Re-order options

2022-08-28 00:45:25 +02:00 · 2022-08-28 00:45:25 +02:00 · 8ee7bc8e0b
parent ef7f6b43e3
commit 8ee7bc8e0b
11 changed files with 5538 additions and 5378 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -5,386 +5,406 @@ our $VERSION = '2.0.15';

 sub defaultValues {
    return {
-          'activeTimer' => 1,
-          'ADPwdExpireWarning' => 0,
-          'ADPwdMaxAge' => 0,
-          'apacheAuthnLevel' => 3,
-          'applicationList' => {
-                                 'default' => {
-                                                'catname' => 'Default category',
-                                                'type' => 'category'
-                                              }
-                               },
-          'authChoiceParam' => 'lmAuth',
-          'authentication' => 'Demo',
-          'available2F' => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
-          'available2FSelfRegistration' => 'TOTP,U2F,WebAuthn,Yubikey',
-          'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600',
-          'bruteForceProtectionMaxAge' => 300,
-          'bruteForceProtectionMaxFailed' => 3,
-          'bruteForceProtectionMaxLockTime' => 900,
-          'bruteForceProtectionTempo' => 30,
-          'captcha_mail_enabled' => 1,
-          'captcha_register_enabled' => 1,
-          'captcha_size' => 6,
-          'casAccessControlPolicy' => 'none',
-          'casAuthnLevel' => 1,
-          'casTicketExpiration' => 0,
-          'certificateResetByMailCeaAttribute' => 'description',
-          'certificateResetByMailCertificateAttribute' => 'userCertificate;binary',
-          'certificateResetByMailURL' => 'http://auth.example.com/certificateReset',
-          'certificateResetByMailValidityDelay' => 0,
-          'checkDevOpsCheckSessionAttributes' => 1,
-          'checkDevOpsDisplayNormalizedHeaders' => 1,
-          'checkDevOpsDownload' => 1,
-          'checkTime' => 600,
-          'checkUserDisplayComputedSession' => 1,
-          'checkUserDisplayEmptyHeaders' => 0,
-          'checkUserDisplayEmptyValues' => 0,
-          'checkUserDisplayHiddenAttributes' => 0,
-          'checkUserDisplayHistory' => 0,
-          'checkUserDisplayNormalizedHeaders' => 0,
-          'checkUserDisplayPersistentInfo' => 0,
-          'checkUserHiddenAttributes' => '_loginHistory, _session_id, hGroups',
-          'checkUserIdRule' => 1,
-          'checkXSS' => 1,
-          'confirmFormMethod' => 'post',
-          'contextSwitchingIdRule' => 1,
-          'contextSwitchingPrefix' => 'switching',
-          'contextSwitchingRule' => 0,
-          'contextSwitchingStopWithLogout' => 1,
-          'cookieName' => 'lemonldap',
-          'corsAllow_Credentials' => 'true',
-          'corsAllow_Headers' => '*',
-          'corsAllow_Methods' => 'POST,GET',
-          'corsAllow_Origin' => '*',
-          'corsEnabled' => 1,
-          'corsExpose_Headers' => '*',
-          'corsMax_Age' => '86400',
-          'crowdsecAction' => 'reject',
-          'cspConnect' => '\'self\'',
-          'cspDefault' => '\'self\'',
-          'cspFont' => '\'self\'',
-          'cspFormAction' => '*',
-          'cspFrameAncestors' => '',
-          'cspImg' => '\'self\' data:',
-          'cspScript' => '\'self\'',
-          'cspStyle' => '\'self\'',
-          'dbiAuthnLevel' => 2,
-          'dbiExportedVars' => {},
-          'decryptValueRule' => 0,
-          'demoExportedVars' => {
-                                  'cn' => 'cn',
-                                  'mail' => 'mail',
-                                  'uid' => 'uid'
-                                },
-          'displaySessionId' => 1,
-          'domain' => 'example.com',
-          'exportedVars' => {
-                              'UA' => 'HTTP_USER_AGENT'
-                            },
-          'ext2fActivation' => 0,
-          'ext2fCodeActivation' => '\\d{6}',
-          'facebookAuthnLevel' => 1,
-          'facebookExportedVars' => {},
-          'facebookUserField' => 'id',
-          'failedLoginNumber' => 5,
-          'findUserControl' => '^[*\\w]+$',
-          'findUserWildcard' => '*',
-          'formTimeout' => 120,
-          'githubAuthnLevel' => 1,
-          'githubScope' => 'user:email',
-          'githubUserField' => 'login',
-          'globalLogoutRule' => 0,
-          'globalLogoutTimer' => 1,
-          'globalStorage' => 'Apache::Session::File',
-          'globalStorageOptions' => {
-                                      'Directory' => '/var/lib/lemonldap-ng/sessions/',
-                                      'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
-                                      'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
-                                    },
-          'gpgAuthnLevel' => 5,
-          'gpgDb' => '',
-          'grantSessionRules' => {},
-          'groups' => {},
-          'handlerInternalCache' => 15,
-          'handlerServiceTokenTTL' => 30,
-          'hiddenAttributes' => '_password, _2fDevices',
-          'httpOnly' => 1,
-          'https' => -1,
-          'impersonationHiddenAttributes' => '_2fDevices, _loginHistory',
-          'impersonationIdRule' => 1,
-          'impersonationMergeSSOgroups' => 0,
-          'impersonationPrefix' => 'real_',
-          'impersonationRule' => 0,
-          'impersonationSkipEmptyValues' => 1,
-          'infoFormMethod' => 'get',
-          'issuerDBCASPath' => '^/cas/',
-          'issuerDBCASRule' => 1,
-          'issuerDBGetParameters' => {},
-          'issuerDBGetPath' => '^/get/',
-          'issuerDBGetRule' => 1,
-          'issuerDBOpenIDConnectPath' => '^/oauth2/',
-          'issuerDBOpenIDConnectRule' => 1,
-          'issuerDBOpenIDPath' => '^/openidserver/',
-          'issuerDBOpenIDRule' => 1,
-          'issuerDBSAMLPath' => '^/saml/',
-          'issuerDBSAMLRule' => 1,
-          'issuersTimeout' => 120,
-          'jsRedirect' => 0,
-          'krbAuthnLevel' => 3,
-          'krbRemoveDomain' => 1,
-          'ldapAuthnLevel' => 2,
-          'ldapBase' => 'dc=example,dc=com',
-          'ldapExportedVars' => {
-                                  'cn' => 'cn',
-                                  'mail' => 'mail',
-                                  'uid' => 'uid'
-                                },
-          'ldapGroupAttributeName' => 'member',
-          'ldapGroupAttributeNameGroup' => 'dn',
-          'ldapGroupAttributeNameSearch' => 'cn',
-          'ldapGroupAttributeNameUser' => 'dn',
-          'ldapGroupObjectClass' => 'groupOfNames',
-          'ldapIOTimeout' => 10,
-          'ldapPasswordResetAttribute' => 'pwdReset',
-          'ldapPasswordResetAttributeValue' => 'TRUE',
-          'ldapPwdEnc' => 'utf-8',
-          'ldapSearchDeref' => 'find',
-          'ldapServer' => 'ldap://localhost',
-          'ldapTimeout' => 10,
-          'ldapUsePasswordResetAttribute' => 1,
-          'ldapVerify' => 'require',
-          'ldapVersion' => 3,
-          'linkedInAuthnLevel' => 1,
-          'linkedInFields' => 'id,first-name,last-name,email-address',
-          'linkedInScope' => 'r_liteprofile r_emailaddress',
-          'linkedInUserField' => 'emailAddress',
-          'localSessionStorage' => 'Cache::FileCache',
-          'localSessionStorageOptions' => {
-                                            'cache_depth' => 3,
-                                            'cache_root' => '/var/cache/lemonldap-ng',
-                                            'default_expires_in' => 600,
-                                            'directory_umask' => '007',
-                                            'namespace' => 'lemonldap-ng-sessions'
-                                          },
-          'locationRules' => {
-                               'default' => 'deny'
-                             },
-          'logoutServices' => {},
-          'macros' => {},
-          'mail2fActivation' => 0,
-          'mail2fCodeRegex' => '\\d{6}',
-          'mailCharset' => 'utf-8',
-          'mailFrom' => 'noreply@example.com',
-          'mailSessionKey' => 'mail',
-          'mailTimeout' => 0,
-          'mailUrl' => 'http://auth.example.com/resetpwd',
-          'managerDn' => '',
-          'managerPassword' => '',
-          'max2FDevices' => 10,
-          'max2FDevicesNameLength' => 20,
-          'multiValuesSeparator' => '; ',
-          'mySessionAuthorizedRWKeys' => [
-                                           '_appsListOrder',
-                                           '_oidcConnectedRP',
-                                           '_oidcConsents'
-                                         ],
-          'newLocationWarningLocationAttribute' => 'ipAddr',
-          'newLocationWarningLocationDisplayAttribute' => '',
-          'newLocationWarningMaxValues' => '0',
-          'notificationDefaultCond' => '',
-          'notificationServerPOST' => 1,
-          'notificationServerSentAttributes' => 'uid reference date title subtitle text check',
-          'notificationsMaxRetrieve' => 3,
-          'notificationStorage' => 'File',
-          'notificationStorageOptions' => {
-                                            'dirName' => '/var/lib/lemonldap-ng/notifications'
-                                          },
-          'notificationWildcard' => 'allusers',
-          'notifyDeleted' => 1,
-          'nullAuthnLevel' => 0,
-          'oidcAuthnLevel' => 1,
-          'oidcRPCallbackGetParam' => 'openidconnectcallback',
-          'oidcRPStateTimeout' => 600,
-          'oidcServiceAccessTokenExpiration' => 3600,
-          'oidcServiceAllowAuthorizationCodeFlow' => 1,
-          'oidcServiceAuthorizationCodeExpiration' => 60,
-          'oidcServiceIDTokenExpiration' => 3600,
-          'oidcServiceMetaDataAuthnContext' => {
-                                                 'loa-1' => 1,
-                                                 'loa-2' => 2,
-                                                 'loa-3' => 3,
-                                                 'loa-4' => 4,
-                                                 'loa-5' => 5
-                                               },
-          'oidcServiceMetaDataAuthorizeURI' => 'authorize',
-          'oidcServiceMetaDataBackChannelURI' => 'blogout',
-          'oidcServiceMetaDataCheckSessionURI' => 'checksession.html',
-          'oidcServiceMetaDataEndSessionURI' => 'logout',
-          'oidcServiceMetaDataFrontChannelURI' => 'flogout',
-          'oidcServiceMetaDataIntrospectionURI' => 'introspect',
-          'oidcServiceMetaDataJWKSURI' => 'jwks',
-          'oidcServiceMetaDataRegistrationURI' => 'register',
-          'oidcServiceMetaDataTokenURI' => 'token',
-          'oidcServiceMetaDataUserInfoURI' => 'userinfo',
-          'oidcServiceOfflineSessionExpiration' => 2592000,
-          'openIdAuthnLevel' => 1,
-          'openIdExportedVars' => {},
-          'openIdIDPList' => '0;',
-          'openIdSPList' => '0;',
-          'openIdSreg_email' => 'mail',
-          'openIdSreg_fullname' => 'cn',
-          'openIdSreg_nickname' => 'uid',
-          'openIdSreg_timezone' => '_timezone',
-          'pamAuthnLevel' => 2,
-          'pamService' => 'login',
-          'passwordDB' => 'Demo',
-          'passwordPolicyActivation' => 1,
-          'passwordPolicyMinDigit' => 0,
-          'passwordPolicyMinLower' => 0,
-          'passwordPolicyMinSize' => 0,
-          'passwordPolicyMinSpeChar' => 0,
-          'passwordPolicyMinUpper' => 0,
-          'passwordPolicySpecialChar' => '__ALL__',
-          'passwordResetAllowedRetries' => 3,
-          'persistentSessionAttributes' => '_loginHistory _2fDevices notification_',
-          'port' => -1,
-          'portal' => 'http://auth.example.com/',
-          'portalAntiFrame' => 1,
-          'portalCheckLogins' => 1,
-          'portalDisplayAppslist' => 1,
-          'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/',
-          'portalDisplayGeneratePassword' => 1,
-          'portalDisplayLoginHistory' => 1,
-          'portalDisplayLogout' => 1,
-          'portalDisplayOidcConsents' => '$_oidcConsents && $_oidcConsents =~ /\\w+/',
-          'portalDisplayRefreshMyRights' => 1,
-          'portalDisplayRegister' => 1,
-          'portalErrorOnExpiredSession' => 1,
-          'portalFavicon' => 'common/favicon.ico',
-          'portalForceAuthnInterval' => 5,
-          'portalMainLogo' => 'common/logos/logo_llng_400px.png',
-          'portalPingInterval' => 60000,
-          'portalRequireOldPassword' => 1,
-          'portalSkin' => 'bootstrap',
-          'portalUserAttr' => '_user',
-          'proxyAuthnLevel' => 2,
-          'proxyAuthServiceChoiceParam' => 'lmAuth',
-          'radius2fActivation' => 0,
-          'radius2fTimeout' => 20,
-          'radiusAuthnLevel' => 3,
-          'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}',
-          'redirectFormMethod' => 'get',
-          'registerDB' => 'Null',
-          'registerTimeout' => 0,
-          'registerUrl' => 'http://auth.example.com/register',
-          'reloadTimeout' => 5,
-          'rememberAuthChoiceRule' => 0,
-          'rememberCookieName' => 'llngrememberauthchoice',
-          'rememberCookieTimeout' => 31536000,
-          'rememberTimer' => 5,
-          'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP',
-          'remoteGlobalStorageOptions' => {
-                                            'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
-                                            'proxy' => 'http://auth.example.com/sessions'
-                                          },
-          'requireToken' => 1,
-          'rest2fActivation' => 0,
-          'restAuthnLevel' => 2,
-          'restClockTolerance' => 15,
-          'sameSite' => '',
-          'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
-          'samlAuthnContextMapKerberos' => 4,
-          'samlAuthnContextMapPassword' => 2,
-          'samlAuthnContextMapPasswordProtectedTransport' => 3,
-          'samlAuthnContextMapTLSClient' => 5,
-          'samlEntityID' => '#PORTAL#/saml/metadata',
-          'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
-          'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
-          'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
-          'samlIDPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
-          'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
-          'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
-          'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
-          'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1,
-          'samlMetadataForceUTF8' => 1,
-          'samlNameIDFormatMapEmail' => 'mail',
-          'samlNameIDFormatMapKerberos' => 'uid',
-          'samlNameIDFormatMapWindows' => 'uid',
-          'samlNameIDFormatMapX509' => 'mail',
-          'samlOrganizationDisplayName' => 'Example',
-          'samlOrganizationName' => 'Example',
-          'samlOrganizationURL' => 'http://www.example.com',
-          'samlOverrideIDPEntityID' => '',
-          'samlRelayStateTimeout' => 600,
-          'samlServiceSignatureMethod' => 'RSA_SHA256',
-          'samlSPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
-          'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
-          'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
-          'samlSPSSODescriptorAuthnRequestsSigned' => 1,
-          'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
-          'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
-          'samlSPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
-          'samlSPSSODescriptorWantAssertionsSigned' => 1,
-          'scrollTop' => 400,
-          'securedCookie' => 0,
-          'sfEngine' => '::2F::Engines::Default',
-          'sfManagerRule' => 1,
-          'sfRemovedMsgRule' => 0,
-          'sfRemovedNotifMsg' => '_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
-          'sfRemovedNotifRef' => 'RemoveSF',
-          'sfRemovedNotifTitle' => 'Second factor notification',
-          'sfRequired' => 0,
-          'showLanguages' => 1,
-          'singleIP' => 0,
-          'singleSession' => 0,
-          'singleUserByIP' => 0,
-          'slaveAuthnLevel' => 2,
-          'slaveExportedVars' => {},
-          'SMTPServer' => '',
-          'SMTPTLS' => '',
-          'soapProxyUrn' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService',
-          'SSLAuthnLevel' => 5,
-          'SSLVar' => 'SSL_CLIENT_S_DN_Email',
-          'SSLVarIf' => {},
-          'stayConnected' => 0,
-          'stayConnectedCookieName' => 'llngconnection',
-          'stayConnectedTimeout' => 2592000,
-          'successLoginNumber' => 5,
-          'timeout' => 72000,
-          'timeoutActivity' => 0,
-          'timeoutActivityInterval' => 60,
-          'totp2fActivation' => 0,
-          'totp2fDigits' => 6,
-          'totp2fInterval' => 30,
-          'totp2fRange' => 1,
-          'totp2fSelfRegistration' => 0,
-          'totp2fUserCanRemoveKey' => 1,
-          'twitterAuthnLevel' => 1,
-          'twitterUserField' => 'screen_name',
-          'u2fActivation' => 0,
-          'u2fSelfRegistration' => 0,
-          'u2fUserCanRemoveKey' => 1,
-          'upgradeSession' => 1,
-          'userControl' => '^[\\w\\.\\-@]+$',
-          'userDB' => 'Same',
-          'useRedirectOnError' => 1,
-          'useSafeJail' => 1,
-          'utotp2fActivation' => 0,
-          'viewerHiddenKeys' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes',
-          'webauthn2fActivation' => 0,
-          'webauthn2fSelfRegistration' => 0,
-          'webauthn2fUserCanRemoveKey' => 1,
-          'webauthn2fUserVerification' => 'preferred',
-          'webIDAuthnLevel' => 1,
-          'webIDExportedVars' => {},
-          'whatToTrace' => 'uid',
-          'yubikey2fActivation' => 0,
-          'yubikey2fPublicIDSize' => 12,
-          'yubikey2fSelfRegistration' => 0,
-          'yubikey2fUserCanRemoveKey' => 1
-        };
+        'activeTimer'        => 1,
+        'ADPwdExpireWarning' => 0,
+        'ADPwdMaxAge'        => 0,
+        'apacheAuthnLevel'   => 3,
+        'applicationList'    => {
+            'default' => {
+                'catname' => 'Default category',
+                'type'    => 'category'
+            }
+        },
+        'authChoiceParam' => 'lmAuth',
+        'authentication'  => 'Demo',
+        'available2F'     =>
+          'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
+        'available2FSelfRegistration'        => 'TOTP,U2F,WebAuthn,Yubikey',
+        'bruteForceProtectionLockTimes'      => '15, 30, 60, 300, 600',
+        'bruteForceProtectionMaxAge'         => 300,
+        'bruteForceProtectionMaxFailed'      => 3,
+        'bruteForceProtectionMaxLockTime'    => 900,
+        'bruteForceProtectionTempo'          => 30,
+        'captcha_mail_enabled'               => 1,
+        'captcha_register_enabled'           => 1,
+        'captcha_size'                       => 6,
+        'casAccessControlPolicy'             => 'none',
+        'casAuthnLevel'                      => 1,
+        'casTicketExpiration'                => 0,
+        'certificateResetByMailCeaAttribute' => 'description',
+        'certificateResetByMailCertificateAttribute' =>
+          'userCertificate;binary',
+        'certificateResetByMailURL' =>
+          'http://auth.example.com/certificateReset',
+        'certificateResetByMailValidityDelay' => 0,
+        'checkDevOpsCheckSessionAttributes'   => 1,
+        'checkDevOpsDisplayNormalizedHeaders' => 1,
+        'checkDevOpsDownload'                 => 1,
+        'checkTime'                           => 600,
+        'checkUserDisplayComputedSession'     => 1,
+        'checkUserDisplayEmptyHeaders'        => 0,
+        'checkUserDisplayEmptyValues'         => 0,
+        'checkUserDisplayHiddenAttributes'    => 0,
+        'checkUserDisplayHistory'             => 0,
+        'checkUserDisplayNormalizedHeaders'   => 0,
+        'checkUserDisplayPersistentInfo'      => 0,
+        'checkUserHiddenAttributes' => '_loginHistory, _session_id, hGroups',
+        'checkUserIdRule'           => 1,
+        'checkXSS'                  => 1,
+        'confirmFormMethod'         => 'post',
+        'contextSwitchingIdRule'    => 1,
+        'contextSwitchingPrefix'    => 'switching',
+        'contextSwitchingRule'      => 0,
+        'contextSwitchingStopWithLogout' => 1,
+        'cookieName'                     => 'lemonldap',
+        'corsAllow_Credentials'          => 'true',
+        'corsAllow_Headers'              => '*',
+        'corsAllow_Methods'              => 'POST,GET',
+        'corsAllow_Origin'               => '*',
+        'corsEnabled'                    => 1,
+        'corsExpose_Headers'             => '*',
+        'corsMax_Age'                    => '86400',
+        'crowdsecAction'                 => 'reject',
+        'cspConnect'                     => '\'self\'',
+        'cspDefault'                     => '\'self\'',
+        'cspFont'                        => '\'self\'',
+        'cspFormAction'                  => '*',
+        'cspFrameAncestors'              => '',
+        'cspImg'                         => '\'self\' data:',
+        'cspScript'                      => '\'self\'',
+        'cspStyle'                       => '\'self\'',
+        'dbiAuthnLevel'                  => 2,
+        'dbiExportedVars'                => {},
+        'decryptValueRule'               => 0,
+        'demoExportedVars'               => {
+            'cn'   => 'cn',
+            'mail' => 'mail',
+            'uid'  => 'uid'
+        },
+        'displaySessionId' => 1,
+        'domain'           => 'example.com',
+        'exportedVars'     => {
+            'UA' => 'HTTP_USER_AGENT'
+        },
+        'ext2fActivation'      => 0,
+        'ext2fCodeActivation'  => '\\d{6}',
+        'facebookAuthnLevel'   => 1,
+        'facebookExportedVars' => {},
+        'facebookUserField'    => 'id',
+        'failedLoginNumber'    => 5,
+        'findUserControl'      => '^[*\\w]+$',
+        'findUserWildcard'     => '*',
+        'formTimeout'          => 120,
+        'githubAuthnLevel'     => 1,
+        'githubScope'          => 'user:email',
+        'githubUserField'      => 'login',
+        'globalLogoutRule'     => 0,
+        'globalLogoutTimer'    => 1,
+        'globalStorage'        => 'Apache::Session::File',
+        'globalStorageOptions' => {
+            'Directory'      => '/var/lib/lemonldap-ng/sessions/',
+            'generateModule' =>
+              'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
+            'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
+        },
+        'gpgAuthnLevel'                 => 5,
+        'gpgDb'                         => '',
+        'grantSessionRules'             => {},
+        'groups'                        => {},
+        'handlerInternalCache'          => 15,
+        'handlerServiceTokenTTL'        => 30,
+        'hiddenAttributes'              => '_password, _2fDevices',
+        'httpOnly'                      => 1,
+        'https'                         => -1,
+        'impersonationHiddenAttributes' => '_2fDevices, _loginHistory',
+        'impersonationIdRule'           => 1,
+        'impersonationMergeSSOgroups'   => 0,
+        'impersonationPrefix'           => 'real_',
+        'impersonationRule'             => 0,
+        'impersonationSkipEmptyValues'  => 1,
+        'infoFormMethod'                => 'get',
+        'issuerDBCASPath'               => '^/cas/',
+        'issuerDBCASRule'               => 1,
+        'issuerDBGetParameters'         => {},
+        'issuerDBGetPath'               => '^/get/',
+        'issuerDBGetRule'               => 1,
+        'issuerDBOpenIDConnectPath'     => '^/oauth2/',
+        'issuerDBOpenIDConnectRule'     => 1,
+        'issuerDBOpenIDPath'            => '^/openidserver/',
+        'issuerDBOpenIDRule'            => 1,
+        'issuerDBSAMLPath'              => '^/saml/',
+        'issuerDBSAMLRule'              => 1,
+        'issuersTimeout'                => 120,
+        'jsRedirect'                    => 0,
+        'krbAuthnLevel'                 => 3,
+        'krbRemoveDomain'               => 1,
+        'ldapAuthnLevel'                => 2,
+        'ldapBase'                      => 'dc=example,dc=com',
+        'ldapExportedVars'              => {
+            'cn'   => 'cn',
+            'mail' => 'mail',
+            'uid'  => 'uid'
+        },
+        'ldapGroupAttributeName'          => 'member',
+        'ldapGroupAttributeNameGroup'     => 'dn',
+        'ldapGroupAttributeNameSearch'    => 'cn',
+        'ldapGroupAttributeNameUser'      => 'dn',
+        'ldapGroupObjectClass'            => 'groupOfNames',
+        'ldapIOTimeout'                   => 10,
+        'ldapPasswordResetAttribute'      => 'pwdReset',
+        'ldapPasswordResetAttributeValue' => 'TRUE',
+        'ldapPwdEnc'                      => 'utf-8',
+        'ldapSearchDeref'                 => 'find',
+        'ldapServer'                      => 'ldap://localhost',
+        'ldapTimeout'                     => 10,
+        'ldapUsePasswordResetAttribute'   => 1,
+        'ldapVerify'                      => 'require',
+        'ldapVersion'                     => 3,
+        'linkedInAuthnLevel'              => 1,
+        'linkedInFields'             => 'id,first-name,last-name,email-address',
+        'linkedInScope'              => 'r_liteprofile r_emailaddress',
+        'linkedInUserField'          => 'emailAddress',
+        'localSessionStorage'        => 'Cache::FileCache',
+        'localSessionStorageOptions' => {
+            'cache_depth'        => 3,
+            'cache_root'         => '/var/cache/lemonldap-ng',
+            'default_expires_in' => 600,
+            'directory_umask'    => '007',
+            'namespace'          => 'lemonldap-ng-sessions'
+        },
+        'locationRules' => {
+            'default' => 'deny'
+        },
+        'logoutServices'            => {},
+        'macros'                    => {},
+        'mail2fActivation'          => 0,
+        'mail2fCodeRegex'           => '\\d{6}',
+        'mailCharset'               => 'utf-8',
+        'mailFrom'                  => 'noreply@example.com',
+        'mailSessionKey'            => 'mail',
+        'mailTimeout'               => 0,
+        'mailUrl'                   => 'http://auth.example.com/resetpwd',
+        'managerDn'                 => '',
+        'managerPassword'           => '',
+        'max2FDevices'              => 10,
+        'max2FDevicesNameLength'    => 20,
+        'multiValuesSeparator'      => '; ',
+        'mySessionAuthorizedRWKeys' =>
+          [ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ],
+        'newLocationWarningLocationAttribute'        => 'ipAddr',
+        'newLocationWarningLocationDisplayAttribute' => '',
+        'newLocationWarningMaxValues'                => '0',
+        'notificationDefaultCond'                    => '',
+        'notificationServerPOST'                     => 1,
+        'notificationServerSentAttributes'           =>
+          'uid reference date title subtitle text check',
+        'notificationsMaxRetrieve'   => 3,
+        'notificationStorage'        => 'File',
+        'notificationStorageOptions' => {
+            'dirName' => '/var/lib/lemonldap-ng/notifications'
+        },
+        'notificationWildcard'                   => 'allusers',
+        'notifyDeleted'                          => 1,
+        'nullAuthnLevel'                         => 0,
+        'oidcAuthnLevel'                         => 1,
+        'oidcRPCallbackGetParam'                 => 'openidconnectcallback',
+        'oidcRPStateTimeout'                     => 600,
+        'oidcServiceAccessTokenExpiration'       => 3600,
+        'oidcServiceAllowAuthorizationCodeFlow'  => 1,
+        'oidcServiceAuthorizationCodeExpiration' => 60,
+        'oidcServiceIDTokenExpiration'           => 3600,
+        'oidcServiceMetaDataAuthnContext'        => {
+            'loa-1' => 1,
+            'loa-2' => 2,
+            'loa-3' => 3,
+            'loa-4' => 4,
+            'loa-5' => 5
+        },
+        'oidcServiceMetaDataAuthorizeURI'     => 'authorize',
+        'oidcServiceMetaDataBackChannelURI'   => 'blogout',
+        'oidcServiceMetaDataCheckSessionURI'  => 'checksession.html',
+        'oidcServiceMetaDataEndSessionURI'    => 'logout',
+        'oidcServiceMetaDataFrontChannelURI'  => 'flogout',
+        'oidcServiceMetaDataIntrospectionURI' => 'introspect',
+        'oidcServiceMetaDataJWKSURI'          => 'jwks',
+        'oidcServiceMetaDataRegistrationURI'  => 'register',
+        'oidcServiceMetaDataTokenURI'         => 'token',
+        'oidcServiceMetaDataUserInfoURI'      => 'userinfo',
+        'oidcServiceOfflineSessionExpiration' => 2592000,
+        'openIdAuthnLevel'                    => 1,
+        'openIdExportedVars'                  => {},
+        'openIdIDPList'                       => '0;',
+        'openIdSPList'                        => '0;',
+        'openIdSreg_email'                    => 'mail',
+        'openIdSreg_fullname'                 => 'cn',
+        'openIdSreg_nickname'                 => 'uid',
+        'openIdSreg_timezone'                 => '_timezone',
+        'pamAuthnLevel'                       => 2,
+        'pamService'                          => 'login',
+        'passwordDB'                          => 'Demo',
+        'passwordPolicyActivation'            => 1,
+        'passwordPolicyMinDigit'              => 0,
+        'passwordPolicyMinLower'              => 0,
+        'passwordPolicyMinSize'               => 0,
+        'passwordPolicyMinSpeChar'            => 0,
+        'passwordPolicyMinUpper'              => 0,
+        'passwordPolicySpecialChar'           => '__ALL__',
+        'passwordResetAllowedRetries'         => 3,
+        'persistentSessionAttributes'         =>
+          '_loginHistory _2fDevices notification_',
+        'port'                          => -1,
+        'portal'                        => 'http://auth.example.com/',
+        'portalAntiFrame'               => 1,
+        'portalCheckLogins'             => 1,
+        'portalDisplayAppslist'         => 1,
+        'portalDisplayChangePassword'   => '$_auth =~ /^(LDAP|DBI|Demo)$/',
+        'portalDisplayGeneratePassword' => 1,
+        'portalDisplayLoginHistory'     => 1,
+        'portalDisplayLogout'           => 1,
+        'portalDisplayOidcConsents'     =>
+          '$_oidcConsents && $_oidcConsents =~ /\\w+/',
+        'portalDisplayRefreshMyRights' => 1,
+        'portalDisplayRegister'        => 1,
+        'portalErrorOnExpiredSession'  => 1,
+        'portalFavicon'                => 'common/favicon.ico',
+        'portalForceAuthnInterval'     => 5,
+        'portalMainLogo'               => 'common/logos/logo_llng_400px.png',
+        'portalPingInterval'           => 60000,
+        'portalRequireOldPassword'     => 1,
+        'portalSkin'                   => 'bootstrap',
+        'portalUserAttr'               => '_user',
+        'proxyAuthnLevel'              => 2,
+        'proxyAuthServiceChoiceParam'  => 'lmAuth',
+        'radius2fActivation'           => 0,
+        'radius2fTimeout'              => 20,
+        'radiusAuthnLevel'             => 3,
+        'randomPasswordRegexp'         => '[A-Z]{3}[a-z]{5}.\\d{2}',
+        'redirectFormMethod'           => 'get',
+        'registerDB'                   => 'Null',
+        'registerTimeout'              => 0,
+        'registerUrl'                  => 'http://auth.example.com/register',
+        'reloadTimeout'                => 5,
+        'rememberAuthChoiceRule'       => 0,
+        'rememberCookieName'           => 'llngrememberauthchoice',
+        'rememberCookieTimeout'        => 31536000,
+        'rememberTimer'                => 5,
+        'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP',
+        'remoteGlobalStorageOptions' => {
+            'ns' =>
+              'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
+            'proxy' => 'http://auth.example.com/sessions'
+        },
+        'requireToken'                                         => 1,
+        'rest2fActivation'                                     => 0,
+        'restAuthnLevel'                                       => 2,
+        'restClockTolerance'                                   => 15,
+        'sameSite'                                             => '',
+        'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
+          'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
+        'samlAuthnContextMapKerberos'                   => 4,
+        'samlAuthnContextMapPassword'                   => 2,
+        'samlAuthnContextMapPasswordProtectedTransport' => 3,
+        'samlAuthnContextMapTLSClient'                  => 5,
+        'samlEntityID' => '#PORTAL#/saml/metadata',
+        'samlIDPSSODescriptorArtifactResolutionServiceArtifact' =>
+'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
+        'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
+        'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
+        'samlIDPSSODescriptorSingleLogoutServiceSOAP' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
+        'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
+        'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
+        'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
+        'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1,
+        'samlMetadataForceUTF8'                       => 1,
+        'samlNameIDFormatMapEmail'                    => 'mail',
+        'samlNameIDFormatMapKerberos'                 => 'uid',
+        'samlNameIDFormatMapWindows'                  => 'uid',
+        'samlNameIDFormatMapX509'                     => 'mail',
+        'samlOrganizationDisplayName'                 => 'Example',
+        'samlOrganizationName'                        => 'Example',
+        'samlOrganizationURL'        => 'http://www.example.com',
+        'samlOverrideIDPEntityID'    => '',
+        'samlRelayStateTimeout'      => 600,
+        'samlServiceSignatureMethod' => 'RSA_SHA256',
+        'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
+'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
+        'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' =>
+'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
+        'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' =>
+'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
+        'samlSPSSODescriptorAuthnRequestsSigned'         => 1,
+        'samlSPSSODescriptorSingleLogoutServiceHTTPPost' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
+        'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
+        'samlSPSSODescriptorSingleLogoutServiceSOAP' =>
+'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
+        'samlSPSSODescriptorWantAssertionsSigned' => 1,
+        'scrollTop'                               => 400,
+        'securedCookie'                           => 0,
+        'sfEngine'                                => '::2F::Engines::Default',
+        'sfManagerRule'                           => 1,
+        'sfRemovedMsgRule'                        => 0,
+        'sfRemovedNotifMsg'                       =>
+'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
+        'sfRemovedNotifRef'       => 'RemoveSF',
+        'sfRemovedNotifTitle'     => 'Second factor notification',
+        'sfRequired'              => 0,
+        'showLanguages'           => 1,
+        'singleIP'                => 0,
+        'singleSession'           => 0,
+        'singleUserByIP'          => 0,
+        'slaveAuthnLevel'         => 2,
+        'slaveExportedVars'       => {},
+        'SMTPServer'              => '',
+        'SMTPTLS'                 => '',
+        'soapProxyUrn'            => 'urn:Lemonldap/NG/Common/PSGI/SOAPService',
+        'SSLAuthnLevel'           => 5,
+        'SSLVar'                  => 'SSL_CLIENT_S_DN_Email',
+        'SSLVarIf'                => {},
+        'stayConnected'           => 0,
+        'stayConnectedCookieName' => 'llngconnection',
+        'stayConnectedTimeout'    => 2592000,
+        'successLoginNumber'      => 5,
+        'timeout'                 => 72000,
+        'timeoutActivity'         => 0,
+        'timeoutActivityInterval' => 60,
+        'totp2fActivation'        => 0,
+        'totp2fDigits'            => 6,
+        'totp2fInterval'          => 30,
+        'totp2fRange'             => 1,
+        'totp2fSelfRegistration'  => 0,
+        'totp2fUserCanRemoveKey'  => 1,
+        'twitterAuthnLevel'       => 1,
+        'twitterUserField'        => 'screen_name',
+        'u2fActivation'           => 0,
+        'u2fSelfRegistration'     => 0,
+        'u2fUserCanRemoveKey'     => 1,
+        'upgradeSession'          => 1,
+        'userControl'             => '^[\\w\\.\\-@]+$',
+        'userDB'                  => 'Same',
+        'useRedirectOnError'      => 1,
+        'useSafeJail'             => 1,
+        'utotp2fActivation'       => 0,
+        'viewerHiddenKeys'     => 'samlIDPMetaDataNodes, samlSPMetaDataNodes',
+        'webauthn2fActivation' => 0,
+        'webauthn2fSelfRegistration' => 0,
+        'webauthn2fUserCanRemoveKey' => 1,
+        'webauthn2fUserVerification' => 'preferred',
+        'webIDAuthnLevel'            => 1,
+        'webIDExportedVars'          => {},
+        'whatToTrace'                => 'uid',
+        'yubikey2fActivation'        => 0,
+        'yubikey2fPublicIDSize'      => 12,
+        'yubikey2fSelfRegistration'  => 0,
+        'yubikey2fUserCanRemoveKey'  => 1
+    };
 }

 1;
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
@ -68,7 +68,7 @@ our $issuerParameters = {
  issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
  issuerOptions => [qw(issuersTimeout)],
 };
-our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
+our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapKerberos samlAuthnContextMapTLSClient samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
 our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServiceAllowDynamicRegistration oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAllowOnlyDeclaredScopes oidcServiceAuthorizationCodeExpiration oidcServiceIDTokenExpiration oidcServiceAccessTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions)];

 1;
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm
@ -8,115 +8,115 @@ our $VERSION = '2.0.15';

 sub portalConsts {
    return {
-          '-1' => 'PE_DONE',
-          '-2' => 'PE_REDIRECT',
-          '-3' => 'PE_INFO',
-          '-4' => 'PE_SENDRESPONSE',
-          '-5' => 'PE_IDPCHOICE',
-          '0' => 'PE_OK',
-          '1' => 'PE_SESSIONEXPIRED',
-          '10' => 'PE_BADCERTIFICATE',
-          '100' => 'PE_PP_NOT_ALLOWED_CHARACTER',
-          '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
-          '102' => 'PE_UPGRADESESSION',
-          '103' => 'PE_NO_SECOND_FACTORS',
-          '104' => 'PE_BAD_DEVOPS_FILE',
-          '105' => 'PE_FILENOTFOUND',
-          '106' => 'PE_OIDC_AUTH_ERROR',
-          '2' => 'PE_FORMEMPTY',
-          '20' => 'PE_NO_PASSWORD_BE',
-          '21' => 'PE_PP_ACCOUNT_LOCKED',
-          '22' => 'PE_PP_PASSWORD_EXPIRED',
-          '23' => 'PE_CERTIFICATEREQUIRED',
-          '24' => 'PE_ERROR',
-          '25' => 'PE_PP_CHANGE_AFTER_RESET',
-          '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
-          '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
-          '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
-          '29' => 'PE_PP_PASSWORD_TOO_SHORT',
-          '3' => 'PE_WRONGMANAGERACCOUNT',
-          '30' => 'PE_PP_PASSWORD_TOO_YOUNG',
-          '31' => 'PE_PP_PASSWORD_IN_HISTORY',
-          '32' => 'PE_PP_GRACE',
-          '33' => 'PE_PP_EXP_WARNING',
-          '34' => 'PE_PASSWORD_MISMATCH',
-          '35' => 'PE_PASSWORD_OK',
-          '36' => 'PE_NOTIFICATION',
-          '37' => 'PE_BADURL',
-          '38' => 'PE_NOSCHEME',
-          '39' => 'PE_BADOLDPASSWORD',
-          '4' => 'PE_USERNOTFOUND',
-          '40' => 'PE_MALFORMEDUSER',
-          '41' => 'PE_SESSIONNOTGRANTED',
-          '42' => 'PE_CONFIRM',
-          '43' => 'PE_MAILFORMEMPTY',
-          '44' => 'PE_BADMAILTOKEN',
-          '45' => 'PE_MAILERROR',
-          '46' => 'PE_MAILOK',
-          '47' => 'PE_LOGOUT_OK',
-          '48' => 'PE_SAML_ERROR',
-          '49' => 'PE_SAML_LOAD_SERVICE_ERROR',
-          '5' => 'PE_BADCREDENTIALS',
-          '50' => 'PE_SAML_LOAD_IDP_ERROR',
-          '51' => 'PE_SAML_SSO_ERROR',
-          '52' => 'PE_SAML_UNKNOWN_ENTITY',
-          '53' => 'PE_SAML_DESTINATION_ERROR',
-          '54' => 'PE_SAML_CONDITIONS_ERROR',
-          '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
-          '56' => 'PE_SAML_SLO_ERROR',
-          '57' => 'PE_SAML_SIGNATURE_ERROR',
-          '58' => 'PE_SAML_ART_ERROR',
-          '59' => 'PE_SAML_SESSION_ERROR',
-          '6' => 'PE_LDAPCONNECTFAILED',
-          '60' => 'PE_SAML_LOAD_SP_ERROR',
-          '61' => 'PE_SAML_ATTR_ERROR',
-          '62' => 'PE_OPENID_EMPTY',
-          '63' => 'PE_OPENID_BADID',
-          '64' => 'PE_MISSINGREQATTR',
-          '65' => 'PE_BADPARTNER',
-          '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT',
-          '67' => 'PE_PASSWORDFORMEMPTY',
-          '68' => 'PE_CAS_SERVICE_NOT_ALLOWED',
-          '69' => 'PE_MAILFIRSTACCESS',
-          '7' => 'PE_LDAPERROR',
-          '70' => 'PE_MAILNOTFOUND',
-          '71' => 'PE_PASSWORDFIRSTACCESS',
-          '72' => 'PE_MAILCONFIRMOK',
-          '73' => 'PE_RADIUSCONNECTFAILED',
-          '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD',
-          '75' => 'PE_FORBIDDENIP',
-          '76' => 'PE_CAPTCHAERROR',
-          '77' => 'PE_CAPTCHAEMPTY',
-          '78' => 'PE_REGISTERFIRSTACCESS',
-          '79' => 'PE_REGISTERFORMEMPTY',
-          '8' => 'PE_APACHESESSIONERROR',
-          '80' => 'PE_REGISTERALREADYEXISTS',
-          '81' => 'PE_NOTOKEN',
-          '82' => 'PE_TOKENEXPIRED',
-          '83' => 'PE_U2FFAILED',
-          '84' => 'PE_UNAUTHORIZEDPARTNER',
-          '85' => 'PE_RENEWSESSION',
-          '86' => 'PE_WAIT',
-          '87' => 'PE_MUSTAUTHN',
-          '88' => 'PE_MUSTHAVEMAIL',
-          '89' => 'PE_SAML_SERVICE_NOT_ALLOWED',
-          '9' => 'PE_FIRSTACCESS',
-          '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED',
-          '91' => 'PE_OID_SERVICE_NOT_ALLOWED',
-          '92' => 'PE_GET_SERVICE_NOT_ALLOWED',
-          '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
-          '94' => 'PE_ISSUERMISSINGREQATTR',
-          '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
-          '96' => 'PE_BADOTP',
-          '97' => 'PE_RESETCERTIFICATE_INVALID',
-          '98' => 'PE_RESETCERTIFICATE_FORMEMPTY',
-          '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS'
-        };
+        '-1'  => 'PE_DONE',
+        '-2'  => 'PE_REDIRECT',
+        '-3'  => 'PE_INFO',
+        '-4'  => 'PE_SENDRESPONSE',
+        '-5'  => 'PE_IDPCHOICE',
+        '0'   => 'PE_OK',
+        '1'   => 'PE_SESSIONEXPIRED',
+        '10'  => 'PE_BADCERTIFICATE',
+        '100' => 'PE_PP_NOT_ALLOWED_CHARACTER',
+        '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
+        '102' => 'PE_UPGRADESESSION',
+        '103' => 'PE_NO_SECOND_FACTORS',
+        '104' => 'PE_BAD_DEVOPS_FILE',
+        '105' => 'PE_FILENOTFOUND',
+        '106' => 'PE_OIDC_AUTH_ERROR',
+        '2'   => 'PE_FORMEMPTY',
+        '20'  => 'PE_NO_PASSWORD_BE',
+        '21'  => 'PE_PP_ACCOUNT_LOCKED',
+        '22'  => 'PE_PP_PASSWORD_EXPIRED',
+        '23'  => 'PE_CERTIFICATEREQUIRED',
+        '24'  => 'PE_ERROR',
+        '25'  => 'PE_PP_CHANGE_AFTER_RESET',
+        '26'  => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
+        '27'  => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
+        '28'  => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
+        '29'  => 'PE_PP_PASSWORD_TOO_SHORT',
+        '3'   => 'PE_WRONGMANAGERACCOUNT',
+        '30'  => 'PE_PP_PASSWORD_TOO_YOUNG',
+        '31'  => 'PE_PP_PASSWORD_IN_HISTORY',
+        '32'  => 'PE_PP_GRACE',
+        '33'  => 'PE_PP_EXP_WARNING',
+        '34'  => 'PE_PASSWORD_MISMATCH',
+        '35'  => 'PE_PASSWORD_OK',
+        '36'  => 'PE_NOTIFICATION',
+        '37'  => 'PE_BADURL',
+        '38'  => 'PE_NOSCHEME',
+        '39'  => 'PE_BADOLDPASSWORD',
+        '4'   => 'PE_USERNOTFOUND',
+        '40'  => 'PE_MALFORMEDUSER',
+        '41'  => 'PE_SESSIONNOTGRANTED',
+        '42'  => 'PE_CONFIRM',
+        '43'  => 'PE_MAILFORMEMPTY',
+        '44'  => 'PE_BADMAILTOKEN',
+        '45'  => 'PE_MAILERROR',
+        '46'  => 'PE_MAILOK',
+        '47'  => 'PE_LOGOUT_OK',
+        '48'  => 'PE_SAML_ERROR',
+        '49'  => 'PE_SAML_LOAD_SERVICE_ERROR',
+        '5'   => 'PE_BADCREDENTIALS',
+        '50'  => 'PE_SAML_LOAD_IDP_ERROR',
+        '51'  => 'PE_SAML_SSO_ERROR',
+        '52'  => 'PE_SAML_UNKNOWN_ENTITY',
+        '53'  => 'PE_SAML_DESTINATION_ERROR',
+        '54'  => 'PE_SAML_CONDITIONS_ERROR',
+        '55'  => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
+        '56'  => 'PE_SAML_SLO_ERROR',
+        '57'  => 'PE_SAML_SIGNATURE_ERROR',
+        '58'  => 'PE_SAML_ART_ERROR',
+        '59'  => 'PE_SAML_SESSION_ERROR',
+        '6'   => 'PE_LDAPCONNECTFAILED',
+        '60'  => 'PE_SAML_LOAD_SP_ERROR',
+        '61'  => 'PE_SAML_ATTR_ERROR',
+        '62'  => 'PE_OPENID_EMPTY',
+        '63'  => 'PE_OPENID_BADID',
+        '64'  => 'PE_MISSINGREQATTR',
+        '65'  => 'PE_BADPARTNER',
+        '66'  => 'PE_MAILCONFIRMATION_ALREADY_SENT',
+        '67'  => 'PE_PASSWORDFORMEMPTY',
+        '68'  => 'PE_CAS_SERVICE_NOT_ALLOWED',
+        '69'  => 'PE_MAILFIRSTACCESS',
+        '7'   => 'PE_LDAPERROR',
+        '70'  => 'PE_MAILNOTFOUND',
+        '71'  => 'PE_PASSWORDFIRSTACCESS',
+        '72'  => 'PE_MAILCONFIRMOK',
+        '73'  => 'PE_RADIUSCONNECTFAILED',
+        '74'  => 'PE_MUST_SUPPLY_OLD_PASSWORD',
+        '75'  => 'PE_FORBIDDENIP',
+        '76'  => 'PE_CAPTCHAERROR',
+        '77'  => 'PE_CAPTCHAEMPTY',
+        '78'  => 'PE_REGISTERFIRSTACCESS',
+        '79'  => 'PE_REGISTERFORMEMPTY',
+        '8'   => 'PE_APACHESESSIONERROR',
+        '80'  => 'PE_REGISTERALREADYEXISTS',
+        '81'  => 'PE_NOTOKEN',
+        '82'  => 'PE_TOKENEXPIRED',
+        '83'  => 'PE_U2FFAILED',
+        '84'  => 'PE_UNAUTHORIZEDPARTNER',
+        '85'  => 'PE_RENEWSESSION',
+        '86'  => 'PE_WAIT',
+        '87'  => 'PE_MUSTAUTHN',
+        '88'  => 'PE_MUSTHAVEMAIL',
+        '89'  => 'PE_SAML_SERVICE_NOT_ALLOWED',
+        '9'   => 'PE_FIRSTACCESS',
+        '90'  => 'PE_OIDC_SERVICE_NOT_ALLOWED',
+        '91'  => 'PE_OID_SERVICE_NOT_ALLOWED',
+        '92'  => 'PE_GET_SERVICE_NOT_ALLOWED',
+        '93'  => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
+        '94'  => 'PE_ISSUERMISSINGREQATTR',
+        '95'  => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
+        '96'  => 'PE_BADOTP',
+        '97'  => 'PE_RESETCERTIFICATE_INVALID',
+        '98'  => 'PE_RESETCERTIFICATE_FORMEMPTY',
+        '99'  => 'PE_RESETCERTIFICATE_FIRSTACCESS'
+    };

 }

 # EXPORTER PARAMETERS
-our @EXPORT_OK = ( 'portalConsts' );
+our @EXPORT_OK   = ('portalConsts');
 our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );

 1;
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
@ -198,13 +198,14 @@ sub cTrees {
            {
                title => 'oidcRPMetaDataOptions',
                help  => 'idpopenidconnect.html#options',
-                nodes => [ {
+                nodes => [ 
+                {
                        title => 'oidcRPMetaDataOptionsBasic',
                        form  => 'simpleInputContainer',
                        nodes => [
+                            'oidcRPMetaDataOptionsPublic',
                            'oidcRPMetaDataOptionsClientID',
                            'oidcRPMetaDataOptionsClientSecret',
-                            'oidcRPMetaDataOptionsPublic',
                            'oidcRPMetaDataOptionsRedirectUris',
                        ]
                    },
@ -213,12 +214,12 @@ sub cTrees {
                        form  => 'simpleInputContainer',
                        nodes => [
                            'oidcRPMetaDataOptionsBypassConsent',
-                            'oidcRPMetaDataOptionsUserIDAttr',
                            'oidcRPMetaDataOptionsIDTokenForceClaims',
                            'oidcRPMetaDataOptionsAccessTokenJWT',
                            'oidcRPMetaDataOptionsAccessTokenClaims',
-                            'oidcRPMetaDataOptionsAdditionalAudiences',
                            'oidcRPMetaDataOptionsRefreshToken',
+                            'oidcRPMetaDataOptionsUserIDAttr',
+                            'oidcRPMetaDataOptionsAdditionalAudiences',
                        ]
                    },
                    {
@ -251,10 +252,10 @@ sub cTrees {
                        form  => 'simpleInputContainer',
                        nodes => [
                            'oidcRPMetaDataOptionsLogoutBypassConfirm',
-                            'oidcRPMetaDataOptionsPostLogoutRedirectUris',
-                            'oidcRPMetaDataOptionsLogoutUrl',
-                            'oidcRPMetaDataOptionsLogoutType',
                            'oidcRPMetaDataOptionsLogoutSessionRequired',
+                            'oidcRPMetaDataOptionsLogoutType',
+                            'oidcRPMetaDataOptionsLogoutUrl',
+                            'oidcRPMetaDataOptionsPostLogoutRedirectUris',
                        ]
                    },
                ]
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@ -968,11 +968,11 @@ sub tree {
                            help  => 'mail2f.html',
                            form  => 'simpleInputContainer',
                            nodes => [
-                                'mail2fActivation', 'mail2fCodeRegex',
-                                'mail2fTimeout',    'mail2fSubject',
-                                'mail2fBody',       'mail2fSessionKey',
+                                'mail2fActivation',     'mail2fCodeRegex',
+                                'mail2fTimeout',        'mail2fSubject',
+                                'mail2fBody',           'mail2fSessionKey',
                                'mail2fResendInterval', 'mail2fAuthnLevel',
-                                'mail2fLabel', 'mail2fLogo'
+                                'mail2fLabel',          'mail2fLogo'
                            ]
                        },
                        {
@ -980,10 +980,10 @@ sub tree {
                            help  => 'external2f.html',
                            form  => 'simpleInputContainer',
                            nodes => [
-                                'ext2fActivation', 'ext2fCodeActivation',
-                                'ext2FSendCommand', 'ext2FValidateCommand',
+                                'ext2fActivation',     'ext2fCodeActivation',
+                                'ext2FSendCommand',    'ext2FValidateCommand',
                                'ext2fResendInterval', 'ext2fAuthnLevel',
-                                'ext2fLabel', 'ext2fLogo',
+                                'ext2fLabel',          'ext2fLogo',
                            ]
                        },
                        {
@ -1006,11 +1006,16 @@ sub tree {
                            help  => 'rest2f.html',
                            form  => 'simpleInputContainer',
                            nodes => [
-                                'rest2fActivation', 'rest2fCodeActivation',
-                                'rest2fInitUrl', 'rest2fInitArgs',
-                                'rest2fVerifyUrl', 'rest2fVerifyArgs',
-                                'rest2fResendInterval', 'rest2fAuthnLevel',
-                                'rest2fLabel', 'rest2fLogo'
+                                'rest2fActivation',
+                                'rest2fCodeActivation',
+                                'rest2fInitUrl',
+                                'rest2fInitArgs',
+                                'rest2fVerifyUrl',
+                                'rest2fVerifyArgs',
+                                'rest2fResendInterval',
+                                'rest2fAuthnLevel',
+                                'rest2fLabel',
+                                'rest2fLogo'
                            ]
                        },
                        {
@ -1244,8 +1249,8 @@ sub tree {
                    nodes => [
                        'samlAuthnContextMapPassword',
                        'samlAuthnContextMapPasswordProtectedTransport',
-                        'samlAuthnContextMapTLSClient',
-                        'samlAuthnContextMapKerberos'
+                        'samlAuthnContextMapKerberos',
+                        'samlAuthnContextMapTLSClient'
                    ]
                },
                {
@ -1416,6 +1421,7 @@ sub tree {
                },
                {
                    title => 'oidcServiceMetaDataTimeouts',
+                    form  => 'simpleInputContainer',
                    nodes => [
                        'oidcServiceAuthorizationCodeExpiration',
                        'oidcServiceIDTokenExpiration',
--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js
@ -450,6 +450,13 @@ function templates(tpl,key) {
      "_nodes" : [
         {
            "_nodes" : [
+               {
+                  "default" : 0,
+                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPublic",
+                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPublic",
+                  "title" : "oidcRPMetaDataOptionsPublic",
+                  "type" : "bool"
+               },
               {
                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsClientID",
                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsClientID",
@ -461,13 +468,6 @@ function templates(tpl,key) {
                  "title" : "oidcRPMetaDataOptionsClientSecret",
                  "type" : "password"
               },
-               {
-                  "default" : 0,
-                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPublic",
-                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPublic",
-                  "title" : "oidcRPMetaDataOptionsPublic",
-                  "type" : "bool"
-               },
               {
                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRedirectUris",
                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRedirectUris",
@ -487,11 +487,6 @@ function templates(tpl,key) {
                  "title" : "oidcRPMetaDataOptionsBypassConsent",
                  "type" : "bool"
               },
-               {
-                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsUserIDAttr",
-                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsUserIDAttr",
-                  "title" : "oidcRPMetaDataOptionsUserIDAttr"
-               },
               {
                  "default" : 0,
                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsIDTokenForceClaims",
@ -513,17 +508,22 @@ function templates(tpl,key) {
                  "title" : "oidcRPMetaDataOptionsAccessTokenClaims",
                  "type" : "bool"
               },
-               {
-                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAdditionalAudiences",
-                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAdditionalAudiences",
-                  "title" : "oidcRPMetaDataOptionsAdditionalAudiences"
-               },
               {
                  "default" : 0,
                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRefreshToken",
                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRefreshToken",
                  "title" : "oidcRPMetaDataOptionsRefreshToken",
                  "type" : "bool"
+               },
+               {
+                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsUserIDAttr",
+                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsUserIDAttr",
+                  "title" : "oidcRPMetaDataOptionsUserIDAttr"
+               },
+               {
+                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAdditionalAudiences",
+                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAdditionalAudiences",
+                  "title" : "oidcRPMetaDataOptionsAdditionalAudiences"
               }
            ],
            "id" : "oidcRPMetaDataOptionsAdvanced",
@ -716,14 +716,11 @@ function templates(tpl,key) {
                  "type" : "bool"
               },
               {
-                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
-                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
-                  "title" : "oidcRPMetaDataOptionsPostLogoutRedirectUris"
-               },
-               {
-                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutUrl",
-                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutUrl",
-                  "title" : "oidcRPMetaDataOptionsLogoutUrl"
+                  "default" : 0,
+                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutSessionRequired",
+                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutSessionRequired",
+                  "title" : "oidcRPMetaDataOptionsLogoutSessionRequired",
+                  "type" : "bool"
               },
               {
                  "default" : "front",
@ -739,11 +736,14 @@ function templates(tpl,key) {
                  "type" : "select"
               },
               {
-                  "default" : 0,
-                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutSessionRequired",
-                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutSessionRequired",
-                  "title" : "oidcRPMetaDataOptionsLogoutSessionRequired",
-                  "type" : "bool"
+                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutUrl",
+                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutUrl",
+                  "title" : "oidcRPMetaDataOptionsLogoutUrl"
+               },
+               {
+                  "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
+                  "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
+                  "title" : "oidcRPMetaDataOptionsPostLogoutRedirectUris"
               }
            ],
            "id" : "logout",
--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js
--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
@ -7,224 +7,332 @@ use Exporter 'import';
 our $VERSION = '2.0.15';

 use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main';
-use constant URIRE => qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:\@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)};
+use constant URIRE   =>
+qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:\@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)};
 use constant {
-    PE_IDPCHOICE => -5,
-    PE_SENDRESPONSE => -4,
-    PE_INFO => -3,
-    PE_REDIRECT => -2,
-    PE_DONE => -1,
-    PE_OK => 0,
-    PE_SESSIONEXPIRED => 1,
-    PE_FORMEMPTY => 2,
-    PE_WRONGMANAGERACCOUNT => 3,
-    PE_USERNOTFOUND => 4,
-    PE_BADCREDENTIALS => 5,
-    PE_LDAPCONNECTFAILED => 6,
-    PE_LDAPERROR => 7,
-    PE_APACHESESSIONERROR => 8,
-    PE_FIRSTACCESS => 9,
-    PE_BADCERTIFICATE => 10,
-    PE_NO_PASSWORD_BE => 20,
-    PE_PP_ACCOUNT_LOCKED => 21,
-    PE_PP_PASSWORD_EXPIRED => 22,
-    PE_CERTIFICATEREQUIRED => 23,
-    PE_ERROR => 24,
-    PE_PP_CHANGE_AFTER_RESET => 25,
-    PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
-    PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
-    PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
-    PE_PP_PASSWORD_TOO_SHORT => 29,
-    PE_PP_PASSWORD_TOO_YOUNG => 30,
-    PE_PP_PASSWORD_IN_HISTORY => 31,
-    PE_PP_GRACE => 32,
-    PE_PP_EXP_WARNING => 33,
-    PE_PASSWORD_MISMATCH => 34,
-    PE_PASSWORD_OK => 35,
-    PE_NOTIFICATION => 36,
-    PE_BADURL => 37,
-    PE_NOSCHEME => 38,
-    PE_BADOLDPASSWORD => 39,
-    PE_MALFORMEDUSER => 40,
-    PE_SESSIONNOTGRANTED => 41,
-    PE_CONFIRM => 42,
-    PE_MAILFORMEMPTY => 43,
-    PE_BADMAILTOKEN => 44,
-    PE_MAILERROR => 45,
-    PE_MAILOK => 46,
-    PE_LOGOUT_OK => 47,
-    PE_SAML_ERROR => 48,
-    PE_SAML_LOAD_SERVICE_ERROR => 49,
-    PE_SAML_LOAD_IDP_ERROR => 50,
-    PE_SAML_SSO_ERROR => 51,
-    PE_SAML_UNKNOWN_ENTITY => 52,
-    PE_SAML_DESTINATION_ERROR => 53,
-    PE_SAML_CONDITIONS_ERROR => 54,
-    PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
-    PE_SAML_SLO_ERROR => 56,
-    PE_SAML_SIGNATURE_ERROR => 57,
-    PE_SAML_ART_ERROR => 58,
-    PE_SAML_SESSION_ERROR => 59,
-    PE_SAML_LOAD_SP_ERROR => 60,
-    PE_SAML_ATTR_ERROR => 61,
-    PE_OPENID_EMPTY => 62,
-    PE_OPENID_BADID => 63,
-    PE_MISSINGREQATTR => 64,
-    PE_BADPARTNER => 65,
-    PE_MAILCONFIRMATION_ALREADY_SENT => 66,
-    PE_PASSWORDFORMEMPTY => 67,
-    PE_CAS_SERVICE_NOT_ALLOWED => 68,
-    PE_MAILFIRSTACCESS => 69,
-    PE_MAILNOTFOUND => 70,
-    PE_PASSWORDFIRSTACCESS => 71,
-    PE_MAILCONFIRMOK => 72,
-    PE_RADIUSCONNECTFAILED => 73,
-    PE_MUST_SUPPLY_OLD_PASSWORD => 74,
-    PE_FORBIDDENIP => 75,
-    PE_CAPTCHAERROR => 76,
-    PE_CAPTCHAEMPTY => 77,
-    PE_REGISTERFIRSTACCESS => 78,
-    PE_REGISTERFORMEMPTY => 79,
-    PE_REGISTERALREADYEXISTS => 80,
-    PE_NOTOKEN => 81,
-    PE_TOKENEXPIRED => 82,
-    PE_U2FFAILED => 83,
-    PE_UNAUTHORIZEDPARTNER => 84,
-    PE_RENEWSESSION => 85,
-    PE_WAIT => 86,
-    PE_MUSTAUTHN => 87,
-    PE_MUSTHAVEMAIL => 88,
-    PE_SAML_SERVICE_NOT_ALLOWED => 89,
-    PE_OIDC_SERVICE_NOT_ALLOWED => 90,
-    PE_OID_SERVICE_NOT_ALLOWED => 91,
-    PE_GET_SERVICE_NOT_ALLOWED => 92,
+    PE_IDPCHOICE                         => -5,
+    PE_SENDRESPONSE                      => -4,
+    PE_INFO                              => -3,
+    PE_REDIRECT                          => -2,
+    PE_DONE                              => -1,
+    PE_OK                                => 0,
+    PE_SESSIONEXPIRED                    => 1,
+    PE_FORMEMPTY                         => 2,
+    PE_WRONGMANAGERACCOUNT               => 3,
+    PE_USERNOTFOUND                      => 4,
+    PE_BADCREDENTIALS                    => 5,
+    PE_LDAPCONNECTFAILED                 => 6,
+    PE_LDAPERROR                         => 7,
+    PE_APACHESESSIONERROR                => 8,
+    PE_FIRSTACCESS                       => 9,
+    PE_BADCERTIFICATE                    => 10,
+    PE_NO_PASSWORD_BE                    => 20,
+    PE_PP_ACCOUNT_LOCKED                 => 21,
+    PE_PP_PASSWORD_EXPIRED               => 22,
+    PE_CERTIFICATEREQUIRED               => 23,
+    PE_ERROR                             => 24,
+    PE_PP_CHANGE_AFTER_RESET             => 25,
+    PE_PP_PASSWORD_MOD_NOT_ALLOWED       => 26,
+    PE_PP_MUST_SUPPLY_OLD_PASSWORD       => 27,
+    PE_PP_INSUFFICIENT_PASSWORD_QUALITY  => 28,
+    PE_PP_PASSWORD_TOO_SHORT             => 29,
+    PE_PP_PASSWORD_TOO_YOUNG             => 30,
+    PE_PP_PASSWORD_IN_HISTORY            => 31,
+    PE_PP_GRACE                          => 32,
+    PE_PP_EXP_WARNING                    => 33,
+    PE_PASSWORD_MISMATCH                 => 34,
+    PE_PASSWORD_OK                       => 35,
+    PE_NOTIFICATION                      => 36,
+    PE_BADURL                            => 37,
+    PE_NOSCHEME                          => 38,
+    PE_BADOLDPASSWORD                    => 39,
+    PE_MALFORMEDUSER                     => 40,
+    PE_SESSIONNOTGRANTED                 => 41,
+    PE_CONFIRM                           => 42,
+    PE_MAILFORMEMPTY                     => 43,
+    PE_BADMAILTOKEN                      => 44,
+    PE_MAILERROR                         => 45,
+    PE_MAILOK                            => 46,
+    PE_LOGOUT_OK                         => 47,
+    PE_SAML_ERROR                        => 48,
+    PE_SAML_LOAD_SERVICE_ERROR           => 49,
+    PE_SAML_LOAD_IDP_ERROR               => 50,
+    PE_SAML_SSO_ERROR                    => 51,
+    PE_SAML_UNKNOWN_ENTITY               => 52,
+    PE_SAML_DESTINATION_ERROR            => 53,
+    PE_SAML_CONDITIONS_ERROR             => 54,
+    PE_SAML_IDPSSOINITIATED_NOTALLOWED   => 55,
+    PE_SAML_SLO_ERROR                    => 56,
+    PE_SAML_SIGNATURE_ERROR              => 57,
+    PE_SAML_ART_ERROR                    => 58,
+    PE_SAML_SESSION_ERROR                => 59,
+    PE_SAML_LOAD_SP_ERROR                => 60,
+    PE_SAML_ATTR_ERROR                   => 61,
+    PE_OPENID_EMPTY                      => 62,
+    PE_OPENID_BADID                      => 63,
+    PE_MISSINGREQATTR                    => 64,
+    PE_BADPARTNER                        => 65,
+    PE_MAILCONFIRMATION_ALREADY_SENT     => 66,
+    PE_PASSWORDFORMEMPTY                 => 67,
+    PE_CAS_SERVICE_NOT_ALLOWED           => 68,
+    PE_MAILFIRSTACCESS                   => 69,
+    PE_MAILNOTFOUND                      => 70,
+    PE_PASSWORDFIRSTACCESS               => 71,
+    PE_MAILCONFIRMOK                     => 72,
+    PE_RADIUSCONNECTFAILED               => 73,
+    PE_MUST_SUPPLY_OLD_PASSWORD          => 74,
+    PE_FORBIDDENIP                       => 75,
+    PE_CAPTCHAERROR                      => 76,
+    PE_CAPTCHAEMPTY                      => 77,
+    PE_REGISTERFIRSTACCESS               => 78,
+    PE_REGISTERFORMEMPTY                 => 79,
+    PE_REGISTERALREADYEXISTS             => 80,
+    PE_NOTOKEN                           => 81,
+    PE_TOKENEXPIRED                      => 82,
+    PE_U2FFAILED                         => 83,
+    PE_UNAUTHORIZEDPARTNER               => 84,
+    PE_RENEWSESSION                      => 85,
+    PE_WAIT                              => 86,
+    PE_MUSTAUTHN                         => 87,
+    PE_MUSTHAVEMAIL                      => 88,
+    PE_SAML_SERVICE_NOT_ALLOWED          => 89,
+    PE_OIDC_SERVICE_NOT_ALLOWED          => 90,
+    PE_OID_SERVICE_NOT_ALLOWED           => 91,
+    PE_GET_SERVICE_NOT_ALLOWED           => 92,
    PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
-    PE_ISSUERMISSINGREQATTR => 94,
-    PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
-    PE_BADOTP => 96,
-    PE_RESETCERTIFICATE_INVALID => 97,
-    PE_RESETCERTIFICATE_FORMEMPTY => 98,
-    PE_RESETCERTIFICATE_FIRSTACCESS => 99,
-    PE_PP_NOT_ALLOWED_CHARACTER => 100,
-    PE_PP_NOT_ALLOWED_CHARACTERS => 101,
-    PE_UPGRADESESSION => 102,
-    PE_NO_SECOND_FACTORS => 103,
-    PE_BAD_DEVOPS_FILE => 104,
-    PE_FILENOTFOUND => 105,
-    PE_OIDC_AUTH_ERROR => 106,
+    PE_ISSUERMISSINGREQATTR              => 94,
+    PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED  => 95,
+    PE_BADOTP                            => 96,
+    PE_RESETCERTIFICATE_INVALID          => 97,
+    PE_RESETCERTIFICATE_FORMEMPTY        => 98,
+    PE_RESETCERTIFICATE_FIRSTACCESS      => 99,
+    PE_PP_NOT_ALLOWED_CHARACTER          => 100,
+    PE_PP_NOT_ALLOWED_CHARACTERS         => 101,
+    PE_UPGRADESESSION                    => 102,
+    PE_NO_SECOND_FACTORS                 => 103,
+    PE_BAD_DEVOPS_FILE                   => 104,
+    PE_FILENOTFOUND                      => 105,
+    PE_OIDC_AUTH_ERROR                   => 106,
 };

 sub portalConsts {
    return {
-          '-1' => 'PE_DONE',
-          '-2' => 'PE_REDIRECT',
-          '-3' => 'PE_INFO',
-          '-4' => 'PE_SENDRESPONSE',
-          '-5' => 'PE_IDPCHOICE',
-          '0' => 'PE_OK',
-          '1' => 'PE_SESSIONEXPIRED',
-          '10' => 'PE_BADCERTIFICATE',
-          '100' => 'PE_PP_NOT_ALLOWED_CHARACTER',
-          '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
-          '102' => 'PE_UPGRADESESSION',
-          '103' => 'PE_NO_SECOND_FACTORS',
-          '104' => 'PE_BAD_DEVOPS_FILE',
-          '105' => 'PE_FILENOTFOUND',
-          '106' => 'PE_OIDC_AUTH_ERROR',
-          '2' => 'PE_FORMEMPTY',
-          '20' => 'PE_NO_PASSWORD_BE',
-          '21' => 'PE_PP_ACCOUNT_LOCKED',
-          '22' => 'PE_PP_PASSWORD_EXPIRED',
-          '23' => 'PE_CERTIFICATEREQUIRED',
-          '24' => 'PE_ERROR',
-          '25' => 'PE_PP_CHANGE_AFTER_RESET',
-          '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
-          '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
-          '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
-          '29' => 'PE_PP_PASSWORD_TOO_SHORT',
-          '3' => 'PE_WRONGMANAGERACCOUNT',
-          '30' => 'PE_PP_PASSWORD_TOO_YOUNG',
-          '31' => 'PE_PP_PASSWORD_IN_HISTORY',
-          '32' => 'PE_PP_GRACE',
-          '33' => 'PE_PP_EXP_WARNING',
-          '34' => 'PE_PASSWORD_MISMATCH',
-          '35' => 'PE_PASSWORD_OK',
-          '36' => 'PE_NOTIFICATION',
-          '37' => 'PE_BADURL',
-          '38' => 'PE_NOSCHEME',
-          '39' => 'PE_BADOLDPASSWORD',
-          '4' => 'PE_USERNOTFOUND',
-          '40' => 'PE_MALFORMEDUSER',
-          '41' => 'PE_SESSIONNOTGRANTED',
-          '42' => 'PE_CONFIRM',
-          '43' => 'PE_MAILFORMEMPTY',
-          '44' => 'PE_BADMAILTOKEN',
-          '45' => 'PE_MAILERROR',
-          '46' => 'PE_MAILOK',
-          '47' => 'PE_LOGOUT_OK',
-          '48' => 'PE_SAML_ERROR',
-          '49' => 'PE_SAML_LOAD_SERVICE_ERROR',
-          '5' => 'PE_BADCREDENTIALS',
-          '50' => 'PE_SAML_LOAD_IDP_ERROR',
-          '51' => 'PE_SAML_SSO_ERROR',
-          '52' => 'PE_SAML_UNKNOWN_ENTITY',
-          '53' => 'PE_SAML_DESTINATION_ERROR',
-          '54' => 'PE_SAML_CONDITIONS_ERROR',
-          '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
-          '56' => 'PE_SAML_SLO_ERROR',
-          '57' => 'PE_SAML_SIGNATURE_ERROR',
-          '58' => 'PE_SAML_ART_ERROR',
-          '59' => 'PE_SAML_SESSION_ERROR',
-          '6' => 'PE_LDAPCONNECTFAILED',
-          '60' => 'PE_SAML_LOAD_SP_ERROR',
-          '61' => 'PE_SAML_ATTR_ERROR',
-          '62' => 'PE_OPENID_EMPTY',
-          '63' => 'PE_OPENID_BADID',
-          '64' => 'PE_MISSINGREQATTR',
-          '65' => 'PE_BADPARTNER',
-          '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT',
-          '67' => 'PE_PASSWORDFORMEMPTY',
-          '68' => 'PE_CAS_SERVICE_NOT_ALLOWED',
-          '69' => 'PE_MAILFIRSTACCESS',
-          '7' => 'PE_LDAPERROR',
-          '70' => 'PE_MAILNOTFOUND',
-          '71' => 'PE_PASSWORDFIRSTACCESS',
-          '72' => 'PE_MAILCONFIRMOK',
-          '73' => 'PE_RADIUSCONNECTFAILED',
-          '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD',
-          '75' => 'PE_FORBIDDENIP',
-          '76' => 'PE_CAPTCHAERROR',
-          '77' => 'PE_CAPTCHAEMPTY',
-          '78' => 'PE_REGISTERFIRSTACCESS',
-          '79' => 'PE_REGISTERFORMEMPTY',
-          '8' => 'PE_APACHESESSIONERROR',
-          '80' => 'PE_REGISTERALREADYEXISTS',
-          '81' => 'PE_NOTOKEN',
-          '82' => 'PE_TOKENEXPIRED',
-          '83' => 'PE_U2FFAILED',
-          '84' => 'PE_UNAUTHORIZEDPARTNER',
-          '85' => 'PE_RENEWSESSION',
-          '86' => 'PE_WAIT',
-          '87' => 'PE_MUSTAUTHN',
-          '88' => 'PE_MUSTHAVEMAIL',
-          '89' => 'PE_SAML_SERVICE_NOT_ALLOWED',
-          '9' => 'PE_FIRSTACCESS',
-          '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED',
-          '91' => 'PE_OID_SERVICE_NOT_ALLOWED',
-          '92' => 'PE_GET_SERVICE_NOT_ALLOWED',
