From 80f5d06e8290bb314a3305266dae6aabec3a0dad Mon Sep 17 00:00:00 2001 From: David COUTADEUR Date: Fri, 23 Jun 2017 09:57:07 +0000 Subject: [PATCH] perl tidy --- .../lib/Lemonldap/NG/Common/Conf.pm | 4 +- .../Lemonldap/NG/Common/Conf/DefaultValues.pm | 472 +- .../Lemonldap/NG/Common/Conf/RESTServer.pm | 2 +- .../Lemonldap/NG/Handler/ApacheMP2/Main.pm | 3 +- .../lib/Lemonldap/NG/Manager.pm | 6 +- .../lib/Lemonldap/NG/Manager/Attributes.pm | 6320 +++++++++-------- .../Lemonldap/NG/Manager/Build/Attributes.pm | 9 +- .../lib/Lemonldap/NG/Manager/Build/Tree.pm | 27 +- .../lib/Lemonldap/NG/Manager/Conf/Parser.pm | 9 +- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 4 +- .../site/htdocs/static/struct.json | 2 +- .../lib/Lemonldap/NG/Portal/Auth/Kerberos.pm | 18 +- .../lib/Lemonldap/NG/Portal/Lib/CAS.pm | 2 +- .../lib/Lemonldap/NG/Portal/Lib/DBI.pm | 256 +- .../lib/Lemonldap/NG/Portal/Password/DBI.pm | 20 +- .../lib/Lemonldap/NG/Portal/Password/Null.pm | 6 +- lemonldap-ng-portal/t/24-AuthKerberos.t | 2 +- .../t/31-Auth-and-issuer-CAS-declared-app.t | 24 +- .../t/31-Auth-and-issuer-CAS-default.t | 16 +- .../t/35-REST-sessions-with-REST-server.t | 1 + 20 files changed, 3678 insertions(+), 3525 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm index 1478a268b..0ef9364b2 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm @@ -212,7 +212,9 @@ sub getConf { # Create cipher object unless ( $args->{raw} ) { - eval { $res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} ); }; + eval { + $res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} ); + }; if ($@) { $msg .= "Bad key: $@. \n"; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index 49246be3f..67e58f21d 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -5,234 +5,250 @@ our $VERSION = '2.0.0'; sub defaultValues { return { - 'activeTimer' => 1, - 'ADPwdExpireWarning' => 0, - 'ADPwdMaxAge' => 0, - 'apacheAuthnLevel' => 4, - 'applicationList' => { - 'default' => { - 'catname' => 'Default category', - 'type' => 'category' - } - }, - 'authChoiceParam' => 'lmAuth', - 'authentication' => 'Demo', - 'captcha_mail_enabled' => 1, - 'captcha_register_enabled' => 1, - 'captcha_size' => 6, - 'casAccessControlPolicy' => 'none', - 'casAuthnLevel' => 1, - 'checkXSS' => 1, - 'confirmFormMethod' => 'post', - 'cookieName' => 'lemonldap', - 'cspConnect' => '\'self\'', - 'cspDefault' => '\'self\'', - 'cspFont' => '\'self\'', - 'cspImg' => '\'self\' data:', - 'cspScript' => '\'self\'', - 'cspStyle' => '\'self\'', - 'dbiAuthnLevel' => 2, - 'dbiExportedVars' => {}, - 'demoExportedVars' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'domain' => 'example.com', - 'exportedVars' => { - 'UA' => 'HTTP_USER_AGENT' - }, - 'ext2fActivation' => 0, - 'facebookAuthnLevel' => 1, - 'facebookExportedVars' => {}, - 'failedLoginNumber' => 5, - 'formTimeout' => 120, - 'globalStorage' => 'Apache::Session::File', - 'globalStorageOptions' => { - 'Directory' => '/var/lib/lemonldap-ng/sessions/', - 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', - 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' - }, - 'groups' => {}, - 'hiddenAttributes' => '_password', - 'httpOnly' => 1, - 'infoFormMethod' => 'get', - 'issuerDBCASPath' => '^/cas/', - 'issuerDBCASRule' => 1, - 'issuerDBGetParameters' => {}, - 'issuerDBGetPath' => '^/get/', - 'issuerDBGetRule' => 1, - 'issuerDBOpenIDConnectPath' => '^/oauth2/', - 'issuerDBOpenIDConnectRule' => 1, - 'issuerDBOpenIDPath' => '^/openidserver/', - 'issuerDBOpenIDRule' => 1, - 'issuerDBSAMLPath' => '^/saml/', - 'issuerDBSAMLRule' => 1, - 'jsRedirect' => 0, - 'krbAuthnLevel' => 3, - 'ldapAuthnLevel' => 2, - 'ldapBase' => 'dc=example,dc=com', - 'ldapExportedVars' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'ldapGroupAttributeName' => 'member', - 'ldapGroupAttributeNameGroup' => 'dn', - 'ldapGroupAttributeNameSearch' => 'cn', - 'ldapGroupAttributeNameUser' => 'dn', - 'ldapGroupObjectClass' => 'groupOfNames', - 'ldapPasswordResetAttribute' => 'pwdReset', - 'ldapPasswordResetAttributeValue' => 'TRUE', - 'ldapPort' => 389, - 'ldapPwdEnc' => 'utf-8', - 'ldapSearchDeref' => 'find', - 'ldapServer' => 'ldap://localhost', - 'ldapTimeout' => 120, - 'ldapUsePasswordResetAttribute' => 1, - 'ldapVersion' => 3, - 'localSessionStorage' => 'Cache::FileCache', - 'localSessionStorageOptions' => { - 'cache_depth' => 3, - 'cache_root' => '/tmp', - 'default_expires_in' => 600, - 'directory_umask' => '007', - 'namespace' => 'lemonldap-ng-sessions' - }, - 'locationRules' => { - 'default' => 'deny' - }, - 'logoutServices' => {}, - 'macros' => {}, - 'mailCharset' => 'utf-8', - 'mailFrom' => 'noreply@example.com', - 'mailSessionKey' => 'mail', - 'mailTimeout' => 0, - 'mailUrl' => 'http://auth.example.com/resetpwd', - 'managerDn' => '', - 'managerPassword' => '', - 'multiValuesSeparator' => '; ', - 'notificationStorage' => 'File', - 'notificationStorageOptions' => { - 'dirName' => '/var/lib/lemonldap-ng/notifications' - }, - 'notificationWildcard' => 'allusers', - 'notifyDeleted' => 1, - 'nullAuthnLevel' => 0, - 'oidcAuthnLevel' => 1, - 'oidcRPCallbackGetParam' => 'openidconnectcallback', - 'oidcRPStateTimeout' => 600, - 'oidcServiceAllowAuthorizationCodeFlow' => 1, - 'oidcServiceMetaDataAuthnContext' => { - 'loa-1' => 1, - 'loa-2' => 2, - 'loa-3' => 3, - 'loa-4' => 4, - 'loa-5' => 5 - }, - 'oidcServiceMetaDataAuthorizeURI' => 'authorize', - 'oidcServiceMetaDataBackChannelURI' => 'blogout', - 'oidcServiceMetaDataCheckSessionURI' => 'checksession.html', - 'oidcServiceMetaDataEndSessionURI' => 'logout', - 'oidcServiceMetaDataFrontChannelURI' => 'flogout', - 'oidcServiceMetaDataIssuer' => 'http://auth.example.com', - 'oidcServiceMetaDataJWKSURI' => 'jwks', - 'oidcServiceMetaDataRegistrationURI' => 'register', - 'oidcServiceMetaDataTokenURI' => 'token', - 'oidcServiceMetaDataUserInfoURI' => 'userinfo', - 'openIdAuthnLevel' => 1, - 'openIdExportedVars' => {}, - 'openIdIDPList' => '0;', - 'openIdSPList' => '0;', - 'openIdSreg_email' => 'mail', - 'openIdSreg_fullname' => 'cn', - 'openIdSreg_nickname' => 'uid', - 'openIdSreg_timezone' => '_timezone', - 'pamAuthnLevel' => 2, - 'pamService' => 'login', - 'passwordDB' => 'Demo', - 'portal' => 'http://auth.example.com/', - 'portalAntiFrame' => 1, - 'portalCheckLogins' => 1, - 'portalDisplayAppslist' => 1, - 'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/', - 'portalDisplayLoginHistory' => 1, - 'portalDisplayLogout' => 1, - 'portalDisplayRegister' => 1, - 'portalErrorOnExpiredSession' => 1, - 'portalForceAuthnInterval' => 5, - 'portalPingInterval' => 60000, - 'portalRequireOldPassword' => 1, - 'portalSkin' => 'bootstrap', - 'portalUserAttr' => '_user', - 'proxyAuthnLevel' => 2, - 'radiusAuthnLevel' => 3, - 'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}', - 'redirectFormMethod' => 'get', - 'registerDB' => 'Null', - 'registerTimeout' => 0, - 'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP', - 'remoteGlobalStorageOptions' => { - 'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', - 'proxy' => 'http://auth.example.com/sessions' - }, - 'requireToken' => 1, - 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', - 'samlAuthnContextMapKerberos' => 4, - 'samlAuthnContextMapPassword' => 2, - 'samlAuthnContextMapPasswordProtectedTransport' => 3, - 'samlAuthnContextMapTLSClient' => 5, - 'samlEntityID' => '#PORTAL#/saml/metadata', - 'samlIdPResolveCookie' => 'lemonldapidp', - 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', - 'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1, - 'samlMetadataForceUTF8' => 1, - 'samlNameIDFormatMapEmail' => 'mail', - 'samlNameIDFormatMapKerberos' => 'uid', - 'samlNameIDFormatMapWindows' => 'uid', - 'samlNameIDFormatMapX509' => 'mail', - 'samlOrganizationDisplayName' => 'Example', - 'samlOrganizationName' => 'Example', - 'samlOrganizationURL' => 'http://www.example.com', - 'samlRelayStateTimeout' => 600, - 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', - 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', - 'samlSPSSODescriptorAuthnRequestsSigned' => 1, - 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'samlSPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', - 'samlSPSSODescriptorWantAssertionsSigned' => 1, - 'securedCookie' => 0, - 'slaveAuthnLevel' => 2, - 'slaveExportedVars' => {}, - 'SMTPServer' => '', - 'SMTPTLS' => '', - 'SSLAuthnLevel' => 5, - 'successLoginNumber' => 5, - 'timeout' => 72000, - 'timeoutActivity' => 0, - 'timeoutActivityInterval' => 60, - 'trustedProxies' => '', - 'twitterAuthnLevel' => 1, - 'u2fActivation' => 0, - 'upgradeSession' => 1, - 'userControl' => '^[\\w\\.\\-@]+$', - 'userDB' => 'Same', - 'useRedirectOnError' => 1, - 'useSafeJail' => 1, - 'webIDAuthnLevel' => 1, - 'webIDExportedVars' => {}, - 'whatToTrace' => 'uid', - 'yubikeyAuthnLevel' => 3, - 'yubikeyPublicIDSize' => 12 - }; + 'activeTimer' => 1, + 'ADPwdExpireWarning' => 0, + 'ADPwdMaxAge' => 0, + 'apacheAuthnLevel' => 4, + 'applicationList' => { + 'default' => { + 'catname' => 'Default category', + 'type' => 'category' + } + }, + 'authChoiceParam' => 'lmAuth', + 'authentication' => 'Demo', + 'captcha_mail_enabled' => 1, + 'captcha_register_enabled' => 1, + 'captcha_size' => 6, + 'casAccessControlPolicy' => 'none', + 'casAuthnLevel' => 1, + 'checkXSS' => 1, + 'confirmFormMethod' => 'post', + 'cookieName' => 'lemonldap', + 'cspConnect' => '\'self\'', + 'cspDefault' => '\'self\'', + 'cspFont' => '\'self\'', + 'cspImg' => '\'self\' data:', + 'cspScript' => '\'self\'', + 'cspStyle' => '\'self\'', + 'dbiAuthnLevel' => 2, + 'dbiExportedVars' => {}, + 'demoExportedVars' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'domain' => 'example.com', + 'exportedVars' => { + 'UA' => 'HTTP_USER_AGENT' + }, + 'ext2fActivation' => 0, + 'facebookAuthnLevel' => 1, + 'facebookExportedVars' => {}, + 'failedLoginNumber' => 5, + 'formTimeout' => 120, + 'globalStorage' => 'Apache::Session::File', + 'globalStorageOptions' => { + 'Directory' => '/var/lib/lemonldap-ng/sessions/', + 'generateModule' => + 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', + 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' + }, + 'groups' => {}, + 'hiddenAttributes' => '_password', + 'httpOnly' => 1, + 'infoFormMethod' => 'get', + 'issuerDBCASPath' => '^/cas/', + 'issuerDBCASRule' => 1, + 'issuerDBGetParameters' => {}, + 'issuerDBGetPath' => '^/get/', + 'issuerDBGetRule' => 1, + 'issuerDBOpenIDConnectPath' => '^/oauth2/', + 'issuerDBOpenIDConnectRule' => 1, + 'issuerDBOpenIDPath' => '^/openidserver/', + 'issuerDBOpenIDRule' => 1, + 'issuerDBSAMLPath' => '^/saml/', + 'issuerDBSAMLRule' => 1, + 'jsRedirect' => 0, + 'krbAuthnLevel' => 3, + 'ldapAuthnLevel' => 2, + 'ldapBase' => 'dc=example,dc=com', + 'ldapExportedVars' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'ldapGroupAttributeName' => 'member', + 'ldapGroupAttributeNameGroup' => 'dn', + 'ldapGroupAttributeNameSearch' => 'cn', + 'ldapGroupAttributeNameUser' => 'dn', + 'ldapGroupObjectClass' => 'groupOfNames', + 'ldapPasswordResetAttribute' => 'pwdReset', + 'ldapPasswordResetAttributeValue' => 'TRUE', + 'ldapPort' => 389, + 'ldapPwdEnc' => 'utf-8', + 'ldapSearchDeref' => 'find', + 'ldapServer' => 'ldap://localhost', + 'ldapTimeout' => 120, + 'ldapUsePasswordResetAttribute' => 1, + 'ldapVersion' => 3, + 'localSessionStorage' => 'Cache::FileCache', + 'localSessionStorageOptions' => { + 'cache_depth' => 3, + 'cache_root' => '/tmp', + 'default_expires_in' => 600, + 'directory_umask' => '007', + 'namespace' => 'lemonldap-ng-sessions' + }, + 'locationRules' => { + 'default' => 'deny' + }, + 'logoutServices' => {}, + 'macros' => {}, + 'mailCharset' => 'utf-8', + 'mailFrom' => 'noreply@example.com', + 'mailSessionKey' => 'mail', + 'mailTimeout' => 0, + 'mailUrl' => 'http://auth.example.com/resetpwd', + 'managerDn' => '', + 'managerPassword' => '', + 'multiValuesSeparator' => '; ', + 'notificationStorage' => 'File', + 'notificationStorageOptions' => { + 'dirName' => '/var/lib/lemonldap-ng/notifications' + }, + 'notificationWildcard' => 'allusers', + 'notifyDeleted' => 1, + 'nullAuthnLevel' => 0, + 'oidcAuthnLevel' => 1, + 'oidcRPCallbackGetParam' => 'openidconnectcallback', + 'oidcRPStateTimeout' => 600, + 'oidcServiceAllowAuthorizationCodeFlow' => 1, + 'oidcServiceMetaDataAuthnContext' => { + 'loa-1' => 1, + 'loa-2' => 2, + 'loa-3' => 3, + 'loa-4' => 4, + 'loa-5' => 5 + }, + 'oidcServiceMetaDataAuthorizeURI' => 'authorize', + 'oidcServiceMetaDataBackChannelURI' => 'blogout', + 'oidcServiceMetaDataCheckSessionURI' => 'checksession.html', + 'oidcServiceMetaDataEndSessionURI' => 'logout', + 'oidcServiceMetaDataFrontChannelURI' => 'flogout', + 'oidcServiceMetaDataIssuer' => 'http://auth.example.com', + 'oidcServiceMetaDataJWKSURI' => 'jwks', + 'oidcServiceMetaDataRegistrationURI' => 'register', + 'oidcServiceMetaDataTokenURI' => 'token', + 'oidcServiceMetaDataUserInfoURI' => 'userinfo', + 'openIdAuthnLevel' => 1, + 'openIdExportedVars' => {}, + 'openIdIDPList' => '0;', + 'openIdSPList' => '0;', + 'openIdSreg_email' => 'mail', + 'openIdSreg_fullname' => 'cn', + 'openIdSreg_nickname' => 'uid', + 'openIdSreg_timezone' => '_timezone', + 'pamAuthnLevel' => 2, + 'pamService' => 'login', + 'passwordDB' => 'Demo', + 'portal' => 'http://auth.example.com/', + 'portalAntiFrame' => 1, + 'portalCheckLogins' => 1, + 'portalDisplayAppslist' => 1, + 'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/', + 'portalDisplayLoginHistory' => 1, + 'portalDisplayLogout' => 1, + 'portalDisplayRegister' => 1, + 'portalErrorOnExpiredSession' => 1, + 'portalForceAuthnInterval' => 5, + 'portalPingInterval' => 60000, + 'portalRequireOldPassword' => 1, + 'portalSkin' => 'bootstrap', + 'portalUserAttr' => '_user', + 'proxyAuthnLevel' => 2, + 'radiusAuthnLevel' => 3, + 'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}', + 'redirectFormMethod' => 'get', + 'registerDB' => 'Null', + 'registerTimeout' => 0, + 'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP', + 'remoteGlobalStorageOptions' => { + 'ns' => + 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', + 'proxy' => 'http://auth.example.com/sessions' + }, + 'requireToken' => 1, + 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => + 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', + 'samlAuthnContextMapKerberos' => 4, + 'samlAuthnContextMapPassword' => 2, + 'samlAuthnContextMapPasswordProtectedTransport' => 3, + 'samlAuthnContextMapTLSClient' => 5, + 'samlEntityID' => '#PORTAL#/saml/metadata', + 'samlIdPResolveCookie' => 'lemonldapidp', + 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', + 'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1, + 'samlMetadataForceUTF8' => 1, + 'samlNameIDFormatMapEmail' => 'mail', + 'samlNameIDFormatMapKerberos' => 'uid', + 'samlNameIDFormatMapWindows' => 'uid', + 'samlNameIDFormatMapX509' => 'mail', + 'samlOrganizationDisplayName' => 'Example', + 'samlOrganizationName' => 'Example', + 'samlOrganizationURL' => 'http://www.example.com', + 'samlRelayStateTimeout' => 600, + 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', + 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => +'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', + 'samlSPSSODescriptorAuthnRequestsSigned' => 1, + 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'samlSPSSODescriptorSingleLogoutServiceSOAP' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', + 'samlSPSSODescriptorWantAssertionsSigned' => 1, + 'securedCookie' => 0, + 'slaveAuthnLevel' => 2, + 'slaveExportedVars' => {}, + 'SMTPServer' => '', + 'SMTPTLS' => '', + 'SSLAuthnLevel' => 5, + 'successLoginNumber' => 5, + 'timeout' => 72000, + 'timeoutActivity' => 0, + 'timeoutActivityInterval' => 60, + 'trustedProxies' => '', + 'twitterAuthnLevel' => 1, + 'u2fActivation' => 0, + 'upgradeSession' => 1, + 'userControl' => '^[\\w\\.\\-@]+$', + 'userDB' => 'Same', + 'useRedirectOnError' => 1, + 'useSafeJail' => 1, + 'webIDAuthnLevel' => 1, + 'webIDExportedVars' => {}, + 'whatToTrace' => 'uid', + 'yubikeyAuthnLevel' => 3, + 'yubikeyPublicIDSize' => 12 + }; } 1; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm index d8142be1e..f9f65450e 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm @@ -475,7 +475,7 @@ sub _casMetaDataNodes { # Return all exported attributes if asked if ( $query =~ - /^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices)$/ +/^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices)$/ ) { my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {}; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm index 428ef1463..2aa7e9051 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm @@ -105,7 +105,8 @@ sub unset_header_in { my $h = shift; my $h2 = lc $h; $h2 =~ s/-/_/g; - $request->env->{'psgi.r'}->headers_in->unset($h) if ( $h1 eq $h2 ); + $request->env->{'psgi.r'}->headers_in->unset($h) + if ( $h1 eq $h2 ); return 1; } ); diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm index 805f3ff42..8030401c6 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm @@ -104,10 +104,12 @@ sub init { } $self->menuLinks( [] ); - if ( my $portal = + if ( + my $portal = $conf->{cfgNum} ? Lemonldap::NG::Handler::PSGI::Main->tsv->{portal}->() - : $conf->{portal} ) + : $conf->{portal} + ) { push @{ $self->menuLinks }, { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index d6c2ec6fc..fdb95541c 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -5,3121 +5,3221 @@ our $VERSION = '2.0.0'; sub types { return { - 'authParamsText' => { - 'test' => sub { - 1; - } - }, - 'blackWhiteList' => { - 'test' => sub { - 1; - } - }, - 'bool' => { - 'msgFail' => '__notABoolean__', - 'test' => qr/(?^:^[01]$)/ - }, - 'boolOrExpr' => { - 'msgFail' => '__notAValidPerlExpression__', - 'test' => sub { - my($val, $conf) = @_; - my $s = ''; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval "$s $val"; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - } - }, - 'catAndAppList' => { - 'test' => sub { - 1; - } - }, - 'file' => { - 'test' => sub { - 1; - } - }, - 'hostname' => { - 'form' => 'text', - 'msgFail' => '__badHostname__', - 'test' => qr/(?