From f0dbb28866bd86013e038959399fd4854fb78fcf Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 29 Oct 2020 14:36:07 +0100 Subject: [PATCH 001/357] Add Hook system for plugins (#2359) --- .../lib/Lemonldap/NG/Portal/Main/Init.pm | 22 +++++++++++++++++++ .../lib/Lemonldap/NG/Portal/Main/Process.pm | 16 ++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm index 67571b770..1329ed010 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm @@ -74,6 +74,9 @@ BEGIN { has 'afterSub' => ( is => 'rw', default => sub { {} } ); has 'aroundSub' => ( is => 'rw', default => sub { {} } ); +# Issuer hooks +has 'hook' => ( is => 'rw', default => sub { {} } ); + has spRules => ( is => 'rw', default => sub { {} } @@ -493,6 +496,25 @@ sub findEP { } } } + if ( $obj->can('hook') ) { + $self->logger->debug("Found hook in $plugin"); + my $h = $obj->hook; + unless ( ref $h and ref($h) eq 'HASH' ) { + $self->logger->error('"hook" endpoint must be a hashref, skipped'); + } + else { + foreach my $hookname ( keys %$h ) { + my $callback = $h->{$hookname}; + push @{ $self->hook->{$hookname} }, sub { + eval { + $obj->logger->debug( + "Launching ${plugin}::$callback on hook $hookname"); + }; + $obj->$callback(@_); + }; + } + } + } $self->logger->debug("Plugin $plugin initializated"); # Rules for menu diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm index 7745b707e..cbb30f372 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm @@ -44,6 +44,22 @@ sub process { return $err; } +sub processHook { + my ( $self, $req, $hookName, @args ) = @_; + + $self->logger->debug("Calling hook $hookName"); + my $err = PE_OK; + for my $sub ( @{ $self->hook->{$hookName} } ) { + if ( ref $sub eq 'CODE' ) { + last if ( $err = $sub->( $req, @args ) ); + } + else { + $self->logger->debug("Not a code ref: $sub"); + } + } + return $err; +} + sub _formatProcessResult { my ( $self, $err ) = @_; return ( ( $err > 0 ? "error" : "status" ) From de1d6e205b98f0dcdd4a2b0c4397d33dcbaa82e4 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Fri, 30 Oct 2020 10:37:14 +0100 Subject: [PATCH 002/357] Add samlGotAuthnRequest hook (#2359) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index 3683e9c85..083cbd61f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -385,6 +385,10 @@ sub run { return PE_SAML_SSO_ERROR; } + my $h = + $self->p->processHook( $req, 'samlGotAuthnRequest', $login ); + return $h if ( $h != PE_OK ); + # Get SP entityID my $sp = $request ? $login->remote_providerID() : $idp_initiated_sp; From 2dba11e6b37581b110f7525366521f58a233fc67 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 11:27:01 +0100 Subject: [PATCH 003/357] Add samlBuildAuthnResponse hook (#2359) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index 083cbd61f..e56f6fa4f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -851,6 +851,10 @@ sub run { "SAML authentication response sent to SAML SP $spConfKey for $user$nameIDLog" ); + $h = + $self->p->processHook( $req, 'samlBuildAuthnResponse', $login ); + return $h if ( $h != PE_OK ); + # Build SAML response $protocolProfile = $login->protocolProfile(); From ddc43f7c9cef6745c98239464f9731889e39037b Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 11:27:27 +0100 Subject: [PATCH 004/357] add samlGotLogoutRequest hook (#2359) --- .../lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index e56f6fa4f..d91ed4d4d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -1132,6 +1132,12 @@ sub soapSloServer { $self->logger->debug("SLO: Logout request is valid"); + my $h = $self->p->processHook( $req, 'samlGotLogoutRequest', $logout ); + if ( $h != PE_OK ) { + return $self->p->sendError( $req, + "SLO: samlGotLogoutRequest hook returned error", 400 ); + } + # We accept only SOAP here unless ( $method eq $self->getHttpMethod('soap') ) { return $self->p->sendError( $req, @@ -1687,6 +1693,12 @@ sub sloServer { $self->logger->debug("SLO: Logout request is valid"); + my $h = $self->p->processHook( $req, 'samlGotLogoutRequest', $logout ); + if ( $h != PE_OK ) { + return $self->p->sendError( $req, + "SLO: samlGotLogoutRequest hook returned error", 400 ); + } + # Get SP entityID my $sp = $logout->remote_providerID(); $req->env->{llng_saml_sp} = $sp; @@ -1909,6 +1921,9 @@ sub sloServer { $self->logger->debug("Logout response is valid"); + my $h = $self->p->processHook( $req, 'samlGotLogoutResponse', $logout ); + $self->imgnok($req) if ( $h != PE_OK ); + # Check Destination $self->imgnok($req) unless ( $self->checkDestination( $logout->response, $url ) ); From a706f8a4703dc1062bc56d42192e3547ce1b24e0 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 11:27:42 +0100 Subject: [PATCH 005/357] add samlBuildLogoutResponse hook (#2359) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index d91ed4d4d..3dd18ce0a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -1297,6 +1297,13 @@ sub soapSloServer { "SLO response signature according to metadata"); } + $h = + $self->p->processHook( $req, 'samlBuildLogoutResponse', $logout ); + if ( $h != PE_OK ) { + return $self->p->sendError( $req, + "SLO: samlBuildLogoutResponse hook returned error", 400 ); + } + # Send logout response unless ( $self->buildLogoutResponseMsg($logout) ) { $self->logger->error("Unable to build SLO response"); From c19be1d501b7c5ac82e679f88ea79a3b7a8b4ce7 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 11:27:52 +0100 Subject: [PATCH 006/357] Tidy SAML issuer (#2359) --- .../lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index 3dd18ce0a..db05279f3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -1635,8 +1635,8 @@ sub sloResume { $req->setInfo( $logoutContextSession->data->{info} ) if $logoutContextSession->data->{info}; - return $self->_finishSlo( $req, $logout, $method, $spConfKey, $provider_nb, - $relayID ); + return $self->_finishSlo( $req, $logout, $method, $spConfKey, + $provider_nb, $relayID ); } sub _finishSlo { @@ -2048,8 +2048,8 @@ sub attributeServer { my $name_id = $query->nameIdentifier(); unless ($name_id) { - $self->p->sendError( $req, "Fail to get NameID from attribute request", - 400 ); + $self->p->sendError( $req, + "Fail to get NameID from attribute request", 400 ); } my $user = $name_id->content(); @@ -2107,8 +2107,8 @@ sub attributeServer { eval { @requested_attributes = $query->request()->Attribute(); }; if ($@) { $self->checkLassoError($@); - return $self->p->sendError( $req, "Unable to get requested attributes", - 400 ); + return $self->p->sendError( $req, + "Unable to get requested attributes", 400 ); } # Returned attributes From bfb00410747a36a1c6199be6d603dada848a4c9d Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 11:57:44 +0100 Subject: [PATCH 007/357] Unit test for SAML hooks (#2359) --- .../t/30-Auth-and-issuer-SAML-POST-Hook.t | 185 ++++++++++++++++++ lemonldap-ng-portal/t/SamlHookPlugin.pm | 21 ++ 2 files changed, 206 insertions(+) create mode 100644 lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-Hook.t create mode 100644 lemonldap-ng-portal/t/SamlHookPlugin.pm diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-Hook.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-Hook.t new file mode 100644 index 000000000..3a30b57aa --- /dev/null +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-Hook.t @@ -0,0 +1,185 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; + require 't/saml-lib.pm'; +} + +my $maintests = 3; +my $debug = 'error'; +my ( $issuer, $sp, $res ); + +# Redefine LWP methods for tests +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + fail('POST should not launch SOAP requests'); + count(1); + return [ 500, [], [] ]; + } +); + +SKIP: { + eval "use Lasso"; + if ($@) { + skip 'Lasso not found', $maintests; + } + + # Initialization + $issuer = register( 'issuer', \&issuer ); + $sp = register( 'sp', \&sp ); + + my ( $url, $s, $pdata, $host ); + + # Simple SP access + ok( + $res = $sp->_get( + '/', accept => 'text/html', + ), + 'Unauth SP request' + ); + expectOK($res); + ( $host, $url, $s ) = + expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', + 'SAMLRequest' ); + + # Push SAML request to IdP + ok( + $res = $issuer->_post( + $url, + IO::String->new($s), + accept => 'text/html', + length => length($s) + ), + 'Post SAML request to IdP' + ); + expectOK($res); + $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); + + # Try to authenticate with an authorized user to IdP + $s = "user=french&password=french&$s"; + ok( + $res = $issuer->_post( + $url, + IO::String->new($s), + accept => 'text/html', + cookie => $pdata, + length => length($s), + ), + 'Post authentication' + ); + my $idpId = expectCookie($res); + + # Expect failure triggered by the hook + expectPortalError( $res, -999 ); +} + +count($maintests); +clean_sessions(); +done_testing( count() ); + +sub issuer { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.idp.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBSAMLActivation => 1, + issuerDBSAMLRule => '$uid eq "french"', + samlSPMetaDataOptions => { + 'sp.com' => { + samlSPMetaDataOptionsEncryptionMode => 'none', + samlSPMetaDataOptionsSignSSOMessage => 1, + samlSPMetaDataOptionsSignSLOMessage => 1, + samlSPMetaDataOptionsCheckSSOMessageSignature => 1, + samlSPMetaDataOptionsCheckSLOMessageSignature => 1, + } + }, + samlSPMetaDataExportedAttributes => { + 'sp.com' => { + cn => +'1;cn;urn:oasis:names:tc:SAML:2.0:attrname-format:basic', + uid => +'1;uid;urn:oasis:names:tc:SAML:2.0:attrname-format:basic', + } + }, + samlOrganizationDisplayName => "IDP", + samlOrganizationName => "IDP", + samlOrganizationURL => "http://www.idp.com/", + samlServicePrivateKeyEnc => saml_key_idp_private_enc, + samlServicePrivateKeySig => saml_key_idp_private_sig, + samlServicePublicKeyEnc => saml_key_idp_public_enc, + samlServicePublicKeySig => saml_key_idp_public_sig, + samlSPMetaDataXML => { + "sp.com" => { + samlSPMetaDataXML => + samlSPMetaDataXML( 'sp', 'HTTP-POST' ) + }, + }, + customPlugins => 't::SamlHookPlugin', + } + } + ); +} + +sub sp { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'sp.com', + portal => 'http://auth.sp.com', + authentication => 'SAML', + userDB => 'Same', + issuerDBSAMLActivation => 0, + restSessionServer => 1, + samlIDPMetaDataExportedAttributes => { + idp => { + mail => "0;mail;;", + uid => "1;uid", + cn => "0;cn" + } + }, + samlIDPMetaDataOptions => { + idp => { + samlIDPMetaDataOptionsEncryptionMode => 'none', + samlIDPMetaDataOptionsSSOBinding => 'post', + samlIDPMetaDataOptionsSLOBinding => 'post', + samlIDPMetaDataOptionsSignSSOMessage => 1, + samlIDPMetaDataOptionsSignSLOMessage => 1, + samlIDPMetaDataOptionsCheckSSOMessageSignature => 1, + samlIDPMetaDataOptionsCheckSLOMessageSignature => 1, + samlIDPMetaDataOptionsForceUTF8 => 1, + } + }, + samlIDPMetaDataExportedAttributes => { + idp => { + "uid" => "0;uid;;", + "cn" => "1;cn;;", + }, + }, + samlIDPMetaDataXML => { + idp => { + samlIDPMetaDataXML => + samlIDPMetaDataXML( 'idp', 'HTTP-POST' ) + } + }, + samlOrganizationDisplayName => "SP", + samlOrganizationName => "SP", + samlOrganizationURL => "http://www.sp.com", + samlServicePublicKeySig => saml_key_sp_public_sig, + samlServicePrivateKeyEnc => saml_key_sp_private_enc, + samlServicePrivateKeySig => saml_key_sp_private_sig, + samlServicePublicKeyEnc => saml_key_sp_public_enc, + samlSPSSODescriptorAuthnRequestsSigned => 1, + }, + } + ); +} diff --git a/lemonldap-ng-portal/t/SamlHookPlugin.pm b/lemonldap-ng-portal/t/SamlHookPlugin.pm new file mode 100644 index 000000000..f46618217 --- /dev/null +++ b/lemonldap-ng-portal/t/SamlHookPlugin.pm @@ -0,0 +1,21 @@ +package t::SamlHookPlugin; + +use Mouse; +extends 'Lemonldap::NG::Portal::Main::Plugin'; + +use constant hook => { samlGotAuthnRequest => 'gotRequest', }; + +sub init { + my ($self) = @_; + return 1; +} + +sub gotRequest { + my ( $self, $res, $login ) = @_; + + # Return a weird + return -999; +} + +1; + From faadb3f0598a6a5b592df4d51f70a33de353c67d Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 14:59:51 +0100 Subject: [PATCH 008/357] add oidcGotRequest hook (#2359) --- .../lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index 4f436c68d..52e8c85b2 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -178,6 +178,10 @@ sub run { } } + my $h = + $self->p->processHook( $req, 'oidcGotRequest', $oidc_request ); + return PE_ERROR if ( $h != PE_OK ); + # Detect requested flow my $response_type = $oidc_request->{'response_type'}; my $flow = $self->getFlowType($response_type); From daef0cf7765e045a13bd9539224abb69b627d8c8 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 15:00:16 +0100 Subject: [PATCH 009/357] add oidcGenerateUserInfoResponse hook (#2359) --- .../lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm | 6 +++--- .../lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index 52e8c85b2..8165e79c7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -1368,7 +1368,7 @@ sub _handleAuthorizationCodeGrant { } # Create ID Token - my $id_token = $self->createIDToken( $id_token_payload_hash, $rp ); + my $id_token = $self->createIDToken( $req, $id_token_payload_hash, $rp ); unless ($id_token) { $self->logger->error( @@ -1586,7 +1586,7 @@ sub _handleRefreshTokenGrant { } # Create ID Token - my $id_token = $self->createIDToken( $id_token_payload_hash, $rp ); + my $id_token = $self->createIDToken( $req, $id_token_payload_hash, $rp ); unless ($id_token) { $self->logger->error( @@ -2302,7 +2302,7 @@ sub _generateIDToken { } # Create ID Token - return $self->createIDToken( $id_token_payload_hash, $rp ); + return $self->createIDToken( $req, $id_token_payload_hash, $rp ); } sub _redirectToUrl { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm index 65208ea97..59bfdf557 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm @@ -1394,6 +1394,10 @@ sub buildUserInfoResponse { } } + my $h = $self->p->processHook( $req, 'oidcGenerateUserInfoResponse', + $userinfo_response ); + return {} if ( $h != PE_OK ); + return $userinfo_response; } @@ -1577,7 +1581,7 @@ sub createJWT { # @param rp Internal Relying Party identifier # @return String id_token ID Token as JWT sub createIDToken { - my ( $self, $payload, $rp ) = @_; + my ( $self, $req, $payload, $rp ) = @_; # Get signature algorithm my $alg = $self->conf->{oidcRPMetaDataOptions}->{$rp} From f49c1adf17cfcbdda7d07405822c7aa68f743261 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 15:00:28 +0100 Subject: [PATCH 010/357] add oidcGenerateIDToken hook (#2359) --- .../lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm index 59bfdf557..98f451d97 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm @@ -1588,6 +1588,9 @@ sub createIDToken { ->{oidcRPMetaDataOptionsIDTokenSignAlg}; $self->logger->debug("ID Token signature algorithm: $alg"); + my $h = $self->p->processHook( $req, 'oidcGenerateIDToken', $payload, $rp ); + return undef if ( $h != PE_OK ); + return $self->createJWT( $payload, $alg, $rp ); } From 3d83e9fb88f36dc01232b151b0c464ef3157d796 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 5 Nov 2020 15:24:45 +0100 Subject: [PATCH 011/357] Unit test for OIDC hooks (#2359) --- lemonldap-ng-portal/t/32-OIDC-Hooks.t | 175 ++++++++++++++++++++++++ lemonldap-ng-portal/t/OidcHookPlugin.pm | 41 ++++++ 2 files changed, 216 insertions(+) create mode 100644 lemonldap-ng-portal/t/32-OIDC-Hooks.t create mode 100644 lemonldap-ng-portal/t/OidcHookPlugin.pm diff --git a/lemonldap-ng-portal/t/32-OIDC-Hooks.t b/lemonldap-ng-portal/t/32-OIDC-Hooks.t new file mode 100644 index 000000000..ead6125c4 --- /dev/null +++ b/lemonldap-ng-portal/t/32-OIDC-Hooks.t @@ -0,0 +1,175 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; +use JSON; + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; +} + +my $debug = 'error'; + +# Initialization +my $op = LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.op.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBOpenIDConnectActivation => 1, + issuerDBOpenIDConnectRule => '$uid eq "french"', + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + }, + rp2 => { + email => "mail", + family_name => "cn", + name => "cn" + } + }, + oidcServiceMetaDataAuthorizeURI => "authorize", + oidcServiceMetaDataCheckSessionURI => "checksession.html", + oidcServiceMetaDataJWKSURI => "jwks", + oidcServiceMetaDataEndSessionURI => "logout", + oidcServiceMetaDataRegistrationURI => "register", + oidcServiceMetaDataTokenURI => "token", + oidcServiceMetaDataUserInfoURI => "userinfo", + oidcServiceAllowHybridFlow => 1, + oidcServiceAllowImplicitFlow => 1, + oidcServiceAllowDynamicRegistration => 1, + oidcServiceAllowAuthorizationCodeFlow => 1, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + oidcRPMetaDataOptionsBypassConsent => 1, + }, + oauth => { + oidcRPMetaDataOptionsDisplayName => "oauth", + oidcRPMetaDataOptionsClientID => "oauth", + oidcRPMetaDataOptionsClientSecret => "service", + oidcRPMetaDataOptionsUserIDAttr => "", + } + }, + oidcOPMetaDataOptions => {}, + oidcOPMetaDataJSON => {}, + oidcOPMetaDataJWKS => {}, + oidcServiceMetaDataAuthnContext => { + 'loa-4' => 4, + 'loa-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 + }, + oidcServicePrivateKeySig => oidc_key_op_private_sig, + oidcServicePublicKeySig => oidc_key_op_public_sig, + customPlugins => 't::OidcHookPlugin', + } + } +); +my $res; + +# Authenticate to LLNG +my $url = "/"; +my $query = "user=french&password=french"; +ok( + $res = $op->_post( + "/", + IO::String->new($query), + accept => 'text/html', + length => length($query), + ), + "Post authentication" +); +my $idpId = expectCookie($res); + +# Get code for RP1 +$query = +"response_type=code&scope=openid%20profile%20email&client_id=rpid&state=af0ifjsldkj&redirect_uri=http%3A%2F%2Frp2.com%2F"; +ok( + $res = $op->_get( + "/oauth2/authorize", + query => "$query", + accept => 'text/html', + cookie => "lemonldap=$idpId", + ), + "Get authorization code" +); + +my ($code) = expectRedirection( $res, qr#http://rp2\.com/.*code=([^\&]*)# ); + +# Exchange code for AT +$query = +"grant_type=authorization_code&code=$code&redirect_uri=http%3A%2F%2Frp2.com%2F"; + +ok( + $res = $op->_post( + "/oauth2/token", + IO::String->new($query), + accept => 'text/html', + length => length($query), + custom => { + HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"), + }, + ), + "Post token" +); +my $json = from_json( $res->[2]->[0] ); +my $token = $json->{access_token}; +ok( $token, 'Access token present' ); +my $id_token = $json->{id_token}; +ok( $id_token, 'ID token present' ); +my $id_token_payload = id_token_payload($id_token); +is ($id_token_payload->{id_token_hook}, 1, "Found hooked claim in ID token"); + +# Get userinfo +$res = $op->_post( + "/oauth2/userinfo", + IO::String->new(''), + accept => 'application/json', + length => 0, + custom => { + HTTP_AUTHORIZATION => "Bearer " . $token, + }, +); + +$json = expectJSON($res); +is ($json->{userinfo_hook}, 1, "Found hooked claim in Userinfo token"); + + +# Introspect to find scopes +$query = "token=$token"; +ok( + $res = $op->_post( + "/oauth2/introspect", + IO::String->new($query), + accept => 'text/html', + length => length $query, + custom => { + HTTP_AUTHORIZATION => "Basic " . encode_base64("oauth:service"), + }, + ), + "Post introspection" +); + +expectOK($res); +$json = from_json( $res->[2]->[0] ); +like($json->{scope}, qr/\bmy_hooked_scope\b/, "Found hook defined scope"); + +clean_sessions(); +done_testing(); + diff --git a/lemonldap-ng-portal/t/OidcHookPlugin.pm b/lemonldap-ng-portal/t/OidcHookPlugin.pm new file mode 100644 index 000000000..e0e830a66 --- /dev/null +++ b/lemonldap-ng-portal/t/OidcHookPlugin.pm @@ -0,0 +1,41 @@ +package t::OidcHookPlugin; + +use Mouse; +extends 'Lemonldap::NG::Portal::Main::Plugin'; + +use Lemonldap::NG::Portal::Main::Constants qw(PE_OK); +use Data::Dumper; +use Test::More; + +use constant hook => { + oidcGenerateIDToken => 'addClaimToIDToken', + oidcGenerateUserInfoResponse => 'addClaimToUserInfo', + oidcGotRequest => 'addScopeToRequest', +}; + +sub init { + my ($self) = @_; + return 1; +} + +sub addClaimToIDToken { + my ( $self, $req, $payload, $rp ) = @_; + $payload->{"id_token_hook"} = 1; + return PE_OK; +} + +sub addClaimToUserInfo { + my ( $self, $req, $userinfo ) = @_; + $userinfo->{"userinfo_hook"} = 1; + return PE_OK; +} + +sub addScopeToRequest { + my ( $self, $req, $oidc_request ) = @_; + $oidc_request->{scope} = $oidc_request->{scope} . " my_hooked_scope"; + + return PE_OK; +} + +1; + From 699679a8e0b51e0954859277e707f4193d5fe2c9 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Fri, 27 Nov 2020 12:16:56 +0100 Subject: [PATCH 012/357] Documentation for #2359 --- doc/sources/admin/hooks.rst | 181 ++++++++++++++++++ doc/sources/admin/plugincustom.rst | 23 +++ .../lib/Lemonldap/NG/Portal/Main/Plugin.pm | 13 ++ 3 files changed, 217 insertions(+) create mode 100644 doc/sources/admin/hooks.rst diff --git a/doc/sources/admin/hooks.rst b/doc/sources/admin/hooks.rst new file mode 100644 index 000000000..c89f9ecc3 --- /dev/null +++ b/doc/sources/admin/hooks.rst @@ -0,0 +1,181 @@ +Available plugin hooks +====================== + +OpenID Connect Issuer hooks +--------------------------- + +oidcGotRequest +~~~~~~~~~~~~~~~ + +.. versionadded:: 2.0.10 + +This hook is triggered when LemonLDAP::NG received an authorization request on the `/oauth2/authorize` endpoint. + +The hook's parameter is a hash containing the authorization request parameters. + +Sample code:: + + use constant hook => { + oidcGotRequest => 'addScopeToRequest', + }; + + sub addScopeToRequest { + my ( $self, $req, $oidc_request ) = @_; + $oidc_request->{scope} = $oidc_request->{scope} . " my_hooked_scope"; + + return PE_OK; + } + + +oidcGenerateUserInfoResponse +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 2.0.10 + +This hook is triggered when LemonLDAP::NG is about to send a UserInfo response to a relying party on the `/oauth2/userinfo` endpoint. + +The hook's parameter is a hash containing all the claims that are about to be released. + +Sample code:: + + use constant hook => { + oidcGenerateUserInfoResponse => 'addClaimToUserInfo', + }; + + sub addClaimToUserInfo { + my ( $self, $req, $userinfo ) = @_; + $userinfo->{"userinfo_hook"} = 1; + return PE_OK; + } + +oidcGenerateIDToken +~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 2.0.10 + +This hook is triggered when LemonLDAP::NG is generating an ID Token. + +The hook's parameters are: + +* A hash of the claims to be contained in the ID Token +* the configuration key of the relying party which will receive the token + +Sample code:: + + use constant hook => { + oidcGenerateIDToken => 'addClaimToIDToken', + }; + + sub addClaimToIDToken { + my ( $self, $req, $payload, $rp ) = @_; + $payload->{"id_token_hook"} = 1; + return PE_OK; + } + +SAML Issuer hooks +----------------- + +samlGotAuthnRequest +~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 2.0.10 + +This hook is triggered when LemonLDAP::NG has received a SAML login request + +The hook's parameter is the Lasso::Login object + +Sample code:: + + use constant hook => { + samlGotAuthnRequest => 'gotRequest', + }; + + sub gotRequest { + my ( $self, $res, $login ) = @_; + + # Your code here + } + +samlBuildAuthnResponse +~~~~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 2.0.10 + +This hook is triggered when LemonLDAP::NG is about to build a response to the SAML login request + +The hook's parameter is the Lasso::Login object + +Sample code:: + + use constant hook => { + samlBuildAuthnResponse => 'buildResponse', + }; + + sub buildResponse { + my ( $self, $res, $login ) = @_; + + # Your code here + } + +samlGotLogoutRequest +~~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 2.0.10 + +This hook is triggered when LemonLDAP::NG has received a SAML logout request + +The hook's parameter is the Lasso::Logout object + +Sample code:: + + use constant hook => { + samlGotLogoutRequest => 'gotLogout', + }; + + sub gotLogout { + my ( $self, $res, $logout ) = @_; + + # Your code here + } + +samlGotLogoutResponse +~~~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 2.0.10 + +This hook is triggered when LemonLDAP::NG has received a SAML logout response + +The hook's parameter is the Lasso::Logout object + +Sample code:: + + use constant hook => { + samlGotLogoutResponse => 'gotLogoutResponse', + }; + + sub gotLogoutResponse { + my ( $self, $res, $logout ) = @_; + + # Your code here + } + +samlBuildLogoutResponse +~~~~~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 2.0.10 + +This hook is triggered when LemonLDAP::NG is about to generate a SAML logout response + +The hook's parameter is the Lasso::Logout object + +Sample code:: + + use constant hook => { + samlBuildLogoutResponse => 'buildLogoutResponse', + }; + + sub buildLogoutResponse { + my ( $self, $res, $logout ) = @_; + + # Your code here + } diff --git a/doc/sources/admin/plugincustom.rst b/doc/sources/admin/plugincustom.rst index 4924eb45c..a72262541 100644 --- a/doc/sources/admin/plugincustom.rst +++ b/doc/sources/admin/plugincustom.rst @@ -4,6 +4,9 @@ Write a custom plugin Presentation ------------ +Standard entry points +~~~~~~~~~~~~~~~~~~~~~ + You can now write a custom portal plugin that will hook in the authentication process: @@ -18,6 +21,9 @@ authentication process: - ``forAuthUser``: method called for already authenticated users - ``beforeLogout``: method called before logout +Extended entry points +~~~~~~~~~~~~~~~~~~~~~ + If you need to call a method just after any standard method in authentication process, then use ``afterSub``, for example: @@ -48,6 +54,23 @@ authentication process, then use ``aroundSub``, for example: return $ret; } + +Hooks +~~~~~ + +.. versionadded:: 2.0.10 + +Your plugin can also register itself to be called at some points of interest +within the main LemonLDAP::NG code. + +.. toctree:: + :maxdepth: 1 + + hooks + +Routes +~~~~~~ + The plugin can also define new routes and call actions on them. See also ``Lemonldap::NG::Portal::Main::Plugin`` man page. diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm index b20ad9ffe..fffddd769 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm @@ -320,6 +320,19 @@ method. Example: Do not launch "getUser" but use the given C<$sub>. This permits multiple plugins to use "aroundSub" in the same time. +=item C: hash ref that gives methods to call when a hook is triggered in the +LemonLDAP::NG code. Example: + + use constant hook => { + oidcGenerateIDToken => 'addClaimToIDToken' + }; + + sub addClaimToIDToken { + my ( $self, $req, $payload, $rp ) = @_; + $payload->{"id_token_hook"} = 1; + return PE_OK; + } + =back =head1 LOGGING From 90d2dc58b75677dd0bb3e07b640903ffe22421df Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Thu, 10 Dec 2020 23:56:12 +0100 Subject: [PATCH 013/357] Decrease log level --- lemonldap-ng-portal/t/01-Unauth-Logout.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/t/01-Unauth-Logout.t b/lemonldap-ng-portal/t/01-Unauth-Logout.t index d8335305d..ce4f90f99 100644 --- a/lemonldap-ng-portal/t/01-Unauth-Logout.t +++ b/lemonldap-ng-portal/t/01-Unauth-Logout.t @@ -5,7 +5,7 @@ require 't/test-lib.pm'; my $res; my $client = LLNG::Manager::Test->new( - { ini => { logLevel => 'debug', useSafeJail => 1 } } ); + { ini => { logLevel => 'error', useSafeJail => 1 } } ); # Test unauthenticated logout request with param ok( From 2dde8672d511d353d08390708fe9ed3ff8f1c8d5 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 11 Dec 2020 00:10:22 +0100 Subject: [PATCH 014/357] Fix unit tests warning (#2406) --- .../lib/Lemonldap/NG/Portal/Plugins/CheckState.pm | 2 +- lemonldap-ng-portal/t/77-2F-Mail-SessionKey.t | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm index d052ac831..f3fc4cc81 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm @@ -35,7 +35,7 @@ sub check { and $req->param('secret') eq $self->conf->{checkStateSecret} ); $req->steps( [ 'controlUrl', @{ $self->p->beforeAuth } ] ); my $res = $self->p->process($req); - if ( $res > 0 ) { + if ( $res && $res > 0 ) { push @rep, "Bad result before auth: $res"; } diff --git a/lemonldap-ng-portal/t/77-2F-Mail-SessionKey.t b/lemonldap-ng-portal/t/77-2F-Mail-SessionKey.t index 7810ab087..9e1f12d59 100644 --- a/lemonldap-ng-portal/t/77-2F-Mail-SessionKey.t +++ b/lemonldap-ng-portal/t/77-2F-Mail-SessionKey.t @@ -9,8 +9,7 @@ require 't/smtp.pm'; use_ok('Lemonldap::NG::Common::FormEncode'); count(1); -my $client = LLNG::Manager::Test->new( - { +my $client = LLNG::Manager::Test->new( { ini => { logLevel => 'error', mail2fActivation => 1, @@ -18,7 +17,8 @@ my $client = LLNG::Manager::Test->new( authentication => 'Demo', userDB => 'Same', mailSessionKey => 'mail', - macros => { 'mail2f' => '"test\@example.com"', }, + macros => + { mail2f => '"test\@example.com"', _whatToTrace => '$uid' }, mail2fSessionKey => 'mail2f', } } From 1bec61b68f11c312f29ce0c9fac9b2e3440a85c2 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Wed, 16 Dec 2020 16:14:35 +0100 Subject: [PATCH 015/357] Document SELinux fix when upgrading to 2.0.9 --- doc/sources/admin/upgrade_2_0_x.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst index f41afeffe..d48f24a5a 100644 --- a/doc/sources/admin/upgrade_2_0_x.rst +++ b/doc/sources/admin/upgrade_2_0_x.rst @@ -58,6 +58,10 @@ your existing ``localSessionStorageOptions/cache_root`` parameter from ``/tmp`` to ``/var/cache/lemonldap-ng``. Be sure to create this directory on your file system before modifying your configuration. +If you are using SELinux, you also need to run the following commands :: + + semanage fcontext --add -t httpd_cache_t -f a '/var/cache/lemonldap-ng(/.*)?' + restorecon -R /var/cache/lemonldap-ng/ Required changes in NGINX handler rules (CVE-2020-24660) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 652d8ba9bcda297bec2698dc52cccbd8986e08d8 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 14 Dec 2020 22:53:27 +0100 Subject: [PATCH 016/357] Prevent authentication on backend if account is locked (#2243) --- .../Lemonldap/NG/Manager/Build/Attributes.pm | 25 ++-- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 12 +- .../lib/Lemonldap/NG/Portal/Main/Process.pm | 13 +- .../lib/Lemonldap/NG/Portal/Main/Run.pm | 9 +- .../NG/Portal/Plugins/BruteForceProtection.pm | 123 +++++++++--------- ...rceProtection-with-Incremental-lockTimes.t | 25 +++- .../t/61-BruteForceProtection.t | 14 +- 7 files changed, 128 insertions(+), 93 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 5ff9ae575..1214183a2 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -851,27 +851,24 @@ sub attributes { documentation => 'Enable brute force attack protection', }, bruteForceProtectionTempo => { - default => 30, - type => 'int', - documentation => - 'Brute force attack protection -> Tempo before try again', + default => 30, + type => 'int', + documentation => 'Lock time', }, bruteForceProtectionMaxAge => { - default => 300, - type => 'int', - documentation => -'Brute force attack protection -> Max age between last and first allowed failed login', + default => 300, + type => 'int', + documentation => 'Max age between current and first failed login', }, bruteForceProtectionMaxFailed => { - default => 3, - type => 'int', - documentation => - 'Brute force attack protection -> Max allowed failed login', + default => 3, + type => 'int', + documentation => 'Max allowed failed login', }, bruteForceProtectionMaxLockTime => { default => 900, type => 'int', - documentation => 'Brute force attack protection -> Max lock time', + documentation => 'Max lock time', }, bruteForceProtectionIncrementalTempo => { default => 0, @@ -882,7 +879,7 @@ sub attributes { }, bruteForceProtectionLockTimes => { type => 'text', - default => '5, 15, 60, 300, 600', + default => '15, 30, 60, 300, 600', documentation => 'Incremental lock time values for brute force attack protection', }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index 3a580cf78..4b03bfb9d 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -689,19 +689,19 @@ sub tests { '"History" plugin is required to enable "BruteForceProtection" plugin' ) unless ( $conf->{loginHistoryEnabled} ); return ( 1, -'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin' - ) unless ( $conf->{failedLoginNumber} > 2 ); +'Number of failed logins must be higher than 1 to enable "BruteForceProtection" plugin' + ) unless ( $conf->{failedLoginNumber} > 1 ); return ( 1, -'Number of failed logins history must be higher than allowed failed logins plus lock time values' +'Number of failed logins history must be higher or equal than allowed failed logins plus lock time values' ) if ( $conf->{bruteForceProtectionIncrementalTempo} - && $conf->{failedLoginNumber} <= + && $conf->{failedLoginNumber} < $conf->{bruteForceProtectionMaxFailed} + $conf->{bruteForceProtectionLockTimes} ); return ( 1, -'Number of failed logins history must be higher than allowed failed logins' +'Number of failed logins history must be higher or equal than allowed failed logins' ) - unless ( $conf->{failedLoginNumber} > + unless ( $conf->{failedLoginNumber} >= $conf->{bruteForceProtectionMaxFailed} ); return 1; }, diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm index 63f717fd4..95d9b9d1a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm @@ -185,7 +185,7 @@ sub checkUnauthLogout { $self->userLogger->info('Unauthenticated logout request'); $self->logger->debug('Cleaning pdata'); $self->logger->debug("Removing $self->{conf}->{cookieName} cookie"); - $req->pdata({}); + $req->pdata( {} ); $req->addCookie( $self->cookie( name => $self->conf->{cookieName}, @@ -449,12 +449,13 @@ sub setGroups { } sub setPersistentSessionInfo { - my ( $self, $req ) = @_; + + # $user passed by BruteForceProtection plugin + my ( $self, $req, $user ) = @_; # Do not restore infos if session already opened unless ( $req->id ) { - my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} }; - + my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} } || $user; return PE_OK unless ( $key and length($key) ); my $persistentSession = $self->getPersistentSession($key); @@ -593,9 +594,9 @@ sub secondFactor { } sub storeHistory { - my ( $self, $req ) = @_; + my ( $self, $req, $uid ) = @_; # $uid passed by BruteForceProtection plugin if ( $self->conf->{loginHistoryEnabled} ) { - $self->registerLogin($req); + $self->registerLogin( $req, $uid ); } PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 3689eeba9..5474826a0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -1037,7 +1037,9 @@ sub tplParams { } sub registerLogin { - my ( $self, $req ) = @_; + + # $user passed by BruteForceProtection plugin + my ( $self, $req, $uid ) = @_; return unless ( $self->conf->{loginHistoryEnabled} and defined $req->authResult ); @@ -1067,7 +1069,8 @@ sub registerLogin { } } } - $self->updatePersistentSession( $req, { 'loginHistory' => undef } ); + $self->updatePersistentSession( $req, { 'loginHistory' => undef }, + $uid ); delete $req->sessionInfo->{loginHistory}; } @@ -1092,7 +1095,7 @@ sub registerLogin { if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } ); # Save into persistent session - $self->updatePersistentSession( $req, { _loginHistory => $history, } ); + $self->updatePersistentSession( $req, { _loginHistory => $history }, $uid ); PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm index 5ee3988c0..2fcaf9648 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm @@ -12,7 +12,7 @@ our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Portal::Main::Plugin'; # INITIALIZATION -use constant afterSub => { storeHistory => 'run' }; +use constant aroundSub => { authenticate => 'check' }; has lockTimes => ( is => 'rw', @@ -25,8 +25,15 @@ has maxAge => ( isa => 'Int' ); +has maxFailed => ( + is => 'rw', + isa => 'Int' +); + sub init { my ($self) = @_; + $self->maxFailed( abs $self->conf->{bruteForceProtectionMaxFailed} ); + if ( $self->conf->{disablePersistentStorage} ) { $self->logger->error( '"BruteForceProtection" plugin enabled WITHOUT persistent session storage"' @@ -40,13 +47,11 @@ sub init { return 0; } - unless ( $self->conf->{failedLoginNumber} > - $self->conf->{bruteForceProtectionMaxFailed} ) - { + unless ( $self->conf->{failedLoginNumber} > $self->maxFailed ) { $self->logger->error( 'Number of failed logins history (' . $self->conf->{failedLoginNumber} . ') must be higher than allowed failed logins attempt (' - . $self->conf->{bruteForceProtectionMaxFailed} + . $self->maxFailed . ')' ); return 0; } @@ -62,21 +67,16 @@ sub init { split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes}; unless ($lockTimes) { - @{ $self->lockTimes } = ( 5, 15, 60, 300, 600 ); + @{ $self->lockTimes } = ( 15, 30, 60, 300, 600 ); $lockTimes = 5; } - for ( - my $i = 1 ; - $i <= $self->conf->{bruteForceProtectionMaxFailed} ; - $i++ - ) - { + for ( my $i = 1 ; $i < $self->maxFailed ; $i++ ) { unshift @{ $self->lockTimes }, 0; $lockTimes++; } - unless ( $lockTimes < $self->conf->{failedLoginNumber} ) { + unless ( $lockTimes <= $self->conf->{failedLoginNumber} ) { $self->logger->warn( 'Number failed logins history (' . $self->conf->{failedLoginNumber} . ') must be higher than incremental lock time values plus allowed failed logins attempt (' @@ -91,76 +91,83 @@ sub init { $self->maxAge($sum); } else { - $self->maxAge( $self->conf->{bruteForceProtectionMaxAge} ); + $self->maxAge( $self->conf->{bruteForceProtectionMaxAge} * + ( 1 + $self->maxFailed ) ); } - + return 1; } # RUNNING METHOD -sub run { - my ( $self, $req ) = @_; - my $now = time; +sub check { + my ( $self, $sub, $req ) = @_; + my $now = time; + $self->p->setSessionInfo($req); + $self->logger->debug("Retrieve $req->{user} logins history"); + $self->p->setPersistentSessionInfo( $req, $req->{user} ); + my $countFailed = my @failedLogins = - map { ( $now - $_->{_utime} ) < $self->maxAge ? $_ : () } + map { ( $now - $_->{_utime} ) <= $self->maxAge ? $_ : () } @{ $req->sessionInfo->{_loginHistory}->{failedLogin} }; - $self->logger->debug( ' Failed login maxAge = ' . $self->maxAge ); + $self->logger->debug( ' -> Failed login maxAge = ' . $self->maxAge ); $self->logger->debug( - " Number of failed login(s) to take into account = $countFailed"); + "Number of failed login(s) to take into account = $countFailed"); + my $lastFailedLoginEpoch = $failedLogins[0]->{_utime} || undef; if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) { - my $lastFailedLoginEpoch = $failedLogins[0]->{_utime} || undef; - - return PE_OK unless $lastFailedLoginEpoch; + return $sub->($req) unless $lastFailedLoginEpoch; + # Delta between current attempt and last failed login my $delta = $now - $lastFailedLoginEpoch; $self->logger->debug(" -> Delta = $delta"); + + # Time to wait my $waitingTime = $self->lockTimes->[ $countFailed - 1 ] // $self->conf->{bruteForceProtectionMaxLockTime}; + + # Reach last tempo. Stop to increase waiting time + if ( $countFailed >= scalar @{ $self->lockTimes } ) { + $self->userLogger->warn( + "BruteForceProtection: Last lock time has been reached"); + $self->logger->debug("Force waitingTime to last value"); + $waitingTime = + $self->lockTimes->[ scalar @{ $self->lockTimes } - 1 ]; + } $self->logger->debug(" -> Waiting time = $waitingTime"); - if ( $waitingTime && $delta <= $waitingTime ) { - $self->logger->debug("BruteForceProtection enabled"); - $req->lockTime($waitingTime); + + # Delta < waitingTime => wait + if ( $waitingTime && $delta < $waitingTime ) { + $self->userLogger->warn("BruteForceProtection enabled"); + $req->authResult(PE_WAIT); + + # Do not store failed login if last tempo or max tempo is reached + $self->p->registerLogin( $req, $req->{user} ) + if ( $waitingTime < $self->conf->{bruteForceProtectionMaxLockTime} + && $waitingTime < + $self->lockTimes->[ scalar @{ $self->lockTimes } - 1 ] ); + $req->lockTime( $waitingTime - $delta ); return PE_WAIT; } - return PE_OK; + return $sub->($req); } - return PE_OK - if ( $countFailed <= $self->conf->{bruteForceProtectionMaxFailed} ); + return $sub->($req) + if ( $countFailed < $self->maxFailed ); - my @lastFailedLoginEpoch = (); - my $MaxAge = $self->maxAge + 1; - - # Auth_N-2 failed login epoch - foreach ( 0 .. $self->conf->{bruteForceProtectionMaxFailed} - 1 ) { - push @lastFailedLoginEpoch, - $req->sessionInfo->{_loginHistory}->{failedLogin}->[$_]->{_utime} - if ( $req->sessionInfo->{_loginHistory}->{failedLogin}->[$_] ); - } - - # If Auth_N-MaxFailed older than MaxAge -> another try allowed - $MaxAge = - $lastFailedLoginEpoch[0] - - $lastFailedLoginEpoch[ $self->conf->{bruteForceProtectionMaxFailed} - 1 ] - if $self->conf->{bruteForceProtectionMaxFailed}; - $self->logger->debug(" -> MaxAge = $MaxAge"); - - return PE_OK - if ( $MaxAge > $self->maxAge ); - - # Delta between the two last failed logins -> Auth_N - Auth_N-1 - my $delta = - defined $lastFailedLoginEpoch[1] ? $now - $lastFailedLoginEpoch[1] : 0; + # Delta between current attempt and last failed login + my $delta = $lastFailedLoginEpoch ? $now - $lastFailedLoginEpoch : 0; $self->logger->debug(" -> Delta = $delta"); - # Delta between the two last failed logins < Tempo => wait - return PE_OK - unless ( $delta <= $self->conf->{bruteForceProtectionTempo} ); + # Delta < Tempo => wait + return $sub->($req) + unless ( $delta < $self->conf->{bruteForceProtectionTempo} + && $countFailed ); # Account locked - $self->logger->debug("BruteForceProtection enabled"); - $req->lockTime( $self->conf->{bruteForceProtectionTempo} ); + $self->userLogger->warn("BruteForceProtection enabled"); + $self->logger->debug( + " -> Waiting time = $self->{conf}->{bruteForceProtectionTempo}"); + $req->lockTime( $self->conf->{bruteForceProtectionTempo} - $delta ); return PE_WAIT; } diff --git a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t index a3d7a3b36..f5dac9f0c 100644 --- a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t +++ b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t @@ -10,7 +10,7 @@ my $res; my $client = LLNG::Manager::Test->new( { ini => { - logLevel => 'error', + logLevel => 'debug', authentication => 'Demo', userDB => 'Same', loginHistoryEnabled => 1, @@ -118,11 +118,32 @@ ok( ), '2nd Bad Auth query' ); +ok( $res->[2]->[0] =~ /<\/span>/, + 'Rejected -> Protection enabled' ) + or print STDERR Dumper( $res->[2]->[0] ); +ok( $res->[2]->[0] =~ m%5 seconds%, + 'LockTime = 5' ) + or print STDERR Dumper( $res->[2]->[0] ); +count(3); + +# Waiting +Time::Fake->offset("+6s"); + +## Third failed connection +ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=ohwd'), + length => 23, + accept => 'text/html', + ), + '3rd Bad Auth query' +); ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); ok( $res->[2]->[0] =~ m%10 seconds%, - 'LockTime = 10' ) + 'LockTime = 10**************' ) or print STDERR Dumper( $res->[2]->[0] ); count(3); diff --git a/lemonldap-ng-portal/t/61-BruteForceProtection.t b/lemonldap-ng-portal/t/61-BruteForceProtection.t index df2ee8441..baeffa886 100644 --- a/lemonldap-ng-portal/t/61-BruteForceProtection.t +++ b/lemonldap-ng-portal/t/61-BruteForceProtection.t @@ -224,14 +224,20 @@ $id1 = expectCookie($res); ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' ) or print STDERR Dumper( $res->[2]->[0] ); +ok( $res->[2]->[0] =~ //, 'History found' ) + or print STDERR Dumper( $res->[2]->[0] ); +ok( $res->[2]->[0] =~ //, 'History found' ) + or print STDERR Dumper( $res->[2]->[0] ); my @c = ( $res->[2]->[0] =~ /127.0.0.1/gs ); my @cf = ( $res->[2]->[0] =~ /PE5<\/td>/gs ); -# History with 10 entries -ok( @c == 10, ' -> Ten entries found' ); -ok( @cf == 6, " -> Six 'failedLogin' entries found" ); -count(3); +# History with 8 entries +ok( @c == 8, ' -> Eight entries found' ) + or print STDERR Dumper( $res->[2]->[0] ); +ok( @cf == 4, " -> Four 'failedLogin' entries found" ) + or print STDERR Dumper( $res->[2]->[0] ); +count(5); $client->logout($id1); clean_sessions(); From e35209c7615f6b75b0a96ffa1a6bc5f3ffaf9cf1 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 16 Dec 2020 22:52:28 +0100 Subject: [PATCH 017/357] Remove trailing white-spaces with Zimbra parameters --- .../lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm | 7 +++++++ .../t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm index 47350147a..55f48ea62 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm @@ -9,6 +9,7 @@ package Lemonldap::NG::Handler::Lib::ZimbraPreAuth; use strict; +use URI::Escape; use Digest::HMAC_SHA1 qw(hmac_sha1_hex); our $VERSION = '2.0.7'; @@ -33,6 +34,12 @@ sub run { my $zimbraSsoUrl = $localConfig->{zimbraSsoUrl} || '^/zimbrasso$'; my $timeout = $localConfig->{'timeout'} || '0'; + # Remove trailing white-spaces + $zimbraAccountKey =~ s/\s+$//; + $zimbraBy =~ s/\s+$//; + $zimbraUrl =~ s/\s+$//; + $zimbraSsoUrl =~ s/\s+$//; + # Display found values in debug mode $class->logger->debug("zimbraPreAuthKey: $zimbraPreAuthKey"); $class->logger->debug("zimbraAccountKey: $zimbraAccountKey"); diff --git a/lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t b/lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t index 1b8d198aa..cd1aa336e 100644 --- a/lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t +++ b/lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t @@ -17,7 +17,7 @@ SKIP: { logLevel => 'error', zimbraPreAuthKey => '1234567890', zimbraUrl => '/service/preauthtest', - zimbraSsoUrl => '^/testsso', + zimbraSsoUrl => '^/testsso ', vhostOptions => { 'test1.example.com' => { vhostHttps => 0, From 7be0240389127e73c40d53c2229d88d93ba32005 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 16 Dec 2020 22:58:01 +0100 Subject: [PATCH 018/357] Update default values & Tidy (#2243) --- .../lib/Lemonldap/NG/Common/Conf/DefaultValues.pm | 2 +- lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm | 2 +- lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm | 3 +++ lemonldap-ng-manager/site/htdocs/static/struct.json | 2 +- .../lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index e974892bd..87292e04e 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -19,7 +19,7 @@ sub defaultValues { 'authentication' => 'Demo', 'available2F' => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,Yubikey,Radius', 'available2FSelfRegistration' => 'TOTP,U2F,Yubikey', - 'bruteForceProtectionLockTimes' => '5, 15, 60, 300, 600', + 'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600', 'bruteForceProtectionMaxAge' => 300, 'bruteForceProtectionMaxFailed' => 3, 'bruteForceProtectionMaxLockTime' => 900, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index f08fa2146..09d8b727b 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -658,7 +658,7 @@ sub attributes { 'type' => 'bool' }, 'bruteForceProtectionLockTimes' => { - 'default' => '5, 15, 60, 300, 600', + 'default' => '15, 30, 60, 300, 600', 'type' => 'text' }, 'bruteForceProtectionMaxAge' => { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index 4b03bfb9d..57c859f65 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -692,6 +692,9 @@ sub tests { 'Number of failed logins must be higher than 1 to enable "BruteForceProtection" plugin' ) unless ( $conf->{failedLoginNumber} > 1 ); return ( 1, +'Number of allowed failed logins must be higher than 0 to enable "BruteForceProtection" plugin' + ) unless ( $conf->{bruteForceProtectionMaxFailed} > 0 ); + return ( 1, 'Number of failed logins history must be higher or equal than allowed failed logins plus lock time values' ) if ( $conf->{bruteForceProtectionIncrementalTempo} diff --git a/lemonldap-ng-manager/site/htdocs/static/struct.json b/lemonldap-ng-manager/site/htdocs/static/struct.json index fbc846eab..0899d296d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/struct.json +++ b/lemonldap-ng-manager/site/htdocs/static/struct.json @@ -1 +1 @@ -[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"},{"id":"krbAllowedDomains","title":"krbAllowedDomains"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":10,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":10,"id":"ldapIOTimeout","title":"ldapIOTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":1,"id":"displaySessionId","title":"displaySessionId","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":2592000,"id":"stayConnectedTimeout","title":"stayConnectedTimeout","type":"int"},{"default":"llngconnection","id":"stayConnectedCookieName","title":"stayConnectedCookieName"}],"help":"stayconnected.html","id":"stayConnect","title":"stayConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"},{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"help":"portalservers.html","id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetcertificate.html","id":"certificateResetByMailManagement","title":"certificateResetByMailManagement"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"},{"cnodes":"checkUserHiddenHeaders","id":"checkUserHiddenHeaders","title":"checkUserHiddenHeaders","type":"keyTextContainer"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"}],"help":"impersonation.html","id":"impersonation","title":"impersonation","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"default":0,"id":"totp2fDisplayExistingSecret","title":"totp2fDisplayExistingSecret","type":"bool"},{"default":0,"id":"totp2fUserCanChangeKey","title":"totp2fUserCanChangeKey","type":"bool"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"},{"id":"mail2fSessionKey","title":"mail2fSessionKey"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":0,"help":"safejail.html","id":"avoidAssignment","title":"avoidAssignment","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"5, 15, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file +[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"},{"id":"krbAllowedDomains","title":"krbAllowedDomains"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":10,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":10,"id":"ldapIOTimeout","title":"ldapIOTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":1,"id":"displaySessionId","title":"displaySessionId","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":2592000,"id":"stayConnectedTimeout","title":"stayConnectedTimeout","type":"int"},{"default":"llngconnection","id":"stayConnectedCookieName","title":"stayConnectedCookieName"}],"help":"stayconnected.html","id":"stayConnect","title":"stayConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"},{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"help":"portalservers.html","id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetcertificate.html","id":"certificateResetByMailManagement","title":"certificateResetByMailManagement"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"},{"cnodes":"checkUserHiddenHeaders","id":"checkUserHiddenHeaders","title":"checkUserHiddenHeaders","type":"keyTextContainer"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"}],"help":"impersonation.html","id":"impersonation","title":"impersonation","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"default":0,"id":"totp2fDisplayExistingSecret","title":"totp2fDisplayExistingSecret","type":"bool"},{"default":0,"id":"totp2fUserCanChangeKey","title":"totp2fUserCanChangeKey","type":"bool"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"},{"id":"mail2fSessionKey","title":"mail2fSessionKey"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":0,"help":"safejail.html","id":"avoidAssignment","title":"avoidAssignment","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"15, 30, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm index 2fcaf9648..bad5cc0e6 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm @@ -61,7 +61,7 @@ sub init { sort { $a <=> $b } map { $_ =~ s/\D//; - $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? $_ : () + abs $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? abs $_ : () } grep { /\d+/ } split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes}; From ef8aa7cee98ed07cb3e3edb6e9bf3eddfce34410 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 16 Dec 2020 23:35:53 +0100 Subject: [PATCH 019/357] Update unit test (#2243) --- ...rceProtection-with-Incremental-lockTimes.t | 105 +++++++----------- 1 file changed, 43 insertions(+), 62 deletions(-) diff --git a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t index f5dac9f0c..421a75c77 100644 --- a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t +++ b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t @@ -10,15 +10,15 @@ my $res; my $client = LLNG::Manager::Test->new( { ini => { - logLevel => 'debug', + logLevel => 'error', authentication => 'Demo', userDB => 'Same', loginHistoryEnabled => 1, bruteForceProtection => 1, bruteForceProtectionIncrementalTempo => 1, failedLoginNumber => 6, - bruteForceProtectionMaxLockTime => 300, - bruteForceProtectionLockTimes => '5 , 500, bad ,20, 10 ', + bruteForceProtectionMaxLockTime => 600, + bruteForceProtectionLockTimes => '5 , 500, bad ,20, -10, 700', bruteForceProtectionMaxFailed => 2, } } @@ -103,31 +103,40 @@ ok( ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%5 seconds%, - 'LockTime = 5' ) +ok( $res->[2]->[0] =~ m%(\d) seconds%, + "LockTime = $1" ) or print STDERR Dumper( $res->[2]->[0] ); -count(3); +ok( $1 <=6 && $1 >= 3 , + 'LockTime in range' ) + or print STDERR Dumper( $res->[2]->[0] ); +count(4); + +# Waiting +Time::Fake->offset("+8s"); ## Second failed connection ok( $res = $client->_post( '/', - IO::String->new('user=dwho&password=ohwd'), + IO::String->new('user=dwho&password=dwho'), length => 23, accept => 'text/html', ), - '2nd Bad Auth query' + 'Auth query' ); ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%5 seconds%, - 'LockTime = 5' ) +ok( $res->[2]->[0] =~ m%(\d{2}) seconds%, + "LockTime = $1" ) or print STDERR Dumper( $res->[2]->[0] ); -count(3); +ok( $1 <=18 && $1 >= 15 , + 'LockTime in range' ) + or print STDERR Dumper( $res->[2]->[0] ); +count(4); # Waiting -Time::Fake->offset("+6s"); +Time::Fake->offset("+20s"); ## Third failed connection ok( @@ -142,13 +151,17 @@ ok( ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%10 seconds%, - 'LockTime = 10**************' ) +ok( $res->[2]->[0] =~ m%(\d{3}) seconds%, + "LockTime = $1" ) or print STDERR Dumper( $res->[2]->[0] ); -count(3); +ok( $1 <=490 && $1 >= 480 , + 'LockTime in range' ) + or print STDERR Dumper( $res->[2]->[0] ); +count(4); # Waiting -Time::Fake->offset("+15s"); +Time::Fake->offset("+510s"); + ## Try to connect ok( $res = $client->_post( @@ -164,7 +177,10 @@ $id = expectCookie($res); expectRedirection( $res, 'http://auth.example.com/' ); $client->logout($id); -## Third failed connection +# Waiting +Time::Fake->offset("+1000s"); + +## Allowed failed login ok( $res = $client->_post( '/', @@ -172,15 +188,12 @@ ok( length => 23, accept => 'text/html', ), - '3rd Bad Auth query' + '2nd allowed Bad Auth query' ); -ok( $res->[2]->[0] =~ /<\/span>/, - 'Rejected -> Protection enabled' ) +ok( $res->[2]->[0] =~ /<\/span>/, + 'Bad credential' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%20 seconds%, - 'LockTime = 20' ) - or print STDERR Dumper( $res->[2]->[0] ); -count(3); +count(2); ## Forth failed connection ok( @@ -190,50 +203,18 @@ ok( length => 23, accept => 'text/html', ), - '4th Bad Auth query' + '3rd Bad Auth query' ); ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%300 seconds%, - 'LockTime = 300' ) +ok( $res->[2]->[0] =~ m%(\d{3}) seconds%, + "LockTime = $1" ) or print STDERR Dumper( $res->[2]->[0] ); -count(3); - -## Fifth failed connection -ok( - $res = $client->_post( - '/', - IO::String->new('user=dwho&password=ohwd'), - length => 23, - accept => 'text/html', - ), - '5th Bad Auth query' -); -ok( $res->[2]->[0] =~ /<\/span>/, - 'Rejected -> Protection enabled' ) +ok( $1 <=5000 && $1 >= 490 , + 'LockTime in range' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%300 seconds%, - 'LockTime = 300' ) - or print STDERR Dumper( $res->[2]->[0] ); -count(3); - -# Waiting -Time::Fake->offset("+320s"); -## Try to connect -ok( - $res = $client->_post( - '/', - IO::String->new('user=dwho&password=dwho'), - length => 23, - accept => 'text/html', - ), - 'Auth query' -); -count(1); -$id = expectCookie($res); -expectRedirection( $res, 'http://auth.example.com/' ); -$client->logout($id); +count(4); clean_sessions(); From 56243712ffbbb9385918273d3deed53f7e183bdc Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Thu, 17 Dec 2020 22:40:28 +0100 Subject: [PATCH 020/357] Update unit tests (#2243) --- ...tion-with-Incremental-lockTimes-and-TOTP.t | 176 ++++++------------ ...rceProtection-with-Incremental-lockTimes.t | 37 ++-- .../t/76-2F-Ext-with-BruteForce.t | 69 +++---- 3 files changed, 100 insertions(+), 182 deletions(-) diff --git a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes-and-TOTP.t b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes-and-TOTP.t index ed6668343..8daea995e 100644 --- a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes-and-TOTP.t +++ b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes-and-TOTP.t @@ -26,7 +26,7 @@ SKIP: { totp2fSelfRegistration => 1, totp2fActivation => 1, failedLoginNumber => 4, - bruteForceProtectionMaxFailed => 0, + bruteForceProtectionMaxFailed => 0 } } ); @@ -95,13 +95,28 @@ SKIP: { ), '1st Bad Auth query' ); + ok( $res->[2]->[0] =~ /<\/span>/, 'Bad credential' ) + or print STDERR Dumper( $res->[2]->[0] ); + count(2); + + ## Second failed connection + ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=ohwd'), + length => 23, + accept => 'text/html', + ), + '1st Bad Auth query' + ); ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); - ok( $res->[2]->[0] =~ m%5 seconds%, - 'LockTime = 5' ) + ok( $res->[2]->[0] =~ m%(\d{2}) seconds%, + "LockTime = $1" ); + ok( $1 <= 15 && $1 >= 13, 'LockTime in range' ) or print STDERR Dumper( $res->[2]->[0] ); - count(3); + count(4); # Waiting Time::Fake->offset("+3s"); @@ -115,6 +130,48 @@ SKIP: { ), 'Auth query' ); + ok( $res->[2]->[0] =~ /<\/span>/, + 'Rejected -> Protection enabled' ) + or print STDERR Dumper( $res->[2]->[0] ); + ok( $res->[2]->[0] =~ m%(\d{2}) seconds%, + "LockTime = $1" ); + ok( $1 < 30 && $1 >= 25, 'LockTime in range' ) + or print STDERR Dumper( $res->[2]->[0] ); + count(4); + + # Waiting + Time::Fake->offset("+6s"); + ## Third failed connection + ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=ohwd'), + length => 23, + accept => 'text/html', + ), + '2nd Bad Auth query' + ); + ok( $res->[2]->[0] =~ /<\/span>/, + 'Rejected -> Protection enabled' ) + or print STDERR Dumper( $res->[2]->[0] ); + ok( $res->[2]->[0] =~ m%(\d{2}) seconds%, + "LockTime = $1" ); + ok( $1 < 60 && $1 >= 55, 'LockTime in range' ) + or print STDERR Dumper( $res->[2]->[0] ); + count(4); + + # Waiting + Time::Fake->offset("+70s"); + ## Try to connect + ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=dwho'), + length => 23, + accept => 'text/html', + ), + 'Auth query' + ); ok( $res->[2]->[0] =~ //, 'Enter TOTP code' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); @@ -132,117 +189,6 @@ SKIP: { ), 'Post code' ); - ok( $res->[2]->[0] =~ /<\/span>/, - 'Rejected -> Protection enabled' ) - or print STDERR Dumper( $res->[2]->[0] ); - ok( $res->[2]->[0] =~ m%5 seconds%, - 'LockTime = 5' ) - or print STDERR Dumper( $res->[2]->[0] ); - count(4); - - ## Second failed connection - ok( - $res = $client->_post( - '/', - IO::String->new('user=dwho&password=ohwd'), - length => 23, - accept => 'text/html', - ), - '2nd Bad Auth query' - ); - ok( $res->[2]->[0] =~ /<\/span>/, - 'Rejected -> Protection enabled' ) - or print STDERR Dumper( $res->[2]->[0] ); - ok( $res->[2]->[0] =~ m%15 seconds%, - 'LockTime = 15' ) - or print STDERR Dumper( $res->[2]->[0] ); - count(3); - - # Waiting - Time::Fake->offset("+10s"); - ## Try to connect - ok( - $res = $client->_post( - '/', - IO::String->new('user=dwho&password=dwho'), - length => 23, - accept => 'text/html', - ), - 'Auth query' - ); - ok( $res->[2]->[0] =~ //, 'Enter TOTP code' ) - or print STDERR Dumper( $res->[2]->[0] ); - count(2); - - ( $host, $url, $query ) = - expectForm( $res, undef, '/totp2fcheck', 'token' ); - ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), - 'Code' ); - $query =~ s/code=/code=$code/; - ok( - $res = $client->_post( - '/totp2fcheck', IO::String->new($query), - length => length($query), - accept => 'text/html', - ), - 'Post code' - ); - ok( $res->[2]->[0] =~ /<\/span>/, - 'Rejected -> Protection enabled' ) - or print STDERR Dumper( $res->[2]->[0] ); - ok( $res->[2]->[0] =~ m%15 seconds%, - 'LockTime = 15' ) - or print STDERR Dumper( $res->[2]->[0] ); - count(4); - - ## Third failed connection - ok( - $res = $client->_post( - '/', - IO::String->new('user=dwho&password=ohwd'), - length => 23, - accept => 'text/html', - ), - '3rd Bad Auth query' - ); - ok( $res->[2]->[0] =~ /<\/span>/, - 'Rejected -> Protection enabled' ) - or print STDERR Dumper( $res->[2]->[0] ); - ok( $res->[2]->[0] =~ m%60 seconds%, - 'LockTime = 60' ) - or print STDERR Dumper( $res->[2]->[0] ); - count(3); - - # Waiting - Time::Fake->offset("+80s"); - ## Try to connect - ok( - $res = $client->_post( - '/', - IO::String->new('user=dwho&password=dwho'), - length => 23, - accept => 'text/html', - ), - 'Auth query' - ); - ok( $res->[2]->[0] =~ /<\/span>/, - 'Enter TOTP code' ) - or print STDERR Dumper( $res->[2]->[0] ); - count(2); - - ( $host, $url, $query ) = - expectForm( $res, undef, '/totp2fcheck', 'token' ); - ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), - 'Code' ); - $query =~ s/code=/code=$code/; - ok( - $res = $client->_post( - '/totp2fcheck', IO::String->new($query), - length => length($query), - accept => 'text/html', - ), - 'Post code' - ); count(2); $id = expectCookie($res); expectRedirection( $res, 'http://auth.example.com/' ); diff --git a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t index 421a75c77..0b541b87c 100644 --- a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t +++ b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t @@ -18,8 +18,8 @@ my $client = LLNG::Manager::Test->new( { bruteForceProtectionIncrementalTempo => 1, failedLoginNumber => 6, bruteForceProtectionMaxLockTime => 600, - bruteForceProtectionLockTimes => '5 , 500, bad ,20, -10, 700', - bruteForceProtectionMaxFailed => 2, + bruteForceProtectionLockTimes => '5 , 500, bad ,20, -10, 700', + bruteForceProtectionMaxFailed => 2, } } ); @@ -49,8 +49,7 @@ ok( ), '1st allowed Bad Auth query' ); -ok( $res->[2]->[0] =~ /<\/span>/, - 'Bad credential' ) +ok( $res->[2]->[0] =~ /<\/span>/, 'Bad credential' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); @@ -64,8 +63,7 @@ ok( ), '2nd allowed Bad Auth query' ); -ok( $res->[2]->[0] =~ /<\/span>/, - 'Bad credential' ) +ok( $res->[2]->[0] =~ /<\/span>/, 'Bad credential' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); @@ -104,10 +102,8 @@ ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); ok( $res->[2]->[0] =~ m%(\d) seconds%, - "LockTime = $1" ) - or print STDERR Dumper( $res->[2]->[0] ); -ok( $1 <=6 && $1 >= 3 , - 'LockTime in range' ) + "LockTime = $1" ); +ok( $1 <= 6 && $1 >= 3, 'LockTime in range' ) or print STDERR Dumper( $res->[2]->[0] ); count(4); @@ -128,10 +124,8 @@ ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); ok( $res->[2]->[0] =~ m%(\d{2}) seconds%, - "LockTime = $1" ) - or print STDERR Dumper( $res->[2]->[0] ); -ok( $1 <=18 && $1 >= 15 , - 'LockTime in range' ) + "LockTime = $1" ); +ok( $1 <= 18 && $1 >= 15, 'LockTime in range' ) or print STDERR Dumper( $res->[2]->[0] ); count(4); @@ -152,10 +146,8 @@ ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); ok( $res->[2]->[0] =~ m%(\d{3}) seconds%, - "LockTime = $1" ) - or print STDERR Dumper( $res->[2]->[0] ); -ok( $1 <=490 && $1 >= 480 , - 'LockTime in range' ) + "LockTime = $1" ); +ok( $1 <= 490 && $1 >= 480, 'LockTime in range' ) or print STDERR Dumper( $res->[2]->[0] ); count(4); @@ -190,8 +182,7 @@ ok( ), '2nd allowed Bad Auth query' ); -ok( $res->[2]->[0] =~ /<\/span>/, - 'Bad credential' ) +ok( $res->[2]->[0] =~ /<\/span>/, 'Bad credential' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); @@ -209,10 +200,8 @@ ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); ok( $res->[2]->[0] =~ m%(\d{3}) seconds%, - "LockTime = $1" ) - or print STDERR Dumper( $res->[2]->[0] ); -ok( $1 <=5000 && $1 >= 490 , - 'LockTime in range' ) + "LockTime = $1" ); +ok( $1 <= 5000 && $1 >= 490, 'LockTime in range' ) or print STDERR Dumper( $res->[2]->[0] ); count(4); diff --git a/lemonldap-ng-portal/t/76-2F-Ext-with-BruteForce.t b/lemonldap-ng-portal/t/76-2F-Ext-with-BruteForce.t index 10502bc5e..2bbe6c6c1 100644 --- a/lemonldap-ng-portal/t/76-2F-Ext-with-BruteForce.t +++ b/lemonldap-ng-portal/t/76-2F-Ext-with-BruteForce.t @@ -72,7 +72,8 @@ ok( ), '4th Bad Auth query -> Rejected' ); -ok( $res->[2]->[0] =~ //, 'Protection enabled' ); +ok( $res->[2]->[0] =~ //, 'Protection enabled' ) + or print STDERR Dumper( $res->[2]->[0] ); count(2); # Count down @@ -89,52 +90,35 @@ ok( ), 'Auth query' ); +ok( $res->[2]->[0] =~ /<\/span>/, + 'Rejected -> Protection enabled' ) + or print STDERR Dumper( $res->[2]->[0] ); +ok( $res->[2]->[0] =~ m%(\d) seconds%, + "LockTime = $1" ); +ok( $1 < 5 && $1 >= 2, 'LockTime in range' ) + or print STDERR Dumper( $res->[2]->[0] ); +count(4); + +# Cool down +Time::Fake->offset("+6s"); + +# Try to authenticate again +# ------------------------- +ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=dwho&checkLogins=1'), + length => 37, + accept => 'text/html', + ), + 'Auth query' +); count(1); my ( $host, $url, $query ) = expectForm( $res, undef, '/ext2fcheck?skin=bootstrap', 'token', 'code', 'checkLogins' ); -ok( - $res->[2]->[0] =~ -qr%%, - 'Found EXTCODE input' -) or print STDERR Dumper( $res->[2]->[0] ); -count(1); - -$query =~ s/code=/code=123456/; -ok( - $res = $client->_post( - '/ext2fcheck', - IO::String->new($query), - length => length($query), - accept => 'text/html', - ), - 'Post code' -); -ok( $res->[2]->[0] =~ //, 'Protection enabled' ); -count(2); - -# Cool down -Time::Fake->offset("+6s"); - -# Try to authenticate again -# ------------------------- -ok( - $res = $client->_post( - '/', - IO::String->new('user=dwho&password=dwho&checkLogins=1'), - length => 37, - accept => 'text/html', - ), - 'Auth query' -); -count(1); - -( $host, $url, $query ) = - expectForm( $res, undef, '/ext2fcheck?skin=bootstrap', 'token', 'code', - 'checkLogins' ); - ok( $res->[2]->[0] =~ qr%%, @@ -152,13 +136,12 @@ ok( 'Post code' ); count(2); - my $id = expectCookie($res); ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' ) or print STDERR Dumper( $res->[2]->[0] ); my @c = ( $res->[2]->[0] =~ /127.0.0.1/gs ); -ok( @c == 6, 'Six entries found' ) +ok( @c == 4, 'Four entries found' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); From ff04fc92483880860ff405290645c1e1ac57e9f4 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Thu, 17 Dec 2020 23:26:58 +0100 Subject: [PATCH 021/357] Avoid to match non-Lemon cookie (#2417) --- .../lib/Lemonldap/NG/Handler/Main/Run.pm | 9 ++++----- .../t/60-Lemonldap-NG-Handler-PSGI.t | 12 ++++++++++++ 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm index 34daaeea9..2b2a5dead 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm @@ -498,10 +498,9 @@ sub fetchId { my $lookForHttpCookie = ( $class->tsv->{securedCookie} =~ /^(2|3)$/ and not $class->_isHttps( $req, $vhost ) ); my $cn = $class->tsv->{cookieName}; - my $value = - $lookForHttpCookie - ? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 ) - : ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 ); + my $value = $lookForHttpCookie # Avoid prefix and bad cookie name (#2417) + ? ( $t =~ /(?tsv->{securedCookie} == 3 ) { $value = $class->tsv->{cipher}->decryptHex( $value, "http" ); @@ -830,7 +829,7 @@ sub localUnlog { my $module = $class->tsv->{sessionCacheModule}; my $options = $class->tsv->{sessionCacheOptions}; eval "use $module;"; - my $cache = $module->new($options); + my $cache = $module->new($options); if ( $cache->get($id) ) { $cache->remove($id); } diff --git a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t index 75e426189..675f01748 100644 --- a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t +++ b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t @@ -125,6 +125,18 @@ ok( ); count(3); +# Bad cookie name +ok( $res = $client->_get( '/', undef, undef, "fakelemonldap=$sessionId" ), + 'Unauthentified query' ); +ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 ); +count(2); + +# Bad cookie name +ok( $res = $client->_get( '/', undef, undef, "fake-lemonldap=$sessionId" ), + 'Unauthentified query' ); +ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 ); +count(2); + # Bad cookie ok( $res = $client->_get( From e9487a42d7d37b2db5ee9dadb98a30e4bb04c549 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 18 Dec 2020 09:25:14 +0100 Subject: [PATCH 022/357] Remove trailing white-spaces with Zimbra parameters - Improve unit test --- lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t b/lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t index cd1aa336e..eea0a979b 100644 --- a/lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t +++ b/lemonldap-ng-handler/t/68-Lemonldap-NG-Handler-PSGI-Zimbra.t @@ -16,8 +16,8 @@ SKIP: { { logLevel => 'error', zimbraPreAuthKey => '1234567890', - zimbraUrl => '/service/preauthtest', - zimbraSsoUrl => '^/testsso ', + zimbraUrl => '/service/preauthtest ', + zimbraSsoUrl => '^/testsso ', # Bad URLs vhostOptions => { 'test1.example.com' => { vhostHttps => 0, From 6f3938d01480cd6a9b4d195e7f6f9f4903bf19a2 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 18 Dec 2020 23:20:54 +0100 Subject: [PATCH 023/357] Avoid to match non-Lemon cookie (#2417) --- .../lib/Lemonldap/NG/Handler/Main/Run.pm | 4 +-- .../t/60-Lemonldap-NG-Handler-PSGI.t | 26 ++++++++++++++++--- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm index 2b2a5dead..7643c3647 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm @@ -499,8 +499,8 @@ sub fetchId { and not $class->_isHttps( $req, $vhost ) ); my $cn = $class->tsv->{cookieName}; my $value = $lookForHttpCookie # Avoid prefix and bad cookie name (#2417) - ? ( $t =~ /(?tsv->{securedCookie} == 3 ) { $value = $class->tsv->{cipher}->decryptHex( $value, "http" ); diff --git a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t index 675f01748..6ca14b624 100644 --- a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t +++ b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t @@ -127,14 +127,32 @@ count(3); # Bad cookie name ok( $res = $client->_get( '/', undef, undef, "fakelemonldap=$sessionId" ), - 'Unauthentified query' ); -ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 ); + 'Bad cookie name' ); +ok( $res->[0] == 302, ' Code is 302 (name)' ) or explain( $res, 302 ); count(2); # Bad cookie name ok( $res = $client->_get( '/', undef, undef, "fake-lemonldap=$sessionId" ), - 'Unauthentified query' ); -ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 ); + 'Bad cookie name (-)' ); +ok( $res->[0] == 302, ' Code is 302 (-)' ) or explain( $res, 302 ); +count(2); + +# Bad cookie name +ok( $res = $client->_get( '/', undef, undef, "fake.lemonldap=$sessionId" ), + 'Bad cookie name (.)' ); +ok( $res->[0] == 302, ' Code is 302 (.)' ) or explain( $res, 302 ); +count(2); + +# Bad cookie name +ok( $res = $client->_get( '/', undef, undef, "fake_lemonldap=$sessionId" ), + 'Bad cookie name (_)' ); +ok( $res->[0] == 302, ' Code is 302 (_)' ) or explain( $res, 302 ); +count(2); + +# Bad cookie name +ok( $res = $client->_get( '/', undef, undef, "fake~lemonldap=$sessionId" ), + 'Bad cookie name (~)' ); +ok( $res->[0] == 302, ' Code is 302 (~)' ) or explain( $res, 302 ); count(2); # Bad cookie From f7800e56447b0021c80b38b789e9d63fa91122b0 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sat, 19 Dec 2020 00:01:49 +0100 Subject: [PATCH 024/357] use strict --- .../lib/Lemonldap/NG/Common/Apache/Session/Store.pm | 4 +++- .../lib/Lemonldap/NG/Common/EmailTransport.pm | 3 ++- lemonldap-ng-common/lib/Lemonldap/NG/Common/IPv6.pm | 7 +++++-- lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm | 4 ++-- .../lib/Lemonldap/NG/Common/PSGI/Cli/Lib.pm | 3 ++- .../lib/Lemonldap/NG/Common/PSGI/Request.pm | 3 +-- lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm | 3 ++- .../lib/Lemonldap/NG/Common/PSGI/SOAPService.pm | 6 ++++-- lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm | 5 +++-- lemonldap-ng-common/lib/Lemonldap/NG/Common/UserAgent.pm | 3 ++- lemonldap-ng-common/lib/Lemonldap/NG/Common/Util.pm | 5 ++--- lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm | 4 ++-- 12 files changed, 30 insertions(+), 20 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Store.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Store.pm index ad6812cc0..06ef10af8 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Store.