-          '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
-          '94' => 'PE_ISSUERMISSINGREQATTR',
-          '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
-          '96' => 'PE_BADOTP',
-          '97' => 'PE_RESETCERTIFICATE_INVALID',
-          '98' => 'PE_RESETCERTIFICATE_FORMEMPTY',
-          '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS'
-        };
+        '-1'  => 'PE_DONE',
+        '-2'  => 'PE_REDIRECT',
+        '-3'  => 'PE_INFO',
+        '-4'  => 'PE_SENDRESPONSE',
+        '-5'  => 'PE_IDPCHOICE',
+        '0'   => 'PE_OK',
+        '1'   => 'PE_SESSIONEXPIRED',
+        '10'  => 'PE_BADCERTIFICATE',
+        '100' => 'PE_PP_NOT_ALLOWED_CHARACTER',
+        '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
+        '102' => 'PE_UPGRADESESSION',
+        '103' => 'PE_NO_SECOND_FACTORS',
+        '104' => 'PE_BAD_DEVOPS_FILE',
+        '105' => 'PE_FILENOTFOUND',
+        '106' => 'PE_OIDC_AUTH_ERROR',
+        '2'   => 'PE_FORMEMPTY',
+        '20'  => 'PE_NO_PASSWORD_BE',
+        '21'  => 'PE_PP_ACCOUNT_LOCKED',
+        '22'  => 'PE_PP_PASSWORD_EXPIRED',
+        '23'  => 'PE_CERTIFICATEREQUIRED',
+        '24'  => 'PE_ERROR',
+        '25'  => 'PE_PP_CHANGE_AFTER_RESET',
+        '26'  => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
+        '27'  => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
+        '28'  => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
+        '29'  => 'PE_PP_PASSWORD_TOO_SHORT',
+        '3'   => 'PE_WRONGMANAGERACCOUNT',
+        '30'  => 'PE_PP_PASSWORD_TOO_YOUNG',
+        '31'  => 'PE_PP_PASSWORD_IN_HISTORY',
+        '32'  => 'PE_PP_GRACE',
+        '33'  => 'PE_PP_EXP_WARNING',
+        '34'  => 'PE_PASSWORD_MISMATCH',
+        '35'  => 'PE_PASSWORD_OK',
+        '36'  => 'PE_NOTIFICATION',
+        '37'  => 'PE_BADURL',
+        '38'  => 'PE_NOSCHEME',
+        '39'  => 'PE_BADOLDPASSWORD',
+        '4'   => 'PE_USERNOTFOUND',
+        '40'  => 'PE_MALFORMEDUSER',
+        '41'  => 'PE_SESSIONNOTGRANTED',
+        '42'  => 'PE_CONFIRM',
+        '43'  => 'PE_MAILFORMEMPTY',
+        '44'  => 'PE_BADMAILTOKEN',
+        '45'  => 'PE_MAILERROR',
+        '46'  => 'PE_MAILOK',
+        '47'  => 'PE_LOGOUT_OK',
+        '48'  => 'PE_SAML_ERROR',
+        '49'  => 'PE_SAML_LOAD_SERVICE_ERROR',
+        '5'   => 'PE_BADCREDENTIALS',
+        '50'  => 'PE_SAML_LOAD_IDP_ERROR',
+        '51'  => 'PE_SAML_SSO_ERROR',
+        '52'  => 'PE_SAML_UNKNOWN_ENTITY',
+        '53'  => 'PE_SAML_DESTINATION_ERROR',
+        '54'  => 'PE_SAML_CONDITIONS_ERROR',
+        '55'  => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
+        '56'  => 'PE_SAML_SLO_ERROR',
+        '57'  => 'PE_SAML_SIGNATURE_ERROR',
+        '58'  => 'PE_SAML_ART_ERROR',
+        '59'  => 'PE_SAML_SESSION_ERROR',
+        '6'   => 'PE_LDAPCONNECTFAILED',
+        '60'  => 'PE_SAML_LOAD_SP_ERROR',
+        '61'  => 'PE_SAML_ATTR_ERROR',
+        '62'  => 'PE_OPENID_EMPTY',
+        '63'  => 'PE_OPENID_BADID',
+        '64'  => 'PE_MISSINGREQATTR',
+        '65'  => 'PE_BADPARTNER',
+        '66'  => 'PE_MAILCONFIRMATION_ALREADY_SENT',
+        '67'  => 'PE_PASSWORDFORMEMPTY',
+        '68'  => 'PE_CAS_SERVICE_NOT_ALLOWED',
+        '69'  => 'PE_MAILFIRSTACCESS',
+        '7'   => 'PE_LDAPERROR',
+        '70'  => 'PE_MAILNOTFOUND',
+        '71'  => 'PE_PASSWORDFIRSTACCESS',
+        '72'  => 'PE_MAILCONFIRMOK',
+        '73'  => 'PE_RADIUSCONNECTFAILED',
+        '74'  => 'PE_MUST_SUPPLY_OLD_PASSWORD',
+        '75'  => 'PE_FORBIDDENIP',
+        '76'  => 'PE_CAPTCHAERROR',
+        '77'  => 'PE_CAPTCHAEMPTY',
+        '78'  => 'PE_REGISTERFIRSTACCESS',
+        '79'  => 'PE_REGISTERFORMEMPTY',
+        '8'   => 'PE_APACHESESSIONERROR',
+        '80'  => 'PE_REGISTERALREADYEXISTS',
+        '81'  => 'PE_NOTOKEN',
+        '82'  => 'PE_TOKENEXPIRED',
+        '83'  => 'PE_U2FFAILED',
+        '84'  => 'PE_UNAUTHORIZEDPARTNER',
+        '85'  => 'PE_RENEWSESSION',
+        '86'  => 'PE_WAIT',
+        '87'  => 'PE_MUSTAUTHN',
+        '88'  => 'PE_MUSTHAVEMAIL',
+        '89'  => 'PE_SAML_SERVICE_NOT_ALLOWED',
+        '9'   => 'PE_FIRSTACCESS',
+        '90'  => 'PE_OIDC_SERVICE_NOT_ALLOWED',
+        '91'  => 'PE_OID_SERVICE_NOT_ALLOWED',
+        '92'  => 'PE_GET_SERVICE_NOT_ALLOWED',
+        '93'  => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
+        '94'  => 'PE_ISSUERMISSINGREQATTR',
+        '95'  => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
+        '96'  => 'PE_BADOTP',
+        '97'  => 'PE_RESETCERTIFICATE_INVALID',
+        '98'  => 'PE_RESETCERTIFICATE_FORMEMPTY',
+        '99'  => 'PE_RESETCERTIFICATE_FIRSTACCESS'
+    };

 }

 # EXPORTER PARAMETERS
-our @EXPORT_OK = ( 'portalConsts', 'HANDLER', 'URIRE', 'PE_IDPCHOICE', 'PE_SENDRESPONSE', 'PE_INFO', 'PE_REDIRECT', 'PE_DONE', 'PE_OK', 'PE_SESSIONEXPIRED', 'PE_FORMEMPTY', 'PE_WRONGMANAGERACCOUNT', 'PE_USERNOTFOUND', 'PE_BADCREDENTIALS', 'PE_LDAPCONNECTFAILED', 'PE_LDAPERROR', 'PE_APACHESESSIONERROR', 'PE_FIRSTACCESS', 'PE_BADCERTIFICATE', 'PE_NO_PASSWORD_BE', 'PE_PP_ACCOUNT_LOCKED', 'PE_PP_PASSWORD_EXPIRED', 'PE_CERTIFICATEREQUIRED', 'PE_ERROR', 'PE_PP_CHANGE_AFTER_RESET', 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', 'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_PASSWORD_TOO_YOUNG', 'PE_PP_PASSWORD_IN_HISTORY', 'PE_PP_GRACE', 'PE_PP_EXP_WARNING', 'PE_PASSWORD_MISMATCH', 'PE_PASSWORD_OK', 'PE_NOTIFICATION', 'PE_BADURL', 'PE_NOSCHEME', 'PE_BADOLDPASSWORD', 'PE_MALFORMEDUSER', 'PE_SESSIONNOTGRANTED', 'PE_CONFIRM', 'PE_MAILFORMEMPTY', 'PE_BADMAILTOKEN', 'PE_MAILERROR', 'PE_MAILOK', 'PE_LOGOUT_OK', 'PE_SAML_ERROR', 'PE_SAML_LOAD_SERVICE_ERROR', 'PE_SAML_LOAD_IDP_ERROR', 'PE_SAML_SSO_ERROR', 'PE_SAML_UNKNOWN_ENTITY', 'PE_SAML_DESTINATION_ERROR', 'PE_SAML_CONDITIONS_ERROR', 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', 'PE_SAML_SLO_ERROR', 'PE_SAML_SIGNATURE_ERROR', 'PE_SAML_ART_ERROR', 'PE_SAML_SESSION_ERROR', 'PE_SAML_LOAD_SP_ERROR', 'PE_SAML_ATTR_ERROR', 'PE_OPENID_EMPTY', 'PE_OPENID_BADID', 'PE_MISSINGREQATTR', 'PE_BADPARTNER', 'PE_MAILCONFIRMATION_ALREADY_SENT', 'PE_PASSWORDFORMEMPTY', 'PE_CAS_SERVICE_NOT_ALLOWED', 'PE_MAILFIRSTACCESS', 'PE_MAILNOTFOUND', 'PE_PASSWORDFIRSTACCESS', 'PE_MAILCONFIRMOK', 'PE_RADIUSCONNECTFAILED', 'PE_MUST_SUPPLY_OLD_PASSWORD', 'PE_FORBIDDENIP', 'PE_CAPTCHAERROR', 'PE_CAPTCHAEMPTY', 'PE_REGISTERFIRSTACCESS', 'PE_REGISTERFORMEMPTY', 'PE_REGISTERALREADYEXISTS', 'PE_NOTOKEN', 'PE_TOKENEXPIRED', 'PE_U2FFAILED', 'PE_UNAUTHORIZEDPARTNER', 'PE_RENEWSESSION', 'PE_WAIT', 'PE_MUSTAUTHN', 'PE_MUSTHAVEMAIL', 'PE_SAML_SERVICE_NOT_ALLOWED', 'PE_OIDC_SERVICE_NOT_ALLOWED', 'PE_OID_SERVICE_NOT_ALLOWED', 'PE_GET_SERVICE_NOT_ALLOWED', 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', 'PE_ISSUERMISSINGREQATTR', 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', 'PE_BADOTP', 'PE_RESETCERTIFICATE_INVALID', 'PE_RESETCERTIFICATE_FORMEMPTY', 'PE_RESETCERTIFICATE_FIRSTACCESS', 'PE_PP_NOT_ALLOWED_CHARACTER', 'PE_PP_NOT_ALLOWED_CHARACTERS', 'PE_UPGRADESESSION', 'PE_NO_SECOND_FACTORS', 'PE_BAD_DEVOPS_FILE', 'PE_FILENOTFOUND', 'PE_OIDC_AUTH_ERROR' );
+our @EXPORT_OK = (
+    'portalConsts',
+    'HANDLER',
+    'URIRE',
+    'PE_IDPCHOICE',
+    'PE_SENDRESPONSE',
+    'PE_INFO',
+    'PE_REDIRECT',
+    'PE_DONE',
+    'PE_OK',
+    'PE_SESSIONEXPIRED',
+    'PE_FORMEMPTY',
+    'PE_WRONGMANAGERACCOUNT',
+    'PE_USERNOTFOUND',
+    'PE_BADCREDENTIALS',
+    'PE_LDAPCONNECTFAILED',
+    'PE_LDAPERROR',
+    'PE_APACHESESSIONERROR',
+    'PE_FIRSTACCESS',
+    'PE_BADCERTIFICATE',
+    'PE_NO_PASSWORD_BE',
+    'PE_PP_ACCOUNT_LOCKED',
+    'PE_PP_PASSWORD_EXPIRED',
+    'PE_CERTIFICATEREQUIRED',
+    'PE_ERROR',
+    'PE_PP_CHANGE_AFTER_RESET',
+    'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
+    'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
+    'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
+    'PE_PP_PASSWORD_TOO_SHORT',
+    'PE_PP_PASSWORD_TOO_YOUNG',
+    'PE_PP_PASSWORD_IN_HISTORY',
+    'PE_PP_GRACE',
+    'PE_PP_EXP_WARNING',
+    'PE_PASSWORD_MISMATCH',
+    'PE_PASSWORD_OK',
+    'PE_NOTIFICATION',
+    'PE_BADURL',
+    'PE_NOSCHEME',
+    'PE_BADOLDPASSWORD',
+    'PE_MALFORMEDUSER',
+    'PE_SESSIONNOTGRANTED',
+    'PE_CONFIRM',
+    'PE_MAILFORMEMPTY',
+    'PE_BADMAILTOKEN',
+    'PE_MAILERROR',
+    'PE_MAILOK',
+    'PE_LOGOUT_OK',
+    'PE_SAML_ERROR',
+    'PE_SAML_LOAD_SERVICE_ERROR',
+    'PE_SAML_LOAD_IDP_ERROR',
+    'PE_SAML_SSO_ERROR',
+    'PE_SAML_UNKNOWN_ENTITY',
+    'PE_SAML_DESTINATION_ERROR',
+    'PE_SAML_CONDITIONS_ERROR',
+    'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
+    'PE_SAML_SLO_ERROR',
+    'PE_SAML_SIGNATURE_ERROR',
+    'PE_SAML_ART_ERROR',
+    'PE_SAML_SESSION_ERROR',
+    'PE_SAML_LOAD_SP_ERROR',
+    'PE_SAML_ATTR_ERROR',
+    'PE_OPENID_EMPTY',
+    'PE_OPENID_BADID',
+    'PE_MISSINGREQATTR',
+    'PE_BADPARTNER',
+    'PE_MAILCONFIRMATION_ALREADY_SENT',
+    'PE_PASSWORDFORMEMPTY',
+    'PE_CAS_SERVICE_NOT_ALLOWED',
+    'PE_MAILFIRSTACCESS',
+    'PE_MAILNOTFOUND',
+    'PE_PASSWORDFIRSTACCESS',
+    'PE_MAILCONFIRMOK',
+    'PE_RADIUSCONNECTFAILED',
+    'PE_MUST_SUPPLY_OLD_PASSWORD',
+    'PE_FORBIDDENIP',
+    'PE_CAPTCHAERROR',
+    'PE_CAPTCHAEMPTY',
+    'PE_REGISTERFIRSTACCESS',
+    'PE_REGISTERFORMEMPTY',
+    'PE_REGISTERALREADYEXISTS',
+    'PE_NOTOKEN',
+    'PE_TOKENEXPIRED',
+    'PE_U2FFAILED',
+    'PE_UNAUTHORIZEDPARTNER',
+    'PE_RENEWSESSION',
+    'PE_WAIT',
+    'PE_MUSTAUTHN',
+    'PE_MUSTHAVEMAIL',
+    'PE_SAML_SERVICE_NOT_ALLOWED',
+    'PE_OIDC_SERVICE_NOT_ALLOWED',
+    'PE_OID_SERVICE_NOT_ALLOWED',
+    'PE_GET_SERVICE_NOT_ALLOWED',
+    'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
+    'PE_ISSUERMISSINGREQATTR',
+    'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
+    'PE_BADOTP',
+    'PE_RESETCERTIFICATE_INVALID',
+    'PE_RESETCERTIFICATE_FORMEMPTY',
+    'PE_RESETCERTIFICATE_FIRSTACCESS',
+    'PE_PP_NOT_ALLOWED_CHARACTER',
+    'PE_PP_NOT_ALLOWED_CHARACTERS',
+    'PE_UPGRADESESSION',
+    'PE_NO_SECOND_FACTORS',
+    'PE_BAD_DEVOPS_FILE',
+    'PE_FILENOTFOUND',
+    'PE_OIDC_AUTH_ERROR'
+);
 our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );

 our @EXPORT = qw(import PE_OK);