"restAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"restClockTolerance":"Server clock tolerance",
|
||||
"restConfigServer":"Configuration server",
|
||||
"restExportSecretKeys":"Export secret attributes",
|
||||
"restClockTolerance":"Tolerancja zegara serwera",
|
||||
"restConfigServer":"Serwer konfiguracji",
|
||||
"restExportSecretKeys":"Eksportuj tajne atrybuty",
|
||||
"restFindUserDBUrl":"Adres URL kont użytkowników",
|
||||
"restParams":"Parametry REST",
|
||||
"restPasswordServer":"Password reset server",
|
||||
"restPasswordServer":"Serwer resetowania hasła",
|
||||
"restPwdConfirmUrl":"Adres URL potwierdzenia hasła",
|
||||
"restPwdModifyUrl":"URL zmiany hasła",
|
||||
"restServices":"Usługa REST",
|
||||
"restSessionServer":"Session server",
|
||||
"restSessionServer":"Serwer sesji",
|
||||
"restUserDBUrl":"Adres URL danych użytkownika",
|
||||
"restore":"Przywróć",
|
||||
"restoreConf":"Przywróć konfigurację",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"Zapisz raport",
|
||||
"savingConfirmation":"Zapisuję potwierdzenie",
|
||||
"scope":"Zakres",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Szukaj...",
|
||||
"secondFactors":"Drugi czynnik",
|
||||
"securedCookie":"Bezpieczne pliki cookie (SSL)",
|
||||
|
@ -1072,9 +1084,10 @@
|
|||
"session_s":"sesja/e",
|
||||
"sessions":"Sesje",
|
||||
"sfExtra":"Dodatkowe drugie czynniki",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Link do Menedżera wyświetlania",
|
||||
"sfOnlyUpgrade":"Użyj 2FA do aktualizacji sesji",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
"sfRegisterTimeout":"Limit czasu rejestracji",
|
||||
"sfRemovedMsg":"Wyświetl komunikat, gdy przeterminowany 2FA został usunięty",
|
||||
"sfRemovedMsgRule":"Aktywacja",
|
||||
"sfRemovedNotifMsg":"Powiadomienie",
|
||||
|
@ -1100,9 +1113,9 @@
|
|||
"slaveMasterIP":"Adres IP mastera",
|
||||
"slaveParams":"Parametry slave",
|
||||
"slaveUserHeader":"Nagłówek logowania użytkownika",
|
||||
"soapConfigServer":"Configuration server",
|
||||
"soapConfigServer":"Serwer konfiguracji",
|
||||
"soapServices":"Usługa SOAP",
|
||||
"soapSessionServer":"Session server",
|
||||
"soapSessionServer":"Serwer sesji",
|
||||
"specialRule":"Reguła specjalna",
|
||||
"sslByAjax":"Użyj żądania Ajax",
|
||||
"sslHost":"Ajax SSL URL",
|
||||
|
@ -1111,13 +1124,13 @@
|
|||
"stateCheck":"Kontrola stanu",
|
||||
"stayConnect":"Trwałe połączenia",
|
||||
"stayConnected":"Aktywacja",
|
||||
"stayConnectedBypassFG":"Do not check fingerprint",
|
||||
"stayConnectedBypassFG":"Nie sprawdzaj odcisku palca",
|
||||
"stayConnectedCookieName":"Nazwa ciasteczka",
|
||||
"stayConnectedTimeout":"Data ważności",
|
||||
"storePassword":"Przechowuj hasło użytkownika w sesji",
|
||||
"string":"Łańcuch znaków",
|
||||
"subtitle":"Podtytuł",
|
||||
"successLoginNumber":"Max successful logins count",
|
||||
"successLoginNumber":"Maksymalna liczba udanych logowań",
|
||||
"successfullySaved":"Pomyślnie zapisano",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"Klucz sesji e-mail",
|
||||
|
@ -1135,9 +1148,9 @@
|
|||
"totp2fActivation":"Aktywacja",
|
||||
"totp2fAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"totp2fDigits":"Ilość cyfr",
|
||||
"totp2fEncryptSecret":"Encrypt TOTP secrets",
|
||||
"totp2fEncryptSecret":"Szyfruj sekrety TOTP",
|
||||
"totp2fInterval":"Interwał",
|
||||
"totp2fIssuer":"Issuer name",
|
||||
"totp2fIssuer":"Nazwa wystawcy",
|
||||
"totp2fLabel":"Etykieta",
|
||||
"totp2fLogo":"Logo",
|
||||
"totp2fRange":"Zakres prób",
|
||||
|
@ -1196,7 +1209,7 @@
|
|||
"vhostAccessToTrace":"Dostęp do śledzenia",
|
||||
"vhostAliases":"Aliasy",
|
||||
"vhostAuthnLevel":"Wymagany poziom uwierzytelnienia",
|
||||
"vhostDevOpsRulesUrl":"DevOps rules file URL",
|
||||
"vhostDevOpsRulesUrl":"Adres URL pliku reguł DevOps",
|
||||
"vhostHttps":"HTTPS",
|
||||
