diff --git a/doc/sources/admin/idpopenidconnect.rst b/doc/sources/admin/idpopenidconnect.rst index 98e468327..740ccbd2a 100644 --- a/doc/sources/admin/idpopenidconnect.rst +++ b/doc/sources/admin/idpopenidconnect.rst @@ -300,7 +300,7 @@ Options default value is one minute. - **ID Token expiration**: Expiration time of ID Tokens. The default value is one hour. - - **Access token expiration** (since version ``2.0.12``): Expiration time + - **Access token expiration**: Expiration time of Access Tokens. The default value is one hour. - **Offline session expiration**: This sets the lifetime of the refresh token obtained with the **offline_access** scope. The @@ -311,8 +311,8 @@ Options - **ID Token signature algorithm**: Select one of the available public key (RSXXX) or HMAC (HSXXX) based signature algorithms - - **Access Token signature algorithm**: Select one of the available public - key signature algorithms + - **Access Token signature algorithm** (since version ``2.0.12``): Select + one of the available public key signature algorithms - **Userinfo response format** (since version ``2.0.12``): By default, UserInfo is returned as a simple JSON object. You can also choose to return it as a JWT, using one of the available signature algorithms. diff --git a/doc/sources/admin/ldapsessionbackend.rst b/doc/sources/admin/ldapsessionbackend.rst index 9102c0663..c642e0153 100644 --- a/doc/sources/admin/ldapsessionbackend.rst +++ b/doc/sources/admin/ldapsessionbackend.rst @@ -42,7 +42,7 @@ Name Comment Example ======================== ================================= =============================== **ldapServer** URI of the server ldap://localhost **ldapConfBase** DN of sessions branch ou=sessions,dc=example,dc=com -**ldapBindDN** Connection login cn=admin,dc=example,dc=password +**ldapBindDN** Connection login cn=admin,dc=example,dc=dom **ldapBindPassword** Connection password secret ======================== ================================= =============================== diff --git a/doc/sources/admin/nosqlsessionbackend.rst b/doc/sources/admin/nosqlsessionbackend.rst index 76b7de4a1..d108bc7f4 100644 --- a/doc/sources/admin/nosqlsessionbackend.rst +++ b/doc/sources/admin/nosqlsessionbackend.rst @@ -7,11 +7,13 @@ is the faster shareable session backend Setup ----- -Install and launch a `Redis server `__. +Install and launch a `Redis server `__. Install -`Apache::Session::Browseable::Redis `__ +`Apache::Session::Browseable::Redis `__ Perl module. +With Sentinel, make sure you are using at least version 1.3.8 of ``Apache::Session::Browseable``, this might require installing it from Debian Backports or CPAN. + In the manager: set `Apache::Session::Browseable::Redis `__ in ``General parameters`` » ``Sessions`` » ``Session storage`` » @@ -28,6 +30,7 @@ Name Comment Example **server** Redis server @ IP:PORT 127.0.0.1:6379 **sock** Redis server @ unix socket unix:/path/to/redis.sock **sentinels** Redis sentinels list 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379 +**service** Sentinel service name mymaster **password** password (== requirepass) ChangeMe **select** Redis DB 1 **Index** Fields to index refer to :ref:`fieldstoindex` diff --git a/doc/sources/admin/portalcustom.rst b/doc/sources/admin/portalcustom.rst index 3f448cac4..c7a247f87 100644 --- a/doc/sources/admin/portalcustom.rst +++ b/doc/sources/admin/portalcustom.rst @@ -332,6 +332,9 @@ General - **Send mail on password change**: send a mail if the password is changed from the Menu, or from forced password reset (LDAP password policy) +- **Allow to display password**: if enabled, a small icon in the password + field is added and when users click on it, the password value is + revealed. Disabled by default. Password Policy ~~~~~~~~~~~~~~~ diff --git a/doc/sources/admin/renater.rst b/doc/sources/admin/renater.rst index 6ca8e0889..b6235c351 100644 --- a/doc/sources/admin/renater.rst +++ b/doc/sources/admin/renater.rst @@ -92,6 +92,53 @@ Then run the script: /usr/share/lemonldap-ng/bin/importMetadataRenater -m https://metadata.federation.renater.fr/renater/main/main-idps-renater-metadata.xml -r -i "idp-renater-" -s "sp-renater-" +The script provide the following options + + * -i (--idpconfprefix): Prefix used to set IDP configuration key + * -h (--help): print this message + * -m (--metadata): URL of metadata document + * -s (--spconfprefix): Prefix used to set SP configuration key + * --ignore-sp: ignore SP maching this entityID (can be specified multiple times) + * --ignore-idp: ignore IdP matching this entityID (can be specified multiple times) + * -a (--nagios): output statistics in Nagios format + * -n (--dry-run): print statistics but do not apply changes + * -v (--verbose): increase verbosity of output + * -r (--remove): remove provider from LemonLDAP::NG if it does not appear in metadata + + +Example : +:: + + /usr/libexec/lemonldap-ng/bin/importMetadata -m https://pub.federation.renater.fr/metadata/renater/main/main-sps-renater-metadata.xml -s "sp-fed-prd" -c https://pub.federation.renater.fr/metadata/certs/renater-metadata-signing-cert-2016.pem -bs https://test-sp.federation.renater.fr -r -v -d + +This command will + * fetch all SPs metadata from renater + * set a prefix to entity stored inside LemonLdap::NG + * disable local modification of SP https://test-sp.federation.renater.fr + * remove local SPs wich didn't exist anymore in Federation metadata + * show only all modifications to apply + +The output is the following : +:: + + ... + Update SP https://www-iuem.univ-brest.fr/sp in configuration + Attribute mail (urn:oid:0.9.2342.19200300.100.1.3) requested by SP https://gesper.ad.bnu.fr/shibboleth + Attribute eduPersonPrimaryAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.5) requested by SP https://gesper.ad.bnu.fr/shibboleth + Attribute eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6) requested by SP https://gesper.ad.bnu.fr/shibboleth + Attribute displayName (urn:oid:2.16.840.1.113730.3.1.241) requested by SP https://gesper.ad.bnu.fr/shibboleth + Update SP https://gesper.ad.bnu.fr/shibboleth in configuration + [INFO] Dry-run mod no EntityID inserted + [IDP] Found: 0 Updated: 0 Created: 0 Removed: 0 Rejected: 0 Ignored: 0 + [SP] Found: 1248 Updated: 1240 Created: 0 Removed: 0 Rejected: 7 Ignored: 1 + + +With "-n" options you could get a "nagios like" output with metrics : +:: + + /usr/libexec/lemonldap-ng/bin/importMetadataFedRenater -m https://pub.federation.renater.fr/metadata/renater/main/main-sps-renater-metadata.xml -s "sp-fed-prd" -c https://pub.federation.renater.fr/metadata/certs/renater-metadata-signing-cert-2016.pem -bs https://test-sp.federation.renater.fr -r -d -n + Metadata loaded inside Conf: [DRY-RUN]|idp_found=0, idp_updated=0, idp_created=0, idp_removed=0, idp_rejected=0, idp_ignored=0, sp_found=1248, sp_updated=1240, sp_created=0, sp_removed=0, sp_rejected=7, sp_ignored=1 + .. attention:: diff --git a/doc/sources/admin/sqlconfbackend.rst b/doc/sources/admin/sqlconfbackend.rst index 6042e18f0..f115d8122 100644 --- a/doc/sources/admin/sqlconfbackend.rst +++ b/doc/sources/admin/sqlconfbackend.rst @@ -4,7 +4,7 @@ SQL configuration backends There is 2 types of SQL configuration backends for LemonLDAP::NG: - **CDBI**: very simple storage (recommended) -- **RDBI**: triple store storage +- **RDBI**: triple store storage (not recommended) .. tip:: @@ -50,6 +50,16 @@ Use database to create table: use lemonldap-ng +CDBI +^^^^ + +.. code-block:: sql + + CREATE TABLE lmConfig ( + cfgNum int not null primary key, + data longtext + ); + RDBI ^^^^ @@ -62,16 +72,6 @@ RDBI PRIMARY KEY (cfgNum,field) ); -CDBI -^^^^ - -.. code-block:: sql - - CREATE TABLE lmConfig ( - cfgNum int not null primary key, - data longtext - ); - Grant access ~~~~~~~~~~~~ @@ -107,7 +107,7 @@ file (section configuration): .. code-block:: ini [configuration] - type = RDBI + type = CDBI dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4 dbiUser = lemonldaprw dbiPassword = mypassword @@ -155,6 +155,18 @@ Use database to create table: .. _rdbi-1: +CDBI +^^^^ + +.. code-block:: sql + + CREATE TABLE lmConfig ( + cfgnum integer not null primary key, + data text + ); + +.. _connection-settings-1: + RDBI ^^^^ @@ -169,18 +181,6 @@ RDBI .. _cdbi-1: -CDBI -^^^^ - -.. code-block:: sql - - CREATE TABLE lmConfig ( - cfgnum integer not null primary key, - data text - ); - -.. _connection-settings-1: - Connection settings ------------------- @@ -190,7 +190,7 @@ file (section configuration): .. code-block:: ini [configuration] - type = RDBI + type = CDBI dbiChain = DBI:Pg:database=lemonldap-ng;host=1.2.3.4 dbiUser = lemonldaprw dbiPassword = mypassword diff --git a/doc/sources/admin/start.rst b/doc/sources/admin/start.rst index f3769ef05..a86541d2b 100644 --- a/doc/sources/admin/start.rst +++ b/doc/sources/admin/start.rst @@ -341,7 +341,7 @@ Backend Shareable Comment Selected by default during installation. :doc:`YAML` |new| Same as :doc:`File` but in YAML format instead of JSON -:doc:`SQL (RDBI/CDBI)` ✔ **Recommended for large-scale systems**. Prefer CDBI. +:doc:`SQL (CDBI/RDBI)` ✔ **Recommended for large-scale systems**. Prefer CDBI. :doc:`LDAP` ✔ :doc:`MongoDB` ✔ :doc:`SOAP` |deprecated| ✔ Proxy backend to be used in conjunction with another diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst index 59116a0cd..037870c31 100644 --- a/doc/sources/admin/upgrade_2_0_x.rst +++ b/doc/sources/admin/upgrade_2_0_x.rst @@ -41,6 +41,7 @@ Because of this bug, the created sessions may never be purged by the `purgeCentr In order to detect these sessions, you can run the following command: :: + lemonldap-ng-sessions search --where _session_kind=SSO --select _session_id --select _utime | \ jq -r '. | map(select(._utime == null)) | map(._session_id) | join ("\n")' diff --git a/fastcgi-server/man/llng-fastcgi-server.8p b/fastcgi-server/man/llng-fastcgi-server.8p index 8ae9db214..117637235 100644 --- a/fastcgi-server/man/llng-fastcgi-server.8p +++ b/fastcgi-server/man/llng-fastcgi-server.8p @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "llng-fastcgi-server 8" -.TH llng-fastcgi-server 8 "2021-04-30" "perl v5.30.0" "User Contributed Perl Documentation" +.TH llng-fastcgi-server 8 "2021-07-09" "perl v5.32.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/fastcgi-server/sbin/llng-fastcgi-server b/fastcgi-server/sbin/llng-fastcgi-server index 77c27f631..b6f149d9c 100644 --- a/fastcgi-server/sbin/llng-fastcgi-server +++ b/fastcgi-server/sbin/llng-fastcgi-server @@ -104,6 +104,9 @@ require Lemonldap::NG::Handler::Server::Nginx; $_apps{handler} = Lemonldap::NG::Handler::Server::Nginx->run( {} ); my $app = sub { + $SIG{'PIPE'} = sub { + print STDERR "Got a PIPE signal"; + }; my $type = $_[0]->{LLTYPE} || 'handler'; return $_apps{$type}->(@_) if ( defined $_apps{$type} ); if ( defined $builder{$type} ) { diff --git a/lemonldap-ng-common/lemonldap-ng.ini b/lemonldap-ng-common/lemonldap-ng.ini index 05e170e87..abad54bb9 100644 --- a/lemonldap-ng-common/lemonldap-ng.ini +++ b/lemonldap-ng-common/lemonldap-ng.ini @@ -103,7 +103,7 @@ checkTime = 1 ;confTimeout = 5 ; GLOBAL CONFIGURATION ACCESS TYPE -; (File, REST, SOAP, RDBI/CDBI, LDAP, YAMLFile) +; (File, REST, SOAP, CDBI/RDBI, LDAP, YAMLFile) ; Set here the parameters needed to access to LemonLDAP::NG configuration. ; You have to set "type" to one of the followings : ; @@ -114,11 +114,11 @@ checkTime = 1 ; ; Optimize JSON for readability instead of performance ; prettyPrint = 1 ; -; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' +; * CDBI/RDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' ; if needed. Example: ; -; type = RDBI -; ;type = CDBI +; type = CDBI +; ;type = RDBI ; dbiChain = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4 ; dbiUser = lemonldap ; dbiPassword = password @@ -218,7 +218,7 @@ languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es ; Override error codes ;error_0 = You are well authenticated! ; Custom template parameters -; For example to use +; For example to use ;tpl_myparam = test ; COMBINATION FORMS diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm index 40bc9809c..1fb350050 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm @@ -119,6 +119,7 @@ sub saveConf { my ( $self, $conf, %args ) = @_; my $last = $self->lastCfg; + return UNKNOWN_ERROR if $last < 1; # If configuration was modified, return an error if ( not $args{force} ) { @@ -395,6 +396,7 @@ sub getDBConf { : $a[0]; } my $conf = $self->load( $args->{cfgNum} ); + return undef if $conf == "-1"; $msg .= "Get configuration $conf->{cfgNum}.\n" if ( defined $conf->{cfgNum} ); return $conf; @@ -413,7 +415,11 @@ sub _launch { alarm 0; die $@ if $@; }; - $msg .= $@ if $@; + if($@) { + $msg .= $@; + print STDERR "MSG $msg\n"; + return undef; + } return wantarray ? (@res) : $res[0]; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/RDBI.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/RDBI.pm index 341558fd2..fd756f1b3 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/RDBI.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/RDBI.pm @@ -16,32 +16,22 @@ sub store { my $req; my $lastCfg = $self->lastCfg; + $req = $self->_dbh->prepare( + "INSERT INTO $self->{dbiTable} (cfgNum,field,value) VALUES (?,?,?)"); - if ( $lastCfg == $cfgNum ) { - $req = $self->_dbh->prepare( -"UPDATE $self->{dbiTable} SET field=?, value=? WHERE cfgNum=? AND field=?" - ); - - } - else { - $req = $self->_dbh->prepare( - "INSERT INTO $self->{dbiTable} (cfgNum,field,value) VALUES (?,?,?)" - ); - } + _delete($self,$cfgNum) if $lastCfg == $cfgNum; unless ($req) { $self->logError; return UNKNOWN_ERROR; } while ( my ( $k, $v ) = each %$fields ) { - my @execValues; - if ( $lastCfg == $cfgNum ) { - @execValues = ( $k, $v, $cfgNum, $k ); - } - else { @execValues = ( $cfgNum, $k, $v ); } + my @execValues = ( $cfgNum, $k, $v ); my $execute; eval { $execute = $req->execute(@execValues); }; + print STDERR $@ if $@; unless ($execute) { $self->logError; + _delete( $self, $cfgNum ) if $lastCfg != $cfgNum; $self->_dbh->do("ROLLBACK"); return UNKNOWN_ERROR; } @@ -55,7 +45,7 @@ sub load { my $sth = $self->_dbh->prepare( "SELECT field,value from " . $self->{dbiTable} . " WHERE cfgNum=?" ) - or $self->logError; + or $self->logError; $sth->execute($cfgNum) or $self->logError; my ( $res, @row ); while ( @row = $sth->fetchrow_array ) { @@ -70,5 +60,11 @@ sub load { return $self->unserialize($res); } +sub _delete { + my ( $self, $cfgNum ) = @_; + my $r = + $self->_dbh->prepare("DELETE FROM $self->{dbiTable} where cfgNum=?"); + $r->execute($cfgNum); +} + 1; -__END__ diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm index 05a8515b3..da59c6eba 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm @@ -31,7 +31,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => ( ); our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/; our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/; -our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|heck(?:DevOps(?:Download)?|State|User|XSS)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|to(?:tp2fUserCanRemoveKey|kenUseGlobalStorage)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/; +our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|heck(?:DevOps(?:Download)?|State|User|XSS)|rowdsec|da)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|to(?:tp2fUserCanRemoveKey|kenUseGlobalStorage)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/; our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' ); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/JWT.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/JWT.pm index 24719415a..ae497ff08 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/JWT.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/JWT.pm @@ -8,6 +8,8 @@ our @EXPORT_OK = use JSON; use MIME::Base64 qw/encode_base64 decode_base64/; +our $VERSION = '2.0.12'; + # Gets the Access Token session ID embedded in a LLNG-emitted JWT sub getAccessTokenSessionId { my ($access_token) = @_; diff --git a/lemonldap-ng-common/scripts/importMetadata b/lemonldap-ng-common/scripts/importMetadata old mode 100755 new mode 100644 index 1a2d8ca31..c9c57952b --- a/lemonldap-ng-common/scripts/importMetadata +++ b/lemonldap-ng-common/scripts/importMetadata @@ -7,16 +7,27 @@ use LWP::UserAgent; use MIME::Base64; use XML::LibXML; +sub toEntityIDkey { + my ( $prefix, $entityID ) = @_; + + my $entityIDKey = $entityID; + $entityIDKey =~ s/^https?:\/\///; + $entityIDKey =~ s/[^a-zA-Z0-9]/-/g; + $entityIDKey =~ s/-+$//g; + return ( $prefix . $entityIDKey ); +} + #============================================================================== # Get command line options #============================================================================== my %opts; my $result = GetOptions( - \%opts, 'metadata|m=s', - 'certificate|c=s', 'verbose|v', - 'help|h', 'spconfprefix|s=s', - 'idpconfprefix|i=s', 'warning|w', - 'remove|r' + \%opts, 'metadata|m=s', + 'verbose|v', 'help|h', + 'spconfprefix|s=s', 'idpconfprefix|i=s', + 'remove|r', 'nagios|a', + 'ignore-sp=s@', 'ignore-idp=s@', + 'dry-run|n' ); #============================================================================== @@ -28,14 +39,20 @@ if ( $opts{help} or !$opts{metadata} ) { print STDERR "Usage: $0 -m \n\n"; print STDERR "Options:\n"; print STDERR -"\t-c (--certificate): URL of certificate, to check metadata document signature\n"; - print STDERR "\t-i (--idpconfprefix): Prefix used to set IDP configuration key\n"; print STDERR "\t-h (--help): print this message\n"; print STDERR "\t-m (--metadata): URL of metadata document\n"; print STDERR "\t-s (--spconfprefix): Prefix used to set SP configuration key\n"; - print STDERR "\t-w (--warning): print debug messages\n"; + print STDERR +"\t--ignore-sp: ignore SP maching this entityID (can be specified multiple times)\n"; + print STDERR +"\t--ignore-idp: ignore IdP matching this entityID (can be specified multiple times)\n"; + print STDERR "\t-a (--nagios) : output statistics in Nagios format\n"; + print STDERR "\t-n (--dry-run): print statistics but do not apply changes\n"; + print STDERR "\t-v (--verbose): increase verbosity of output\n"; + print STDERR +"\t-r (--remove): remove provider from LemonLDAP::NG if it does not appear in metadata\n"; exit 1; } @@ -48,6 +65,7 @@ my $idpConfKeyPrefix = $opts{idpconfprefix} || "idp-"; # Set here attributes that are declared for your SP in the federation # They will be set as exported attributes for all IDP +# my $exportedAttributes = { 'cn' => '0;cn', 'eduPersonPrincipalName' => '0;eduPersonAffiliation', @@ -101,16 +119,22 @@ my $idpCounter = { 'updated' => 0, 'created' => 0, 'rejected' => 0, - 'removed' => 0 + 'removed' => 0, + 'ignored' => 0 }; my $spCounter = { 'found' => 0, 'updated' => 0, 'created' => 0, 'rejected' => 0, - 'removed' => 0 + 'removed' => 0, + 'ignored' => 0, }; +# BlockList initialisation +my @spIgnorelist = @{ $opts{'ignore-sp'} || [] }; +my @idpIgnorelist = @{ $opts{'ignore-idp'} || [] }; + #============================================================================== # Main #============================================================================== @@ -173,33 +197,6 @@ else { my $dom = XML::LibXML->load_xml( string => $response->decoded_content ); -# Check file signature -if ( $opts{certificate} ) { - my $certificate_file = $opts{certificate}; - if ( $opts{verbose} ) { - print "Try to download certificate file at $certificate_file\n"; - } - my $cert_response = $ua->get($certificate_file); - - if ( $cert_response->is_success ) { - if ( $opts{verbose} ) { - print "Certificate file found:\n" - . $cert_response->decoded_content . "\n"; - } - } - else { - die $cert_response->status_line; - } - - if ( $opts{verbose} ) { - print "Check metadata signature with certificate"; - } - - # TODO - print STDERR "[WARN] Signature verification not yet implemented\n" - if $opts{warning}; -} - # Remove extensions foreach ( $dom->findnodes('//md:Extensions') ) { $_->unbindNode; } @@ -232,57 +229,64 @@ foreach my $partner_metadata = $partner->toString; $partner_metadata =~ s/\n//g; - # Check if entityID already in configuration - if ( defined $idpList->{$entityID} ) { - - # Update metadata - $lastConf->{samlIDPMetaDataXML}->{ $idpList->{$entityID} } - ->{samlIDPMetaDataXML} = $partner_metadata; - - # Update attributes - $lastConf->{samlIDPMetaDataExportedAttributes} - ->{ $idpList->{$entityID} } = $exportedAttributes; - - # Update options - $lastConf->{samlIDPMetaDataOptions}->{ $idpList->{$entityID} } - = $idpOptions; + # test if IDP entityID is inside the block list + if ( grep { $entityID eq $_ } @idpIgnorelist ) { if ( $opts{verbose} ) { - print "Update IDP $entityID in configuration\n"; + print "IDP $entityID won't be update/added \n"; } - $idpCounter->{updated}++; + $idpCounter->{ignored}++; } else { - # Create a new partner - my $entityIDKey = $entityID; - $entityIDKey =~ s/^https?:\/\///; - $entityIDKey =~ s/[^a-zA-Z0-9]/-/g; - $entityIDKey =~ s/-+$//g; - my $confKey = $idpConfKeyPrefix . $entityIDKey; + # Check if entityID already in configuration + if ( defined $idpList->{$entityID} ) { - # Metadata - $lastConf->{samlIDPMetaDataXML}->{$confKey} - ->{samlIDPMetaDataXML} = $partner_metadata; + # Update metadata + $lastConf->{samlIDPMetaDataXML}->{ $idpList->{$entityID} } + ->{samlIDPMetaDataXML} = $partner_metadata; - # Attributes - $lastConf->{samlIDPMetaDataExportedAttributes}->{$confKey} = - $exportedAttributes; + # Update attributes + $lastConf->{samlIDPMetaDataExportedAttributes} + ->{ $idpList->{$entityID} } = $exportedAttributes; - # Options - $lastConf->{samlIDPMetaDataOptions}->{$confKey} = $idpOptions; + # Update options + $lastConf->{samlIDPMetaDataOptions} + ->{ $idpList->{$entityID} } = $idpOptions; - if ( $opts{verbose} ) { - print -"Declare new IDP $entityID (configuration key $confKey)\n"; + if ( $opts{verbose} ) { + print "Update IDP $entityID in configuration\n"; + } + $idpCounter->{updated}++; + } + else { + # Create a new partner + my $confKey = toEntityIDkey( $idpConfKeyPrefix, $entityID ); + + # Metadata + $lastConf->{samlIDPMetaDataXML}->{$confKey} + ->{samlIDPMetaDataXML} = $partner_metadata; + + # Attributes + $lastConf->{samlIDPMetaDataExportedAttributes}->{$confKey} + = $exportedAttributes; + + # Options + $lastConf->{samlIDPMetaDataOptions}->{$confKey} = + $idpOptions; + + if ( $opts{verbose} ) { + print +"Declare new IDP $entityID (configuration key $confKey)\n"; + } + $idpCounter->{created}++; } - $idpCounter->{created}++; } } else { print STDERR "[WARN] IDP $entityID is not compatible with SAML 2.0, it will not be imported.\n" - if $opts{warning}; + if $opts{verbose}; $idpCounter->{rejected}++; } } @@ -346,57 +350,78 @@ foreach my $partner_metadata = $partner->toString; $partner_metadata =~ s/\n//g; - # Check if entityID already in configuration - if ( defined $spList->{$entityID} ) { - - # Update metadata - $lastConf->{samlSPMetaDataXML}->{ $spList->{$entityID} } - ->{samlSPMetaDataXML} = $partner_metadata; - - # Update attributes - $lastConf->{samlSPMetaDataExportedAttributes} - ->{ $spList->{$entityID} } = $requestedAttributes; - - # Update options - $lastConf->{samlSPMetaDataOptions}->{ $spList->{$entityID} } = - $spOptions; + # test if IDP entityID is inside the block list + if ( grep { $entityID eq $_ } @spIgnorelist ) { if ( $opts{verbose} ) { - print "Update SP $entityID in configuration\n"; + print "SP $entityID won't be update/added \n"; } - $spCounter->{updated}++; + $spCounter->{ignored}++; } else { - # Create a new partner - my $entityIDKey = $entityID; - $entityIDKey =~ s/^https?:\/\///; - $entityIDKey =~ s/[^a-zA-Z0-9]/-/g; - $entityIDKey =~ s/-+$//g; - my $confKey = $spConfKeyPrefix . $entityIDKey; + # Check if entityID already in configuration + if ( defined $spList->{$entityID} ) { - # Metadata - $lastConf->{samlSPMetaDataXML}->{$confKey}->{samlSPMetaDataXML} - = $partner_metadata; + # Update metadata + $lastConf->{samlSPMetaDataXML}->{ $spList->{$entityID} } + ->{samlSPMetaDataXML} = $partner_metadata; - # Attributes - $lastConf->{samlSPMetaDataExportedAttributes}->{$confKey} = - $requestedAttributes; + # Update attributes + $lastConf->{samlSPMetaDataExportedAttributes} + ->{ $spList->{$entityID} } = $requestedAttributes; - # Options - $lastConf->{samlSPMetaDataOptions}->{$confKey} = $spOptions; +# Update options +# $lastConf->{samlSPMetaDataOptions}->{ $spList->{$entityID} } = +# $spOptions; +# FIX AGA + $lastConf->{samlSPMetaDataOptions}->{ $spList->{$entityID} } + = { %{$spOptions} }; - if ( $opts{verbose} ) { - print - "Declare new SP $entityID (configuration key $confKey)\n"; + if ( $opts{verbose} ) { + print "Update SP $entityID in configuration\n"; + } + $spCounter->{updated}++; } - $spCounter->{created}++; + else { + # Create a new partner + my $confKey = toEntityIDkey( $spConfKeyPrefix, $entityID ); + + # Metadata + $lastConf->{samlSPMetaDataXML}->{$confKey} + ->{samlSPMetaDataXML} = $partner_metadata; + + # Attributes + $lastConf->{samlSPMetaDataExportedAttributes}->{$confKey} = + $requestedAttributes; + + # Options + # $lastConf->{samlSPMetaDataOptions}->{$confKey} = $spOptions; + + # FIX AGA + $lastConf->{samlSPMetaDataOptions}->{$confKey} = + { %{$spOptions} }; + + if ( $opts{verbose} ) { + print +"Declare new SP $entityID (configuration key $confKey)\n"; + } + $spCounter->{created}++; + } + + # handle eduPersonTargetedID + if ( $requestedAttributes->{eduPersonTargetedID} ) { + delete $requestedAttributes->{eduPersonTargetedID}; + $lastConf->{samlSPMetaDataOptions}->{ $spList->{$entityID} } + ->{samlSPMetaDataOptionsNameIDFormat} = 'persistent'; + } + } } else { print STDERR "[WARN] SP $entityID is not compatible with SAML 2.0, it will not be imported.