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Store.pm @@ -1,7 +1,9 @@ package Lemonldap::NG::Common::Apache::Session::Store; -our $VERSION = '2.0.0'; +use strict; + +our $VERSION = '2.0.10'; sub new { my $class = shift; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/EmailTransport.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/EmailTransport.pm index 7509e689d..1050a38c4 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/EmailTransport.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/EmailTransport.pm @@ -1,11 +1,12 @@ package Lemonldap::NG::Common::EmailTransport; +use strict; use Email::Sender::Transport::SMTP qw(); use MIME::Entity; use Email::Sender::Simple qw(sendmail); use Email::Date::Format qw(email_date); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; sub new { my ( $class, $conf ) = @_; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/IPv6.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/IPv6.pm index 498fe01d7..ca47f4023 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/IPv6.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/IPv6.pm @@ -1,8 +1,10 @@ package Lemonldap::NG::Common::IPv6; +use strict; use base 'Exporter'; -@EXPORT = qw(&isIPv6 &net6 &expand6); +our $VERSION = '2.0.10'; +our @EXPORT = qw(&isIPv6 &net6 &expand6); sub isIPv6 { my ($ip) = @_; @@ -15,7 +17,7 @@ sub net6 { # Convert to binary my $b = join '', map { unpack( 'B*', pack( 'H*', $_ ) ) } split( ':', expand6($ip) ); - $net = substr $b, 0, $bits; + my $net = substr $b, 0, $bits; $net .= '0' x ( 128 - length($net) ); $net = unpack( 'H*', pack( 'B*', $net ) ); $net = join( ':', ( unpack "a4" x 8, $net ) ); @@ -24,6 +26,7 @@ sub net6 { } sub expand6 { + my @arr; my @_parts = ( $_[0] =~ /([0-9A-Fa-f]+)/g ); my $nparts = scalar @_parts; if ( $nparts != 8 ) { diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm index bbb722e1c..d8bd35e1c 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm @@ -1,12 +1,12 @@ package Lemonldap::NG::Common::PSGI; -use 5.10.0; +use strict; use Mouse; use JSON; use Lemonldap::NG::Common::PSGI::Constants; use Lemonldap::NG::Common::PSGI::Request; -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; our $_json = JSON->new->allow_nonref; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Cli/Lib.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Cli/Lib.pm index 8c2a4d8a2..e4682d49e 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Cli/Lib.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Cli/Lib.pm @@ -1,10 +1,11 @@ package Lemonldap::NG::Common::PSGI::Cli::Lib; +use strict; use JSON; use Mouse; use Lemonldap::NG::Common::PSGI; -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; has iniFile => ( is => 'ro', isa => 'Str' ); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm index d6be65a46..85cc4631f 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm @@ -1,13 +1,12 @@ package Lemonldap::NG::Common::PSGI::Request; use strict; -use 5.14.0; use Mouse; use JSON; use Plack::Request; use URI::Escape; -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; our @ISA = ('Plack::Request'); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm index b1e0655d9..e1a364a5c 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm @@ -1,10 +1,11 @@ package Lemonldap::NG::Common::PSGI::Router; +use strict; use Mouse; use Lemonldap::NG::Common::PSGI; use Lemonldap::NG::Common::PSGI::Constants; -our $VERSION = '2.0.8'; +our $VERSION = '2.0.10'; extends 'Lemonldap::NG::Common::PSGI'; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/SOAPService.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/SOAPService.pm index d3f8ecda5..afa0fa4df 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/SOAPService.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/SOAPService.pm @@ -5,9 +5,11 @@ # SOAP wrapper used to restrict exported functions package Lemonldap::NG::Common::PSGI::SOAPService; +use strict; + require SOAP::Lite; -our $VERSION = '2.0.6'; +our $VERSION = '2.0.10'; ## @cmethod Lemonldap::NG::Common::PSGI::SOAPService new(object obj,string @func) # Constructor @@ -28,7 +30,7 @@ sub new { # @return data provided by the exported function sub AUTOLOAD { my $self = shift; - $AUTOLOAD =~ s/.*:://; + our $AUTOLOAD =~ s/.*:://; if ( grep { $_ eq $AUTOLOAD } @{ $self->{func} } ) { my $tmp = $self->{obj}->$AUTOLOAD( $self->{req}, @_ ); unless ( ref($tmp) and ref($tmp) =~ /^SOAP/ ) { diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm index 41fb8514f..83896b6ea 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm @@ -6,10 +6,11 @@ package Lemonldap::NG::Common::Session; -our $VERSION = '2.0.9'; - +use strict; use Lemonldap::NG::Common::Apache::Session; +our $VERSION = '2.0.10'; + # Workaround for another ModPerl/Mouse issue... BEGIN { require Mouse; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/UserAgent.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/UserAgent.pm index 5a23ea67f..5baca41d3 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/UserAgent.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/UserAgent.pm @@ -1,8 +1,9 @@ package Lemonldap::NG::Common::UserAgent; +use strict; use LWP::UserAgent; -our $VERSION = '2.0.0'; +our $VERSION = '2.0.10'; sub new { my ( $class, $conf ) = @_; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Util.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Util.pm index ab501ff6f..f916d8b9c 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Util.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Util.pm @@ -1,12 +1,11 @@ package Lemonldap::NG::Common::Util; require Exporter; +use strict; use Digest::MD5; use MIME::Base64 qw/encode_base64/; -use 5.10.0; - -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; our @ISA = qw(Exporter); our @EXPORT_OK = qw(getSameSite getPSessionID genId2F); diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm index c6034573e..1581bdb47 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm @@ -3,13 +3,13 @@ # See https://lemonldap-ng.org/documentation/latest/handlerarch package Lemonldap::NG::Handler::PSGI; -use 5.10.0; +use strict; use Mouse; use Lemonldap::NG::Handler::PSGI::Main; extends 'Lemonldap::NG::Handler::Lib::PSGI', 'Lemonldap::NG::Common::PSGI'; -our $VERSION = '2.0.3'; +our $VERSION = '2.0.10'; sub init { my ( $self, $args ) = @_; From 48df4a88073a199b61cb417caa7168177cc6984e Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sat, 19 Dec 2020 19:31:33 +0100 Subject: [PATCH 025/357] Fix conf test & unit test (#2243) --- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 12 ++++++++++-- ...BruteForceProtection-with-Incremental-lockTimes.t | 7 ++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index 57c859f65..b83b977c9 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -684,6 +684,15 @@ sub tests { # Warn if bruteForceProtection enabled without History bruteForceProtection => sub { + my @lockTimes = + sort { $a <=> $b } + map { + $_ =~ s/\D//; + abs $_; + } + grep { /\d+/ } + split /\s*,\s*/, $conf->{bruteForceProtectionLockTimes}; + $conf->{bruteForceProtectionLockTimes} = join ', ', @lockTimes; return 1 unless ( $conf->{bruteForceProtection} ); return ( 1, '"History" plugin is required to enable "BruteForceProtection" plugin' @@ -699,8 +708,7 @@ sub tests { ) if ( $conf->{bruteForceProtectionIncrementalTempo} && $conf->{failedLoginNumber} < - $conf->{bruteForceProtectionMaxFailed} + - $conf->{bruteForceProtectionLockTimes} ); + $conf->{bruteForceProtectionMaxFailed} + scalar @lockTimes ); return ( 1, 'Number of failed logins history must be higher or equal than allowed failed logins' ) diff --git a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t index 0b541b87c..812896e8a 100644 --- a/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t +++ b/lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes.t @@ -80,10 +80,11 @@ ok( ok( $res->[2]->[0] =~ /<\/span>/, 'Rejected -> Protection enabled' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%5 seconds%, - 'LockTime = 5' ) +ok( $res->[2]->[0] =~ m%(\d) seconds%, + "LockTime = $1" ); +ok( $1 <= 5 && $1 >= 3, 'LockTime in range' ) or print STDERR Dumper( $res->[2]->[0] ); -count(3); +count(4); # Waiting Time::Fake->offset("+4s"); From 512045c5281faa6ad9cae39944ea1a36ebab7bca Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 20 Dec 2020 17:14:33 +0100 Subject: [PATCH 026/357] Fix conf test (#2243) --- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 12 ++++++------ .../NG/Portal/Plugins/BruteForceProtection.pm | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index b83b977c9..40a0b8827 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -692,24 +692,24 @@ sub tests { } grep { /\d+/ } split /\s*,\s*/, $conf->{bruteForceProtectionLockTimes}; - $conf->{bruteForceProtectionLockTimes} = join ', ', @lockTimes; + $conf->{bruteForceProtectionLockTimes} = join ', ', @lockTimes if scalar @lockTimes; return 1 unless ( $conf->{bruteForceProtection} ); - return ( 1, + return ( 0, '"History" plugin is required to enable "BruteForceProtection" plugin' ) unless ( $conf->{loginHistoryEnabled} ); - return ( 1, + return ( 0, 'Number of failed logins must be higher than 1 to enable "BruteForceProtection" plugin' ) unless ( $conf->{failedLoginNumber} > 1 ); - return ( 1, + return ( 0, 'Number of allowed failed logins must be higher than 0 to enable "BruteForceProtection" plugin' ) unless ( $conf->{bruteForceProtectionMaxFailed} > 0 ); - return ( 1, + return ( 0, 'Number of failed logins history must be higher or equal than allowed failed logins plus lock time values' ) if ( $conf->{bruteForceProtectionIncrementalTempo} && $conf->{failedLoginNumber} < $conf->{bruteForceProtectionMaxFailed} + scalar @lockTimes ); - return ( 1, + return ( 0, 'Number of failed logins history must be higher or equal than allowed failed logins' ) unless ( $conf->{failedLoginNumber} >= diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm index bad5cc0e6..6aab1f1b1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm @@ -47,7 +47,7 @@ sub init { return 0; } - unless ( $self->conf->{failedLoginNumber} > $self->maxFailed ) { + unless ( $self->conf->{failedLoginNumber} >= $self->maxFailed ) { $self->logger->error( 'Number of failed logins history (' . $self->conf->{failedLoginNumber} . ') must be higher than allowed failed logins attempt (' From 4d04672c20a29f714232f03e54593773a2a2a31e Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 20 Dec 2020 17:31:50 +0100 Subject: [PATCH 027/357] WIP: FindUser skeleton (#1976) --- .../lib/Lemonldap/NG/Common/Conf/Constants.pm | 4 +- .../Lemonldap/NG/Common/Conf/ReConstants.pm | 2 +- .../lib/Lemonldap/NG/Manager/Attributes.pm | 12 +++++ .../Lemonldap/NG/Manager/Build/Attributes.pm | 16 +++++++ .../lib/Lemonldap/NG/Manager/Build/Tree.pm | 4 +- .../site/htdocs/static/reverseTree.json | 2 +- .../site/htdocs/static/struct.json | 2 +- .../lib/Lemonldap/NG/Portal/Lib/LDAP.pm | 42 +++++++++++++++++ .../lib/Lemonldap/NG/Portal/Main/Display.pm | 24 +++++++++- .../lib/Lemonldap/NG/Portal/Main/Plugins.pm | 3 +- .../lib/Lemonldap/NG/Portal/Main/Process.pm | 6 +++ .../Lemonldap/NG/Portal/Plugins/FindUser.pm | 46 +++++++++++++++++++ .../lib/Lemonldap/NG/Portal/UserDB/DBI.pm | 25 ++++++++++ .../lib/Lemonldap/NG/Portal/UserDB/Demo.pm | 30 ++++++++++++ .../site/templates/bootstrap/finduser.tpl | 23 ++++++++++ .../templates/bootstrap/impersonation.tpl | 4 +- .../site/templates/bootstrap/login.tpl | 2 + 17 files changed, 236 insertions(+), 11 deletions(-) create mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm create mode 100644 lemonldap-ng-portal/site/templates/bootstrap/finduser.tpl diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm index 6a6e635c3..45dc48ddc 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm @@ -29,8 +29,8 @@ use constant DEFAULTCONFBACKEND => "File"; use constant DEFAULTCONFBACKENDOPTIONS => ( dirName => '/usr/local/lemonldap-ng/data/conf', ); -our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/; -our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|wsdlServer)$/; +our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/; +our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/; our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' ); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm index 55bd2811d..ee8a7b87d 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm @@ -22,7 +22,7 @@ our $specialNodeHash = { }; our $doubleHashKeys = 'issuerDBGetParameters'; -our $simpleHashKeys = '(?:(?:c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))'; +our $simpleHashKeys = '(?:(?:c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|(?:(?:d(?:emo|bi)|webID)E|e)xportedVar|macro)s|o(?:idcS(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))'; our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s'; our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|Servic|Rul)e|AuthnLevel)|(?:ExportedVar|Macro)s)'; our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)'; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index 09d8b727b..d136741c9 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -1357,6 +1357,18 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA- 'default' => 5, 'type' => 'int' }, + 'findUser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'findUserExcludingAttributes' => { + 'keyTest' => qr/^\S+$/, + 'type' => 'keyTextContainer' + }, + 'findUserSearchingAttributes' => { + 'keyTest' => qr/^\S+$/, + 'type' => 'keyTextContainer' + }, 'forceGlobalStorageIssuerOTT' => { 'type' => 'bool' }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 1214183a2..27d09bb96 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -528,6 +528,22 @@ sub attributes { }, documentation => 'Header values to hide if not empty', }, + findUser => { + default => 0, + type => 'bool', + documentation => 'Enable find user', + flags => 'p', + }, + findUserSearchingAttributes => { + type => 'keyTextContainer', + keyTest => qr/^\S+$/, + documentation => 'Attributes used for searching accounts', + }, + findUserExcludingAttributes => { + type => 'keyTextContainer', + keyTest => qr/^\S+$/, + documentation => 'Attributes used for excluding accounts', + }, globalLogoutRule => { type => 'boolOrExpr', default => 0, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm index 5f27f6627..65aefe86c 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm @@ -774,7 +774,6 @@ sub tree { { title => 'impersonation', help => 'impersonation.html', - form => 'simpleInputContainer', nodes => [ 'impersonationRule', 'impersonationIdRule', @@ -782,6 +781,9 @@ sub tree { 'impersonationHiddenAttributes', 'impersonationSkipEmptyValues', 'impersonationMergeSSOgroups', + 'findUser', + 'findUserSearchingAttributes', + 'findUserExcludingAttributes' ] }, { diff --git a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json index 83d91c715..79da08618 100644 --- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json +++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json @@ -1 +1 @@ -{"ADPwdExpireWarning":"generalParameters/authParams/adParams","ADPwdMaxAge":"generalParameters/authParams/adParams","AuthLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","LDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","SMTPAuthPass":"generalParameters/advancedParams/SMTP","SMTPAuthUser":"generalParameters/advancedParams/SMTP","SMTPPort":"generalParameters/advancedParams/SMTP","SMTPServer":"generalParameters/advancedParams/SMTP","SMTPTLS":"generalParameters/advancedParams/SMTP","SMTPTLSOpts":"generalParameters/advancedParams/SMTP","SSLAuthnLevel":"generalParameters/authParams/sslParams","SSLVar":"generalParameters/authParams/sslParams","SSLVarIf":"generalParameters/authParams/sslParams","activeTimer":"generalParameters/advancedParams/forms","adaptativeAuthenticationLevelRules":"generalParameters/plugins","apacheAuthnLevel":"generalParameters/authParams/apacheParams","applicationList":"generalParameters/portalParams/portalMenu","authChoiceAuthBasic":"generalParameters/authParams/choiceParams","authChoiceModules":"generalParameters/authParams/choiceParams","authChoiceParam":"generalParameters/authParams/choiceParams","authentication":"generalParameters/authParams","autoSigninRules":"generalParameters/plugins/autoSignin","avoidAssignment":"generalParameters/advancedParams/security","browsersDontStorePassword":"generalParameters/advancedParams/security","bruteForceProtection":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionIncrementalTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionLockTimes":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionMaxFailed":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","captcha_login_enabled":"generalParameters/portalParams/portalCaptcha","captcha_mail_enabled":"generalParameters/portalParams/portalCaptcha","captcha_register_enabled":"generalParameters/portalParams/portalCaptcha","captcha_size":"generalParameters/portalParams/portalCaptcha","casAccessControlPolicy":"casServiceMetadata","casAppMetaDataNodes":"","casAttr":"casServiceMetadata","casAttributes":"casServiceMetadata","casAuthnLevel":"generalParameters/authParams/casParams","casSrvMetaDataNodes":"","casStorage":"casServiceMetadata","casStorageOptions":"casServiceMetadata","cda":"generalParameters/cookieParams","certificateResetByMailCeaAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailCertificateAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailStep1Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep1Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailURL":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailValidityDelay":"generalParameters/plugins/certificateResetByMailManagement/mailOther","checkState":"generalParameters/plugins/stateCheck","checkStateSecret":"generalParameters/plugins/stateCheck","checkUser":"generalParameters/plugins/checkUsers","checkUserDisplayComputedSession":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyHeaders":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyValues":"generalParameters/plugins/checkUsers","checkUserDisplayPersistentInfo":"generalParameters/plugins/checkUsers","checkUserHiddenAttributes":"generalParameters/plugins/checkUsers","checkUserHiddenHeaders":"generalParameters/plugins/checkUsers","checkUserIdRule":"generalParameters/plugins/checkUsers","checkUserSearchAttributes":"generalParameters/plugins/checkUsers","checkUserUnrestrictedUsersRule":"generalParameters/plugins/checkUsers","checkXSS":"generalParameters/advancedParams/security","combModules":"generalParameters/authParams/combinationParams","combination":"generalParameters/authParams/combinationParams","compactConf":"generalParameters/reloadParams","confirmFormMethod":"generalParameters/advancedParams/forms","contextSwitchingAllowed2fModifications":"generalParameters/plugins/contextSwitching","contextSwitchingIdRule":"generalParameters/plugins/contextSwitching","contextSwitchingRule":"generalParameters/plugins/contextSwitching","contextSwitchingStopWithLogout":"generalParameters/plugins/contextSwitching","contextSwitchingUnrestrictedUsersRule":"generalParameters/plugins/contextSwitching","cookieExpiration":"generalParameters/cookieParams","cookieName":"generalParameters/cookieParams","corsAllow_Credentials":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Methods":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Origin":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsEnabled":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsExpose_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsMax_Age":"generalParameters/advancedParams/security/crossOrigineResourceSharing","cspConnect":"generalParameters/advancedParams/security/contentSecurityPolicy","cspDefault":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFont":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFormAction":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFrameAncestors":"generalParameters/advancedParams/security/contentSecurityPolicy","cspImg":"generalParameters/advancedParams/security/contentSecurityPolicy","cspScript":"generalParameters/advancedParams/security/contentSecurityPolicy","cspStyle":"generalParameters/advancedParams/security/contentSecurityPolicy","customAddParams":"generalParameters/authParams/customParams","customAuth":"generalParameters/authParams/customParams","customFunctions":"generalParameters/advancedParams","customPassword":"generalParameters/authParams/customParams","customPlugins":"generalParameters/plugins/customPluginsNode","customPluginsParams":"generalParameters/plugins/customPluginsNode","customRegister":"generalParameters/authParams/customParams","customResetCertByMail":"generalParameters/authParams/customParams","customToTrace":"generalParameters/logParams","customUserDB":"generalParameters/authParams/customParams","dbiAuthChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthLoginCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthPasswordCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPasswordHash":"generalParameters/authParams/dbiParams/dbiPassword","dbiAuthTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthnLevel":"generalParameters/authParams/dbiParams","dbiDynamicHashEnabled":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashNewPasswordScheme":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSaltedSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiExportedVars":"generalParameters/authParams/dbiParams","dbiPasswordMailCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","decryptValueFunctions":"generalParameters/plugins/decryptValue","decryptValueRule":"generalParameters/plugins/decryptValue","demoExportedVars":"generalParameters/authParams/demoParams","disablePersistentStorage":"generalParameters/sessionParams/persistentSessions","displaySessionId":"generalParameters/sessionParams","domain":"generalParameters/cookieParams","exportedAttr":"generalParameters/plugins/portalServers","exportedVars":"variables","ext2FSendCommand":"generalParameters/secondFactors/ext2f","ext2FValidateCommand":"generalParameters/secondFactors/ext2f","ext2fActivation":"generalParameters/secondFactors/ext2f","ext2fAuthnLevel":"generalParameters/secondFactors/ext2f","ext2fCodeActivation":"generalParameters/secondFactors/ext2f","ext2fLabel":"generalParameters/secondFactors/ext2f","ext2fLogo":"generalParameters/secondFactors/ext2f","facebookAppId":"generalParameters/authParams/facebookParams","facebookAppSecret":"generalParameters/authParams/facebookParams","facebookAuthnLevel":"generalParameters/authParams/facebookParams","facebookExportedVars":"generalParameters/authParams/facebookParams","facebookUserField":"generalParameters/authParams/facebookParams","failedLoginNumber":"generalParameters/plugins/loginHistory","formTimeout":"generalParameters/advancedParams/security","githubAuthnLevel":"generalParameters/authParams/githubParams","githubClientID":"generalParameters/authParams/githubParams","githubClientSecret":"generalParameters/authParams/githubParams","githubScope":"generalParameters/authParams/githubParams","githubUserField":"generalParameters/authParams/githubParams","globalLogoutCustomParam":"generalParameters/plugins/globalLogout","globalLogoutRule":"generalParameters/plugins/globalLogout","globalLogoutTimer":"generalParameters/plugins/globalLogout","globalStorage":"generalParameters/sessionParams/sessionStorage","globalStorageOptions":"generalParameters/sessionParams/sessionStorage","gpgAuthnLevel":"generalParameters/authParams/gpgParams","gpgDb":"generalParameters/authParams/gpgParams","grantSessionRules":"generalParameters/sessionParams","groups":"variables","groupsBeforeMacros":"generalParameters/advancedParams","hiddenAttributes":"generalParameters/logParams","hideOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","httpOnly":"generalParameters/cookieParams","https":"generalParameters/advancedParams/redirection","impersonationHiddenAttributes":"generalParameters/plugins/impersonation","impersonationIdRule":"generalParameters/plugins/impersonation","impersonationMergeSSOgroups":"generalParameters/plugins/impersonation","impersonationRule":"generalParameters/plugins/impersonation","impersonationSkipEmptyValues":"generalParameters/plugins/impersonation","impersonationUnrestrictedUsersRule":"generalParameters/plugins/impersonation","infoFormMethod":"generalParameters/advancedParams/forms","issuerDBCASActivation":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASPath":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASRule":"generalParameters/issuerParams/issuerDBCAS","issuerDBGetActivation":"generalParameters/issuerParams/issuerDBGet","issuerDBGetParameters":"generalParameters/issuerParams/issuerDBGet","issuerDBGetPath":"generalParameters/issuerParams/issuerDBGet","issuerDBGetRule":"generalParameters/issuerParams/issuerDBGet","issuerDBOpenIDActivation":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDConnectActivation":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectPath":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectRule":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDPath":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDRule":"generalParameters/issuerParams/issuerDBOpenID","issuerDBSAMLActivation":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLPath":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLRule":"generalParameters/issuerParams/issuerDBSAML","issuersTimeout":"generalParameters/issuerParams/issuerOptions","jsRedirect":"generalParameters/advancedParams/portalRedirection","key":"generalParameters/advancedParams/security","krbAllowedDomains":"generalParameters/authParams/kerberosParams","krbAuthnLevel":"generalParameters/authParams/kerberosParams","krbByJs":"generalParameters/authParams/kerberosParams","krbKeytab":"generalParameters/authParams/kerberosParams","krbRemoveDomain":"generalParameters/authParams/kerberosParams","ldapAllowResetExpiredPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapAuthnLevel":"generalParameters/authParams/ldapParams","ldapBase":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAFile":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAPath":"generalParameters/authParams/ldapParams/ldapConnection","ldapChangePasswordAsUser":"generalParameters/authParams/ldapParams/ldapPassword","ldapExportedVars":"generalParameters/authParams/ldapParams","ldapGroupAttributeName":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameGroup":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameSearch":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameUser":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupBase":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupDecodeSearchedValue":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupObjectClass":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupRecursive":"generalParameters/authParams/ldapParams/ldapGroups","ldapIOTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapITDS":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttributeValue":"generalParameters/authParams/ldapParams/ldapPassword","ldapPort":"generalParameters/authParams/ldapParams/ldapConnection","ldapPpolicyControl":"generalParameters/authParams/ldapParams/ldapPassword","ldapPwdEnc":"generalParameters/authParams/ldapParams/ldapPassword","ldapRaw":"generalParameters/authParams/ldapParams/ldapConnection","ldapSearchDeref":"generalParameters/authParams/ldapParams/ldapFilters","ldapServer":"generalParameters/authParams/ldapParams/ldapConnection","ldapSetPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapUsePasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapVerify":"generalParameters/authParams/ldapParams/ldapConnection","ldapVersion":"generalParameters/authParams/ldapParams/ldapConnection","linkedInAuthnLevel":"generalParameters/authParams/linkedinParams","linkedInClientID":"generalParameters/authParams/linkedinParams","linkedInClientSecret":"generalParameters/authParams/linkedinParams","linkedInFields":"generalParameters/authParams/linkedinParams","linkedInScope":"generalParameters/authParams/linkedinParams","linkedInUserField":"generalParameters/authParams/linkedinParams","localSessionStorage":"generalParameters/sessionParams/sessionStorage","localSessionStorageOptions":"generalParameters/sessionParams/sessionStorage","loginHistoryEnabled":"generalParameters/plugins/loginHistory","logoutServices":"generalParameters/advancedParams","lwpOpts":"generalParameters/advancedParams/security","lwpSslOpts":"generalParameters/advancedParams/security","macros":"variables","mail2fActivation":"generalParameters/secondFactors/mail2f","mail2fAuthnLevel":"generalParameters/secondFactors/mail2f","mail2fBody":"generalParameters/secondFactors/mail2f","mail2fCodeRegex":"generalParameters/secondFactors/mail2f","mail2fLabel":"generalParameters/secondFactors/mail2f","mail2fLogo":"generalParameters/secondFactors/mail2f","mail2fSessionKey":"generalParameters/secondFactors/mail2f","mail2fSubject":"generalParameters/secondFactors/mail2f","mail2fTimeout":"generalParameters/secondFactors/mail2f","mailBody":"generalParameters/plugins/passwordManagement/mailContent","mailCharset":"generalParameters/advancedParams/SMTP/mailHeaders","mailConfirmBody":"generalParameters/plugins/passwordManagement/mailContent","mailConfirmSubject":"generalParameters/plugins/passwordManagement/mailContent","mailFrom":"generalParameters/advancedParams/SMTP/mailHeaders","mailLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","mailOnPasswordChange":"generalParameters/portalParams/portalCustomization/passwordManagement","mailReplyTo":"generalParameters/advancedParams/SMTP/mailHeaders","mailSessionKey":"generalParameters/advancedParams/SMTP","mailSubject":"generalParameters/plugins/passwordManagement/mailContent","mailTimeout":"generalParameters/plugins/passwordManagement/mailOther","mailUrl":"generalParameters/plugins/passwordManagement/mailOther","maintenance":"generalParameters/advancedParams/redirection","managerDn":"generalParameters/authParams/ldapParams/ldapConnection","managerPassword":"generalParameters/authParams/ldapParams/ldapConnection","multiValuesSeparator":"generalParameters/advancedParams","nginxCustomHandlers":"generalParameters/advancedParams","noAjaxHook":"generalParameters/advancedParams/portalRedirection","notification":"generalParameters/plugins/notifications","notificationDefaultCond":"generalParameters/plugins/notifications/serverNotification","notificationServer":"generalParameters/plugins/notifications/serverNotification","notificationServerDELETE":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerGET":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerPOST":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerSentAttributes":"generalParameters/plugins/notifications/serverNotification","notificationStorage":"generalParameters/plugins/notifications","notificationStorageOptions":"generalParameters/plugins/notifications","notificationWildcard":"generalParameters/plugins/notifications","notificationXSLTfile":"generalParameters/plugins/notifications","notificationsExplorer":"generalParameters/plugins/notifications","notifyDeleted":"generalParameters/sessionParams/multipleSessions","notifyOther":"generalParameters/sessionParams/multipleSessions","nullAuthnLevel":"generalParameters/authParams/nullParams","oidcAuthnLevel":"generalParameters/authParams/oidcParams","oidcOPMetaDataNodes":"","oidcRPCallbackGetParam":"generalParameters/authParams/oidcParams","oidcRPMetaDataNodes":"","oidcRPStateTimeout":"generalParameters/authParams/oidcParams","oidcServiceAccessTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowAuthorizationCodeFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowDynamicRegistration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowHybridFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowImplicitFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAuthorizationCodeExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceDynamicRegistrationExportedVars":"oidcServiceMetaData","oidcServiceDynamicRegistrationExtraClaims":"oidcServiceMetaData","oidcServiceIDTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceKeyIdSig":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceMetaDataAuthnContext":"oidcServiceMetaData","oidcServiceMetaDataAuthorizeURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataBackChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataCheckSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataEndSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataFrontChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIntrospectionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIssuer":"oidcServiceMetaData","oidcServiceMetaDataJWKSURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataRegistrationURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataTokenURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataUserInfoURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceOfflineSessionExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServicePrivateKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServicePublicKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcStorage":"oidcServiceMetaData/oidcServiceMetaDataSessions","oidcStorageOptions":"oidcServiceMetaData/oidcServiceMetaDataSessions","oldNotifFormat":"generalParameters/plugins/notifications","openIdAttr":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdAuthnLevel":"generalParameters/authParams/openidParams","openIdExportedVars":"generalParameters/authParams/openidParams","openIdIDPList":"generalParameters/authParams/openidParams","openIdIssuerSecret":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSPList":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSecret":"generalParameters/authParams/openidParams","openIdSreg_country":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_dob":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_email":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_fullname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_gender":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_language":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_nickname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_postcode":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_timezone":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","pamAuthnLevel":"generalParameters/authParams/pamParams","pamService":"generalParameters/authParams/pamParams","passwordDB":"generalParameters/authParams","passwordPolicyActivation":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinDigit":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinLower":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSize":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSpeChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinUpper":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicySpecialChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordResetAllowedRetries":"generalParameters/portalParams/portalCustomization/portalButtons","persistentStorage":"generalParameters/sessionParams/persistentSessions","persistentStorageOptions":"generalParameters/sessionParams/persistentSessions","port":"generalParameters/advancedParams/redirection","portal":"generalParameters/portalParams","portalAntiFrame":"generalParameters/portalParams/portalCustomization/portalOther","portalCheckLogins":"generalParameters/portalParams/portalCustomization/portalButtons","portalCustomCss":"generalParameters/portalParams/portalCustomization","portalDisplayAppslist":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayCertificateResetByMail":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayChangePassword":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayGeneratePassword":"generalParameters/plugins/passwordManagement/mailOther","portalDisplayLoginHistory":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLogout":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayOidcConsents":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayPasswordPolicy":"generalParameters/portalParams/portalCustomization/passwordPolicy","portalDisplayRefreshMyRights":"generalParameters/portalParams/portalCustomization/portalOther","portalDisplayRegister":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayResetPassword":"generalParameters/portalParams/portalCustomization/portalButtons","portalErrorOnExpiredSession":"generalParameters/portalParams/portalCustomization/portalOther","portalErrorOnMailNotFound":"generalParameters/portalParams/portalCustomization/portalOther","portalForceAuthn":"generalParameters/advancedParams/security","portalForceAuthnInterval":"generalParameters/advancedParams/security","portalMainLogo":"generalParameters/portalParams/portalCustomization","portalOpenLinkInNewWindow":"generalParameters/portalParams/portalCustomization/portalOther","portalPingInterval":"generalParameters/portalParams/portalCustomization/portalOther","portalRequireOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","portalSkin":"generalParameters/portalParams/portalCustomization","portalSkinBackground":"generalParameters/portalParams/portalCustomization","portalSkinRules":"generalParameters/portalParams/portalCustomization","portalStatus":"generalParameters/plugins","portalUserAttr":"generalParameters/portalParams/portalCustomization/portalOther","proxyAuthService":"generalParameters/authParams/proxyParams","proxyAuthnLevel":"generalParameters/authParams/proxyParams","proxySessionService":"generalParameters/authParams/proxyParams","proxyUseSoap":"generalParameters/authParams/proxyParams","radius2fActivation":"generalParameters/secondFactors/radius2f","radius2fAuthnLevel":"generalParameters/secondFactors/radius2f","radius2fLabel":"generalParameters/secondFactors/radius2f","radius2fLogo":"generalParameters/secondFactors/radius2f","radius2fSecret":"generalParameters/secondFactors/radius2f","radius2fServer":"generalParameters/secondFactors/radius2f","radius2fTimeout":"generalParameters/secondFactors/radius2f","radius2fUsernameSessionKey":"generalParameters/secondFactors/radius2f","radiusAuthnLevel":"generalParameters/authParams/radiusParams","radiusSecret":"generalParameters/authParams/radiusParams","radiusServer":"generalParameters/authParams/radiusParams","randomPasswordRegexp":"generalParameters/plugins/passwordManagement/mailOther","redirectFormMethod":"generalParameters/advancedParams/forms","refreshSessions":"generalParameters/plugins","registerConfirmSubject":"generalParameters/plugins/register","registerDB":"generalParameters/authParams","registerDoneSubject":"generalParameters/plugins/register","registerTimeout":"generalParameters/plugins/register","registerUrl":"generalParameters/plugins/register","reloadTimeout":"generalParameters/reloadParams","reloadUrls":"generalParameters/reloadParams","remoteCookieName":"generalParameters/authParams/remoteParams","remoteGlobalStorage":"generalParameters/authParams/remoteParams","remoteGlobalStorageOptions":"generalParameters/authParams/remoteParams","remotePortal":"generalParameters/authParams/remoteParams","requireToken":"generalParameters/advancedParams/security","rest2fActivation":"generalParameters/secondFactors/rest2f","rest2fAuthnLevel":"generalParameters/secondFactors/rest2f","rest2fInitArgs":"generalParameters/secondFactors/rest2f","rest2fInitUrl":"generalParameters/secondFactors/rest2f","rest2fLabel":"generalParameters/secondFactors/rest2f","rest2fLogo":"generalParameters/secondFactors/rest2f","rest2fVerifyArgs":"generalParameters/secondFactors/rest2f","rest2fVerifyUrl":"generalParameters/secondFactors/rest2f","restAuthServer":"generalParameters/plugins/portalServers","restAuthUrl":"generalParameters/authParams/restParams","restAuthnLevel":"generalParameters/authParams/restParams","restClockTolerance":"generalParameters/plugins/portalServers","restConfigServer":"generalParameters/plugins/portalServers","restExportSecretKeys":"generalParameters/plugins/portalServers","restPasswordServer":"generalParameters/plugins/portalServers","restPwdConfirmUrl":"generalParameters/authParams/restParams","restPwdModifyUrl":"generalParameters/authParams/restParams","restSessionServer":"generalParameters/plugins/portalServers","restUserDBUrl":"generalParameters/authParams/restParams","sameSite":"generalParameters/cookieParams","samlAttributeAuthorityDescriptorAttributeServiceSOAP":"samlServiceMetaData/samlAttributeAuthorityDescriptor/samlAttributeAuthorityDescriptorAttributeService","samlAuthnContextMapKerberos":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPassword":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPasswordProtectedTransport":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapTLSClient":"samlServiceMetaData/samlAuthnContextMap","samlCommonDomainCookieActivation":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieDomain":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieReader":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieWriter":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlDiscoveryProtocolActivation":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolIsPassive":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolPolicy":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolURL":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlEntityID":"samlServiceMetaData","samlIDPMetaDataNodes":"","samlIDPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorArtifactResolutionService","samlIDPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorWantAuthnRequestsSigned":"samlServiceMetaData/samlIDPSSODescriptor","samlMetadataForceUTF8":"samlServiceMetaData/samlAdvanced","samlNameIDFormatMapEmail":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapKerberos":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapWindows":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapX509":"samlServiceMetaData/samlNameIDFormatMap","samlOrganizationDisplayName":"samlServiceMetaData/samlOrganization","samlOrganizationName":"samlServiceMetaData/samlOrganization","samlOrganizationURL":"samlServiceMetaData/samlOrganization","samlOverrideIDPEntityID":"samlServiceMetaData/samlAdvanced","samlRelayStateTimeout":"samlServiceMetaData/samlAdvanced","samlSPMetaDataNodes":"","samlSPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorArtifactResolutionService","samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAssertionConsumerServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAuthnRequestsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlSPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorWantAssertionsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlServicePrivateKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeyEncPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePrivateKeySigPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePublicKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePublicKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServiceSignatureMethod":"samlServiceMetaData/samlServiceSecurity","samlServiceUseCertificateInResponse":"samlServiceMetaData/samlServiceSecurity","samlStorage":"samlServiceMetaData/samlAdvanced","samlStorageOptions":"samlServiceMetaData/samlAdvanced","samlUseQueryStringSpecific":"samlServiceMetaData/samlAdvanced","securedCookie":"generalParameters/cookieParams","sessionDataToRemember":"generalParameters/plugins/loginHistory","sfExtra":"generalParameters/secondFactors","sfManagerRule":"generalParameters/secondFactors","sfOnlyUpgrade":"generalParameters/secondFactors","sfRemovedMsgRule":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifMsg":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifRef":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifTitle":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedUseNotif":"generalParameters/secondFactors/sfRemovedNotification","sfRequired":"generalParameters/secondFactors","showLanguages":"generalParameters/portalParams/portalCustomization","singleIP":"generalParameters/sessionParams/multipleSessions","singleSession":"generalParameters/sessionParams/multipleSessions","singleUserByIP":"generalParameters/sessionParams/multipleSessions","skipRenewConfirmation":"generalParameters/advancedParams/portalRedirection","skipUpgradeConfirmation":"generalParameters/advancedParams/portalRedirection","slaveAuthnLevel":"generalParameters/authParams/slaveParams","slaveDisplayLogo":"generalParameters/authParams/slaveParams","slaveExportedVars":"generalParameters/authParams/slaveParams","slaveHeaderContent":"generalParameters/authParams/slaveParams","slaveHeaderName":"generalParameters/authParams/slaveParams","slaveMasterIP":"generalParameters/authParams/slaveParams","slaveUserHeader":"generalParameters/authParams/slaveParams","soapConfigServer":"generalParameters/plugins/portalServers","soapSessionServer":"generalParameters/plugins/portalServers","sslByAjax":"generalParameters/authParams/sslParams","sslHost":"generalParameters/authParams/sslParams","stayConnected":"generalParameters/plugins/stayConnect","stayConnectedCookieName":"generalParameters/plugins/stayConnect","stayConnectedTimeout":"generalParameters/plugins/stayConnect","storePassword":"generalParameters/sessionParams","successLoginNumber":"generalParameters/plugins/loginHistory","timeout":"generalParameters/sessionParams","timeoutActivity":"generalParameters/sessionParams","timeoutActivityInterval":"generalParameters/sessionParams","tokenUseGlobalStorage":"generalParameters/advancedParams/security","totp2fActivation":"generalParameters/secondFactors/totp2f","totp2fAuthnLevel":"generalParameters/secondFactors/totp2f","totp2fDigits":"generalParameters/secondFactors/totp2f","totp2fDisplayExistingSecret":"generalParameters/secondFactors/totp2f","totp2fInterval":"generalParameters/secondFactors/totp2f","totp2fIssuer":"generalParameters/secondFactors/totp2f","totp2fLabel":"generalParameters/secondFactors/totp2f","totp2fLogo":"generalParameters/secondFactors/totp2f","totp2fRange":"generalParameters/secondFactors/totp2f","totp2fSelfRegistration":"generalParameters/secondFactors/totp2f","totp2fTTL":"generalParameters/secondFactors/totp2f","totp2fUserCanChangeKey":"generalParameters/secondFactors/totp2f","totp2fUserCanRemoveKey":"generalParameters/secondFactors/totp2f","trustedDomains":"generalParameters/advancedParams/security","twitterAppName":"generalParameters/authParams/twitterParams","twitterAuthnLevel":"generalParameters/authParams/twitterParams","twitterKey":"generalParameters/authParams/twitterParams","twitterSecret":"generalParameters/authParams/twitterParams","twitterUserField":"generalParameters/authParams/twitterParams","u2fActivation":"generalParameters/secondFactors/u2f","u2fAuthnLevel":"generalParameters/secondFactors/u2f","u2fLabel":"generalParameters/secondFactors/u2f","u2fLogo":"generalParameters/secondFactors/u2f","u2fSelfRegistration":"generalParameters/secondFactors/u2f","u2fTTL":"generalParameters/secondFactors/u2f","u2fUserCanRemoveKey":"generalParameters/secondFactors/u2f","upgradeSession":"generalParameters/plugins","useRedirectOnError":"generalParameters/advancedParams/redirection","useRedirectOnForbidden":"generalParameters/advancedParams/redirection","useSafeJail":"generalParameters/advancedParams/security","userControl":"generalParameters/advancedParams/security","userDB":"generalParameters/authParams","userPivot":"generalParameters/authParams/dbiParams/dbiSchema","utotp2fActivation":"generalParameters/secondFactors/utotp2f","utotp2fAuthnLevel":"generalParameters/secondFactors/utotp2f","utotp2fLabel":"generalParameters/secondFactors/utotp2f","utotp2fLogo":"generalParameters/secondFactors/utotp2f","virtualHosts":"","webIDAuthnLevel":"generalParameters/authParams/webidParams","webIDExportedVars":"generalParameters/authParams/webidParams","webIDWhitelist":"generalParameters/authParams/webidParams","whatToTrace":"generalParameters/logParams","wsdlServer":"generalParameters/plugins/portalServers","yubikey2fActivation":"generalParameters/secondFactors/yubikey2f","yubikey2fAuthnLevel":"generalParameters/secondFactors/yubikey2f","yubikey2fClientID":"generalParameters/secondFactors/yubikey2f","yubikey2fFromSessionAttribute":"generalParameters/secondFactors/yubikey2f","yubikey2fLabel":"generalParameters/secondFactors/yubikey2f","yubikey2fLogo":"generalParameters/secondFactors/yubikey2f","yubikey2fNonce":"generalParameters/secondFactors/yubikey2f","yubikey2fPublicIDSize":"generalParameters/secondFactors/yubikey2f","yubikey2fSecretKey":"generalParameters/secondFactors/yubikey2f","yubikey2fSelfRegistration":"generalParameters/secondFactors/yubikey2f","yubikey2fTTL":"generalParameters/secondFactors/yubikey2f","yubikey2fUrl":"generalParameters/secondFactors/yubikey2f","yubikey2fUserCanRemoveKey":"generalParameters/secondFactors/yubikey2f"} \ No newline at end of file +{"ADPwdExpireWarning":"generalParameters/authParams/adParams","ADPwdMaxAge":"generalParameters/authParams/adParams","AuthLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","LDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","SMTPAuthPass":"generalParameters/advancedParams/SMTP","SMTPAuthUser":"generalParameters/advancedParams/SMTP","SMTPPort":"generalParameters/advancedParams/SMTP","SMTPServer":"generalParameters/advancedParams/SMTP","SMTPTLS":"generalParameters/advancedParams/SMTP","SMTPTLSOpts":"generalParameters/advancedParams/SMTP","SSLAuthnLevel":"generalParameters/authParams/sslParams","SSLVar":"generalParameters/authParams/sslParams","SSLVarIf":"generalParameters/authParams/sslParams","activeTimer":"generalParameters/advancedParams/forms","adaptativeAuthenticationLevelRules":"generalParameters/plugins","apacheAuthnLevel":"generalParameters/authParams/apacheParams","applicationList":"generalParameters/portalParams/portalMenu","authChoiceAuthBasic":"generalParameters/authParams/choiceParams","authChoiceModules":"generalParameters/authParams/choiceParams","authChoiceParam":"generalParameters/authParams/choiceParams","authentication":"generalParameters/authParams","autoSigninRules":"generalParameters/plugins/autoSignin","avoidAssignment":"generalParameters/advancedParams/security","browsersDontStorePassword":"generalParameters/advancedParams/security","bruteForceProtection":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionIncrementalTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionLockTimes":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionMaxFailed":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","captcha_login_enabled":"generalParameters/portalParams/portalCaptcha","captcha_mail_enabled":"generalParameters/portalParams/portalCaptcha","captcha_register_enabled":"generalParameters/portalParams/portalCaptcha","captcha_size":"generalParameters/portalParams/portalCaptcha","casAccessControlPolicy":"casServiceMetadata","casAppMetaDataNodes":"","casAttr":"casServiceMetadata","casAttributes":"casServiceMetadata","casAuthnLevel":"generalParameters/authParams/casParams","casSrvMetaDataNodes":"","casStorage":"casServiceMetadata","casStorageOptions":"casServiceMetadata","cda":"generalParameters/cookieParams","certificateResetByMailCeaAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailCertificateAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailStep1Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep1Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailURL":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailValidityDelay":"generalParameters/plugins/certificateResetByMailManagement/mailOther","checkState":"generalParameters/plugins/stateCheck","checkStateSecret":"generalParameters/plugins/stateCheck","checkUser":"generalParameters/plugins/checkUsers","checkUserDisplayComputedSession":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyHeaders":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyValues":"generalParameters/plugins/checkUsers","checkUserDisplayPersistentInfo":"generalParameters/plugins/checkUsers","checkUserHiddenAttributes":"generalParameters/plugins/checkUsers","checkUserHiddenHeaders":"generalParameters/plugins/checkUsers","checkUserIdRule":"generalParameters/plugins/checkUsers","checkUserSearchAttributes":"generalParameters/plugins/checkUsers","checkUserUnrestrictedUsersRule":"generalParameters/plugins/checkUsers","checkXSS":"generalParameters/advancedParams/security","combModules":"generalParameters/authParams/combinationParams","combination":"generalParameters/authParams/combinationParams","compactConf":"generalParameters/reloadParams","confirmFormMethod":"generalParameters/advancedParams/forms","contextSwitchingAllowed2fModifications":"generalParameters/plugins/contextSwitching","contextSwitchingIdRule":"generalParameters/plugins/contextSwitching","contextSwitchingRule":"generalParameters/plugins/contextSwitching","contextSwitchingStopWithLogout":"generalParameters/plugins/contextSwitching","contextSwitchingUnrestrictedUsersRule":"generalParameters/plugins/contextSwitching","cookieExpiration":"generalParameters/cookieParams","cookieName":"generalParameters/cookieParams","corsAllow_Credentials":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Methods":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Origin":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsEnabled":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsExpose_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsMax_Age":"generalParameters/advancedParams/security/crossOrigineResourceSharing","cspConnect":"generalParameters/advancedParams/security/contentSecurityPolicy","cspDefault":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFont":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFormAction":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFrameAncestors":"generalParameters/advancedParams/security/contentSecurityPolicy","cspImg":"generalParameters/advancedParams/security/contentSecurityPolicy","cspScript":"generalParameters/advancedParams/security/contentSecurityPolicy","cspStyle":"generalParameters/advancedParams/security/contentSecurityPolicy","customAddParams":"generalParameters/authParams/customParams","customAuth":"generalParameters/authParams/customParams","customFunctions":"generalParameters/advancedParams","customPassword":"generalParameters/authParams/customParams","customPlugins":"generalParameters/plugins/customPluginsNode","customPluginsParams":"generalParameters/plugins/customPluginsNode","customRegister":"generalParameters/authParams/customParams","customResetCertByMail":"generalParameters/authParams/customParams","customToTrace":"generalParameters/logParams","customUserDB":"generalParameters/authParams/customParams","dbiAuthChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthLoginCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthPasswordCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPasswordHash":"generalParameters/authParams/dbiParams/dbiPassword","dbiAuthTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthnLevel":"generalParameters/authParams/dbiParams","dbiDynamicHashEnabled":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashNewPasswordScheme":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSaltedSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiExportedVars":"generalParameters/authParams/dbiParams","dbiPasswordMailCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","decryptValueFunctions":"generalParameters/plugins/decryptValue","decryptValueRule":"generalParameters/plugins/decryptValue","demoExportedVars":"generalParameters/authParams/demoParams","disablePersistentStorage":"generalParameters/sessionParams/persistentSessions","displaySessionId":"generalParameters/sessionParams","domain":"generalParameters/cookieParams","exportedAttr":"generalParameters/plugins/portalServers","exportedVars":"variables","ext2FSendCommand":"generalParameters/secondFactors/ext2f","ext2FValidateCommand":"generalParameters/secondFactors/ext2f","ext2fActivation":"generalParameters/secondFactors/ext2f","ext2fAuthnLevel":"generalParameters/secondFactors/ext2f","ext2fCodeActivation":"generalParameters/secondFactors/ext2f","ext2fLabel":"generalParameters/secondFactors/ext2f","ext2fLogo":"generalParameters/secondFactors/ext2f","facebookAppId":"generalParameters/authParams/facebookParams","facebookAppSecret":"generalParameters/authParams/facebookParams","facebookAuthnLevel":"generalParameters/authParams/facebookParams","facebookExportedVars":"generalParameters/authParams/facebookParams","facebookUserField":"generalParameters/authParams/facebookParams","failedLoginNumber":"generalParameters/plugins/loginHistory","findUser":"generalParameters/plugins/impersonation","findUserExcludingAttributes":"generalParameters/plugins/impersonation","findUserSearchingAttributes":"generalParameters/plugins/impersonation","formTimeout":"generalParameters/advancedParams/security","githubAuthnLevel":"generalParameters/authParams/githubParams","githubClientID":"generalParameters/authParams/githubParams","githubClientSecret":"generalParameters/authParams/githubParams","githubScope":"generalParameters/authParams/githubParams","githubUserField":"generalParameters/authParams/githubParams","globalLogoutCustomParam":"generalParameters/plugins/globalLogout","globalLogoutRule":"generalParameters/plugins/globalLogout","globalLogoutTimer":"generalParameters/plugins/globalLogout","globalStorage":"generalParameters/sessionParams/sessionStorage","globalStorageOptions":"generalParameters/sessionParams/sessionStorage","gpgAuthnLevel":"generalParameters/authParams/gpgParams","gpgDb":"generalParameters/authParams/gpgParams","grantSessionRules":"generalParameters/sessionParams","groups":"variables","groupsBeforeMacros":"generalParameters/advancedParams","hiddenAttributes":"generalParameters/logParams","hideOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","httpOnly":"generalParameters/cookieParams","https":"generalParameters/advancedParams/redirection","impersonationHiddenAttributes":"generalParameters/plugins/impersonation","impersonationIdRule":"generalParameters/plugins/impersonation","impersonationMergeSSOgroups":"generalParameters/plugins/impersonation","impersonationRule":"generalParameters/plugins/impersonation","impersonationSkipEmptyValues":"generalParameters/plugins/impersonation","impersonationUnrestrictedUsersRule":"generalParameters/plugins/impersonation","infoFormMethod":"generalParameters/advancedParams/forms","issuerDBCASActivation":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASPath":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASRule":"generalParameters/issuerParams/issuerDBCAS","issuerDBGetActivation":"generalParameters/issuerParams/issuerDBGet","issuerDBGetParameters":"generalParameters/issuerParams/issuerDBGet","issuerDBGetPath":"generalParameters/issuerParams/issuerDBGet","issuerDBGetRule":"generalParameters/issuerParams/issuerDBGet","issuerDBOpenIDActivation":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDConnectActivation":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectPath":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectRule":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDPath":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDRule":"generalParameters/issuerParams/issuerDBOpenID","issuerDBSAMLActivation":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLPath":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLRule":"generalParameters/issuerParams/issuerDBSAML","issuersTimeout":"generalParameters/issuerParams/issuerOptions","jsRedirect":"generalParameters/advancedParams/portalRedirection","key":"generalParameters/advancedParams/security","krbAllowedDomains":"generalParameters/authParams/kerberosParams","krbAuthnLevel":"generalParameters/authParams/kerberosParams","krbByJs":"generalParameters/authParams/kerberosParams","krbKeytab":"generalParameters/authParams/kerberosParams","krbRemoveDomain":"generalParameters/authParams/kerberosParams","ldapAllowResetExpiredPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapAuthnLevel":"generalParameters/authParams/ldapParams","ldapBase":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAFile":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAPath":"generalParameters/authParams/ldapParams/ldapConnection","ldapChangePasswordAsUser":"generalParameters/authParams/ldapParams/ldapPassword","ldapExportedVars":"generalParameters/authParams/ldapParams","ldapGroupAttributeName":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameGroup":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameSearch":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameUser":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupBase":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupDecodeSearchedValue":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupObjectClass":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupRecursive":"generalParameters/authParams/ldapParams/ldapGroups","ldapIOTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapITDS":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttributeValue":"generalParameters/authParams/ldapParams/ldapPassword","ldapPort":"generalParameters/authParams/ldapParams/ldapConnection","ldapPpolicyControl":"generalParameters/authParams/ldapParams/ldapPassword","ldapPwdEnc":"generalParameters/authParams/ldapParams/ldapPassword","ldapRaw":"generalParameters/authParams/ldapParams/ldapConnection","ldapSearchDeref":"generalParameters/authParams/ldapParams/ldapFilters","ldapServer":"generalParameters/authParams/ldapParams/ldapConnection","ldapSetPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapUsePasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapVerify":"generalParameters/authParams/ldapParams/ldapConnection","ldapVersion":"generalParameters/authParams/ldapParams/ldapConnection","linkedInAuthnLevel":"generalParameters/authParams/linkedinParams","linkedInClientID":"generalParameters/authParams/linkedinParams","linkedInClientSecret":"generalParameters/authParams/linkedinParams","linkedInFields":"generalParameters/authParams/linkedinParams","linkedInScope":"generalParameters/authParams/linkedinParams","linkedInUserField":"generalParameters/authParams/linkedinParams","localSessionStorage":"generalParameters/sessionParams/sessionStorage","localSessionStorageOptions":"generalParameters/sessionParams/sessionStorage","loginHistoryEnabled":"generalParameters/plugins/loginHistory","logoutServices":"generalParameters/advancedParams","lwpOpts":"generalParameters/advancedParams/security","lwpSslOpts":"generalParameters/advancedParams/security","macros":"variables","mail2fActivation":"generalParameters/secondFactors/mail2f","mail2fAuthnLevel":"generalParameters/secondFactors/mail2f","mail2fBody":"generalParameters/secondFactors/mail2f","mail2fCodeRegex":"generalParameters/secondFactors/mail2f","mail2fLabel":"generalParameters/secondFactors/mail2f","mail2fLogo":"generalParameters/secondFactors/mail2f","mail2fSessionKey":"generalParameters/secondFactors/mail2f","mail2fSubject":"generalParameters/secondFactors/mail2f","mail2fTimeout":"generalParameters/secondFactors/mail2f","mailBody":"generalParameters/plugins/passwordManagement/mailContent","mailCharset":"generalParameters/advancedParams/SMTP/mailHeaders","mailConfirmBody":"generalParameters/plugins/passwordManagement/mailContent","mailConfirmSubject":"generalParameters/plugins/passwordManagement/mailContent","mailFrom":"generalParameters/advancedParams/SMTP/mailHeaders","mailLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","mailOnPasswordChange":"generalParameters/portalParams/portalCustomization/passwordManagement","mailReplyTo":"generalParameters/advancedParams/SMTP/mailHeaders","mailSessionKey":"generalParameters/advancedParams/SMTP","mailSubject":"generalParameters/plugins/passwordManagement/mailContent","mailTimeout":"generalParameters/plugins/passwordManagement/mailOther","mailUrl":"generalParameters/plugins/passwordManagement/mailOther","maintenance":"generalParameters/advancedParams/redirection","managerDn":"generalParameters/authParams/ldapParams/ldapConnection","managerPassword":"generalParameters/authParams/ldapParams/ldapConnection","multiValuesSeparator":"generalParameters/advancedParams","nginxCustomHandlers":"generalParameters/advancedParams","noAjaxHook":"generalParameters/advancedParams/portalRedirection","notification":"generalParameters/plugins/notifications","notificationDefaultCond":"generalParameters/plugins/notifications/serverNotification","notificationServer":"generalParameters/plugins/notifications/serverNotification","notificationServerDELETE":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerGET":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerPOST":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerSentAttributes":"generalParameters/plugins/notifications/serverNotification","notificationStorage":"generalParameters/plugins/notifications","notificationStorageOptions":"generalParameters/plugins/notifications","notificationWildcard":"generalParameters/plugins/notifications","notificationXSLTfile":"generalParameters/plugins/notifications","notificationsExplorer":"generalParameters/plugins/notifications","notifyDeleted":"generalParameters/sessionParams/multipleSessions","notifyOther":"generalParameters/sessionParams/multipleSessions","nullAuthnLevel":"generalParameters/authParams/nullParams","oidcAuthnLevel":"generalParameters/authParams/oidcParams","oidcOPMetaDataNodes":"","oidcRPCallbackGetParam":"generalParameters/authParams/oidcParams","oidcRPMetaDataNodes":"","oidcRPStateTimeout":"generalParameters/authParams/oidcParams","oidcServiceAccessTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowAuthorizationCodeFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowDynamicRegistration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowHybridFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowImplicitFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAuthorizationCodeExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceDynamicRegistrationExportedVars":"oidcServiceMetaData","oidcServiceDynamicRegistrationExtraClaims":"oidcServiceMetaData","oidcServiceIDTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceKeyIdSig":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceMetaDataAuthnContext":"oidcServiceMetaData","oidcServiceMetaDataAuthorizeURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataBackChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataCheckSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataEndSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataFrontChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIntrospectionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIssuer":"oidcServiceMetaData","oidcServiceMetaDataJWKSURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataRegistrationURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataTokenURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataUserInfoURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceOfflineSessionExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServicePrivateKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServicePublicKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcStorage":"oidcServiceMetaData/oidcServiceMetaDataSessions","oidcStorageOptions":"oidcServiceMetaData/oidcServiceMetaDataSessions","oldNotifFormat":"generalParameters/plugins/notifications","openIdAttr":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdAuthnLevel":"generalParameters/authParams/openidParams","openIdExportedVars":"generalParameters/authParams/openidParams","openIdIDPList":"generalParameters/authParams/openidParams","openIdIssuerSecret":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSPList":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSecret":"generalParameters/authParams/openidParams","openIdSreg_country":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_dob":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_email":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_fullname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_gender":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_language":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_nickname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_postcode":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_timezone":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","pamAuthnLevel":"generalParameters/authParams/pamParams","pamService":"generalParameters/authParams/pamParams","passwordDB":"generalParameters/authParams","passwordPolicyActivation":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinDigit":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinLower":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSize":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSpeChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinUpper":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicySpecialChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordResetAllowedRetries":"generalParameters/portalParams/portalCustomization/portalButtons","persistentStorage":"generalParameters/sessionParams/persistentSessions","persistentStorageOptions":"generalParameters/sessionParams/persistentSessions","port":"generalParameters/advancedParams/redirection","portal":"generalParameters/portalParams","portalAntiFrame":"generalParameters/portalParams/portalCustomization/portalOther","portalCheckLogins":"generalParameters/portalParams/portalCustomization/portalButtons","portalCustomCss":"generalParameters/portalParams/portalCustomization","portalDisplayAppslist":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayCertificateResetByMail":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayChangePassword":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayGeneratePassword":"generalParameters/plugins/passwordManagement/mailOther","portalDisplayLoginHistory":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLogout":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayOidcConsents":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayPasswordPolicy":"generalParameters/portalParams/portalCustomization/passwordPolicy","portalDisplayRefreshMyRights":"generalParameters/portalParams/portalCustomization/portalOther","portalDisplayRegister":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayResetPassword":"generalParameters/portalParams/portalCustomization/portalButtons","portalErrorOnExpiredSession":"generalParameters/portalParams/portalCustomization/portalOther","portalErrorOnMailNotFound":"generalParameters/portalParams/portalCustomization/portalOther","portalForceAuthn":"generalParameters/advancedParams/security","portalForceAuthnInterval":"generalParameters/advancedParams/security","portalMainLogo":"generalParameters/portalParams/portalCustomization","portalOpenLinkInNewWindow":"generalParameters/portalParams/portalCustomization/portalOther","portalPingInterval":"generalParameters/portalParams/portalCustomization/portalOther","portalRequireOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","portalSkin":"generalParameters/portalParams/portalCustomization","portalSkinBackground":"generalParameters/portalParams/portalCustomization","portalSkinRules":"generalParameters/portalParams/portalCustomization","portalStatus":"generalParameters/plugins","portalUserAttr":"generalParameters/portalParams/portalCustomization/portalOther","proxyAuthService":"generalParameters/authParams/proxyParams","proxyAuthnLevel":"generalParameters/authParams/proxyParams","proxySessionService":"generalParameters/authParams/proxyParams","proxyUseSoap":"generalParameters/authParams/proxyParams","radius2fActivation":"generalParameters/secondFactors/radius2f","radius2fAuthnLevel":"generalParameters/secondFactors/radius2f","radius2fLabel":"generalParameters/secondFactors/radius2f","radius2fLogo":"generalParameters/secondFactors/radius2f","radius2fSecret":"generalParameters/secondFactors/radius2f","radius2fServer":"generalParameters/secondFactors/radius2f","radius2fTimeout":"generalParameters/secondFactors/radius2f","radius2fUsernameSessionKey":"generalParameters/secondFactors/radius2f","radiusAuthnLevel":"generalParameters/authParams/radiusParams","radiusSecret":"generalParameters/authParams/radiusParams","radiusServer":"generalParameters/authParams/radiusParams","randomPasswordRegexp":"generalParameters/plugins/passwordManagement/mailOther","redirectFormMethod":"generalParameters/advancedParams/forms","refreshSessions":"generalParameters/plugins","registerConfirmSubject":"generalParameters/plugins/register","registerDB":"generalParameters/authParams","registerDoneSubject":"generalParameters/plugins/register","registerTimeout":"generalParameters/plugins/register","registerUrl":"generalParameters/plugins/register","reloadTimeout":"generalParameters/reloadParams","reloadUrls":"generalParameters/reloadParams","remoteCookieName":"generalParameters/authParams/remoteParams","remoteGlobalStorage":"generalParameters/authParams/remoteParams","remoteGlobalStorageOptions":"generalParameters/authParams/remoteParams","remotePortal":"generalParameters/authParams/remoteParams","requireToken":"generalParameters/advancedParams/security","rest2fActivation":"generalParameters/secondFactors/rest2f","rest2fAuthnLevel":"generalParameters/secondFactors/rest2f","rest2fInitArgs":"generalParameters/secondFactors/rest2f","rest2fInitUrl":"generalParameters/secondFactors/rest2f","rest2fLabel":"generalParameters/secondFactors/rest2f","rest2fLogo":"generalParameters/secondFactors/rest2f","rest2fVerifyArgs":"generalParameters/secondFactors/rest2f","rest2fVerifyUrl":"generalParameters/secondFactors/rest2f","restAuthServer":"generalParameters/plugins/portalServers","restAuthUrl":"generalParameters/authParams/restParams","restAuthnLevel":"generalParameters/authParams/restParams","restClockTolerance":"generalParameters/plugins/portalServers","restConfigServer":"generalParameters/plugins/portalServers","restExportSecretKeys":"generalParameters/plugins/portalServers","restPasswordServer":"generalParameters/plugins/portalServers","restPwdConfirmUrl":"generalParameters/authParams/restParams","restPwdModifyUrl":"generalParameters/authParams/restParams","restSessionServer":"generalParameters/plugins/portalServers","restUserDBUrl":"generalParameters/authParams/restParams","sameSite":"generalParameters/cookieParams","samlAttributeAuthorityDescriptorAttributeServiceSOAP":"samlServiceMetaData/samlAttributeAuthorityDescriptor/samlAttributeAuthorityDescriptorAttributeService","samlAuthnContextMapKerberos":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPassword":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPasswordProtectedTransport":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapTLSClient":"samlServiceMetaData/samlAuthnContextMap","samlCommonDomainCookieActivation":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieDomain":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieReader":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieWriter":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlDiscoveryProtocolActivation":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolIsPassive":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolPolicy":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolURL":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlEntityID":"samlServiceMetaData","samlIDPMetaDataNodes":"","samlIDPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorArtifactResolutionService","samlIDPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorWantAuthnRequestsSigned":"samlServiceMetaData/samlIDPSSODescriptor","samlMetadataForceUTF8":"samlServiceMetaData/samlAdvanced","samlNameIDFormatMapEmail":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapKerberos":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapWindows":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapX509":"samlServiceMetaData/samlNameIDFormatMap","samlOrganizationDisplayName":"samlServiceMetaData/samlOrganization","samlOrganizationName":"samlServiceMetaData/samlOrganization","samlOrganizationURL":"samlServiceMetaData/samlOrganization","samlOverrideIDPEntityID":"samlServiceMetaData/samlAdvanced","samlRelayStateTimeout":"samlServiceMetaData/samlAdvanced","samlSPMetaDataNodes":"","samlSPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorArtifactResolutionService","samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAssertionConsumerServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAuthnRequestsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlSPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorWantAssertionsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlServicePrivateKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeyEncPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePrivateKeySigPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePublicKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePublicKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServiceSignatureMethod":"samlServiceMetaData/samlServiceSecurity","samlServiceUseCertificateInResponse":"samlServiceMetaData/samlServiceSecurity","samlStorage":"samlServiceMetaData/samlAdvanced","samlStorageOptions":"samlServiceMetaData/samlAdvanced","samlUseQueryStringSpecific":"samlServiceMetaData/samlAdvanced","securedCookie":"generalParameters/cookieParams","sessionDataToRemember":"generalParameters/plugins/loginHistory","sfExtra":"generalParameters/secondFactors","sfManagerRule":"generalParameters/secondFactors","sfOnlyUpgrade":"generalParameters/secondFactors","sfRemovedMsgRule":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifMsg":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifRef":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifTitle":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedUseNotif":"generalParameters/secondFactors/sfRemovedNotification","sfRequired":"generalParameters/secondFactors","showLanguages":"generalParameters/portalParams/portalCustomization","singleIP":"generalParameters/sessionParams/multipleSessions","singleSession":"generalParameters/sessionParams/multipleSessions","singleUserByIP":"generalParameters/sessionParams/multipleSessions","skipRenewConfirmation":"generalParameters/advancedParams/portalRedirection","skipUpgradeConfirmation":"generalParameters/advancedParams/portalRedirection","slaveAuthnLevel":"generalParameters/authParams/slaveParams","slaveDisplayLogo":"generalParameters/authParams/slaveParams","slaveExportedVars":"generalParameters/authParams/slaveParams","slaveHeaderContent":"generalParameters/authParams/slaveParams","slaveHeaderName":"generalParameters/authParams/slaveParams","slaveMasterIP":"generalParameters/authParams/slaveParams","slaveUserHeader":"generalParameters/authParams/slaveParams","soapConfigServer":"generalParameters/plugins/portalServers","soapSessionServer":"generalParameters/plugins/portalServers","sslByAjax":"generalParameters/authParams/sslParams","sslHost":"generalParameters/authParams/sslParams","stayConnected":"generalParameters/plugins/stayConnect","stayConnectedCookieName":"generalParameters/plugins/stayConnect","stayConnectedTimeout":"generalParameters/plugins/stayConnect","storePassword":"generalParameters/sessionParams","successLoginNumber":"generalParameters/plugins/loginHistory","timeout":"generalParameters/sessionParams","timeoutActivity":"generalParameters/sessionParams","timeoutActivityInterval":"generalParameters/sessionParams","tokenUseGlobalStorage":"generalParameters/advancedParams/security","totp2fActivation":"generalParameters/secondFactors/totp2f","totp2fAuthnLevel":"generalParameters/secondFactors/totp2f","totp2fDigits":"generalParameters/secondFactors/totp2f","totp2fDisplayExistingSecret":"generalParameters/secondFactors/totp2f","totp2fInterval":"generalParameters/secondFactors/totp2f","totp2fIssuer":"generalParameters/secondFactors/totp2f","totp2fLabel":"generalParameters/secondFactors/totp2f","totp2fLogo":"generalParameters/secondFactors/totp2f","totp2fRange":"generalParameters/secondFactors/totp2f","totp2fSelfRegistration":"generalParameters/secondFactors/totp2f","totp2fTTL":"generalParameters/secondFactors/totp2f","totp2fUserCanChangeKey":"generalParameters/secondFactors/totp2f","totp2fUserCanRemoveKey":"generalParameters/secondFactors/totp2f","trustedDomains":"generalParameters/advancedParams/security","twitterAppName":"generalParameters/authParams/twitterParams","twitterAuthnLevel":"generalParameters/authParams/twitterParams","twitterKey":"generalParameters/authParams/twitterParams","twitterSecret":"generalParameters/authParams/twitterParams","twitterUserField":"generalParameters/authParams/twitterParams","u2fActivation":"generalParameters/secondFactors/u2f","u2fAuthnLevel":"generalParameters/secondFactors/u2f","u2fLabel":"generalParameters/secondFactors/u2f","u2fLogo":"generalParameters/secondFactors/u2f","u2fSelfRegistration":"generalParameters/secondFactors/u2f","u2fTTL":"generalParameters/secondFactors/u2f","u2fUserCanRemoveKey":"generalParameters/secondFactors/u2f","upgradeSession":"generalParameters/plugins","useRedirectOnError":"generalParameters/advancedParams/redirection","useRedirectOnForbidden":"generalParameters/advancedParams/redirection","useSafeJail":"generalParameters/advancedParams/security","userControl":"generalParameters/advancedParams/security","userDB":"generalParameters/authParams","userPivot":"generalParameters/authParams/dbiParams/dbiSchema","utotp2fActivation":"generalParameters/secondFactors/utotp2f","utotp2fAuthnLevel":"generalParameters/secondFactors/utotp2f","utotp2fLabel":"generalParameters/secondFactors/utotp2f","utotp2fLogo":"generalParameters/secondFactors/utotp2f","virtualHosts":"","webIDAuthnLevel":"generalParameters/authParams/webidParams","webIDExportedVars":"generalParameters/authParams/webidParams","webIDWhitelist":"generalParameters/authParams/webidParams","whatToTrace":"generalParameters/logParams","wsdlServer":"generalParameters/plugins/portalServers","yubikey2fActivation":"generalParameters/secondFactors/yubikey2f","yubikey2fAuthnLevel":"generalParameters/secondFactors/yubikey2f","yubikey2fClientID":"generalParameters/secondFactors/yubikey2f","yubikey2fFromSessionAttribute":"generalParameters/secondFactors/yubikey2f","yubikey2fLabel":"generalParameters/secondFactors/yubikey2f","yubikey2fLogo":"generalParameters/secondFactors/yubikey2f","yubikey2fNonce":"generalParameters/secondFactors/yubikey2f","yubikey2fPublicIDSize":"generalParameters/secondFactors/yubikey2f","yubikey2fSecretKey":"generalParameters/secondFactors/yubikey2f","yubikey2fSelfRegistration":"generalParameters/secondFactors/yubikey2f","yubikey2fTTL":"generalParameters/secondFactors/yubikey2f","yubikey2fUrl":"generalParameters/secondFactors/yubikey2f","yubikey2fUserCanRemoveKey":"generalParameters/secondFactors/yubikey2f"} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/struct.json b/lemonldap-ng-manager/site/htdocs/static/struct.json index 0899d296d..45c8c190c 100644 --- a/lemonldap-ng-manager/site/htdocs/static/struct.json +++ b/lemonldap-ng-manager/site/htdocs/static/struct.json @@ -1 +1 @@ -[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"},{"id":"krbAllowedDomains","title":"krbAllowedDomains"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":10,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":10,"id":"ldapIOTimeout","title":"ldapIOTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":1,"id":"displaySessionId","title":"displaySessionId","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":2592000,"id":"stayConnectedTimeout","title":"stayConnectedTimeout","type":"int"},{"default":"llngconnection","id":"stayConnectedCookieName","title":"stayConnectedCookieName"}],"help":"stayconnected.html","id":"stayConnect","title":"stayConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"},{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"help":"portalservers.html","id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetcertificate.html","id":"certificateResetByMailManagement","title":"certificateResetByMailManagement"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"},{"cnodes":"checkUserHiddenHeaders","id":"checkUserHiddenHeaders","title":"checkUserHiddenHeaders","type":"keyTextContainer"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"}],"help":"impersonation.html","id":"impersonation","title":"impersonation","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"default":0,"id":"totp2fDisplayExistingSecret","title":"totp2fDisplayExistingSecret","type":"bool"},{"default":0,"id":"totp2fUserCanChangeKey","title":"totp2fUserCanChangeKey","type":"bool"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"},{"id":"mail2fSessionKey","title":"mail2fSessionKey"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":0,"help":"safejail.html","id":"avoidAssignment","title":"avoidAssignment","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"15, 30, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file +[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"},{"id":"krbAllowedDomains","title":"krbAllowedDomains"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":10,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":10,"id":"ldapIOTimeout","title":"ldapIOTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":1,"id":"displaySessionId","title":"displaySessionId","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":2592000,"id":"stayConnectedTimeout","title":"stayConnectedTimeout","type":"int"},{"default":"llngconnection","id":"stayConnectedCookieName","title":"stayConnectedCookieName"}],"help":"stayconnected.html","id":"stayConnect","title":"stayConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"},{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"help":"portalservers.html","id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetcertificate.html","id":"certificateResetByMailManagement","title":"certificateResetByMailManagement"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"},{"cnodes":"checkUserHiddenHeaders","id":"checkUserHiddenHeaders","title":"checkUserHiddenHeaders","type":"keyTextContainer"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"},{"default":0,"id":"findUser","title":"findUser","type":"bool"},{"cnodes":"findUserSearchingAttributes","id":"findUserSearchingAttributes","title":"findUserSearchingAttributes","type":"keyTextContainer"},{"cnodes":"findUserExcludingAttributes","id":"findUserExcludingAttributes","title":"findUserExcludingAttributes","type":"keyTextContainer"}],"help":"impersonation.html","id":"impersonation","title":"impersonation"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"default":0,"id":"totp2fDisplayExistingSecret","title":"totp2fDisplayExistingSecret","type":"bool"},{"default":0,"id":"totp2fUserCanChangeKey","title":"totp2fUserCanChangeKey","type":"bool"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"},{"id":"mail2fSessionKey","title":"mail2fSessionKey"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":0,"help":"safejail.html","id":"avoidAssignment","title":"avoidAssignment","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"15, 30, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}] \ No newline at end of file diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm index 93082717e..eb7a20d56 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm @@ -155,6 +155,48 @@ sub getUser { return PE_OK; } +sub findUser { + my ( $self, $req, %args ) = @_; + + $self->validateLdap; + return PE_LDAPCONNECTFAILED unless $self->ldap; + + $self->bind(); + + my $mesg = $self->ldap->search( + base => $self->conf->{ldapBase}, + scope => 'sub', + filter => ( + $args{useMail} + ? $self->mailFilter->($req) + : $self->filter->($req) + ), + deref => $self->conf->{ldapSearchDeref} || 'find', + attrs => $self->attrs, + ); + if ( $mesg->code() != 0 ) { + $self->logger->error( + 'LDAP Search error ' . $mesg->code . ": " . $mesg->error ); + return PE_LDAPERROR; + } + if ( $mesg->count() > 1 ) { + $self->logger->error('More than one entry returned by LDAP directory'); + eval { $self->p->_authentication->setSecurity($req) }; + return PE_BADCREDENTIALS; + } + unless ( $req->data->{ldapentry} = $mesg->entry(0) ) { + $self->userLogger->warn( + "$req->{user} was not found in LDAP directory (" + . $req->address + . ")" ); + eval { $self->p->_authentication->setSecurity($req) }; + return PE_BADCREDENTIALS; + } + $req->data->{dn} = $req->data->{ldapentry}->dn(); + + return PE_OK; +} + # Validate LDAP connection before use sub validateLdap { my ($self) = @_; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm index cea18cd2e..4d50e0ef3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm @@ -389,7 +389,7 @@ sub display { REGISTER_URL => $self->conf->{registerUrl}, HIDDEN_INPUTS => $self->buildHiddenForm($req), STAYCONNECTED => $self->conf->{stayConnected}, - SPOOFID => $self->conf->{impersonationRule}, + IMPERSONATION => $self->conf->{impersonationRule}, ( $req->data->{customScript} ? ( CUSTOM_SCRIPT => $req->data->{customScript} ) @@ -479,6 +479,20 @@ sub display { # Display authentication form else { + my $fields = []; + if ( $self->conf->{findUser} + && $self->conf->{findUserSearchingAttributes} ) + { + $login = $req->{findUser}; + $self->logger->debug( + 'Build an array ref with searching fields...'); + @$fields = map { { + key => $_, + value => + $self->conf->{findUserSearchingAttributes}->{$_} + }; + } sort keys %{ $self->conf->{findUserSearchingAttributes} }; + } # Authentication loop if ( $self->conf->{authentication} eq 'Choice' @@ -493,6 +507,9 @@ sub display { DISPLAY_FORM => 0, DISPLAY_OPENID_FORM => 0, DISPLAY_YUBIKEY_FORM => 0, + FIELDS => $fields, + SPOOFID => $req->{findUser}, + FINDUSER => $self->conf->{findUser} && scalar @$fields ); } @@ -523,7 +540,10 @@ sub display { AUTH_LOOP => [], PORTAL_URL => ( $displayType eq "logo" ? $self->conf->{portal} : 0 ), - MSG => $req->info(), + MSG => $req->info(), + FIELDS => $fields, + SPOOFID => $req->{findUser}, + FINDUSER => $self->conf->{findUser} && scalar @$fields ); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm index 82a7fd540..b36d3ca1b 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm @@ -2,7 +2,7 @@ # into "plugins" list in lemonldap-ng.ini, section "portal" package Lemonldap::NG::Portal::Main::Plugins; -our $VERSION = '2.0.10'; +our $VERSION = '2.0.11'; package Lemonldap::NG::Portal::Main; @@ -31,6 +31,7 @@ our @pList = ( impersonationRule => '::Plugins::Impersonation', contextSwitchingRule => '::Plugins::ContextSwitching', decryptValueRule => '::Plugins::DecryptValue', + findUser => '::Plugins::FindUser', adaptativeAuthenticationLevelRules => '::Plugins::AdaptativeAuthenticationLevel', globalLogoutRule => '::Plugins::GlobalLogout', diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm index 95d9b9d1a..d6b2c4111 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm @@ -357,6 +357,12 @@ sub getUser { return $self->_userDB->getUser( $req, %args ); } +sub findUser { + my ( $self, $req, %args ) = @_; + return PE_ERROR unless ( $self->_userDB ); + return $self->_userDB->findUser( $req, %args ); +} + sub authenticate { my ( $self, $req ) = @_; my $ret = $req->authResult( $self->_authentication->authenticate($req) ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm new file mode 100644 index 000000000..100c58d81 --- /dev/null +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm @@ -0,0 +1,46 @@ +package Lemonldap::NG::Portal::Plugins::FindUser; + +use strict; +use Mouse; +use Lemonldap::NG::Portal::Main::Constants qw( + PE_OK + PE_FIRSTACCESS +); + +our $VERSION = '2.0.11'; + +extends 'Lemonldap::NG::Portal::Main::Plugin'; + +# INITIALIZATION +sub init { + my ($self) = @_; + my $imp = grep /::Plugins::Impersonation$/, $self->p->enabledPlugins; + $self->addUnauthRoute( finduser => 'provideUser', ['POST'] ) if $imp; + + return 1; +} + +# RUNNING METHOD +sub provideUser { + my ( $self, $req ) = @_; + $req->steps( ['findUser'] ); + if ( my $error = $self->p->process($req) ) { + $self->logger->debug("Process returned error: $error"); + return $req->error($error); + } + $req->mustRedirect(1); + return $self->p->do( $req, [ sub { PE_FIRSTACCESS } ] ); +} + +sub retreiveFindUserParams { + my ( $self, $req ) = @_; + my @params = (); + $self->logger->debug("FindUser: reading parameters..."); + foreach ( sort keys %{ $self->conf->{findUserSearchingAttributes} } ) { + $self->logger->debug("Pushing $_"); + push @params, { key => $_ , value => $req->params($_)}; + } + return @params; +} + +1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm index fed563424..ee27f3c79 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm @@ -46,6 +46,31 @@ sub getUser { PE_OK; } +sub findUser { + my ( $self, $req, %args ) = @_; + my $table = $self->table; + my $pivot = $args{useMail} ? $self->mailField : $self->pivot; + my $user = $req->{user}; + my $sth; + eval { + $sth = $self->dbh->prepare("SELECT * FROM $table WHERE $pivot=?"); + $sth->execute($user); + }; + if ($@) { + + # If connection isn't available, error is displayed by dbh() + $self->logger->error("DBI error: $@") if ( $self->_dbh ); + eval { $self->p->_authentication->setSecurity($req) }; + return PE_ERROR; + } + unless ( $req->data->{dbientry} = $sth->fetchrow_hashref() ) { + $self->userLogger->warn("User $user not found"); + eval { $self->p->_authentication->setSecurity($req) }; + return PE_BADCREDENTIALS; + } + PE_OK; +} + sub setSessionInfo { my ( $self, $req ) = @_; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm index 33d6fcf2b..7a58c3ec4 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm @@ -69,6 +69,36 @@ sub getUser { PE_BADCREDENTIALS; } +## @apmethod int findUser() +# Search for accounts +# @return Lemonldap::NG::Portal constant +sub findUser { + my ( $self, $req, %args ) = @_; + my $plugin = + $self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"}; + my @params = $plugin->retreiveFindUserParams($req); + my $cond = ''; + + $cond .= '$' . $_->{key} . " eq '$_->{value}' && " foreach (@params); + $cond =~ s/&&\s$//; + $self->logger->debug("Demo UserDB built condition: $cond"); + my @results = map { + my $cn = $demoAccounts{$_}->{cn}; + my $mail = $demoAccounts{$_}->{mail}; + my $uid = $demoAccounts{$_}->{uid}; + eval "($cond)" + ? $_ + : (); + } keys %demoAccounts; + + my $rank = rand( scalar @results ); + $self->logger->debug("Demo UserDB random rank: $rank"); + $req->{findUser} = $results[$rank]; + + eval { $self->p->_authentication->setSecurity($req) }; + PE_OK; +} + ## @apmethod int setSessionInfo() # Get sample data # @return Lemonldap::NG::Portal constant diff --git a/lemonldap-ng-portal/site/templates/bootstrap/finduser.tpl b/lemonldap-ng-portal/site/templates/bootstrap/finduser.tpl new file mode 100644 index 000000000..d091df3e2 --- /dev/null +++ b/lemonldap-ng-portal/site/templates/bootstrap/finduser.tpl @@ -0,0 +1,23 @@ + +
+
+
+ +
+ diff --git a/lemonldap-ng-portal/site/templates/bootstrap/impersonation.tpl b/lemonldap-ng-portal/site/templates/bootstrap/impersonation.tpl index c97831fed..986ef017d 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/impersonation.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/impersonation.tpl @@ -1,8 +1,8 @@ - +
- + " autocomplete="off" trplaceholder="spoofId" aria-required="false"/>
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/login.tpl b/lemonldap-ng-portal/site/templates/bootstrap/login.tpl index ed834e622..9f86b07ab 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/login.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/login.tpl @@ -222,6 +222,8 @@ + +
From 86bbb70b89a2165ecf83018f9f5f4d2d36d70292 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 20 Dec 2020 23:03:53 +0100 Subject: [PATCH 028/357] Skip empty values (#1976) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm index 7a58c3ec4..5383e6c7a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm @@ -78,8 +78,9 @@ sub findUser { $self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"}; my @params = $plugin->retreiveFindUserParams($req); my $cond = ''; - - $cond .= '$' . $_->{key} . " eq '$_->{value}' && " foreach (@params); + foreach (@params) { + $cond .= '$' . $_->{key} . " eq '$_->{value}' && " if $_->{value}; + } $cond =~ s/&&\s$//; $self->logger->debug("Demo UserDB built condition: $cond"); my @results = map { @@ -92,6 +93,8 @@ sub findUser { } keys %demoAccounts; my $rank = rand( scalar @results ); + $self->logger->debug( + 'Demo UserDB number of result(s): ' . scalar @results ); $self->logger->debug("Demo UserDB random rank: $rank"); $req->{findUser} = $results[$rank]; From a259566eb1cc3d47643748336138ab5bad401eb9 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 20 Dec 2020 23:44:26 +0100 Subject: [PATCH 029/357] Excluding parameters (#1976) --- .../lib/Lemonldap/NG/Portal/Plugins/FindUser.pm | 15 ++++++++++----- .../lib/Lemonldap/NG/Portal/UserDB/Demo.pm | 12 ++++++++---- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm index 100c58d81..50c3c6a1e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm @@ -33,14 +33,19 @@ sub provideUser { } sub retreiveFindUserParams { - my ( $self, $req ) = @_; - my @params = (); + my ( $self, $req ) = @_; + my ( $params, $excludedParams ) = ( [], [] ); $self->logger->debug("FindUser: reading parameters..."); foreach ( sort keys %{ $self->conf->{findUserSearchingAttributes} } ) { - $self->logger->debug("Pushing $_"); - push @params, { key => $_ , value => $req->params($_)}; + $self->logger->debug("Pushing param $_"); + push @$params, { key => $_, value => $req->params($_) }; } - return @params; + $self->logger->debug("FindUser: reading excluding parameters..."); + foreach ( sort keys %{ $self->conf->{findUserExcludingAttributes} } ) { + $self->logger->debug("Pushing excluded param $_"); + push @$excludedParams, { key => $_, value => $_->{value} }; + } + return [ $params, $excludedParams ]; } 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm index 5383e6c7a..30dd54e9a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm @@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADCREDENTIALS); extends 'Lemonldap::NG::Common::Module'; -our $VERSION = '2.0.9'; +our $VERSION = '2.0.11'; # Sample accounts from Doctor Who characters our %demoAccounts = ( @@ -76,12 +76,16 @@ sub findUser { my ( $self, $req, %args ) = @_; my $plugin = $self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"}; - my @params = $plugin->retreiveFindUserParams($req); - my $cond = ''; - foreach (@params) { + my ( $searching, $excluding ) = $plugin->retreiveFindUserParams($req); + my $cond = ''; + foreach (@$searching) { $cond .= '$' . $_->{key} . " eq '$_->{value}' && " if $_->{value}; } + foreach (@$excluding) { + $cond .= '$' . $_->{key} . " ne '$_->{value}' && " if $_->{value}; + } $cond =~ s/&&\s$//; + $self->logger->debug("Demo UserDB built condition: $cond"); my @results = map { my $cn = $demoAccounts{$_}->{cn}; From e05a167937853697e74f90af8e961f11773a5026 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Mon, 21 Dec 2020 11:04:12 +0100 Subject: [PATCH 030/357] Handle missing nameid (#2420) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm index 027e44219..62c7d9ee3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm @@ -297,9 +297,13 @@ sub extractFormInfo { } # Get NameID - my $nameid = $login->nameIdentifier; - my $nameid_content = $nameid->content; + my $nameid = $login->nameIdentifier; + unless ($nameid) { + $self->userLogger->error("No NameID element found"); + return PE_SAML_SSO_ERROR; + } + my $nameid_content = $nameid->content; unless ($nameid_content) { $self->userLogger->error("No NameID value found"); return PE_SAML_SSO_ERROR; From deed0c58b397c60f15a84368635e8186e4eda234 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Wed, 16 Dec 2020 16:13:45 +0100 Subject: [PATCH 031/357] Create lemonldap-ng-selinux package (#2401) --- rpm/lemonldap-ng.spec | 70 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/rpm/lemonldap-ng.spec b/rpm/lemonldap-ng.spec index 17d14ad47..a3eab6c91 100644 --- a/rpm/lemonldap-ng.spec +++ b/rpm/lemonldap-ng.spec @@ -23,6 +23,11 @@ %global lm_dnsdomain example.com +# SELinux +%global with_selinux 1 +%global modulename lemonldap-ng +%global selinuxtype targeted + #global pre_release beta1 #============================================================================== @@ -194,6 +199,14 @@ Requires: lemonldap-ng-manager = %{version}-%{release} Requires: lemonldap-ng-portal = %{version}-%{release} Requires: lemonldap-ng-test = %{version}-%{release} +%if 0%{?with_selinux} && 0%{?fedora}%{?el8} +# ! Not available in Centos7, you need to install lemonldap-ng-selinux manually +# This ensures that the *-selinux package and all it’s dependencies are not pulled +# into containers and other systems that do not use SELinux +Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) +%endif + + # Setup requires filtering %{?perl_default_filter} %{?el7:%global __requires_exclude perl\\(Lasso|perl\\(Web::ID|perl\\(Sentry::Raven} @@ -355,6 +368,22 @@ Summary: LemonLDAP-NG Portal Modules %description -n perl-Lemonldap-NG-Portal This package installs the authentication portal. +#============================================================================== +# SELinux policy package +#============================================================================== +%if 0%{?with_selinux} +%package selinux +Summary: LemonLDAP-NG SELinux policy +BuildArch: noarch +Requires: selinux-policy-%{selinuxtype} +Requires(post): selinux-policy-%{selinuxtype} +BuildRequires: selinux-policy-devel +%{?selinux_requires} + +%description selinux +Custom SELinux policy module +%endif + #============================================================================== # Source preparation #============================================================================== @@ -373,6 +402,17 @@ make %{?_smp_mflags} configure \ PERLOPTIONS="INSTALLDIRS=vendor" make %{?_smp_mflags} +%if 0%{?with_selinux} +# SELinux policy (originally from selinux-policy-contrib) +# this policy module will override the production module +mkdir selinux +cp -p rpm/lemonldap-ng.fc selinux/ +cp -p rpm/lemonldap-ng.te selinux/ + +make -f %{_datadir}/selinux/devel/Makefile %{modulename}.pp +bzip2 -9 %{modulename}.pp +%endif + #============================================================================== # Installation #============================================================================ @@ -500,6 +540,11 @@ sed -i -e '1i#!/usr/bin/plackup' \ %{buildroot}/usr/share/lemonldap-ng/examples/llngapp.psgi chmod 644 %{buildroot}/usr/share/lemonldap-ng/test/cas.php +# Install SELinux policy +%if 0%{?with_selinux} +install -D -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 +%endif + #============================================================================== # Run test #============================================================================== @@ -553,6 +598,25 @@ fi %postun fastcgi-server %systemd_postun_with_restart llng-fastcgi-server.service +%if 0%{?with_selinux} +# SELinux contexts are saved so that only affected files can be +# relabeled after the policy module installation +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{modulename} +fi + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} +# if with_selinux +%endif + %files %files conf @@ -670,6 +734,12 @@ fi %{perl_vendorlib}/Lemonldap/NG/Portal.pm %{perl_vendorlib}/Lemonldap/NG/Portal/ +%if 0%{?with_selinux} +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.* +%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} +%endif + #============================================================================== # Changelog #============================================================================== From 8eec53f8b8296391e38be86a00fe940999a7df4d Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Wed, 16 Dec 2020 16:14:14 +0100 Subject: [PATCH 032/357] Initial SELinux policy for cache files (#2401) --- rpm/lemonldap-ng.fc | 1 + rpm/lemonldap-ng.te | 1 + 2 files changed, 2 insertions(+) create mode 100644 rpm/lemonldap-ng.fc create mode 100644 rpm/lemonldap-ng.te diff --git a/rpm/lemonldap-ng.fc b/rpm/lemonldap-ng.fc new file mode 100644 index 000000000..db6f41b26 --- /dev/null +++ b/rpm/lemonldap-ng.fc @@ -0,0 +1 @@ +/var/cache/lemonldap-ng(/.*)? system_u:object_r:httpd_cache_t:s0 diff --git a/rpm/lemonldap-ng.te b/rpm/lemonldap-ng.te new file mode 100644 index 000000000..8c121ec41 --- /dev/null +++ b/rpm/lemonldap-ng.te @@ -0,0 +1 @@ +policy_module(lemonldap-ng,1.0) From cbb800cdba2ce039e08a99f0e032236392dde146 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Wed, 16 Dec 2020 16:25:50 +0100 Subject: [PATCH 033/357] Documentation for SELinux package (#2401) --- doc/sources/admin/installrpm.rst | 4 ++++ doc/sources/admin/quickstart.rst | 2 ++ doc/sources/admin/selinux.rst | 16 ++++++++++++++++ doc/sources/admin/upgrade_2_0_x.rst | 1 + 4 files changed, 23 insertions(+) diff --git a/doc/sources/admin/installrpm.rst b/doc/sources/admin/installrpm.rst index 6ab7ed00d..8499c42bb 100644 --- a/doc/sources/admin/installrpm.rst +++ b/doc/sources/admin/installrpm.rst @@ -25,6 +25,7 @@ LemonLDAP::NG provides packages for Red Hat/Centos 7: - lemonldap-ng-fastcgi-server: FastCGI server needed to use Nginx - lemonldap-ng-nginx: contains Nginx configuration and dependencies - lemonldap-ng-uwsgi-app: contains Uwsgi application +- lemonldap-ng-selinux: contains the SELinux policy for httpd - perl-Lemonldap-NG-Common: CPAN - Shared modules - perl-Lemonldap-NG-Handler: CPAN - Handler modules - perl-Lemonldap-NG-Manager: CPAN - Manager modules @@ -124,6 +125,9 @@ If the packages are stored in a yum repository: yum install lemonldap-ng + # If you use SELinux + yum install lemonldap-ng-selinux + You can also use yum on local RPMs file: :: diff --git a/doc/sources/admin/quickstart.rst b/doc/sources/admin/quickstart.rst index 67161de03..554a5b6f5 100644 --- a/doc/sources/admin/quickstart.rst +++ b/doc/sources/admin/quickstart.rst @@ -42,6 +42,8 @@ CentOS / RHEL yum update yum install epel-release yum install lemonldap-ng + # If you use SELinux + yum install lemonldap-ng-selinux SSO domain configuration ------------------------ diff --git a/doc/sources/admin/selinux.rst b/doc/sources/admin/selinux.rst index e1bc17a70..a5bab68c0 100644 --- a/doc/sources/admin/selinux.rst +++ b/doc/sources/admin/selinux.rst @@ -4,11 +4,27 @@ SELinux To make LemonLDAP::NG work with SELinux, you may need to set up some options. +SELinux policy package +---------------------- + +If you are using a RPM distribution and Apache as the web server, you need to +install the ``lemonldap-ng-selinux`` package to configure SELinux context correctly :: + + yum install lemonldap-ng-selinux + +.. note:: + On CentOS 8 and Fedora, this is done automatically + +This package will not configure SELinux booleans, please read the next sections to see which booleans you need to enable manually + Disk cache (sessions an configuration) -------------------------------------- You need to set the correct context on the cache directory +.. deprecated:: 2.0.10 + this is now done by the ``lemonldap-ng-selinux`` package + :: semanage fcontext --add -t httpd_cache_t -f a '/var/cache/lemonldap-ng(/.*)?' diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst index d48f24a5a..56e3652f9 100644 --- a/doc/sources/admin/upgrade_2_0_x.rst +++ b/doc/sources/admin/upgrade_2_0_x.rst @@ -23,6 +23,7 @@ backups and a rollback plan ready! - New dependency: IO::Socket::Timeout - TOTP check tolerates forward AND backward clock drift (totp2fRange) - Avoid assignment in expressions option is disabled by default +- RHEL/CentOS SELinux users should install the new ``lemonldap-ng-selinux`` package to fix `an issue with the new default cache directory `__ 2.0.9 ----- From fc16426ca9c8affc9db2cd6d47e105a5b9344f73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Mon, 21 Dec 2020 16:46:03 +0100 Subject: [PATCH 034/357] Add alt attribute to images (#2422) --- .../site/templates/common/mail_certificateConfirm.tpl | 2 +- lemonldap-ng-portal/site/templates/common/mail_confirm.tpl | 2 +- lemonldap-ng-portal/site/templates/common/mail_header.tpl | 2 +- lemonldap-ng-portal/site/templates/common/mail_password.tpl | 2 +- .../site/templates/common/mail_register_confirm.tpl | 2 +- .../site/templates/common/mail_register_done.tpl | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lemonldap-ng-portal/site/templates/common/mail_certificateConfirm.tpl b/lemonldap-ng-portal/site/templates/common/mail_certificateConfirm.tpl index b2d65cbd8..871cf16a0 100644 --- a/lemonldap-ng-portal/site/templates/common/mail_certificateConfirm.tpl +++ b/lemonldap-ng-portal/site/templates/common/mail_certificateConfirm.tpl @@ -3,7 +3,7 @@