"vhostMaintenance":"Tryb konserwacji",
|
||||
"vhostOptions":"Opcje",
|
||||
|
@ -1222,9 +1235,9 @@
|
|||
"webauthn2fLogo":"Logo",
|
||||
"webauthn2fSelfRegistration":"Samodzielna rejestracja",
|
||||
"webauthn2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć WebAuthn",
|
||||
"webauthn2fUserVerification":"User verification",
|
||||
"webauthnDisplayNameAttr":"User Display Name attribute",
|
||||
"webauthnRpName":"Relying Party display name",
|
||||
"webauthn2fUserVerification":"Weryfikacja użytkownika",
|
||||
"webauthnDisplayNameAttr":"Atrybut nazwy wyświetlanej użytkownika",
|
||||
"webauthnRpName":"Wyświetlana nazwa strony uzależnionej",
|
||||
"webidParams":"Parametry WebID",
|
||||
"whatToTrace":"REMOTE_USER",
|
||||
"whiteList":"Biała lista",
|
||||
|
@ -1244,4 +1257,4 @@
|
|||
"yubikey2fUrl":"URL usługi",
|
||||
"yubikey2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć Yubikey",
|
||||
"zeroConfExplanations":"Serwer nie ma konfiguracji. Użyj szablonu, aby zapisać pierwszy."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maksimum kilit süresi",
|
||||
"bruteForceProtectionTempo":"Kilit süresi",
|
||||
"cancel":"İptal Et",
|
||||
"captcha":"Captcha modülü",
|
||||
"captchaCustom":"Captcha modülünü özelleştir",
|
||||
"captchaOptions":"Captcha modülü seçenekleri",
|
||||
"captcha_login_enabled":"Giriş formunda aktivasyon",
|
||||
"captcha_mail_enabled":"E-posta formu tarafından parola sıfırlamada aktivasyon",
|
||||
"captcha_register_enabled":"Kayıt formunda aktivasyon",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"İkon yolu",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Vekil sunucu servisleri",
|
||||
"casSrvMetaDataOptionsRenew":"Kimlik doğrulamayı yenile",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Çözünürlük kuralı",
|
||||
"casSrvMetaDataOptionsSortNumber":"Sıra",
|
||||
"casSrvMetaDataOptionsUrl":"Sunucu URL'si",
|
||||
"casSrvName":"CAS Sunucu Adı",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Düzenli ifade kodla",
|
||||
"ext2fLabel":"Etiket",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"Facebook uygulama ID",
|
||||
"facebookAppSecret":"Facebook uygulama gizli anahtar",
|
||||
"facebookAuthnLevel":"Doğrulama seviyesi",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Düzenli ifade kodla",
|
||||
"mail2fLabel":"Etiket",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Oturum anahtarı e-posta adresini içeriyor",
|
||||
"mail2fSubject":"E-posta konusu",
|
||||
"mail2fTimeout":"Kod zaman aşımı",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Maksimum ömür",
|
||||
"oidcOPMetaDataOptionsPrompt":"İstem",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protokol",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Çözünürlük kuralı",
|
||||
"oidcOPMetaDataOptionsScope":"Kapsam",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Sıra",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"ID Jetonu Sakla",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"ID Jetonunda özelliklerin yayınlanmasını zorla",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"ID Token imzalama algoritması",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Onayı atla",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Oturum gerekli",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Tür",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Parolayı göstermeye izin ver",
|
||||
"portalErrorOnExpiredSession":"Süresi dolmuş oturumda hatayı göster",
|
||||
"portalErrorOnMailNotFound":"E-posta bulunamadığında hatayı göster",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"Kimlik doğrulamaya zorla",
|
||||
"portalForceAuthnInterval":"Kimlik doğrulama aralığını zorla",
|
||||
"portalMainLogo":"Ana logo",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"Formlar için jeton gerekir",
|
||||
"rest2f":"REST ile ikinci faktör",