\n" - if $opts{warning}; + if $opts{verbose}; $spCounter->{rejected}++; } @@ -406,61 +431,130 @@ foreach # Remove partners if ( $opts{remove} ) { - foreach ( keys %$idpList ) { - my $idpConfKey = $idpList->{$_}; - unless ( defined $mdIdpList->{$_} ) { - delete $lastConf->{samlIDPMetaDataXML}->{$idpConfKey}; - delete $lastConf->{samlIDPMetaDataExportedAttributes} - ->{$idpConfKey}; - delete $lastConf->{samlIDPMetaDataOptions}->{$idpConfKey}; - $idpCounter->{removed}++; - if ( $opts{verbose} ) { - print "Remove IDP $idpConfKey\n"; + foreach my $entityID ( keys %$idpList ) { + my $idpConfKey = $idpList->{$entityID}; + unless ( defined $mdIdpList->{$entityID} ) { + if ( grep { $entityID eq $_ } @idpIgnorelist ) { + $idpCounter->{ignored}++; + if ( $opts{verbose} ) { + print "IDP $idpConfKey won't be deleted \n"; + } + } + else { + delete $lastConf->{samlIDPMetaDataXML}->{$idpConfKey}; + delete $lastConf->{samlIDPMetaDataExportedAttributes} + ->{$idpConfKey}; + delete $lastConf->{samlIDPMetaDataOptions}->{$idpConfKey}; + $idpCounter->{removed}++; + if ( $opts{verbose} ) { + print "Remove IDP $idpConfKey\n"; + } } } } - foreach ( keys %$spList ) { - my $spConfKey = $spList->{$_}; - unless ( defined $mdSpList->{$_} ) { - delete $lastConf->{samlSPMetaDataXML}->{$spConfKey}; - delete $lastConf->{samlSPMetaDataExportedAttributes}->{$spConfKey}; - delete $lastConf->{samlSPMetaDataOptions}->{$spConfKey}; - $spCounter->{removed}++; - if ( $opts{verbose} ) { - print "Remove SP $spConfKey\n"; + foreach my $entityID ( keys %$spList ) { + my $spConfKey = $spList->{$entityID}; + unless ( defined $mdSpList->{$entityID} ) { + if ( grep { $entityID eq $_ } @spIgnorelist ) { + $spCounter->{ignored}++; + if ( $opts{verbose} ) { + print "SP $spConfKey won't be deleted \n"; + } + } + else { + delete $lastConf->{samlSPMetaDataXML}->{$spConfKey}; + delete $lastConf->{samlSPMetaDataExportedAttributes} + ->{$spConfKey}; + delete $lastConf->{samlSPMetaDataOptions}->{$spConfKey}; + $spCounter->{removed}++; + if ( $opts{verbose} ) { + print "Remove SP $spConfKey\n"; + } } } } } -# Register configuration -my $numConf = $conf->saveConf( $lastConf, ( cfgNumFixed => 1 ) ); +my $numConf = "DRY-RUN"; +my $exitCode = 0; -unless ($numConf) { - print "[ERROR] Unable to save configuration\n"; - exit 1; +if ( !$opts{'dry-run'} ) { + + # Register configuration + if ( $opts{verbose} ) { + print "[INFO] run mod EntityID will be inserted\n"; + } + $numConf = $conf->saveConf( $lastConf, ( cfgNumFixed => 1 ) ); + if ( $opts{verbose} ) { + print "[OK] Configuration $numConf saved\n"; + $exitCode = 0; + } + unless ($numConf) { + print "[ERROR] Unable to save configuration\n"; + $exitCode = 1; + } +} +else { + if ( $opts{verbose} ) { + print "[INFO] Dry-run mod no EntityID inserted\n"; + } } -print "[IDP]\tFound: " - . $idpCounter->{found} - . "\tUpdated: " - . $idpCounter->{updated} - . "\tCreated: " - . $idpCounter->{created} - . "\tRemoved: " - . $idpCounter->{removed} - . "\tRejected: " - . $idpCounter->{rejected} . "\n"; -print "[SP]\tFound: " - . $spCounter->{found} - . "\tUpdated: " - . $spCounter->{updated} - . "\tCreated: " - . $spCounter->{created} - . "\tRemoved: " - . $spCounter->{removed} - . "\tRejected: " - . $spCounter->{rejected} . "\n"; -print "[OK] Configuration $numConf saved\n"; -exit 0; +if ( $opts{nagios} ) { + print "Metadata loaded inside Conf: [" + . $numConf + . "]|idp_found=" + . $idpCounter->{found} + . ", idp_updated=" + . $idpCounter->{updated} + . ", idp_created=" + . $idpCounter->{created} + . ", idp_removed=" + . $idpCounter->{removed} + . ", idp_rejected=" + . $idpCounter->{rejected} + . ", idp_ignored=" + . $idpCounter->{ignored} + . ", sp_found=" + . $spCounter->{found} + . ", sp_updated=" + . $spCounter->{updated} + . ", sp_created=" + . $spCounter->{created} + . ", sp_removed=" + . $spCounter->{removed} + . ", sp_rejected=" + . $spCounter->{rejected} + . ", sp_ignored=" + . $spCounter->{ignored} . "\n"; +} +else { + print "[IDP]\tFound: " + . $idpCounter->{found} + . "\tUpdated: " + . $idpCounter->{updated} + . "\tCreated: " + . $idpCounter->{created} + . "\tRemoved: " + . $idpCounter->{removed} + . "\tRejected: " + . $idpCounter->{rejected} + . "\tIgnored: " + . $idpCounter->{ignored} . "\n"; + print "[SP]\tFound: " + . $spCounter->{found} + . "\tUpdated: " + . $spCounter->{updated} + . "\tCreated: " + . $spCounter->{created} + . "\tRemoved: " + . $spCounter->{removed} + . "\tRejected: " + . $spCounter->{rejected} + . "\tIgnored: " + . $spCounter->{ignored} . "\n"; +} + +exit $exitCode; + diff --git a/lemonldap-ng-common/t/03-Common-Conf-RDBI.t b/lemonldap-ng-common/t/03-Common-Conf-RDBI.t index c7158caf2..3ed0fde1f 100644 --- a/lemonldap-ng-common/t/03-Common-Conf-RDBI.t +++ b/lemonldap-ng-common/t/03-Common-Conf-RDBI.t @@ -44,7 +44,6 @@ SKIP: { ok( $h->_dbh->do( "CREATE TABLE lmConfig ( cfgNum int not null, field varchar(255) NOT NULL DEFAULT '', value longblob, PRIMARY KEY (cfgNum,field))" - ), 'Test database created' ); diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index ad91bb5f0..8f26cff21 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -2847,6 +2847,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] 'default' => 0, 'type' => 'bool' }, + 'portalEnablePasswordDisplay' => { + 'default' => 0, + 'type' => 'bool' + }, 'portalErrorOnExpiredSession' => { 'default' => 1, 'type' => 'bool' @@ -3948,6 +3952,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] 'sfOnlyUpgrade' => { 'type' => 'bool' }, + 'sfRegisterTimeout' => { + 'type' => 'int' + }, 'sfRemovedMsgRule' => { 'default' => 0, 'type' => 'boolOrExpr' diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm index bfe457b68..12e9585e2 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm @@ -468,6 +468,7 @@ sub buildPortalConstants() { printf STDERR $format, $self->portalConstantsFile; open( F, '>', $self->portalConstantsFile ) or die($!); my $urire = $RE{URI}{HTTP}{ -scheme=>qr/https?/ }{-keep}; + $urire =~ s/([\$\@])/\\$1/g; my $content = < 'bool', documentation => 'Display link to refresh the user session', }, + portalEnablePasswordDisplay => { + default => 0, + type => 'bool', + documentation => 'Allow to display password in login form', + }, # Cookies cookieExpiration => { @@ -3238,10 +3243,14 @@ sub attributes { sfRemovedNotifMsg => { type => 'text', default => - '_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', +'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', help => 'secondfactor.html', documentation => 'Notification message', }, + sfRegisterTimeout => { + type => 'int', + documentation => 'Timeout for 2F registration process', + }, available2F => { type => 'text', default => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,Yubikey,Radius', @@ -4161,8 +4170,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: oidcRPMetaDataOptions => { type => 'subContainer', }, # OpenID Connect providers - oidcOPMetaDataJSON => { type => 'file', keyTest => sub { 1 } }, - oidcOPMetaDataJWKS => { type => 'file', keyTest => sub { 1 } }, + oidcOPMetaDataJSON => { + type => 'file', + keyTest => sub { 1 } + }, + oidcOPMetaDataJWKS => { + type => 'file', + keyTest => sub { 1 } + }, oidcOPMetaDataExportedVars => { type => 'keyTextContainer', default => { @@ -4254,7 +4269,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: oidcRPMetaDataOptionsUserInfoSignAlg => { type => 'select', select => [ - { k => '', v => 'JSON' }, + { k => '', v => 'JSON' }, { k => 'none', v => 'JWT/None' }, { k => 'HS256', v => 'JWT/HS256' }, { k => 'HS384', v => 'JWT/HS384' }, @@ -4361,6 +4376,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: type => 'keyTextContainer', help => 'idpopenidconnect.html#scope-rules', test => { + # RFC6749 keyTest => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, keyMsgFail => '__badMacroName__', diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm index 9458ad620..fade6d978 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm @@ -88,6 +88,7 @@ sub tree { 'portalRequireOldPassword', 'hideOldPassword', 'mailOnPasswordChange', + 'portalEnablePasswordDisplay', ] }, { @@ -992,6 +993,7 @@ sub tree { 'sfRemovedNotifMsg', ], }, + 'sfRegisterTimeout', ] }, { diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 5f5b69ffa..04771a501 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Display rights refresh link", "portalDisplayRegister":"تسجيل حساب جديد", "portalDisplayResetPassword":"إعادة تعيين كلمة المرور", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"عرض الخطأ في الجلسة المنتهية صلحيتها", "portalErrorOnMailNotFound":"إظهار الخطأ في البريد الغيرالموجود", "portalForceAuthn":"فرض إثبات الهوية", @@ -1053,6 +1054,7 @@ "sfExtra":"Additional second factors", "sfManagerRule":"Display Manager link", "sfOnlyUpgrade":"Use 2FA for session upgrade", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Display a message if an expired 2FA is removed", "sfRemovedMsgRule":"تفعيل", "sfRemovedNotifMsg":"Notification message", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"خدمة أل يو أر ل", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول" -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index c3ea2f827..7dc338108 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Display rights refresh link", "portalDisplayRegister":"Register new account", "portalDisplayResetPassword":"Reset password", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"Show error on expired session", "portalErrorOnMailNotFound":"Show error on mail not found", "portalForceAuthn":"Force authentication", @@ -1053,6 +1054,7 @@ "sfExtra":"Additional second factors", "sfManagerRule":"Display Manager link", "sfOnlyUpgrade":"Use 2FA for session upgrade", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Display a message if an expired 2FA is removed", "sfRemovedMsgRule":"Activation", "sfRemovedNotifMsg":"Notification message", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"Service URL", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"Server has no configuration. Use template to save the first." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index 500d5890d..4e87fb95f 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Display rights refresh link", "portalDisplayRegister":"Register new account", "portalDisplayResetPassword":"Reset password", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"Show error on expired session", "portalErrorOnMailNotFound":"Show error on mail not found", "portalForceAuthn":"Force authentication", @@ -1053,6 +1054,7 @@ "sfExtra":"Additional second factors", "sfManagerRule":"Display Manager link", "sfOnlyUpgrade":"Use 2FA for session upgrade", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Display a message if an expired 2FA is removed", "sfRemovedMsgRule":"Activation", "sfRemovedNotifMsg":"Notification message", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/es.json b/lemonldap-ng-manager/site/htdocs/static/languages/es.json index 9e07517bc..830a14c33 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Display rights refresh link", "portalDisplayRegister":"Registrar nueva cuenta", "portalDisplayResetPassword":"Reiniciar contraseña", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"Mostrar error en sesión caducada", "portalErrorOnMailNotFound":"Mostrar error cuando no se encuentra el email", "portalForceAuthn":"Forzar autentificación", @@ -1053,6 +1054,7 @@ "sfExtra":"Segundos factores adicionales", "sfManagerRule":"Display Manager link", "sfOnlyUpgrade":"Use 2FA for session upgrade", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Display a message if an expired 2FA is removed", "sfRemovedMsgRule":"Activación", "sfRemovedNotifMsg":"Mensaje de notificación", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"Service URL", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"Server has no configuration. Use template to save the first." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index e42c3ef87..5b961e2ff 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Afficher le lien de rafraichissement des droits", "portalDisplayRegister":"Création d'un nouveau compte", "portalDisplayResetPassword":"Réinitialisation de mot de passe", +"portalEnablePasswordDisplay":"Permettre d'afficher le mot de passe", "portalErrorOnExpiredSession":"Affiche une erreur si la session est expirée", "portalErrorOnMailNotFound":"Affiche une erreur si le mail n'est pas trouvé", "portalForceAuthn":"Authentification forcée", @@ -1053,6 +1054,7 @@ "sfExtra":"Seconds facteurs additionnels", "sfManagerRule":"Afficher le lien du Gestionnaire", "sfOnlyUpgrade":"Utiliser le SF pour augmenter le niveau d'authentification", +"sfRegisterTimeout":"Délai d'expiration de l'enregistrement", "sfRemovedMsg":"Afficher un message si un SF expiré est supprimé", "sfRemovedMsgRule":"Activation", "sfRemovedNotifMsg":"Message de la notification", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index 99deeea43..2719830e1 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Display rights refresh link", "portalDisplayRegister":"Registra nuovo account", "portalDisplayResetPassword":"Reimposta password", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"Mostra errore nella sessione scaduta", "portalErrorOnMailNotFound":"Mostra errore sulla posta non trovata", "portalForceAuthn":"Forza l'autenticazione", @@ -1053,6 +1054,7 @@ "sfExtra":"Additional second factors", "sfManagerRule":"Display Manager link", "sfOnlyUpgrade":"Use 2FA for session upgrade", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Display a message if an expired 2FA is removed", "sfRemovedMsgRule":"Attivazione", "sfRemovedNotifMsg":"Notification message", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"URL del servizio", "yubikey2fUserCanRemoveKey":"Autorizza l'utente a rimuovere la Yubikey", "zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json index ba8ab0f02..aba9e4315 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Wyświetl link do odświeżania praw", "portalDisplayRegister":"Zarejestruj Nowe Konto", "portalDisplayResetPassword":"Zresetuj hasło", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"Pokaż błąd w wygasłej sesji", "portalErrorOnMailNotFound":"Pokaż błąd w poczcie nie znaleziono", "portalForceAuthn":"Wymuś uwierzytelnienie", @@ -1053,6 +1054,7 @@ "sfExtra":"Dodatkowe drugie czynniki", "sfManagerRule":"Link do Menedżera wyświetlania", "sfOnlyUpgrade":"Użyj 2FA do aktualizacji sesji", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Wyświetl komunikat, gdy przeterminowany 2FA został usunięty", "sfRemovedMsgRule":"Aktywacja", "sfRemovedNotifMsg":"Powiadomienie", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"URL usługi", "yubikey2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć Yubikey", "zeroConfExplanations":"Serwer nie ma konfiguracji. Użyj szablonu, aby zapisać pierwszy." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index 2f7c03631..6eda249a1 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Görüntüleme hakları yenileme bağlantısı", "portalDisplayRegister":"Yeni hesap kaydet", "portalDisplayResetPassword":"Parolayı sıfırla", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"Süresi dolmuş oturumda hatayı göster", "portalErrorOnMailNotFound":"E-posta bulunamadığında hatayı göster", "portalForceAuthn":"Kimlik doğrulamaya zorla", @@ -1053,6 +1054,7 @@ "sfExtra":"Ek ikinci faktörler", "sfManagerRule":"Yönetici bağlantısını görüntüle", "sfOnlyUpgrade":"Oturum yükseltme için 2FA kullan", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Süresi dolan bir 2FA kaldırıldığında bir mesaj göster", "sfRemovedMsgRule":"Aktivasyon", "sfRemovedNotifMsg":"Bildirim mesajı", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"Servis URL'si", "yubikey2fUserCanRemoveKey":"Yubikey'i kaldırmak için kullanıcıya izin ver", "zeroConfExplanations":"Sunucunun yapılandırması yok. Şimdi bir tane kaydetmek için şablonu kullanın." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index c67cc1594..dfa5308ff 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Display rights refresh link", "portalDisplayRegister":"Đăng ký tài khoản mới", "portalDisplayResetPassword":"Đặt lại mật khẩu", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"Show error on expired session", "portalErrorOnMailNotFound":"Show error on mail not found", "portalForceAuthn":"Bắt buộc xác thực", @@ -1053,6 +1054,7 @@ "sfExtra":"Additional second factors", "sfManagerRule":"Display Manager link", "sfOnlyUpgrade":"Use 2FA for session upgrade", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Display a message if an expired 2FA is removed", "sfRemovedMsgRule":"Kích hoạt", "sfRemovedNotifMsg":"Notification message", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"Dịch vụ URL", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. " -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index fe9d0795a..994942d32 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"Display rights refresh link", "portalDisplayRegister":"Register new account", "portalDisplayResetPassword":"Reset password", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"Show error on expired session", "portalErrorOnMailNotFound":"Show error on mail not found", "portalForceAuthn":"Force authentication", @@ -1053,6 +1054,7 @@ "sfExtra":"Additional second factors", "sfManagerRule":"Display Manager link", "sfOnlyUpgrade":"Use 2FA for session upgrade", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"Display a message if an expired 2FA is removed", "sfRemovedMsgRule":"激活", "sfRemovedNotifMsg":"Notification message", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"Service URL", "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey", "zeroConfExplanations":"Server has no configuration. Use template to save the first." -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json index 2d84e002f..2a4315423 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json @@ -790,6 +790,7 @@ "portalDisplayRefreshMyRights":"顯示權限重新整理連結", "portalDisplayRegister":"註冊新帳號", "portalDisplayResetPassword":"重設密碼", +"portalEnablePasswordDisplay":"Allow to display password", "portalErrorOnExpiredSession":"在過期的工作階段上顯示錯誤", "portalErrorOnMailNotFound":"找不到郵件時顯示錯誤", "portalForceAuthn":"強制驗證", @@ -1053,6 +1054,7 @@ "sfExtra":"額外的第二因素", "sfManagerRule":"顯示管理程式連結", "sfOnlyUpgrade":"使用 2FA 進行工作階段升級", +"sfRegisterTimeout":"Registration timeout", "sfRemovedMsg":"如果過期的雙因素已被移除則顯示訊息", "sfRemovedMsgRule":"啟用", "sfRemovedNotifMsg":"通知訊息", @@ -1209,4 +1211,4 @@ "yubikey2fUrl":"服務 URL", "yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey", "zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。" -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json index 8843a7363..0014cfbc8 100644 --- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json +++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json @@ -1 +1 @@ -{"ADPwdExpireWarning":"generalParameters/authParams/adParams","ADPwdMaxAge":"generalParameters/authParams/adParams","AuthLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","SMTPAuthPass":"generalParameters/advancedParams/SMTP","SMTPAuthUser":"generalParameters/advancedParams/SMTP","SMTPPort":"generalParameters/advancedParams/SMTP","SMTPServer":"generalParameters/advancedParams/SMTP","SMTPTLS":"generalParameters/advancedParams/SMTP","SMTPTLSOpts":"generalParameters/advancedParams/SMTP","SSLAuthnLevel":"generalParameters/authParams/sslParams","SSLVar":"generalParameters/authParams/sslParams","SSLVarIf":"generalParameters/authParams/sslParams","activeTimer":"generalParameters/advancedParams/forms","adaptativeAuthenticationLevelRules":"generalParameters/plugins","apacheAuthnLevel":"generalParameters/authParams/apacheParams","applicationList":"generalParameters/portalParams/portalMenu","authChoiceAuthBasic":"generalParameters/authParams/choiceParams","authChoiceFindUser":"generalParameters/authParams/choiceParams","authChoiceModules":"generalParameters/authParams/choiceParams","authChoiceParam":"generalParameters/authParams/choiceParams","authentication":"generalParameters/authParams","autoSigninRules":"generalParameters/plugins/autoSignin","avoidAssignment":"generalParameters/advancedParams/security","browsersDontStorePassword":"generalParameters/advancedParams/security","bruteForceProtection":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionIncrementalTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionLockTimes":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionMaxFailed":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","captcha_login_enabled":"generalParameters/portalParams/portalCaptcha","captcha_mail_enabled":"generalParameters/portalParams/portalCaptcha","captcha_register_enabled":"generalParameters/portalParams/portalCaptcha","captcha_size":"generalParameters/portalParams/portalCaptcha","casAccessControlPolicy":"casServiceMetadata","casAppMetaDataNodes":"","casAttr":"casServiceMetadata","casAttributes":"casServiceMetadata","casAuthnLevel":"generalParameters/authParams/casParams","casSrvMetaDataNodes":"","casStorage":"casServiceMetadata","casStorageOptions":"casServiceMetadata","casStrictMatching":"casServiceMetadata","cda":"generalParameters/cookieParams","certificateResetByMailCeaAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailCertificateAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailStep1Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep1Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailURL":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailValidityDelay":"generalParameters/plugins/certificateResetByMailManagement/mailOther","checkDevOps":"generalParameters/plugins/devOpsCheck","checkDevOpsDownload":"generalParameters/plugins/devOpsCheck","checkState":"generalParameters/plugins/stateCheck","checkStateSecret":"generalParameters/plugins/stateCheck","checkUser":"generalParameters/plugins/checkUsers","checkUserDisplayComputedSession":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserDisplayEmptyHeaders":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserDisplayEmptyValues":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserDisplayNormalizedHeaders":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserDisplayPersistentInfo":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserHiddenAttributes":"generalParameters/plugins/checkUsers","checkUserHiddenHeaders":"generalParameters/plugins/checkUsers","checkUserIdRule":"generalParameters/plugins/checkUsers","checkUserSearchAttributes":"generalParameters/plugins/checkUsers","checkUserUnrestrictedUsersRule":"generalParameters/plugins/checkUsers","checkXSS":"generalParameters/advancedParams/security","combModules":"generalParameters/authParams/combinationParams","combination":"generalParameters/authParams/combinationParams","combinationForms":"generalParameters/authParams/combinationParams","compactConf":"generalParameters/reloadParams","confirmFormMethod":"generalParameters/advancedParams/forms","contextSwitchingAllowed2fModifications":"generalParameters/plugins/contextSwitching","contextSwitchingIdRule":"generalParameters/plugins/contextSwitching","contextSwitchingRule":"generalParameters/plugins/contextSwitching","contextSwitchingStopWithLogout":"generalParameters/plugins/contextSwitching","contextSwitchingUnrestrictedUsersRule":"generalParameters/plugins/contextSwitching","cookieExpiration":"generalParameters/cookieParams","cookieName":"generalParameters/cookieParams","corsAllow_Credentials":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Methods":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Origin":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsEnabled":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsExpose_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsMax_Age":"generalParameters/advancedParams/security/crossOrigineResourceSharing","crowdsec":"generalParameters/advancedParams/security/CrowdSecPlugin","crowdsecAction":"generalParameters/advancedParams/security/CrowdSecPlugin","crowdsecKey":"generalParameters/advancedParams/security/CrowdSecPlugin","crowdsecUrl":"generalParameters/advancedParams/security/CrowdSecPlugin","cspConnect":"generalParameters/advancedParams/security/contentSecurityPolicy","cspDefault":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFont":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFormAction":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFrameAncestors":"generalParameters/advancedParams/security/contentSecurityPolicy","cspImg":"generalParameters/advancedParams/security/contentSecurityPolicy","cspScript":"generalParameters/advancedParams/security/contentSecurityPolicy","cspStyle":"generalParameters/advancedParams/security/contentSecurityPolicy","customAddParams":"generalParameters/authParams/customParams","customAuth":"generalParameters/authParams/customParams","customFunctions":"generalParameters/advancedParams","customPassword":"generalParameters/authParams/customParams","customPlugins":"generalParameters/plugins/customPluginsNode","customPluginsParams":"generalParameters/plugins/customPluginsNode","customRegister":"generalParameters/authParams/customParams","customResetCertByMail":"generalParameters/authParams/customParams","customToTrace":"generalParameters/logParams","customUserDB":"generalParameters/authParams/customParams","dbiAuthChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthLoginCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthPasswordCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPasswordHash":"generalParameters/authParams/dbiParams/dbiPassword","dbiAuthTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthnLevel":"generalParameters/authParams/dbiParams","dbiDynamicHashEnabled":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashNewPasswordScheme":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSaltedSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiExportedVars":"generalParameters/authParams/dbiParams","dbiPasswordMailCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","decryptValueFunctions":"generalParameters/plugins/decryptValue","decryptValueRule":"generalParameters/plugins/decryptValue","demoExportedVars":"generalParameters/authParams/demoParams","disablePersistentStorage":"generalParameters/sessionParams/persistentSessions","displaySessionId":"generalParameters/sessionParams","domain":"generalParameters/cookieParams","exportedAttr":"generalParameters/plugins/portalServers","exportedVars":"variables","ext2FSendCommand":"generalParameters/secondFactors/ext2f","ext2FValidateCommand":"generalParameters/secondFactors/ext2f","ext2fActivation":"generalParameters/secondFactors/ext2f","ext2fAuthnLevel":"generalParameters/secondFactors/ext2f","ext2fCodeActivation":"generalParameters/secondFactors/ext2f","ext2fLabel":"generalParameters/secondFactors/ext2f","ext2fLogo":"generalParameters/secondFactors/ext2f","facebookAppId":"generalParameters/authParams/facebookParams","facebookAppSecret":"generalParameters/authParams/facebookParams","facebookAuthnLevel":"generalParameters/authParams/facebookParams","facebookExportedVars":"generalParameters/authParams/facebookParams","facebookUserField":"generalParameters/authParams/facebookParams","failedLoginNumber":"generalParameters/plugins/loginHistory","favAppsMaxNumber":"generalParameters/portalParams/portalMenu/portalModules/favApps","findUser":"generalParameters/plugins/findUsers","findUserControl":"generalParameters/plugins/findUsers","findUserExcludingAttributes":"generalParameters/plugins/findUsers","findUserSearchingAttributes":"generalParameters/plugins/findUsers","findUserWildcard":"generalParameters/plugins/findUsers","formTimeout":"generalParameters/advancedParams/security","githubAuthnLevel":"generalParameters/authParams/githubParams","githubClientID":"generalParameters/authParams/githubParams","githubClientSecret":"generalParameters/authParams/githubParams","githubScope":"generalParameters/authParams/githubParams","githubUserField":"generalParameters/authParams/githubParams","globalLogoutCustomParam":"generalParameters/plugins/globalLogout","globalLogoutRule":"generalParameters/plugins/globalLogout","globalLogoutTimer":"generalParameters/plugins/globalLogout","globalStorage":"generalParameters/sessionParams/sessionStorage","globalStorageOptions":"generalParameters/sessionParams/sessionStorage","gpgAuthnLevel":"generalParameters/authParams/gpgParams","gpgDb":"generalParameters/authParams/gpgParams","grantSessionRules":"generalParameters/sessionParams","groups":"variables","groupsBeforeMacros":"generalParameters/advancedParams","hiddenAttributes":"generalParameters/logParams","hideOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","httpOnly":"generalParameters/cookieParams","https":"generalParameters/advancedParams/redirection","impersonationHiddenAttributes":"generalParameters/plugins/impersonation","impersonationIdRule":"generalParameters/plugins/impersonation","impersonationMergeSSOgroups":"generalParameters/plugins/impersonation","impersonationRule":"generalParameters/plugins/impersonation","impersonationSkipEmptyValues":"generalParameters/plugins/impersonation","impersonationUnrestrictedUsersRule":"generalParameters/plugins/impersonation","infoFormMethod":"generalParameters/advancedParams/forms","issuerDBCASActivation":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASPath":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASRule":"generalParameters/issuerParams/issuerDBCAS","issuerDBGetActivation":"generalParameters/issuerParams/issuerDBGet","issuerDBGetParameters":"generalParameters/issuerParams/issuerDBGet","issuerDBGetPath":"generalParameters/issuerParams/issuerDBGet","issuerDBGetRule":"generalParameters/issuerParams/issuerDBGet","issuerDBOpenIDActivation":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDConnectActivation":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectPath":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectRule":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDPath":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDRule":"generalParameters/issuerParams/issuerDBOpenID","issuerDBSAMLActivation":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLPath":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLRule":"generalParameters/issuerParams/issuerDBSAML","issuersTimeout":"generalParameters/issuerParams/issuerOptions","jsRedirect":"generalParameters/advancedParams/portalRedirection","key":"generalParameters/advancedParams/security","krbAllowedDomains":"generalParameters/authParams/kerberosParams","krbAuthnLevel":"generalParameters/authParams/kerberosParams","krbByJs":"generalParameters/authParams/kerberosParams","krbKeytab":"generalParameters/authParams/kerberosParams","krbRemoveDomain":"generalParameters/authParams/kerberosParams","ldapAllowResetExpiredPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapAuthnLevel":"generalParameters/authParams/ldapParams","ldapBase":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAFile":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAPath":"generalParameters/authParams/ldapParams/ldapConnection","ldapChangePasswordAsUser":"generalParameters/authParams/ldapParams/ldapPassword","ldapExportedVars":"generalParameters/authParams/ldapParams","ldapGetUserBeforePasswordChange":"generalParameters/authParams/ldapParams/ldapPassword","ldapGroupAttributeName":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameGroup":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameSearch":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameUser":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupBase":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupDecodeSearchedValue":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupObjectClass":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupRecursive":"generalParameters/authParams/ldapParams/ldapGroups","ldapIOTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapITDS":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttributeValue":"generalParameters/authParams/ldapParams/ldapPassword","ldapPort":"generalParameters/authParams/ldapParams/ldapConnection","ldapPpolicyControl":"generalParameters/authParams/ldapParams/ldapPassword","ldapPwdEnc":"generalParameters/authParams/ldapParams/ldapPassword","ldapRaw":"generalParameters/authParams/ldapParams/ldapConnection","ldapSearchDeref":"generalParameters/authParams/ldapParams/ldapFilters","ldapServer":"generalParameters/authParams/ldapParams/ldapConnection","ldapSetPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapUsePasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapVerify":"generalParameters/authParams/ldapParams/ldapConnection","ldapVersion":"generalParameters/authParams/ldapParams/ldapConnection","linkedInAuthnLevel":"generalParameters/authParams/linkedinParams","linkedInClientID":"generalParameters/authParams/linkedinParams","linkedInClientSecret":"generalParameters/authParams/linkedinParams","linkedInFields":"generalParameters/authParams/linkedinParams","linkedInScope":"generalParameters/authParams/linkedinParams","linkedInUserField":"generalParameters/authParams/linkedinParams","localSessionStorage":"generalParameters/sessionParams/sessionStorage","localSessionStorageOptions":"generalParameters/sessionParams/sessionStorage","loginHistoryEnabled":"generalParameters/plugins/loginHistory","logoutServices":"generalParameters/advancedParams","lwpOpts":"generalParameters/advancedParams/security","lwpSslOpts":"generalParameters/advancedParams/security","macros":"variables","mail2fActivation":"generalParameters/secondFactors/mail2f","mail2fAuthnLevel":"generalParameters/secondFactors/mail2f","mail2fBody":"generalParameters/secondFactors/mail2f","mail2fCodeRegex":"generalParameters/secondFactors/mail2f","mail2fLabel":"generalParameters/secondFactors/mail2f","mail2fLogo":"generalParameters/secondFactors/mail2f","mail2fSessionKey":"generalParameters/secondFactors/mail2f","mail2fSubject":"generalParameters/secondFactors/mail2f","mail2fTimeout":"generalParameters/secondFactors/mail2f","mailBody":"generalParameters/plugins/passwordManagement/mailContent","mailCharset":"generalParameters/advancedParams/SMTP/mailHeaders","mailConfirmBody":"generalParameters/plugins/passwordManagement/mailContent","mailConfirmSubject":"generalParameters/plugins/passwordManagement/mailContent","mailFrom":"generalParameters/advancedParams/SMTP/mailHeaders","mailLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","mailOnPasswordChange":"generalParameters/portalParams/portalCustomization/passwordManagement","mailReplyTo":"generalParameters/advancedParams/SMTP/mailHeaders","mailSessionKey":"generalParameters/advancedParams/SMTP","mailSubject":"generalParameters/plugins/passwordManagement/mailContent","mailTimeout":"generalParameters/plugins/passwordManagement/mailOther","mailUrl":"generalParameters/plugins/passwordManagement/mailOther","maintenance":"generalParameters/advancedParams/redirection","managerDn":"generalParameters/authParams/ldapParams/ldapConnection","managerPassword":"generalParameters/authParams/ldapParams/ldapConnection","multiValuesSeparator":"generalParameters/advancedParams","nginxCustomHandlers":"generalParameters/advancedParams","noAjaxHook":"generalParameters/advancedParams/portalRedirection","notification":"generalParameters/plugins/notifications","notificationDefaultCond":"generalParameters/plugins/notifications/serverNotification","notificationServer":"generalParameters/plugins/notifications/serverNotification","notificationServerDELETE":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerGET":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerPOST":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerSentAttributes":"generalParameters/plugins/notifications/serverNotification","notificationStorage":"generalParameters/plugins/notifications","notificationStorageOptions":"generalParameters/plugins/notifications","notificationWildcard":"generalParameters/plugins/notifications","notificationXSLTfile":"generalParameters/plugins/notifications","notificationsExplorer":"generalParameters/plugins/notifications","notifyDeleted":"generalParameters/sessionParams/multipleSessions","notifyOther":"generalParameters/sessionParams/multipleSessions","nullAuthnLevel":"generalParameters/authParams/nullParams","oidcAuthnLevel":"generalParameters/authParams/oidcParams","oidcOPMetaDataNodes":"","oidcRPCallbackGetParam":"generalParameters/authParams/oidcParams","oidcRPMetaDataNodes":"","oidcRPStateTimeout":"generalParameters/authParams/oidcParams","oidcServiceAccessTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowAuthorizationCodeFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowDynamicRegistration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowHybridFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowImplicitFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowOnlyDeclaredScopes":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAuthorizationCodeExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceDynamicRegistrationExportedVars":"oidcServiceMetaData","oidcServiceDynamicRegistrationExtraClaims":"oidcServiceMetaData","oidcServiceIDTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceKeyIdSig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServiceMetaDataAuthnContext":"oidcServiceMetaData","oidcServiceMetaDataAuthorizeURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataBackChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataCheckSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataEndSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataFrontChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIntrospectionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataJWKSURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataRegistrationURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataTokenURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataUserInfoURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceOfflineSessionExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServicePrivateKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServicePublicKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcStorage":"oidcServiceMetaData/oidcServiceMetaDataSessions","oidcStorageOptions":"oidcServiceMetaData/oidcServiceMetaDataSessions","oldNotifFormat":"generalParameters/plugins/notifications","openIdAttr":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdAuthnLevel":"generalParameters/authParams/openidParams","openIdExportedVars":"generalParameters/authParams/openidParams","openIdIDPList":"generalParameters/authParams/openidParams","openIdIssuerSecret":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSPList":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSecret":"generalParameters/authParams/openidParams","openIdSreg_country":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_dob":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_email":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_fullname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_gender":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_language":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_nickname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_postcode":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_timezone":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","pamAuthnLevel":"generalParameters/authParams/pamParams","pamService":"generalParameters/authParams/pamParams","passwordDB":"generalParameters/authParams","passwordPolicyActivation":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinDigit":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinLower":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSize":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSpeChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinUpper":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicySpecialChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordResetAllowedRetries":"generalParameters/portalParams/portalCustomization/portalButtons","persistentStorage":"generalParameters/sessionParams/persistentSessions","persistentStorageOptions":"generalParameters/sessionParams/persistentSessions","port":"generalParameters/advancedParams/redirection","portal":"generalParameters/portalParams","portalAntiFrame":"generalParameters/portalParams/portalCustomization/portalOther","portalCheckLogins":"generalParameters/portalParams/portalCustomization/portalButtons","portalCustomCss":"generalParameters/portalParams/portalCustomization","portalDisplayAppslist":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayCertificateResetByMail":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayChangePassword":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayFavApps":"generalParameters/portalParams/portalMenu/portalModules/favApps","portalDisplayGeneratePassword":"generalParameters/plugins/passwordManagement/mailOther","portalDisplayLoginHistory":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLogout":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayOidcConsents":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayPasswordPolicy":"generalParameters/portalParams/portalCustomization/passwordPolicy","portalDisplayRefreshMyRights":"generalParameters/portalParams/portalCustomization/portalOther","portalDisplayRegister":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayResetPassword":"generalParameters/portalParams/portalCustomization/portalButtons","portalErrorOnExpiredSession":"generalParameters/portalParams/portalCustomization/portalOther","portalErrorOnMailNotFound":"generalParameters/portalParams/portalCustomization/portalOther","portalForceAuthn":"generalParameters/advancedParams/security","portalForceAuthnInterval":"generalParameters/advancedParams/security","portalMainLogo":"generalParameters/portalParams/portalCustomization","portalOpenLinkInNewWindow":"generalParameters/portalParams/portalCustomization/portalOther","portalPingInterval":"generalParameters/portalParams/portalCustomization/portalOther","portalRequireOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","portalSkin":"generalParameters/portalParams/portalCustomization","portalSkinBackground":"generalParameters/portalParams/portalCustomization","portalSkinRules":"generalParameters/portalParams/portalCustomization","portalStatus":"generalParameters/plugins","portalUserAttr":"generalParameters/portalParams/portalCustomization/portalOther","proxyAuthService":"generalParameters/authParams/proxyParams","proxyAuthnLevel":"generalParameters/authParams/proxyParams","proxySessionService":"generalParameters/authParams/proxyParams","proxyUseSoap":"generalParameters/authParams/proxyParams","radius2fActivation":"generalParameters/secondFactors/radius2f","radius2fAuthnLevel":"generalParameters/secondFactors/radius2f","radius2fLabel":"generalParameters/secondFactors/radius2f","radius2fLogo":"generalParameters/secondFactors/radius2f","radius2fSecret":"generalParameters/secondFactors/radius2f","radius2fServer":"generalParameters/secondFactors/radius2f","radius2fTimeout":"generalParameters/secondFactors/radius2f","radius2fUsernameSessionKey":"generalParameters/secondFactors/radius2f","radiusAuthnLevel":"generalParameters/authParams/radiusParams","radiusSecret":"generalParameters/authParams/radiusParams","radiusServer":"generalParameters/authParams/radiusParams","randomPasswordRegexp":"generalParameters/plugins/passwordManagement/mailOther","redirectFormMethod":"generalParameters/advancedParams/forms","refreshSessions":"generalParameters/plugins","registerConfirmSubject":"generalParameters/plugins/register","registerDB":"generalParameters/authParams","registerDoneSubject":"generalParameters/plugins/register","registerTimeout":"generalParameters/plugins/register","registerUrl":"generalParameters/plugins/register","reloadTimeout":"generalParameters/reloadParams","reloadUrls":"generalParameters/reloadParams","remoteCookieName":"generalParameters/authParams/remoteParams","remoteGlobalStorage":"generalParameters/authParams/remoteParams","remoteGlobalStorageOptions":"generalParameters/authParams/remoteParams","remotePortal":"generalParameters/authParams/remoteParams","requireToken":"generalParameters/advancedParams/security","rest2fActivation":"generalParameters/secondFactors/rest2f","rest2fAuthnLevel":"generalParameters/secondFactors/rest2f","rest2fInitArgs":"generalParameters/secondFactors/rest2f","rest2fInitUrl":"generalParameters/secondFactors/rest2f","rest2fLabel":"generalParameters/secondFactors/rest2f","rest2fLogo":"generalParameters/secondFactors/rest2f","rest2fVerifyArgs":"generalParameters/secondFactors/rest2f","rest2fVerifyUrl":"generalParameters/secondFactors/rest2f","restAuthServer":"generalParameters/plugins/portalServers/restServices","restAuthUrl":"generalParameters/authParams/restParams","restAuthnLevel":"generalParameters/authParams/restParams","restClockTolerance":"generalParameters/plugins/portalServers/restServices","restConfigServer":"generalParameters/plugins/portalServers/restServices","restExportSecretKeys":"generalParameters/plugins/portalServers/restServices","restFindUserDBUrl":"generalParameters/plugins/findUsers","restPasswordServer":"generalParameters/plugins/portalServers/restServices","restPwdConfirmUrl":"generalParameters/authParams/restParams","restPwdModifyUrl":"generalParameters/authParams/restParams","restSessionServer":"generalParameters/plugins/portalServers/restServices","restUserDBUrl":"generalParameters/authParams/restParams","sameSite":"generalParameters/cookieParams","samlAttributeAuthorityDescriptorAttributeServiceSOAP":"samlServiceMetaData/samlAttributeAuthorityDescriptor/samlAttributeAuthorityDescriptorAttributeService","samlAuthnContextMapKerberos":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPassword":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPasswordProtectedTransport":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapTLSClient":"samlServiceMetaData/samlAuthnContextMap","samlCommonDomainCookieActivation":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieDomain":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieReader":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieWriter":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlDiscoveryProtocolActivation":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolIsPassive":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolPolicy":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolURL":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlEntityID":"samlServiceMetaData","samlIDPMetaDataNodes":"","samlIDPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorArtifactResolutionService","samlIDPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorWantAuthnRequestsSigned":"samlServiceMetaData/samlIDPSSODescriptor","samlMetadataForceUTF8":"samlServiceMetaData/samlAdvanced","samlNameIDFormatMapEmail":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapKerberos":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapWindows":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapX509":"samlServiceMetaData/samlNameIDFormatMap","samlOrganizationDisplayName":"samlServiceMetaData/samlOrganization","samlOrganizationName":"samlServiceMetaData/samlOrganization","samlOrganizationURL":"samlServiceMetaData/samlOrganization","samlOverrideIDPEntityID":"samlServiceMetaData/samlAdvanced","samlRelayStateTimeout":"samlServiceMetaData/samlAdvanced","samlSPMetaDataNodes":"","samlSPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorArtifactResolutionService","samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAssertionConsumerServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAuthnRequestsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlSPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorWantAssertionsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlServicePrivateKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeyEncPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePrivateKeySigPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePublicKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePublicKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServiceSignatureMethod":"samlServiceMetaData/samlServiceSecurity","samlServiceUseCertificateInResponse":"samlServiceMetaData/samlServiceSecurity","samlStorage":"samlServiceMetaData/samlAdvanced","samlStorageOptions":"samlServiceMetaData/samlAdvanced","samlUseQueryStringSpecific":"samlServiceMetaData/samlAdvanced","securedCookie":"generalParameters/cookieParams","sessionDataToRemember":"generalParameters/plugins/loginHistory","sfExtra":"generalParameters/secondFactors","sfManagerRule":"generalParameters/secondFactors","sfOnlyUpgrade":"generalParameters/secondFactors","sfRemovedMsgRule":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifMsg":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifRef":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifTitle":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedUseNotif":"generalParameters/secondFactors/sfRemovedNotification","sfRequired":"generalParameters/secondFactors","showLanguages":"generalParameters/portalParams/portalCustomization","singleIP":"generalParameters/sessionParams/multipleSessions","singleSession":"generalParameters/sessionParams/multipleSessions","singleUserByIP":"generalParameters/sessionParams/multipleSessions","skipRenewConfirmation":"generalParameters/advancedParams/portalRedirection","skipUpgradeConfirmation":"generalParameters/advancedParams/portalRedirection","slaveAuthnLevel":"generalParameters/authParams/slaveParams","slaveDisplayLogo":"generalParameters/authParams/slaveParams","slaveExportedVars":"generalParameters/authParams/slaveParams","slaveHeaderContent":"generalParameters/authParams/slaveParams","slaveHeaderName":"generalParameters/authParams/slaveParams","slaveMasterIP":"generalParameters/authParams/slaveParams","slaveUserHeader":"generalParameters/authParams/slaveParams","soapConfigServer":"generalParameters/plugins/portalServers/soapServices","soapSessionServer":"generalParameters/plugins/portalServers/soapServices","sslByAjax":"generalParameters/authParams/sslParams","sslHost":"generalParameters/authParams/sslParams","stayConnected":"generalParameters/plugins/stayConnect","stayConnectedCookieName":"generalParameters/plugins/stayConnect","stayConnectedTimeout":"generalParameters/plugins/stayConnect","storePassword":"generalParameters/sessionParams","successLoginNumber":"generalParameters/plugins/loginHistory","timeout":"generalParameters/sessionParams","timeoutActivity":"generalParameters/sessionParams","timeoutActivityInterval":"generalParameters/sessionParams","tokenUseGlobalStorage":"generalParameters/advancedParams/security","totp2fActivation":"generalParameters/secondFactors/totp2f","totp2fAuthnLevel":"generalParameters/secondFactors/totp2f","totp2fDigits":"generalParameters/secondFactors/totp2f","totp2fInterval":"generalParameters/secondFactors/totp2f","totp2fIssuer":"generalParameters/secondFactors/totp2f","totp2fLabel":"generalParameters/secondFactors/totp2f","totp2fLogo":"generalParameters/secondFactors/totp2f","totp2fRange":"generalParameters/secondFactors/totp2f","totp2fSelfRegistration":"generalParameters/secondFactors/totp2f","totp2fTTL":"generalParameters/secondFactors/totp2f","totp2fUserCanRemoveKey":"generalParameters/secondFactors/totp2f","trustedDomains":"generalParameters/advancedParams/security","twitterAppName":"generalParameters/authParams/twitterParams","twitterAuthnLevel":"generalParameters/authParams/twitterParams","twitterKey":"generalParameters/authParams/twitterParams","twitterSecret":"generalParameters/authParams/twitterParams","twitterUserField":"generalParameters/authParams/twitterParams","u2fActivation":"generalParameters/secondFactors/u2f","u2fAuthnLevel":"generalParameters/secondFactors/u2f","u2fLabel":"generalParameters/secondFactors/u2f","u2fLogo":"generalParameters/secondFactors/u2f","u2fSelfRegistration":"generalParameters/secondFactors/u2f","u2fTTL":"generalParameters/secondFactors/u2f","u2fUserCanRemoveKey":"generalParameters/secondFactors/u2f","upgradeSession":"generalParameters/plugins","useRedirectOnError":"generalParameters/advancedParams/redirection","useRedirectOnForbidden":"generalParameters/advancedParams/redirection","useSafeJail":"generalParameters/advancedParams/security","userControl":"generalParameters/advancedParams/security","userDB":"generalParameters/authParams","userPivot":"generalParameters/authParams/dbiParams/dbiSchema","utotp2fActivation":"generalParameters/secondFactors/utotp2f","utotp2fAuthnLevel":"generalParameters/secondFactors/utotp2f","utotp2fLabel":"generalParameters/secondFactors/utotp2f","utotp2fLogo":"generalParameters/secondFactors/utotp2f","virtualHosts":"","webIDAuthnLevel":"generalParameters/authParams/webidParams","webIDExportedVars":"generalParameters/authParams/webidParams","webIDWhitelist":"generalParameters/authParams/webidParams","whatToTrace":"generalParameters/logParams","wsdlServer":"generalParameters/plugins/portalServers/soapServices","yubikey2fActivation":"generalParameters/secondFactors/yubikey2f","yubikey2fAuthnLevel":"generalParameters/secondFactors/yubikey2f","yubikey2fClientID":"generalParameters/secondFactors/yubikey2f","yubikey2fFromSessionAttribute":"generalParameters/secondFactors/yubikey2f","yubikey2fLabel":"generalParameters/secondFactors/yubikey2f","yubikey2fLogo":"generalParameters/secondFactors/yubikey2f","yubikey2fNonce":"generalParameters/secondFactors/yubikey2f","yubikey2fPublicIDSize":"generalParameters/secondFactors/yubikey2f","yubikey2fSecretKey":"generalParameters/secondFactors/yubikey2f","yubikey2fSelfRegistration":"generalParameters/secondFactors/yubikey2f","yubikey2fTTL":"generalParameters/secondFactors/yubikey2f","yubikey2fUrl":"generalParameters/secondFactors/yubikey2f","yubikey2fUserCanRemoveKey":"generalParameters/secondFactors/yubikey2f"} \ No newline at end of file +{"ADPwdExpireWarning":"generalParameters/authParams/adParams","ADPwdMaxAge":"generalParameters/authParams/adParams","AuthLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","SMTPAuthPass":"generalParameters/advancedParams/SMTP","SMTPAuthUser":"generalParameters/advancedParams/SMTP","SMTPPort":"generalParameters/advancedParams/SMTP","SMTPServer":"generalParameters/advancedParams/SMTP","SMTPTLS":"generalParameters/advancedParams/SMTP","SMTPTLSOpts":"generalParameters/advancedParams/SMTP","SSLAuthnLevel":"generalParameters/authParams/sslParams","SSLVar":"generalParameters/authParams/sslParams","SSLVarIf":"generalParameters/authParams/sslParams","activeTimer":"generalParameters/advancedParams/forms","adaptativeAuthenticationLevelRules":"generalParameters/plugins","apacheAuthnLevel":"generalParameters/authParams/apacheParams","applicationList":"generalParameters/portalParams/portalMenu","authChoiceAuthBasic":"generalParameters/authParams/choiceParams","authChoiceFindUser":"generalParameters/authParams/choiceParams","authChoiceModules":"generalParameters/authParams/choiceParams","authChoiceParam":"generalParameters/authParams/choiceParams","authentication":"generalParameters/authParams","autoSigninRules":"generalParameters/plugins/autoSignin","avoidAssignment":"generalParameters/advancedParams/security","browsersDontStorePassword":"generalParameters/advancedParams/security","bruteForceProtection":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionIncrementalTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionLockTimes":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionMaxFailed":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","captcha_login_enabled":"generalParameters/portalParams/portalCaptcha","captcha_mail_enabled":"generalParameters/portalParams/portalCaptcha","captcha_register_enabled":"generalParameters/portalParams/portalCaptcha","captcha_size":"generalParameters/portalParams/portalCaptcha","casAccessControlPolicy":"casServiceMetadata","casAppMetaDataNodes":"","casAttr":"casServiceMetadata","casAttributes":"casServiceMetadata","casAuthnLevel":"generalParameters/authParams/casParams","casSrvMetaDataNodes":"","casStorage":"casServiceMetadata","casStorageOptions":"casServiceMetadata","casStrictMatching":"casServiceMetadata","cda":"generalParameters/cookieParams","certificateResetByMailCeaAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailCertificateAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailStep1Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep1Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailURL":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailValidityDelay":"generalParameters/plugins/certificateResetByMailManagement/mailOther","checkDevOps":"generalParameters/plugins/devOpsCheck","checkDevOpsDownload":"generalParameters/plugins/devOpsCheck","checkState":"generalParameters/plugins/stateCheck","checkStateSecret":"generalParameters/plugins/stateCheck","checkUser":"generalParameters/plugins/checkUsers","checkUserDisplayComputedSession":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserDisplayEmptyHeaders":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserDisplayEmptyValues":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserDisplayNormalizedHeaders":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserDisplayPersistentInfo":"generalParameters/plugins/checkUsers/checkUserDisplay","checkUserHiddenAttributes":"generalParameters/plugins/checkUsers","checkUserHiddenHeaders":"generalParameters/plugins/checkUsers","checkUserIdRule":"generalParameters/plugins/checkUsers","checkUserSearchAttributes":"generalParameters/plugins/checkUsers","checkUserUnrestrictedUsersRule":"generalParameters/plugins/checkUsers","checkXSS":"generalParameters/advancedParams/security","combModules":"generalParameters/authParams/combinationParams","combination":"generalParameters/authParams/combinationParams","combinationForms":"generalParameters/authParams/combinationParams","compactConf":"generalParameters/reloadParams","confirmFormMethod":"generalParameters/advancedParams/forms","contextSwitchingAllowed2fModifications":"generalParameters/plugins/contextSwitching","contextSwitchingIdRule":"generalParameters/plugins/contextSwitching","contextSwitchingRule":"generalParameters/plugins/contextSwitching","contextSwitchingStopWithLogout":"generalParameters/plugins/contextSwitching","contextSwitchingUnrestrictedUsersRule":"generalParameters/plugins/contextSwitching","cookieExpiration":"generalParameters/cookieParams","cookieName":"generalParameters/cookieParams","corsAllow_Credentials":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Methods":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Origin":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsEnabled":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsExpose_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsMax_Age":"generalParameters/advancedParams/security/crossOrigineResourceSharing","crowdsec":"generalParameters/advancedParams/security/CrowdSecPlugin","crowdsecAction":"generalParameters/advancedParams/security/CrowdSecPlugin","crowdsecKey":"generalParameters/advancedParams/security/CrowdSecPlugin","crowdsecUrl":"generalParameters/advancedParams/security/CrowdSecPlugin","cspConnect":"generalParameters/advancedParams/security/contentSecurityPolicy","cspDefault":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFont":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFormAction":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFrameAncestors":"generalParameters/advancedParams/security/contentSecurityPolicy","cspImg":"generalParameters/advancedParams/security/contentSecurityPolicy","cspScript":"generalParameters/advancedParams/security/contentSecurityPolicy","cspStyle":"generalParameters/advancedParams/security/contentSecurityPolicy","customAddParams":"generalParameters/authParams/customParams","customAuth":"generalParameters/authParams/customParams","customFunctions":"generalParameters/advancedParams","customPassword":"generalParameters/authParams/customParams","customPlugins":"generalParameters/plugins/customPluginsNode","customPluginsParams":"generalParameters/plugins/customPluginsNode","customRegister":"generalParameters/authParams/customParams","customResetCertByMail":"generalParameters/authParams/customParams","customToTrace":"generalParameters/logParams","customUserDB":"generalParameters/authParams/customParams","dbiAuthChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthLoginCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthPasswordCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPasswordHash":"generalParameters/authParams/dbiParams/dbiPassword","dbiAuthTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthnLevel":"generalParameters/authParams/dbiParams","dbiDynamicHashEnabled":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashNewPasswordScheme":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSaltedSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiExportedVars":"generalParameters/authParams/dbiParams","dbiPasswordMailCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","decryptValueFunctions":"generalParameters/plugins/decryptValue","decryptValueRule":"generalParameters/plugins/decryptValue","demoExportedVars":"generalParameters/authParams/demoParams","disablePersistentStorage":"generalParameters/sessionParams/persistentSessions","displaySessionId":"generalParameters/sessionParams","domain":"generalParameters/cookieParams","exportedAttr":"generalParameters/plugins/portalServers","exportedVars":"variables","ext2FSendCommand":"generalParameters/secondFactors/ext2f","ext2FValidateCommand":"generalParameters/secondFactors/ext2f","ext2fActivation":"generalParameters/secondFactors/ext2f","ext2fAuthnLevel":"generalParameters/secondFactors/ext2f","ext2fCodeActivation":"generalParameters/secondFactors/ext2f","ext2fLabel":"generalParameters/secondFactors/ext2f","ext2fLogo":"generalParameters/secondFactors/ext2f","facebookAppId":"generalParameters/authParams/facebookParams","facebookAppSecret":"generalParameters/authParams/facebookParams","facebookAuthnLevel":"generalParameters/authParams/facebookParams","facebookExportedVars":"generalParameters/authParams/facebookParams","facebookUserField":"generalParameters/authParams/facebookParams","failedLoginNumber":"generalParameters/plugins/loginHistory","favAppsMaxNumber":"generalParameters/portalParams/portalMenu/portalModules/favApps","findUser":"generalParameters/plugins/findUsers","findUserControl":"generalParameters/plugins/findUsers","findUserExcludingAttributes":"generalParameters/plugins/findUsers","findUserSearchingAttributes":"generalParameters/plugins/findUsers","findUserWildcard":"generalParameters/plugins/findUsers","formTimeout":"generalParameters/advancedParams/security","githubAuthnLevel":"generalParameters/authParams/githubParams","githubClientID":"generalParameters/authParams/githubParams","githubClientSecret":"generalParameters/authParams/githubParams","githubScope":"generalParameters/authParams/githubParams","githubUserField":"generalParameters/authParams/githubParams","globalLogoutCustomParam":"generalParameters/plugins/globalLogout","globalLogoutRule":"generalParameters/plugins/globalLogout","globalLogoutTimer":"generalParameters/plugins/globalLogout","globalStorage":"generalParameters/sessionParams/sessionStorage","globalStorageOptions":"generalParameters/sessionParams/sessionStorage","gpgAuthnLevel":"generalParameters/authParams/gpgParams","gpgDb":"generalParameters/authParams/gpgParams","grantSessionRules":"generalParameters/sessionParams","groups":"variables","groupsBeforeMacros":"generalParameters/advancedParams","hiddenAttributes":"generalParameters/logParams","hideOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","httpOnly":"generalParameters/cookieParams","https":"generalParameters/advancedParams/redirection","impersonationHiddenAttributes":"generalParameters/plugins/impersonation","impersonationIdRule":"generalParameters/plugins/impersonation","impersonationMergeSSOgroups":"generalParameters/plugins/impersonation","impersonationRule":"generalParameters/plugins/impersonation","impersonationSkipEmptyValues":"generalParameters/plugins/impersonation","impersonationUnrestrictedUsersRule":"generalParameters/plugins/impersonation","infoFormMethod":"generalParameters/advancedParams/forms","issuerDBCASActivation":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASPath":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASRule":"generalParameters/issuerParams/issuerDBCAS","issuerDBGetActivation":"generalParameters/issuerParams/issuerDBGet","issuerDBGetParameters":"generalParameters/issuerParams/issuerDBGet","issuerDBGetPath":"generalParameters/issuerParams/issuerDBGet","issuerDBGetRule":"generalParameters/issuerParams/issuerDBGet","issuerDBOpenIDActivation":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDConnectActivation":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectPath":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectRule":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDPath":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDRule":"generalParameters/issuerParams/issuerDBOpenID","issuerDBSAMLActivation":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLPath":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLRule":"generalParameters/issuerParams/issuerDBSAML","issuersTimeout":"generalParameters/issuerParams/issuerOptions","jsRedirect":"generalParameters/advancedParams/portalRedirection","key":"generalParameters/advancedParams/security","krbAllowedDomains":"generalParameters/authParams/kerberosParams","krbAuthnLevel":"generalParameters/authParams/kerberosParams","krbByJs":"generalParameters/authParams/kerberosParams","krbKeytab":"generalParameters/authParams/kerberosParams","krbRemoveDomain":"generalParameters/authParams/kerberosParams","ldapAllowResetExpiredPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapAuthnLevel":"generalParameters/authParams/ldapParams","ldapBase":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAFile":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAPath":"generalParameters/authParams/ldapParams/ldapConnection","ldapChangePasswordAsUser":"generalParameters/authParams/ldapParams/ldapPassword","ldapExportedVars":"generalParameters/authParams/ldapParams","ldapGetUserBeforePasswordChange":"generalParameters/authParams/ldapParams/ldapPassword","ldapGroupAttributeName":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameGroup":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameSearch":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameUser":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupBase":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupDecodeSearchedValue":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupObjectClass":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupRecursive":"generalParameters/authParams/ldapParams/ldapGroups","ldapIOTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapITDS":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttributeValue":"generalParameters/authParams/ldapParams/ldapPassword","ldapPort":"generalParameters/authParams/ldapParams/ldapConnection","ldapPpolicyControl":"generalParameters/authParams/ldapParams/ldapPassword","ldapPwdEnc":"generalParameters/authParams/ldapParams/ldapPassword","ldapRaw":"generalParameters/authParams/ldapParams/ldapConnection","ldapSearchDeref":"generalParameters/authParams/ldapParams/ldapFilters","ldapServer":"generalParameters/authParams/ldapParams/ldapConnection","ldapSetPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapUsePasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapVerify":"generalParameters/authParams/ldapParams/ldapConnection","ldapVersion":"generalParameters/authParams/ldapParams/ldapConnection","linkedInAuthnLevel":"generalParameters/authParams/linkedinParams","linkedInClientID":"generalParameters/authParams/linkedinParams","linkedInClientSecret":"generalParameters/authParams/linkedinParams","linkedInFields":"generalParameters/authParams/linkedinParams","linkedInScope":"generalParameters/authParams/linkedinParams","linkedInUserField":"generalParameters/authParams/linkedinParams","localSessionStorage":"generalParameters/sessionParams/sessionStorage","localSessionStorageOptions":"generalParameters/sessionParams/sessionStorage","loginHistoryEnabled":"generalParameters/plugins/loginHistory","logoutServices":"generalParameters/advancedParams","lwpOpts":"generalParameters/advancedParams/security","lwpSslOpts":"generalParameters/advancedParams/security","macros":"variables","mail2fActivation":"generalParameters/secondFactors/mail2f","mail2fAuthnLevel":"generalParameters/secondFactors/mail2f","mail2fBody":"generalParameters/secondFactors/mail2f","mail2fCodeRegex":"generalParameters/secondFactors/mail2f","mail2fLabel":"generalParameters/secondFactors/mail2f","mail2fLogo":"generalParameters/secondFactors/mail2f","mail2fSessionKey":"generalParameters/secondFactors/mail2f","mail2fSubject":"generalParameters/secondFactors/mail2f","mail2fTimeout":"generalParameters/secondFactors/mail2f","mailBody":"generalParameters/plugins/passwordManagement/mailContent","mailCharset":"generalParameters/advancedParams/SMTP/mailHeaders","mailConfirmBody":"generalParameters/plugins/passwordManagement/mailContent","mailConfirmSubject":"generalParameters/plugins/passwordManagement/mailContent","mailFrom":"generalParameters/advancedParams/SMTP/mailHeaders","mailLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","mailOnPasswordChange":"generalParameters/portalParams/portalCustomization/passwordManagement","mailReplyTo":"generalParameters/advancedParams/SMTP/mailHeaders","mailSessionKey":"generalParameters/advancedParams/SMTP","mailSubject":"generalParameters/plugins/passwordManagement/mailContent","mailTimeout":"generalParameters/plugins/passwordManagement/mailOther","mailUrl":"generalParameters/plugins/passwordManagement/mailOther","maintenance":"generalParameters/advancedParams/redirection","managerDn":"generalParameters/authParams/ldapParams/ldapConnection","managerPassword":"generalParameters/authParams/ldapParams/ldapConnection","multiValuesSeparator":"generalParameters/advancedParams","nginxCustomHandlers":"generalParameters/advancedParams","noAjaxHook":"generalParameters/advancedParams/portalRedirection","notification":"generalParameters/plugins/notifications","notificationDefaultCond":"generalParameters/plugins/notifications/serverNotification","notificationServer":"generalParameters/plugins/notifications/serverNotification","notificationServerDELETE":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerGET":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerPOST":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerSentAttributes":"generalParameters/plugins/notifications/serverNotification","notificationStorage":"generalParameters/plugins/notifications","notificationStorageOptions":"generalParameters/plugins/notifications","notificationWildcard":"generalParameters/plugins/notifications","notificationXSLTfile":"generalParameters/plugins/notifications","notificationsExplorer":"generalParameters/plugins/notifications","notifyDeleted":"generalParameters/sessionParams/multipleSessions","notifyOther":"generalParameters/sessionParams/multipleSessions","nullAuthnLevel":"generalParameters/authParams/nullParams","oidcAuthnLevel":"generalParameters/authParams/oidcParams","oidcOPMetaDataNodes":"","oidcRPCallbackGetParam":"generalParameters/authParams/oidcParams","oidcRPMetaDataNodes":"","oidcRPStateTimeout":"generalParameters/authParams/oidcParams","oidcServiceAccessTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowAuthorizationCodeFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowDynamicRegistration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowHybridFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowImplicitFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowOnlyDeclaredScopes":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAuthorizationCodeExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceDynamicRegistrationExportedVars":"oidcServiceMetaData","oidcServiceDynamicRegistrationExtraClaims":"oidcServiceMetaData","oidcServiceIDTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceKeyIdSig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServiceMetaDataAuthnContext":"oidcServiceMetaData","oidcServiceMetaDataAuthorizeURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataBackChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataCheckSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataEndSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataFrontChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIntrospectionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataJWKSURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataRegistrationURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataTokenURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataUserInfoURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceOfflineSessionExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServicePrivateKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServicePublicKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcStorage":"oidcServiceMetaData/oidcServiceMetaDataSessions","oidcStorageOptions":"oidcServiceMetaData/oidcServiceMetaDataSessions","oldNotifFormat":"generalParameters/plugins/notifications","openIdAttr":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdAuthnLevel":"generalParameters/authParams/openidParams","openIdExportedVars":"generalParameters/authParams/openidParams","openIdIDPList":"generalParameters/authParams/openidParams","openIdIssuerSecret":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSPList":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSecret":"generalParameters/authParams/openidParams","openIdSreg_country":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_dob":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_email":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_fullname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_gender":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_language":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_nickname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_postcode":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_timezone":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","pamAuthnLevel":"generalParameters/authParams/pamParams","pamService":"generalParameters/authParams/pamParams","passwordDB":"generalParameters/authParams","passwordPolicyActivation":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinDigit":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinLower":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSize":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSpeChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinUpper":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicySpecialChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordResetAllowedRetries":"generalParameters/portalParams/portalCustomization/portalButtons","persistentStorage":"generalParameters/sessionParams/persistentSessions","persistentStorageOptions":"generalParameters/sessionParams/persistentSessions","port":"generalParameters/advancedParams/redirection","portal":"generalParameters/portalParams","portalAntiFrame":"generalParameters/portalParams/portalCustomization/portalOther","portalCheckLogins":"generalParameters/portalParams/portalCustomization/portalButtons","portalCustomCss":"generalParameters/portalParams/portalCustomization","portalDisplayAppslist":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayCertificateResetByMail":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayChangePassword":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayFavApps":"generalParameters/portalParams/portalMenu/portalModules/favApps","portalDisplayGeneratePassword":"generalParameters/plugins/passwordManagement/mailOther","portalDisplayLoginHistory":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLogout":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayOidcConsents":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayPasswordPolicy":"generalParameters/portalParams/portalCustomization/passwordPolicy","portalDisplayRefreshMyRights":"generalParameters/portalParams/portalCustomization/portalOther","portalDisplayRegister":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayResetPassword":"generalParameters/portalParams/portalCustomization/portalButtons","portalEnablePasswordDisplay":"generalParameters/portalParams/portalCustomization/passwordManagement","portalErrorOnExpiredSession":"generalParameters/portalParams/portalCustomization/portalOther","portalErrorOnMailNotFound":"generalParameters/portalParams/portalCustomization/portalOther","portalForceAuthn":"generalParameters/advancedParams/security","portalForceAuthnInterval":"generalParameters/advancedParams/security","portalMainLogo":"generalParameters/portalParams/portalCustomization","portalOpenLinkInNewWindow":"generalParameters/portalParams/portalCustomization/portalOther","portalPingInterval":"generalParameters/portalParams/portalCustomization/portalOther","portalRequireOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","portalSkin":"generalParameters/portalParams/portalCustomization","portalSkinBackground":"generalParameters/portalParams/portalCustomization","portalSkinRules":"generalParameters/portalParams/portalCustomization","portalStatus":"generalParameters/plugins","portalUserAttr":"generalParameters/portalParams/portalCustomization/portalOther","proxyAuthService":"generalParameters/authParams/proxyParams","proxyAuthnLevel":"generalParameters/authParams/proxyParams","proxySessionService":"generalParameters/authParams/proxyParams","proxyUseSoap":"generalParameters/authParams/proxyParams","radius2fActivation":"generalParameters/secondFactors/radius2f","radius2fAuthnLevel":"generalParameters/secondFactors/radius2f","radius2fLabel":"generalParameters/secondFactors/radius2f","radius2fLogo":"generalParameters/secondFactors/radius2f","radius2fSecret":"generalParameters/secondFactors/radius2f","radius2fServer":"generalParameters/secondFactors/radius2f","radius2fTimeout":"generalParameters/secondFactors/radius2f","radius2fUsernameSessionKey":"generalParameters/secondFactors/radius2f","radiusAuthnLevel":"generalParameters/authParams/radiusParams","radiusSecret":"generalParameters/authParams/radiusParams","radiusServer":"generalParameters/authParams/radiusParams","randomPasswordRegexp":"generalParameters/plugins/passwordManagement/mailOther","redirectFormMethod":"generalParameters/advancedParams/forms","refreshSessions":"generalParameters/plugins","registerConfirmSubject":"generalParameters/plugins/register","registerDB":"generalParameters/authParams","registerDoneSubject":"generalParameters/plugins/register","registerTimeout":"generalParameters/plugins/register","registerUrl":"generalParameters/plugins/register","reloadTimeout":"generalParameters/reloadParams","reloadUrls":"generalParameters/reloadParams","remoteCookieName":"generalParameters/authParams/remoteParams","remoteGlobalStorage":"generalParameters/authParams/remoteParams","remoteGlobalStorageOptions":"generalParameters/authParams/remoteParams","remotePortal":"generalParameters/authParams/remoteParams","requireToken":"generalParameters/advancedParams/security","rest2fActivation":"generalParameters/secondFactors/rest2f","rest2fAuthnLevel":"generalParameters/secondFactors/rest2f","rest2fInitArgs":"generalParameters/secondFactors/rest2f","rest2fInitUrl":"generalParameters/secondFactors/rest2f","rest2fLabel":"generalParameters/secondFactors/rest2f","rest2fLogo":"generalParameters/secondFactors/rest2f","rest2fVerifyArgs":"generalParameters/secondFactors/rest2f","rest2fVerifyUrl":"generalParameters/secondFactors/rest2f","restAuthServer":"generalParameters/plugins/portalServers/restServices","restAuthUrl":"generalParameters/authParams/restParams","restAuthnLevel":"generalParameters/authParams/restParams","restClockTolerance":"generalParameters/plugins/portalServers/restServices","restConfigServer":"generalParameters/plugins/portalServers/restServices","restExportSecretKeys":"generalParameters/plugins/portalServers/restServices","restFindUserDBUrl":"generalParameters/plugins/findUsers","restPasswordServer":"generalParameters/plugins/portalServers/restServices","restPwdConfirmUrl":"generalParameters/authParams/restParams","restPwdModifyUrl":"generalParameters/authParams/restParams","restSessionServer":"generalParameters/plugins/portalServers/restServices","restUserDBUrl":"generalParameters/authParams/restParams","sameSite":"generalParameters/cookieParams","samlAttributeAuthorityDescriptorAttributeServiceSOAP":"samlServiceMetaData/samlAttributeAuthorityDescriptor/samlAttributeAuthorityDescriptorAttributeService","samlAuthnContextMapKerberos":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPassword":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPasswordProtectedTransport":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapTLSClient":"samlServiceMetaData/samlAuthnContextMap","samlCommonDomainCookieActivation":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieDomain":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieReader":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieWriter":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlDiscoveryProtocolActivation":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolIsPassive":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolPolicy":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolURL":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlEntityID":"samlServiceMetaData","samlIDPMetaDataNodes":"","samlIDPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorArtifactResolutionService","samlIDPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorWantAuthnRequestsSigned":"samlServiceMetaData/samlIDPSSODescriptor","samlMetadataForceUTF8":"samlServiceMetaData/samlAdvanced","samlNameIDFormatMapEmail":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapKerberos":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapWindows":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapX509":"samlServiceMetaData/samlNameIDFormatMap","samlOrganizationDisplayName":"samlServiceMetaData/samlOrganization","samlOrganizationName":"samlServiceMetaData/samlOrganization","samlOrganizationURL":"samlServiceMetaData/samlOrganization","samlOverrideIDPEntityID":"samlServiceMetaData/samlAdvanced","samlRelayStateTimeout":"samlServiceMetaData/samlAdvanced","samlSPMetaDataNodes":"","samlSPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorArtifactResolutionService","samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAssertionConsumerServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAuthnRequestsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlSPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorWantAssertionsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlServicePrivateKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeyEncPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePrivateKeySigPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePublicKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePublicKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServiceSignatureMethod":"samlServiceMetaData/samlServiceSecurity","samlServiceUseCertificateInResponse":"samlServiceMetaData/samlServiceSecurity","samlStorage":"samlServiceMetaData/samlAdvanced","samlStorageOptions":"samlServiceMetaData/samlAdvanced","samlUseQueryStringSpecific":"samlServiceMetaData/samlAdvanced","securedCookie":"generalParameters/cookieParams","sessionDataToRemember":"generalParameters/plugins/loginHistory","sfExtra":"generalParameters/secondFactors","sfManagerRule":"generalParameters/secondFactors","sfOnlyUpgrade":"generalParameters/secondFactors","sfRegisterTimeout":"generalParameters/secondFactors","sfRemovedMsgRule":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifMsg":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifRef":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifTitle":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedUseNotif":"generalParameters/secondFactors/sfRemovedNotification","sfRequired":"generalParameters/secondFactors","showLanguages":"generalParameters/portalParams/portalCustomization","singleIP":"generalParameters/sessionParams/multipleSessions","singleSession":"generalParameters/sessionParams/multipleSessions","singleUserByIP":"generalParameters/sessionParams/multipleSessions","skipRenewConfirmation":"generalParameters/advancedParams/portalRedirection","skipUpgradeConfirmation":"generalParameters/advancedParams/portalRedirection","slaveAuthnLevel":"generalParameters/authParams/slaveParams","slaveDisplayLogo":"generalParameters/authParams/slaveParams","slaveExportedVars":"generalParameters/authParams/slaveParams","slaveHeaderContent":"generalParameters/authParams/slaveParams","slaveHeaderName":"generalParameters/authParams/slaveParams","slaveMasterIP":"generalParameters/authParams/slaveParams","slaveUserHeader":"generalParameters/authParams/slaveParams","soapConfigServer":"generalParameters/plugins/portalServers/soapServices","soapSessionServer":"generalParameters/plugins/portalServers/soapServices","sslByAjax":"generalParameters/authParams/sslParams","sslHost":"generalParameters/authParams/sslParams","stayConnected":"generalParameters/plugins/stayConnect","stayConnectedCookieName":"generalParameters/plugins/stayConnect","stayConnectedTimeout":"generalParameters/plugins/stayConnect","storePassword":"generalParameters/sessionParams","successLoginNumber":"generalParameters/plugins/loginHistory","timeout":"generalParameters/sessionParams","timeoutActivity":"generalParameters/sessionParams","timeoutActivityInterval":"generalParameters/sessionParams","tokenUseGlobalStorage":"generalParameters/advancedParams/security","totp2fActivation":"generalParameters/secondFactors/totp2f","totp2fAuthnLevel":"generalParameters/secondFactors/totp2f","totp2fDigits":"generalParameters/secondFactors/totp2f","totp2fInterval":"generalParameters/secondFactors/totp2f","totp2fIssuer":"generalParameters/secondFactors/totp2f","totp2fLabel":"generalParameters/secondFactors/totp2f","totp2fLogo":"generalParameters/secondFactors/totp2f","totp2fRange":"generalParameters/secondFactors/totp2f","totp2fSelfRegistration":"generalParameters/secondFactors/totp2f","totp2fTTL":"generalParameters/secondFactors/totp2f","totp2fUserCanRemoveKey":"generalParameters/secondFactors/totp2f","trustedDomains":"generalParameters/advancedParams/security","twitterAppName":"generalParameters/authParams/twitterParams","twitterAuthnLevel":"generalParameters/authParams/twitterParams","twitterKey":"generalParameters/authParams/twitterParams","twitterSecret":"generalParameters/authParams/twitterParams","twitterUserField":"generalParameters/authParams/twitterParams","u2fActivation":"generalParameters/secondFactors/u2f","u2fAuthnLevel":"generalParameters/secondFactors/u2f","u2fLabel":"generalParameters/secondFactors/u2f","u2fLogo":"generalParameters/secondFactors/u2f","u2fSelfRegistration":"generalParameters/secondFactors/u2f","u2fTTL":"generalParameters/secondFactors/u2f","u2fUserCanRemoveKey":"generalParameters/secondFactors/u2f","upgradeSession":"generalParameters/plugins","useRedirectOnError":"generalParameters/advancedParams/redirection","useRedirectOnForbidden":"generalParameters/advancedParams/redirection","useSafeJail":"generalParameters/advancedParams/security","userControl":"generalParameters/advancedParams/security","userDB":"generalParameters/authParams","userPivot":"generalParameters/authParams/dbiParams/dbiSchema","utotp2fActivation":"generalParameters/secondFactors/utotp2f","utotp2fAuthnLevel":"generalParameters/secondFactors/utotp2f","utotp2fLabel":"generalParameters/secondFactors/utotp2f","utotp2fLogo":"generalParameters/secondFactors/utotp2f","virtualHosts":"","webIDAuthnLevel":"generalParameters/authParams/webidParams","webIDExportedVars":"generalParameters/authParams/webidParams","webIDWhitelist":"generalParameters/authParams/webidParams","whatToTrace":"generalParameters/logParams","wsdlServer":"generalParameters/plugins/portalServers/soapServices","yubikey2fActivation":"generalParameters/secondFactors/yubikey2f","yubikey2fAuthnLevel":"generalParameters/secondFactors/yubikey2f","yubikey2fClientID":"generalParameters/secondFactors/yubikey2f","yubikey2fFromSessionAttribute":"generalParameters/secondFactors/yubikey2f","yubikey2fLabel":"generalParameters/secondFactors/yubikey2f","yubikey2fLogo":"generalParameters/secondFactors/yubikey2f","yubikey2fNonce":"generalParameters/secondFactors/yubikey2f","yubikey2fPublicIDSize":"generalParameters/secondFactors/yubikey2f","yubikey2fSecretKey":"generalParameters/secondFactors/yubikey2f","yubikey2fSelfRegistration":"generalParameters/secondFactors/yubikey2f","yubikey2fTTL":"generalParameters/secondFactors/yubikey2f","yubikey2fUrl":"generalParameters/secondFactors/yubikey2f","yubikey2fUserCanRemoveKey":"generalParameters/secondFactors/yubikey2f"} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/struct.json b/lemonldap-ng-manager/site/htdocs/static/struct.json index 5857add48..54a2798c8 100644 --- a/lemonldap-ng-manager/site/htdocs/static/struct.json +++ b/lemonldap-ng-manager/site/htdocs/static/struct.json @@ -1 +1 @@ -[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"},{"_nodes":[{"default":1,"id":"portalDisplayFavApps","title":"portalDisplayFavApps","type":"boolOrExpr"},{"default":3,"id":"favAppsMaxNumber","title":"favAppsMaxNumber","type":"int"}],"help":"favapps.html","id":"favApps","title":"favApps","type":"simpleInputContainer"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Combination","v":"combineMods"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"},{"id":"authChoiceFindUser","title":"authChoiceFindUser"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"},{"id":"krbAllowedDomains","title":"krbAllowedDomains"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":10,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":10,"id":"ldapIOTimeout","title":"ldapIOTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapGetUserBeforePasswordChange","title":"ldapGetUserBeforePasswordChange","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"},{"id":"combinationForms","title":"combinationForms"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":1,"id":"displaySessionId","title":"displaySessionId","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":2592000,"id":"stayConnectedTimeout","title":"stayConnectedTimeout","type":"int"},{"default":"llngconnection","id":"stayConnectedCookieName","title":"stayConnectedCookieName"}],"help":"stayconnected.html","id":"stayConnect","title":"stayConnect","type":"simpleInputContainer"},{"_nodes":[{"id":"exportedAttr","title":"exportedAttr"},{"_nodes":[{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"}],"help":"portalservers.html#REST","id":"restServices","title":"restServices","type":"simpleInputContainer"},{"_nodes":[{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"}],"help":"portalservers.html#SOAP_(deprecated)","id":"soapServices","title":"soapServices","type":"simpleInputContainer"}],"help":"portalservers.html","id":"portalServers","title":"portalServers"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"id":"certificateResetByMailManagement","title":"certificateResetByMailManagement","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"cnodes":"checkUserHiddenHeaders","id":"checkUserHiddenHeaders","title":"checkUserHiddenHeaders","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayNormalizedHeaders","title":"checkUserDisplayNormalizedHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"}],"help":"checkuser.html#configuration","id":"checkUserDisplay","title":"checkUserDisplay","type":"simpleInputContainer"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers"},{"_nodes":[{"default":0,"id":"checkDevOps","title":"checkDevOps","type":"bool"},{"default":1,"id":"checkDevOpsDownload","title":"checkDevOpsDownload","type":"bool"}],"help":"checkdevops.html","id":"devOpsCheck","title":"devOpsCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"}],"help":"impersonation.html","id":"impersonation","title":"impersonation","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"findUser","title":"findUser","type":"bool"},{"default":"*","id":"findUserWildcard","title":"findUserWildcard"},{"default":"^[*\\w]+$","id":"findUserControl","title":"findUserControl"},{"id":"restFindUserDBUrl","title":"restFindUserDBUrl"},{"cnodes":"findUserSearchingAttributes","id":"findUserSearchingAttributes","title":"findUserSearchingAttributes","type":"keyTextContainer"},{"cnodes":"findUserExcludingAttributes","id":"findUserExcludingAttributes","title":"findUserExcludingAttributes","type":"keyTextContainer"}],"help":"finduser.html","id":"findUsers","title":"findUsers"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"},{"id":"mail2fSessionKey","title":"mail2fSessionKey"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":0,"help":"safejail.html","id":"avoidAssignment","title":"avoidAssignment","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"id":"crowdsec","title":"crowdsec","type":"bool"},{"default":"reject","id":"crowdsecAction","select":[{"k":"reject","v":"Reject"},{"k":"warn","v":"Warn"}],"title":"crowdsecAction","type":"select"},{"id":"crowdsecUrl","title":"crowdsecUrl"},{"id":"crowdsecKey","title":"crowdsecKey"}],"help":"crowdsec.html","id":"CrowdSecPlugin","title":"CrowdSecPlugin"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"15, 30, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig","oidcServiceKeyIdSig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":0,"id":"oidcServiceAllowOnlyDeclaredScopes","title":"oidcServiceAllowOnlyDeclaredScopes","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"},{"default":0,"id":"casStrictMatching","title":"casStrictMatching","type":"bool"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file +[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"},{"_nodes":[{"default":1,"id":"portalDisplayFavApps","title":"portalDisplayFavApps","type":"boolOrExpr"},{"default":3,"id":"favAppsMaxNumber","title":"favAppsMaxNumber","type":"int"}],"help":"favapps.html","id":"favApps","title":"favApps","type":"simpleInputContainer"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"},{"default":0,"id":"portalEnablePasswordDisplay","title":"portalEnablePasswordDisplay","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Combination","v":"combineMods"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"},{"id":"authChoiceFindUser","title":"authChoiceFindUser"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"},{"id":"krbAllowedDomains","title":"krbAllowedDomains"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":10,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":10,"id":"ldapIOTimeout","title":"ldapIOTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapGetUserBeforePasswordChange","title":"ldapGetUserBeforePasswordChange","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"},{"id":"combinationForms","title":"combinationForms"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":1,"id":"displaySessionId","title":"displaySessionId","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":2592000,"id":"stayConnectedTimeout","title":"stayConnectedTimeout","type":"int"},{"default":"llngconnection","id":"stayConnectedCookieName","title":"stayConnectedCookieName"}],"help":"stayconnected.html","id":"stayConnect","title":"stayConnect","type":"simpleInputContainer"},{"_nodes":[{"id":"exportedAttr","title":"exportedAttr"},{"_nodes":[{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"}],"help":"portalservers.html#REST","id":"restServices","title":"restServices","type":"simpleInputContainer"},{"_nodes":[{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"}],"help":"portalservers.html#SOAP_(deprecated)","id":"soapServices","title":"soapServices","type":"simpleInputContainer"}],"help":"portalservers.html","id":"portalServers","title":"portalServers"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"id":"certificateResetByMailManagement","title":"certificateResetByMailManagement","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"cnodes":"checkUserHiddenHeaders","id":"checkUserHiddenHeaders","title":"checkUserHiddenHeaders","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayNormalizedHeaders","title":"checkUserDisplayNormalizedHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"}],"help":"checkuser.html#configuration","id":"checkUserDisplay","title":"checkUserDisplay","type":"simpleInputContainer"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers"},{"_nodes":[{"default":0,"id":"checkDevOps","title":"checkDevOps","type":"bool"},{"default":1,"id":"checkDevOpsDownload","title":"checkDevOpsDownload","type":"bool"}],"help":"checkdevops.html","id":"devOpsCheck","title":"devOpsCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"}],"help":"impersonation.html","id":"impersonation","title":"impersonation","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"findUser","title":"findUser","type":"bool"},{"default":"*","id":"findUserWildcard","title":"findUserWildcard"},{"default":"^[*\\w]+$","id":"findUserControl","title":"findUserControl"},{"id":"restFindUserDBUrl","title":"restFindUserDBUrl"},{"cnodes":"findUserSearchingAttributes","id":"findUserSearchingAttributes","title":"findUserSearchingAttributes","type":"keyTextContainer"},{"cnodes":"findUserExcludingAttributes","id":"findUserExcludingAttributes","title":"findUserExcludingAttributes","type":"keyTextContainer"}],"help":"finduser.html","id":"findUsers","title":"findUsers"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"},{"id":"mail2fSessionKey","title":"mail2fSessionKey"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"},{"id":"sfRegisterTimeout","title":"sfRegisterTimeout","type":"int"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":0,"help":"safejail.html","id":"avoidAssignment","title":"avoidAssignment","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"id":"crowdsec","title":"crowdsec","type":"bool"},{"default":"reject","id":"crowdsecAction","select":[{"k":"reject","v":"Reject"},{"k":"warn","v":"Warn"}],"title":"crowdsecAction","type":"select"},{"id":"crowdsecUrl","title":"crowdsecUrl"},{"id":"crowdsecKey","title":"crowdsecKey"}],"help":"crowdsec.html","id":"CrowdSecPlugin","title":"CrowdSecPlugin"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"15, 30, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig","oidcServiceKeyIdSig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":0,"id":"oidcServiceAllowOnlyDeclaredScopes","title":"oidcServiceAllowOnlyDeclaredScopes","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"},{"default":0,"id":"casStrictMatching","title":"casStrictMatching","type":"bool"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file diff --git a/lemonldap-ng-manager/t/30-DBI-Cli.t b/lemonldap-ng-manager/t/30-DBI-Cli.t index 1752c26ad..ea5e8d374 100644 --- a/lemonldap-ng-manager/t/30-DBI-Cli.t +++ b/lemonldap-ng-manager/t/30-DBI-Cli.t @@ -1,4 +1,4 @@ -# Test notifications explorer API +# Test for https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2493 use strict; use Data::Dumper; @@ -8,7 +8,7 @@ use Test::More; my $count = 0; my $file = 't/conf.db'; -my $maintests = 1; +my $maintests = 8; my ( $res, $client ); eval { unlink $file }; @@ -25,16 +25,27 @@ SKIP: { } my $dbh = DBI->connect("dbi:SQLite:dbname=$file"); - $dbh->do('CREATE TABLE lmConfig (cfgNum int, data text)') - or die $DBI::errstr; + $dbh->do( +"CREATE TABLE lmConfig ( cfgNum int not null, field varchar(255) NOT NULL DEFAULT '', value longblob, PRIMARY KEY (cfgNum,field))" + ) or die $DBI::errstr; + use_ok('Lemonldap::NG::Common::Conf'); + my $h; + ok( + $h = new Lemonldap::NG::Common::Conf( { + type => 'RDBI', + dbiChain => "DBI:SQLite:dbname=$file", + dbiUser => '', + dbiPassword => '', + } + ), + 'RDBI object' + ); { local $/ = undef; open my $f, '<', 't/conf/lmConf-1.json'; my $content = <$f>; close $f; - my $sth = $dbh->prepare('INSERT INTO lmConfig VALUES(1,?)') - or die $DBI::errstr; - $sth->execute($content) or die $DBI::errstr; + ok( $h->store( from_json($content) ), 'Conf 1 saved' ); } use_ok('Lemonldap::NG::Manager::Cli::Lib'); @@ -44,23 +55,16 @@ SKIP: { ), 'Client object' ); - count(1); use_ok('Lemonldap::NG::Manager::Cli'); - count(1); my @args = (qw(-yes 1 -force 1 set ldapSetPassword 0)); $ENV{LLNG_DEFAULTCONFFILE} = 't/lemonldap-ng-DBI-conf.ini'; Lemonldap::NG::Manager::Cli->run(@args); - my $res = $dbh->selectall_arrayref('SELECT * FROM lmConfig'); - my $conf = from_json( $res->[0]->[1] ); - ok( ( - defined( $conf->{ldapSetPassword} ) - and $conf->{ldapSetPassword} == 0 - ), - 'Key inserted' - ); - count(1); + my $res = $dbh->selectrow_hashref( + "SELECT * FROM lmConfig WHERE field='ldapSetPassword'"); + ok( $res, 'Key inserted' ); + ok( $res and $res->{value} == '0', 'Value is 0' ); } eval { unlink $file }; diff --git a/lemonldap-ng-manager/t/lemonldap-ng-DBI-conf.ini b/lemonldap-ng-manager/t/lemonldap-ng-DBI-conf.ini index 5457aafcf..f1342a747 100644 --- a/lemonldap-ng-manager/t/lemonldap-ng-DBI-conf.ini +++ b/lemonldap-ng-manager/t/lemonldap-ng-DBI-conf.ini @@ -1,12 +1,12 @@ [all] -logLevel = debug +logLevel = error localSessionStorage = localSessionStorageOptions = [configuration] -type=CDBI +type=RDBI dbiChain=dbi:SQLite:dbname=t/conf.db [portal] diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm index c573c425a..18292a6d5 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm @@ -46,6 +46,19 @@ has ott => ( } ); +has regOtt => ( + is => 'rw', + lazy => 1, + default => sub { + my $ott = + $_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken'); + my $timeout = $_[0]->{conf}->{sfRegisterTimeout} + // $_[0]->{conf}->{formTimeout}; + $ott->timeout($timeout); + return $ott; + } +); + sub init { my ($self) = @_; @@ -240,7 +253,7 @@ sub run { $self->logger->debug("Looking for expired 2F device(s)..."); my $removed = 0; - my $name = ''; + my $name = ''; my $now = time(); foreach my $device (@$_2fDevices) { my $type = lc( $device->{type} ); @@ -312,7 +325,7 @@ sub run { $self->logger->debug("2F is required..."); $self->logger->debug(" -> Register 2F"); $req->pdata->{sfRegToken} = - $self->ott->createToken( $req->sessionInfo ); + $self->regOtt->createToken( $req->sessionInfo ); $self->logger->debug("Just one 2F is enabled"); $self->logger->debug(" -> Redirect to 2fregisters/"); $req->response( [ @@ -602,7 +615,7 @@ sub restoreSession { my ( $self, $req, @path ) = @_; my $token = $req->pdata->{sfRegToken} or return [ 302, [ Location => $self->conf->{portal} ], [] ]; - $req->userData( $self->ott->getToken( $token, 1 ) ); + $req->userData( $self->regOtt->getToken( $token, 1 ) ); $req->data->{sfRegRequired} = 1; return $req->method eq 'POST' ? $self->register( $req, @path ) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm index 85e1dc74c..781af1ba9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm @@ -24,7 +24,9 @@ has ott => ( default => sub { my $ott = $_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken'); - $ott->timeout( $_[0]->conf->{formTimeout} ); + my $timeout = $_[0]->{conf}->{sfRegisterTimeout} + // $_[0]->{conf}->{formTimeout}; + $ott->timeout($timeout); return $ott; } ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm index d8219fcd4..0f21bea3f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm @@ -22,8 +22,8 @@ extends 'Lemonldap::NG::Portal::Main::SecondFactor'; # INITIALIZATION has prefix => ( is => 'ro', default => 'yubikey' ); -has logo => ( is => 'rw', default => 'yubikey.png' ); -has yubi => ( is => 'rw' ); +has logo => ( is => 'rw', default => 'yubikey.png' ); +has yubi => ( is => 'rw' ); sub init { my ($self) = @_; @@ -77,7 +77,7 @@ sub init { $self->conf->{yubikey2fUrl} ? ( url => $self->conf->{yubikey2fUrl} ) : () - ), + ) } ) ); @@ -96,7 +96,7 @@ sub _findYubikey { # If we didn't find a key, lookup psession if ( !