^:^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$)/ - }, - 'int' => { - 'msgFail' => '__notAnInteger__', - 'test' => qr/(?^:^\-?\d+$)/ - }, - 'keyText' => { - 'keyTest' => qr/(?^:^[a-zA-Z0-9_]+$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^.*$)/ - }, - 'keyTextContainer' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/(?^:^\w[\w\.\-]*$)/, - 'msgFail' => '__emptyValueNotAllowed__', - 'test' => qr/(?^:.)/ - }, - 'lmAttrOrMacro' => { - 'form' => 'text', - 'test' => sub { - my($val, $conf) = @_; - return 1 if defined $$conf{'macros'}{$val} or $val eq '_timezone'; - foreach $_ (keys %$conf) { - return 1 if $_ =~ /exportedvars$/i and defined $$conf{$_}{$val}; - } - return 1, "__unknownAttrOrMacro__: $val"; - } - }, - 'longtext' => { - 'test' => sub { - 1; - } - }, - 'menuApp' => { - 'test' => sub { - 1; - } - }, - 'menuCat' => { - 'test' => sub { - 1; - } - }, - 'oidcmetadatajson' => { - 'test' => sub { - 1; - } - }, - 'oidcmetadatajwks' => { - 'test' => sub { - 1; - } - }, - 'oidcOPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'oidcRPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'password' => { - 'msgFail' => '__malformedValue__', - 'test' => sub { - 1; - } - }, - 'pcre' => { - 'form' => 'text', - 'test' => sub { - eval { - do { - qr/$_[0]/ - } - }; - return $@ ? (0, "__badRegexp__: $@") : 1; - } - }, - 'PerlModule' => { - 'form' => 'text', - 'msgFail' => '__badPerlPackageName__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$)/ - }, - 'portalskin' => { - 'test' => sub { - 1; - } - }, - 'portalskinbackground' => { - 'test' => sub { - 1; - } - }, - 'post' => { - 'test' => sub { - 1; - } - }, - 'RSAPrivateKey' => { - 'test' => sub { - return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); - } - }, - 'RSAPublicKey' => { - 'test' => sub { - return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); - } - }, - 'RSAPublicKeyOrCertificate' => { - 'test' => sub { - return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); - } - }, - 'rule' => { - 'test' => sub { - 1; - } - }, - 'samlAssertion' => { - 'test' => sub { - 1; - } - }, - 'samlAttribute' => { - 'test' => sub { - 1; - } - }, - 'samlIDPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'samlService' => { - 'test' => sub { - 1; - } - }, - 'samlSPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'select' => { - 'test' => sub { - my $test = grep({$_ eq $_[0];} map({$$_{'k'};} @{$_[2]{'select'};})); - return $test ? 1 : (1, "Invalid value '$_[0]' for this select"); - } - }, - 'subContainer' => { - 'keyTest' => qr/(?^:\w)/, - 'test' => sub { - 1; - } - }, - 'text' => { - 'msgFail' => '__malformedValue__', - 'test' => sub { - 1; - } - }, - 'trool' => { - 'msgFail' => '__authorizedValues__: -1, 0, 1', - 'test' => qr/(?^:^(?:-1|0|1)$)/ - }, - 'url' => { - 'form' => 'text', - 'msgFail' => '__badUrl__', - 'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/ - } - }; + 'authParamsText' => { + 'test' => sub { + 1; + } + }, + 'blackWhiteList' => { + 'test' => sub { + 1; + } + }, + 'bool' => { + 'msgFail' => '__notABoolean__', + 'test' => qr/(?^:^[01]$)/ + }, + 'boolOrExpr' => { + 'msgFail' => '__notAValidPerlExpression__', + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + } + }, + 'catAndAppList' => { + 'test' => sub { + 1; + } + }, + 'file' => { + 'test' => sub { + 1; + } + }, + 'hostname' => { + 'form' => 'text', + 'msgFail' => '__badHostname__', + 'test' => +qr/(?^:^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$)/ + }, + 'int' => { + 'msgFail' => '__notAnInteger__', + 'test' => qr/(?^:^\-?\d+$)/ + }, + 'keyText' => { + 'keyTest' => qr/(?^:^[a-zA-Z0-9_]+$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^.*$)/ + }, + 'keyTextContainer' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/(?^:^\w[\w\.\-]*$)/, + 'msgFail' => '__emptyValueNotAllowed__', + 'test' => qr/(?^:.)/ + }, + 'lmAttrOrMacro' => { + 'form' => 'text', + 'test' => sub { + my ( $val, $conf ) = @_; + return 1 + if defined $$conf{'macros'}{$val} + or $val eq '_timezone'; + foreach $_ ( keys %$conf ) { + return 1 + if $_ =~ /exportedvars$/i and defined $$conf{$_}{$val}; + } + return 1, "__unknownAttrOrMacro__: $val"; + } + }, + 'longtext' => { + 'test' => sub { + 1; + } + }, + 'menuApp' => { + 'test' => sub { + 1; + } + }, + 'menuCat' => { + 'test' => sub { + 1; + } + }, + 'oidcmetadatajson' => { + 'test' => sub { + 1; + } + }, + 'oidcmetadatajwks' => { + 'test' => sub { + 1; + } + }, + 'oidcOPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'oidcRPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'password' => { + 'msgFail' => '__malformedValue__', + 'test' => sub { + 1; + } + }, + 'pcre' => { + 'form' => 'text', + 'test' => sub { + eval { + do { + qr/$_[0]/; + } + }; + return $@ ? ( 0, "__badRegexp__: $@" ) : 1; + } + }, + 'PerlModule' => { + 'form' => 'text', + 'msgFail' => '__badPerlPackageName__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$)/ + }, + 'portalskin' => { + 'test' => sub { + 1; + } + }, + 'portalskinbackground' => { + 'test' => sub { + 1; + } + }, + 'post' => { + 'test' => sub { + 1; + } + }, + 'RSAPrivateKey' => { + 'test' => sub { + return $_[0] =~ +m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s + ? 1 + : ( 1, '__badPemEncoding__' ); + } + }, + 'RSAPublicKey' => { + 'test' => sub { + return $_[0] =~ +m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s + ? 1 + : ( 1, '__badPemEncoding__' ); + } + }, + 'RSAPublicKeyOrCertificate' => { + 'test' => sub { + return $_[0] =~ +m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s + ? 1 + : ( 1, '__badPemEncoding__' ); + } + }, + 'rule' => { + 'test' => sub { + 1; + } + }, + 'samlAssertion' => { + 'test' => sub { + 1; + } + }, + 'samlAttribute' => { + 'test' => sub { + 1; + } + }, + 'samlIDPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'samlService' => { + 'test' => sub { + 1; + } + }, + 'samlSPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'select' => { + 'test' => sub { + my $test = + grep( { $_ eq $_[0]; } + map( { $$_{'k'}; } @{ $_[2]{'select'}; } ) ); + return $test + ? 1 + : ( 1, "Invalid value '$_[0]' for this select" ); + } + }, + 'subContainer' => { + 'keyTest' => qr/(?^:\w)/, + 'test' => sub { + 1; + } + }, + 'text' => { + 'msgFail' => '__malformedValue__', + 'test' => sub { + 1; + } + }, + 'trool' => { + 'msgFail' => '__authorizedValues__: -1, 0, 1', + 'test' => qr/(?^:^(?:-1|0|1)$)/ + }, + 'url' => { + 'form' => 'text', + 'msgFail' => '__badUrl__', + 'test' => +qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/ + } + }; } sub attributes { return { - 'activeTimer' => { - 'default' => 1, - 'type' => 'bool' - }, - 'ADPwdExpireWarning' => { - 'default' => 0, - 'type' => 'int' - }, - 'ADPwdMaxAge' => { - 'default' => 0, - 'type' => 'int' - }, - 'apacheAuthnLevel' => { - 'default' => 4, - 'type' => 'int' - }, - 'applicationList' => { - 'default' => { - 'default' => { - 'catname' => 'Default category', - 'type' => 'category' - } - }, - 'keyTest' => qr/(?^:\w)/, - 'type' => 'catAndAppList' - }, - 'authChoiceModules' => { - 'keyMsgFail' => '__badChoiceKey__', - 'keyTest' => qr/(?^:^(\d*)?[a-zA-Z0-9_]+$)/, - 'select' => [ - [ - { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'Google', - 'v' => 'Google' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'SSL', - 'v' => 'SSL' - }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Yubikey', - 'v' => 'Yubikey' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - [ - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'Google', - 'v' => 'Google' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - [ - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ] - ], - 'test' => sub { - 1; - }, - 'type' => 'authChoiceContainer' - }, - 'authChoiceParam' => { - 'default' => 'lmAuth', - 'type' => 'text' - }, - 'authentication' => { - 'default' => 'Demo', - 'select' => [ - { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'Google', - 'v' => 'Google' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'SSL', - 'v' => 'SSL' - }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Yubikey', - 'v' => 'Yubikey' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'Choice', - 'v' => 'authChoice' - }, - { - 'k' => 'Combination', - 'v' => 'combineMods' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'AuthLDAPFilter' => { - 'type' => 'text' - }, - 'captcha_login_enabled' => { - 'default' => 0, - 'type' => 'bool' - }, - 'captcha_mail_enabled' => { - 'default' => 1, - 'type' => 'bool' - }, - 'captcha_register_enabled' => { - 'default' => 1, - 'type' => 'bool' - }, - 'captcha_size' => { - 'default' => 6, - 'type' => 'int' - }, - 'casAccessControlPolicy' => { - 'default' => 'none', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'error', - 'v' => 'Display error on portal' - }, - { - 'k' => 'faketicket', - 'v' => 'Send a fake service ticket' - } - ], - 'type' => 'select' - }, - 'casAppMetaDataExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'type' => 'keyTextContainer' - }, - 'casAppMetaDataNodes' => { - 'type' => 'casAppMetaDataNodeContainer' - }, - 'casAppMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'casAppMetaDataOptionsRule' => { - 'test' => sub { - my($val, $conf) = @_; - my $s = ''; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval "$s $val"; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - }, - 'type' => 'text' - }, - 'casAppMetaDataOptionsService' => { - 'type' => 'url' - }, - 'casAttr' => { - 'type' => 'text' - }, - 'casAttributes' => { - 'type' => 'keyTextContainer' - }, - 'casAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'casSrvMetaDataExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'type' => 'keyTextContainer' - }, - 'casSrvMetaDataNodes' => { - 'type' => 'casSrvMetaDataNodeContainer' - }, - 'casSrvMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'casSrvMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'casSrvMetaDataOptionsGateway' => { - 'type' => 'bool' - }, - 'casSrvMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'casSrvMetaDataOptionsProxiedServices' => { - 'keyMsgFail' => '__badCasProxyId__', - 'keyTest' => qr/(?^:^\w)/, - 'type' => 'keyTextContainer' - }, - 'casSrvMetaDataOptionsRenew' => { - 'type' => 'bool' - }, - 'casSrvMetaDataOptionsUrl' => { - 'msgFail' => '__badUrl__', - 'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, - 'type' => 'text' - }, - 'casStorage' => { - 'type' => 'PerlModule' - }, - 'casStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'cda' => { - 'default' => 0, - 'type' => 'bool' - }, - 'cfgAuthor' => { - 'type' => 'text' - }, - 'cfgAuthorIP' => { - 'type' => 'text' - }, - 'cfgDate' => { - 'type' => 'int' - }, - 'cfgLog' => { - 'type' => 'longtext' - }, - 'cfgNum' => { - 'default' => 0, - 'type' => 'int' - }, - 'cfgVersion' => { - 'type' => 'text' - }, - 'checkXSS' => { - 'default' => 1, - 'type' => 'bool' - }, - 'combination' => { - 'type' => 'text' - }, - 'combModules' => { - 'keyTest' => qr/(?^:^\w+$)/, - 'select' => [ - { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'Google', - 'v' => 'Google' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'SSL', - 'v' => 'SSL' - }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Yubikey', - 'v' => 'Yubikey' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'test' => sub { - 1; - }, - 'type' => 'cmbModuleContainer' - }, - 'confirmFormMethod' => { - 'default' => 'post', - 'select' => [ - { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'cookieExpiration' => { - 'type' => 'text' - }, - 'cookieName' => { - 'default' => 'lemonldap', - 'msgFail' => '__badCookieName__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_-]*$)/, - 'type' => 'text' - }, - 'cspConnect' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspDefault' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspFont' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspImg' => { - 'default' => '\'self\' data:', - 'type' => 'text' - }, - 'cspScript' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspStyle' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'customAddParams' => { - 'type' => 'keyTextContainer' - }, - 'customAuth' => { - 'type' => 'text' - }, - 'customFunctions' => { - 'msgFail' => '__badCustomFuncName__', - 'test' => qr/(?^:^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$)/, - 'type' => 'text' - }, - 'customPassword' => { - 'type' => 'text' - }, - 'customRegister' => { - 'type' => 'text' - }, - 'customUserDB' => { - 'type' => 'text' - }, - 'dbiAuthChain' => { - 'type' => 'text' - }, - 'dbiAuthLoginCol' => { - 'type' => 'text' - }, - 'dbiAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'dbiAuthPassword' => { - 'type' => 'password' - }, - 'dbiAuthPasswordCol' => { - 'type' => 'text' - }, - 'dbiAuthPasswordHash' => { - 'type' => 'text' - }, - 'dbiAuthTable' => { - 'type' => 'text' - }, - 'dbiAuthUser' => { - 'type' => 'text' - }, - 'dbiDynamicHashEnabled' => { - 'type' => 'bool' - }, - 'dbiDynamicHashNewPasswordScheme' => { - 'type' => 'text' - }, - 'dbiDynamicHashValidSaltedSchemes' => { - 'type' => 'text' - }, - 'dbiDynamicHashValidSchemes' => { - 'type' => 'text' - }, - 'dbiExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, - 'type' => 'keyTextContainer' - }, - 'dbiPasswordMailCol' => { - 'type' => 'text' - }, - 'dbiUserChain' => { - 'type' => 'text' - }, - 'dbiUserPassword' => { - 'type' => 'password' - }, - 'dbiUserTable' => { - 'type' => 'text' - }, - 'dbiUserUser' => { - 'type' => 'text' - }, - 'demoExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, - 'type' => 'keyTextContainer' - }, - 'domain' => { - 'default' => 'example.com', - 'msgFail' => '__badDomainName__', - 'test' => qr/(?^:^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$)/, - 'type' => 'text' - }, - 'exportedAttr' => { - 'type' => 'text' - }, - 'exportedHeaders' => { - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, - 'test' => { - 'keyMsgFail' => '__badHeaderName__', - 'keyTest' => qr/(?^:^(?=[^\-])[\w\-]+(?<=[^-])$)/, - 'test' => sub { - my($val, $conf) = @_; - my $s = $val; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval $s; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - } - }, - 'type' => 'keyTextContainer' - }, - 'exportedVars' => { - 'default' => { - 'UA' => 'HTTP_USER_AGENT' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/(?^:^!?[_a-zA-Z][a-zA-Z0-9_]*$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^[_a-zA-Z][a-zA-Z0-9_:\-]*$)/, - 'type' => 'keyTextContainer' - }, - 'ext2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'ext2fAuthnLevel' => { - 'type' => 'int' - }, - 'ext2FSendCommand' => { - 'type' => 'text' - }, - 'ext2FValidateCommand' => { - 'type' => 'text' - }, - 'facebookAppId' => { - 'type' => 'text' - }, - 'facebookAppSecret' => { - 'type' => 'text' - }, - 'facebookAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'facebookExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, - 'type' => 'keyTextContainer' - }, - 'failedLoginNumber' => { - 'default' => 5, - 'type' => 'int' - }, - 'formTimeout' => { - 'default' => 120, - 'type' => 'int' - }, - 'globalStorage' => { - 'default' => 'Apache::Session::File', - 'type' => 'PerlModule' - }, - 'globalStorageOptions' => { - 'default' => { - 'Directory' => '/var/lib/lemonldap-ng/sessions/', - 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', - 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' - }, - 'type' => 'keyTextContainer' - }, - 'grantSessionRules' => { - 'keyTest' => sub { - my($val, $conf) = @_; - my $s = ''; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval "$s $val"; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - }, - 'test' => sub { - 1; - }, - 'type' => 'grantContainer' - }, - 'groups' => { - 'default' => {}, - 'test' => sub { - my($val, $conf) = @_; - my $s = ''; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval "$s $val"; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - }, - 'type' => 'keyTextContainer' - }, - 'hiddenAttributes' => { - 'default' => '_password', - 'type' => 'text' - }, - 'hideOldPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'httpOnly' => { - 'default' => 1, - 'type' => 'bool' - }, - 'https' => { - 'default' => 0, - 'type' => 'bool' - }, - 'infoFormMethod' => { - 'default' => 'get', - 'select' => [ - { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'issuerDBCASActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBCASPath' => { - 'default' => '^/cas/', - 'type' => 'pcre' - }, - 'issuerDBCASRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBGetActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBGetParameters' => { - 'default' => {}, - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, - 'test' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/(?^:^(?=[^\-])[\w\-]+(?<=[^-])$)/, - 'test' => sub { - my($val, $conf) = @_; - return 1 if defined $$conf{'macros'}{$val} or $val eq '_timezone'; - foreach $_ (keys %$conf) { - return 1 if $_ =~ /exportedvars$/i and defined $$conf{$_}{$val}; - } - return 1, "__unknownAttrOrMacro__: $val"; - } - }, - 'type' => 'doubleHash' - }, - 'issuerDBGetPath' => { - 'default' => '^/get/', - 'type' => 'text' - }, - 'issuerDBGetRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBOpenIDActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBOpenIDConnectActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBOpenIDConnectPath' => { - 'default' => '^/oauth2/', - 'type' => 'text' - }, - 'issuerDBOpenIDConnectRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBOpenIDPath' => { - 'default' => '^/openidserver/', - 'type' => 'pcre' - }, - 'issuerDBOpenIDRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBSAMLActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBSAMLPath' => { - 'default' => '^/saml/', - 'type' => 'pcre' - }, - 'issuerDBSAMLRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'jsRedirect' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'key' => { - 'type' => 'password' - }, - 'krbAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'krbByJs' => { - 'default' => 0, - 'type' => 'bool' - }, - 'krbKeytab' => { - 'type' => 'text' - }, - 'ldapAllowResetExpiredPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'ldapBase' => { - 'default' => 'dc=example,dc=com', - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^(?:\w+=.