|
||||
"rest2fActivation":"Aktivasyon",
|
||||
"rest2fCodeActivation":"Düzenli ifade kodla",
|
||||
"rest2fAuthnLevel":"Doğrulama seviyesi",
|
||||
"rest2fInitArgs":"Başlangıç argümanları",
|
||||
"rest2fInitUrl":"Başlangıç URL",
|
||||
"rest2fLabel":"Etiket",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Argümanları Doğrula",
|
||||
"rest2fVerifyUrl":"URL'yi Doğrula",
|
||||
"restAuthServer":"Doğrulama sunucusu",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"Raporu kaydet",
|
||||
"savingConfirmation":"Doğrulama kaydediliyor",
|
||||
"scope":"Kapsam",
|
||||
"scrollTop":"Üst butonu kaydır",
|
||||
"search":"Ara...",
|
||||
"secondFactors":"İki faktörlü kimlik doğrulama",
|
||||
"securedCookie":"Güvenli Çerez (SSL)",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"oturum(lar)",
|
||||
"sessions":"Oturumlar",
|
||||
"sfExtra":"Ek ikinci faktörler",
|
||||
"sfLoginTimeout":"Oturum zaman aşımı",
|
||||
"sfManagerRule":"Yönetici bağlantısını görüntüle",
|
||||
"sfOnlyUpgrade":"Oturum yükseltme için 2FA kullan",
|
||||
"sfRegisterTimeout":"Kayıtlanma zaman aşımı",
|
||||
|
@ -1244,4 +1257,4 @@
|
|||
"yubikey2fUrl":"Servis URL'si",
|
||||
"yubikey2fUserCanRemoveKey":"Yubikey'i kaldırmak için kullanıcıya izin ver",
|
||||
"zeroConfExplanations":"Sunucunun yapılandırması yok. Şimdi bir tane kaydetmek için şablonu kullanın."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"Hủy",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Kích hoạt ở dạng đăng nhập",
|
||||
"captcha_mail_enabled":"Kích hoạt đặt lại mật khẩu bằng biểu mẫu thư",
|
||||
"captcha_register_enabled":"Kích hoạt trong biểu mẫu đăng ký",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Đường dẫn Icon",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Dịch vụ proxy",
|
||||
"casSrvMetaDataOptionsRenew":"Gia hạn chứng thực",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Quy tắc phân giải ",
|
||||
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||
"casSrvMetaDataOptionsUrl":"URL máy chủ",
|
||||
"casSrvName":"Tên máy chủ CAS",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Code regex",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"ID ứng dụng Facebook ",
|
||||
"facebookAppSecret":"Ứng dụng Facebook bí mật",
|
||||
"facebookAuthnLevel":"Mức xác thực",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Code regex",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Khóa phiên chứa địa chỉ thư",
|
||||
"mail2fSubject":"Mail subject",
|
||||
"mail2fTimeout":"Code timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Thời hạn tối đa",
|
||||
"oidcOPMetaDataOptionsPrompt":"Nhắc nhở",
|
||||
"oidcOPMetaDataOptionsProtocol":"Giao thức",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Quy tắc phân giải ",
|
||||
"oidcOPMetaDataOptionsScope":"Phạm vi",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Mã thông báo Cửa hàng",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Thuật toán chữ ký ID Token",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Phiên yêu cầu",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Loại",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalErrorOnExpiredSession":"Show error on expired session",
|
||||
"portalErrorOnMailNotFound":"Show error on mail not found",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"Bắt buộc xác thực",
|
||||
"portalForceAuthnInterval":"Khoảng thời gian bắt buộc xác thực",
|
||||
"portalMainLogo":"Main logo",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"Yêu cầu token cho các biểu mẫu",
|
||||
"rest2f":"REST second factor",
|
||||
"rest2fActivation":"Kích hoạt",
|
||||
"rest2fCodeActivation":"Code regex",
|
||||
"rest2fAuthnLevel":"Mức xác thực",
|
||||
"rest2fInitArgs":"Init arguments",
|
||||
"rest2fInitUrl":"Init URL",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verify arguments",