$yubikey and $sessionInfo->{_2fDevices} ) { - $self->logger->debug("Loading 2F Devices ..."); + $self->logger->debug("Loading 2F Devices..."); # Read existing 2FDevices $_2fDevices = eval { @@ -107,10 +107,19 @@ sub _findYubikey { return PE_ERROR; } $self->logger->debug("2F Device(s) found"); - $self->logger->debug("Reading Yubikey ..."); + $self->logger->debug("Reading Yubikey..."); - $yubikey = $_->{_yubikey} - foreach grep { $_->{type} eq 'UBK' } @$_2fDevices; + if ( my $code = $req->param('code') ) { + $yubikey = $_->{_yubikey} foreach grep { + ( $_->{type} eq 'UBK' ) + and ( $_->{_yubikey} eq + substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) + } @$_2fDevices; + } + else { + $yubikey = $_->{_yubikey} + foreach grep { $_->{type} eq 'UBK' } @$_2fDevices; + } } return $yubikey; @@ -121,7 +130,7 @@ sub run { my ( $self, $req, $token, $_2fDevices ) = @_; my $checkLogins = $req->param('checkLogins'); - $self->logger->debug("Yubikey; checkLogins set") if ($checkLogins); + $self->logger->debug("Yubikey; checkLogins set") if $checkLogins; my $stayconnected = $req->param('stayconnected'); $self->logger->debug("Yubikey: stayconnected set") if $stayconnected; @@ -141,13 +150,13 @@ sub run { $req, 'ext2fcheck', params => { - MAIN_LOGO => $self->conf->{portalMainLogo}, - SKIN => $self->p->getSkin($req), - TOKEN => $token, - TARGET => '/yubikey2fcheck?skin=' . $self->p->getSkin($req), - INPUTLOGO => 'yubikey.png', - LEGEND => 'clickOnYubikey', - CHECKLOGINS => $checkLogins, + MAIN_LOGO => $self->conf->{portalMainLogo}, + SKIN => $self->p->getSkin($req), + TOKEN => $token, + TARGET => '/yubikey2fcheck?skin=' . $self->p->getSkin($req), + INPUTLOGO => 'yubikey.png', + LEGEND => 'clickOnYubikey', + CHECKLOGINS => $checkLogins, STAYCONNECTED => $stayconnected } ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/_tokenRule.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/_tokenRule.pm index 610ca08c7..f9feac19f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/_tokenRule.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/_tokenRule.pm @@ -25,4 +25,4 @@ sub init { return 1; } -1; \ No newline at end of file +1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm index 99e58dd72..27a30a95c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm @@ -8,7 +8,7 @@ our $VERSION = '2.1.0'; use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main'; use constant URIRE => -qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:@&=+$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)}; +qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:\@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)}; use constant { PE_LOGOUT_OK => -7, PE_PASSWORD_OK => -6, diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm index e12fe185f..4dbff455d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm @@ -156,7 +156,7 @@ sub controlUrl { } # Unprotected hosts - unless ( $tmp =~ URIRE ) { + if ( $tmp and ( $tmp !~ URIRE ) ) { $self->userLogger->error("Bad URL $tmp"); delete $req->{urldc}; return PE_BADURL; diff --git a/lemonldap-ng-portal/site/coffee/portal.coffee b/lemonldap-ng-portal/site/coffee/portal.coffee index 32bbbec9c..9efcaa32e 100644 --- a/lemonldap-ng-portal/site/coffee/portal.coffee +++ b/lemonldap-ng-portal/site/coffee/portal.coffee @@ -515,13 +515,22 @@ $(window).on 'load', () -> if window.datas.ppolicy? and $('#newpassword').length $('#reset').change togglecheckpassword + # Functions to show/hide display password button if datas['enablePasswordDisplay'] - $(".toggle-password").mousedown (e) -> - $(this).toggleClass("fa-eye fa-eye-slash"); - $("input[name=password]").attr("type", "text"); - $(".toggle-password").mouseup (e) -> - $(this).toggleClass("fa-eye fa-eye-slash"); - $("input[name=password]").attr("type", "password"); + if datas['dontStorePassword'] + $(".toggle-password").mousedown () -> + $(this).toggleClass("fa-eye fa-eye-slash") + $("input[name=password]").attr('class', 'form-control') + $(".toggle-password").mouseup () -> + $(this).toggleClass("fa-eye fa-eye-slash") + $("input[name=password]").attr('class', 'form-control key') if $("input[name=password]").get(0).value + else + $(".toggle-password").mousedown () -> + $(this).toggleClass("fa-eye fa-eye-slash") + $("input[name=password]").attr("type", "text") + $(".toggle-password").mouseup () -> + $(this).toggleClass("fa-eye fa-eye-slash") + $("input[name=password]").attr("type", "password") # Ping if asked if datas['pingInterval'] and datas['pingInterval'] > 0 @@ -537,18 +546,50 @@ $(window).on 'load', () -> # Functions to show/hide change password inputs $('#show-hide-button').on 'click', () -> - if $("#newpassword").attr('type') == 'password' - console.log 'Show passwords' - $("#newpassword").attr('type', 'input') - $("#confirmpassword").attr('type', 'input') - $("#show-hide-icon-button").removeClass 'fa-eye' - $("#show-hide-icon-button").addClass 'fa-eye-slash' + if datas['dontStorePassword'] + if $("#newpassword").attr('class') == 'form-control key' || $("#confirmpassword").attr('class') == 'form-control key' + console.log 'Show passwords' + $("#newpassword").attr('class', 'form-control') + $("#confirmpassword").attr('class', 'form-control') + $("#show-hide-icon-button").attr('class', 'fa fa-eye-slash') + else + console.log 'Hide passwords' + $("#newpassword").attr('class', 'form-control key') if $("#newpassword").get(0).value + $("#confirmpassword").attr('class', 'form-control key') if $("#confirmpassword").get(0).value + $("#show-hide-icon-button").attr('class', 'fa fa-eye') if ($("#newpassword").get(0).value || $("#confirmpassword").get(0).value) else - console.log 'Hide passwords' - $("#newpassword").attr('type', 'password') - $("#confirmpassword").attr('type', 'password') - $("#show-hide-icon-button").removeClass 'fa-eye-slash' - $("#show-hide-icon-button").addClass 'fa-eye' + if $("#newpassword").attr('type') == 'password' + console.log 'Show passwords' + $("#newpassword").attr('type', 'text') + $("#confirmpassword").attr('type', 'text') + $("#show-hide-icon-button").attr('class', 'fa fa-eye-slash') + else + console.log 'Hide passwords' + $("#newpassword").attr('type', 'password') + $("#confirmpassword").attr('type', 'password') + $("#show-hide-icon-button").attr('class', 'fa fa-eye') + + # Functions to show/hide placeholder password inputs + $('#passwordfield').on 'input', () -> + if $('#passwordfield').get(0).value && datas['dontStorePassword'] + $("#passwordfield").attr('class', 'form-control key') + else + $("#passwordfield").attr('class', 'form-control') + $('#oldpassword').on 'input', () -> + if $('#oldpassword').get(0).value && datas['dontStorePassword'] + $("#oldpassword").attr('class', 'form-control key') + else + $("#oldpassword").attr('class', 'form-control') + $('#newpassword').on 'input', () -> + if $('#newpassword').get(0).value && datas['dontStorePassword'] + $("#newpassword").attr('class', 'form-control key') if $("#show-hide-icon-button").attr('class') == 'fa fa-eye' + else + $("#newpassword").attr('class', 'form-control') + $('#confirmpassword').on 'input', () -> + if $('#confirmpassword').get(0).value && datas['dontStorePassword'] + $("#confirmpassword").attr('class', 'form-control key') if $("#show-hide-icon-button").attr('class') == 'fa fa-eye' + else + $("#confirmpassword").attr('class', 'form-control') #$('#formpass').on 'submit', changePwd diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js index d4237a225..bf1326d04 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js @@ -562,14 +562,27 @@ LemonLDAP::NG Portal jQuery scripts $('#reset').change(togglecheckpassword); } if (datas['enablePasswordDisplay']) { - $(".toggle-password").mousedown(function(e) { - $(this).toggleClass("fa-eye fa-eye-slash"); - return $("input[name=password]").attr("type", "text"); - }); - $(".toggle-password").mouseup(function(e) { - $(this).toggleClass("fa-eye fa-eye-slash"); - return $("input[name=password]").attr("type", "password"); - }); + if (datas['dontStorePassword']) { + $(".toggle-password").mousedown(function() { + $(this).toggleClass("fa-eye fa-eye-slash"); + return $("input[name=password]").attr('class', 'form-control'); + }); + $(".toggle-password").mouseup(function() { + $(this).toggleClass("fa-eye fa-eye-slash"); + if ($("input[name=password]").get(0).value) { + return $("input[name=password]").attr('class', 'form-control key'); + } + }); + } else { + $(".toggle-password").mousedown(function() { + $(this).toggleClass("fa-eye fa-eye-slash"); + return $("input[name=password]").attr("type", "text"); + }); + $(".toggle-password").mouseup(function() { + $(this).toggleClass("fa-eye fa-eye-slash"); + return $("input[name=password]").attr("type", "password"); + }); + } } if (datas['pingInterval'] && datas['pingInterval'] > 0) { window.setTimeout(ping, datas['pingInterval']); @@ -583,18 +596,68 @@ LemonLDAP::NG Portal jQuery scripts return removeOidcConsent($(this).attr('partner')); }); $('#show-hide-button').on('click', function() { - if ($("#newpassword").attr('type') === 'password') { - console.log('Show passwords'); - $("#newpassword").attr('type', 'input'); - $("#confirmpassword").attr('type', 'input'); - $("#show-hide-icon-button").removeClass('fa-eye'); - return $("#show-hide-icon-button").addClass('fa-eye-slash'); + if (datas['dontStorePassword']) { + if ($("#newpassword").attr('class') === 'form-control key' || $("#confirmpassword").attr('class') === 'form-control key') { + console.log('Show passwords'); + $("#newpassword").attr('class', 'form-control'); + $("#confirmpassword").attr('class', 'form-control'); + return $("#show-hide-icon-button").attr('class', 'fa fa-eye-slash'); + } else { + console.log('Hide passwords'); + if ($("#newpassword").get(0).value) { + $("#newpassword").attr('class', 'form-control key'); + } + if ($("#confirmpassword").get(0).value) { + $("#confirmpassword").attr('class', 'form-control key'); + } + if ($("#newpassword").get(0).value || $("#confirmpassword").get(0).value) { + return $("#show-hide-icon-button").attr('class', 'fa fa-eye'); + } + } } else { - console.log('Hide passwords'); - $("#newpassword").attr('type', 'password'); - $("#confirmpassword").attr('type', 'password'); - $("#show-hide-icon-button").removeClass('fa-eye-slash'); - return $("#show-hide-icon-button").addClass('fa-eye'); + if ($("#newpassword").attr('type') === 'password') { + console.log('Show passwords'); + $("#newpassword").attr('type', 'text'); + $("#confirmpassword").attr('type', 'text'); + return $("#show-hide-icon-button").attr('class', 'fa fa-eye-slash'); + } else { + console.log('Hide passwords'); + $("#newpassword").attr('type', 'password'); + $("#confirmpassword").attr('type', 'password'); + return $("#show-hide-icon-button").attr('class', 'fa fa-eye'); + } + } + }); + $('#passwordfield').on('input', function() { + if ($('#passwordfield').get(0).value && datas['dontStorePassword']) { + return $("#passwordfield").attr('class', 'form-control key'); + } else { + return $("#passwordfield").attr('class', 'form-control'); + } + }); + $('#oldpassword').on('input', function() { + if ($('#oldpassword').get(0).value && datas['dontStorePassword']) { + return $("#oldpassword").attr('class', 'form-control key'); + } else { + return $("#oldpassword").attr('class', 'form-control'); + } + }); + $('#newpassword').on('input', function() { + if ($('#newpassword').get(0).value && datas['dontStorePassword']) { + if ($("#show-hide-icon-button").attr('class') === 'fa fa-eye') { + return $("#newpassword").attr('class', 'form-control key'); + } + } else { + return $("#newpassword").attr('class', 'form-control'); + } + }); + $('#confirmpassword').on('input', function() { + if ($('#confirmpassword').get(0).value && datas['dontStorePassword']) { + if ($("#show-hide-icon-button").attr('class') === 'fa fa-eye') { + return $("#confirmpassword").attr('class', 'form-control key'); + } + } else { + return $("#confirmpassword").attr('class', 'form-control'); } }); $('#resetfinduserform').on('click', function() { diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js index e7d0ebf42..edec75ecd 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js @@ -1 +1 @@ -!function(){var S,a,j,E,P,z,A,I,G,e,D,p,R=[].indexOf||function(e){for(var a=0,t=this.length;a div.category",update:D}),I(),$("div.message").fadeIn("slow"),$("input[name=timezone]").val(-(new Date).getTimezoneOffset()/60),w=$("#menu").tabs({active:0}),(h=$('#menu a[href="#'+S.displaytab+'"]').parent().index())<0&&(h=0),w.tabs("option","active",h),a=$("#authMenu").tabs({active:0}),(w=$('#authMenu a[href="#'+S.displaytab+'"]').parent().index())<0&&(w=0),a.tabs("option","active",w),S.choicetab&&a.tabs("option","active",$('#authMenu a[href="#'+S.choicetab+'"]').parent().index()),S.login?$("input[type=password]:first").focus():0===$("input[autofocus]").length&&$("input[type!=hidden]:first").focus(),S.newwindow&&$("#appslist a").attr("target","_blank"),$("p.removeOther").length&&(h=$("#form").attr("action"),w=$("#form").attr("method"),console.log("method=",w),n="",$("#form input[type=hidden]")&&(console.log("Parse hidden values"),$("#form input[type=hidden]").each(function(e){return console.log(" ->",$(this).attr("name"),$(this).val()),n+="&"+$(this).attr("name")+"="+$(this).val()})),a="",h&&(console.log("action=",h),-1!==h.indexOf("?")?h.substring(0,h.indexOf("?")):a=h+"?",a+=n,n=""),w=$("p.removeOther a").attr("href")+"&method="+w+n,a&&(w+="&url="+btoa(a)),$("p.removeOther a").attr("href",w)),window.location.search&&((k=E("llnglanguage"))&&console.log("Get lang from parameter"),1===(L=E("setCookieLang"))&&console.log("Set lang cookie")),s||(s=j("llnglanguage"))&&!k&&console.log("Get lang from cookie"),s)R.call(window.availableLanguages,s)<0&&(s=window.availableLanguages[0],k||console.log("Lang not available -> Get default lang"));else if(navigator){for(i=[],l=[],v=[navigator.language],navigator.languages&&(v=navigator.languages),o=0,c=(C=window.availableLanguages).length;o ';for(f=0,p=v.length;f Get default lang"),k=window.availableLanguages[0]),console.log("Selected lang ->",k),L&&(console.log("Set cookie lang ->",k),G("llnglanguage",k)),N(k)):(console.log("Selected lang ->",s),G("llnglanguage",s),N(s)),r="",b=0,g=(O=window.availableLanguages).length;b ';return $("#languages").html(r),$(".langicon").on("click",function(){return s=$(this).attr("title"),G("llnglanguage",s),N(s)}),d=function(e){e=e.charCodeAt(0);return 47=window.datas.ppolicy.minsize?($("#ppolicy-minsize-feedback").addClass("fa-check text-success"),$("#ppolicy-minsize-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minsize-feedback").removeClass("fa-check text-success"),$("#ppolicy-minsize-feedback").addClass("fa-times text-danger"),c=!1)),0=window.datas.ppolicy.minupper?($("#ppolicy-minupper-feedback").addClass("fa-check text-success"),$("#ppolicy-minupper-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minupper-feedback").removeClass("fa-check text-success"),$("#ppolicy-minupper-feedback").addClass("fa-times text-danger"),c=!1)),0=window.datas.ppolicy.minlower?($("#ppolicy-minlower-feedback").addClass("fa-check text-success"),$("#ppolicy-minlower-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minlower-feedback").removeClass("fa-check text-success"),$("#ppolicy-minlower-feedback").addClass("fa-times text-danger"),c=!1)),0=window.datas.ppolicy.mindigit?($("#ppolicy-mindigit-feedback").addClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").removeClass("fa-times text-danger")):($("#ppolicy-mindigit-feedback").removeClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").addClass("fa-times text-danger"),c=!1)),window.datas.ppolicy.allowedspechar){for(s=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),a=!1,t=0,n=e.length;t=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),c=!1)}if(0=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),c=!1)}c?($(".ppolicy").removeClass("border-danger").addClass("border-success"),null!=(i=$("#newpassword").get(0))&&i.setCustomValidity("")):($(".ppolicy").removeClass("border-success").addClass("border-danger"),null!=(i=$("#newpassword").get(0))&&i.setCustomValidity(U("PE28")))},null!=window.datas.ppolicy&&$("#newpassword").length&&(t(""),$("#newpassword").keyup(function(e){t(e.target.value)})),L=function(e){return e.target.checked?($("#newpassword").off("keyup"),null!=(e=$("#newpassword").get(0))?e.setCustomValidity(""):void 0):($("#newpassword").keyup(function(e){t(e.target.value)}),t(""))},k=function(){var e,a;return(null!=(e=$("#confirmpassword").get(0))?e.value:void 0)===(null!=(e=$("#newpassword").get(0))?e.value:void 0)?(null!=(a=$("#confirmpassword").get(0))&&a.setCustomValidity(""),!0):(null!=(a=$("#confirmpassword").get(0))&&a.setCustomValidity(U("PE34")),!1)},$("#newpassword").change(k),$("#confirmpassword").change(k),null!=window.datas.ppolicy&&$("#newpassword").length&&$("#reset").change(L),S.pingInterval&&0 div.category",update:G}),I(),$("div.message").fadeIn("slow"),$("input[name=timezone]").val(-(new Date).getTimezoneOffset()/60),m=$("#menu").tabs({active:0}),(w=$('#menu a[href="#'+P.displaytab+'"]').parent().index())<0&&(w=0),m.tabs("option","active",w),a=$("#authMenu").tabs({active:0}),(m=$('#authMenu a[href="#'+P.displaytab+'"]').parent().index())<0&&(m=0),a.tabs("option","active",m),P.choicetab&&a.tabs("option","active",$('#authMenu a[href="#'+P.choicetab+'"]').parent().index()),P.login?$("input[type=password]:first").focus():0===$("input[autofocus]").length&&$("input[type!=hidden]:first").focus(),P.newwindow&&$("#appslist a").attr("target","_blank"),$("p.removeOther").length&&(w=$("#form").attr("action"),m=$("#form").attr("method"),console.log("method=",m),o="",$("#form input[type=hidden]")&&(console.log("Parse hidden values"),$("#form input[type=hidden]").each(function(e){return console.log(" ->",$(this).attr("name"),$(this).val()),o+="&"+$(this).attr("name")+"="+$(this).val()})),a="",w&&(console.log("action=",w),-1!==w.indexOf("?")?w.substring(0,w.indexOf("?")):a=w+"?",a+=o,o=""),m=$("p.removeOther a").attr("href")+"&method="+m+o,a&&(m+="&url="+btoa(a)),$("p.removeOther a").attr("href",m)),window.location.search&&((k=j("llnglanguage"))&&console.log("Get lang from parameter"),1===(O=j("setCookieLang"))&&console.log("Set lang cookie")),n||(n=L("llnglanguage"))&&!k&&console.log("Get lang from cookie"),n)R.call(window.availableLanguages,n)<0&&(n=window.availableLanguages[0],k||console.log("Lang not available -> Get default lang"));else if(navigator){for(i=[],l=[],v=[navigator.language],navigator.languages&&(v=navigator.languages),s=0,c=(C=window.availableLanguages).length;s ';for(g=0,p=v.length;g Get default lang"),k=window.availableLanguages[0]),console.log("Selected lang ->",k),O&&(console.log("Set cookie lang ->",k),D("llnglanguage",k)),N(k)):(console.log("Selected lang ->",n),D("llnglanguage",n),N(n)),r="",b=0,f=(T=window.availableLanguages).length;b ';return $("#languages").html(r),$(".langicon").on("click",function(){return n=$(this).attr("title"),D("llnglanguage",n),N(n)}),d=function(e){e=e.charCodeAt(0);return 47=window.datas.ppolicy.minsize?($("#ppolicy-minsize-feedback").addClass("fa-check text-success"),$("#ppolicy-minsize-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minsize-feedback").removeClass("fa-check text-success"),$("#ppolicy-minsize-feedback").addClass("fa-times text-danger"),c=!1)),0=window.datas.ppolicy.minupper?($("#ppolicy-minupper-feedback").addClass("fa-check text-success"),$("#ppolicy-minupper-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minupper-feedback").removeClass("fa-check text-success"),$("#ppolicy-minupper-feedback").addClass("fa-times text-danger"),c=!1)),0=window.datas.ppolicy.minlower?($("#ppolicy-minlower-feedback").addClass("fa-check text-success"),$("#ppolicy-minlower-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minlower-feedback").removeClass("fa-check text-success"),$("#ppolicy-minlower-feedback").addClass("fa-times text-danger"),c=!1)),0=window.datas.ppolicy.mindigit?($("#ppolicy-mindigit-feedback").addClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").removeClass("fa-times text-danger")):($("#ppolicy-mindigit-feedback").removeClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").addClass("fa-times text-danger"),c=!1)),window.datas.ppolicy.allowedspechar){for(n=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),a=!1,t=0,o=e.length;t=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),c=!1)}if(0=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),c=!1)}c?($(".ppolicy").removeClass("border-danger").addClass("border-success"),null!=(i=$("#newpassword").get(0))&&i.setCustomValidity("")):($(".ppolicy").removeClass("border-success").addClass("border-danger"),null!=(i=$("#newpassword").get(0))&&i.setCustomValidity(U("PE28")))},null!=window.datas.ppolicy&&$("#newpassword").length&&(t(""),$("#newpassword").keyup(function(e){t(e.target.value)})),O=function(e){return e.target.checked?($("#newpassword").off("keyup"),null!=(e=$("#newpassword").get(0))?e.setCustomValidity(""):void 0):($("#newpassword").keyup(function(e){t(e.target.value)}),t(""))},k=function(){var e,a;return(null!=(e=$("#confirmpassword").get(0))?e.value:void 0)===(null!=(e=$("#newpassword").get(0))?e.value:void 0)?(null!=(a=$("#confirmpassword").get(0))&&a.setCustomValidity(""),!0):(null!=(a=$("#confirmpassword").get(0))&&a.setCustomValidity(U("PE34")),!1)},$("#newpassword").change(k),$("#confirmpassword").change(k),null!=window.datas.ppolicy&&$("#newpassword").length&&$("#reset").change(O),P.enablePasswordDisplay&&(P.dontStorePassword?($(".toggle-password").mousedown(function(){return $(this).toggleClass("fa-eye fa-eye-slash"),$("input[name=password]").attr("class","form-control")}),$(".toggle-password").mouseup(function(){if($(this).toggleClass("fa-eye fa-eye-slash"),$("input[name=password]").get(0).value)return $("input[name=password]").attr("class","form-control key")})):($(".toggle-password").mousedown(function(){return $(this).toggleClass("fa-eye fa-eye-slash"),$("input[name=password]").attr("type","text")}),$(".toggle-password").mouseup(function(){return $(this).toggleClass("fa-eye fa-eye-slash"),$("input[name=password]").attr("type","password")}))),P.pingInterval&&0 - @@ -34,10 +33,13 @@
- + + + + + - @@ -46,15 +48,22 @@
- + + + + +
- + + + + +
-
- + + +
+ +
+ -
- -
+
+ +
diff --git a/lemonldap-ng-portal/site/templates/common/script.tpl b/lemonldap-ng-portal/site/templates/common/script.tpl index 19f678a24..3aeb105e2 100644 --- a/lemonldap-ng-portal/site/templates/common/script.tpl +++ b/lemonldap-ng-portal/site/templates/common/script.tpl @@ -37,7 +37,8 @@ "allowedspechar": "", "minspechar": "" }, - "enablePasswordDisplay": + "enablePasswordDisplay":, + "dontStorePassword": } diff --git a/lemonldap-ng-portal/t/01-EnablePasswordDisplay.t b/lemonldap-ng-portal/t/01-EnablePasswordDisplay.t new file mode 100644 index 000000000..d3560d851 --- /dev/null +++ b/lemonldap-ng-portal/t/01-EnablePasswordDisplay.t @@ -0,0 +1,25 @@ +use Test::More; +use strict; + +require 't/test-lib.pm'; + +my $res; + +my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + 'portalEnablePasswordDisplay' => 1, + 'browsersDontStorePassword' => 1 + } + } +); + +ok( $res = $client->_get( '/', accept => 'text/html' ), 'Display portal' ); +ok( $res->[2]->[0] =~ m%%, + ' toggle password icon found' ) + or print STDERR Dumper( $res->[2]->[0] ); +count(2); + +clean_sessions(); + +done_testing( count() ); diff --git a/lemonldap-ng-portal/t/37-Logout-from-2-chained-SAML-SP-SOAP.t b/lemonldap-ng-portal/t/37-Logout-from-2-chained-SAML-SP-SOAP.t new file mode 100644 index 000000000..d09bd9f2c --- /dev/null +++ b/lemonldap-ng-portal/t/37-Logout-from-2-chained-SAML-SP-SOAP.t @@ -0,0 +1,458 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + + +# ------------ ----------------------------- ---------------- +# | SAML SP | <-> |SAML IDP + SAML SP (proxy) | <-> | SAML IdP | +# ------------ ----------------------------- ---------------- +# +# Use case: +# - login from SP up to SAML IdP +# - logout asked from SP, and propagated up to SAML IdP +# logout between all SAML SP and IdP is done with SOAP binding + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; + require 't/saml-lib.pm'; +} + +my $maintests = 13; +my $debug = 'error'; +my ( $sp, $proxy, $idp, $res ); + +# Overloads method register, for enabling direct POST requests between SP, PROXY and IDP +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + ok( $req->uri =~ m#http://auth.((?:sp|proxy|idp)).com(.*)#, ' REST request' ); + my $host = $1; + my $url = $2; + my ( $res, $client ); + count(1); + if ( $host eq 'sp' ) { + pass(" Request to SP, endpoint $url"); + $client = $sp; + } + elsif ( $host eq 'proxy' ) { + pass(' Request from PROXY to PROXY'); + $client = $proxy; + } + elsif ( $host eq 'idp' ) { + pass(' Request to IDP'); + $client = $idp; + } + else { + fail(' Aborting REST request (external)'); + return HTTP::Response->new(500); + } + if ( $req->method =~ /^post$/i ) { + my $s = $req->content; + ok( + $res = $client->_post( + $url, IO::String->new($s), + length => length($s), + type => $req->header('Content-Type'), + ), + ' Execute post request' + ); + } + else { + ok( + $res = $client->_get( + $url, + custom => { + HTTP_AUTHORIZATION => $req->header('Authorization'), + } + ), + ' Execute get request' + ); + } + ok( $res->[0] == 200, ' Response is 200' ); + ok( getHeader( $res, 'Content-Type' ) =~ m#^(application/json|text/xml)#, + ' Content is JSON|XML' ) + or explain( $res->[1], 'Content-Type => (application/json|text/xml)' ); + count(4); + return $res; + } +); + + + +SKIP: { + eval "use Lasso"; + if ($@) { + skip 'Lasso not found', $maintests; + } + + # Initialization + $idp = register( 'idp', \&idp ); + $sp = register( 'sp', \&sp ); + $proxy = register( 'proxy', \&proxy ); + + + # LOGIN PROCESS ############################################################ + + # Query SP for auth + ok( $res = $sp->_get( '/', accept => 'text/html' ), 'Unauth SP request' ); + my ( $url, $query ) = + expectRedirection( $res, + qr#http://auth.proxy.com(/saml/singleSignOn)\?(.*)$# ); + + # Push request to PROXY + switch ('proxy'); + ok( $res = $proxy->_get( $url, query => $query, accept => 'text/html' ), + "Push request to PROXY, endpoint $url" ); + + my $pdataproxy = expectCookie( $res, 'lemonldappdata' ); + + my ( $urlidp, $queryidp ) = + expectRedirection( $res, + qr#http://auth.idp.com(/saml/singleSignOn)\?(.*)$# ); + + # Push request to IDP + switch ('idp'); + + # Try to authenticate to IdP + ok( + $res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html'), + "SAML Authentication on idp, endpoint $urlidp" ); + my $pdataidp = expectCookie( $res, 'lemonldappdata' ); + + my ( $host, $tmp ); + # expectForm (result, host, uri, @requiredfield) + ( $host, $tmp, $query ) = expectForm( $res, '#', undef, + ( 'url', 'timezone', 'skin', 'user', 'password' ) ); + $query =~ s/user=/user=dwho/; + $query =~ s/password=/password=dwho/; + + ok( + $res = $idp->_post( + $urlidp, + IO::String->new($query), + accept => 'text/html', + cookie => "lemonldappdata=$pdataidp", + length => length($query), + ), + "Post authentication, endpoint $urlidp" + ); + + $pdataidp = expectCookie( $res, 'lemonldappdata' ); + my $cookieidp = expectCookie( $res, 'lemonldap' ); + + ( $host, $url, $query ) = + expectForm( $res, 'auth.proxy.com', '/saml/proxySingleSignOnPost', + 'SAMLResponse', 'RelayState' ); + + my ($resp) = $query =~ qr/SAMLResponse=([^&]*)/; + + # Post SAML response to PROXY + switch ('proxy'); + ok( + $res = $proxy->_post( + $url, IO::String->new($query), + accept => 'text/html', + length => length($query), + cookie => "lemonldappdata=$pdataproxy", + ), + 'Post SAML response to PROXY' + ); + + $pdataproxy = expectCookie( $res, 'lemonldappdata' ); + my $cookieproxy = expectCookie( $res, 'lemonldap' ); + + ( $url, $query ) = expectRedirection( $res, qr#^http://auth.proxy.com(/saml)\?*(.*)$# ); + ok( + $res = $proxy->_get( $url, + query => $query, + accept => 'text/html', + cookie => "lemonldappdata=$pdataproxy; lemonldap=$cookieproxy" ), + "internal redirection to PROXY, endpoint $url" ); + + ( $host, $url, $query ) = + expectForm( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost', 'SAMLResponse' ); + + my ($resp) = $query =~ qr/SAMLResponse=([^&]*)/; + + # Post SAML response to PROXY + switch ('sp'); + ok( + $res = $sp->_post( + $url, IO::String->new($query), + accept => 'text/html', + length => length($query), + ), + 'Post SAML response to SP' + ); + + my $cookiesp = expectCookie( $res, 'lemonldap' ); + + + # Authentication done on SP + PROXY + IDP + + + # LOGOUT PROCESS ########################################################### + $url = '/'; + $query = 'logout=1'; + ok( $res = $sp->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldap=$cookiesp", + ), + 'Call logout from SP' ); + + # lemonldap cookie set to "0" + $cookiesp = expectCookie( $res, 'lemonldap' ); + ok( $cookiesp eq "0", 'Test empty cookie on SP' ); + + ok ( $res->[2]->[0] =~ /trmsg="-7"/, 'Test disconnexion message on SP' ); + + + # test connexion on PROXY + switch('proxy'); + ok( $res = $proxy->_get( '/', query => '', + accept => 'text/html', + cookie => "lemonldap=$cookieproxy", + ), + 'Test if still logged on PROXY' ); + + my ( $urlidp, $queryidp ) = + expectRedirection( $res, + qr#http://auth.idp.com(/saml/singleSignOn)\?(.*)$# ); + + # test connexion on IDP + switch('idp'); + ok( $res = $idp->_get( '/', query => '', + accept => 'text/html', + cookie => "lemonldap=$cookieidp", + ), + 'Test if still logged on IDP' ); + + like( $res->[2]->[0], qr/userfield/, + 'test presence of user field in form (prove successful logout)' ); + +} + +count($maintests); +clean_sessions(); +done_testing( count() ); + +sub proxy { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'proxy.com', + portal => 'http://auth.proxy.com', + authentication => 'SAML', + userDB => 'Same', + issuerDBOpenIDConnectActivation => "1", + + samlOrganizationDisplayName => "proxy", + samlOrganizationName => "proxy", + samlOrganizationURL => "http://www.proxy.com/", + samlServicePrivateKeyEnc => saml_key_proxy_private_enc, + samlServicePrivateKeySig => saml_key_proxy_private_sig, + samlServicePublicKeyEnc => saml_key_proxy_public_enc, + samlServicePublicKeySig => saml_key_proxy_public_sig, + samlIDPSSODescriptorWantAuthnRequestsSigned => 1, + samlSPSSODescriptorWantAssertionsSigned => 1, + samlIDPMetaDataXML => { + 'idp' => { + samlIDPMetaDataXML => + samlIDPComplexMetaDataXML( 'idp', 'HTTP-Redirect', 'SOAP' ) + }, + }, + samlIDPMetaDataOptions => { + 'idp' => { + 'samlIDPMetaDataOptionsAdaptSessionUtime' => 0, + 'samlIDPMetaDataOptionsAllowLoginFromIDP' => 0, + 'samlIDPMetaDataOptionsAllowProxiedAuthn' => 0, + 'samlIDPMetaDataOptionsCheckAudience' => 1, + 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => 1, + 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => 1, + 'samlIDPMetaDataOptionsCheckTime' => 1, + 'samlIDPMetaDataOptionsDisplayName' => 'idp', + 'samlIDPMetaDataOptionsEncryptionMode' => 'none', + 'samlIDPMetaDataOptionsForceAuthn' => 0, + 'samlIDPMetaDataOptionsForceUTF8' => 0, + 'samlIDPMetaDataOptionsIcon' => '', + 'samlIDPMetaDataOptionsIsPassive' => 0, + 'samlIDPMetaDataOptionsNameIDFormat' => '', + 'samlIDPMetaDataOptionsRelayStateURL' => 0, + 'samlIDPMetaDataOptionsRequestedAuthnContext' => '', + 'samlIDPMetaDataOptionsResolutionRule' => '', + 'samlIDPMetaDataOptionsSLOBinding' => 'http-soap', + 'samlIDPMetaDataOptionsSSOBinding' => 'http-redirect', + 'samlIDPMetaDataOptionsSignSLOMessage' => 1, + 'samlIDPMetaDataOptionsSignSSOMessage' => 1, + 'samlIDPMetaDataOptionsSignatureMethod' => '', + 'samlIDPMetaDataOptionsStoreSAMLToken' => 0 + } + }, + samlIDPMetaDataExportedAttributes => { + 'idp' => { + 'cn' => '1;cn', + 'uid' => '1;uid', + 'mail' => '1;mail', + } + }, + + issuerDBSAMLActivation => 1, + restSessionServer => 1, + samlSPMetaDataOptions => { + sp => { + 'samlSPMetaDataOptionsCheckSLOMessageSignature' => 1, + 'samlSPMetaDataOptionsCheckSSOMessageSignature' => 1, + 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => 0, + 'samlSPMetaDataOptionsEncryptionMode' => 'none', + 'samlSPMetaDataOptionsForceUTF8' => 1, + 'samlSPMetaDataOptionsNameIDFormat' => '', + 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000, + 'samlSPMetaDataOptionsOneTimeUse' => 0, + 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000, + 'samlSPMetaDataOptionsSignSLOMessage' => -1, + 'samlSPMetaDataOptionsSignSSOMessage' => 1, + 'samlSPMetaDataOptionsSignatureMethod' => '' + } + }, + samlSPMetaDataXML => { + sp => { + samlSPMetaDataXML => + samlSPComplexMetaDataXML( 'sp', 'HTTP-Redirect', 'SOAP' ), + 'samlSPSSODescriptorAuthnRequestsSigned' => 1, + 'samlSPSSODescriptorWantAssertionsSigned' => 1, + } + }, + samlSPMetaDataExportedAttributes => { + 'sp' => { + 'cn' => '1;cn', + 'uid' => '1;uid', + 'mail' => '1;mail', + } + }, + samlSPSSODescriptorAuthnRequestsSigned => 1, + }, + } + ); +} + +sub sp { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'sp.com', + portal => 'http://auth.sp.com', + authentication => 'SAML', + userDB => 'Same', + issuerDBOpenIDConnectActivation => "1", + samlOrganizationDisplayName => "SP", + samlOrganizationName => "SP", + samlOrganizationURL => "http://www.sp.com/", + samlServicePrivateKeyEnc => saml_key_sp_private_enc, + samlServicePrivateKeySig => saml_key_sp_private_sig, + samlServicePublicKeyEnc => saml_key_sp_public_enc, + samlServicePublicKeySig => saml_key_sp_public_sig, + samlIDPSSODescriptorWantAuthnRequestsSigned => 1, + samlSPSSODescriptorWantAssertionsSigned => 1, + samlIDPMetaDataXML => { + 'proxy' => { + samlIDPMetaDataXML => + samlProxyComplexMetaDataXML( 'proxy', 'HTTP-Redirect', 'SOAP' ) + }, + }, + samlIDPMetaDataOptions => { + 'proxy' => { + 'samlIDPMetaDataOptionsAdaptSessionUtime' => 0, + 'samlIDPMetaDataOptionsAllowLoginFromIDP' => 0, + 'samlIDPMetaDataOptionsAllowProxiedAuthn' => 0, + 'samlIDPMetaDataOptionsCheckAudience' => 1, + 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => 1, + 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => 1, + 'samlIDPMetaDataOptionsCheckTime' => 1, + 'samlIDPMetaDataOptionsDisplayName' => 'proxy', + 'samlIDPMetaDataOptionsEncryptionMode' => 'none', + 'samlIDPMetaDataOptionsForceAuthn' => 0, + 'samlIDPMetaDataOptionsForceUTF8' => 0, + 'samlIDPMetaDataOptionsIcon' => '', + 'samlIDPMetaDataOptionsIsPassive' => 0, + 'samlIDPMetaDataOptionsNameIDFormat' => '', + 'samlIDPMetaDataOptionsRelayStateURL' => 0, + 'samlIDPMetaDataOptionsRequestedAuthnContext' => '', + 'samlIDPMetaDataOptionsResolutionRule' => '', + 'samlIDPMetaDataOptionsSLOBinding' => 'http-soap', + 'samlIDPMetaDataOptionsSSOBinding' => 'http-redirect', + 'samlIDPMetaDataOptionsSignSLOMessage' => 1, + 'samlIDPMetaDataOptionsSignSSOMessage' => 1, + 'samlIDPMetaDataOptionsSignatureMethod' => '', + 'samlIDPMetaDataOptionsStoreSAMLToken' => 0 + } + }, + samlIDPMetaDataExportedAttributes => { + 'proxy' => { + 'cn' => '1;cn', + 'uid' => '1;uid', + 'mail' => '1;mail', + } + }, + } + } + ); +} + +sub idp { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.idp.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBSAMLActivation => 1, + restSessionServer => 1, + samlSPMetaDataOptions => { + proxy => { + 'samlSPMetaDataOptionsCheckSLOMessageSignature' => 1, + 'samlSPMetaDataOptionsCheckSSOMessageSignature' => 1, + 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => 0, + 'samlSPMetaDataOptionsEncryptionMode' => 'none', + 'samlSPMetaDataOptionsForceUTF8' => 1, + 'samlSPMetaDataOptionsNameIDFormat' => '', + 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000, + 'samlSPMetaDataOptionsOneTimeUse' => 0, + 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000, + 'samlSPMetaDataOptionsSignSLOMessage' => -1, + 'samlSPMetaDataOptionsSignSSOMessage' => 1, + 'samlSPMetaDataOptionsSignatureMethod' => '' + } + }, + samlSPMetaDataXML => { + proxy => { + samlSPMetaDataXML => + samlProxyComplexMetaDataXML( 'proxy', 'HTTP-Redirect', 'SOAP' ), + 'samlSPSSODescriptorAuthnRequestsSigned' => 1, + 'samlSPSSODescriptorWantAssertionsSigned' => 1, + } + }, + samlSPMetaDataExportedAttributes => { + 'proxy' => { + 'cn' => '1;cn', + 'uid' => '1;uid', + 'mail' => '1;mail', + } + }, + samlOrganizationDisplayName => "IDP", + samlOrganizationName => "IDP", + samlOrganizationURL => "http://www.idp.com", + samlServicePublicKeySig => saml_key_idp_public_sig, + samlServicePrivateKeyEnc => saml_key_idp_private_enc, + samlServicePrivateKeySig => saml_key_idp_private_sig, + samlServicePublicKeyEnc => saml_key_idp_public_enc, + samlSPSSODescriptorAuthnRequestsSigned => 1, + }, + } + ); +} diff --git a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-IDP-Redirect.t b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-IDP-Redirect.t new file mode 100644 index 000000000..9db1125c0 --- /dev/null +++ b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-IDP-Redirect.t @@ -0,0 +1,477 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + + +# ------------ --------------------------- ---------------- +# | OIDC RP | <-> | OIDC provider + SAML SP | <-> | SAML IdP | +# ------------ --------------------------- ---------------- +# +# Use case: +# - login from RP up to SAML IdP +# - logout asked from RP, and propagated up to SAML IdP +# logout between SAML SP and IdP is done with Redirect binding + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; + require 't/saml-lib.pm'; +} + +my $maintests = 17; +my $debug = 'error'; +#my $debug = 'error'; +my ( $op, $rp, $idp, $res ); + +# Overloads method register, for enabling direct POST requests between RP and OP +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#, ' REST request' ); + my $host = $1; + my $url = $2; + my ( $res, $client ); + count(1); + if ( $host eq 'op' ) { + pass(" Request from RP to OP, endpoint $url"); + $client = $op; + } + elsif ( $host eq 'rp' ) { + pass(' Request from OP to RP'); + $client = $rp; + } + elsif ( $host eq 'idp' ) { + pass(' Request to IDP'); + $client = $idp; + } + else { + fail(' Aborting REST request (external)'); + return HTTP::Response->new(500); + } + if ( $req->method =~ /^post$/i ) { + my $s = $req->content; + ok( + $res = $client->_post( + $url, IO::String->new($s), + length => length($s), + type => $req->header('Content-Type'), + ), + ' Execute post request' + ); + } + else { + ok( + $res = $client->_get( + $url, + custom => { + HTTP_AUTHORIZATION => $req->header('Authorization'), + } + ), + ' Execute get request' + ); + } + ok( $res->[0] == 200, ' Response is 200' ); + ok( getHeader( $res, 'Content-Type' ) =~ m#^application/json#, + ' Content is JSON' ) + or explain( $res->[1], 'Content-Type => application/json' ); + count(4); + return $res; + } +); + + + +SKIP: { + eval "use Lasso"; + if ($@) { + skip 'Lasso not found', $maintests; + } + + # Initialization + $op = register( 'op', \&op ); + + ok( + $res = $op->_get('/oauth2/jwks'), + 'Get JWKS, endpoint /oauth2/jwks' + ); + expectOK($res); + my $jwks = $res->[2]->[0]; + + ok( + $res = $op->_get('/.well-known/openid-configuration'), + 'Get metadata, endpoint /.well-known/openid-configuration' + ); + expectOK($res); + my $metadata = $res->[2]->[0]; + + $idp = register( 'idp', \&idp ); + + $rp = register( 'rp', sub { rp( $jwks, $metadata ) } ); + + + # LOGIN PROCESS ############################################################ + + # Query RP for auth + ok( $res = $rp->_get( '/', accept => 'text/html' ), 'Unauth SP request' ); + my ( $url, $query ) = + expectRedirection( $res, + qr#http://auth.op.com(/oauth2/authorize)\?(.*)$# ); + + # Push request to OP + switch ('op'); + ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ), + "Push request to OP, endpoint $url" ); + + my $pdataop = expectCookie( $res, 'lemonldappdata' ); + + my ( $urlidp, $queryidp ) = + expectRedirection( $res, + qr#http://auth.idp.com(/saml/singleSignOn)\?(.*)$# ); + + # Push request to IDP + switch ('idp'); + + # Try to authenticate to IdP + ok( + $res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html'), + "SAML Authentication on idp, endpoint $urlidp" ); + my $pdataidp = expectCookie( $res, 'lemonldappdata' ); + + my ( $host, $tmp ); + # expectForm (result, host, uri, @requiredfield) + ( $host, $tmp, $query ) = expectForm( $res, '#', undef, + ( 'url', 'timezone', 'skin', 'user', 'password' ) ); + $query =~ s/user=/user=dwho/; + $query =~ s/password=/password=dwho/; + + ok( + $res = $idp->_post( + $urlidp, + IO::String->new($query), + accept => 'text/html', + cookie => "lemonldappdata=$pdataidp", + length => length($query), + ), + "Post authentication, endpoint $urlidp" + ); + + $pdataidp = expectCookie( $res, 'lemonldappdata' ); + my $cookieidp = expectCookie( $res, 'lemonldap' ); + + + ( $host, $url, $query ) = + expectForm( $res, 'auth.op.com', '/saml/proxySingleSignOnPost', + 'SAMLResponse', 'RelayState' ); + + my ($resp) = $query =~ qr/SAMLResponse=([^&]*)/; + + # Post SAML response to SP + switch ('op'); + ok( + $res = $op->_post( + $url, IO::String->new($query), + accept => 'text/html', + length => length($query), + cookie => "lemonldappdata=$pdataop", + ), + 'Post SAML response to SP' + ); + + $pdataop = expectCookie( $res, 'lemonldappdata' ); + my $cookieop = expectCookie( $res, 'lemonldap' ); + + + ( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# ); + + ok( $res = $op->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop", + ), + 'Call OP from SAML SP' ); + + $pdataop = expectCookie( $res, 'lemonldappdata' ); + + # No consent here because we have disabled it (oidcRPMetaDataOptionsBypassConsent) + + ($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# ); + + + # Push OP response to RP + switch ('rp'); + + ok( $res = $rp->_get( '/', query => $query, accept => 'text/html' ), + 'Call openidconnectcallback on RP' ); + my $cookierp = expectCookie($res, 'lemonldap'); + + # Authentication done on RP + OP + IDP + + + # LOGOUT PROCESS ########################################################### + $url = '/'; + $query = 'logout=1'; + ok( $res = $rp->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldap=$cookierp", + ), + 'Call logout from RP' ); + + # lemonldap cookie set to "0" + $cookierp = expectCookie( $res, 'lemonldap' ); + ok( $cookierp eq "0", 'Test empty cookie on RP' ); + + # forward logout to OP + ( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# ); + + switch ('op'); + + ok( $res = $op->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop", + ), + 'Forward logout to OP' ); + + # expectForm (result, host, uri, @requiredfield) + ( $host, $tmp, $query ) = expectForm( $res, '#', undef, + ( 'post_logout_redirect_uri', 'confirm', 'skin' ) ); + + ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop", + length => length($query), + ), + "Post logout confirmation to OP, endpoint $url" + ); + + # lemonldap cookie set to "0" + $cookieop = expectCookie( $res, 'lemonldap' ); + ok( $cookieop eq "0", 'Test empty cookie on OP' ); + + ( $url, $query ) = expectRedirection( $res, qr#^http://auth.idp.com(/.*)\?(.*)$# ); + + switch ('idp'); + + ok( $res = $idp->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldappdata=$pdataidp; lemonldap=$cookieidp", + ), + 'redirect to IdP' ); + + # lemonldap cookie set to "0" + $cookieidp = expectCookie( $res, 'lemonldap' ); + ok( $cookieidp eq "0", 'Test empty cookie on IDP' ); + + ( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# ); + + switch ('op'); + + ok( $res = $op->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop", + ), + 'redirect to OP' ); + + expectOK($res); + +} + +count($maintests); +clean_sessions(); +done_testing( count() ); + +sub op { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'op.com', + portal => 'http://auth.op.com', + authentication => 'SAML', + userDB => 'Same', + issuerDBOpenIDConnectActivation => "1", + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + } + }, + oidcServiceAllowHybridFlow => 1, + oidcServiceAllowImplicitFlow => 1, + oidcServiceAllowAuthorizationCodeFlow => 1, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 3600 + } + }, + oidcOPMetaDataOptions => {}, + oidcOPMetaDataJSON => {}, + oidcOPMetaDataJWKS => {}, + oidcServiceMetaDataAuthnContext => { + 'loa-4' => 4, + 'loa-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 + }, + oidcServicePrivateKeySig => oidc_key_op_private_sig, + oidcServicePublicKeySig => oidc_key_op_public_sig, + + samlOrganizationDisplayName => "SP", + samlOrganizationName => "SP", + samlOrganizationURL => "http://www.op.com/", + samlServicePrivateKeyEnc => saml_key_sp_private_enc, + samlServicePrivateKeySig => saml_key_sp_private_sig, + samlServicePublicKeyEnc => saml_key_sp_public_enc, + samlServicePublicKeySig => saml_key_sp_public_sig, + samlIDPSSODescriptorWantAuthnRequestsSigned => 1, + samlSPSSODescriptorWantAssertionsSigned => 1, + samlIDPMetaDataXML => { + 'idp' => { + samlIDPMetaDataXML => + samlIDPMetaDataXML( 'idp', 'HTTP-Redirect' ) + }, + }, + samlIDPMetaDataOptions => { + 'idp' => { + 'samlIDPMetaDataOptionsAdaptSessionUtime' => 0, + 'samlIDPMetaDataOptionsAllowLoginFromIDP' => 0, + 'samlIDPMetaDataOptionsAllowProxiedAuthn' => 0, + 'samlIDPMetaDataOptionsCheckAudience' => 1, + 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => 1, + 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => 1, + 'samlIDPMetaDataOptionsCheckTime' => 1, + 'samlIDPMetaDataOptionsDisplayName' => 'idp', + 'samlIDPMetaDataOptionsEncryptionMode' => 'none', + 'samlIDPMetaDataOptionsForceAuthn' => 0, + 'samlIDPMetaDataOptionsForceUTF8' => 0, + 'samlIDPMetaDataOptionsIcon' => '', + 'samlIDPMetaDataOptionsIsPassive' => 0, + 'samlIDPMetaDataOptionsNameIDFormat' => '', + 'samlIDPMetaDataOptionsRelayStateURL' => 0, + 'samlIDPMetaDataOptionsRequestedAuthnContext' => '', + 'samlIDPMetaDataOptionsResolutionRule' => '', + 'samlIDPMetaDataOptionsSLOBinding' => 'http-redirect', + 'samlIDPMetaDataOptionsSSOBinding' => 'http-redirect', + 'samlIDPMetaDataOptionsSignSLOMessage' => 1, + 'samlIDPMetaDataOptionsSignSSOMessage' => 1, + 'samlIDPMetaDataOptionsSignatureMethod' => '', + 'samlIDPMetaDataOptionsStoreSAMLToken' => 0 + } + }, + samlIDPMetaDataExportedAttributes => { + 'idp' => { + 'cn' => '1;cn', + 'uid' => '1;uid' + } + }, + } + } + ); +} + +sub rp { + my ( $jwks, $metadata ) = @_; + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'rp.com', + portal => 'http://auth.rp.com', + authentication => 'OpenIDConnect', + userDB => 'Same', + restSessionServer => 1, + oidcOPMetaDataExportedVars => { + op => { + cn => "name", + uid => "sub", + sn => "family_name", + mail => "email" + } + }, + oidcOPMetaDataOptions => { + op => { + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsScope => "openid profile", + oidcOPMetaDataOptionsStoreIDToken => 0, + oidcOPMetaDataOptionsDisplay => "", + oidcOPMetaDataOptionsClientID => "rpid", + oidcOPMetaDataOptionsConfigurationURI => + "https://auth.op.com/.well-known/openid-configuration" + } + }, + oidcOPMetaDataJWKS => { + op => $jwks, + }, + oidcOPMetaDataJSON => { + op => $metadata, + } + } + } + ); +} + +sub idp { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.idp.