*|)$)/, - 'type' => 'text' - }, - 'ldapChangePasswordAsUser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, - 'type' => 'keyTextContainer' - }, - 'LDAPFilter' => { - 'type' => 'text' - }, - 'ldapGroupAttributeName' => { - 'default' => 'member', - 'type' => 'text' - }, - 'ldapGroupAttributeNameGroup' => { - 'default' => 'dn', - 'type' => 'text' - }, - 'ldapGroupAttributeNameSearch' => { - 'default' => 'cn', - 'type' => 'text' - }, - 'ldapGroupAttributeNameUser' => { - 'default' => 'dn', - 'type' => 'text' - }, - 'ldapGroupBase' => { - 'type' => 'text' - }, - 'ldapGroupObjectClass' => { - 'default' => 'groupOfNames', - 'type' => 'text' - }, - 'ldapGroupRecursive' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapPasswordResetAttribute' => { - 'default' => 'pwdReset', - 'type' => 'text' - }, - 'ldapPasswordResetAttributeValue' => { - 'default' => 'TRUE', - 'type' => 'text' - }, - 'ldapPort' => { - 'default' => 389, - 'type' => 'int' - }, - 'ldapPpolicyControl' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapPwdEnc' => { - 'default' => 'utf-8', - 'msgFail' => '__badEncoding__', - 'test' => qr/(?^:^[a-zA-Z0-9_][a-zA-Z0-9_\-]*[a-zA-Z0-9_]$)/, - 'type' => 'text' - }, - 'ldapRaw' => { - 'type' => 'text' - }, - 'ldapSearchDeref' => { - 'default' => 'find', - 'select' => [ - { - 'k' => 'never', - 'v' => 'never' - }, - { - 'k' => 'search', - 'v' => 'search' - }, - { - 'k' => 'find', - 'v' => 'find' - }, - { - 'k' => 'always', - 'v' => 'always' - } - ], - 'type' => 'select' - }, - 'ldapServer' => { - 'default' => 'ldap://localhost', - 'test' => sub { - my $l = shift(); - my(@s) = split(/[\s,]+/, $l, 0); - foreach my $s (@s) { - return 0, qq[__badLdapUri__: "$s"] unless $s =~ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$]o; - } - return 1; - }, - 'type' => 'text' - }, - 'ldapSetPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapTimeout' => { - 'default' => 120, - 'type' => 'int' - }, - 'ldapUsePasswordResetAttribute' => { - 'default' => 1, - 'type' => 'bool' - }, - 'ldapVersion' => { - 'default' => 3, - 'type' => 'int' - }, - 'localSessionStorage' => { - 'default' => 'Cache::FileCache', - 'type' => 'PerlModule' - }, - 'localSessionStorageOptions' => { - 'default' => { - 'cache_depth' => 3, - 'cache_root' => '/tmp', - 'default_expires_in' => 600, - 'directory_umask' => '007', - 'namespace' => 'lemonldap-ng-sessions' - }, - 'type' => 'keyTextContainer' - }, - 'locationRules' => { - 'default' => { - 'default' => 'deny' - }, - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, - 'test' => { - 'keyMsgFail' => '__badRegexp__', - 'keyTest' => sub { - eval { - do { - qr/$_[0]/ - } - }; - return $@ ? 0 : 1; - }, - 'msgFail' => '__badExpression__', - 'test' => sub { - my($val, $conf) = @_; - my $s = $val; - if ($s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*//) { - return $s =~ m[^(?:https?://.*)?$] ? 1 : (0, '__badUrl__'); - } - $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval $s; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - } - }, - 'type' => 'ruleContainer' - }, - 'loginHistoryEnabled' => { - 'default' => 0, - 'type' => 'bool' - }, - 'logoutServices' => { - 'default' => {}, - 'type' => 'keyTextContainer' - }, - 'lwpOpts' => { - 'type' => 'keyTextContainer' - }, - 'lwpSslOpts' => { - 'type' => 'keyTextContainer' - }, - 'macros' => { - 'default' => {}, - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/(?^:^[_a-zA-Z][a-zA-Z0-9_]*$)/, - 'test' => sub { - my($val, $conf) = @_; - my $s = ''; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval "$s $val"; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - }, - 'type' => 'keyTextContainer' - }, - 'mailBody' => { - 'type' => 'longtext' - }, - 'mailCharset' => { - 'default' => 'utf-8', - 'type' => 'text' - }, - 'mailConfirmBody' => { - 'type' => 'longtext' - }, - 'mailConfirmSubject' => { - 'type' => 'text' - }, - 'mailFrom' => { - 'default' => 'noreply@example.com', - 'type' => 'text' - }, - 'mailLDAPFilter' => { - 'type' => 'text' - }, - 'mailOnPasswordChange' => { - 'default' => 0, - 'type' => 'bool' - }, - 'mailReplyTo' => { - 'type' => 'text' - }, - 'mailSessionKey' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'mailSubject' => { - 'type' => 'text' - }, - 'mailTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'mailUrl' => { - 'default' => 'http://auth.example.com/resetpwd', - 'type' => 'url' - }, - 'maintenance' => { - 'default' => 0, - 'type' => 'bool' - }, - 'managerDn' => { - 'default' => '', - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^(?:\w+=.*)?$)/, - 'type' => 'text' - }, - 'managerPassword' => { - 'default' => '', - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^\S*$)/, - 'type' => 'password' - }, - 'multiValuesSeparator' => { - 'default' => '; ', - 'type' => 'authParamsText' - }, - 'nginxCustomHandlers' => { - 'keyTest' => qr/(?^:^\w+$)/, - 'msgFail' => '__badPerlPackageName__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$)/, - 'type' => 'keyTextContainer' - }, - 'noAjaxHook' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notification' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationStorage' => { - 'default' => 'File', - 'type' => 'PerlModule' - }, - 'notificationStorageOptions' => { - 'default' => { - 'dirName' => '/var/lib/lemonldap-ng/notifications' - }, - 'type' => 'keyTextContainer' - }, - 'notificationWildcard' => { - 'default' => 'allusers', - 'type' => 'text' - }, - 'notificationXSLTfile' => { - 'type' => 'text' - }, - 'notifyDeleted' => { - 'default' => 1, - 'type' => 'bool' - }, - 'notifyOther' => { - 'default' => 0, - 'type' => 'bool' - }, - 'nullAuthnLevel' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'oidcOPMetaDataExportedVars' => { - 'default' => { - 'cn' => 'name', - 'mail' => 'email', - 'sn' => 'family_name', - 'uid' => 'sub' - }, - 'type' => 'keyTextContainer' - }, - 'oidcOPMetaDataJSON' => { - 'type' => 'file' - }, - 'oidcOPMetaDataJWKS' => { - 'type' => 'file' - }, - 'oidcOPMetaDataNodes' => { - 'type' => 'oidcOPMetaDataNodeContainer' - }, - 'oidcOPMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'oidcOPMetaDataOptionsAcrValues' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsCheckJWTSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcOPMetaDataOptionsClientID' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsClientSecret' => { - 'type' => 'password' - }, - 'oidcOPMetaDataOptionsConfigurationURI' => { - 'type' => 'url' - }, - 'oidcOPMetaDataOptionsDisplay' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'page', - 'v' => 'page' - }, - { - 'k' => 'popup', - 'v' => 'popup' - }, - { - 'k' => 'touch', - 'v' => 'touch' - }, - { - 'k' => 'wap', - 'v' => 'wap' - } - ], - 'type' => 'select' - }, - 'oidcOPMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsIDTokenMaxAge' => { - 'default' => 30, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsJWKSTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsMaxAge' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsPrompt' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsScope' => { - 'default' => 'openid profile', - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsStoreIDToken' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => { - 'default' => 'client_secret_post', - 'select' => [ - { - 'k' => 'client_secret_post', - 'v' => 'client_secret_post' - }, - { - 'k' => 'client_secret_basic', - 'v' => 'client_secret_basic' - } - ], - 'type' => 'select' - }, - 'oidcOPMetaDataOptionsUiLocales' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsUseNonce' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcRPCallbackGetParam' => { - 'default' => 'openidconnectcallback', - 'type' => 'text' - }, - 'oidcRPMetaDataExportedVars' => { - 'default' => { - 'email' => 'mail', - 'family_name' => 'sn', - 'name' => 'cn' - }, - 'type' => 'keyTextContainer' - }, - 'oidcRPMetaDataNodes' => { - 'type' => 'oidcRPMetaDataNodeContainer' - }, - 'oidcRPMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'oidcRPMetaDataOptionsAccessTokenExpiration' => { - 'default' => 3600, - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsBypassConsent' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsClientID' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsClientSecret' => { - 'type' => 'password' - }, - 'oidcRPMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsExtraClaims' => { - 'default' => {}, - 'type' => 'keyTextContainer' - }, - 'oidcRPMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsIDTokenExpiration' => { - 'default' => 3600, - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsIDTokenSignAlg' => { - 'default' => 'HS512', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'HS256', - 'v' => 'HS256' - }, - { - 'k' => 'HS384', - 'v' => 'HS384' - }, - { - 'k' => 'HS512', - 'v' => 'HS512' - }, - { - 'k' => 'RS256', - 'v' => 'RS256' - }, - { - 'k' => 'RS384', - 'v' => 'RS384' - }, - { - 'k' => 'RS512', - 'v' => 'RS512' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataOptionsLogoutSessionRequired' => { - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsLogoutType' => { - 'default' => 'front', - 'select' => [ - { - 'k' => 'front', - 'v' => 'Front Channel' - }, - { - 'k' => 'back', - 'v' => 'Back Channel' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataOptionsLogoutUrl' => { - 'type' => 'url' - }, - 'oidcRPMetaDataOptionsPostLogoutRedirectUris' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsRedirectUris' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsRule' => { - 'test' => sub { - my($val, $conf) = @_; - my $s = ''; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval "$s $val"; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - }, - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsUserIDAttr' => { - 'type' => 'text' - }, - 'oidcRPStateTimeout' => { - 'default' => 600, - 'type' => 'int' - }, - 'oidcServiceAllowAuthorizationCodeFlow' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcServiceAllowDynamicRegistration' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAllowHybridFlow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAllowImplicitFlow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceKeyIdSig' => { - 'type' => 'text' - }, - 'oidcServiceMetaDataAuthnContext' => { - 'default' => { - 'loa-1' => 1, - 'loa-2' => 2, - 'loa-3' => 3, - 'loa-4' => 4, - 'loa-5' => 5 - }, - 'keyTest' => qr/(?^:\w)/, - 'type' => 'keyTextContainer' - }, - 'oidcServiceMetaDataAuthorizeURI' => { - 'default' => 'authorize', - 'type' => 'text' - }, - 'oidcServiceMetaDataBackChannelURI' => { - 'default' => 'blogout', - 'type' => 'text' - }, - 'oidcServiceMetaDataCheckSessionURI' => { - 'default' => 'checksession.html', - 'type' => 'text' - }, - 'oidcServiceMetaDataEndSessionURI' => { - 'default' => 'logout', - 'type' => 'text' - }, - 'oidcServiceMetaDataFrontChannelURI' => { - 'default' => 'flogout', - 'type' => 'text' - }, - 'oidcServiceMetaDataIssuer' => { - 'default' => 'http://auth.example.com', - 'type' => 'text' - }, - 'oidcServiceMetaDataJWKSURI' => { - 'default' => 'jwks', - 'type' => 'text' - }, - 'oidcServiceMetaDataRegistrationURI' => { - 'default' => 'register', - 'type' => 'text' - }, - 'oidcServiceMetaDataTokenURI' => { - 'default' => 'token', - 'type' => 'text' - }, - 'oidcServiceMetaDataUserInfoURI' => { - 'default' => 'userinfo', - 'type' => 'text' - }, - 'oidcServicePrivateKeySig' => { - 'type' => 'RSAPrivateKey' - }, - 'oidcServicePublicKeySig' => { - 'type' => 'RSAPublicKey' - }, - 'oidcStorage' => { - 'type' => 'PerlModule' - }, - 'oidcStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'oldNotifFormat' => { - 'default' => 0, - 'type' => 'bool' - }, - 'openIdAttr' => { - 'type' => 'text' - }, - 'openIdAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'openIdExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, - 'type' => 'keyTextContainer' - }, - 'openIdIDPList' => { - 'default' => '0;', - 'type' => 'blackWhiteList' - }, - 'openIdIssuerSecret' => { - 'type' => 'text' - }, - 'openIdSecret' => { - 'type' => 'text' - }, - 'openIdSPList' => { - 'default' => '0;', - 'type' => 'blackWhiteList' - }, - 'openIdSreg_country' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_dob' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_email' => { - 'default' => 'mail', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_fullname' => { - 'default' => 'cn', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_gender' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_language' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_nickname' => { - 'default' => 'uid', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_postcode' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_timezone' => { - 'default' => '_timezone', - 'type' => 'lmAttrOrMacro' - }, - 'pamAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'pamService' => { - 'default' => 'login', - 'type' => 'text' - }, - 'passwordDB' => { - 'default' => 'Demo', - 'select' => [ - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'Choice', - 'v' => 'authChoice' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'persistentStorage' => { - 'type' => 'PerlModule' - }, - 'persistentStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'port' => { - 'type' => 'int' + 'activeTimer' => { + 'default' => 1, + 'type' => 'bool' + }, + 'ADPwdExpireWarning' => { + 'default' => 0, + 'type' => 'int' + }, + 'ADPwdMaxAge' => { + 'default' => 0, + 'type' => 'int' + }, + 'apacheAuthnLevel' => { + 'default' => 4, + 'type' => 'int' + }, + 'applicationList' => { + 'default' => { + 'default' => { + 'catname' => 'Default category', + 'type' => 'category' + } + }, + 'keyTest' => qr/(?^:\w)/, + 'type' => 'catAndAppList' + }, + 'authChoiceModules' => { + 'keyMsgFail' => '__badChoiceKey__', + 'keyTest' => qr/(?^:^(\d*)?[a-zA-Z0-9_]+$)/, + 'select' => [ + [ + { + 'k' => 'Apache', + 'v' => 'Apache' }, - 'portal' => { - 'default' => 'http://auth.example.com/', - 'type' => 'url' - }, - 'portalAntiFrame' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalCheckLogins' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalDisplayAppslist' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayChangePassword' => { - 'default' => '$_auth =~ /^(LDAP|DBI|Demo)$/', - 'type' => 'boolOrExpr' - }, - 'portalDisplayLoginHistory' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayLogout' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayRegister' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalDisplayResetPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalErrorOnExpiredSession' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalErrorOnMailNotFound' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalForceAuthnInterval' => { - 'default' => 5, - 'type' => 'int' - }, - 'portalOpenLinkInNewWindow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalPingInterval' => { - 'default' => 60000, - 'type' => 'int' - }, - 'portalRequireOldPassword' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalSkin' => { - 'default' => 'bootstrap', - 'select' => [ - { - 'k' => 'bootstrap', - 'v' => 'Bootstrap' - } - ], - 'type' => 'portalskin' - }, - 'portalSkinBackground' => { - 'select' => [ - { - 'k' => '', - 'v' => 'None' - }, - { - 'k' => '1280px-Anse_Source_d\'Argent_2-La_Digue.jpg', - 'v' => 'Anse' - }, - { - 'k' => '1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg', - 'v' => 'Waterfall' - }, - { - 'k' => '1280px-BrockenSnowedTrees.jpg', - 'v' => 'Snowed Trees' - }, - { - 'k' => '1280px-Cedar_Breaks_National_Monument_partially.jpg', - 'v' => 'National Monument' - }, - { - 'k' => '1280px-Parry_Peak_from_Winter_Park.jpg', - 'v' => 'Winter' - }, - { - 'k' => 'Aletschgletscher_mit_Pinus_cembra1.jpg', - 'v' => 'Pinus' - } - ], - 'type' => 'portalskinbackground' - }, - 'portalSkinRules' => { - 'keyMsgFail' => '__badSkinRule__', - 'keyTest' => sub { - my($val, $conf) = @_; - my $s = ''; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval "$s $val"; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - }, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^\w+$)/, - 'type' => 'keyTextContainer' - }, - 'portalStatus' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalUserAttr' => { - 'default' => '_user', - 'type' => 'text' - }, - 'post' => { - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, - 'test' => sub { - 1; - }, - 'type' => 'postContainer' + { + 'k' => 'AD', + 'v' => 'Active Directory' }, - 'protection' => { - 'default' => 'none', - 'msgFail' => '__authorizedValues__: none authenticate manager', - 'test' => qr/(?^:^(?:none|authenticate|manager|)$)/, - 'type' => 'text' - }, - 'proxyAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'proxyAuthService' => { - 'type' => 'text' - }, - 'proxySessionService' => { - 'type' => 'text' - }, - 'proxyUseSoap' => { - 'default' => 0, - 'type' => 'bool' - }, - 'radiusAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'radiusSecret' => { - 'type' => 'text' - }, - 'radiusServer' => { - 'type' => 'text' - }, - 'randomPasswordRegexp' => { - 'default' => '[A-Z]{3}[a-z]{5}.\\d{2}', - 'type' => 'pcre' - }, - 'redirectFormMethod' => { - 'default' => 'get', - 'select' => [ - { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'registerConfirmSubject' => { - 'type' => 'text' - }, - 'registerDB' => { - 'default' => 'Null', - 'select' => [ - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'registerDoneSubject' => { - 'type' => 'text' - }, - 'registerTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'reloadUrls' => { - 'keyTest' => qr/(?^:^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$)/, - 'msgFail' => '__badUrl__', - 'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, - 'type' => 'keyTextContainer' - }, - 'remoteCookieName' => { - 'type' => 'text' - }, - 'remoteGlobalStorage' => { - 'default' => 'Lemonldap::NG::Common::Apache::Session::SOAP', - 'type' => 'PerlModule' - }, - 'remoteGlobalStorageOptions' => { - 'default' => { - 'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', - 'proxy' => 'http://auth.example.com/sessions' - }, - 'type' => 'keyTextContainer' - }, - 'remotePortal' => { - 'type' => 'text' - }, - 'requireToken' => { - 'default' => 1, - 'type' => 'bool' - }, - 'restAuthUrl' => { - 'type' => 'url' - }, - 'restConfigServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restPwdConfirmUrl' => { - 'type' => 'url' - }, - 'restPwdModifyUrl' => { - 'type' => 'url' - }, - 'restSessionServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restUserDBUrl' => { - 'type' => 'url' - }, - 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', - 'type' => 'samlService' - }, - 'samlAuthnContextMapKerberos' => { - 'default' => 4, - 'type' => 'int' - }, - 'samlAuthnContextMapPassword' => { - 'default' => 2, - 'type' => 'int' - }, - 'samlAuthnContextMapPasswordProtectedTransport' => { - 'default' => 3, - 'type' => 'int' - }, - 'samlAuthnContextMapTLSClient' => { - 'default' => 5, - 'type' => 'int' - }, - 'samlCommonDomainCookieActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlCommonDomainCookieDomain' => { - 'msgFail' => '__badDomainName__', - 'test' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, - 'type' => 'text' - }, - 'samlCommonDomainCookieReader' => { - 'msgFail' => '__badUrl__', - 'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, - 'type' => 'text' - }, - 'samlCommonDomainCookieWriter' => { - 'msgFail' => '__badUrl__', - 'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, - 'type' => 'text' - }, - 'samlEntityID' => { - 'default' => '#PORTAL#/saml/metadata', - 'type' => 'text' - }, - 'samlIDPMetaDataExportedAttributes' => { - 'default' => {}, - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/(?^:^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:\w)/, - 'type' => 'samlAttributeContainer' - }, - 'samlIDPMetaDataNodes' => { - 'type' => 'samlIDPMetaDataNodeContainer' - }, - 'samlIDPMetaDataOptions' => { - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/(?^:^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$)/, - 'type' => 'keyTextContainer' - }, - 'samlIDPMetaDataOptionsAdaptSessionUtime' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsAllowLoginFromIDP' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsAllowProxiedAuthn' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckAudience' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckTime' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsEncryptionMode' => { - 'default' => 'none', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'nameid', - 'v' => 'Name ID' - }, - { - 'k' => 'assertion', - 'v' => 'Assertion' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsForceAuthn' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsForceUTF8' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsIsPassive' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsNameIDFormat' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'unspecified', - 'v' => 'Unspecified' - }, - { - 'k' => 'email', - 'v' => 'Email' - }, - { - 'k' => 'x509', - 'v' => 'X509 certificate' - }, - { - 'k' => 'windows', - 'v' => 'Windows' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'entity', - 'v' => 'Entity' - }, - { - 'k' => 'persistent', - 'v' => 'Persistent' - }, - { - 'k' => 'transient', - 'v' => 'Transient' - }, - { - 'k' => 'encrypted', - 'v' => 'Encrypted' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsRelayStateURL' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsRequestedAuthnContext' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'password-protected-transport', - 'v' => 'Password protected transport' - }, - { - 'k' => 'password', - 'v' => 'Password' - }, - { - 'k' => 'tls-client', - 'v' => 'TLS client certificate' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsResolutionRule' => { - 'default' => '', - 'type' => 'longtext' - }, - 'samlIDPMetaDataOptionsSignSLOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlIDPMetaDataOptionsSignSSOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlIDPMetaDataOptionsSLOBinding' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'http-post', - 'v' => 'POST' - }, - { - 'k' => 'http-redirect', - 'v' => 'Redirect' - }, - { - 'k' => 'http-soap', - 'v' => 'SOAP' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsSSOBinding' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'http-post', - 'v' => 'POST' - }, - { - 'k' => 'http-redirect', - 'v' => 'Redirect' - }, - { - 'k' => 'artifact-get', - 'v' => 'Artifact GET' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsStoreSAMLToken' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataXML' => { - 'test' => sub { - my $v = shift(); - return 1 unless $v and %$v; - my @msg; - my $res = 1; - my %entityIds; - foreach my $idpId (keys %$v) { - unless ($$v{$idpId}{'samlIDPMetaDataXML'} =~ /entityID="(.+?)"/is) { - push @msg, "$idpId SAML metadata has ne EntityID"; - $res = 0; - next; - } - my $eid = $1; - if (defined $entityIds{$eid}) { - push @msg, "$idpId and $entityIds{$eid} have the same SAML EntityID"; - $res = 0; - next; - } - $entityIds{$eid} = $idpId; - } - return $res, join(', ', @msg); - }, - 'type' => 'file' - }, - 'samlIdPResolveCookie' => { - 'default' => 'lemonldapidp', - 'type' => 'text' - }, - 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => { - 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'type' => 'samlAssertion' - }, - 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorWantAuthnRequestsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlMetadataForceUTF8' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlNameIDFormatMapEmail' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'samlNameIDFormatMapKerberos' => { - 'default' => 'uid', - 'type' => 'text' - }, - 'samlNameIDFormatMapWindows' => { - 'default' => 'uid', - 'type' => 'text' - }, - 'samlNameIDFormatMapX509' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'samlOrganizationDisplayName' => { - 'default' => 'Example', - 'type' => 'text' - }, - 'samlOrganizationName' => { - 'default' => 'Example', - 'type' => 'text' - }, - 'samlOrganizationURL' => { - 'default' => 'http://www.example.com', - 'type' => 'text' - }, - 'samlRelayStateTimeout' => { - 'default' => 600, - 'type' => 'int' - }, - 'samlServicePrivateKeyEnc' => { - 'default' => '', - 'type' => 'RSAPrivateKey' - }, - 'samlServicePrivateKeyEncPwd' => { - 'type' => 'password' - }, - 'samlServicePrivateKeySig' => { - 'default' => '', - 'type' => 'RSAPrivateKey' - }, - 'samlServicePrivateKeySigPwd' => { - 'default' => '', - 'type' => 'password' - }, - 'samlServicePublicKeyEnc' => { - 'default' => '', - 'type' => 'RSAPublicKeyOrCertificate' - }, - 'samlServicePublicKeySig' => { - 'default' => '', - 'type' => 'RSAPublicKeyOrCertificate' - }, - 'samlServiceUseCertificateInResponse' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataExportedAttributes' => { - 'default' => {}, - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/(?^:^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:\w)/, - 'type' => 'samlAttributeContainer' - }, - 'samlSPMetaDataNodes' => { - 'type' => 'samlSPMetaDataNodeContainer' - }, - 'samlSPMetaDataOptions' => { - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/(?^:^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$)/, - 'type' => 'keyTextContainer' - }, - 'samlSPMetaDataOptionsCheckSLOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsCheckSSOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsEncryptionMode' => { - 'default' => 'none', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'nameid', - 'v' => 'Name ID' - }, - { - 'k' => 'assertion', - 'v' => 'Assertion' - } - ], - 'type' => 'select' - }, - 'samlSPMetaDataOptionsForceUTF8' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsNameIDFormat' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'unspecified', - 'v' => 'Unspecified' - }, - { - 'k' => 'email', - 'v' => 'Email' - }, - { - 'k' => 'x509', - 'v' => 'X509 certificate' - }, - { - 'k' => 'windows', - 'v' => 'Windows' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'entity', - 'v' => 'Entity' - }, - { - 'k' => 'persistent', - 'v' => 'Persistent' - }, - { - 'k' => 'transient', - 'v' => 'Transient' - }, - { - 'k' => 'encrypted', - 'v' => 'Encrypted' - } - ], - 'type' => 'select' - }, - 'samlSPMetaDataOptionsNameIDSessionKey' => { - 'type' => 'text' - }, - 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => { - 'default' => 72000, - 'type' => 'int' - }, - 'samlSPMetaDataOptionsOneTimeUse' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsRule' => { - 'test' => sub { - my($val, $conf) = @_; - my $s = ''; - BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} - eval "$s $val"; - my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); - return $err ? (1, "__badExpression__: $err") : 1; - }, - 'type' => 'text' - }, - 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => { - 'default' => 72000, - 'type' => 'int' - }, - 'samlSPMetaDataOptionsSignSLOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlSPMetaDataOptionsSignSSOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlSPMetaDataXML' => { - 'type' => 'file' - }, - 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => { - 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => { - 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => { - 'default' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAuthnRequestsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorSingleLogoutServiceSOAP' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorWantAssertionsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlStorage' => { - 'type' => 'PerlModule' - }, - 'samlStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'samlUseQueryStringSpecific' => { - 'default' => 0, - 'type' => 'bool' - }, - 'securedCookie' => { - 'default' => 0, - 'select' => [ - { - 'k' => 0, - 'v' => 'unsecuredCookie' - }, - { - 'k' => 1, - 'v' => 'securedCookie' - }, - { - 'k' => 2, - 'v' => 'doubleCookie' - }, - { - 'k' => 3, - 'v' => 'doubleCookieForSingleSession' - } - ], - 'type' => 'select' - }, - 'sessionDataToRemember' => { - 'keyMsgFail' => '__invalidSessionData__', - 'keyTest' => qr/(?^:^[_a-zA-Z][a-zA-Z0-9_]*$)/, - 'type' => 'keyTextContainer' - }, - 'singleIP' => { - 'default' => 0, - 'type' => 'bool' - }, - 'singleSession' => { - 'default' => 0, - 'type' => 'bool' - }, - 'singleSessionUserByIP' => { - 'default' => 0, - 'type' => 'bool' - }, - 'singleUserByIP' => { - 'default' => 0, - 'type' => 'bool' - }, - 'slaveAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'slaveExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, - 'type' => 'keyTextContainer' - }, - 'slaveHeaderContent' => { - 'type' => 'text' - }, - 'slaveHeaderName' => { - 'type' => 'text' - }, - 'slaveMasterIP' => { - 'msgFail' => '__badIPv4Address__', - 'test' => qr/(?^:^((?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)\s*)*$)/, - 'type' => 'text' - }, - 'slaveUserHeader' => { - 'type' => 'text' - }, - 'SMTPAuthPass' => { - 'type' => 'password' - }, - 'SMTPAuthUser' => { - 'type' => 'text' - }, - 'SMTPPort' => { - 'type' => 'int' - }, - 'SMTPServer' => { - 'default' => '', - 'test' => qr/(?^:^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$)/, - 'type' => 'text' - }, - 'SMTPTLS' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => 'none' - }, - { - 'k' => 'starttls', - 'v' => 'SMTP + STARTTLS' - }, - { - 'k' => 'ssl', - 'v' => 'SMTPS' - } - ], - 'type' => 'select' - }, - 'SMTPTLSOpts' => { - 'type' => 'keyTextContainer' - }, - 'soapConfigServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'soapSessionServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'SSLAuthnLevel' => { - 'default' => 5, - 'type' => 'int' - }, - 'sslByAjax' => { - 'type' => 'bool' - }, - 'sslHost' => { - 'type' => 'url' - }, - 'SSLVar' => { - 'type' => 'text' - }, - 'SSLVarIf' => { - 'type' => 'keyTextContainer' - }, - 'staticPrefix' => { - 'type' => 'text' - }, - 'stayConnected' => { - 'type' => 'bool' - }, - 'storePassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'successLoginNumber' => { - 'default' => 5, - 'type' => 'int' - }, - 'timeout' => { - 'default' => 72000, - 'test' => sub { - $_[0] > 0; - }, - 'type' => 'int' - }, - 'timeoutActivity' => { - 'default' => 0, - 'test' => sub { - $_[0] >= 0; - }, - 'type' => 'int' - }, - 'timeoutActivityInterval' => { - 'default' => 60, - 'test' => sub { - $_[0] >= 0; - }, - 'type' => 'int' - }, - 'tokenUseGlobalStorage' => { - 'default' => 0, - 'type' => 'bool' - }, - 'trustedDomains' => { - 'type' => 'text' - }, - 'trustedProxies' => { - 'default' => '', - 'type' => 'text' - }, - 'twitterAppName' => { - 'type' => 'text' - }, - 'twitterAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'twitterKey' => { - 'type' => 'text' - }, - 'twitterSecret' => { - 'type' => 'text' - }, - 'u2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'u2fAuthnLevel' => { - 'type' => 'int' - }, - 'u2fSelfRegistration' => { - 'default' => 0, - 'type' => 'bool' - }, - 'upgradeSession' => { - 'default' => 1, - 'type' => 'bool' - }, - 'userControl' => { - 'default' => '^[\\w\\.\\-@]+$', - 'type' => 'pcre' - }, - 'userDB' => { - 'default' => 'Same', - 'select' => [ - { - 'k' => 'Same', - 'v' => 'Same' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'useRedirectOnError' => { - 'default' => 1, - 'type' => 'bool' - }, - 'useRedirectOnForbidden' => { - 'default' => 0, - 'type' => 'bool' - }, - 'userPivot' => { - 'type' => 'text' - }, - 'useSafeJail' => { - 'default' => 1, - 'type' => 'bool' - }, - 'vhostAliases' => { - 'type' => 'text' - }, - 'vhostAuthnLevel' => { - 'type' => 'int' - }, - 'vhostHttps' => { - 'default' => -1, - 'type' => 'trool' - }, - 'vhostMaintenance' => { - 'default' => 0, - 'type' => 'bool' - }, - 'vhostOptions' => { - 'type' => 'subContainer' - }, - 'vhostPort' => { - 'default' => -1, - 'type' => 'int' - }, - 'vhostType' => { - 'default' => 'Main', - 'select' => [ - { - 'k' => 'Main', - 'v' => 'Main' - }, - { - 'k' => 'Zimbra', - 'v' => 'ZimbraPreAuth' - }, - { - 'k' => 'AuthBasic', - 'v' => 'AuthBasic' - }, - { - 'k' => 'SecureToken', - 'v' => 'SecureToken' - }, - { - 'k' => 'CDA', - 'v' => 'CDA' - }, - { - 'k' => 'DevOps', - 'v' => 'DevOps' - }, - { - 'k' => 'ServiceToken', - 'v' => 'ServiceToken' - } - ], - 'type' => 'select' - }, - 'virtualHosts' => { - 'type' => 'virtualHostContainer' - }, - 'webIDAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'webIDExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, - 'msgFail' => '__badValue__', - 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, - 'type' => 'keyTextContainer' - }, - 'webIDWhitelist' => { - 'type' => 'text' - }, - 'whatToTrace' => { - 'default' => 'uid', - 'type' => 'lmAttrOrMacro' - }, - 'yubikeyAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'yubikeyClientID' => { - 'type' => 'text' - }, - 'yubikeyPublicIDSize' => { - 'default' => 12, - 'type' => 'int' - }, - 'yubikeySecretKey' => { - 'type' => 'text' - } - }; + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demo' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'Google', + 'v' => 'Google' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Yubikey', + 'v' => 'Yubikey' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + [ + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demo' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'Google', + 'v' => 'Google' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + [ + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demo' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ] + ], + 'test' => sub { + 1; + }, + 'type' => 'authChoiceContainer' + }, + 'authChoiceParam' => { + 'default' => 'lmAuth', + 'type' => 'text' + }, + 'authentication' => { + 'default' => 'Demo', + 'select' => [ + { + 'k' => 'Apache', + 'v' => 'Apache' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'Google', + 'v' => 'Google' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Yubikey', + 'v' => 'Yubikey' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'Choice', + 'v' => 'authChoice' + }, + { + 'k' => 'Combination', + 'v' => 'combineMods' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'AuthLDAPFilter' => { + 'type' => 'text' + }, + 'captcha_login_enabled' => { + 'default' => 0, + 'type' => 'bool' + }, + 'captcha_mail_enabled' => { + 'default' => 1, + 'type' => 'bool' + }, + 'captcha_register_enabled' => { + 'default' => 1, + 'type' => 'bool' + }, + 'captcha_size' => { + 'default' => 6, + 'type' => 'int' + }, + 'casAccessControlPolicy' => { + 'default' => 'none', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'error', + 'v' => 'Display error on portal' + }, + { + 'k' => 'faketicket', + 'v' => 'Send a fake service ticket' + } + ], + 'type' => 'select' + }, + 'casAppMetaDataExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'type' => 'keyTextContainer' + }, + 'casAppMetaDataNodes' => { + 'type' => 'casAppMetaDataNodeContainer' + }, + 'casAppMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'casAppMetaDataOptionsRule' => { + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + }, + 'type' => 'text' + }, + 'casAppMetaDataOptionsService' => { + 'type' => 'url' + }, + 'casAttr' => { + 'type' => 'text' + }, + 'casAttributes' => { + 'type' => 'keyTextContainer' + }, + 'casAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'casSrvMetaDataExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'type' => 'keyTextContainer' + }, + 'casSrvMetaDataNodes' => { + 'type' => 'casSrvMetaDataNodeContainer' + }, + 'casSrvMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'casSrvMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'casSrvMetaDataOptionsGateway' => { + 'type' => 'bool' + }, + 'casSrvMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'casSrvMetaDataOptionsProxiedServices' => { + 'keyMsgFail' => '__badCasProxyId__', + 'keyTest' => qr/(?^:^\w)/, + 'type' => 'keyTextContainer' + }, + 'casSrvMetaDataOptionsRenew' => { + 'type' => 'bool' + }, + 'casSrvMetaDataOptionsUrl' => { + 'msgFail' => '__badUrl__', + 'test' => +qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, + 'type' => 'text' + }, + 'casStorage' => { + 'type' => 'PerlModule' + }, + 'casStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'cda' => { + 'default' => 0, + 'type' => 'bool' + }, + 'cfgAuthor' => { + 'type' => 'text' + }, + 'cfgAuthorIP' => { + 'type' => 'text' + }, + 'cfgDate' => { + 'type' => 'int' + }, + 'cfgLog' => { + 'type' => 'longtext' + }, + 'cfgNum' => { + 'default' => 0, + 'type' => 'int' + }, + 'cfgVersion' => { + 'type' => 'text' + }, + 'checkXSS' => { + 'default' => 1, + 'type' => 'bool' + }, + 'combination' => { + 'type' => 'text' + }, + 'combModules' => { + 'keyTest' => qr/(?^:^\w+$)/, + 'select' => [ + { + 'k' => 'Apache', + 'v' => 'Apache' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'Google', + 'v' => 'Google' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Yubikey', + 'v' => 'Yubikey' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'test' => sub { + 1; + }, + 'type' => 'cmbModuleContainer' + }, + 'confirmFormMethod' => { + 'default' => 'post', + 'select' => [ + { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'cookieExpiration' => { + 'type' => 'text' + }, + 'cookieName' => { + 'default' => 'lemonldap', + 'msgFail' => '__badCookieName__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_-]*$)/, + 'type' => 'text' + }, + 'cspConnect' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspDefault' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspFont' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspImg' => { + 'default' => '\'self\' data:', + 'type' => 'text' + }, + 'cspScript' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspStyle' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'customAddParams' => { + 'type' => 'keyTextContainer' + }, + 'customAuth' => { + 'type' => 'text' + }, + 'customFunctions' => { + 'msgFail' => '__badCustomFuncName__', + 'test' => qr/(?^:^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$)/, + 'type' => 'text' + }, + 'customPassword' => { + 'type' => 'text' + }, + 'customRegister' => { + 'type' => 'text' + }, + 'customUserDB' => { + 'type' => 'text' + }, + 'dbiAuthChain' => { + 'type' => 'text' + }, + 'dbiAuthLoginCol' => { + 'type' => 'text' + }, + 'dbiAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'dbiAuthPassword' => { + 'type' => 'password' + }, + 'dbiAuthPasswordCol' => { + 'type' => 'text' + }, + 'dbiAuthPasswordHash' => { + 'type' => 'text' + }, + 'dbiAuthTable' => { + 'type' => 'text' + }, + 'dbiAuthUser' => { + 'type' => 'text' + }, + 'dbiDynamicHashEnabled' => { + 'type' => 'bool' + }, + 'dbiDynamicHashNewPasswordScheme' => { + 'type' => 'text' + }, + 'dbiDynamicHashValidSaltedSchemes' => { + 'type' => 'text' + }, + 'dbiDynamicHashValidSchemes' => { + 'type' => 'text' + }, + 'dbiExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, + 'type' => 'keyTextContainer' + }, + 'dbiPasswordMailCol' => { + 'type' => 'text' + }, + 'dbiUserChain' => { + 'type' => 'text' + }, + 'dbiUserPassword' => { + 'type' => 'password' + }, + 'dbiUserTable' => { + 'type' => 'text' + }, + 'dbiUserUser' => { + 'type' => 'text' + }, + 'demoExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, + 'type' => 'keyTextContainer' + }, + 'domain' => { + 'default' => 'example.com', + 'msgFail' => '__badDomainName__', + 'test' => +qr/(?^:^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$)/, + 'type' => 'text' + }, + 'exportedAttr' => { + 'type' => 'text' + }, + 'exportedHeaders' => { + 'keyMsgFail' => '__badHostname__', + 'keyTest' => +qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, + 'test' => { + 'keyMsgFail' => '__badHeaderName__', + 'keyTest' => qr/(?^:^(?=[^\-])[\w\-]+(?<=[^-])$)/, + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = $val; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval $s; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + } + }, + 'type' => 'keyTextContainer' + }, + 'exportedVars' => { + 'default' => { + 'UA' => 'HTTP_USER_AGENT' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/(?^:^!?[_a-zA-Z][a-zA-Z0-9_]*$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^[_a-zA-Z][a-zA-Z0-9_:\-]*$)/, + 'type' => 'keyTextContainer' + }, + 'ext2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'ext2fAuthnLevel' => { + 'type' => 'int' + }, + 'ext2FSendCommand' => { + 'type' => 'text' + }, + 'ext2FValidateCommand' => { + 'type' => 'text' + }, + 'facebookAppId' => { + 'type' => 'text' + }, + 'facebookAppSecret' => { + 'type' => 'text' + }, + 'facebookAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'facebookExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, + 'type' => 'keyTextContainer' + }, + 'failedLoginNumber' => { + 'default' => 5, + 'type' => 'int' + }, + 'formTimeout' => { + 'default' => 120, + 'type' => 'int' + }, + 'globalStorage' => { + 'default' => 'Apache::Session::File', + 'type' => 'PerlModule' + }, + 'globalStorageOptions' => { + 'default' => { + 'Directory' => '/var/lib/lemonldap-ng/sessions/', + 'generateModule' => + 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', + 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' + }, + 'type' => 'keyTextContainer' + }, + 'grantSessionRules' => { + 'keyTest' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + }, + 'test' => sub { + 1; + }, + 'type' => 'grantContainer' + }, + 'groups' => { + 'default' => {}, + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + }, + 'type' => 'keyTextContainer' + }, + 'hiddenAttributes' => { + 'default' => '_password', + 'type' => 'text' + }, + 'hideOldPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'httpOnly' => { + 'default' => 1, + 'type' => 'bool' + }, + 'https' => { + 'default' => 0, + 'type' => 'bool' + }, + 'infoFormMethod' => { + 'default' => 'get', + 'select' => [ + { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'issuerDBCASActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBCASPath' => { + 'default' => '^/cas/', + 'type' => 'pcre' + }, + 'issuerDBCASRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBGetActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBGetParameters' => { + 'default' => {}, + 'keyMsgFail' => '__badHostname__', + 'keyTest' => +qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, + 'test' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/(?^:^(?=[^\-])[\w\-]+(?<=[^-])$)/, + 'test' => sub { + my ( $val, $conf ) = @_; + return 1 + if defined $$conf{'macros'}{$val} + or $val eq '_timezone'; + foreach $_ ( keys %$conf ) { + return 1 + if $_ =~ /exportedvars$/i + and defined $$conf{$_}{$val}; + } + return 1, "__unknownAttrOrMacro__: $val"; + } + }, + 'type' => 'doubleHash' + }, + 'issuerDBGetPath' => { + 'default' => '^/get/', + 'type' => 'text' + }, + 'issuerDBGetRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBOpenIDActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBOpenIDConnectActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBOpenIDConnectPath' => { + 'default' => '^/oauth2/', + 'type' => 'text' + }, + 'issuerDBOpenIDConnectRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBOpenIDPath' => { + 'default' => '^/openidserver/', + 'type' => 'pcre' + }, + 'issuerDBOpenIDRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBSAMLActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBSAMLPath' => { + 'default' => '^/saml/', + 'type' => 'pcre' + }, + 'issuerDBSAMLRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'jsRedirect' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'key' => { + 'type' => 'password' + }, + 'krbAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'krbByJs' => { + 'default' => 0, + 'type' => 'bool' + }, + 'krbKeytab' => { + 'type' => 'text' + }, + 'ldapAllowResetExpiredPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'ldapBase' => { + 'default' => 'dc=example,dc=com', + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^(?:\w+=.*|)$)/, + 'type' => 'text' + }, + 'ldapChangePasswordAsUser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, + 'type' => 'keyTextContainer' + }, + 'LDAPFilter' => { + 'type' => 'text' + }, + 'ldapGroupAttributeName' => { + 'default' => 'member', + 'type' => 'text' + }, + 'ldapGroupAttributeNameGroup' => { + 'default' => 'dn', + 'type' => 'text' + }, + 'ldapGroupAttributeNameSearch' => { + 'default' => 'cn', + 'type' => 'text' + }, + 'ldapGroupAttributeNameUser' => { + 'default' => 'dn', + 'type' => 'text' + }, + 'ldapGroupBase' => { + 'type' => 'text' + }, + 'ldapGroupObjectClass' => { + 'default' => 'groupOfNames', + 'type' => 'text' + }, + 'ldapGroupRecursive' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapPasswordResetAttribute' => { + 'default' => 'pwdReset', + 'type' => 'text' + }, + 'ldapPasswordResetAttributeValue' => { + 'default' => 'TRUE', + 'type' => 'text' + }, + 'ldapPort' => { + 'default' => 389, + 'type' => 'int' + }, + 'ldapPpolicyControl' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapPwdEnc' => { + 'default' => 'utf-8', + 'msgFail' => '__badEncoding__', + 'test' => qr/(?^:^[a-zA-Z0-9_][a-zA-Z0-9_\-]*[a-zA-Z0-9_]$)/, + 'type' => 'text' + }, + 'ldapRaw' => { + 'type' => 'text' + }, + 'ldapSearchDeref' => { + 'default' => 'find', + 'select' => [ + { + 'k' => 'never', + 'v' => 'never' + }, + { + 'k' => 'search', + 'v' => 'search' + }, + { + 'k' => 'find', + 'v' => 'find' + }, + { + 'k' => 'always', + 'v' => 'always' + } + ], + 'type' => 'select' + }, + 'ldapServer' => { + 'default' => 'ldap://localhost', + 'test' => sub { + my $l = shift(); + my (@s) = split( /[\s,]+/, $l, 0 ); + foreach my $s (@s) { + return 0, qq[__badLdapUri__: "$s"] + unless $s =~ +m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$]o; + } + return 1; + }, + 'type' => 'text' + }, + 'ldapSetPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapTimeout' => { + 'default' => 120, + 'type' => 'int' + }, + 'ldapUsePasswordResetAttribute' => { + 'default' => 1, + 'type' => 'bool' + }, + 'ldapVersion' => { + 'default' => 3, + 'type' => 'int' + }, + 'localSessionStorage' => { + 'default' => 'Cache::FileCache', + 'type' => 'PerlModule' + }, + 'localSessionStorageOptions' => { + 'default' => { + 'cache_depth' => 3, + 'cache_root' => '/tmp', + 'default_expires_in' => 600, + 'directory_umask' => '007', + 'namespace' => 'lemonldap-ng-sessions' + }, + 'type' => 'keyTextContainer' + }, + 'locationRules' => { + 'default' => { + 'default' => 'deny' + }, + 'keyMsgFail' => '__badHostname__', + 'keyTest' => +qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, + 'test' => { + 'keyMsgFail' => '__badRegexp__', + 'keyTest' => sub { + eval { + do { + qr/$_[0]/; + } + }; + return $@ ? 0 : 1; + }, + 'msgFail' => '__badExpression__', + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = $val; + if ( $s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*// ) { + return $s =~ m[^(?:https?://.*)?$] + ? 1 + : ( 0, '__badUrl__' ); + } + $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval $s; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + } + }, + 'type' => 'ruleContainer' + }, + 'loginHistoryEnabled' => { + 'default' => 0, + 'type' => 'bool' + }, + 'logoutServices' => { + 'default' => {}, + 'type' => 'keyTextContainer' + }, + 'lwpOpts' => { + 'type' => 'keyTextContainer' + }, + 'lwpSslOpts' => { + 'type' => 'keyTextContainer' + }, + 'macros' => { + 'default' => {}, + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/(?^:^[_a-zA-Z][a-zA-Z0-9_]*$)/, + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + }, + 'type' => 'keyTextContainer' + }, + 'mailBody' => { + 'type' => 'longtext' + }, + 'mailCharset' => { + 'default' => 'utf-8', + 'type' => 'text' + }, + 'mailConfirmBody' => { + 'type' => 'longtext' + }, + 'mailConfirmSubject' => { + 'type' => 'text' + }, + 'mailFrom' => { + 'default' => 'noreply@example.com', + 'type' => 'text' + }, + 'mailLDAPFilter' => { + 'type' => 'text' + }, + 'mailOnPasswordChange' => { + 'default' => 0, + 'type' => 'bool' + }, + 'mailReplyTo' => { + 'type' => 'text' + }, + 'mailSessionKey' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'mailSubject' => { + 'type' => 'text' + }, + 'mailTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'mailUrl' => { + 'default' => 'http://auth.example.com/resetpwd', + 'type' => 'url' + }, + 'maintenance' => { + 'default' => 0, + 'type' => 'bool' + }, + 'managerDn' => { + 'default' => '', + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^(?:\w+=.*)?$)/, + 'type' => 'text' + }, + 'managerPassword' => { + 'default' => '', + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^\S*$)/, + 'type' => 'password' + }, + 'multiValuesSeparator' => { + 'default' => '; ', + 'type' => 'authParamsText' + }, + 'nginxCustomHandlers' => { + 'keyTest' => qr/(?^:^\w+$)/, + 'msgFail' => '__badPerlPackageName__', + 'test' => + qr/(?^:^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$)/, + 'type' => 'keyTextContainer' + }, + 'noAjaxHook' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notification' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationStorage' => { + 'default' => 'File', + 'type' => 'PerlModule' + }, + 'notificationStorageOptions' => { + 'default' => { + 'dirName' => '/var/lib/lemonldap-ng/notifications' + }, + 'type' => 'keyTextContainer' + }, + 'notificationWildcard' => { + 'default' => 'allusers', + 'type' => 'text' + }, + 'notificationXSLTfile' => { + 'type' => 'text' + }, + 'notifyDeleted' => { + 'default' => 1, + 'type' => 'bool' + }, + 'notifyOther' => { + 'default' => 0, + 'type' => 'bool' + }, + 'nullAuthnLevel' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'oidcOPMetaDataExportedVars' => { + 'default' => { + 'cn' => 'name', + 'mail' => 'email', + 'sn' => 'family_name', + 'uid' => 'sub' + }, + 'type' => 'keyTextContainer' + }, + 'oidcOPMetaDataJSON' => { + 'type' => 'file' + }, + 'oidcOPMetaDataJWKS' => { + 'type' => 'file' + }, + 'oidcOPMetaDataNodes' => { + 'type' => 'oidcOPMetaDataNodeContainer' + }, + 'oidcOPMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'oidcOPMetaDataOptionsAcrValues' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsCheckJWTSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcOPMetaDataOptionsClientID' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsClientSecret' => { + 'type' => 'password' + }, + 'oidcOPMetaDataOptionsConfigurationURI' => { + 'type' => 'url' + }, + 'oidcOPMetaDataOptionsDisplay' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'page', + 'v' => 'page' + }, + { + 'k' => 'popup', + 'v' => 'popup' + }, + { + 'k' => 'touch', + 'v' => 'touch' + }, + { + 'k' => 'wap', + 'v' => 'wap' + } + ], + 'type' => 'select' + }, + 'oidcOPMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsIDTokenMaxAge' => { + 'default' => 30, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsJWKSTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsMaxAge' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsPrompt' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsScope' => { + 'default' => 'openid profile', + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsStoreIDToken' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => { + 'default' => 'client_secret_post', + 'select' => [ + { + 'k' => 'client_secret_post', + 'v' => 'client_secret_post' + }, + { + 'k' => 'client_secret_basic', + 'v' => 'client_secret_basic' + } + ], + 'type' => 'select' + }, + 'oidcOPMetaDataOptionsUiLocales' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsUseNonce' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcRPCallbackGetParam' => { + 'default' => 'openidconnectcallback', + 'type' => 'text' + }, + 'oidcRPMetaDataExportedVars' => { + 'default' => { + 'email' => 'mail', + 'family_name' => 'sn', + 'name' => 'cn' + }, + 'type' => 'keyTextContainer' + }, + 'oidcRPMetaDataNodes' => { + 'type' => 'oidcRPMetaDataNodeContainer' + }, + 'oidcRPMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'oidcRPMetaDataOptionsAccessTokenExpiration' => { + 'default' => 3600, + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsBypassConsent' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsClientID' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsClientSecret' => { + 'type' => 'password' + }, + 'oidcRPMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsExtraClaims' => { + 'default' => {}, + 'type' => 'keyTextContainer' + }, + 'oidcRPMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsIDTokenExpiration' => { + 'default' => 3600, + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsIDTokenSignAlg' => { + 'default' => 'HS512', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'HS256', + 'v' => 'HS256' + }, + { + 'k' => 'HS384', + 'v' => 'HS384' + }, + { + 'k' => 'HS512', + 'v' => 'HS512' + }, + { + 'k' => 'RS256', + 'v' => 'RS256' + }, + { + 'k' => 'RS384', + 'v' => 'RS384' + }, + { + 'k' => 'RS512', + 'v' => 'RS512' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataOptionsLogoutSessionRequired' => { + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsLogoutType' => { + 'default' => 'front', + 'select' => [ + { + 'k' => 'front', + 'v' => 'Front Channel' + }, + { + 'k' => 'back', + 'v' => 'Back Channel' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataOptionsLogoutUrl' => { + 'type' => 'url' + }, + 'oidcRPMetaDataOptionsPostLogoutRedirectUris' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsRedirectUris' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsRule' => { + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + }, + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsUserIDAttr' => { + 'type' => 'text' + }, + 'oidcRPStateTimeout' => { + 'default' => 600, + 'type' => 'int' + }, + 'oidcServiceAllowAuthorizationCodeFlow' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcServiceAllowDynamicRegistration' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAllowHybridFlow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAllowImplicitFlow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceKeyIdSig' => { + 'type' => 'text' + }, + 'oidcServiceMetaDataAuthnContext' => { + 'default' => { + 'loa-1' => 1, + 'loa-2' => 2, + 'loa-3' => 3, + 'loa-4' => 4, + 'loa-5' => 5 + }, + 'keyTest' => qr/(?