|
||||
"rest2fVerifyUrl":"Verify URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"Lưu báo cáo",
|
||||
"savingConfirmation":"Lưu xác nhận",
|
||||
"scope":"Phạm vi",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Search...",
|
||||
"secondFactors":"Second factors",
|
||||
"securedCookie":"Cookie bảo mật (SSL)",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"session (s)",
|
||||
"sessions":"Phiên",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
@ -1244,4 +1257,4 @@
|
|||
"yubikey2fUrl":"Dịch vụ URL",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. "
|
||||
}
|
||||
}
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"鎖時間",
|
||||
"cancel":"取消",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":" 登录激活",
|
||||
"captcha_mail_enabled":"通过邮件进行密码重置 激活",
|
||||
"captcha_register_enabled":"注册 激活",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"图标路径",
|
||||
"casSrvMetaDataOptionsProxiedServices":"代理服务",
|
||||
"casSrvMetaDataOptionsRenew":"更新驗證",
|
||||
"casSrvMetaDataOptionsResolutionRule":"解析規則",
|
||||
"casSrvMetaDataOptionsSortNumber":"順序",
|
||||
"casSrvMetaDataOptionsUrl":"服务器 URL",
|
||||
"casSrvName":"CAS 服务器名称",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"代碼正規表示式",
|
||||
"ext2fLabel":"標籤",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"Facebook 應用程式 ID",
|
||||
"facebookAppSecret":"Facebook 應用程式祕密",
|
||||
"facebookAuthnLevel":"认证级别",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"代碼正規表示式",
|
||||
"mail2fLabel":"標籤",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"包含郵件地址的工作階段金鑰",
|
||||
"mail2fSubject":"郵件主旨",
|
||||
"mail2fTimeout":"代碼逾時",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"最大時間",
|
||||
"oidcOPMetaDataOptionsPrompt":"提示",
|
||||
"oidcOPMetaDataOptionsProtocol":"協定",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"解析規則",
|
||||
"oidcOPMetaDataOptionsScope":"範圍",
|
||||
"oidcOPMetaDataOptionsSortNumber":"順序",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"儲存 ID 權杖",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"強制要求以 ID 權杖回傳",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"ID 權杖簽章演算法",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"绕过确认",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"需要工作階段",
|
||||
"oidcRPMetaDataOptionsLogoutType":"類型",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -806,6 +814,7 @@
|
|||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalErrorOnExpiredSession":"在過期的工作階段上顯示錯誤",
|
||||
"portalErrorOnMailNotFound":"找不到郵件時顯示錯誤",
|
||||
"portalFavicon":"Favicon",
|
||||
"portalForceAuthn":"強制驗證",
|
||||
"portalForceAuthnInterval":"強制驗證間隔",
|
||||
"portalMainLogo":"主圖示",
|
||||
|
@ -882,11 +891,13 @@
|
|||
"requireToken":"需要表單權杖",
|
||||
"rest2f":"REST 第二因素",
|
||||
"rest2fActivation":"激活",
|
||||
"rest2fCodeActivation":"代碼正規表示式",
|
||||
"rest2fAuthnLevel":"认证等级",
|
||||
"rest2fInitArgs":"初始化參數",
|
||||
"rest2fInitUrl":"初始化 URL",
|
||||
"rest2fLabel":"標籤",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"驗證參數",
|
||||
"rest2fVerifyUrl":"驗證 URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1053,6 +1064,7 @@
|
|||
"saveReport":"儲存回報",
|
||||
"savingConfirmation":"正在儲存確認",
|
||||
"scope":"範圍",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"搜尋……",
|
||||
"secondFactors":"雙因素",
|
||||
"securedCookie":"安全 Cookie (SSL)",
|
||||
|
@ -1072,6 +1084,7 @@
|
|||
"session_s":"工作階段",
|
||||
"sessions":"工作階段",
|
||||
"sfExtra":"額外的第二因素",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"顯示管理程式連結",
|
||||
"sfOnlyUpgrade":"使用 2FA 進行工作階段升級",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
@ -1244,4 +1257,4 @@
|
|||
"yubikey2fUrl":"服务 URL",
|
||||
"yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey",
|
||||
"zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。"
|
||||
}
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue