diff --git a/doc/sources/admin/applications/publik.rst b/doc/sources/admin/applications/publik.rst index 84e2febbf..3206e0f24 100644 --- a/doc/sources/admin/applications/publik.rst +++ b/doc/sources/admin/applications/publik.rst @@ -49,5 +49,9 @@ with the following parameters (Options -> Basic) : * **Client Secret**: the same you set in Publik configuration. * **Allowed redirection addresses for login**: The "Callback URL" for authentic2 : https://authentic2-instance/accounts/oidc/callback/ +And in Options -> Logout + +* **Allowed redirection addresses for logout**: The "Logout URL" for authentic2 : https://authentic2-instance/logout/ + .. |image0| image:: /applications/logo-publik.png :class: align-center diff --git a/doc/sources/admin/idpopenidconnect.rst b/doc/sources/admin/idpopenidconnect.rst index b0c185fbd..5a025ec94 100644 --- a/doc/sources/admin/idpopenidconnect.rst +++ b/doc/sources/admin/idpopenidconnect.rst @@ -314,11 +314,9 @@ Options (RSXXX) or HMAC (HSXXX) based signature algorithms - **Access Token signature algorithm**: Select one of the available public key signature algorithms - - **Userinfo signature algorithm** (since version ``2.0.12``): Select one - of the available signature algorithms to release user information as a JWT - on the ``/userinfo`` endpoint. If this option is left empty, user - information will be released as a plain JSON object. The ``None`` value - will release user information as an unsigned JWT. + - **Userinfo response format** (since version ``2.0.12``): By default, + UserInfo is returned as a simple JSON object. You can also choose to + return it as a JWT, using one of the available signature algorithms. - **Require PKCE** (since version ``2.0.4``): a code challenge is required at token endpoint (see `RFC7636 `__) diff --git a/doc/sources/admin/requirements.txt b/doc/sources/admin/requirements.txt new file mode 100644 index 000000000..59aa86ccc --- /dev/null +++ b/doc/sources/admin/requirements.txt @@ -0,0 +1 @@ +sphinx_bootstrap_theme diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm index 1125d4fad..32d5d8cf2 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm @@ -18,7 +18,8 @@ sub retrieveSession { # Update cache $class->data($data); - } else { + } + else { $req->data->{oauth2_error} = 'invalid_token'; } return $data; @@ -93,6 +94,10 @@ sub fetchId { return; } my $infos = $class->getOIDCInfos($access_token_sid); + unless ($infos) { + $req->data->{oauth2_error} = 'invalid_token'; + return; + } # Store scope and rpid for future session attributes if ( $infos->{rp} ) { @@ -147,6 +152,20 @@ sub getOIDCInfos { unless ( $oidcSession->error ) { $class->logger->debug("Get OIDC session $id"); + # Verify that session is valid + unless ( $oidcSession->data->{_utime} ) { + $class->logger->error("_utime missing from Access Token session"); + return; + } + + my $ttl = $class->tsv->{timeout} - time + $oidcSession->data->{_utime}; + $class->logger->debug( "Session TTL = " . $ttl ); + + if ( time - $oidcSession->data->{_utime} > $class->tsv->{timeout} ) { + $class->logger->info("Access Token session $id expired"); + return; + } + $infos = { %{ $oidcSession->data } }; } else { diff --git a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t index edcfcdd26..9346b15f9 100644 --- a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t +++ b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t @@ -259,7 +259,7 @@ ok( $client->_get( '/', undef, 'foo.example.fr', "lemonldap=$sessionId" ), 'Reject "foo.example.fr"' ); -ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 ); +ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 ); count(2); ok( @@ -268,7 +268,7 @@ ok( ), 'Reject "foo.example.org/orgdeny"' ); -ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 ); +ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 ); count(2); ok( @@ -286,7 +286,7 @@ ok( ), 'Reject "abfoo.example.org/orgdeny"' ); -ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 ); +ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 ); count(2); ok( @@ -312,7 +312,7 @@ ok( $client->_get( '/', undef, 'abfoo.example.org', "lemonldap=$sessionId" ), 'Reject "abfoo.example.org/"' ); -ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 ); +ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 ); count(2); ok( diff --git a/lemonldap-ng-handler/t/71-Lemonldap-NG-Handler-PSGI-OAuth2.t b/lemonldap-ng-handler/t/71-Lemonldap-NG-Handler-PSGI-OAuth2.t index e32194e2f..e91a9cee3 100644 --- a/lemonldap-ng-handler/t/71-Lemonldap-NG-Handler-PSGI-OAuth2.t +++ b/lemonldap-ng-handler/t/71-Lemonldap-NG-Handler-PSGI-OAuth2.t @@ -4,7 +4,7 @@ BEGIN { require 't/test-psgi-lib.pm'; } -my $maintests = 21; +my $maintests = 25; init( 'Lemonldap::NG::Handler::Server', @@ -57,7 +57,7 @@ Lemonldap::NG::Common::Session->new( { info => { "user_session_id" => $sessionId, "_type" => "access_token", - "_utime" => time, + "_utime" => ( time - 72000 + 300 ), "rp" => "rp-example2", "scope" => "openid email read" } @@ -74,7 +74,7 @@ Lemonldap::NG::Common::Session->new( { info => { "offline_session_id" => '000999000', "_type" => "refresh_token", - "_utime" => time, + "_utime" => ( time - 72000 + 300 ), "rp" => "rp-example", "scope" => "openid email read" } @@ -117,6 +117,7 @@ ok( # Check headers %h = @{ $res->[1] }; +is( $res->[0], 401, "Got correct HTTP code" ); is( $h{'WWW-Authenticate'}, 'Bearer', 'Got WWW-Authenticate: Bearer' ); # Request with invalid Access Token @@ -210,6 +211,24 @@ is( $h{'Auth-ClientConfKey'}, 'rp-example', 'Client confkey correctly transmitted' ); like( $h{'Auth-Scope'}, qr/\bemail\b/, 'Scope correctly transmitted' ); +Time::Fake->offset("+600s"); +ok( + $res = $client->_get( + '/read', undef, + 'test1.example.com', '', + VHOSTTYPE => 'OAuth2', + HTTP_AUTHORIZATION => 'Bearer 999888777', + ), + 'Invalid access token' +); +%h = @{ $res->[1] }; +is( $res->[0], 401, "Access was rejected" ); +is( + $h{'WWW-Authenticate'}, + 'Bearer error="invalid_token"', + 'Got correct error code' +); + count($maintests); done_testing( count() ); clean(); diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index b25d1cc77..731831722 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -2457,35 +2457,35 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: 'default' => '', 'select' => [ { 'k' => '', - 'v' => '' + 'v' => 'JSON' }, { 'k' => 'none', - 'v' => 'None' + 'v' => 'JWT/None' }, { 'k' => 'HS256', - 'v' => 'HS256' + 'v' => 'JWT/HS256' }, { 'k' => 'HS384', - 'v' => 'HS384' + 'v' => 'JWT/HS384' }, { 'k' => 'HS512', - 'v' => 'HS512' + 'v' => 'JWT/HS512' }, { 'k' => 'RS256', - 'v' => 'RS256' + 'v' => 'JWT/RS256' }, { 'k' => 'RS384', - 'v' => 'RS384' + 'v' => 'JWT/RS384' }, { 'k' => 'RS512', - 'v' => 'RS512' + 'v' => 'JWT/RS512' } ], 'type' => 'select' diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 2436fb132..0b5caa105 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -4265,14 +4265,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: oidcRPMetaDataOptionsUserInfoSignAlg => { type => 'select', select => [ - { k => '', v => '' }, - { k => 'none', v => 'None' }, - { k => 'HS256', v => 'HS256' }, - { k => 'HS384', v => 'HS384' }, - { k => 'HS512', v => 'HS512' }, - { k => 'RS256', v => 'RS256' }, - { k => 'RS384', v => 'RS384' }, - { k => 'RS512', v => 'RS512' }, + { k => '', v => 'JSON' }, + { k => 'none', v => 'JWT/None' }, + { k => 'HS256', v => 'JWT/HS256' }, + { k => 'HS384', v => 'JWT/HS384' }, + { k => 'HS512', v => 'JWT/HS512' }, + { k => 'RS256', v => 'JWT/RS256' }, + { k => 'RS384', v => 'JWT/RS384' }, + { k => 'RS512', v => 'JWT/RS512' }, ], default => '', }, diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js index 392fbabc5..8841a5c80 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js @@ -574,35 +574,35 @@ function templates(tpl,key) { "select" : [ { "k" : "", - "v" : "" + "v" : "JSON" }, { "k" : "none", - "v" : "None" + "v" : "JWT/None" }, { "k" : "HS256", - "v" : "HS256" + "v" : "JWT/HS256" }, { "k" : "HS384", - "v" : "HS384" + "v" : "JWT/HS384" }, { "k" : "HS512", - "v" : "HS512" + "v" : "JWT/HS512" }, { "k" : "RS256", - "v" : "RS256" + "v" : "JWT/RS256" }, { "k" : "RS384", - "v" : "RS384" + "v" : "JWT/RS384" }, { "k" : "RS512", - "v" : "RS512" + "v" : "JWT/RS512" } ], "title" : "oidcRPMetaDataOptionsUserInfoSignAlg", diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js index 1c77696ad..689dab46b 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js @@ -1 +1 @@ -function templates(t,a){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+a+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casAppMetaDataOptionsService",id:t+"s/"+a+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{get:t+"s/"+a+"/casAppMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/casAppMetaDataOptionsAuthnLevel",title:"casAppMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/casAppMetaDataOptionsRule",id:t+"s/"+a+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{cnodes:t+"s/"+a+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+a+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsUrl",id:t+"s/"+a+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsRenew",id:t+"s/"+a+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsGateway",id:t+"s/"+a+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/casSrvMetaDataOptionsIcon",id:t+"s/"+a+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"int"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+a+"/oidcOPMetaDataJSON",id:t+"s/"+a+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+a+"/oidcOPMetaDataJWKS",id:t+"s/"+a+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+a+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+a+"/oidcOPMetaDataOptionsScope",id:t+"s/"+a+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"client_secret_post",get:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"int"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{cnodes:t+"s/"+a+"/oidcRPMetaDataExportedVars",default:[{data:["mail","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/email",title:"email",type:"oidcAttribute"},{data:["sn","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"oidcAttribute"},{data:["cn","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/name",title:"name",type:"oidcAttribute"}],id:t+"s/"+a+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"oidcAttributeContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",default:[],id:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"}],id:"oidcRPMetaDataOptionsBasic",title:"oidcRPMetaDataOptionsBasic",type:"simpleInputContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",help:"openidconnectclaims.html",id:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenJWT",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenJWT",title:"oidcRPMetaDataOptionsAccessTokenJWT",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenClaims",title:"oidcRPMetaDataOptionsAccessTokenClaims",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAdditionalAudiences",id:t+"s/"+a+"/oidcRPMetaDataOptionsAdditionalAudiences",title:"oidcRPMetaDataOptionsAdditionalAudiences"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"}],id:"oidcRPMetaDataOptionsAdvanced",title:"oidcRPMetaDataOptionsAdvanced",type:"simpleInputContainer"},{_nodes:[{default:"HS512",get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{default:"RS256",get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenSignAlg",select:[{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsAccessTokenSignAlg",type:"select"},{default:"",get:t+"s/"+a+"/oidcRPMetaDataOptionsUserInfoSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserInfoSignAlg",select:[{k:"",v:""},{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsUserInfoSignAlg",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowPasswordGrant",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowPasswordGrant",title:"oidcRPMetaDataOptionsAllowPasswordGrant",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",title:"oidcRPMetaDataOptionsAllowClientCredentialsGrant",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthnLevel",title:"oidcRPMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRule",id:t+"s/"+a+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"}],id:"security",title:"security",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"int"}],id:"oidcRPMetaDataOptionsTimeouts",title:"oidcRPMetaDataOptionsTimeouts",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{default:"front",get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"}],id:"logout",title:"logout",type:"simpleInputContainer"}],help:"idpopenidconnect.html#options",id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+a+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataScopeRules",default:[],help:"idpopenidconnect.html#scope-rules",id:t+"s/"+a+"/oidcRPMetaDataScopeRules",title:"oidcRPMetaDataScopeRules",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+a+"/samlIDPMetaDataXML",id:t+"s/"+a+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported-attributes",id:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSignatureMethod",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlIDPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"int"}],id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+a+"/samlSPMetaDataXML",id:t+"s/"+a+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported-attributes",id:t+"s/"+a+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsSignatureMethod",id:t+"s/"+a+"/samlSPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlSPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+a+"/samlSPMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/samlSPMetaDataOptionsAuthnLevel",title:"samlSPMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/samlSPMetaDataOptionsRule",id:t+"s/"+a+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+a+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+a+"/locationRules",default:[{data:"deny",id:t+"s/"+a+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+a+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+a+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+a+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/post",help:"formreplay.html",id:t+"s/"+a+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/vhostPort",id:t+"s/"+a+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+a+"/vhostHttps",id:t+"s/"+a+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+a+"/vhostMaintenance",id:t+"s/"+a+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+a+"/vhostAliases",id:t+"s/"+a+"/vhostAliases",title:"vhostAliases"},{default:"",get:t+"s/"+a+"/vhostAccessToTrace",id:t+"s/"+a+"/vhostAccessToTrace",title:"vhostAccessToTrace"},{default:"Main",get:t+"s/"+a+"/vhostType",id:t+"s/"+a+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+a+"/vhostAuthnLevel",id:t+"s/"+a+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"int"},{default:-1,get:t+"s/"+a+"/vhostServiceTokenTTL",id:t+"s/"+a+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file +function templates(t,a){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+a+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casAppMetaDataOptionsService",id:t+"s/"+a+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{get:t+"s/"+a+"/casAppMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/casAppMetaDataOptionsAuthnLevel",title:"casAppMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/casAppMetaDataOptionsRule",id:t+"s/"+a+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{cnodes:t+"s/"+a+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+a+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsUrl",id:t+"s/"+a+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsRenew",id:t+"s/"+a+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsGateway",id:t+"s/"+a+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/casSrvMetaDataOptionsIcon",id:t+"s/"+a+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"int"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+a+"/oidcOPMetaDataJSON",id:t+"s/"+a+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+a+"/oidcOPMetaDataJWKS",id:t+"s/"+a+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+a+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+a+"/oidcOPMetaDataOptionsScope",id:t+"s/"+a+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"client_secret_post",get:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"int"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{cnodes:t+"s/"+a+"/oidcRPMetaDataExportedVars",default:[{data:["mail","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/email",title:"email",type:"oidcAttribute"},{data:["sn","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"oidcAttribute"},{data:["cn","string","auto"],id:t+"s/"+a+"/oidcRPMetaDataExportedVars/name",title:"name",type:"oidcAttribute"}],id:t+"s/"+a+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"oidcAttributeContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",default:[],id:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"}],id:"oidcRPMetaDataOptionsBasic",title:"oidcRPMetaDataOptionsBasic",type:"simpleInputContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",help:"openidconnectclaims.html",id:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenJWT",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenJWT",title:"oidcRPMetaDataOptionsAccessTokenJWT",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenClaims",title:"oidcRPMetaDataOptionsAccessTokenClaims",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAdditionalAudiences",id:t+"s/"+a+"/oidcRPMetaDataOptionsAdditionalAudiences",title:"oidcRPMetaDataOptionsAdditionalAudiences"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"}],id:"oidcRPMetaDataOptionsAdvanced",title:"oidcRPMetaDataOptionsAdvanced",type:"simpleInputContainer"},{_nodes:[{default:"HS512",get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{default:"RS256",get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenSignAlg",select:[{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsAccessTokenSignAlg",type:"select"},{default:"",get:t+"s/"+a+"/oidcRPMetaDataOptionsUserInfoSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserInfoSignAlg",select:[{k:"",v:"JSON"},{k:"none",v:"JWT/None"},{k:"HS256",v:"JWT/HS256"},{k:"HS384",v:"JWT/HS384"},{k:"HS512",v:"JWT/HS512"},{k:"RS256",v:"JWT/RS256"},{k:"RS384",v:"JWT/RS384"},{k:"RS512",v:"JWT/RS512"}],title:"oidcRPMetaDataOptionsUserInfoSignAlg",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowPasswordGrant",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowPasswordGrant",title:"oidcRPMetaDataOptionsAllowPasswordGrant",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",title:"oidcRPMetaDataOptionsAllowClientCredentialsGrant",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthnLevel",title:"oidcRPMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRule",id:t+"s/"+a+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"}],id:"security",title:"security",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"int"}],id:"oidcRPMetaDataOptionsTimeouts",title:"oidcRPMetaDataOptionsTimeouts",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{default:"front",get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"}],id:"logout",title:"logout",type:"simpleInputContainer"}],help:"idpopenidconnect.html#options",id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+a+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataScopeRules",default:[],help:"idpopenidconnect.html#scope-rules",id:t+"s/"+a+"/oidcRPMetaDataScopeRules",title:"oidcRPMetaDataScopeRules",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+a+"/samlIDPMetaDataXML",id:t+"s/"+a+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported-attributes",id:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSignatureMethod",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlIDPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"int"}],id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+a+"/samlSPMetaDataXML",id:t+"s/"+a+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported-attributes",id:t+"s/"+a+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsSignatureMethod",id:t+"s/"+a+"/samlSPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlSPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+a+"/samlSPMetaDataOptionsAuthnLevel",id:t+"s/"+a+"/samlSPMetaDataOptionsAuthnLevel",title:"samlSPMetaDataOptionsAuthnLevel",type:"int"},{get:t+"s/"+a+"/samlSPMetaDataOptionsRule",id:t+"s/"+a+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+a+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+a+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+a+"/locationRules",default:[{data:"deny",id:t+"s/"+a+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+a+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+a+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+a+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/post",help:"formreplay.html",id:t+"s/"+a+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/vhostPort",id:t+"s/"+a+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+a+"/vhostHttps",id:t+"s/"+a+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+a+"/vhostMaintenance",id:t+"s/"+a+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+a+"/vhostAliases",id:t+"s/"+a+"/vhostAliases",title:"vhostAliases"},{default:"",get:t+"s/"+a+"/vhostAccessToTrace",id:t+"s/"+a+"/vhostAccessToTrace",title:"vhostAccessToTrace"},{default:"Main",get:t+"s/"+a+"/vhostType",id:t+"s/"+a+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+a+"/vhostAuthnLevel",id:t+"s/"+a+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"int"},{default:-1,get:t+"s/"+a+"/vhostServiceTokenTTL",id:t+"s/"+a+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map index ebbbeb5c0..fab1144d5 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,gCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,sCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wCACxBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,4BACrBI,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,4BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,+BACVC,KAAS,SAGfF,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,MACNC,EAAM,QAGZP,MAAU,+BACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,+BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAI,gDACrBI,GAAOL,EAAI,KAAKC,EAAI,gDACpBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,sBAET,CACGD,EAAM,sBACNC,EAAM,wBAGZP,MAAU,+CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,gCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfF,GAAO,wBACPC,MAAU,yBAEb,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,CACN,OACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,QACVC,KAAS,iBAEZ,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,cACVC,KAAS,iBAEZ,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,kBAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,0BAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZE,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,sCAGhBD,GAAO,6BACPC,MAAU,6BACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBS,KAAS,2BACTL,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,mCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,4CAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,0CACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,WACPC,MAAU,WACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBK,MAAU,+CAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,kBAGZP,MAAU,kCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,SAGfF,GAAO,SACPC,MAAU,SACVC,KAAS,yBAGfG,KAAS,gCACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,4BACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,2BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,qCACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,wCAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,eAGZP,MAAU,wCACVC,KAAS,UAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,SAGfF,GAAO,kCACPC,MAAU,kCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,eACNC,EAAM,iBAGZP,MAAU,mCACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,YACNC,EAAM,SAGZP,MAAU,mCACVC,KAAS,WAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,YAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,qCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,+BACNC,EAAM,gCAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,2BAGZP,MAAU,8CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfG,KAAS,wBACTL,GAAO,yBACPC,MAAU,yBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,qCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,qBACrBI,GAAOL,EAAI,KAAKC,EAAI,qBACpBK,MAAU,oBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,oCACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,mDACrBI,GAAOL,EAAI,KAAKC,EAAI,mDACpBK,MAAU,kDACVC,KAAS,OAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,2CACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,iCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,eAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfG,KAAS,uBACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,iBACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,yBACpBa,GAAO,UACPR,MAAU,UACVC,KAAS,SAGfG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAI,iBACpBK,MAAU,gBACVC,KAAS,iBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,mBACxBS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,QACxBS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAI,QACpBK,MAAU,OACVC,KAAS,iBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBK,MAAU,YACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,cACrBI,GAAOL,EAAI,KAAKC,EAAI,cACpBK,MAAU,aACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oBACrBI,GAAOL,EAAI,KAAKC,EAAI,oBACpBK,MAAU,mBACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gBACrBI,GAAOL,EAAI,KAAKC,EAAI,gBACpBK,MAAU,gBAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,sBAEb,CACGH,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,MACNC,EAAM,OAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,eACNC,EAAM,gBAET,CACGD,EAAM,gBACNC,EAAM,kBAGZP,MAAU,YACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mBACrBI,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wBACrBI,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,QAGfG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,yBAIb,QACE,MAAO,IAIX,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,QACnBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG"} \ No newline at end of file +{"version":3,"sources":["conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,gCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,sCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wCACxBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,4BACrBI,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,4BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,+BACVC,KAAS,SAGfF,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,MACNC,EAAM,QAGZP,MAAU,+BACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,+BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAI,gDACrBI,GAAOL,EAAI,KAAKC,EAAI,gDACpBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,sBAET,CACGD,EAAM,sBACNC,EAAM,wBAGZP,MAAU,+CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,gCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfF,GAAO,wBACPC,MAAU,yBAEb,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,CACN,OACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,QACVC,KAAS,iBAEZ,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,cACVC,KAAS,iBAEZ,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,kBAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,0BAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZE,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,sCAGhBD,GAAO,6BACPC,MAAU,6BACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBS,KAAS,2BACTL,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,mCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,4CAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,0CACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,QAET,CACGD,EAAM,OACNC,EAAM,YAET,CACGD,EAAM,QACNC,EAAM,aAET,CACGD,EAAM,QACNC,EAAM,aAET,CACGD,EAAM,QACNC,EAAM,aAET,CACGD,EAAM,QACNC,EAAM,aAET,CACGD,EAAM,QACNC,EAAM,aAET,CACGD,EAAM,QACNC,EAAM,cAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,WACPC,MAAU,WACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBK,MAAU,+CAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,kBAGZP,MAAU,kCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,SAGfF,GAAO,SACPC,MAAU,SACVC,KAAS,yBAGfG,KAAS,gCACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,4BACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,2BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,qCACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,wCAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,eAGZP,MAAU,wCACVC,KAAS,UAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,SAGfF,GAAO,kCACPC,MAAU,kCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,eACNC,EAAM,iBAGZP,MAAU,mCACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,YACNC,EAAM,SAGZP,MAAU,mCACVC,KAAS,WAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,YAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,qCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,+BACNC,EAAM,gCAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,2BAGZP,MAAU,8CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfG,KAAS,wBACTL,GAAO,yBACPC,MAAU,yBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,qCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,qBACrBI,GAAOL,EAAI,KAAKC,EAAI,qBACpBK,MAAU,oBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,oCACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,mDACrBI,GAAOL,EAAI,KAAKC,EAAI,mDACpBK,MAAU,kDACVC,KAAS,OAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,2CACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,iCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,aACNC,EAAM,eAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfG,KAAS,uBACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,iBACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,yBACpBa,GAAO,UACPR,MAAU,UACVC,KAAS,SAGfG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAI,iBACpBK,MAAU,gBACVC,KAAS,iBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,mBACxBS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,QACxBS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAI,QACpBK,MAAU,OACVC,KAAS,iBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBK,MAAU,YACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,cACrBI,GAAOL,EAAI,KAAKC,EAAI,cACpBK,MAAU,aACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oBACrBI,GAAOL,EAAI,KAAKC,EAAI,oBACpBK,MAAU,mBACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gBACrBI,GAAOL,EAAI,KAAKC,EAAI,gBACpBK,MAAU,gBAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,sBAEb,CACGH,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,MACNC,EAAM,OAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,eACNC,EAAM,gBAET,CACGD,EAAM,gBACNC,EAAM,kBAGZP,MAAU,YACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mBACrBI,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wBACrBI,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,QAGfG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,yBAIb,QACE,MAAO,IAIX,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,QACnBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG"} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 494abd20a..b0ef9afd0 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"قاعدة الدخول", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"خاصّيّة المستخدم", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"اسم أوبين أيدي كونيكت RP", "oidcRPStateTimeout":"حالة مهلة الجلسة", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index b68e9d518..1e8bad3d4 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Access rule", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"User attribute", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"State session timeout", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index 19f7c861f..11997fa99 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Access rule", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"User attribute", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"State session timeout", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/es.json b/lemonldap-ng-manager/site/htdocs/static/languages/es.json index d08bc131f..e04f5a43a 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Regla de acceso", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"Atributo de usuario", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"Caducidad de estado de sesión", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index cb5c8e115..2e1bdd3e3 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Règle d'accès", "oidcRPMetaDataOptionsTimeouts":"Expiration", "oidcRPMetaDataOptionsUserIDAttr":"Attribut de l'utilisateur", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Algorithme de signature des informations utilisateur", +"oidcRPMetaDataOptionsUserInfoSignAlg":"Format de réponse Userinfo", "oidcRPMetaDataScopeRules":"Règles de scope", "oidcRPName":"Nom du client OpenID Connect", "oidcRPStateTimeout":"Durée d'une session state", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index c61c921fa..662e2899f 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Regola di accesso", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"Attributo utente", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"Nome di OpenID Connect RP", "oidcRPStateTimeout":"Durata della sessione stato", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json index b5c625d3c..5d9cead32 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Reguła dostępu", "oidcRPMetaDataOptionsTimeouts":"Limit czasu", "oidcRPMetaDataOptionsUserIDAttr":"Atrybut użytkownika", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Zasady dotyczące zakresu", "oidcRPName":"Nazwa RP OpenID Connect", "oidcRPStateTimeout":"Limit czasu sesji stanowej", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index d663a8380..2769a442f 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Erişim kuralı", "oidcRPMetaDataOptionsTimeouts":"Zaman aşımları", "oidcRPMetaDataOptionsUserIDAttr":"Kullanıcı niteliği", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Kapsam kuralları", "oidcRPName":"OpenID Connect RP Adı", "oidcRPStateTimeout":"Oturum zaman aşımını belirle", @@ -699,7 +699,7 @@ "oidcServiceAllowHybridFlow":"Hibrit Akış", "oidcServiceAllowImplicitFlow":"Kapalı Akış", "oidcServiceAllowOffline":"Çevrimdışı erişime izin ver", -"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes", +"oidcServiceAllowOnlyDeclaredScopes":"Sadece belirli kapsamlara izin ver", "oidcServiceAuthorizationCodeExpiration":"Yetkilendirme Kodu sona erme", "oidcServiceDynamicRegistrationExportedVars":"Dinamik kayıtlanma için dışa aktarılan değişkenler", "oidcServiceDynamicRegistrationExtraClaims":"Dinamik kayıtlanma için ekstra talepler", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index e3ce18ba3..5c098581f 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Quy tắc truy cập", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"thuộc tính người dùng", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"Thời gian chờ của trạng thái phiên làm việc", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index e1c7beeda..767058b3c 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"Access rule", "oidcRPMetaDataOptionsTimeouts":"Timeouts", "oidcRPMetaDataOptionsUserIDAttr":"User attribute", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID Connect RP Name", "oidcRPStateTimeout":"State session timeout", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json index b384359ce..e8797365d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json @@ -689,7 +689,7 @@ "oidcRPMetaDataOptionsRule":"存取規則", "oidcRPMetaDataOptionsTimeouts":"逾時", "oidcRPMetaDataOptionsUserIDAttr":"使用者屬性", -"oidcRPMetaDataOptionsUserInfoSignAlg":"Userinfo signature algorithm", +"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format", "oidcRPMetaDataScopeRules":"Scope rules", "oidcRPName":"OpenID 連線 RP 名稱", "oidcRPStateTimeout":"狀態工作階段逾時", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index 18140a53b..5d603aec9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -741,8 +741,11 @@ sub run { my $access_token; my $at_hash; + my $release_claims_in_id_token = 1; if ( $response_type =~ /\btoken\b/ ) { + $release_claims_in_id_token = 0; + # Store data in access token # Generate access_token $access_token = $self->newAccessToken( @@ -775,9 +778,14 @@ sub run { if $hash_level; } - my $id_token = - $self->_generateIDToken( $req, $oidc_request, - $rp, $scope, { at_hash => $at_hash } ); + my $id_token = $self->_generateIDToken( + $req, + $rp, + $scope, + $req->sessionInfo, + $release_claims_in_id_token, + { at_hash => $at_hash, nonce => $oidc_request->{nonce} } + ); unless ($id_token) { $self->logger->error("Could not generate ID token"); @@ -841,8 +849,11 @@ sub run { $c_hash = $self->createHash( $code, $hash_level ) if $hash_level; + my $release_claims_in_id_token = 1; if ( $response_type =~ /\btoken\b/ ) { + $release_claims_in_id_token = 0; + # Generate access_token $access_token = $self->newAccessToken( $req, $rp, $scope, @@ -873,12 +884,13 @@ sub run { if ( $response_type =~ /\bid_token\b/ ) { $id_token = $self->_generateIDToken( - $req, - $oidc_request, - $rp, $scope, + $req, $rp, $scope, + $req->sessionInfo, + $release_claims_in_id_token, { at_hash => $at_hash, c_hash => $c_hash, + nonce => $oidc_request->{nonce}, } ); @@ -1260,6 +1272,28 @@ sub _handlePasswordGrant { $self->logger->debug("Generated refresh token: $refresh_token"); } + # Generate ID token + my $id_token = undef; + if ( $self->_hasScope( "openid", $scope ) ) { + + # Compute hash to store in at_hash + my $alg = $self->conf->{oidcRPMetaDataOptions}->{$rp} + ->{oidcRPMetaDataOptionsIDTokenSignAlg}; + my ($hash_level) = ( $alg =~ /(?:\w{2})(\d{3})/ ); + my $at_hash = $self->createHash( $access_token, $hash_level ) + if $hash_level; + + $id_token = + $self->_generateIDToken( $req, $rp, $scope, $req->sessionInfo, 0, + { ( $at_hash ? ( at_hash => $at_hash ) : () ), } ); + + unless ($id_token) { + $self->logger->error( + "Failed to generate ID Token for service: $client_id"); + return $self->sendOIDCError( $req, 'server_error', 500 ); + } + } + # Send token response my $expires_in = $self->conf->{oidcRPMetaDataOptions}->{$rp} @@ -1272,6 +1306,7 @@ sub _handlePasswordGrant { expires_in => $expires_in + 0, ( ( $scope ne $req_scope ) ? ( scope => "$scope" ) : () ), ( $refresh_token ? ( refresh_token => "$refresh_token" ) : () ), + ( $id_token ? ( id_token => "$id_token" ) : () ), }; $self->logger->debug("Send token response"); @@ -1432,45 +1467,17 @@ sub _handleAuthorizationCodeGrant { my $at_hash = $self->createHash( $access_token, $hash_level ) if $hash_level; - # ID token payload - # TODO: refactor to use _generateIDToken - my $id_token_exp = - $self->conf->{oidcRPMetaDataOptions}->{$rp} - ->{oidcRPMetaDataOptionsIDTokenExpiration} - || $self->conf->{oidcServiceIDTokenExpiration}; - $id_token_exp += time; - - my $id_token_acr = "loa-" . $apacheSession->data->{authenticationLevel}; - - my $id_token_payload_hash = { - iss => $self->iss, # Issuer Identifier - sub => $user_id, # Subject Identifier - aud => $self->getAudiences($rp), # Audience - exp => $id_token_exp, # expiration - iat => time, # Issued time - auth_time => $apacheSession->data->{_lastAuthnUTime} - , # Authentication time - acr => $id_token_acr, # Authentication Context Class Reference - azp => $client_id, # Authorized party - # TODO amr - }; - - my $nonce = $codeSession->data->{nonce}; - $id_token_payload_hash->{nonce} = $nonce if defined $nonce; - $id_token_payload_hash->{'at_hash'} = $at_hash if $at_hash; - - if ( $self->force_id_claims($rp) ) { - my $claims = $self->buildUserInfoResponseFromId( $req, $scope, - $rp, $codeSession->data->{user_session_id} ); - - foreach ( keys %$claims ) { - $id_token_payload_hash->{$_} = $claims->{$_} - unless ( $_ eq "sub" ); - } - } - # Create ID Token - my $id_token = $self->createIDToken( $req, $id_token_payload_hash, $rp ); + my $nonce = $codeSession->data->{nonce}; + my $id_token = $self->_generateIDToken( + $req, $rp, $scope, + $apacheSession->data, + 0, + { + ( $nonce ? ( nonce => $nonce ) : () ), + ( $at_hash ? ( at_hash => $at_hash ) : () ), + } + ); unless ($id_token) { $self->logger->error( @@ -1533,8 +1540,6 @@ sub _handleRefreshTokenGrant { } my $access_token; - my $user_id; - my $auth_time; my $session; # If this refresh token is tied to a SSO session @@ -1548,10 +1553,6 @@ sub _handleRefreshTokenGrant { return $self->sendOIDCError( $req, 'invalid_grant', 400 ); } - $user_id = $self->getUserIDForRP( $req, $rp, $session->data ); - - $auth_time = $session->data->{_lastAuthnUTime}; - # Generate access_token $access_token = $self->newAccessToken( $req, $rp, @@ -1610,11 +1611,6 @@ sub _handleRefreshTokenGrant { $refreshSession->data->{$_} = $req->sessionInfo->{$_}; } - $user_id = $self->getUserIDForRP( $req, $rp, $req->sessionInfo ); - $self->logger->debug("Found corresponding user: $user_id"); - - $auth_time = $refreshSession->data->{auth_time}; - # Generate access_token $access_token = $self->newAccessToken( $req, $rp, @@ -1640,57 +1636,30 @@ sub _handleRefreshTokenGrant { my $at_hash = $self->createHash( $access_token, $hash_level ) if $hash_level; - # ID token payload - # TODO: refactor to use _generateIDToken - my $id_token_exp = - $self->conf->{oidcRPMetaDataOptions}->{$rp} - ->{oidcRPMetaDataOptionsIDTokenExpiration} - || $self->conf->{oidcServiceIDTokenExpiration}; - $id_token_exp += time; - - # Authentication level using refresh tokens should probably stay at 0 - my $id_token_acr = "loa-0"; - - my $id_token_payload_hash = { - iss => $self->iss, # Issuer Identifier - sub => $user_id, # Subject Identifier - aud => $self->getAudiences($rp), # Audience - exp => $id_token_exp, # expiration - iat => time, # Issued time - # TODO: is this the right value when using refresh tokens?? - auth_time => $auth_time, # Authentication time - acr => $id_token_acr, # Authentication Context Class Reference - azp => $client_id, # Authorized party - # TODO amr - }; - - my $nonce = $refreshSession->data->{nonce}; - $id_token_payload_hash->{nonce} = $nonce if defined $nonce; - $id_token_payload_hash->{'at_hash'} = $at_hash if $at_hash; - - # If we forced sending claims in ID token - if ( $self->force_id_claims($rp) ) { - my $claims = - $self->buildUserInfoResponse( $req, $refreshSession->data->{scope}, - $rp, $session ); - - foreach ( keys %$claims ) { - $id_token_payload_hash->{$_} = $claims->{$_} - unless ( $_ eq "sub" ); - } - } - # Create ID Token - my $id_token = $self->createIDToken( $req, $id_token_payload_hash, $rp ); + my $id_token = undef; + if ( $self->_hasScope( 'openid', $refreshSession->data->{scope} ) ) { + my $nonce = $refreshSession->data->{nonce}; + $id_token = $self->_generateIDToken( + $req, $rp, + $refreshSession->data->{scope}, + $session->data, + 0, + { + ( $nonce ? ( nonce => $nonce ) : () ), + ( $at_hash ? ( at_hash => $at_hash ) : () ), + } + ); - unless ($id_token) { - $self->logger->error( - "Failed to generate ID Token for service: $client_id"); - return $self->sendOIDCError( $req, 'server_error', 500 ); + unless ($id_token) { + $self->logger->error( + "Failed to generate ID Token for service: $rp"); + return $self->sendOIDCError( $req, 'server_error', 500 ); + } + + $self->logger->debug("Generated id token: $id_token"); } - $self->logger->debug("Generated id token: $id_token"); - # Send token response my $expires_in = $self->conf->{oidcRPMetaDataOptions}->{$rp} @@ -1701,7 +1670,7 @@ sub _handleRefreshTokenGrant { access_token => "$access_token", token_type => 'Bearer', expires_in => $expires_in + 0, - id_token => "$id_token", + ( $id_token ? ( id_token => "$id_token" ) : () ), }; # TODO @@ -2348,10 +2317,11 @@ sub _convertOldFormatConsents { } sub _generateIDToken { - my ( $self, $req, $oidc_request, $rp, $scope, $extra_claims ) = @_; + my ( $self, $req, $rp, $scope, $sessionInfo, $release_user_claims, + $extra_claims ) + = @_; - my $response_type = $oidc_request->{'response_type'}; - my $client_id = $oidc_request->{'client_id'}; + my $client_id = $self->oidcRPList->{$rp}->{oidcRPMetaDataOptionsClientID}; my $id_token_exp = $self->conf->{oidcRPMetaDataOptions}->{$rp} @@ -2359,7 +2329,7 @@ sub _generateIDToken { || $self->conf->{oidcServiceIDTokenExpiration}; $id_token_exp += time; - my $authenticationLevel = $req->{sessionInfo}->{authenticationLevel} || 0; + my $authenticationLevel = $sessionInfo->{authenticationLevel} || 0; my $id_token_acr = "loa-$authenticationLevel"; foreach ( keys %{ $self->conf->{oidcServiceMetaDataAuthnContext} } ) { @@ -2371,20 +2341,18 @@ sub _generateIDToken { } } - my $user_id = $self->getUserIDForRP( $req, $rp, $req->{sessionInfo} ); + my $user_id = $self->getUserIDForRP( $req, $rp, $sessionInfo ); my $id_token_payload_hash = { - iss => $self->iss, # Issuer Identifier - sub => $user_id, # Subject Identifier - aud => $self->getAudiences($rp), # Audience - exp => $id_token_exp, # expiration - iat => time, # Issued time - auth_time => $req->{sessionInfo}->{_lastAuthnUTime} - , # Authentication time + iss => $self->iss, # Issuer Identifier + sub => $user_id, # Subject Identifier + aud => $self->getAudiences($rp), # Audience + exp => $id_token_exp, # expiration + iat => time, # Issued time + auth_time => $sessionInfo->{_lastAuthnUTime}, # Authentication time acr => $id_token_acr, # Authentication Context Class Reference azp => $client_id, # Authorized party # TODO amr - nonce => $oidc_request->{'nonce'} # Nonce }; for ( keys %{$extra_claims} ) { @@ -2392,14 +2360,12 @@ sub _generateIDToken { if $extra_claims->{$_}; } - if ( $response_type !~ /\btoken\b/ - || $self->force_id_claims($rp) ) - { + # Decided by response_type or forced in RP config + if ( $release_user_claims || $self->force_id_claims($rp) ) { - # No access_token - # Claims must be set in id_token my $claims = - $self->buildUserInfoResponseFromId( $req, $scope, $rp, $req->id ); + $self->buildUserInfoResponseFromData( $req, $scope, $rp, + $sessionInfo ); foreach ( keys %$claims ) { $id_token_payload_hash->{$_} = $claims->{$_} diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t index bf384aac6..97056ec2e 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t @@ -181,6 +181,10 @@ ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) or explain( $res, 'cn => Frédéric Accents' ); count(2); +my $id_token_decoded = id_token_payload( $res->{_oidc_id_token} ); +is( $id_token_decoded->{acr}, 'customacr-1', "Correct custom ACR" ); +count(1); + # Logout initiated by RP ok( $res = $rp->_get( @@ -193,7 +197,7 @@ ok( ); count(1); ( $url, $query ) = expectRedirection( $res, - qr#http://auth.op.com(/oauth2/logout)\?(post_logout_redirect_uri=.+)$# ); + qr#http://auth.op.com(/oauth2/logout)\?.*(post_logout_redirect_uri=.+)$# ); # Push logout to OP switch ('op'); @@ -337,11 +341,11 @@ sub op { oidcOPMetaDataJSON => {}, oidcOPMetaDataJWKS => {}, oidcServiceMetaDataAuthnContext => { - 'loa-4' => 4, - 'loa-1' => 1, - 'loa-5' => 5, - 'loa-2' => 2, - 'loa-3' => 3 + 'loa-4' => 4, + 'customacr-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 }, oidcServicePrivateKeySig => oidc_key_op_private_sig, oidcServicePublicKeySig => oidc_key_op_public_sig, @@ -378,6 +382,7 @@ sub rp { oidcOPMetaDataOptionsMaxAge => 30, oidcOPMetaDataOptionsDisplay => "", oidcOPMetaDataOptionsClientID => "rpid", + oidcOPMetaDataOptionsStoreIDToken => 1, oidcOPMetaDataOptionsConfigurationURI => "https://auth.op.com/.well-known/openid-configuration" } diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t index 1bb3c097c..798009206 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t @@ -159,9 +159,10 @@ count(4); # Check attributes in ID Token my $id_token_decoded = id_token_payload( $prms{id_token} ); -ok( $id_token_decoded->{sub} eq "dwho", 'Check sub value' ); +is( $id_token_decoded->{sub}, "dwho", 'Check sub value' ); ok( !$id_token_decoded->{name}, 'Claim name must not be in ID token' ); -count(2); +is( $id_token_decoded->{azp}, 'rpid', ' azp found' ); +count(3); $op->logout($idpId); diff --git a/lemonldap-ng-portal/t/32-OIDC-Offline-Session.t b/lemonldap-ng-portal/t/32-OIDC-Offline-Session.t index c077afd0a..eea9ad828 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Offline-Session.t +++ b/lemonldap-ng-portal/t/32-OIDC-Offline-Session.t @@ -51,6 +51,8 @@ sub runTest { ok( $id_token, "Got ID token" ); my $id_token_payload = id_token_payload($id_token); + my $auth_time = $id_token_payload->{auth_time}; + ok( $auth_time, "Authentication date found in token"); is( $id_token_payload->{name}, 'Frédéric Accents', @@ -117,6 +119,7 @@ sub runTest { ok( !defined $refresh_token2, "Refresh token not present" ); $id_token_payload = id_token_payload($id_token); + is( $id_token_payload->{auth_time}, $auth_time, 'Original auth_time retained' ); is( $id_token_payload->{name}, 'Frédéric Accents', diff --git a/lemonldap-ng-portal/t/32-OIDC-Password-Grant-with-Bruteforce-and-Choice.t b/lemonldap-ng-portal/t/32-OIDC-Password-Grant-with-Bruteforce-and-Choice.t index e2775c462..39a13c637 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Password-Grant-with-Bruteforce-and-Choice.t +++ b/lemonldap-ng-portal/t/32-OIDC-Password-Grant-with-Bruteforce-and-Choice.t @@ -52,7 +52,7 @@ my $op = LLNG::Manager::Test->new( { oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", oidcRPMetaDataOptionsClientSecret => "rpsecret", oidcRPMetaDataOptionsUserIDAttr => "", - oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + oidcRPMetaDataOptionsAccessTokenExpiration => 120, oidcRPMetaDataOptionsBypassConsent => 1, oidcRPMetaDataOptionsRefreshToken => 1, oidcRPMetaDataOptionsIDTokenForceClaims => 1, @@ -97,7 +97,7 @@ my $goodquery = buildForm( { grant_type => 'password', username => 'french', password => 'french', - scope => 'openid profile email', + scope => 'profile email openid', } ); @@ -136,8 +136,12 @@ my $access_token = $payload->{access_token}; ok( $access_token, "Access Token found" ); count(1); my $token_res_scope = $payload->{scope}; -ok( $token_res_scope, "Scope found in token response" ); -count(1); +ok( $token_res_scope, "Scope found in token response" ); +ok( $payload->{id_token}, "Found ID token in original grant" ); + +my $refresh_token = $payload->{refresh_token}; +ok( $refresh_token, "Got refresh token" ); +count(3); # Get userinfo $res = $op->_post( @@ -180,6 +184,46 @@ like( $payload->{scope}, qr/\balways\b/, "Rule-enforced scope found" ); is( $payload->{scope}, $token_res_scope, "Token response scope matches token scope" ); +# Expire token +Time::Fake->offset("+305m"); + +ok( + $res = $op->_post( + "/oauth2/introspect", + IO::String->new($query), + accept => 'text/html', + length => length $query, + custom => { + HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"), + }, + ), + "Post introspection" +); + +$res = expectJSON($res); +is( $res->{active}, 0, "Token is no longer active" ); + +$query = buildForm( { + grant_type => 'refresh_token', + refresh_token => $refresh_token, + } +); + +ok( + $res = $op->_post( + "/oauth2/token", + IO::String->new($query), + accept => 'text/json', + length => length $query, + custom => { + HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"), + }, + ), + "Post introspection" +); +$res = expectJSON($res); +ok( $res->{id_token}, "Found ID token in refresh grant" ); + clean_sessions(); done_testing(); diff --git a/lemonldap-ng-portal/t/32-OIDC-Password-Grant.t b/lemonldap-ng-portal/t/32-OIDC-Password-Grant.t new file mode 100644 index 000000000..9f38e5e13 --- /dev/null +++ b/lemonldap-ng-portal/t/32-OIDC-Password-Grant.t @@ -0,0 +1,186 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; +use JSON; + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; +} + +my $debug = 'error'; + +# Initialization +my $op = LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'op.com', + portal => 'http://auth.op.com', + + macros => { + gender => '"32"', + _whatToTrace => '$uid', + nickname => '"froggie; frenchie"', + }, + issuerDBOpenIDConnectActivation => 1, + oidcRPMetaDataExportedVars => { + rp => { + email => "mail;string;always", + preferred_username => "uid", + name => "cn", + gender => "gender;int;auto", + nickname => "nickname", + } + }, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsAllowOffline => 1, + oidcRPMetaDataOptionsAllowPasswordGrant => 1, + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 120, + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsRefreshToken => 1, + oidcRPMetaDataOptionsIDTokenForceClaims => 1, + oidcRPMetaDataOptionsRule => '$uid eq "french"', + } + }, + oidcRPMetaDataScopeRules => { + rp => { + "read" => '$requested', + "french" => '$uid eq "french"', + "always" => '1', + }, + }, + oidcServicePrivateKeySig => oidc_key_op_private_sig, + oidcServicePublicKeySig => oidc_key_op_public_sig, + } + } +); +my $res; + +# Resource Owner Password Credentials Grant +# Access Token Request +# https://tools.ietf.org/html/rfc6749#section-4.3 +my $query = buildForm( { + client_id => 'rpid', + client_secret => 'rpsecret', + grant_type => 'password', + username => 'french', + password => 'french', + scope => 'profile email', + } +); + +## Login should be valid +$res = $op->_post( + "/oauth2/token", + IO::String->new($query), + accept => 'application/json', + length => length($query), +); +my $payload = expectJSON($res); + +my $access_token = $payload->{access_token}; +ok( $access_token, "Access Token found" ); +count(1); +my $token_res_scope = $payload->{scope}; +ok( $token_res_scope, "Scope found in token response" ); +is( $payload->{id_token}, undef, "No ID token in original request" ); + +my $refresh_token = $payload->{refresh_token}; +ok( $refresh_token, "Got refresh token" ); +count(3); + +# Get userinfo +$res = $op->_post( + "/oauth2/userinfo", + IO::String->new(''), + accept => 'application/json', + length => 0, + custom => { + HTTP_AUTHORIZATION => "Bearer " . $access_token, + }, +); + +$payload = expectJSON($res); + +ok( $payload->{'name'} eq "Frédéric Accents", 'Got User Info' ); +like( $res->[2]->[0], qr/"gender":32/, "Attribute released as int in JSON" ); +is( ref( $payload->{email} ), + "ARRAY", "Single valued attribute forced as array" ); +is( ref( $payload->{nickname} ), + "ARRAY", "Multi valued attribute exposed as array" ); + +my $query = "token=$access_token"; +ok( + $res = $op->_post( + "/oauth2/introspect", + IO::String->new($query), + accept => 'text/html', + length => length $query, + custom => { + HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"), + }, + ), + "Post introspection" +); +$payload = expectJSON($res); +unlike( $payload->{scope}, qr/\bread\b/, + "Scope read not asked, and thus not found" ); +like( $payload->{scope}, qr/\bfrench\b/, "Attribute-based scope found" ); +like( $payload->{scope}, qr/\balways\b/, "Rule-enforced scope found" ); +is( $payload->{scope}, $token_res_scope, + "Token response scope matches token scope" ); + +# Expire token +Time::Fake->offset("+5m"); + +ok( + $res = $op->_post( + "/oauth2/introspect", + IO::String->new($query), + accept => 'text/html', + length => length $query, + custom => { + HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"), + }, + ), + "Post introspection" +); + +$res = expectJSON($res); +is( $res->{active}, 0, "Token is no longer active" ); + +$query = buildForm( { + grant_type => 'refresh_token', + refresh_token => $refresh_token, + } +); + +ok( + $res = $op->_post( + "/oauth2/token", + IO::String->new($query), + accept => 'text/json', + length => length $query, + custom => { + HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"), + }, + ), + "Post introspection" +); +$res = expectJSON($res); +is( $res->{id_token}, undef, "No ID token in refreshed response" ); + +clean_sessions(); +done_testing(); + diff --git a/rpm/lemonldap-ng.spec b/rpm/lemonldap-ng.spec index 3ca5bd1ec..a719a222c 100644 --- a/rpm/lemonldap-ng.spec +++ b/rpm/lemonldap-ng.spec @@ -159,6 +159,7 @@ BuildRequires: perl(SOAP::Transport::HTTP) BuildRequires: perl(strict) BuildRequires: perl(String::Random) BuildRequires: perl(Sys::Syslog) +BuildRequires: perl(Test::LeakTrace) BuildRequires: perl(Test::MockObject) BuildRequires: perl(Test::Output) BuildRequires: perl(Test::Pod) >= 1.00