^:\w)/, + 'type' => 'keyTextContainer' + }, + 'oidcServiceMetaDataAuthorizeURI' => { + 'default' => 'authorize', + 'type' => 'text' + }, + 'oidcServiceMetaDataBackChannelURI' => { + 'default' => 'blogout', + 'type' => 'text' + }, + 'oidcServiceMetaDataCheckSessionURI' => { + 'default' => 'checksession.html', + 'type' => 'text' + }, + 'oidcServiceMetaDataEndSessionURI' => { + 'default' => 'logout', + 'type' => 'text' + }, + 'oidcServiceMetaDataFrontChannelURI' => { + 'default' => 'flogout', + 'type' => 'text' + }, + 'oidcServiceMetaDataIssuer' => { + 'default' => 'http://auth.example.com', + 'type' => 'text' + }, + 'oidcServiceMetaDataJWKSURI' => { + 'default' => 'jwks', + 'type' => 'text' + }, + 'oidcServiceMetaDataRegistrationURI' => { + 'default' => 'register', + 'type' => 'text' + }, + 'oidcServiceMetaDataTokenURI' => { + 'default' => 'token', + 'type' => 'text' + }, + 'oidcServiceMetaDataUserInfoURI' => { + 'default' => 'userinfo', + 'type' => 'text' + }, + 'oidcServicePrivateKeySig' => { + 'type' => 'RSAPrivateKey' + }, + 'oidcServicePublicKeySig' => { + 'type' => 'RSAPublicKey' + }, + 'oidcStorage' => { + 'type' => 'PerlModule' + }, + 'oidcStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'oldNotifFormat' => { + 'default' => 0, + 'type' => 'bool' + }, + 'openIdAttr' => { + 'type' => 'text' + }, + 'openIdAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'openIdExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, + 'type' => 'keyTextContainer' + }, + 'openIdIDPList' => { + 'default' => '0;', + 'type' => 'blackWhiteList' + }, + 'openIdIssuerSecret' => { + 'type' => 'text' + }, + 'openIdSecret' => { + 'type' => 'text' + }, + 'openIdSPList' => { + 'default' => '0;', + 'type' => 'blackWhiteList' + }, + 'openIdSreg_country' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_dob' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_email' => { + 'default' => 'mail', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_fullname' => { + 'default' => 'cn', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_gender' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_language' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_nickname' => { + 'default' => 'uid', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_postcode' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_timezone' => { + 'default' => '_timezone', + 'type' => 'lmAttrOrMacro' + }, + 'pamAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'pamService' => { + 'default' => 'login', + 'type' => 'text' + }, + 'passwordDB' => { + 'default' => 'Demo', + 'select' => [ + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'Choice', + 'v' => 'authChoice' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'persistentStorage' => { + 'type' => 'PerlModule' + }, + 'persistentStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'port' => { + 'type' => 'int' + }, + 'portal' => { + 'default' => 'http://auth.example.com/', + 'type' => 'url' + }, + 'portalAntiFrame' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalCheckLogins' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalDisplayAppslist' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayChangePassword' => { + 'default' => '$_auth =~ /^(LDAP|DBI|Demo)$/', + 'type' => 'boolOrExpr' + }, + 'portalDisplayLoginHistory' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayLogout' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayRegister' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalDisplayResetPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalErrorOnExpiredSession' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalErrorOnMailNotFound' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalForceAuthnInterval' => { + 'default' => 5, + 'type' => 'int' + }, + 'portalOpenLinkInNewWindow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalPingInterval' => { + 'default' => 60000, + 'type' => 'int' + }, + 'portalRequireOldPassword' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalSkin' => { + 'default' => 'bootstrap', + 'select' => [ + { + 'k' => 'bootstrap', + 'v' => 'Bootstrap' + } + ], + 'type' => 'portalskin' + }, + 'portalSkinBackground' => { + 'select' => [ + { + 'k' => '', + 'v' => 'None' + }, + { + 'k' => '1280px-Anse_Source_d\'Argent_2-La_Digue.jpg', + 'v' => 'Anse' + }, + { + 'k' => +'1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg', + 'v' => 'Waterfall' + }, + { + 'k' => '1280px-BrockenSnowedTrees.jpg', + 'v' => 'Snowed Trees' + }, + { + 'k' => + '1280px-Cedar_Breaks_National_Monument_partially.jpg', + 'v' => 'National Monument' + }, + { + 'k' => '1280px-Parry_Peak_from_Winter_Park.jpg', + 'v' => 'Winter' + }, + { + 'k' => 'Aletschgletscher_mit_Pinus_cembra1.jpg', + 'v' => 'Pinus' + } + ], + 'type' => 'portalskinbackground' + }, + 'portalSkinRules' => { + 'keyMsgFail' => '__badSkinRule__', + 'keyTest' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + }, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^\w+$)/, + 'type' => 'keyTextContainer' + }, + 'portalStatus' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalUserAttr' => { + 'default' => '_user', + 'type' => 'text' + }, + 'post' => { + 'keyMsgFail' => '__badHostname__', + 'keyTest' => +qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, + 'test' => sub { + 1; + }, + 'type' => 'postContainer' + }, + 'protection' => { + 'default' => 'none', + 'msgFail' => '__authorizedValues__: none authenticate manager', + 'test' => qr/(?^:^(?:none|authenticate|manager|)$)/, + 'type' => 'text' + }, + 'proxyAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'proxyAuthService' => { + 'type' => 'text' + }, + 'proxySessionService' => { + 'type' => 'text' + }, + 'proxyUseSoap' => { + 'default' => 0, + 'type' => 'bool' + }, + 'radiusAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'radiusSecret' => { + 'type' => 'text' + }, + 'radiusServer' => { + 'type' => 'text' + }, + 'randomPasswordRegexp' => { + 'default' => '[A-Z]{3}[a-z]{5}.\\d{2}', + 'type' => 'pcre' + }, + 'redirectFormMethod' => { + 'default' => 'get', + 'select' => [ + { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'registerConfirmSubject' => { + 'type' => 'text' + }, + 'registerDB' => { + 'default' => 'Null', + 'select' => [ + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'registerDoneSubject' => { + 'type' => 'text' + }, + 'registerTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'reloadUrls' => { + 'keyTest' => +qr/(?^:^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$)/, + 'msgFail' => '__badUrl__', + 'test' => +qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, + 'type' => 'keyTextContainer' + }, + 'remoteCookieName' => { + 'type' => 'text' + }, + 'remoteGlobalStorage' => { + 'default' => 'Lemonldap::NG::Common::Apache::Session::SOAP', + 'type' => 'PerlModule' + }, + 'remoteGlobalStorageOptions' => { + 'default' => { + 'ns' => +'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', + 'proxy' => 'http://auth.example.com/sessions' + }, + 'type' => 'keyTextContainer' + }, + 'remotePortal' => { + 'type' => 'text' + }, + 'requireToken' => { + 'default' => 1, + 'type' => 'bool' + }, + 'restAuthUrl' => { + 'type' => 'url' + }, + 'restConfigServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restPwdConfirmUrl' => { + 'type' => 'url' + }, + 'restPwdModifyUrl' => { + 'type' => 'url' + }, + 'restSessionServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restUserDBUrl' => { + 'type' => 'url' + }, + 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', + 'type' => 'samlService' + }, + 'samlAuthnContextMapKerberos' => { + 'default' => 4, + 'type' => 'int' + }, + 'samlAuthnContextMapPassword' => { + 'default' => 2, + 'type' => 'int' + }, + 'samlAuthnContextMapPasswordProtectedTransport' => { + 'default' => 3, + 'type' => 'int' + }, + 'samlAuthnContextMapTLSClient' => { + 'default' => 5, + 'type' => 'int' + }, + 'samlCommonDomainCookieActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlCommonDomainCookieDomain' => { + 'msgFail' => '__badDomainName__', + 'test' => +qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, + 'type' => 'text' + }, + 'samlCommonDomainCookieReader' => { + 'msgFail' => '__badUrl__', + 'test' => +qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, + 'type' => 'text' + }, + 'samlCommonDomainCookieWriter' => { + 'msgFail' => '__badUrl__', + 'test' => +qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, + 'type' => 'text' + }, + 'samlEntityID' => { + 'default' => '#PORTAL#/saml/metadata', + 'type' => 'text' + }, + 'samlIDPMetaDataExportedAttributes' => { + 'default' => {}, + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/(?^:^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:\w)/, + 'type' => 'samlAttributeContainer' + }, + 'samlIDPMetaDataNodes' => { + 'type' => 'samlIDPMetaDataNodeContainer' + }, + 'samlIDPMetaDataOptions' => { + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/(?^:^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$)/, + 'type' => 'keyTextContainer' + }, + 'samlIDPMetaDataOptionsAdaptSessionUtime' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsAllowLoginFromIDP' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsAllowProxiedAuthn' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckAudience' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckTime' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsEncryptionMode' => { + 'default' => 'none', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'nameid', + 'v' => 'Name ID' + }, + { + 'k' => 'assertion', + 'v' => 'Assertion' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsForceAuthn' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsForceUTF8' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsIsPassive' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsNameIDFormat' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'unspecified', + 'v' => 'Unspecified' + }, + { + 'k' => 'email', + 'v' => 'Email' + }, + { + 'k' => 'x509', + 'v' => 'X509 certificate' + }, + { + 'k' => 'windows', + 'v' => 'Windows' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'entity', + 'v' => 'Entity' + }, + { + 'k' => 'persistent', + 'v' => 'Persistent' + }, + { + 'k' => 'transient', + 'v' => 'Transient' + }, + { + 'k' => 'encrypted', + 'v' => 'Encrypted' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsRelayStateURL' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsRequestedAuthnContext' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'password-protected-transport', + 'v' => 'Password protected transport' + }, + { + 'k' => 'password', + 'v' => 'Password' + }, + { + 'k' => 'tls-client', + 'v' => 'TLS client certificate' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsResolutionRule' => { + 'default' => '', + 'type' => 'longtext' + }, + 'samlIDPMetaDataOptionsSignSLOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlIDPMetaDataOptionsSignSSOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlIDPMetaDataOptionsSLOBinding' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'http-post', + 'v' => 'POST' + }, + { + 'k' => 'http-redirect', + 'v' => 'Redirect' + }, + { + 'k' => 'http-soap', + 'v' => 'SOAP' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsSSOBinding' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'http-post', + 'v' => 'POST' + }, + { + 'k' => 'http-redirect', + 'v' => 'Redirect' + }, + { + 'k' => 'artifact-get', + 'v' => 'Artifact GET' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsStoreSAMLToken' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataXML' => { + 'test' => sub { + my $v = shift(); + return 1 unless $v and %$v; + my @msg; + my $res = 1; + my %entityIds; + foreach my $idpId ( keys %$v ) { + unless ( $$v{$idpId}{'samlIDPMetaDataXML'} =~ + /entityID="(.+?)"/is ) + { + push @msg, "$idpId SAML metadata has ne EntityID"; + $res = 0; + next; + } + my $eid = $1; + if ( defined $entityIds{$eid} ) { + push @msg, +"$idpId and $entityIds{$eid} have the same SAML EntityID"; + $res = 0; + next; + } + $entityIds{$eid} = $idpId; + } + return $res, join( ', ', @msg ); + }, + 'type' => 'file' + }, + 'samlIdPResolveCookie' => { + 'default' => 'lemonldapidp', + 'type' => 'text' + }, + 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => { + 'default' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'type' => 'samlAssertion' + }, + 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorWantAuthnRequestsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlMetadataForceUTF8' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlNameIDFormatMapEmail' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'samlNameIDFormatMapKerberos' => { + 'default' => 'uid', + 'type' => 'text' + }, + 'samlNameIDFormatMapWindows' => { + 'default' => 'uid', + 'type' => 'text' + }, + 'samlNameIDFormatMapX509' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'samlOrganizationDisplayName' => { + 'default' => 'Example', + 'type' => 'text' + }, + 'samlOrganizationName' => { + 'default' => 'Example', + 'type' => 'text' + }, + 'samlOrganizationURL' => { + 'default' => 'http://www.example.com', + 'type' => 'text' + }, + 'samlRelayStateTimeout' => { + 'default' => 600, + 'type' => 'int' + }, + 'samlServicePrivateKeyEnc' => { + 'default' => '', + 'type' => 'RSAPrivateKey' + }, + 'samlServicePrivateKeyEncPwd' => { + 'type' => 'password' + }, + 'samlServicePrivateKeySig' => { + 'default' => '', + 'type' => 'RSAPrivateKey' + }, + 'samlServicePrivateKeySigPwd' => { + 'default' => '', + 'type' => 'password' + }, + 'samlServicePublicKeyEnc' => { + 'default' => '', + 'type' => 'RSAPublicKeyOrCertificate' + }, + 'samlServicePublicKeySig' => { + 'default' => '', + 'type' => 'RSAPublicKeyOrCertificate' + }, + 'samlServiceUseCertificateInResponse' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataExportedAttributes' => { + 'default' => {}, + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/(?^:^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:\w)/, + 'type' => 'samlAttributeContainer' + }, + 'samlSPMetaDataNodes' => { + 'type' => 'samlSPMetaDataNodeContainer' + }, + 'samlSPMetaDataOptions' => { + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/(?^:^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$)/, + 'type' => 'keyTextContainer' + }, + 'samlSPMetaDataOptionsCheckSLOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsCheckSSOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsEncryptionMode' => { + 'default' => 'none', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'nameid', + 'v' => 'Name ID' + }, + { + 'k' => 'assertion', + 'v' => 'Assertion' + } + ], + 'type' => 'select' + }, + 'samlSPMetaDataOptionsForceUTF8' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsNameIDFormat' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'unspecified', + 'v' => 'Unspecified' + }, + { + 'k' => 'email', + 'v' => 'Email' + }, + { + 'k' => 'x509', + 'v' => 'X509 certificate' + }, + { + 'k' => 'windows', + 'v' => 'Windows' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'entity', + 'v' => 'Entity' + }, + { + 'k' => 'persistent', + 'v' => 'Persistent' + }, + { + 'k' => 'transient', + 'v' => 'Transient' + }, + { + 'k' => 'encrypted', + 'v' => 'Encrypted' + } + ], + 'type' => 'select' + }, + 'samlSPMetaDataOptionsNameIDSessionKey' => { + 'type' => 'text' + }, + 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => { + 'default' => 72000, + 'type' => 'int' + }, + 'samlSPMetaDataOptionsOneTimeUse' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsRule' => { + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + }, + 'type' => 'text' + }, + 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => { + 'default' => 72000, + 'type' => 'int' + }, + 'samlSPMetaDataOptionsSignSLOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlSPMetaDataOptionsSignSSOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlSPMetaDataXML' => { + 'type' => 'file' + }, + 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => { + 'default' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => { + 'default' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => { + 'default' => +'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAuthnRequestsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorSingleLogoutServiceSOAP' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorWantAssertionsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlStorage' => { + 'type' => 'PerlModule' + }, + 'samlStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'samlUseQueryStringSpecific' => { + 'default' => 0, + 'type' => 'bool' + }, + 'securedCookie' => { + 'default' => 0, + 'select' => [ + { + 'k' => 0, + 'v' => 'unsecuredCookie' + }, + { + 'k' => 1, + 'v' => 'securedCookie' + }, + { + 'k' => 2, + 'v' => 'doubleCookie' + }, + { + 'k' => 3, + 'v' => 'doubleCookieForSingleSession' + } + ], + 'type' => 'select' + }, + 'sessionDataToRemember' => { + 'keyMsgFail' => '__invalidSessionData__', + 'keyTest' => qr/(?^:^[_a-zA-Z][a-zA-Z0-9_]*$)/, + 'type' => 'keyTextContainer' + }, + 'singleIP' => { + 'default' => 0, + 'type' => 'bool' + }, + 'singleSession' => { + 'default' => 0, + 'type' => 'bool' + }, + 'singleSessionUserByIP' => { + 'default' => 0, + 'type' => 'bool' + }, + 'singleUserByIP' => { + 'default' => 0, + 'type' => 'bool' + }, + 'slaveAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'slaveExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, + 'type' => 'keyTextContainer' + }, + 'slaveHeaderContent' => { + 'type' => 'text' + }, + 'slaveHeaderName' => { + 'type' => 'text' + }, + 'slaveMasterIP' => { + 'msgFail' => '__badIPv4Address__', + 'test' => qr/(?^:^((?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)\s*)*$)/, + 'type' => 'text' + }, + 'slaveUserHeader' => { + 'type' => 'text' + }, + 'SMTPAuthPass' => { + 'type' => 'password' + }, + 'SMTPAuthUser' => { + 'type' => 'text' + }, + 'SMTPPort' => { + 'type' => 'int' + }, + 'SMTPServer' => { + 'default' => '', + 'test' => +qr/(?^:^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$)/, + 'type' => 'text' + }, + 'SMTPTLS' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => 'none' + }, + { + 'k' => 'starttls', + 'v' => 'SMTP + STARTTLS' + }, + { + 'k' => 'ssl', + 'v' => 'SMTPS' + } + ], + 'type' => 'select' + }, + 'SMTPTLSOpts' => { + 'type' => 'keyTextContainer' + }, + 'soapConfigServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'soapSessionServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'SSLAuthnLevel' => { + 'default' => 5, + 'type' => 'int' + }, + 'sslByAjax' => { + 'type' => 'bool' + }, + 'sslHost' => { + 'type' => 'url' + }, + 'SSLVar' => { + 'type' => 'text' + }, + 'SSLVarIf' => { + 'type' => 'keyTextContainer' + }, + 'staticPrefix' => { + 'type' => 'text' + }, + 'stayConnected' => { + 'type' => 'bool' + }, + 'storePassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'successLoginNumber' => { + 'default' => 5, + 'type' => 'int' + }, + 'timeout' => { + 'default' => 72000, + 'test' => sub { + $_[0] > 0; + }, + 'type' => 'int' + }, + 'timeoutActivity' => { + 'default' => 0, + 'test' => sub { + $_[0] >= 0; + }, + 'type' => 'int' + }, + 'timeoutActivityInterval' => { + 'default' => 60, + 'test' => sub { + $_[0] >= 0; + }, + 'type' => 'int' + }, + 'tokenUseGlobalStorage' => { + 'default' => 0, + 'type' => 'bool' + }, + 'trustedDomains' => { + 'type' => 'text' + }, + 'trustedProxies' => { + 'default' => '', + 'type' => 'text' + }, + 'twitterAppName' => { + 'type' => 'text' + }, + 'twitterAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'twitterKey' => { + 'type' => 'text' + }, + 'twitterSecret' => { + 'type' => 'text' + }, + 'u2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'u2fAuthnLevel' => { + 'type' => 'int' + }, + 'u2fSelfRegistration' => { + 'default' => 0, + 'type' => 'bool' + }, + 'upgradeSession' => { + 'default' => 1, + 'type' => 'bool' + }, + 'userControl' => { + 'default' => '^[\\w\\.\\-@]+$', + 'type' => 'pcre' + }, + 'userDB' => { + 'default' => 'Same', + 'select' => [ + { + 'k' => 'Same', + 'v' => 'Same' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'useRedirectOnError' => { + 'default' => 1, + 'type' => 'bool' + }, + 'useRedirectOnForbidden' => { + 'default' => 0, + 'type' => 'bool' + }, + 'userPivot' => { + 'type' => 'text' + }, + 'useSafeJail' => { + 'default' => 1, + 'type' => 'bool' + }, + 'vhostAliases' => { + 'type' => 'text' + }, + 'vhostAuthnLevel' => { + 'type' => 'int' + }, + 'vhostHttps' => { + 'default' => -1, + 'type' => 'trool' + }, + 'vhostMaintenance' => { + 'default' => 0, + 'type' => 'bool' + }, + 'vhostOptions' => { + 'type' => 'subContainer' + }, + 'vhostPort' => { + 'default' => -1, + 'type' => 'int' + }, + 'vhostType' => { + 'default' => 'Main', + 'select' => [ + { + 'k' => 'Main', + 'v' => 'Main' + }, + { + 'k' => 'Zimbra', + 'v' => 'ZimbraPreAuth' + }, + { + 'k' => 'AuthBasic', + 'v' => 'AuthBasic' + }, + { + 'k' => 'SecureToken', + 'v' => 'SecureToken' + }, + { + 'k' => 'CDA', + 'v' => 'CDA' + }, + { + 'k' => 'DevOps', + 'v' => 'DevOps' + }, + { + 'k' => 'ServiceToken', + 'v' => 'ServiceToken' + } + ], + 'type' => 'select' + }, + 'virtualHosts' => { + 'type' => 'virtualHostContainer' + }, + 'webIDAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'webIDExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/(?^:^!?[a-zA-Z][a-zA-Z0-9_-]*$)/, + 'msgFail' => '__badValue__', + 'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9_:\-]*$)/, + 'type' => 'keyTextContainer' + }, + 'webIDWhitelist' => { + 'type' => 'text' + }, + 'whatToTrace' => { + 'default' => 'uid', + 'type' => 'lmAttrOrMacro' + }, + 'yubikeyAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'yubikeyClientID' => { + 'type' => 'text' + }, + 'yubikeyPublicIDSize' => { + 'default' => 12, + 'type' => 'int' + }, + 'yubikeySecretKey' => { + 'type' => 'text' + } + }; } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 305a0e15f..99d5d717d 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -370,9 +370,10 @@ sub attributes { documentation => 'Show error if session is expired', }, portalErrorOnMailNotFound => { - type => 'bool', - default => 0, - documentation => 'Show error if mail is not found in password reset process', + type => 'bool', + default => 0, + documentation => + 'Show error if mail is not found in password reset process', }, portalOpenLinkInNewWindow => { type => 'bool', @@ -2699,7 +2700,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: oidcRPMetaDataOptionsBypassConsent => { type => 'bool', help => 'openidconnectclaims.html', default => 0 }, oidcRPMetaDataOptionsPostLogoutRedirectUris => { type => 'text', }, - oidcRPMetaDataOptionsLogoutUrl => { + oidcRPMetaDataOptionsLogoutUrl => { type => 'url', documentation => 'Logout URL', }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm index b55d8ff3d..a6483697f 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm @@ -172,19 +172,20 @@ sub tree { title => 'dbiPassword', help => 'authdbi.html#password', form => 'simpleInputContainer', - nodes => ['dbiAuthPasswordHash', - { - title => 'dbiDynamicHash', - help => 'authdbi.html#password', - form => 'simpleInputContainer', - nodes => [ - 'dbiDynamicHashEnabled', - 'dbiDynamicHashValidSchemes', - 'dbiDynamicHashValidSaltedSchemes', - 'dbiDynamicHashNewPasswordScheme' - ] - } - ] + nodes => [ + 'dbiAuthPasswordHash', + { + title => 'dbiDynamicHash', + help => 'authdbi.html#password', + form => 'simpleInputContainer', + nodes => [ + 'dbiDynamicHashEnabled', + 'dbiDynamicHashValidSchemes', +'dbiDynamicHashValidSaltedSchemes', +'dbiDynamicHashNewPasswordScheme' + ] + } + ] } ] }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm index ec4a71c7b..4dcaf576d 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm @@ -473,10 +473,13 @@ sub _scanNodes { } } elsif ( $target =~ - /^(?:$casSrvMetaDataNodeKeys|$casAppMetaDataNodeKeys)/o ) + /^(?:$casSrvMetaDataNodeKeys|$casAppMetaDataNodeKeys)/o + ) { - $self->set( $optKey, [ $oldName, $key ], - $target, $leaf->{data} ); + $self->set( + $optKey, [ $oldName, $key ], + $target, $leaf->{data} + ); } else { push @{ $self->errors }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index 8a95afec3..30c207249 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -315,8 +315,8 @@ sub tests { my %entityIds; foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) { unless ( - $conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} - =~ /entityID=(['"])(.+?)\1/si ) + $conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~ + /entityID=(['"])(.+?)\1/si ) { push @msg, "$spId SAML metadata has no EntityID"; $res = 0; diff --git a/lemonldap-ng-manager/site/htdocs/static/struct.json b/lemonldap-ng-manager/site/htdocs/static/struct.json index f4eca734e..d439087c1 100644 --- a/lemonldap-ng-manager/site/htdocs/static/struct.json +++ b/lemonldap-ng-manager/site/htdocs/static/struct.json @@ -1 +1 @@ -[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories_and_applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"}],"id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"bool"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","help":"monitoring.html","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"}],"id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"Google","v":"Google"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Yubikey","v":"Yubikey"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"Google","v":"Google"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Yubikey","v":"Yubikey"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"Google","v":"Google"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":4,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword","type":"simpleInputContainer"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"default":389,"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":120,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"Google","v":"Google"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Yubikey","v":"Yubikey"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams"},{"_nodes":[{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":"login","id":"pamService","title":"pamService"},{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"default":3,"id":"yubikeyAuthnLevel","title":"yubikeyAuthnLevel","type":"int"},{"id":"yubikeyClientID","title":"yubikeyClientID"},{"id":"yubikeySecretKey","title":"yubikeySecretKey"},{"default":12,"id":"yubikeyPublicIDSize","title":"yubikeyPublicIDSize","type":"int"}],"help":"authyubikey.html","id":"yubikeyParams","show":false,"title":"yubikeyParams","type":"simpleInputContainer"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams","type":"simpleInputContainer"}],"_nodes_filter":"authParams","help":"start.html#authentication_users_and_password_databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"}],"id":"issuerDBCASOptions","title":"issuerDBCASOptions"}],"help":"idpcas.html","id":"issuerDBCAS","title":"issuerDBCAS"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":"0","id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect"},{"_nodes":[{"default":"0","id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"}],"help":"start.html#identity_provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"","id":"trustedProxies","title":"trustedProxies"},{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"default":"_password","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/tmp","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions_database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"bool"},{"default":0,"id":"singleIP","title":"singleIP","type":"bool"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"bool"},{"default":0,"id":"singleSessionUserByIP","title":"singleSessionUserByIP","type":"bool"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration_reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"},{"_nodes":[{"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":0,"id":"portalStatus","title":"portalStatus","type":"bool"},{"_nodes":[{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"}],"id":"SMTP","title":"SMTP","type":"simpleInputContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"},{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"bool"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"}],"help":"external2f.html","id":"external2f","title":"external2f","type":"simpleInputContainer"}],"id":"plugins","title":"plugins"},{"_nodes":[{"id":"customFunctions","title":"customFunctions"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"'self'","id":"cspFont","title":"cspFont"}],"help":"csp.html","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"default":1,"id":"requireToken","title":"requireToken","type":"bool"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"}],"help":"security.html#configure_security_settings","id":"security","title":"security","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"https","title":"https","type":"bool"},{"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"}],"help":"redirections.html#portal_redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms"}],"help":"start.html#advanced_features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend_variables_using_macros_and_groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend_variables_using_macros_and_groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSAKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSAKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"}],"help":"samlservice.html#security_parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid_formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication_contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service_provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity_provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute_authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":"lemonldapidp","id":"samlIdPResolveCookie","title":"samlIdPResolveCookie"},{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"default":"http://auth.example.com","id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":"0","id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":"1","id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":"0","id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":"0","id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"}],"help":"openidconnectservice.html#service_configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare_the_openid_connect_provider_in_llng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration_of_relying_party_in_llng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"}],"id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file +[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories_and_applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"}],"id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"bool"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","help":"monitoring.html","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"}],"id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"Google","v":"Google"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Yubikey","v":"Yubikey"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"Google","v":"Google"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Yubikey","v":"Yubikey"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"Google","v":"Google"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":4,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword","type":"simpleInputContainer"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"default":389,"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":120,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"Google","v":"Google"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Yubikey","v":"Yubikey"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams"},{"_nodes":[{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":"login","id":"pamService","title":"pamService"},{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"default":3,"id":"yubikeyAuthnLevel","title":"yubikeyAuthnLevel","type":"int"},{"id":"yubikeyClientID","title":"yubikeyClientID"},{"id":"yubikeySecretKey","title":"yubikeySecretKey"},{"default":12,"id":"yubikeyPublicIDSize","title":"yubikeyPublicIDSize","type":"int"}],"help":"authyubikey.html","id":"yubikeyParams","show":false,"title":"yubikeyParams","type":"simpleInputContainer"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams","type":"simpleInputContainer"}],"_nodes_filter":"authParams","help":"start.html#authentication_users_and_password_databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"}],"id":"issuerDBCASOptions","title":"issuerDBCASOptions"}],"help":"idpcas.html","id":"issuerDBCAS","title":"issuerDBCAS"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"}],"help":"start.html#identity_provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"","id":"trustedProxies","title":"trustedProxies"},{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"default":"_password","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/tmp","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions_database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"bool"},{"default":0,"id":"singleIP","title":"singleIP","type":"bool"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"bool"},{"default":0,"id":"singleSessionUserByIP","title":"singleSessionUserByIP","type":"bool"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration_reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"},{"_nodes":[{"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":0,"id":"portalStatus","title":"portalStatus","type":"bool"},{"_nodes":[{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"}],"id":"SMTP","title":"SMTP","type":"simpleInputContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"},{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"bool"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"}],"help":"external2f.html","id":"external2f","title":"external2f","type":"simpleInputContainer"}],"id":"plugins","title":"plugins"},{"_nodes":[{"id":"customFunctions","title":"customFunctions"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"'self'","id":"cspFont","title":"cspFont"}],"help":"csp.html","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"default":1,"id":"requireToken","title":"requireToken","type":"bool"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"}],"help":"security.html#configure_security_settings","id":"security","title":"security","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"https","title":"https","type":"bool"},{"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"}],"help":"redirections.html#portal_redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms"}],"help":"start.html#advanced_features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend_variables_using_macros_and_groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend_variables_using_macros_and_groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSAKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSAKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"}],"help":"samlservice.html#security_parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid_formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication_contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service_provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity_provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute_authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":"lemonldapidp","id":"samlIdPResolveCookie","title":"samlIdPResolveCookie"},{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"default":"http://auth.example.com","id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"}],"help":"openidconnectservice.html#service_configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare_the_openid_connect_provider_in_llng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration_of_relying_party_in_llng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"}],"id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm index 23b3cb4fa..d317e57c0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm @@ -78,7 +78,8 @@ sub extractFormInfo { # another backend (Combination) # switch to another backend elsif ( defined $req->param('kerberos') ) { - $self->userLogger->warn('Kerberos authentication has failed, back to portal'); + $self->userLogger->warn( + 'Kerberos authentication has failed, back to portal'); return PE_BADCREDENTIALS; } @@ -110,16 +111,11 @@ sub extractFormInfo { $ENV{KRB5_KTNAME} = $self->keytab; my $gss_client_name; my $status = GSSAPI::Context::accept( - my $server_context, - GSS_C_NO_CREDENTIAL, - $data, - GSS_C_NO_CHANNEL_BINDINGS, - $gss_client_name, - undef, - my $gss_output_token, - my $out_flags, - my $out_time, - my $gss_delegated_cred + my $server_context, GSS_C_NO_CREDENTIAL, + $data, GSS_C_NO_CHANNEL_BINDINGS, + $gss_client_name, undef, + my $gss_output_token, my $out_flags, + my $out_time, my $gss_delegated_cred ); unless ($status) { $self->logger->error('Unable to accept security context'); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm index 406bea019..fd29e08df 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm @@ -331,7 +331,7 @@ sub validateST { my $proxy_url; if (%$proxied) { $proxy_url = $self->p->fullUrl($req); - die if($proxy_url =~ /casProxy=1/); + die if ( $proxy_url =~ /casProxy=1/ ); $proxy_url .