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBSAMLActivation => 1, + restSessionServer => 1, + samlSPMetaDataOptions => { + sp => { + 'samlSPMetaDataOptionsCheckSLOMessageSignature' => 1, + 'samlSPMetaDataOptionsCheckSSOMessageSignature' => 1, + 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => 0, + 'samlSPMetaDataOptionsEncryptionMode' => 'none', + 'samlSPMetaDataOptionsForceUTF8' => 1, + 'samlSPMetaDataOptionsNameIDFormat' => '', + 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000, + 'samlSPMetaDataOptionsOneTimeUse' => 0, + 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000, + 'samlSPMetaDataOptionsSignSLOMessage' => -1, + 'samlSPMetaDataOptionsSignSSOMessage' => 1, + 'samlSPMetaDataOptionsSignatureMethod' => '' + } + }, + samlSPMetaDataXML => { + sp => { + samlSPMetaDataXML => + samlSPMetaDataXML( 'op', 'HTTP-Redirect' ), + 'samlSPSSODescriptorAuthnRequestsSigned' => 1, + 'samlSPSSODescriptorWantAssertionsSigned' => 1, + } + }, + samlSPMetaDataExportedAttributes => { + 'sp' => { + 'cn' => '1;cn', + 'uid' => '1;uid' + } + }, + samlOrganizationDisplayName => "IDP", + samlOrganizationName => "IDP", + samlOrganizationURL => "http://www.idp.com", + samlServicePublicKeySig => saml_key_idp_public_sig, + samlServicePrivateKeyEnc => saml_key_idp_private_enc, + samlServicePrivateKeySig => saml_key_idp_private_sig, + samlServicePublicKeyEnc => saml_key_idp_public_enc, + samlSPSSODescriptorAuthnRequestsSigned => 1, + }, + } + ); +} diff --git a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-IDP-SOAP.t b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-IDP-SOAP.t new file mode 100644 index 000000000..1f2327f2c --- /dev/null +++ b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-IDP-SOAP.t @@ -0,0 +1,475 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + + +# ------------ --------------------------- ---------------- +# | OIDC RP | <-> | OIDC provider + SAML SP | <-> | SAML IdP | +# ------------ --------------------------- ---------------- +# +# Use case: +# - login from RP up to SAML IdP +# - logout asked from RP, and propagated up to SAML IdP +# logout between SAML SP and IdP is done with SOAP binding + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; + require 't/saml-lib.pm'; +} + +my $maintests = 17; +my $debug = 'error'; +#my $debug = 'error'; +my ( $op, $rp, $idp, $res ); + +# Overloads method register, for enabling direct POST requests between RP and OP +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#, ' REST request' ); + my $host = $1; + my $url = $2; + my ( $res, $client ); + count(1); + if ( $host eq 'op' ) { + pass(" Request from RP to OP, endpoint $url"); + $client = $op; + } + elsif ( $host eq 'rp' ) { + pass(' Request from OP to RP'); + $client = $rp; + } + elsif ( $host eq 'idp' ) { + pass(' Request to IDP'); + $client = $idp; + } + else { + fail(' Aborting REST request (external)'); + return HTTP::Response->new(500); + } + if ( $req->method =~ /^post$/i ) { + my $s = $req->content; + ok( + $res = $client->_post( + $url, IO::String->new($s), + length => length($s), + type => $req->header('Content-Type'), + ), + ' Execute post request' + ); + } + else { + ok( + $res = $client->_get( + $url, + custom => { + HTTP_AUTHORIZATION => $req->header('Authorization'), + } + ), + ' Execute get request' + ); + } + ok( $res->[0] == 200, ' Response is 200' ); + ok( getHeader( $res, 'Content-Type' ) =~ m#^(application/json|text/xml)#, + ' Content is JSON|XML' ) + or explain( $res->[1], 'Content-Type => (application/json|text/xml)' ); + count(4); + return $res; + } +); + + + +SKIP: { + eval "use Lasso"; + if ($@) { + skip 'Lasso not found', $maintests; + } + + # Initialization + $op = register( 'op', \&op ); + + ok( + $res = $op->_get('/oauth2/jwks'), + 'Get JWKS, endpoint /oauth2/jwks' + ); + expectOK($res); + my $jwks = $res->[2]->[0]; + + ok( + $res = $op->_get('/.well-known/openid-configuration'), + 'Get metadata, endpoint /.well-known/openid-configuration' + ); + expectOK($res); + my $metadata = $res->[2]->[0]; + + $idp = register( 'idp', \&idp ); + + $rp = register( 'rp', sub { rp( $jwks, $metadata ) } ); + + + # LOGIN PROCESS ############################################################ + + # Query RP for auth + ok( $res = $rp->_get( '/', accept => 'text/html' ), 'Unauth SP request' ); + my ( $url, $query ) = + expectRedirection( $res, + qr#http://auth.op.com(/oauth2/authorize)\?(.*)$# ); + + # Push request to OP + switch ('op'); + ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ), + "Push request to OP, endpoint $url" ); + + my $pdataop = expectCookie( $res, 'lemonldappdata' ); + + my ( $urlidp, $queryidp ) = + expectRedirection( $res, + qr#http://auth.idp.com(/saml/singleSignOn)\?(.*)$# ); + + # Push request to IDP + switch ('idp'); + + # Try to authenticate to IdP + ok( + $res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html'), + "SAML Authentication on idp, endpoint $urlidp" ); + my $pdataidp = expectCookie( $res, 'lemonldappdata' ); + + my ( $host, $tmp ); + # expectForm (result, host, uri, @requiredfield) + ( $host, $tmp, $query ) = expectForm( $res, '#', undef, + ( 'url', 'timezone', 'skin', 'user', 'password' ) ); + $query =~ s/user=/user=dwho/; + $query =~ s/password=/password=dwho/; + + ok( + $res = $idp->_post( + $urlidp, + IO::String->new($query), + accept => 'text/html', + cookie => "lemonldappdata=$pdataidp", + length => length($query), + ), + "Post authentication, endpoint $urlidp" + ); + + $pdataidp = expectCookie( $res, 'lemonldappdata' ); + my $cookieidp = expectCookie( $res, 'lemonldap' ); + + + ( $host, $url, $query ) = + expectForm( $res, 'auth.op.com', '/saml/proxySingleSignOnPost', + 'SAMLResponse', 'RelayState' ); + + my ($resp) = $query =~ qr/SAMLResponse=([^&]*)/; + + # Post SAML response to SP + switch ('op'); + ok( + $res = $op->_post( + $url, IO::String->new($query), + accept => 'text/html', + length => length($query), + cookie => "lemonldappdata=$pdataop", + ), + 'Post SAML response to SP' + ); + + $pdataop = expectCookie( $res, 'lemonldappdata' ); + my $cookieop = expectCookie( $res, 'lemonldap' ); + + + ( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# ); + + ok( $res = $op->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop", + ), + 'Call OP from SAML SP' ); + + $pdataop = expectCookie( $res, 'lemonldappdata' ); + + # No consent here because we have disabled it (oidcRPMetaDataOptionsBypassConsent) + + ($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# ); + + + # Push OP response to RP + switch ('rp'); + + ok( $res = $rp->_get( '/', query => $query, accept => 'text/html' ), + 'Call openidconnectcallback on RP' ); + my $cookierp = expectCookie($res, 'lemonldap'); + + # Authentication done on RP + OP + IDP + + + # LOGOUT PROCESS ########################################################### + $url = '/'; + $query = 'logout=1'; + ok( $res = $rp->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldap=$cookierp", + ), + 'Call logout from RP' ); + + # lemonldap cookie set to "0" + $cookierp = expectCookie( $res, 'lemonldap' ); + ok( $cookierp eq "0", 'Test empty cookie on RP' ); + + # forward logout to OP + ( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# ); + + switch ('op'); + + ok( $res = $op->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop", + ), + 'Forward logout to OP' ); + + # expectForm (result, host, uri, @requiredfield) + ( $host, $tmp, $query ) = expectForm( $res, '#', undef, + ( 'post_logout_redirect_uri', 'confirm', 'skin' ) ); + + ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop", + length => length($query), + ), + "Post logout confirmation to OP, endpoint $url" + ); + + # lemonldap cookie set to "0" + $cookieop = expectCookie( $res, 'lemonldap' ); + ok( $cookieop eq "0", 'Test empty cookie on OP' ); + + ( $url, $query ) = expectRedirection( $res, qr#^http://auth.rp.com(/?.*)\?(.*)$# ); + + switch ('rp'); + + ok( $res = $rp->_get( $url, query => $query, + accept => 'text/html', + cookie => "lemonldap=$cookierp", + ), + 'redirect to RP' ); + + expectOK($res); + + # test connexion on IDP + switch('idp'); + ok( $res = $idp->_get( '/', query => '', + accept => 'text/html', + cookie => "lemonldap=$cookieidp", + ), + 'Test if still logged on IDP' ); + + like( $res->[2]->[0], qr/userfield/, + 'test presence of user field in form (prove successful logout)' ); + +} + +count($maintests); +clean_sessions(); +done_testing( count() ); + +sub op { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'op.com', + portal => 'http://auth.op.com', + authentication => 'SAML', + userDB => 'Same', + issuerDBOpenIDConnectActivation => "1", + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + } + }, + oidcServiceAllowHybridFlow => 1, + oidcServiceAllowImplicitFlow => 1, + oidcServiceAllowAuthorizationCodeFlow => 1, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + oidcRPMetaDataOptionsPostLogoutRedirectUris => 'http://auth.rp.com?logout=1', + } + }, + oidcOPMetaDataOptions => {}, + oidcOPMetaDataJSON => {}, + oidcOPMetaDataJWKS => {}, + oidcServiceMetaDataAuthnContext => { + 'loa-4' => 4, + 'loa-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 + }, + oidcServicePrivateKeySig => oidc_key_op_private_sig, + oidcServicePublicKeySig => oidc_key_op_public_sig, + + samlOrganizationDisplayName => "SP", + samlOrganizationName => "SP", + samlOrganizationURL => "http://www.op.com/", + samlServicePrivateKeyEnc => saml_key_sp_private_enc, + samlServicePrivateKeySig => saml_key_sp_private_sig, + samlServicePublicKeyEnc => saml_key_sp_public_enc, + samlServicePublicKeySig => saml_key_sp_public_sig, + samlIDPSSODescriptorWantAuthnRequestsSigned => 1, + samlSPSSODescriptorWantAssertionsSigned => 1, + samlIDPMetaDataXML => { + 'idp' => { + samlIDPMetaDataXML => + samlIDPComplexMetaDataXML( 'idp', 'HTTP-Redirect', 'SOAP' ) + }, + }, + samlIDPMetaDataOptions => { + 'idp' => { + 'samlIDPMetaDataOptionsAdaptSessionUtime' => 0, + 'samlIDPMetaDataOptionsAllowLoginFromIDP' => 0, + 'samlIDPMetaDataOptionsAllowProxiedAuthn' => 0, + 'samlIDPMetaDataOptionsCheckAudience' => 1, + 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => 1, + 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => 1, + 'samlIDPMetaDataOptionsCheckTime' => 1, + 'samlIDPMetaDataOptionsDisplayName' => 'idp', + 'samlIDPMetaDataOptionsEncryptionMode' => 'none', + 'samlIDPMetaDataOptionsForceAuthn' => 0, + 'samlIDPMetaDataOptionsForceUTF8' => 0, + 'samlIDPMetaDataOptionsIcon' => '', + 'samlIDPMetaDataOptionsIsPassive' => 0, + 'samlIDPMetaDataOptionsNameIDFormat' => '', + 'samlIDPMetaDataOptionsRelayStateURL' => 0, + 'samlIDPMetaDataOptionsRequestedAuthnContext' => '', + 'samlIDPMetaDataOptionsResolutionRule' => '', + 'samlIDPMetaDataOptionsSLOBinding' => 'http-soap', + 'samlIDPMetaDataOptionsSSOBinding' => 'http-redirect', + 'samlIDPMetaDataOptionsSignSLOMessage' => 1, + 'samlIDPMetaDataOptionsSignSSOMessage' => 1, + 'samlIDPMetaDataOptionsSignatureMethod' => '', + 'samlIDPMetaDataOptionsStoreSAMLToken' => 0 + } + }, + samlIDPMetaDataExportedAttributes => { + 'idp' => { + 'cn' => '1;cn', + 'uid' => '1;uid' + } + }, + } + } + ); +} + +sub rp { + my ( $jwks, $metadata ) = @_; + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'rp.com', + portal => 'http://auth.rp.com', + authentication => 'OpenIDConnect', + userDB => 'Same', + restSessionServer => 1, + oidcOPMetaDataExportedVars => { + op => { + cn => "name", + uid => "sub", + sn => "family_name", + mail => "email" + } + }, + oidcOPMetaDataOptions => { + op => { + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsScope => "openid profile", + oidcOPMetaDataOptionsStoreIDToken => 0, + oidcOPMetaDataOptionsDisplay => "", + oidcOPMetaDataOptionsClientID => "rpid", + oidcOPMetaDataOptionsConfigurationURI => + "https://auth.op.com/.well-known/openid-configuration" + } + }, + oidcOPMetaDataJWKS => { + op => $jwks, + }, + oidcOPMetaDataJSON => { + op => $metadata, + } + } + } + ); +} + +sub idp { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.idp.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBSAMLActivation => 1, + restSessionServer => 1, + samlSPMetaDataOptions => { + sp => { + 'samlSPMetaDataOptionsCheckSLOMessageSignature' => 1, + 'samlSPMetaDataOptionsCheckSSOMessageSignature' => 1, + 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => 0, + 'samlSPMetaDataOptionsEncryptionMode' => 'none', + 'samlSPMetaDataOptionsForceUTF8' => 1, + 'samlSPMetaDataOptionsNameIDFormat' => '', + 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000, + 'samlSPMetaDataOptionsOneTimeUse' => 0, + 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000, + 'samlSPMetaDataOptionsSignSLOMessage' => -1, + 'samlSPMetaDataOptionsSignSSOMessage' => 1, + 'samlSPMetaDataOptionsSignatureMethod' => '' + } + }, + samlSPMetaDataXML => { + sp => { + samlSPMetaDataXML => + samlSPComplexMetaDataXML( 'op', 'HTTP-Redirect', 'SOAP' ), + 'samlSPSSODescriptorAuthnRequestsSigned' => 1, + 'samlSPSSODescriptorWantAssertionsSigned' => 1, + } + }, + samlSPMetaDataExportedAttributes => { + 'sp' => { + 'cn' => '1;cn', + 'uid' => '1;uid' + } + }, + samlOrganizationDisplayName => "IDP", + samlOrganizationName => "IDP", + samlOrganizationURL => "http://www.idp.com", + samlServicePublicKeySig => saml_key_idp_public_sig, + samlServicePrivateKeyEnc => saml_key_idp_private_enc, + samlServicePrivateKeySig => saml_key_idp_private_sig, + samlServicePublicKeyEnc => saml_key_idp_public_enc, + samlSPSSODescriptorAuthnRequestsSigned => 1, + }, + } + ); +} diff --git a/lemonldap-ng-portal/t/74-2F-Required-Issuer-Timeouts.t b/lemonldap-ng-portal/t/74-2F-Required-Issuer-Timeouts.t new file mode 100644 index 000000000..4c704d5af --- /dev/null +++ b/lemonldap-ng-portal/t/74-2F-Required-Issuer-Timeouts.t @@ -0,0 +1,163 @@ +use Test::More; +use strict; +use IO::String; + +require 't/test-lib.pm'; +my $maintests = 19; + +SKIP: { + eval { require Convert::Base32 }; + if ($@) { + skip 'Convert::Base32 is missing', $maintests; + } + require Lemonldap::NG::Common::TOTP; + + my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + totp2fSelfRegistration => 1, + totp2fActivation => 1, + sfRequired => 1, + sfRegisterTimeout => 600, + tokenUseGlobalStorage => 1, + issuerDBCASActivation => 1, + issuersTimeout => 600, + } + } + ); + my $res; + + # Try to authenticate + # ------------------- + ok( + $res = $client->_get( + '/cas/login', + query => buildForm( { + service => "http://cas.example.com/", + } + ), + accept => 'text/html', + length => 23 + ), + 'Auth query' + ); + my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); + + # Post login form + # --------------- + ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=dwho'), + cookie => $pdata, + length => 23 + ), + 'Auth query' + ); + expectRedirection( $res, qr'http://auth.example.com/+2fregisters/?' ); + $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); + + # Follow redirection to TOTP form + ok( $res = $client->_get( '/2fregisters', cookie => $pdata ), + 'Follow redirection to /2fregisters' ); + ok( $res->[2]->[0] =~ m#/2fregisters/totp#, 'Found TOTP link' ); + + # TOTP form + ok( + $res = $client->_get( + '/2fregisters/totp', + cookie => $pdata, + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' ); + + # JS query + ok( + $res = $client->_post( + '/2fregisters/totp/getkey', IO::String->new(''), + cookie => $pdata, + length => 0, + ), + 'Get new key' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + my ( $key, $token ); + ok( $key = $res->{secret}, 'Found secret' ); + ok( $token = $res->{token}, 'Found token' ); + $key = Convert::Base32::decode_base32($key); + + # Wait for regular form timeout to expire + Time::Fake->offset("+5m"); + + # Post code + my $code; + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + ok( $code =~ /^\d{6}$/, 'Code contains 6 digits' ); + my $s = "code=$code&token=$token"; + ok( + $res = $client->_post( + '/2fregisters/totp/verify', + IO::String->new($s), + length => length($s), + cookie => $pdata, + ), + 'Post code' + ); + $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + ok( $res->{result} == 1, 'Key is registered' ); + + # Try to sign-in + ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=dwho'), + length => 23, + cookie => $pdata, + accept => 'text/html', + ), + 'Auth query' + ); + $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); + my ( $host, $url, $query ) = + expectForm( $res, undef, '/totp2fcheck', 'token' ); + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + $query =~ s/code=/code=$code/; + ok( + $res = $client->_post( + '/totp2fcheck', IO::String->new($query), + length => length($query), + cookie => $pdata, + accept => 'text/html', + ), + 'Post code' + ); + my $id = expectCookie($res); + $pdata = expectCookie( $res, 'lemonldappdata' ); + expectRedirection( $res, qr'http://auth.example.com//cas' ); + + # Follow redirection to TOTP form + ok( + $res = $client->_get( + '//cas', + cookie => "lemonldap=$id; lemonldappdata=$pdata", + accept => 'text/html', + ), + 'Follow redirection to issuer' + ); + expectRedirection( $res, qr#^http://cas.example.com/\?(ticket.*)# ); +} +count($maintests); + +clean_sessions(); + +done_testing( count() ); + diff --git a/lemonldap-ng-portal/t/saml-lib.pm b/lemonldap-ng-portal/t/saml-lib.pm index ccc611249..fffc0b1b4 100644 --- a/lemonldap-ng-portal/t/saml-lib.pm +++ b/lemonldap-ng-portal/t/saml-lib.pm @@ -437,6 +437,190 @@ EOF ; } +sub samlSPComplexMetaDataXML { + my ( $name, $typeSSO, $typeSLO ) = @_; + my $org = uc($name); + return <<"EOF" + + + + + + + + + + u4iToYAEmWQxgZDihGVzMMql1elPn37domWcvXeU2E4yt2hh5jkQHiFjgodfOlNeRIw5QJVlUBwr + +CQvbaKRFXd7BrOhQIDC0TZPRVB0XHarUtsCuDekN4/2GKSzHsoToKUVPWq9thsuek3xkpsJGZNX + 7bglfEc9+QQpYTqN1rkdN1PVU0epNMokFFGho5pLRqLUV5+I/QXAL49jfTjaSxsp4UndTI8/+mGS + RSq+nrT2zyQRM/vkj5vR9ZVz67HO/+Wk3Mx6RAwkVcMdgMAqCq8odmbI0yCRZiTL9ybKWRKqWJoK + J0p5+Q2fPEBPupQZR09Jt/JPuLVSsGfCxi9Nqw== + AQAB + + + + + + + + + + sRaod2RZ8hMFBl+VhsnhyPM8l/Fj1obnBxfQIaWuHFIFfXiGe/CYHuZ5QJQLnZxHMJX6LL3Sh+Us + og3p0jpijpcg0QgfBSEkfopKTgReYN8DiDIll0rV1XdTni7E85Nd1YyNy3ui/ZD+UShWwqu6jLVL + R+QUm+/1LIKYb3OCBTvOlY7xHoP6NSU1+Mr+YzGBUacdO2vnNxe/PQhxIeP1zO0njuqGHkwEpy8r + UWRZbbDn31TmKjqlhgtsz5HPhbRaYEExhyepKgBiNz+RyxtYXVhuG8OrWQDoS5gYHSjdw1CTJyix + eJwyoqA9RGYguG5nh9zndi3LWAh7Z0lx+tIz+w== + AQAB + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + + u4iToYAEmWQxgZDihGVzMMql1elPn37domWcvXeU2E4yt2hh5jkQHiFjgodfOlNeRIw5QJVlUBwr + +CQvbaKRFXd7BrOhQIDC0TZPRVB0XHarUtsCuDekN4/2GKSzHsoToKUVPWq9thsuek3xkpsJGZNX + 7bglfEc9+QQpYTqN1rkdN1PVU0epNMokFFGho5pLRqLUV5+I/QXAL49jfTjaSxsp4UndTI8/+mGS + RSq+nrT2zyQRM/vkj5vR9ZVz67HO/+Wk3Mx6RAwkVcMdgMAqCq8odmbI0yCRZiTL9ybKWRKqWJoK + J0p5+Q2fPEBPupQZR09Jt/JPuLVSsGfCxi9Nqw== + AQAB + + + + + + + + + + sRaod2RZ8hMFBl+VhsnhyPM8l/Fj1obnBxfQIaWuHFIFfXiGe/CYHuZ5QJQLnZxHMJX6LL3Sh+Us + og3p0jpijpcg0QgfBSEkfopKTgReYN8DiDIll0rV1XdTni7E85Nd1YyNy3ui/ZD+UShWwqu6jLVL + R+QUm+/1LIKYb3OCBTvOlY7xHoP6NSU1+Mr+YzGBUacdO2vnNxe/PQhxIeP1zO0njuqGHkwEpy8r + UWRZbbDn31TmKjqlhgtsz5HPhbRaYEExhyepKgBiNz+RyxtYXVhuG8OrWQDoS5gYHSjdw1CTJyix + eJwyoqA9RGYguG5nh9zndi3LWAh7Z0lx+tIz+w== + AQAB + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + + + + u4iToYAEmWQxgZDihGVzMMql1elPn37domWcvXeU2E4yt2hh5jkQHiFjgodfOlNeRIw5QJVlUBwr + +CQvbaKRFXd7BrOhQIDC0TZPRVB0XHarUtsCuDekN4/2GKSzHsoToKUVPWq9thsuek3xkpsJGZNX + 7bglfEc9+QQpYTqN1rkdN1PVU0epNMokFFGho5pLRqLUV5+I/QXAL49jfTjaSxsp4UndTI8/+mGS + RSq+nrT2zyQRM/vkj5vR9ZVz67HO/+Wk3Mx6RAwkVcMdgMAqCq8odmbI0yCRZiTL9ybKWRKqWJoK + J0p5+Q2fPEBPupQZR09Jt/JPuLVSsGfCxi9Nqw== + AQAB + + + + + + + + + + sRaod2RZ8hMFBl+VhsnhyPM8l/Fj1obnBxfQIaWuHFIFfXiGe/CYHuZ5QJQLnZxHMJX6LL3Sh+Us + og3p0jpijpcg0QgfBSEkfopKTgReYN8DiDIll0rV1XdTni7E85Nd1YyNy3ui/ZD+UShWwqu6jLVL + R+QUm+/1LIKYb3OCBTvOlY7xHoP6NSU1+Mr+YzGBUacdO2vnNxe/PQhxIeP1zO0njuqGHkwEpy8r + UWRZbbDn31TmKjqlhgtsz5HPhbRaYEExhyepKgBiNz+RyxtYXVhuG8OrWQDoS5gYHSjdw1CTJyix + eJwyoqA9RGYguG5nh9zndi3LWAh7Z0lx+tIz+w== + AQAB + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + $org + + $org + + http://www.$name.com + + +EOF + ; +} + sub samlProxyMetaDataXML { my ( $name, $type ) = @_; my $org = uc($name); @@ -623,6 +807,192 @@ EOF ; } +sub samlProxyComplexMetaDataXML { + my ( $name, $typeSSO, $typeSLO ) = @_; + my $org = uc($name); + return <<"EOF" + + + + + + + + ztmb1JZk/agkYYm23D4dqaLS4EKHKrjO4eBvwtWZLexAGR1KDpcrHqLyqJoal+q4A8drI7lxElSt +6xRKJ4DIxQM1jqRcmE6EzdL6BfTaRace3zIuhjDSQUZJdtFtlJynQT1cJbx5ZYhqZbYANm9NZRcY +Z5gWeyF9nl41xA79AMuYlpt7eWDR8cnQJXwV790991FQ9yA2BBgTdSKkFqZ72P4lWu4shz3JCGf5 +hyq03hCHQ7bsfpgAdCrbQPTuJNFtS599ClMu+AcRcwJcS233pHd306PRHCXn3Eapq6gEoHxgLVNp ++luAIhRA9EaOnZ0nVkFwFKn3vLXzV01iTliMeQ== + + AQAB + + + + + + + + + + 2vzoUiQ4GsM5qLjoxslEDKj+RrPh/A743JCWe1Hbadjd5yD4gPwmJUxMF+MJcQlo/TkmKbTonPdI +oAqDknbUxfFTntp0VkdKrB64xr0Stpy7123hPszat3SbU3RYypdobEcuSAS77w9X1KnkRL1+CIe5 +9qSsghO3l3b2IJ6qPFXdx/cro7+K3O7w8wAEJ9KmxA0KdiZpSFgTAqfNDSKx8NLwZOeDpsHouAxy +1E2kine+9ESBTRAM2PgiGZvU5JA1SZscdEg3wTftJxxPFnAJMwtqM3IVC6B+TqsIP5Wlk1PQQqH7 +5gjtBYDVduynBwU+l/UUmp1aDRZupuH8PF51pw== + + AQAB + + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + ztmb1JZk/agkYYm23D4dqaLS4EKHKrjO4eBvwtWZLexAGR1KDpcrHqLyqJoal+q4A8drI7lxElSt +6xRKJ4DIxQM1jqRcmE6EzdL6BfTaRace3zIuhjDSQUZJdtFtlJynQT1cJbx5ZYhqZbYANm9NZRcY +Z5gWeyF9nl41xA79AMuYlpt7eWDR8cnQJXwV790991FQ9yA2BBgTdSKkFqZ72P4lWu4shz3JCGf5 +hyq03hCHQ7bsfpgAdCrbQPTuJNFtS599ClMu+AcRcwJcS233pHd306PRHCXn3Eapq6gEoHxgLVNp ++luAIhRA9EaOnZ0nVkFwFKn3vLXzV01iTliMeQ== + + AQAB + + + + + + + + + + 2vzoUiQ4GsM5qLjoxslEDKj+RrPh/A743JCWe1Hbadjd5yD4gPwmJUxMF+MJcQlo/TkmKbTonPdI +oAqDknbUxfFTntp0VkdKrB64xr0Stpy7123hPszat3SbU3RYypdobEcuSAS77w9X1KnkRL1+CIe5 +9qSsghO3l3b2IJ6qPFXdx/cro7+K3O7w8wAEJ9KmxA0KdiZpSFgTAqfNDSKx8NLwZOeDpsHouAxy +1E2kine+9ESBTRAM2PgiGZvU5JA1SZscdEg3wTftJxxPFnAJMwtqM3IVC6B+TqsIP5Wlk1PQQqH7 +5gjtBYDVduynBwU+l/UUmp1aDRZupuH8PF51pw== + + AQAB + + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + + ztmb1JZk/agkYYm23D4dqaLS4EKHKrjO4eBvwtWZLexAGR1KDpcrHqLyqJoal+q4A8drI7lxElSt +6xRKJ4DIxQM1jqRcmE6EzdL6BfTaRace3zIuhjDSQUZJdtFtlJynQT1cJbx5ZYhqZbYANm9NZRcY +Z5gWeyF9nl41xA79AMuYlpt7eWDR8cnQJXwV790991FQ9yA2BBgTdSKkFqZ72P4lWu4shz3JCGf5 +hyq03hCHQ7bsfpgAdCrbQPTuJNFtS599ClMu+AcRcwJcS233pHd306PRHCXn3Eapq6gEoHxgLVNp ++luAIhRA9EaOnZ0nVkFwFKn3vLXzV01iTliMeQ== + + AQAB + + + + + + + + + + 2vzoUiQ4GsM5qLjoxslEDKj+RrPh/A743JCWe1Hbadjd5yD4gPwmJUxMF+MJcQlo/TkmKbTonPdI +oAqDknbUxfFTntp0VkdKrB64xr0Stpy7123hPszat3SbU3RYypdobEcuSAS77w9X1KnkRL1+CIe5 +9qSsghO3l3b2IJ6qPFXdx/cro7+K3O7w8wAEJ9KmxA0KdiZpSFgTAqfNDSKx8NLwZOeDpsHouAxy +1E2kine+9ESBTRAM2PgiGZvU5JA1SZscdEg3wTftJxxPFnAJMwtqM3IVC6B+TqsIP5Wlk1PQQqH7 +5gjtBYDVduynBwU+l/UUmp1aDRZupuH8PF51pw== + + AQAB + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + $org + + $org + + http://www.$name.com + + +EOF + ; +} + sub samlIDPMetaDataXML { my ( $name, $type ) = @_; my $org = uc($name); @@ -804,6 +1174,188 @@ EOF ; } +sub samlIDPComplexMetaDataXML { + my ( $name, $typeSSO, $typeSLO ) = @_; + my $org = uc($name); + return <<"EOF" + + + + + + + + + + tR/wgDqWB4Maho5V6TjcL/NbNfjgIh7GcgkrB5RZcVT1GTejJlMjUQdgBKBuZXQN+7/29P6UcGq1 + kYalURq6S8SpeJ1ofp5rBEoD/TIkvU0JOcid65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRyBIQz + B0SIxSpnrsigqNsE1E94toDMx4wovjHu/9ABAImREV7Sz83OeFF00/sghrjTEJOD/gHf04JCn9Mg + NOqvSTysr9LXWg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5yD41mi+hT8Rh+W8Je8rsiML4VMxz + sb1l9303asw6suo5bLTISKNSbu1nt1NkpNxzyw== + AQAB + + + + + + + + + + nfKBDG/K0TnGT7Xu8q1N45sNWvIK91SqNg8nvN2uVeKoHADTcsus5Xn3id5+8Q9TuMFsW9kIEeXi + aPKXQa9ryfSNDhWDWloNkpGEeWif2BnHUu46Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnVDNfS + EASVIppEBYjDX203ypmURIzU6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+tBlcnMrkv/40DSUke + hQIl2JmlFrl2Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5NMd0KFa6CwZUUSHJqH5GFy5Y2yl4l + g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQ== + AQAB + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + + tR/wgDqWB4Maho5V6TjcL/NbNfjgIh7GcgkrB5RZcVT1GTejJlMjUQdgBKBuZXQN+7/29P6UcGq1 + kYalURq6S8SpeJ1ofp5rBEoD/TIkvU0JOcid65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRyBIQz + B0SIxSpnrsigqNsE1E94toDMx4wovjHu/9ABAImREV7Sz83OeFF00/sghrjTEJOD/gHf04JCn9Mg + NOqvSTysr9LXWg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5yD41mi+hT8Rh+W8Je8rsiML4VMxz + sb1l9303asw6suo5bLTISKNSbu1nt1NkpNxzyw== + AQAB + + + + + + + + + + nfKBDG/K0TnGT7Xu8q1N45sNWvIK91SqNg8nvN2uVeKoHADTcsus5Xn3id5+8Q9TuMFsW9kIEeXi + aPKXQa9ryfSNDhWDWloNkpGEeWif2BnHUu46Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnVDNfS + EASVIppEBYjDX203ypmURIzU6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+tBlcnMrkv/40DSUke + hQIl2JmlFrl2Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5NMd0KFa6CwZUUSHJqH5GFy5Y2yl4l + g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQ== + AQAB + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + + + tR/wgDqWB4Maho5V6TjcL/NbNfjgIh7GcgkrB5RZcVT1GTejJlMjUQdgBKBuZXQN+7/29P6UcGq1 + kYalURq6S8SpeJ1ofp5rBEoD/TIkvU0JOcid65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRyBIQz + B0SIxSpnrsigqNsE1E94toDMx4wovjHu/9ABAImREV7Sz83OeFF00/sghrjTEJOD/gHf04JCn9Mg + NOqvSTysr9LXWg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5yD41mi+hT8Rh+W8Je8rsiML4VMxz + sb1l9303asw6suo5bLTISKNSbu1nt1NkpNxzyw== + AQAB + + + + + + + + + + nfKBDG/K0TnGT7Xu8q1N45sNWvIK91SqNg8nvN2uVeKoHADTcsus5Xn3id5+8Q9TuMFsW9kIEeXi + aPKXQa9ryfSNDhWDWloNkpGEeWif2BnHUu46Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnVDNfS + EASVIppEBYjDX203ypmURIzU6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+tBlcnMrkv/40DSUke + hQIl2JmlFrl2Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5NMd0KFa6CwZUUSHJqH5GFy5Y2yl4l + g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQ== + AQAB + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + $org + + $org + + http://www.$name.fr/ + + +EOF + ; +} + + =head4 expectXPath($xml_string, $xpath, $namespaces, $value, $message) Match a XPath expression against the provided string, and verify that the correct value is