= ( $proxy_url =~ /\?/ ? '&' : '?' ) . 'casProxy=1'; if ( $self->conf->{authChoiceParam} and my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm index 3ab9250ab..e9bea5746 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm @@ -95,30 +95,29 @@ sub get_password { my $table = $self->conf->{dbiAuthTable}; my $loginCol = $self->conf->{dbiAuthLoginCol}; my $passwordCol = $self->conf->{dbiAuthPasswordCol}; - + my @rows = (); eval { - my $sth = $dbh->prepare( -"SELECT $passwordCol FROM $table WHERE $loginCol=?" - ); - $sth->execute( $user); + my $sth = + $dbh->prepare( "SELECT $passwordCol FROM $table WHERE $loginCol=?" ); + $sth->execute($user); @rows = $sth->fetchrow_array(); }; if ($@) { $self->lmLog( "DBI error while getting password: $@", 'error' ); return ""; } - + if ( @rows == 1 ) { - $self->logger->debug( "Successfully got password from database" ); + $self->logger->debug("Successfully got password from database"); return $rows[0]; } else { - $self->userLogger->warn( "Unable to check password for $user" ); + $self->userLogger->warn("Unable to check password for $user"); return ""; } } - + ## @method protected Lemonldap::NG::Portal::_DBI hash_password_from_database ## (ref dbh, string dbmethod, string dbsalt, string password) # Hash the given password calling the dbmethod function in database @@ -128,17 +127,18 @@ sub get_password { # @param password the password to hash # @return hashed password sub hash_password_from_database { + # Remark: database function must get hexadecimal input # and send back hexadecimal output - my $self = shift; - my $dbh = shift; - my $dbmethod = shift; - my $dbsalt = shift; - my $password = shift; - + my $self = shift; + my $dbh = shift; + my $dbmethod = shift; + my $dbsalt = shift; + my $password = shift; + # convert password to hexa my $passwordh = unpack "H*", $password; - + my @rows = (); eval { my $sth = $dbh->prepare("SELECT $dbmethod('$passwordh$dbsalt')"); @@ -146,67 +146,71 @@ sub hash_password_from_database { @rows = $sth->fetchrow_array(); }; if ($@) { - $self->lmLog( "DBI error while hashing with '$dbmethod' hash function: $@", 'error' ); - $self->userLogger->warn( "Unable to check password" ); + $self->lmLog( + "DBI error while hashing with '$dbmethod' hash function: $@", + 'error' ); + $self->userLogger->warn("Unable to check password"); return ""; } - + if ( @rows == 1 ) { - $self->logger->debug( "Successfully hashed password with $dbmethod hash function in database" ); - + $self->logger->debug( +"Successfully hashed password with $dbmethod hash function in database" + ); + # convert salt to binary my $dbsaltb = pack 'H*', $dbsalt; - + # convert result to binary my $res = pack 'H*', $rows[0]; - - return encode_base64($res . $dbsaltb ,''); + + return encode_base64( $res . $dbsaltb, '' ); } else { - $self->userLogger->warn( "Unable to check password with '$dbmethod'" ); + $self->userLogger->warn("Unable to check password with '$dbmethod'"); return ""; } - -# Return encode_base64(SQL_METHOD(password + salt) + salt) + + # Return encode_base64(SQL_METHOD(password + salt) + salt) } - + ## @method protected Lemonldap::NG::Portal::_DBI get_salt(string dbhash) # Return salt from salted hash password # @param dbhash hash password # @return extracted salt sub get_salt { - my $self = shift; - my $dbhash = shift; + my $self = shift; + my $dbhash = shift; my $dbsalt; - + # get rid of scheme ({sha256}) $dbhash =~ s/^\{[^}]+\}(.*)$/$1/; - + # get binary hash my $decoded = &decode_base64($dbhash); - + # get last 8 bytes $dbsalt = substr $decoded, -8; - + # get hexadecimal version of salt $dbsalt = unpack "H*", $dbsalt; - + return $dbsalt; } - + ## @method protected Lemonldap::NG::Portal::_DBI gen_salt() # Generate 8 bytes of hexadecimal random salt # @return generated salt sub gen_salt { - my $self = shift; + my $self = shift; my $dbsalt; - my @set = ('0' ..'9', 'A' .. 'F'); - - $dbsalt = join '' => map $set[rand @set], 1 .. 16; - + my @set = ( '0' .. '9', 'A' .. 'F' ); + + $dbsalt = join '' => map $set[ rand @set ], 1 .. 16; + return $dbsalt; } - + ## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_password(ref dbh, ## string user, string password, string table, string loginCol, string passwordCol) # Return hashed password for use in SQL statement @@ -218,76 +222,88 @@ sub gen_salt { # @param passwordCol name of the row containing the password # @return hashed password sub dynamic_hash_password { - my $self = shift; - my $dbh = shift; - my $user = shift; - my $password = shift; - my $table = shift; - my $loginCol = shift; + my $self = shift; + my $dbh = shift; + my $user = shift; + my $password = shift; + my $table = shift; + my $loginCol = shift; my $passwordCol = shift; + # Authorized hash schemes and salted hash schemes my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes}; - my @validSaltedSchemes = split / /, $self->conf->{dbiDynamicHashValidSaltedSchemes}; - - my $dbhash; # hash currently stored in database - my $dbscheme; # current hash scheme stored in database - my $dbmethod; # static hash method corresponding to a database function - my $dbsalt; # current salt stored in database - my $hash; # hash to compute from user password - + my @validSaltedSchemes = split / /, + $self->conf->{dbiDynamicHashValidSaltedSchemes}; + + my $dbhash; # hash currently stored in database + my $dbscheme; # current hash scheme stored in database + my $dbmethod; # static hash method corresponding to a database function + my $dbsalt; # current salt stored in database + my $hash; # hash to compute from user password + # Search hash from database - $self->logger->debug( "Hash scheme is to be found in database" ); - $dbhash = $self->get_password($dbh, $user, $table, $loginCol, $passwordCol); - + $self->logger->debug("Hash scheme is to be found in database"); + $dbhash = + $self->get_password( $dbh, $user, $table, $loginCol, $passwordCol ); + # Get the scheme $dbscheme = $dbhash; $dbscheme =~ s/^\{([^}]+)\}.*/$1/; $dbscheme = "" if $dbscheme eq $dbhash; - + # no hash scheme => assume clear text - if($dbscheme eq "") { - $self->logger->info( "Password has no hash scheme" ); + if ( $dbscheme eq "" ) { + $self->logger->info("Password has no hash scheme"); return "?"; - + } + # salted hash scheme - elsif(grep( /^$dbscheme$/, @validSaltedSchemes )) { - $self->logger->info( "Valid salted hash scheme: $dbscheme found for user $user" ); - + elsif ( grep( /^$dbscheme$/, @validSaltedSchemes ) ) { + $self->logger->info( + "Valid salted hash scheme: $dbscheme found for user $user"); + # extract non salted hash scheme $dbmethod = $dbscheme; $dbmethod =~ s/^s//i; - + # extract the salt $dbsalt = $self->get_salt($dbhash); - $self->logger->debug( "Get salt from password: $dbsalt"); - + $self->logger->debug("Get salt from password: $dbsalt"); + # Hash password with given hash scheme and salt - $hash = $self->hash_password_from_database($dbh, $dbmethod, $dbsalt, $password); + $hash = + $self->hash_password_from_database( $dbh, $dbmethod, $dbsalt, + $password ); $hash = "{$dbscheme}$hash"; - + return "'$hash'"; - + } + # static hash scheme - elsif(grep( /^$dbscheme$/, @validSchemes )) { - $self->logger->info( "Valid hash scheme: $dbscheme found for user $user" ); - + elsif ( grep( /^$dbscheme$/, @validSchemes ) ) { + $self->logger->info( + "Valid hash scheme: $dbscheme found for user $user"); + # Hash given password with given hash scheme and no salt - $hash = $self->hash_password_from_database($dbh, $dbscheme, "", $password); + $hash = + $self->hash_password_from_database( $dbh, $dbscheme, "", $password ); $hash = "{$dbscheme}$hash"; - + return "'$hash'"; } + # no valid hash scheme else { - $self->lmLog( "No valid hash scheme: $dbscheme for user $user", 'error' ); - $self->userLogger->warn( "Unable to check password for $user" ); + $self->lmLog( "No valid hash scheme: $dbscheme for user $user", + 'error' ); + $self->userLogger->warn("Unable to check password for $user"); return ""; } - + } - + ## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_new_password(ref dbh, ## string user, string password) # Return hashed password for use in SQL statement @@ -301,57 +317,67 @@ sub dynamic_hash_new_password { my $dbh = shift; my $user = shift; my $password = shift; - my $dbscheme = $self->conf->{dbiDynamicHashNewPasswordScheme} || ""; + my $dbscheme = $self->conf->{dbiDynamicHashNewPasswordScheme} || ""; + # Authorized hash schemes and salted hash schemes my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes}; - my @validSaltedSchemes = split / /, $self->conf->{dbiDynamicHashValidSaltedSchemes}; - - my $dbmethod; # static hash method corresponding to a database function - my $dbsalt; # salt to generate for new hashed password - my $hash; # hash to compute from user password - + my @validSaltedSchemes = split / /, + $self->conf->{dbiDynamicHashValidSaltedSchemes}; + + my $dbmethod; # static hash method corresponding to a database function + my $dbsalt; # salt to generate for new hashed password + my $hash; # hash to compute from user password + # no hash scheme => assume clear text - if($dbscheme eq "") { - $self->logger->info( "No hash scheme selected, storing password in clear text" ); + if ( $dbscheme eq "" ) { + $self->logger->info( + "No hash scheme selected, storing password in clear text"); return "?"; - + } + # salted hash scheme - elsif(grep( /^$dbscheme$/, @validSaltedSchemes )) { - $self->logger->info( "Selected salted hash scheme: $dbscheme" ); - + elsif ( grep( /^$dbscheme$/, @validSaltedSchemes ) ) { + $self->logger->info("Selected salted hash scheme: $dbscheme"); + # extract non salted hash scheme $dbmethod = $dbscheme; $dbmethod =~ s/^s//i; - + # generate the salt $dbsalt = $self->gen_salt(); - $self->logger->debug( "Generated salt: $dbsalt" ); - + $self->logger->debug("Generated salt: $dbsalt"); + # Hash given password with given hash scheme and salt - $hash = $self->hash_password_from_database($dbh, $dbmethod, $dbsalt, $password); + $hash = + $self->hash_password_from_database( $dbh, $dbmethod, $dbsalt, + $password ); $hash = "{$dbscheme}$hash"; - + return "'$hash'"; - + } + # static hash scheme - elsif(grep( /^$dbscheme$/, @validSchemes )) { - $self->logger->info( "Selected hash scheme: $dbscheme" ); - + elsif ( grep( /^$dbscheme$/, @validSchemes ) ) { + $self->logger->info("Selected hash scheme: $dbscheme"); + # Hash given password with given hash scheme and no salt - $hash = $self->hash_password_from_database($dbh, $dbscheme, "", $password); + $hash = + $self->hash_password_from_database( $dbh, $dbscheme, "", $password ); $hash = "{$dbscheme}$hash"; - + return "'$hash'"; } + # no valid hash scheme else { - $self->lmLog( "No selected hash scheme: $dbscheme is invalid", 'error' ); - $self->userLogger->warn( "Unable to store password for $user" ); + $self->lmLog( "No selected hash scheme: $dbscheme is invalid", + 'error' ); + $self->userLogger->warn("Unable to store password for $user"); return ""; } - + } # Verify user and password with SQL SELECT @@ -374,15 +400,17 @@ sub check_password { my $passwordsql; if ( $dynamicHash == 1 ) { + # Dynamic password hashes $passwordsql = - $self->dynamic_hash_password( $self->dbh, $user, $password, $table, $loginCol, $passwordCol ); + $self->dynamic_hash_password( $self->dbh, $user, $password, $table, + $loginCol, $passwordCol ); } - else - { + else { # Static Password hashes $passwordsql = - $self->hash_password_for_select( "?", $self->conf->{dbiAuthPasswordHash} ); + $self->hash_password_for_select( "?", + $self->conf->{dbiAuthPasswordHash} ); } my @rows = (); @@ -390,8 +418,8 @@ sub check_password { my $sth = $self->dbh->prepare( "SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql" ); - $sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/; - $sth->execute( $user ) unless $passwordsql =~ /.*\?.*/; + $sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/; + $sth->execute($user) unless $passwordsql =~ /.*\?.*/; @rows = $sth->fetchrow_array(); }; if ($@) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm index ebc2f4e15..cf0b10301 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm @@ -22,28 +22,30 @@ sub confirm { sub modifyPassword { my ( $self, $req, $pwd ) = @_; - my $userCol = $self->conf->{dbiAuthLoginCol}; + my $userCol = $self->conf->{dbiAuthLoginCol}; my $passwordCol = $self->conf->{dbiAuthPasswordCol}; - my $table = $self->conf->{dbiAuthTable}; + my $table = $self->conf->{dbiAuthTable}; my $dynamicHash = $self->conf->{dbiDynamicHashEnabled} || 0; my $passwordsql; if ( $dynamicHash == 1 ) { + # Dynamic password hashes $passwordsql = - $self->dynamic_hash_new_password( $self->dbh, $req->user, $pwd, $table, $userCol, $passwordCol ); + $self->dynamic_hash_new_password( $self->dbh, $req->user, $pwd, + $table, $userCol, $passwordCol ); } - else - { + else { # Static Password hash - $passwordsql = $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} ); + $passwordsql = + $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} ); } eval { my $sth = $self->dbh->prepare( - "UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?"); - $sth->execute( $pwd, $req->user ) if $passwordsql =~ /.*\?.*/; - $sth->execute( $req->user ) unless $passwordsql =~ /.*\?.*/; + "UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?"); + $sth->execute( $pwd, $req->user ) if $passwordsql =~ /.*\?.*/; + $sth->execute( $req->user ) unless $passwordsql =~ /.*\?.*/; }; if ($@) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Null.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Null.pm index 2b50977dd..e9ad31bd5 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Null.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Null.pm @@ -10,12 +10,12 @@ extends 'Lemonldap::NG::Portal::Password::Base'; our $VERSION = '2.0.0'; -sub init {1} +sub init { 1 } -sub confirm {1} +sub confirm { 1 } sub modifyPassword { - PE_PASSWORD_OK + PE_PASSWORD_OK; } 1; diff --git a/lemonldap-ng-portal/t/24-AuthKerberos.t b/lemonldap-ng-portal/t/24-AuthKerberos.t index f7d3d3158..c5cd2847c 100644 --- a/lemonldap-ng-portal/t/24-AuthKerberos.t +++ b/lemonldap-ng-portal/t/24-AuthKerberos.t @@ -7,7 +7,7 @@ BEGIN { } my $maintests = 8; -my $debug = 'error'; +my $debug = 'error'; SKIP: { eval "require GSSAPI"; diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t index 03e8ae275..4b57fd593 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t @@ -86,9 +86,9 @@ expectAuthenticatedAs( $res, 'french' ); ok( $res = $sp->_get("/sessions/global/$spId"), 'Get UTF-8' ); expectOK($res); ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' ) -or print STDERR $@; + or print STDERR $@; ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) -or explain( $res, 'cn => Frédéric Accents' ); + or explain( $res, 'cn => Frédéric Accents' ); count(3); # Logout initiated by SP @@ -212,16 +212,16 @@ sub issuer { return LLNG::Manager::Test->new( { ini => { - logLevel => $debug, - templatesDir => 'site/htdocs/static', - domain => 'idp.com', - portal => 'http://auth.idp.com', - authentication => 'Demo', - userDB => 'Same', - issuerDBCASActivation => 1, - casAttr => 'uid', - casAccessControlPolicy => 'error', - multiValuesSeparator => ';', + logLevel => $debug, + templatesDir => 'site/htdocs/static', + domain => 'idp.com', + portal => 'http://auth.idp.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBCASActivation => 1, + casAttr => 'uid', + casAccessControlPolicy => 'error', + multiValuesSeparator => ';', casAppMetaDataExportedVars => { sp => { cn => 'cn', diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t index 81fafecfa..92b86f622 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t @@ -245,14 +245,14 @@ sub sp { return LLNG::Manager::Test->new( { ini => { - logLevel => $debug, - domain => 'sp.com', - portal => 'http://auth.sp.com', - authentication => 'CAS', - userDB => 'CAS', - restSessionServer => 1, - issuerDBCASActivation => 0, - multiValuesSeparator => ';', + logLevel => $debug, + domain => 'sp.com', + portal => 'http://auth.sp.com', + authentication => 'CAS', + userDB => 'CAS', + restSessionServer => 1, + issuerDBCASActivation => 0, + multiValuesSeparator => ';', casSrvMetaDataExportedVars => { idp => { cn => 'cn', diff --git a/lemonldap-ng-portal/t/35-REST-sessions-with-REST-server.t b/lemonldap-ng-portal/t/35-REST-sessions-with-REST-server.t index 5f4d390f8..e21b97d6e 100644 --- a/lemonldap-ng-portal/t/35-REST-sessions-with-REST-server.t +++ b/lemonldap-ng-portal/t/35-REST-sessions-with-REST-server.t @@ -67,6 +67,7 @@ ok( $res->{_session_id} eq $spId, ' Good ID' ) or explain( $res, "_session_id => $spId" ); ok( $res->{uid} eq 'french', ' Uid is french' ) or explain( $res, 'uid => french' ); + #ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) # or explain( $res->{cn}, 'Frédéric Accents' ); count(4);