Hello $cn,

- +go Click here to reset your certificate diff --git a/lemonldap-ng-portal/site/templates/common/mail_confirm.tpl b/lemonldap-ng-portal/site/templates/common/mail_confirm.tpl index 69a9872d1..85a56b30a 100644 --- a/lemonldap-ng-portal/site/templates/common/mail_confirm.tpl +++ b/lemonldap-ng-portal/site/templates/common/mail_confirm.tpl @@ -3,7 +3,7 @@

Hello $cn,

- +go Click here to reset your password diff --git a/lemonldap-ng-portal/site/templates/common/mail_header.tpl b/lemonldap-ng-portal/site/templates/common/mail_header.tpl index 3ad407b26..db5fe995e 100644 --- a/lemonldap-ng-portal/site/templates/common/mail_header.tpl +++ b/lemonldap-ng-portal/site/templates/common/mail_header.tpl @@ -3,6 +3,6 @@

- +
diff --git a/lemonldap-ng-portal/site/templates/common/mail_password.tpl b/lemonldap-ng-portal/site/templates/common/mail_password.tpl index ff94054f1..19f7b3932 100644 --- a/lemonldap-ng-portal/site/templates/common/mail_password.tpl +++ b/lemonldap-ng-portal/site/templates/common/mail_password.tpl @@ -5,7 +5,7 @@
Your new password is - +key $password Your password has been successfully changed! diff --git a/lemonldap-ng-portal/site/templates/common/mail_register_confirm.tpl b/lemonldap-ng-portal/site/templates/common/mail_register_confirm.tpl index eaa41d1b1..1a7fdb14a 100644 --- a/lemonldap-ng-portal/site/templates/common/mail_register_confirm.tpl +++ b/lemonldap-ng-portal/site/templates/common/mail_register_confirm.tpl @@ -3,7 +3,7 @@

Hello $firstname $lastname,

- +go Click here to confirm your account registration diff --git a/lemonldap-ng-portal/site/templates/common/mail_register_done.tpl b/lemonldap-ng-portal/site/templates/common/mail_register_done.tpl index cca48225e..5b9326cf8 100644 --- a/lemonldap-ng-portal/site/templates/common/mail_register_done.tpl +++ b/lemonldap-ng-portal/site/templates/common/mail_register_done.tpl @@ -7,11 +7,11 @@

Your login is - +go $login
Your password is - +key $password

Click here to access to portal

From b501d528b975dfc00e0247e49fed7cc12d082b69 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Mon, 21 Dec 2020 17:56:01 +0100 Subject: [PATCH 035/357] Fix manager api url in docs (#2348) --- doc/pages/manager-api/index.html | 82 +++++++++++------------ doc/sources/manager-api/openapi-spec.yaml | 2 +- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/doc/pages/manager-api/index.html b/doc/pages/manager-api/index.html index ea1a30646..6ea1cf7b1 100644 --- a/doc/pages/manager-api/index.html +++ b/doc/pages/manager-api/index.html @@ -1472,7 +1472,7 @@
- 
curl -X POST "/api/v1/api/v1/providers/cas/app"
+ 
curl -X POST "https://manager-api.example.com/api/v1/providers/cas/app"
import io.swagger.client.*;
@@ -1828,7 +1828,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X DELETE "/api/v1/api/v1/providers/cas/app/{confKey}"

+                            
curl -X DELETE "https://manager-api.example.com/api/v1/providers/cas/app/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -2169,7 +2169,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/cas/app/findByConfKey?pattern="

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/cas/app/findByConfKey?pattern="

                           

                           

                             
import io.swagger.client.*;
@@ -2515,7 +2515,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/cas/app/findByServiceUrl?serviceUrl="

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/cas/app/findByServiceUrl?serviceUrl="

                           

                           

                             
import io.swagger.client.*;
@@ -2905,7 +2905,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/cas/app/{confKey}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/cas/app/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -3295,7 +3295,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PUT "/api/v1/api/v1/providers/cas/app/{confKey}"

+                            
curl -X PUT "https://manager-api.example.com/api/v1/providers/cas/app/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -3736,7 +3736,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PATCH "/api/v1/api/v1/providers/cas/app/{confKey}"

+                            
curl -X PATCH "https://manager-api.example.com/api/v1/providers/cas/app/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -4180,7 +4180,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X DELETE "/api/v1/api/v1/secondFactor/{uid}"

+                            
curl -X DELETE "https://manager-api.example.com/api/v1/secondFactor/{uid}"

                           

                           

                             
import io.swagger.client.*;
@@ -4470,7 +4470,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X DELETE "/api/v1/api/v1/secondFactor/{uid}/id/{id}"

+                            
curl -X DELETE "https://manager-api.example.com/api/v1/secondFactor/{uid}/id/{id}"

                           

                           

                             
import io.swagger.client.*;
@@ -4788,7 +4788,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X DELETE "/api/v1/api/v1/secondFactor/{uid}/type/{type}"

+                            
curl -X DELETE "https://manager-api.example.com/api/v1/secondFactor/{uid}/type/{type}"

                           

                           

                             
import io.swagger.client.*;
@@ -5106,7 +5106,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/secondFactor/{uid}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/secondFactor/{uid}"

                           

                           

                             
import io.swagger.client.*;
@@ -5445,7 +5445,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/secondFactor/{uid}/id/{id}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/secondFactor/{uid}/id/{id}"

                           

                           

                             
import io.swagger.client.*;
@@ -5812,7 +5812,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/secondFactor/{uid}/type/{type}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/secondFactor/{uid}/type/{type}"

                           

                           

                             
import io.swagger.client.*;
@@ -6182,7 +6182,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/status"

+                            
curl -X GET "https://manager-api.example.com/api/v1/status"

                           

                           

                             
import io.swagger.client.*;
@@ -6489,7 +6489,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X POST "/api/v1/api/v1/menu/app/{cat}"

+                            
curl -X POST "https://manager-api.example.com/api/v1/menu/app/{cat}"

                           

                           

                             
import io.swagger.client.*;
@@ -6931,7 +6931,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X DELETE "/api/v1/api/v1/menu/app/{cat}/{confKey}"

+                            
curl -X DELETE "https://manager-api.example.com/api/v1/menu/app/{cat}/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -7303,7 +7303,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/menu/app/{cat}/findByConfKey?pattern="

+                            
curl -X GET "https://manager-api.example.com/api/v1/menu/app/{cat}/findByConfKey?pattern="

                           

                           

                             
import io.swagger.client.*;
@@ -7687,7 +7687,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/menu/app/{cat}/{confKey}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/menu/app/{cat}/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -8108,7 +8108,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/menu/app/{cat}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/menu/app/{cat}"

                           

                           

                             
import io.swagger.client.*;
@@ -8502,7 +8502,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PUT "/api/v1/api/v1/menu/app/{cat}/{confKey}"

+                            
curl -X PUT "https://manager-api.example.com/api/v1/menu/app/{cat}/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -8974,7 +8974,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PATCH "/api/v1/api/v1/menu/app/{cat}/{confKey}"

+                            
curl -X PATCH "https://manager-api.example.com/api/v1/menu/app/{cat}/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -9449,7 +9449,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X POST "/api/v1/api/v1/menu/cat"

+                            
curl -X POST "https://manager-api.example.com/api/v1/menu/cat"

                           

                           

                             
import io.swagger.client.*;
@@ -9805,7 +9805,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X DELETE "/api/v1/api/v1/menu/cat/{confKey}"

+                            
curl -X DELETE "https://manager-api.example.com/api/v1/menu/cat/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -10146,7 +10146,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/menu/cat/findByConfKey?pattern="

+                            
curl -X GET "https://manager-api.example.com/api/v1/menu/cat/findByConfKey?pattern="

                           

                           

                             
import io.swagger.client.*;
@@ -10492,7 +10492,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/menu/cat/{confKey}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/menu/cat/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -10882,7 +10882,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PUT "/api/v1/api/v1/menu/cat/{confKey}"

+                            
curl -X PUT "https://manager-api.example.com/api/v1/menu/cat/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -11323,7 +11323,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PATCH "/api/v1/api/v1/menu/cat/{confKey}"

+                            
curl -X PATCH "https://manager-api.example.com/api/v1/menu/cat/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -11767,7 +11767,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X POST "/api/v1/api/v1/providers/oidc/rp"

+                            
curl -X POST "https://manager-api.example.com/api/v1/providers/oidc/rp"

                           

                           

                             
import io.swagger.client.*;
@@ -12123,7 +12123,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X DELETE "/api/v1/api/v1/providers/oidc/rp/{confKey}"

+                            
curl -X DELETE "https://manager-api.example.com/api/v1/providers/oidc/rp/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -12464,7 +12464,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/oidc/rp/findByClientId?clientId="

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/oidc/rp/findByClientId?clientId="

                           

                           

                             
import io.swagger.client.*;
@@ -12854,7 +12854,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/oidc/rp/findByConfKey?pattern="

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/oidc/rp/findByConfKey?pattern="

                           

                           

                             
import io.swagger.client.*;
@@ -13200,7 +13200,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/oidc/rp/{confKey}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/oidc/rp/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -13590,7 +13590,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PUT "/api/v1/api/v1/providers/oidc/rp/{confKey}"

+                            
curl -X PUT "https://manager-api.example.com/api/v1/providers/oidc/rp/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -14031,7 +14031,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PATCH "/api/v1/api/v1/providers/oidc/rp/{confKey}"

+                            
curl -X PATCH "https://manager-api.example.com/api/v1/providers/oidc/rp/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -14475,7 +14475,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X POST "/api/v1/api/v1/providers/saml/sp"

+                            
curl -X POST "https://manager-api.example.com/api/v1/providers/saml/sp"

                           

                           

                             
import io.swagger.client.*;
@@ -14831,7 +14831,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X DELETE "/api/v1/api/v1/providers/saml/sp/{confKey}"

+                            
curl -X DELETE "https://manager-api.example.com/api/v1/providers/saml/sp/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -15172,7 +15172,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/saml/sp/findByConfKey?pattern="

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/saml/sp/findByConfKey?pattern="

                           

                           

                             
import io.swagger.client.*;
@@ -15518,7 +15518,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/saml/sp/findByEntityId?entityId="

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/saml/sp/findByEntityId?entityId="

                           

                           

                             
import io.swagger.client.*;
@@ -15908,7 +15908,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X GET "/api/v1/api/v1/providers/saml/sp/{confKey}"

+                            
curl -X GET "https://manager-api.example.com/api/v1/providers/saml/sp/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -16298,7 +16298,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PUT "/api/v1/api/v1/providers/saml/sp/{confKey}"

+                            
curl -X PUT "https://manager-api.example.com/api/v1/providers/saml/sp/{confKey}"

                           

                           

                             
import io.swagger.client.*;
@@ -16739,7 +16739,7 @@ except ApiException as e:
 
                         

                           

-                            
curl -X PATCH "/api/v1/api/v1/providers/saml/sp/{confKey}"

+                            
curl -X PATCH "https://manager-api.example.com/api/v1/providers/saml/sp/{confKey}"

                           

                           

                             
import io.swagger.client.*;
diff --git a/doc/sources/manager-api/openapi-spec.yaml b/doc/sources/manager-api/openapi-spec.yaml
index 7ac4f530e..369bf8b33 100644
--- a/doc/sources/manager-api/openapi-spec.yaml
+++ b/doc/sources/manager-api/openapi-spec.yaml
@@ -4,7 +4,7 @@ info:
   description: The Manager API allows an administrator to modify the LemonLDAP::NG configuration programmatically. It is not meant to be accessed by end users. The client libraries mentionned in examples can be generated from doc/sources/manager-api/openapi-spec.yaml
   version: 2.0.9
 servers:
-  - url: /api/v1
+  - url: https://manager-api.example.com
 tags:
 - name: samlsp
   description: SAML Service Providers

From 3a55051ce0719f003cd8fea74d0bac2d1d7f8ee6 Mon Sep 17 00:00:00 2001
From: Alexandre KARIM 
Date: Mon, 21 Dec 2020 20:07:55 +0100
Subject: [PATCH 036/357] V2.0

---
 doc/sources/admin/contribute.rst              | 25 +++++++++++--------
 doc/sources/admin/presentation.rst            |  9 ++++---
 doc/sources/admin/writingrulesand_headers.rst |  2 +-
 .../t/01-Lemonldap-NG-Handler-Main.t          |  2 +-
 4 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/doc/sources/admin/contribute.rst b/doc/sources/admin/contribute.rst
index 78d916b6c..064713184 100644
--- a/doc/sources/admin/contribute.rst
+++ b/doc/sources/admin/contribute.rst
@@ -37,14 +37,14 @@ Go to your gitlab account : https://gitlab.ow2.org/profile/keys
 
    cat ~/.ssh/id_rsa.pub
 
-copy id_rsa.pub content to key section and enter a name into "Title"
-tans "Add key" button Test ssh connexion :
+Copy id_rsa.pub content to key section and enter a name into "Title" and click "Add key" button. 
+Test ssh connexion :
 
 ::
 
    ssh -T git@gitlab.com
 
-accept messages
+Accept messages
 
 Install basic tools
 -------------------
@@ -52,13 +52,13 @@ Install basic tools
 Debian
 ^^^^^^
 
-*root :*
+As *root :*
 
 ::
 
    apt install aptitude
    aptitude install vim make devscripts yui-compressor git git-gui libjs-uglify coffeescript cpanminus autopkgtest pkg-perl-autopkgtest
-   aptitude install libauth-yubikey-webclient-perl libnet-smtp-server-perl
+   aptitude install libauth-yubikey-webclient-perl libnet-smtp-server-perl libtime-fake-perl libtest-output-perl libtest-pod-perl libtest-leaktrace-perl
 
    cpanm Authen::U2F Authen::U2F::Tester Crypt::U2F::Server::Simple
 
@@ -71,7 +71,7 @@ Debian
 Configure Git
 ^^^^^^^^^^^^^
 
-*user :*
+As *user :*
 
 ::
 
@@ -85,7 +85,7 @@ Configure Git
 Import Project and using Git
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-*user :* create directory in directory :
+As *user*, create directory in directory:
 
 ::
 
@@ -98,7 +98,7 @@ Import Project and using Git
    git checkout v2.0 # to change branch
    git fetch upstream
 
-*import version branch* *on linux station :*
+Import version branch on linux station:
 
 ::
 
@@ -106,8 +106,7 @@ Import Project and using Git
    git fetch upstream
    git rebase upstream/v2.0 # to align to parent project remote branch
 
-*on gitlab, create working branch, one per thematic* *on linux station
-:*
+On gitlab, create working branch, one per thematic on linux station:
 
 ::
 
@@ -141,6 +140,12 @@ For SAML:
 Working Project
 ---------------
 
+Configure hosts file
+^^^^^^^^^^^^^^^^^^^^
+::
+
+     echo '127.0.0.1       auth.example.com manager.example.com test1.example.com test2.example.com' >> /etc/hosts
+
 Unit tests
 ^^^^^^^^^^
 
diff --git a/doc/sources/admin/presentation.rst b/doc/sources/admin/presentation.rst
index d1d9a0d7f..80f878ca0 100644
--- a/doc/sources/admin/presentation.rst
+++ b/doc/sources/admin/presentation.rst
@@ -26,7 +26,7 @@ Main components
    `CAS `__).
    Futhermore, Portal affordes many other features (see
    :doc:`portal` for more)
--  **Handler**: used to protect applications which can read HTTP headers
+-  :doc:`Handler`: used to protect applications which can read HTTP headers
    or environment variables to get user information
 
 Databases
@@ -36,7 +36,7 @@ Databases
 .. attention::
 
     We call "database" a backend where we can read or write a data.
-    This can be a file, an LDAP directory, ...
+    This can be a file, an LDAP directory, etc.
 
 We split databases in two categories:
 
@@ -130,12 +130,13 @@ Session expiration
 ~~~~~~~~~~~~~~~~~~
 
 The session expires after 20 hours by default.
+This duration can be set in the manager's Configuration tab (General Parameters > Sessions > Sessions Timeout).
 
 .. attention::
 
     -  Handlers have a session cache, with a default lifetime of 10 minutes.
-       So for Handlers on different physical servers than the Portal, a user
-       with an expired session can still be authorized till the cache
+       So for Handlers located on different physical servers than the Portal, a user
+       with an expired session can still be authorized until the cache
        expires.
     -  Sessions are deleted by a scheduled task. Don't forget to install
        cron files !
diff --git a/doc/sources/admin/writingrulesand_headers.rst b/doc/sources/admin/writingrulesand_headers.rst
index 4b1ff8c17..f1b7af388 100644
--- a/doc/sources/admin/writingrulesand_headers.rst
+++ b/doc/sources/admin/writingrulesand_headers.rst
@@ -1,7 +1,7 @@
 Writing rules and headers
 =========================
 
-Lemonldap::NG manage applications by their hostname (Apache's
+Lemonldap::NG manages applications by their hostname (Apache's
 virtualHosts). Rules are used to protect applications, headers are HTTP
 headers added to the request to give datas to the application (for logs,
 profiles,...).
diff --git a/lemonldap-ng-handler/t/01-Lemonldap-NG-Handler-Main.t b/lemonldap-ng-handler/t/01-Lemonldap-NG-Handler-Main.t
index 5ece1a328..44e8eb27f 100644
--- a/lemonldap-ng-handler/t/01-Lemonldap-NG-Handler-Main.t
+++ b/lemonldap-ng-handler/t/01-Lemonldap-NG-Handler-Main.t
@@ -14,7 +14,7 @@ use lib dirname( abs_path $0 );
 #########################
 
 # Insert your test code below, the Test::More module is used here so read
-# its man page ( perldoc Test::More ) for help writing this test script.
+# its man page (perldoc Test::More) for help writing this test script.
 my $h;
 $h = 'Lemonldap::NG::Handler::Test';
 $ENV{SERVER_NAME} = "test1.example.com";

From b0df4a0f5cd788550f403287645f549ce9ca222b Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Mon, 21 Dec 2020 20:22:35 +0100
Subject: [PATCH 037/357] Append unit tests dependency

---
 debian/control | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/control b/debian/control
index b7848cde6..dafac2443 100644
--- a/debian/control
+++ b/debian/control
@@ -52,6 +52,7 @@ Build-Depends-Indep: libapache-session-perl ,
                      libxml-libxml-perl ,
                      libxml-libxslt-perl ,
                      libxml-simple-perl ,
+                     libtest-leaktrace-perl ,
                      python3-sphinx,
                      python3-sphinx-bootstrap-theme,
                      perl

From ec0c8214f78b88aeaef4fc58ba2ff99c72a0e9e1 Mon Sep 17 00:00:00 2001
From: Maxime Besson 
Date: Mon, 21 Dec 2020 21:27:08 +0100
Subject: [PATCH 038/357] Add a mass-delete feature to lemonldap-ng-sessions
 (#2351)

---
 .../lib/Lemonldap/NG/Common/CliSessions.pm           | 12 +++++++++++-
 lemonldap-ng-common/scripts/lemonldap-ng-sessions    |  2 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm
index 01f4234f4..347e2eefc 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm
@@ -166,9 +166,19 @@ sub _get_one_data {
 sub delete {
     my ($self) = shift;
     my $result = 0;
+    my @sessions;
+
+    # Run search if a where option was provided
+    if ( $self->opts->{where} ) {
+        my $res = $self->_search();
+        @sessions = keys %{$res};
+    }
+    else {
+        @sessions = @_;
+    }
 
     my @result;
-    for my $id (@_) {
+    for my $id (@sessions) {
         my $as = $self->_get_one_session($id);
         if ($as) {
             unless ( $as->remove ) {
diff --git a/lemonldap-ng-common/scripts/lemonldap-ng-sessions b/lemonldap-ng-common/scripts/lemonldap-ng-sessions
index a950d358c..bca94b0a3 100755
--- a/lemonldap-ng-common/scripts/lemonldap-ng-sessions
+++ b/lemonldap-ng-common/scripts/lemonldap-ng-sessions
@@ -48,7 +48,7 @@ if ( $action eq "get" ) {
     }
 }
 if ( $action eq "delete" ) {
-    unless ( @ARGV >= 1 ) {
+    unless ( @ARGV >= 1 or $opts->{where} ) {
         pod2usage(
             -exitval  => 1,
             -verbose  => 99,

From 48b96dbaae740f39cff180bbbcbcfaa23720f60c Mon Sep 17 00:00:00 2001
From: Maxime Besson 
Date: Mon, 21 Dec 2020 21:28:01 +0100
Subject: [PATCH 039/357] Documentation for #2351

---
 doc/sources/admin/cli_examples.rst            | 10 +++++++
 doc/sources/admin/sessions.rst                |  4 +++
 .../scripts/lemonldap-ng-sessions             | 29 ++++++++++++-------
 3 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/doc/sources/admin/cli_examples.rst b/doc/sources/admin/cli_examples.rst
index eb36b2838..aa124dd0a 100644
--- a/doc/sources/admin/cli_examples.rst
+++ b/doc/sources/admin/cli_examples.rst
@@ -468,6 +468,7 @@ To update the master encryption key:
            key 'xxxxxxxxxxxxxxx'
 
 
+.. _cli-sessions:
 
 Sessions Management
 -------------------
@@ -491,6 +492,15 @@ Modify session ::
    lemonldap-ng-sessions setKey 9684dd2a6489bf2be2fbdd799a8028e3 \
       authenticationLevel 1
 
+
+.. versionadded:: 2.0.10
+   Delete all sessions by username
+
+::
+
+   lemonldap-ng-sessions delete --where uid=dwho
+
+
 Second Factors management
 -------------------------
 
diff --git a/doc/sources/admin/sessions.rst b/doc/sources/admin/sessions.rst
index 840903b45..5109625ee 100644
--- a/doc/sources/admin/sessions.rst
+++ b/doc/sources/admin/sessions.rst
@@ -68,6 +68,10 @@ To configure sessions, go in Manager, ``General Parameters`` »
 Command-line tools
 ==================
 
+.. versionadded:: 2.0.9
+
+You can use the ``lemonldap-ng-sessions`` tool to search, update or delete sessions. See a few examples in :ref:`the examples page `
+
 -  LLNG Portal provides a simple tool to delete a session:
    ``llngDeleteSession``. To use it, simply give it the user identifier
    *(wildcard are authorizated)*:
diff --git a/lemonldap-ng-common/scripts/lemonldap-ng-sessions b/lemonldap-ng-common/scripts/lemonldap-ng-sessions
index bca94b0a3..3be01a9b8 100755
--- a/lemonldap-ng-common/scripts/lemonldap-ng-sessions
+++ b/lemonldap-ng-common/scripts/lemonldap-ng-sessions
@@ -125,7 +125,7 @@ Options:
 	--select 	Select which fields to print
 	--backend	Specify session backend
 	--persistent	Search in persistent sessions
-	--where		Set search filter (search only)
+	--where		Set search filter (search/delete only)
 	--id-only	Only return IDs (search only)
 
 
@@ -133,14 +133,14 @@ Options:
 
 =head2 Get
 
-lemonldap-ng-sessions get  [ ...]
+    lemonldap-ng-sessions get  [ ...]
 
 This command lets you read the content of a session.
 
 You must pass one or several session IDs as parameters.
 
 
-Exemples
+Examples
 
 	lemonldap-ng-sessions get 9684dd2a6489bf2be2fbdd799a8028e3
 
@@ -148,7 +148,7 @@ Exemples
 
 =head2 Search
 
-lemonldap-ng-sessions search []
+    lemonldap-ng-sessions search []
 
 This command lets you search for sessions.
 
@@ -172,21 +172,28 @@ Examples
 
 =head2 Delete
 
-lemonldap-ng-sessions delete  [ ...]
+    lemonldap-ng-sessions delete  [ ...]
+    lemonldap-ng-sessions delete --where 
 
-This command lets you delete a session.
+This command lets you delete sessions.
 
 You may give it one or several session IDs to remove.
 
-Exemples:
+Examples:
 	
 	lemonldap-ng-sessions delete 9684dd2a6489bf2be2fbdd799a8028e3
 
 	lemonldap-ng-sessions delete --persistent dwho
 
+Or you can give it a search expression.
+
+Examples:
+
+	lemonldap-ng-sessions delete --where uid=dwho
+
 =head2 Set Key
 
-lemonldap-ng-sessions setKey    [  ...]
+    lemonldap-ng-sessions setKey    [  ...]
 
 This command allows you to modify one or several keys from an existing session.
 
@@ -198,7 +205,7 @@ Examples:
 
 =head2 Delete Key
 
-lemonldap-ng-sessions delKey   [ ...]
+    lemonldap-ng-sessions delKey   [ ...]
 
 This command lets you remove a key from an existing session.
 
@@ -212,7 +219,7 @@ Examples:
 
 =head2 Second Factors
 
-lemonldap-ng-sessions secondfactors   [ ... ]
+    lemonldap-ng-sessions secondfactors   [ ... ]
 
 Commands:
 	
@@ -226,7 +233,7 @@ Commands:
 
 =head2 Consents
 
-lemonldap-ng-sessions consents   [ ... ]
+    lemonldap-ng-sessions consents   [ ... ]
 
 Commands:
 	

From f221a5bdfb33ef015b8070e2bb26361ccb55e978 Mon Sep 17 00:00:00 2001
From: Maxime Besson 
Date: Mon, 21 Dec 2020 21:30:26 +0100
Subject: [PATCH 040/357] Unit test for #2351

---
 lemonldap-ng-common/t/60-Session-Cli.t | 29 +++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/lemonldap-ng-common/t/60-Session-Cli.t b/lemonldap-ng-common/t/60-Session-Cli.t
index a397dd95f..c6230a3ca 100644
--- a/lemonldap-ng-common/t/60-Session-Cli.t
+++ b/lemonldap-ng-common/t/60-Session-Cli.t
@@ -87,6 +87,22 @@ Lemonldap::NG::Common::Session->new( {
         }
     }
 );
+Lemonldap::NG::Common::Session->new( {
+        @sessionsOpts,
+        id   => "1234",
+        info => {
+            "uid" => "foo",
+        }
+    }
+);
+Lemonldap::NG::Common::Session->new( {
+        @sessionsOpts,
+        id   => "1235",
+        info => {
+            "uid" => "foo",
+        }
+    }
+);
 
 Lemonldap::NG::Common::Session->new( {
         @psessionsOpts,
@@ -194,7 +210,7 @@ is(
 
 # Test search
 $res = getJson( "search", {} );
-is( @{$res}, 3, "Found 3 sessions" );
+is( @{$res}, 5, "Found 5 sessions" );
 
 # Test search with different backend
 $res = getJson( "search", { backend => 'persistent' } );
@@ -237,6 +253,17 @@ $res = getJson(
 );
 is( @{$res}, 0, "Session was removed" );
 
+# We should have 2 foo sessions now
+$res = getJson( "search", { where => "uid=foo" } );
+is( @{$res}, 2, "Found 2 foo sessions" );
+
+# Test delete by filter, remove two foo sessions
+$cli->run( 'delete', { where => "uid=foo" } );
+
+# We should have no foo sessions left
+$res = getJson( "search", { where => "uid=foo" } );
+is( @{$res}, 0, "Found 0 foo sessions" );
+
 # Set key
 
 $cli->run( "setKey", {}, "f90f597566f5cce47d9641377776c0c2",

From 860545dd27cb884b83bb6486d4d6fe1d0c549f95 Mon Sep 17 00:00:00 2001
From: Maxime Besson 
Date: Mon, 21 Dec 2020 21:29:34 +0100
Subject: [PATCH 041/357] Deprecate llngDeleteSession (#2351)

---
 doc/sources/admin/sessions.rst                | 2 ++
 lemonldap-ng-portal/scripts/llngDeleteSession | 1 +
 2 files changed, 3 insertions(+)

diff --git a/doc/sources/admin/sessions.rst b/doc/sources/admin/sessions.rst
index 5109625ee..67420d11f 100644
--- a/doc/sources/admin/sessions.rst
+++ b/doc/sources/admin/sessions.rst
@@ -72,6 +72,8 @@ Command-line tools
 
 You can use the ``lemonldap-ng-sessions`` tool to search, update or delete sessions. See a few examples in :ref:`the examples page `
 
+.. deprecated:: 2.0.10
+
 -  LLNG Portal provides a simple tool to delete a session:
    ``llngDeleteSession``. To use it, simply give it the user identifier
    *(wildcard are authorizated)*:
diff --git a/lemonldap-ng-portal/scripts/llngDeleteSession b/lemonldap-ng-portal/scripts/llngDeleteSession
index e6a6f19fb..daa2a07f8 100755
--- a/lemonldap-ng-portal/scripts/llngDeleteSession
+++ b/lemonldap-ng-portal/scripts/llngDeleteSession
@@ -29,6 +29,7 @@ my $nb_error  = 0;
 
 unless (@ARGV) {
     print STDERR "Usage: $0 \n";
+    print STDERR "This script is deprecated, use lemonldap-ng-sessions instead\n";
     exit 1;
 }
 

From cf351a53e4eaec2309ad27e04487afc2a50351a6 Mon Sep 17 00:00:00 2001
From: Maxime Besson 
Date: Mon, 21 Dec 2020 21:30:01 +0100
Subject: [PATCH 042/357] Fix lemonldap-ng-sessions error message

---
 lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm
index 347e2eefc..8765ea351 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/CliSessions.pm
@@ -74,7 +74,7 @@ sub _search {
                 $selectField, $value, @fields );
         }
         else {
-            die "Invalid --where option" . $self->opts->{where};
+            die "Invalid --where option : " . $self->opts->{where};
         }
     }
     else {

From fc4024f0242e18d22c4a0f1cbf61d9ecbbfa417f Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Mon, 21 Dec 2020 21:35:44 +0100
Subject: [PATCH 043/357] Return parameters (#1976)

---
 .../lib/Lemonldap/NG/Portal/Plugins/FindUser.pm   | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
index 50c3c6a1e..cb5969634 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
@@ -34,18 +34,23 @@ sub provideUser {
 
 sub retreiveFindUserParams {
     my ( $self,   $req )            = @_;
-    my ( $params, $excludedParams ) = ( [], [] );
+    my ( $params, $excludedParams ) = ( [ {} ], [ {} ] );
     $self->logger->debug("FindUser: reading parameters...");
     foreach ( sort keys %{ $self->conf->{findUserSearchingAttributes} } ) {
-        $self->logger->debug("Pushing param $_");
+        $self->logger->debug( "Pushing searching parameter: $_ => " . $req->params($_) );
         push @$params, { key => $_, value => $req->params($_) };
     }
     $self->logger->debug("FindUser: reading excluding parameters...");
     foreach ( sort keys %{ $self->conf->{findUserExcludingAttributes} } ) {
-        $self->logger->debug("Pushing excluded param $_");
-        push @$excludedParams, { key => $_, value => $_->{value} };
+        $self->logger->debug( "Pushing excluded parameter: $_ => "
+              . $self->conf->{findUserExcludingAttributes}->{$_} );
+        push @$excludedParams,
+          {
+            key   => $_,
+            value => $self->conf->{findUserExcludingAttributes}->{$_}
+          };
     }
-    return [ $params, $excludedParams ];
+    return ( $params, $excludedParams );
 }
 
 1;

From e7baa348bae2c1cdcd2fbca0faebb5e31080a3c4 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Mon, 21 Dec 2020 21:55:51 +0100
Subject: [PATCH 044/357] Update lang & conf test (#1976)

---
 .../lib/Lemonldap/NG/Manager/Build/Tree.pm    |  9 +++++++-
 .../lib/Lemonldap/NG/Manager/Conf/Tests.pm    | 13 ++++++++++-
 .../site/htdocs/static/languages/ar.json      |  4 ++++
 .../site/htdocs/static/languages/de.json      |  4 ++++
 .../site/htdocs/static/languages/en.json      |  6 ++++-
 .../site/htdocs/static/languages/es.json      |  4 ++++
 .../site/htdocs/static/languages/fr.json      |  4 ++++
 .../site/htdocs/static/languages/it.json      |  4 ++++
 .../site/htdocs/static/languages/pl.json      |  4 ++++
 .../site/htdocs/static/languages/tr.json      |  4 ++++
 .../site/htdocs/static/languages/vi.json      |  4 ++++
 .../site/htdocs/static/languages/zh.json      |  4 ++++
 .../site/htdocs/static/languages/zh_TW.json   |  4 ++++
 .../site/htdocs/static/reverseTree.json       |  2 +-
 .../site/htdocs/static/struct.json            |  2 +-
 .../NG/Portal/Plugins/ContextSwitching.pm     | 22 +++++++++----------
 .../site/htdocs/static/languages/ar.json      |  1 +
 .../site/htdocs/static/languages/de.json      |  1 +
 .../site/htdocs/static/languages/en.json      |  1 +
 .../site/htdocs/static/languages/es.json      |  1 +
 .../site/htdocs/static/languages/fi.json      |  1 +
 .../site/htdocs/static/languages/fr.json      |  1 +
 .../site/htdocs/static/languages/it.json      |  1 +
 .../site/htdocs/static/languages/nl.json      |  1 +
 .../site/htdocs/static/languages/pl.json      |  1 +
 .../site/htdocs/static/languages/pt.json      |  1 +
 .../site/htdocs/static/languages/ro.json      |  1 +
 .../site/htdocs/static/languages/tr.json      |  1 +
 .../site/htdocs/static/languages/vi.json      |  1 +
 .../site/htdocs/static/languages/zh.json      |  1 +
 .../site/htdocs/static/languages/zh_TW.json   |  1 +
 31 files changed, 93 insertions(+), 16 deletions(-)

diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
index 65aefe86c..a8ae03860 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@@ -774,13 +774,20 @@ sub tree {
                         {
                             title => 'impersonation',
                             help  => 'impersonation.html',
+                            form  => 'simpleInputContainer',
                             nodes => [
                                 'impersonationRule',
                                 'impersonationIdRule',
                                 'impersonationUnrestrictedUsersRule',
                                 'impersonationHiddenAttributes',
                                 'impersonationSkipEmptyValues',
-                                'impersonationMergeSSOgroups',
+                                'impersonationMergeSSOgroups'
+                            ]
+                        },
+                        {
+                        title => 'findUsers',
+                            help  => 'finduser.html',
+                            nodes => [
                                 'findUser',
                                 'findUserSearchingAttributes',
                                 'findUserExcludingAttributes'
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
index 40a0b8827..563c73307 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
@@ -692,7 +692,8 @@ sub tests {
               }
               grep { /\d+/ }
               split /\s*,\s*/, $conf->{bruteForceProtectionLockTimes};
-            $conf->{bruteForceProtectionLockTimes} = join ', ', @lockTimes if scalar @lockTimes;
+            $conf->{bruteForceProtectionLockTimes} = join ', ', @lockTimes
+              if scalar @lockTimes;
             return 1 unless ( $conf->{bruteForceProtection} );
             return ( 0,
 '"History" plugin is required to enable "BruteForceProtection" plugin'
@@ -935,6 +936,16 @@ sub tests {
                 and $conf->{passwordDB} eq 'Null' );
             return 1;
         },
+
+        # Password module requires a password backend
+        findUserWithoutImpersonation => sub {
+            return ( -1,
+                '"Impersonation" plugin is required to enable "FindUser" plugin'
+              )
+              if ( $conf->{findUser}
+                and !$conf->{impersonationRule} );
+            return 1;
+        }
     };
 }
 
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
index ac31d6ee7..ae50ceeee 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Field containing user identifier",
 "failedLoginNumber":"عدد عمليات تسجيل الدخول الفاشلة المسجلة",
 "fileToUpload":"الملف الذي ستحمله",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"لست مخولا بعرض هذه الصفحة",
 "forceSave":"فرض الحفظ",
 "format":"الصيغة",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
index f143b3014..6aa8271ac 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Field containing user identifier",
 "failedLoginNumber":"Number of registered failed logins",
 "fileToUpload":"File to upload",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"You're not authorized to show this page",
 "forceSave":"Force save",
 "format":"Format",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
index c2bce5300..195774554 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@@ -198,7 +198,7 @@
 "checkboxes":"Checkboxes",
 "checkState":"Activation",
 "checkStateSecret":"Shared secret",
-"checkUsers":"SSO profile Check",
+"checkUsers":"SSO profile check",
 "checkUser":"Activation",
 "checkUserIdRule":"Identities use rule",
 "checkUserHiddenAttributes":"Hidden attributes",
@@ -328,6 +328,10 @@
 "facebookUserField":"Field containing user identifier",
 "failedLoginNumber":"Number of registered failed logins",
 "fileToUpload":"File to upload",
+"findUser":"Activation",
+"findUsers":"Search for user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"You're not authorized to show this page",
 "forceSave":"Force save",
 "format":"Format",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/es.json b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
index 844ac2f5c..26cae317a 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Campo que contiene identificador de usuario",
 "failedLoginNumber":"Número de fallos en la identificación",
 "fileToUpload":"Fichero a cargar",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"No está autorizado a mostrar esta página",
 "forceSave":"Forzar salvaguarda",
 "format":"Formato",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
index 0019ee0a9..3bf4b1c8c 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Champ contenant l'identifiant de l'utilisateur",
 "failedLoginNumber":"Nombre d'échecs de connexion mémorisés",
 "fileToUpload":"Fichier à télécharger",
+"findUser":"Activation",
+"findUsers":"Rechercher un compte",
+"findUserSearchingAttributes":"Attributs de recherche",
+"findUserExcludingAttributes":"Attributs d'exclusion",
 "forbidden":"Vous n'êtes pas autorisé à visualiser cette page",
 "forceSave":"Forcer la sauvegarde",
 "format":"Format",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
index f5acd6148..afd0265ed 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Campo contenente l'identificatore dell'utente",
 "failedLoginNumber":"Numero di login registrati non riusciti",
 "fileToUpload":"File da caricare",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"Non sei autorizzato a mostrare questa pagina",
 "forceSave":"Forza salvataggio",
 "format":"Formato",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
index 796211400..dd11b6043 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Pole zawierające identyfikator użytkownika",
 "failedLoginNumber":"Liczba zarejestrowanych nieudanych prób logowania",
 "fileToUpload":"Plik do przesłania",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"Nie masz uprawnień do wyświetlania tej strony",
 "forceSave":"Wymuś zapis",
 "format":"Format",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
index d6520057e..37c5004a5 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Alan kullanıcı kimliği içeriyor",
 "failedLoginNumber":"Kayıtlı başarısız giriş sayısı",
 "fileToUpload":"Yüklenecek dosya",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"Bu sayfayı görüntülemek için yetkili değilsiniz",
 "forceSave":"Kaydetmeye zorla",
 "format":"Biçim",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
index b18c3a251..c8f390490 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Field containing user identifier",
 "failedLoginNumber":"Số lượt đăng nhập thất bại",
 "fileToUpload":"Tập tin để tải lên",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"Bạn không được ủy quyền để hiển thị trang này",
 "forceSave":"Bắt buộc lưu",
 "format":"Định dạng",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
index c08ece675..97c25bfd3 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@@ -328,6 +328,10 @@
 "facebookUserField":"Field containing user identifier",
 "failedLoginNumber":"Number of registered failed logins",
 "fileToUpload":"上传的文件",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"You're not authorized to show this page",
 "forceSave":"强制保存",
 "format":"格式",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
index 1752ef717..eea69a926 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
@@ -328,6 +328,10 @@
 "facebookUserField":"包含使用者識別符號的欄位",
 "failedLoginNumber":"已註冊的失敗登入數",
 "fileToUpload":"上傳失敗",
+"findUser":"Activation",
+"findUsers":"Search user account",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"您無權顯示此頁面",
 "forceSave":"強制儲存",
 "format":"格式",
diff --git a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
index 79da08618..d637161a7 100644
--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
@@ -1 +1 @@
-{"ADPwdExpireWarning":"generalParameters/authParams/adParams","ADPwdMaxAge":"generalParameters/authParams/adParams","AuthLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","LDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","SMTPAuthPass":"generalParameters/advancedParams/SMTP","SMTPAuthUser":"generalParameters/advancedParams/SMTP","SMTPPort":"generalParameters/advancedParams/SMTP","SMTPServer":"generalParameters/advancedParams/SMTP","SMTPTLS":"generalParameters/advancedParams/SMTP","SMTPTLSOpts":"generalParameters/advancedParams/SMTP","SSLAuthnLevel":"generalParameters/authParams/sslParams","SSLVar":"generalParameters/authParams/sslParams","SSLVarIf":"generalParameters/authParams/sslParams","activeTimer":"generalParameters/advancedParams/forms","adaptativeAuthenticationLevelRules":"generalParameters/plugins","apacheAuthnLevel":"generalParameters/authParams/apacheParams","applicationList":"generalParameters/portalParams/portalMenu","authChoiceAuthBasic":"generalParameters/authParams/choiceParams","authChoiceModules":"generalParameters/authParams/choiceParams","authChoiceParam":"generalParameters/authParams/choiceParams","authentication":"generalParameters/authParams","autoSigninRules":"generalParameters/plugins/autoSignin","avoidAssignment":"generalParameters/advancedParams/security","browsersDontStorePassword":"generalParameters/advancedParams/security","bruteForceProtection":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionIncrementalTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionLockTimes":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionMaxFailed":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","captcha_login_enabled":"generalParameters/portalParams/portalCaptcha","captcha_mail_enabled":"generalParameters/portalParams/portalCaptcha","captcha_register_enabled":"generalParameters/portalParams/portalCaptcha","captcha_size":"generalParameters/portalParams/portalCaptcha","casAccessControlPolicy":"casServiceMetadata","casAppMetaDataNodes":"","casAttr":"casServiceMetadata","casAttributes":"casServiceMetadata","casAuthnLevel":"generalParameters/authParams/casParams","casSrvMetaDataNodes":"","casStorage":"casServiceMetadata","casStorageOptions":"casServiceMetadata","cda":"generalParameters/cookieParams","certificateResetByMailCeaAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailCertificateAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailStep1Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep1Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailURL":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailValidityDelay":"generalParameters/plugins/certificateResetByMailManagement/mailOther","checkState":"generalParameters/plugins/stateCheck","checkStateSecret":"generalParameters/plugins/stateCheck","checkUser":"generalParameters/plugins/checkUsers","checkUserDisplayComputedSession":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyHeaders":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyValues":"generalParameters/plugins/checkUsers","checkUserDisplayPersistentInfo":"generalParameters/plugins/checkUsers","checkUserHiddenAttributes":"generalParameters/plugins/checkUsers","checkUserHiddenHeaders":"generalParameters/plugins/checkUsers","checkUserIdRule":"generalParameters/plugins/checkUsers","checkUserSearchAttributes":"generalParameters/plugins/checkUsers","checkUserUnrestrictedUsersRule":"generalParameters/plugins/checkUsers","checkXSS":"generalParameters/advancedParams/security","combModules":"generalParameters/authParams/combinationParams","combination":"generalParameters/authParams/combinationParams","compactConf":"generalParameters/reloadParams","confirmFormMethod":"generalParameters/advancedParams/forms","contextSwitchingAllowed2fModifications":"generalParameters/plugins/contextSwitching","contextSwitchingIdRule":"generalParameters/plugins/contextSwitching","contextSwitchingRule":"generalParameters/plugins/contextSwitching","contextSwitchingStopWithLogout":"generalParameters/plugins/contextSwitching","contextSwitchingUnrestrictedUsersRule":"generalParameters/plugins/contextSwitching","cookieExpiration":"generalParameters/cookieParams","cookieName":"generalParameters/cookieParams","corsAllow_Credentials":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Methods":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Origin":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsEnabled":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsExpose_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsMax_Age":"generalParameters/advancedParams/security/crossOrigineResourceSharing","cspConnect":"generalParameters/advancedParams/security/contentSecurityPolicy","cspDefault":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFont":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFormAction":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFrameAncestors":"generalParameters/advancedParams/security/contentSecurityPolicy","cspImg":"generalParameters/advancedParams/security/contentSecurityPolicy","cspScript":"generalParameters/advancedParams/security/contentSecurityPolicy","cspStyle":"generalParameters/advancedParams/security/contentSecurityPolicy","customAddParams":"generalParameters/authParams/customParams","customAuth":"generalParameters/authParams/customParams","customFunctions":"generalParameters/advancedParams","customPassword":"generalParameters/authParams/customParams","customPlugins":"generalParameters/plugins/customPluginsNode","customPluginsParams":"generalParameters/plugins/customPluginsNode","customRegister":"generalParameters/authParams/customParams","customResetCertByMail":"generalParameters/authParams/customParams","customToTrace":"generalParameters/logParams","customUserDB":"generalParameters/authParams/customParams","dbiAuthChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthLoginCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthPasswordCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPasswordHash":"generalParameters/authParams/dbiParams/dbiPassword","dbiAuthTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthnLevel":"generalParameters/authParams/dbiParams","dbiDynamicHashEnabled":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashNewPasswordScheme":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSaltedSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiExportedVars":"generalParameters/authParams/dbiParams","dbiPasswordMailCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","decryptValueFunctions":"generalParameters/plugins/decryptValue","decryptValueRule":"generalParameters/plugins/decryptValue","demoExportedVars":"generalParameters/authParams/demoParams","disablePersistentStorage":"generalParameters/sessionParams/persistentSessions","displaySessionId":"generalParameters/sessionParams","domain":"generalParameters/cookieParams","exportedAttr":"generalParameters/plugins/portalServers","exportedVars":"variables","ext2FSendCommand":"generalParameters/secondFactors/ext2f","ext2FValidateCommand":"generalParameters/secondFactors/ext2f","ext2fActivation":"generalParameters/secondFactors/ext2f","ext2fAuthnLevel":"generalParameters/secondFactors/ext2f","ext2fCodeActivation":"generalParameters/secondFactors/ext2f","ext2fLabel":"generalParameters/secondFactors/ext2f","ext2fLogo":"generalParameters/secondFactors/ext2f","facebookAppId":"generalParameters/authParams/facebookParams","facebookAppSecret":"generalParameters/authParams/facebookParams","facebookAuthnLevel":"generalParameters/authParams/facebookParams","facebookExportedVars":"generalParameters/authParams/facebookParams","facebookUserField":"generalParameters/authParams/facebookParams","failedLoginNumber":"generalParameters/plugins/loginHistory","findUser":"generalParameters/plugins/impersonation","findUserExcludingAttributes":"generalParameters/plugins/impersonation","findUserSearchingAttributes":"generalParameters/plugins/impersonation","formTimeout":"generalParameters/advancedParams/security","githubAuthnLevel":"generalParameters/authParams/githubParams","githubClientID":"generalParameters/authParams/githubParams","githubClientSecret":"generalParameters/authParams/githubParams","githubScope":"generalParameters/authParams/githubParams","githubUserField":"generalParameters/authParams/githubParams","globalLogoutCustomParam":"generalParameters/plugins/globalLogout","globalLogoutRule":"generalParameters/plugins/globalLogout","globalLogoutTimer":"generalParameters/plugins/globalLogout","globalStorage":"generalParameters/sessionParams/sessionStorage","globalStorageOptions":"generalParameters/sessionParams/sessionStorage","gpgAuthnLevel":"generalParameters/authParams/gpgParams","gpgDb":"generalParameters/authParams/gpgParams","grantSessionRules":"generalParameters/sessionParams","groups":"variables","groupsBeforeMacros":"generalParameters/advancedParams","hiddenAttributes":"generalParameters/logParams","hideOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","httpOnly":"generalParameters/cookieParams","https":"generalParameters/advancedParams/redirection","impersonationHiddenAttributes":"generalParameters/plugins/impersonation","impersonationIdRule":"generalParameters/plugins/impersonation","impersonationMergeSSOgroups":"generalParameters/plugins/impersonation","impersonationRule":"generalParameters/plugins/impersonation","impersonationSkipEmptyValues":"generalParameters/plugins/impersonation","impersonationUnrestrictedUsersRule":"generalParameters/plugins/impersonation","infoFormMethod":"generalParameters/advancedParams/forms","issuerDBCASActivation":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASPath":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASRule":"generalParameters/issuerParams/issuerDBCAS","issuerDBGetActivation":"generalParameters/issuerParams/issuerDBGet","issuerDBGetParameters":"generalParameters/issuerParams/issuerDBGet","issuerDBGetPath":"generalParameters/issuerParams/issuerDBGet","issuerDBGetRule":"generalParameters/issuerParams/issuerDBGet","issuerDBOpenIDActivation":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDConnectActivation":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectPath":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectRule":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDPath":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDRule":"generalParameters/issuerParams/issuerDBOpenID","issuerDBSAMLActivation":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLPath":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLRule":"generalParameters/issuerParams/issuerDBSAML","issuersTimeout":"generalParameters/issuerParams/issuerOptions","jsRedirect":"generalParameters/advancedParams/portalRedirection","key":"generalParameters/advancedParams/security","krbAllowedDomains":"generalParameters/authParams/kerberosParams","krbAuthnLevel":"generalParameters/authParams/kerberosParams","krbByJs":"generalParameters/authParams/kerberosParams","krbKeytab":"generalParameters/authParams/kerberosParams","krbRemoveDomain":"generalParameters/authParams/kerberosParams","ldapAllowResetExpiredPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapAuthnLevel":"generalParameters/authParams/ldapParams","ldapBase":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAFile":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAPath":"generalParameters/authParams/ldapParams/ldapConnection","ldapChangePasswordAsUser":"generalParameters/authParams/ldapParams/ldapPassword","ldapExportedVars":"generalParameters/authParams/ldapParams","ldapGroupAttributeName":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameGroup":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameSearch":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameUser":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupBase":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupDecodeSearchedValue":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupObjectClass":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupRecursive":"generalParameters/authParams/ldapParams/ldapGroups","ldapIOTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapITDS":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttributeValue":"generalParameters/authParams/ldapParams/ldapPassword","ldapPort":"generalParameters/authParams/ldapParams/ldapConnection","ldapPpolicyControl":"generalParameters/authParams/ldapParams/ldapPassword","ldapPwdEnc":"generalParameters/authParams/ldapParams/ldapPassword","ldapRaw":"generalParameters/authParams/ldapParams/ldapConnection","ldapSearchDeref":"generalParameters/authParams/ldapParams/ldapFilters","ldapServer":"generalParameters/authParams/ldapParams/ldapConnection","ldapSetPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapUsePasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapVerify":"generalParameters/authParams/ldapParams/ldapConnection","ldapVersion":"generalParameters/authParams/ldapParams/ldapConnection","linkedInAuthnLevel":"generalParameters/authParams/linkedinParams","linkedInClientID":"generalParameters/authParams/linkedinParams","linkedInClientSecret":"generalParameters/authParams/linkedinParams","linkedInFields":"generalParameters/authParams/linkedinParams","linkedInScope":"generalParameters/authParams/linkedinParams","linkedInUserField":"generalParameters/authParams/linkedinParams","localSessionStorage":"generalParameters/sessionParams/sessionStorage","localSessionStorageOptions":"generalParameters/sessionParams/sessionStorage","loginHistoryEnabled":"generalParameters/plugins/loginHistory","logoutServices":"generalParameters/advancedParams","lwpOpts":"generalParameters/advancedParams/security","lwpSslOpts":"generalParameters/advancedParams/security","macros":"variables","mail2fActivation":"generalParameters/secondFactors/mail2f","mail2fAuthnLevel":"generalParameters/secondFactors/mail2f","mail2fBody":"generalParameters/secondFactors/mail2f","mail2fCodeRegex":"generalParameters/secondFactors/mail2f","mail2fLabel":"generalParameters/secondFactors/mail2f","mail2fLogo":"generalParameters/secondFactors/mail2f","mail2fSessionKey":"generalParameters/secondFactors/mail2f","mail2fSubject":"generalParameters/secondFactors/mail2f","mail2fTimeout":"generalParameters/secondFactors/mail2f","mailBody":"generalParameters/plugins/passwordManagement/mailContent","mailCharset":"generalParameters/advancedParams/SMTP/mailHeaders","mailConfirmBody":"generalParameters/plugins/passwordManagement/mailContent","mailConfirmSubject":"generalParameters/plugins/passwordManagement/mailContent","mailFrom":"generalParameters/advancedParams/SMTP/mailHeaders","mailLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","mailOnPasswordChange":"generalParameters/portalParams/portalCustomization/passwordManagement","mailReplyTo":"generalParameters/advancedParams/SMTP/mailHeaders","mailSessionKey":"generalParameters/advancedParams/SMTP","mailSubject":"generalParameters/plugins/passwordManagement/mailContent","mailTimeout":"generalParameters/plugins/passwordManagement/mailOther","mailUrl":"generalParameters/plugins/passwordManagement/mailOther","maintenance":"generalParameters/advancedParams/redirection","managerDn":"generalParameters/authParams/ldapParams/ldapConnection","managerPassword":"generalParameters/authParams/ldapParams/ldapConnection","multiValuesSeparator":"generalParameters/advancedParams","nginxCustomHandlers":"generalParameters/advancedParams","noAjaxHook":"generalParameters/advancedParams/portalRedirection","notification":"generalParameters/plugins/notifications","notificationDefaultCond":"generalParameters/plugins/notifications/serverNotification","notificationServer":"generalParameters/plugins/notifications/serverNotification","notificationServerDELETE":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerGET":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerPOST":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerSentAttributes":"generalParameters/plugins/notifications/serverNotification","notificationStorage":"generalParameters/plugins/notifications","notificationStorageOptions":"generalParameters/plugins/notifications","notificationWildcard":"generalParameters/plugins/notifications","notificationXSLTfile":"generalParameters/plugins/notifications","notificationsExplorer":"generalParameters/plugins/notifications","notifyDeleted":"generalParameters/sessionParams/multipleSessions","notifyOther":"generalParameters/sessionParams/multipleSessions","nullAuthnLevel":"generalParameters/authParams/nullParams","oidcAuthnLevel":"generalParameters/authParams/oidcParams","oidcOPMetaDataNodes":"","oidcRPCallbackGetParam":"generalParameters/authParams/oidcParams","oidcRPMetaDataNodes":"","oidcRPStateTimeout":"generalParameters/authParams/oidcParams","oidcServiceAccessTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowAuthorizationCodeFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowDynamicRegistration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowHybridFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowImplicitFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAuthorizationCodeExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceDynamicRegistrationExportedVars":"oidcServiceMetaData","oidcServiceDynamicRegistrationExtraClaims":"oidcServiceMetaData","oidcServiceIDTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceKeyIdSig":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceMetaDataAuthnContext":"oidcServiceMetaData","oidcServiceMetaDataAuthorizeURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataBackChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataCheckSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataEndSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataFrontChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIntrospectionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIssuer":"oidcServiceMetaData","oidcServiceMetaDataJWKSURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataRegistrationURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataTokenURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataUserInfoURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceOfflineSessionExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServicePrivateKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServicePublicKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcStorage":"oidcServiceMetaData/oidcServiceMetaDataSessions","oidcStorageOptions":"oidcServiceMetaData/oidcServiceMetaDataSessions","oldNotifFormat":"generalParameters/plugins/notifications","openIdAttr":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdAuthnLevel":"generalParameters/authParams/openidParams","openIdExportedVars":"generalParameters/authParams/openidParams","openIdIDPList":"generalParameters/authParams/openidParams","openIdIssuerSecret":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSPList":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSecret":"generalParameters/authParams/openidParams","openIdSreg_country":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_dob":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_email":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_fullname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_gender":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_language":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_nickname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_postcode":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_timezone":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","pamAuthnLevel":"generalParameters/authParams/pamParams","pamService":"generalParameters/authParams/pamParams","passwordDB":"generalParameters/authParams","passwordPolicyActivation":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinDigit":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinLower":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSize":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSpeChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinUpper":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicySpecialChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordResetAllowedRetries":"generalParameters/portalParams/portalCustomization/portalButtons","persistentStorage":"generalParameters/sessionParams/persistentSessions","persistentStorageOptions":"generalParameters/sessionParams/persistentSessions","port":"generalParameters/advancedParams/redirection","portal":"generalParameters/portalParams","portalAntiFrame":"generalParameters/portalParams/portalCustomization/portalOther","portalCheckLogins":"generalParameters/portalParams/portalCustomization/portalButtons","portalCustomCss":"generalParameters/portalParams/portalCustomization","portalDisplayAppslist":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayCertificateResetByMail":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayChangePassword":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayGeneratePassword":"generalParameters/plugins/passwordManagement/mailOther","portalDisplayLoginHistory":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLogout":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayOidcConsents":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayPasswordPolicy":"generalParameters/portalParams/portalCustomization/passwordPolicy","portalDisplayRefreshMyRights":"generalParameters/portalParams/portalCustomization/portalOther","portalDisplayRegister":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayResetPassword":"generalParameters/portalParams/portalCustomization/portalButtons","portalErrorOnExpiredSession":"generalParameters/portalParams/portalCustomization/portalOther","portalErrorOnMailNotFound":"generalParameters/portalParams/portalCustomization/portalOther","portalForceAuthn":"generalParameters/advancedParams/security","portalForceAuthnInterval":"generalParameters/advancedParams/security","portalMainLogo":"generalParameters/portalParams/portalCustomization","portalOpenLinkInNewWindow":"generalParameters/portalParams/portalCustomization/portalOther","portalPingInterval":"generalParameters/portalParams/portalCustomization/portalOther","portalRequireOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","portalSkin":"generalParameters/portalParams/portalCustomization","portalSkinBackground":"generalParameters/portalParams/portalCustomization","portalSkinRules":"generalParameters/portalParams/portalCustomization","portalStatus":"generalParameters/plugins","portalUserAttr":"generalParameters/portalParams/portalCustomization/portalOther","proxyAuthService":"generalParameters/authParams/proxyParams","proxyAuthnLevel":"generalParameters/authParams/proxyParams","proxySessionService":"generalParameters/authParams/proxyParams","proxyUseSoap":"generalParameters/authParams/proxyParams","radius2fActivation":"generalParameters/secondFactors/radius2f","radius2fAuthnLevel":"generalParameters/secondFactors/radius2f","radius2fLabel":"generalParameters/secondFactors/radius2f","radius2fLogo":"generalParameters/secondFactors/radius2f","radius2fSecret":"generalParameters/secondFactors/radius2f","radius2fServer":"generalParameters/secondFactors/radius2f","radius2fTimeout":"generalParameters/secondFactors/radius2f","radius2fUsernameSessionKey":"generalParameters/secondFactors/radius2f","radiusAuthnLevel":"generalParameters/authParams/radiusParams","radiusSecret":"generalParameters/authParams/radiusParams","radiusServer":"generalParameters/authParams/radiusParams","randomPasswordRegexp":"generalParameters/plugins/passwordManagement/mailOther","redirectFormMethod":"generalParameters/advancedParams/forms","refreshSessions":"generalParameters/plugins","registerConfirmSubject":"generalParameters/plugins/register","registerDB":"generalParameters/authParams","registerDoneSubject":"generalParameters/plugins/register","registerTimeout":"generalParameters/plugins/register","registerUrl":"generalParameters/plugins/register","reloadTimeout":"generalParameters/reloadParams","reloadUrls":"generalParameters/reloadParams","remoteCookieName":"generalParameters/authParams/remoteParams","remoteGlobalStorage":"generalParameters/authParams/remoteParams","remoteGlobalStorageOptions":"generalParameters/authParams/remoteParams","remotePortal":"generalParameters/authParams/remoteParams","requireToken":"generalParameters/advancedParams/security","rest2fActivation":"generalParameters/secondFactors/rest2f","rest2fAuthnLevel":"generalParameters/secondFactors/rest2f","rest2fInitArgs":"generalParameters/secondFactors/rest2f","rest2fInitUrl":"generalParameters/secondFactors/rest2f","rest2fLabel":"generalParameters/secondFactors/rest2f","rest2fLogo":"generalParameters/secondFactors/rest2f","rest2fVerifyArgs":"generalParameters/secondFactors/rest2f","rest2fVerifyUrl":"generalParameters/secondFactors/rest2f","restAuthServer":"generalParameters/plugins/portalServers","restAuthUrl":"generalParameters/authParams/restParams","restAuthnLevel":"generalParameters/authParams/restParams","restClockTolerance":"generalParameters/plugins/portalServers","restConfigServer":"generalParameters/plugins/portalServers","restExportSecretKeys":"generalParameters/plugins/portalServers","restPasswordServer":"generalParameters/plugins/portalServers","restPwdConfirmUrl":"generalParameters/authParams/restParams","restPwdModifyUrl":"generalParameters/authParams/restParams","restSessionServer":"generalParameters/plugins/portalServers","restUserDBUrl":"generalParameters/authParams/restParams","sameSite":"generalParameters/cookieParams","samlAttributeAuthorityDescriptorAttributeServiceSOAP":"samlServiceMetaData/samlAttributeAuthorityDescriptor/samlAttributeAuthorityDescriptorAttributeService","samlAuthnContextMapKerberos":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPassword":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPasswordProtectedTransport":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapTLSClient":"samlServiceMetaData/samlAuthnContextMap","samlCommonDomainCookieActivation":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieDomain":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieReader":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieWriter":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlDiscoveryProtocolActivation":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolIsPassive":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolPolicy":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolURL":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlEntityID":"samlServiceMetaData","samlIDPMetaDataNodes":"","samlIDPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorArtifactResolutionService","samlIDPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorWantAuthnRequestsSigned":"samlServiceMetaData/samlIDPSSODescriptor","samlMetadataForceUTF8":"samlServiceMetaData/samlAdvanced","samlNameIDFormatMapEmail":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapKerberos":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapWindows":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapX509":"samlServiceMetaData/samlNameIDFormatMap","samlOrganizationDisplayName":"samlServiceMetaData/samlOrganization","samlOrganizationName":"samlServiceMetaData/samlOrganization","samlOrganizationURL":"samlServiceMetaData/samlOrganization","samlOverrideIDPEntityID":"samlServiceMetaData/samlAdvanced","samlRelayStateTimeout":"samlServiceMetaData/samlAdvanced","samlSPMetaDataNodes":"","samlSPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorArtifactResolutionService","samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAssertionConsumerServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAuthnRequestsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlSPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorWantAssertionsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlServicePrivateKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeyEncPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePrivateKeySigPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePublicKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePublicKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServiceSignatureMethod":"samlServiceMetaData/samlServiceSecurity","samlServiceUseCertificateInResponse":"samlServiceMetaData/samlServiceSecurity","samlStorage":"samlServiceMetaData/samlAdvanced","samlStorageOptions":"samlServiceMetaData/samlAdvanced","samlUseQueryStringSpecific":"samlServiceMetaData/samlAdvanced","securedCookie":"generalParameters/cookieParams","sessionDataToRemember":"generalParameters/plugins/loginHistory","sfExtra":"generalParameters/secondFactors","sfManagerRule":"generalParameters/secondFactors","sfOnlyUpgrade":"generalParameters/secondFactors","sfRemovedMsgRule":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifMsg":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifRef":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifTitle":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedUseNotif":"generalParameters/secondFactors/sfRemovedNotification","sfRequired":"generalParameters/secondFactors","showLanguages":"generalParameters/portalParams/portalCustomization","singleIP":"generalParameters/sessionParams/multipleSessions","singleSession":"generalParameters/sessionParams/multipleSessions","singleUserByIP":"generalParameters/sessionParams/multipleSessions","skipRenewConfirmation":"generalParameters/advancedParams/portalRedirection","skipUpgradeConfirmation":"generalParameters/advancedParams/portalRedirection","slaveAuthnLevel":"generalParameters/authParams/slaveParams","slaveDisplayLogo":"generalParameters/authParams/slaveParams","slaveExportedVars":"generalParameters/authParams/slaveParams","slaveHeaderContent":"generalParameters/authParams/slaveParams","slaveHeaderName":"generalParameters/authParams/slaveParams","slaveMasterIP":"generalParameters/authParams/slaveParams","slaveUserHeader":"generalParameters/authParams/slaveParams","soapConfigServer":"generalParameters/plugins/portalServers","soapSessionServer":"generalParameters/plugins/portalServers","sslByAjax":"generalParameters/authParams/sslParams","sslHost":"generalParameters/authParams/sslParams","stayConnected":"generalParameters/plugins/stayConnect","stayConnectedCookieName":"generalParameters/plugins/stayConnect","stayConnectedTimeout":"generalParameters/plugins/stayConnect","storePassword":"generalParameters/sessionParams","successLoginNumber":"generalParameters/plugins/loginHistory","timeout":"generalParameters/sessionParams","timeoutActivity":"generalParameters/sessionParams","timeoutActivityInterval":"generalParameters/sessionParams","tokenUseGlobalStorage":"generalParameters/advancedParams/security","totp2fActivation":"generalParameters/secondFactors/totp2f","totp2fAuthnLevel":"generalParameters/secondFactors/totp2f","totp2fDigits":"generalParameters/secondFactors/totp2f","totp2fDisplayExistingSecret":"generalParameters/secondFactors/totp2f","totp2fInterval":"generalParameters/secondFactors/totp2f","totp2fIssuer":"generalParameters/secondFactors/totp2f","totp2fLabel":"generalParameters/secondFactors/totp2f","totp2fLogo":"generalParameters/secondFactors/totp2f","totp2fRange":"generalParameters/secondFactors/totp2f","totp2fSelfRegistration":"generalParameters/secondFactors/totp2f","totp2fTTL":"generalParameters/secondFactors/totp2f","totp2fUserCanChangeKey":"generalParameters/secondFactors/totp2f","totp2fUserCanRemoveKey":"generalParameters/secondFactors/totp2f","trustedDomains":"generalParameters/advancedParams/security","twitterAppName":"generalParameters/authParams/twitterParams","twitterAuthnLevel":"generalParameters/authParams/twitterParams","twitterKey":"generalParameters/authParams/twitterParams","twitterSecret":"generalParameters/authParams/twitterParams","twitterUserField":"generalParameters/authParams/twitterParams","u2fActivation":"generalParameters/secondFactors/u2f","u2fAuthnLevel":"generalParameters/secondFactors/u2f","u2fLabel":"generalParameters/secondFactors/u2f","u2fLogo":"generalParameters/secondFactors/u2f","u2fSelfRegistration":"generalParameters/secondFactors/u2f","u2fTTL":"generalParameters/secondFactors/u2f","u2fUserCanRemoveKey":"generalParameters/secondFactors/u2f","upgradeSession":"generalParameters/plugins","useRedirectOnError":"generalParameters/advancedParams/redirection","useRedirectOnForbidden":"generalParameters/advancedParams/redirection","useSafeJail":"generalParameters/advancedParams/security","userControl":"generalParameters/advancedParams/security","userDB":"generalParameters/authParams","userPivot":"generalParameters/authParams/dbiParams/dbiSchema","utotp2fActivation":"generalParameters/secondFactors/utotp2f","utotp2fAuthnLevel":"generalParameters/secondFactors/utotp2f","utotp2fLabel":"generalParameters/secondFactors/utotp2f","utotp2fLogo":"generalParameters/secondFactors/utotp2f","virtualHosts":"","webIDAuthnLevel":"generalParameters/authParams/webidParams","webIDExportedVars":"generalParameters/authParams/webidParams","webIDWhitelist":"generalParameters/authParams/webidParams","whatToTrace":"generalParameters/logParams","wsdlServer":"generalParameters/plugins/portalServers","yubikey2fActivation":"generalParameters/secondFactors/yubikey2f","yubikey2fAuthnLevel":"generalParameters/secondFactors/yubikey2f","yubikey2fClientID":"generalParameters/secondFactors/yubikey2f","yubikey2fFromSessionAttribute":"generalParameters/secondFactors/yubikey2f","yubikey2fLabel":"generalParameters/secondFactors/yubikey2f","yubikey2fLogo":"generalParameters/secondFactors/yubikey2f","yubikey2fNonce":"generalParameters/secondFactors/yubikey2f","yubikey2fPublicIDSize":"generalParameters/secondFactors/yubikey2f","yubikey2fSecretKey":"generalParameters/secondFactors/yubikey2f","yubikey2fSelfRegistration":"generalParameters/secondFactors/yubikey2f","yubikey2fTTL":"generalParameters/secondFactors/yubikey2f","yubikey2fUrl":"generalParameters/secondFactors/yubikey2f","yubikey2fUserCanRemoveKey":"generalParameters/secondFactors/yubikey2f"}
\ No newline at end of file
+{"ADPwdExpireWarning":"generalParameters/authParams/adParams","ADPwdMaxAge":"generalParameters/authParams/adParams","AuthLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","LDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","SMTPAuthPass":"generalParameters/advancedParams/SMTP","SMTPAuthUser":"generalParameters/advancedParams/SMTP","SMTPPort":"generalParameters/advancedParams/SMTP","SMTPServer":"generalParameters/advancedParams/SMTP","SMTPTLS":"generalParameters/advancedParams/SMTP","SMTPTLSOpts":"generalParameters/advancedParams/SMTP","SSLAuthnLevel":"generalParameters/authParams/sslParams","SSLVar":"generalParameters/authParams/sslParams","SSLVarIf":"generalParameters/authParams/sslParams","activeTimer":"generalParameters/advancedParams/forms","adaptativeAuthenticationLevelRules":"generalParameters/plugins","apacheAuthnLevel":"generalParameters/authParams/apacheParams","applicationList":"generalParameters/portalParams/portalMenu","authChoiceAuthBasic":"generalParameters/authParams/choiceParams","authChoiceModules":"generalParameters/authParams/choiceParams","authChoiceParam":"generalParameters/authParams/choiceParams","authentication":"generalParameters/authParams","autoSigninRules":"generalParameters/plugins/autoSignin","avoidAssignment":"generalParameters/advancedParams/security","browsersDontStorePassword":"generalParameters/advancedParams/security","bruteForceProtection":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionIncrementalTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionLockTimes":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionMaxFailed":"generalParameters/advancedParams/security/bruteForceAttackProtection","bruteForceProtectionTempo":"generalParameters/advancedParams/security/bruteForceAttackProtection","captcha_login_enabled":"generalParameters/portalParams/portalCaptcha","captcha_mail_enabled":"generalParameters/portalParams/portalCaptcha","captcha_register_enabled":"generalParameters/portalParams/portalCaptcha","captcha_size":"generalParameters/portalParams/portalCaptcha","casAccessControlPolicy":"casServiceMetadata","casAppMetaDataNodes":"","casAttr":"casServiceMetadata","casAttributes":"casServiceMetadata","casAuthnLevel":"generalParameters/authParams/casParams","casSrvMetaDataNodes":"","casStorage":"casServiceMetadata","casStorageOptions":"casServiceMetadata","cda":"generalParameters/cookieParams","certificateResetByMailCeaAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailCertificateAttribute":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailStep1Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep1Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Body":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailStep2Subject":"generalParameters/plugins/certificateResetByMailManagement/certificateMailContent","certificateResetByMailURL":"generalParameters/plugins/certificateResetByMailManagement/mailOther","certificateResetByMailValidityDelay":"generalParameters/plugins/certificateResetByMailManagement/mailOther","checkState":"generalParameters/plugins/stateCheck","checkStateSecret":"generalParameters/plugins/stateCheck","checkUser":"generalParameters/plugins/checkUsers","checkUserDisplayComputedSession":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyHeaders":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyValues":"generalParameters/plugins/checkUsers","checkUserDisplayPersistentInfo":"generalParameters/plugins/checkUsers","checkUserHiddenAttributes":"generalParameters/plugins/checkUsers","checkUserHiddenHeaders":"generalParameters/plugins/checkUsers","checkUserIdRule":"generalParameters/plugins/checkUsers","checkUserSearchAttributes":"generalParameters/plugins/checkUsers","checkUserUnrestrictedUsersRule":"generalParameters/plugins/checkUsers","checkXSS":"generalParameters/advancedParams/security","combModules":"generalParameters/authParams/combinationParams","combination":"generalParameters/authParams/combinationParams","compactConf":"generalParameters/reloadParams","confirmFormMethod":"generalParameters/advancedParams/forms","contextSwitchingAllowed2fModifications":"generalParameters/plugins/contextSwitching","contextSwitchingIdRule":"generalParameters/plugins/contextSwitching","contextSwitchingRule":"generalParameters/plugins/contextSwitching","contextSwitchingStopWithLogout":"generalParameters/plugins/contextSwitching","contextSwitchingUnrestrictedUsersRule":"generalParameters/plugins/contextSwitching","cookieExpiration":"generalParameters/cookieParams","cookieName":"generalParameters/cookieParams","corsAllow_Credentials":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Methods":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsAllow_Origin":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsEnabled":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsExpose_Headers":"generalParameters/advancedParams/security/crossOrigineResourceSharing","corsMax_Age":"generalParameters/advancedParams/security/crossOrigineResourceSharing","cspConnect":"generalParameters/advancedParams/security/contentSecurityPolicy","cspDefault":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFont":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFormAction":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFrameAncestors":"generalParameters/advancedParams/security/contentSecurityPolicy","cspImg":"generalParameters/advancedParams/security/contentSecurityPolicy","cspScript":"generalParameters/advancedParams/security/contentSecurityPolicy","cspStyle":"generalParameters/advancedParams/security/contentSecurityPolicy","customAddParams":"generalParameters/authParams/customParams","customAuth":"generalParameters/authParams/customParams","customFunctions":"generalParameters/advancedParams","customPassword":"generalParameters/authParams/customParams","customPlugins":"generalParameters/plugins/customPluginsNode","customPluginsParams":"generalParameters/plugins/customPluginsNode","customRegister":"generalParameters/authParams/customParams","customResetCertByMail":"generalParameters/authParams/customParams","customToTrace":"generalParameters/logParams","customUserDB":"generalParameters/authParams/customParams","dbiAuthChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthLoginCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthPasswordCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPasswordHash":"generalParameters/authParams/dbiParams/dbiPassword","dbiAuthTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthnLevel":"generalParameters/authParams/dbiParams","dbiDynamicHashEnabled":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashNewPasswordScheme":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSaltedSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiExportedVars":"generalParameters/authParams/dbiParams","dbiPasswordMailCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","decryptValueFunctions":"generalParameters/plugins/decryptValue","decryptValueRule":"generalParameters/plugins/decryptValue","demoExportedVars":"generalParameters/authParams/demoParams","disablePersistentStorage":"generalParameters/sessionParams/persistentSessions","displaySessionId":"generalParameters/sessionParams","domain":"generalParameters/cookieParams","exportedAttr":"generalParameters/plugins/portalServers","exportedVars":"variables","ext2FSendCommand":"generalParameters/secondFactors/ext2f","ext2FValidateCommand":"generalParameters/secondFactors/ext2f","ext2fActivation":"generalParameters/secondFactors/ext2f","ext2fAuthnLevel":"generalParameters/secondFactors/ext2f","ext2fCodeActivation":"generalParameters/secondFactors/ext2f","ext2fLabel":"generalParameters/secondFactors/ext2f","ext2fLogo":"generalParameters/secondFactors/ext2f","facebookAppId":"generalParameters/authParams/facebookParams","facebookAppSecret":"generalParameters/authParams/facebookParams","facebookAuthnLevel":"generalParameters/authParams/facebookParams","facebookExportedVars":"generalParameters/authParams/facebookParams","facebookUserField":"generalParameters/authParams/facebookParams","failedLoginNumber":"generalParameters/plugins/loginHistory","findUser":"generalParameters/plugins/findUsers","findUserExcludingAttributes":"generalParameters/plugins/findUsers","findUserSearchingAttributes":"generalParameters/plugins/findUsers","formTimeout":"generalParameters/advancedParams/security","githubAuthnLevel":"generalParameters/authParams/githubParams","githubClientID":"generalParameters/authParams/githubParams","githubClientSecret":"generalParameters/authParams/githubParams","githubScope":"generalParameters/authParams/githubParams","githubUserField":"generalParameters/authParams/githubParams","globalLogoutCustomParam":"generalParameters/plugins/globalLogout","globalLogoutRule":"generalParameters/plugins/globalLogout","globalLogoutTimer":"generalParameters/plugins/globalLogout","globalStorage":"generalParameters/sessionParams/sessionStorage","globalStorageOptions":"generalParameters/sessionParams/sessionStorage","gpgAuthnLevel":"generalParameters/authParams/gpgParams","gpgDb":"generalParameters/authParams/gpgParams","grantSessionRules":"generalParameters/sessionParams","groups":"variables","groupsBeforeMacros":"generalParameters/advancedParams","hiddenAttributes":"generalParameters/logParams","hideOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","httpOnly":"generalParameters/cookieParams","https":"generalParameters/advancedParams/redirection","impersonationHiddenAttributes":"generalParameters/plugins/impersonation","impersonationIdRule":"generalParameters/plugins/impersonation","impersonationMergeSSOgroups":"generalParameters/plugins/impersonation","impersonationRule":"generalParameters/plugins/impersonation","impersonationSkipEmptyValues":"generalParameters/plugins/impersonation","impersonationUnrestrictedUsersRule":"generalParameters/plugins/impersonation","infoFormMethod":"generalParameters/advancedParams/forms","issuerDBCASActivation":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASPath":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASRule":"generalParameters/issuerParams/issuerDBCAS","issuerDBGetActivation":"generalParameters/issuerParams/issuerDBGet","issuerDBGetParameters":"generalParameters/issuerParams/issuerDBGet","issuerDBGetPath":"generalParameters/issuerParams/issuerDBGet","issuerDBGetRule":"generalParameters/issuerParams/issuerDBGet","issuerDBOpenIDActivation":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDConnectActivation":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectPath":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectRule":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDPath":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDRule":"generalParameters/issuerParams/issuerDBOpenID","issuerDBSAMLActivation":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLPath":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLRule":"generalParameters/issuerParams/issuerDBSAML","issuersTimeout":"generalParameters/issuerParams/issuerOptions","jsRedirect":"generalParameters/advancedParams/portalRedirection","key":"generalParameters/advancedParams/security","krbAllowedDomains":"generalParameters/authParams/kerberosParams","krbAuthnLevel":"generalParameters/authParams/kerberosParams","krbByJs":"generalParameters/authParams/kerberosParams","krbKeytab":"generalParameters/authParams/kerberosParams","krbRemoveDomain":"generalParameters/authParams/kerberosParams","ldapAllowResetExpiredPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapAuthnLevel":"generalParameters/authParams/ldapParams","ldapBase":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAFile":"generalParameters/authParams/ldapParams/ldapConnection","ldapCAPath":"generalParameters/authParams/ldapParams/ldapConnection","ldapChangePasswordAsUser":"generalParameters/authParams/ldapParams/ldapPassword","ldapExportedVars":"generalParameters/authParams/ldapParams","ldapGroupAttributeName":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameGroup":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameSearch":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameUser":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupBase":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupDecodeSearchedValue":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupObjectClass":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupRecursive":"generalParameters/authParams/ldapParams/ldapGroups","ldapIOTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapITDS":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttributeValue":"generalParameters/authParams/ldapParams/ldapPassword","ldapPort":"generalParameters/authParams/ldapParams/ldapConnection","ldapPpolicyControl":"generalParameters/authParams/ldapParams/ldapPassword","ldapPwdEnc":"generalParameters/authParams/ldapParams/ldapPassword","ldapRaw":"generalParameters/authParams/ldapParams/ldapConnection","ldapSearchDeref":"generalParameters/authParams/ldapParams/ldapFilters","ldapServer":"generalParameters/authParams/ldapParams/ldapConnection","ldapSetPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapUsePasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapVerify":"generalParameters/authParams/ldapParams/ldapConnection","ldapVersion":"generalParameters/authParams/ldapParams/ldapConnection","linkedInAuthnLevel":"generalParameters/authParams/linkedinParams","linkedInClientID":"generalParameters/authParams/linkedinParams","linkedInClientSecret":"generalParameters/authParams/linkedinParams","linkedInFields":"generalParameters/authParams/linkedinParams","linkedInScope":"generalParameters/authParams/linkedinParams","linkedInUserField":"generalParameters/authParams/linkedinParams","localSessionStorage":"generalParameters/sessionParams/sessionStorage","localSessionStorageOptions":"generalParameters/sessionParams/sessionStorage","loginHistoryEnabled":"generalParameters/plugins/loginHistory","logoutServices":"generalParameters/advancedParams","lwpOpts":"generalParameters/advancedParams/security","lwpSslOpts":"generalParameters/advancedParams/security","macros":"variables","mail2fActivation":"generalParameters/secondFactors/mail2f","mail2fAuthnLevel":"generalParameters/secondFactors/mail2f","mail2fBody":"generalParameters/secondFactors/mail2f","mail2fCodeRegex":"generalParameters/secondFactors/mail2f","mail2fLabel":"generalParameters/secondFactors/mail2f","mail2fLogo":"generalParameters/secondFactors/mail2f","mail2fSessionKey":"generalParameters/secondFactors/mail2f","mail2fSubject":"generalParameters/secondFactors/mail2f","mail2fTimeout":"generalParameters/secondFactors/mail2f","mailBody":"generalParameters/plugins/passwordManagement/mailContent","mailCharset":"generalParameters/advancedParams/SMTP/mailHeaders","mailConfirmBody":"generalParameters/plugins/passwordManagement/mailContent","mailConfirmSubject":"generalParameters/plugins/passwordManagement/mailContent","mailFrom":"generalParameters/advancedParams/SMTP/mailHeaders","mailLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","mailOnPasswordChange":"generalParameters/portalParams/portalCustomization/passwordManagement","mailReplyTo":"generalParameters/advancedParams/SMTP/mailHeaders","mailSessionKey":"generalParameters/advancedParams/SMTP","mailSubject":"generalParameters/plugins/passwordManagement/mailContent","mailTimeout":"generalParameters/plugins/passwordManagement/mailOther","mailUrl":"generalParameters/plugins/passwordManagement/mailOther","maintenance":"generalParameters/advancedParams/redirection","managerDn":"generalParameters/authParams/ldapParams/ldapConnection","managerPassword":"generalParameters/authParams/ldapParams/ldapConnection","multiValuesSeparator":"generalParameters/advancedParams","nginxCustomHandlers":"generalParameters/advancedParams","noAjaxHook":"generalParameters/advancedParams/portalRedirection","notification":"generalParameters/plugins/notifications","notificationDefaultCond":"generalParameters/plugins/notifications/serverNotification","notificationServer":"generalParameters/plugins/notifications/serverNotification","notificationServerDELETE":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerGET":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerPOST":"generalParameters/plugins/notifications/serverNotification/notificationServerMethods","notificationServerSentAttributes":"generalParameters/plugins/notifications/serverNotification","notificationStorage":"generalParameters/plugins/notifications","notificationStorageOptions":"generalParameters/plugins/notifications","notificationWildcard":"generalParameters/plugins/notifications","notificationXSLTfile":"generalParameters/plugins/notifications","notificationsExplorer":"generalParameters/plugins/notifications","notifyDeleted":"generalParameters/sessionParams/multipleSessions","notifyOther":"generalParameters/sessionParams/multipleSessions","nullAuthnLevel":"generalParameters/authParams/nullParams","oidcAuthnLevel":"generalParameters/authParams/oidcParams","oidcOPMetaDataNodes":"","oidcRPCallbackGetParam":"generalParameters/authParams/oidcParams","oidcRPMetaDataNodes":"","oidcRPStateTimeout":"generalParameters/authParams/oidcParams","oidcServiceAccessTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowAuthorizationCodeFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowDynamicRegistration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowHybridFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowImplicitFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAuthorizationCodeExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceDynamicRegistrationExportedVars":"oidcServiceMetaData","oidcServiceDynamicRegistrationExtraClaims":"oidcServiceMetaData","oidcServiceIDTokenExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceKeyIdSig":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceMetaDataAuthnContext":"oidcServiceMetaData","oidcServiceMetaDataAuthorizeURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataBackChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataCheckSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataEndSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataFrontChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIntrospectionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIssuer":"oidcServiceMetaData","oidcServiceMetaDataJWKSURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataRegistrationURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataTokenURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataUserInfoURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceOfflineSessionExpiration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServicePrivateKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServicePublicKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcStorage":"oidcServiceMetaData/oidcServiceMetaDataSessions","oidcStorageOptions":"oidcServiceMetaData/oidcServiceMetaDataSessions","oldNotifFormat":"generalParameters/plugins/notifications","openIdAttr":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdAuthnLevel":"generalParameters/authParams/openidParams","openIdExportedVars":"generalParameters/authParams/openidParams","openIdIDPList":"generalParameters/authParams/openidParams","openIdIssuerSecret":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSPList":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSecret":"generalParameters/authParams/openidParams","openIdSreg_country":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_dob":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_email":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_fullname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_gender":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_language":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_nickname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_postcode":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_timezone":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","pamAuthnLevel":"generalParameters/authParams/pamParams","pamService":"generalParameters/authParams/pamParams","passwordDB":"generalParameters/authParams","passwordPolicyActivation":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinDigit":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinLower":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSize":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinSpeChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicyMinUpper":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordPolicySpecialChar":"generalParameters/portalParams/portalCustomization/passwordPolicy","passwordResetAllowedRetries":"generalParameters/portalParams/portalCustomization/portalButtons","persistentStorage":"generalParameters/sessionParams/persistentSessions","persistentStorageOptions":"generalParameters/sessionParams/persistentSessions","port":"generalParameters/advancedParams/redirection","portal":"generalParameters/portalParams","portalAntiFrame":"generalParameters/portalParams/portalCustomization/portalOther","portalCheckLogins":"generalParameters/portalParams/portalCustomization/portalButtons","portalCustomCss":"generalParameters/portalParams/portalCustomization","portalDisplayAppslist":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayCertificateResetByMail":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayChangePassword":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayGeneratePassword":"generalParameters/plugins/passwordManagement/mailOther","portalDisplayLoginHistory":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLogout":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayOidcConsents":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayPasswordPolicy":"generalParameters/portalParams/portalCustomization/passwordPolicy","portalDisplayRefreshMyRights":"generalParameters/portalParams/portalCustomization/portalOther","portalDisplayRegister":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayResetPassword":"generalParameters/portalParams/portalCustomization/portalButtons","portalErrorOnExpiredSession":"generalParameters/portalParams/portalCustomization/portalOther","portalErrorOnMailNotFound":"generalParameters/portalParams/portalCustomization/portalOther","portalForceAuthn":"generalParameters/advancedParams/security","portalForceAuthnInterval":"generalParameters/advancedParams/security","portalMainLogo":"generalParameters/portalParams/portalCustomization","portalOpenLinkInNewWindow":"generalParameters/portalParams/portalCustomization/portalOther","portalPingInterval":"generalParameters/portalParams/portalCustomization/portalOther","portalRequireOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","portalSkin":"generalParameters/portalParams/portalCustomization","portalSkinBackground":"generalParameters/portalParams/portalCustomization","portalSkinRules":"generalParameters/portalParams/portalCustomization","portalStatus":"generalParameters/plugins","portalUserAttr":"generalParameters/portalParams/portalCustomization/portalOther","proxyAuthService":"generalParameters/authParams/proxyParams","proxyAuthnLevel":"generalParameters/authParams/proxyParams","proxySessionService":"generalParameters/authParams/proxyParams","proxyUseSoap":"generalParameters/authParams/proxyParams","radius2fActivation":"generalParameters/secondFactors/radius2f","radius2fAuthnLevel":"generalParameters/secondFactors/radius2f","radius2fLabel":"generalParameters/secondFactors/radius2f","radius2fLogo":"generalParameters/secondFactors/radius2f","radius2fSecret":"generalParameters/secondFactors/radius2f","radius2fServer":"generalParameters/secondFactors/radius2f","radius2fTimeout":"generalParameters/secondFactors/radius2f","radius2fUsernameSessionKey":"generalParameters/secondFactors/radius2f","radiusAuthnLevel":"generalParameters/authParams/radiusParams","radiusSecret":"generalParameters/authParams/radiusParams","radiusServer":"generalParameters/authParams/radiusParams","randomPasswordRegexp":"generalParameters/plugins/passwordManagement/mailOther","redirectFormMethod":"generalParameters/advancedParams/forms","refreshSessions":"generalParameters/plugins","registerConfirmSubject":"generalParameters/plugins/register","registerDB":"generalParameters/authParams","registerDoneSubject":"generalParameters/plugins/register","registerTimeout":"generalParameters/plugins/register","registerUrl":"generalParameters/plugins/register","reloadTimeout":"generalParameters/reloadParams","reloadUrls":"generalParameters/reloadParams","remoteCookieName":"generalParameters/authParams/remoteParams","remoteGlobalStorage":"generalParameters/authParams/remoteParams","remoteGlobalStorageOptions":"generalParameters/authParams/remoteParams","remotePortal":"generalParameters/authParams/remoteParams","requireToken":"generalParameters/advancedParams/security","rest2fActivation":"generalParameters/secondFactors/rest2f","rest2fAuthnLevel":"generalParameters/secondFactors/rest2f","rest2fInitArgs":"generalParameters/secondFactors/rest2f","rest2fInitUrl":"generalParameters/secondFactors/rest2f","rest2fLabel":"generalParameters/secondFactors/rest2f","rest2fLogo":"generalParameters/secondFactors/rest2f","rest2fVerifyArgs":"generalParameters/secondFactors/rest2f","rest2fVerifyUrl":"generalParameters/secondFactors/rest2f","restAuthServer":"generalParameters/plugins/portalServers","restAuthUrl":"generalParameters/authParams/restParams","restAuthnLevel":"generalParameters/authParams/restParams","restClockTolerance":"generalParameters/plugins/portalServers","restConfigServer":"generalParameters/plugins/portalServers","restExportSecretKeys":"generalParameters/plugins/portalServers","restPasswordServer":"generalParameters/plugins/portalServers","restPwdConfirmUrl":"generalParameters/authParams/restParams","restPwdModifyUrl":"generalParameters/authParams/restParams","restSessionServer":"generalParameters/plugins/portalServers","restUserDBUrl":"generalParameters/authParams/restParams","sameSite":"generalParameters/cookieParams","samlAttributeAuthorityDescriptorAttributeServiceSOAP":"samlServiceMetaData/samlAttributeAuthorityDescriptor/samlAttributeAuthorityDescriptorAttributeService","samlAuthnContextMapKerberos":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPassword":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPasswordProtectedTransport":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapTLSClient":"samlServiceMetaData/samlAuthnContextMap","samlCommonDomainCookieActivation":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieDomain":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieReader":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieWriter":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlDiscoveryProtocolActivation":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolIsPassive":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolPolicy":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolURL":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlEntityID":"samlServiceMetaData","samlIDPMetaDataNodes":"","samlIDPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorArtifactResolutionService","samlIDPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorWantAuthnRequestsSigned":"samlServiceMetaData/samlIDPSSODescriptor","samlMetadataForceUTF8":"samlServiceMetaData/samlAdvanced","samlNameIDFormatMapEmail":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapKerberos":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapWindows":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapX509":"samlServiceMetaData/samlNameIDFormatMap","samlOrganizationDisplayName":"samlServiceMetaData/samlOrganization","samlOrganizationName":"samlServiceMetaData/samlOrganization","samlOrganizationURL":"samlServiceMetaData/samlOrganization","samlOverrideIDPEntityID":"samlServiceMetaData/samlAdvanced","samlRelayStateTimeout":"samlServiceMetaData/samlAdvanced","samlSPMetaDataNodes":"","samlSPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorArtifactResolutionService","samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAssertionConsumerServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAuthnRequestsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlSPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorWantAssertionsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlServicePrivateKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeyEncPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePrivateKeySigPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePublicKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePublicKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServiceSignatureMethod":"samlServiceMetaData/samlServiceSecurity","samlServiceUseCertificateInResponse":"samlServiceMetaData/samlServiceSecurity","samlStorage":"samlServiceMetaData/samlAdvanced","samlStorageOptions":"samlServiceMetaData/samlAdvanced","samlUseQueryStringSpecific":"samlServiceMetaData/samlAdvanced","securedCookie":"generalParameters/cookieParams","sessionDataToRemember":"generalParameters/plugins/loginHistory","sfExtra":"generalParameters/secondFactors","sfManagerRule":"generalParameters/secondFactors","sfOnlyUpgrade":"generalParameters/secondFactors","sfRemovedMsgRule":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifMsg":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifRef":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedNotifTitle":"generalParameters/secondFactors/sfRemovedNotification","sfRemovedUseNotif":"generalParameters/secondFactors/sfRemovedNotification","sfRequired":"generalParameters/secondFactors","showLanguages":"generalParameters/portalParams/portalCustomization","singleIP":"generalParameters/sessionParams/multipleSessions","singleSession":"generalParameters/sessionParams/multipleSessions","singleUserByIP":"generalParameters/sessionParams/multipleSessions","skipRenewConfirmation":"generalParameters/advancedParams/portalRedirection","skipUpgradeConfirmation":"generalParameters/advancedParams/portalRedirection","slaveAuthnLevel":"generalParameters/authParams/slaveParams","slaveDisplayLogo":"generalParameters/authParams/slaveParams","slaveExportedVars":"generalParameters/authParams/slaveParams","slaveHeaderContent":"generalParameters/authParams/slaveParams","slaveHeaderName":"generalParameters/authParams/slaveParams","slaveMasterIP":"generalParameters/authParams/slaveParams","slaveUserHeader":"generalParameters/authParams/slaveParams","soapConfigServer":"generalParameters/plugins/portalServers","soapSessionServer":"generalParameters/plugins/portalServers","sslByAjax":"generalParameters/authParams/sslParams","sslHost":"generalParameters/authParams/sslParams","stayConnected":"generalParameters/plugins/stayConnect","stayConnectedCookieName":"generalParameters/plugins/stayConnect","stayConnectedTimeout":"generalParameters/plugins/stayConnect","storePassword":"generalParameters/sessionParams","successLoginNumber":"generalParameters/plugins/loginHistory","timeout":"generalParameters/sessionParams","timeoutActivity":"generalParameters/sessionParams","timeoutActivityInterval":"generalParameters/sessionParams","tokenUseGlobalStorage":"generalParameters/advancedParams/security","totp2fActivation":"generalParameters/secondFactors/totp2f","totp2fAuthnLevel":"generalParameters/secondFactors/totp2f","totp2fDigits":"generalParameters/secondFactors/totp2f","totp2fDisplayExistingSecret":"generalParameters/secondFactors/totp2f","totp2fInterval":"generalParameters/secondFactors/totp2f","totp2fIssuer":"generalParameters/secondFactors/totp2f","totp2fLabel":"generalParameters/secondFactors/totp2f","totp2fLogo":"generalParameters/secondFactors/totp2f","totp2fRange":"generalParameters/secondFactors/totp2f","totp2fSelfRegistration":"generalParameters/secondFactors/totp2f","totp2fTTL":"generalParameters/secondFactors/totp2f","totp2fUserCanChangeKey":"generalParameters/secondFactors/totp2f","totp2fUserCanRemoveKey":"generalParameters/secondFactors/totp2f","trustedDomains":"generalParameters/advancedParams/security","twitterAppName":"generalParameters/authParams/twitterParams","twitterAuthnLevel":"generalParameters/authParams/twitterParams","twitterKey":"generalParameters/authParams/twitterParams","twitterSecret":"generalParameters/authParams/twitterParams","twitterUserField":"generalParameters/authParams/twitterParams","u2fActivation":"generalParameters/secondFactors/u2f","u2fAuthnLevel":"generalParameters/secondFactors/u2f","u2fLabel":"generalParameters/secondFactors/u2f","u2fLogo":"generalParameters/secondFactors/u2f","u2fSelfRegistration":"generalParameters/secondFactors/u2f","u2fTTL":"generalParameters/secondFactors/u2f","u2fUserCanRemoveKey":"generalParameters/secondFactors/u2f","upgradeSession":"generalParameters/plugins","useRedirectOnError":"generalParameters/advancedParams/redirection","useRedirectOnForbidden":"generalParameters/advancedParams/redirection","useSafeJail":"generalParameters/advancedParams/security","userControl":"generalParameters/advancedParams/security","userDB":"generalParameters/authParams","userPivot":"generalParameters/authParams/dbiParams/dbiSchema","utotp2fActivation":"generalParameters/secondFactors/utotp2f","utotp2fAuthnLevel":"generalParameters/secondFactors/utotp2f","utotp2fLabel":"generalParameters/secondFactors/utotp2f","utotp2fLogo":"generalParameters/secondFactors/utotp2f","virtualHosts":"","webIDAuthnLevel":"generalParameters/authParams/webidParams","webIDExportedVars":"generalParameters/authParams/webidParams","webIDWhitelist":"generalParameters/authParams/webidParams","whatToTrace":"generalParameters/logParams","wsdlServer":"generalParameters/plugins/portalServers","yubikey2fActivation":"generalParameters/secondFactors/yubikey2f","yubikey2fAuthnLevel":"generalParameters/secondFactors/yubikey2f","yubikey2fClientID":"generalParameters/secondFactors/yubikey2f","yubikey2fFromSessionAttribute":"generalParameters/secondFactors/yubikey2f","yubikey2fLabel":"generalParameters/secondFactors/yubikey2f","yubikey2fLogo":"generalParameters/secondFactors/yubikey2f","yubikey2fNonce":"generalParameters/secondFactors/yubikey2f","yubikey2fPublicIDSize":"generalParameters/secondFactors/yubikey2f","yubikey2fSecretKey":"generalParameters/secondFactors/yubikey2f","yubikey2fSelfRegistration":"generalParameters/secondFactors/yubikey2f","yubikey2fTTL":"generalParameters/secondFactors/yubikey2f","yubikey2fUrl":"generalParameters/secondFactors/yubikey2f","yubikey2fUserCanRemoveKey":"generalParameters/secondFactors/yubikey2f"}
\ No newline at end of file
diff --git a/lemonldap-ng-manager/site/htdocs/static/struct.json b/lemonldap-ng-manager/site/htdocs/static/struct.json
index 45c8c190c..c4ba666b9 100644
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
@@ -1 +1 @@
-[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"},{"id":"krbAllowedDomains","title":"krbAllowedDomains"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":10,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":10,"id":"ldapIOTimeout","title":"ldapIOTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":1,"id":"displaySessionId","title":"displaySessionId","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":2592000,"id":"stayConnectedTimeout","title":"stayConnectedTimeout","type":"int"},{"default":"llngconnection","id":"stayConnectedCookieName","title":"stayConnectedCookieName"}],"help":"stayconnected.html","id":"stayConnect","title":"stayConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"},{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"help":"portalservers.html","id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetcertificate.html","id":"certificateResetByMailManagement","title":"certificateResetByMailManagement"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"},{"cnodes":"checkUserHiddenHeaders","id":"checkUserHiddenHeaders","title":"checkUserHiddenHeaders","type":"keyTextContainer"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"},{"default":0,"id":"findUser","title":"findUser","type":"bool"},{"cnodes":"findUserSearchingAttributes","id":"findUserSearchingAttributes","title":"findUserSearchingAttributes","type":"keyTextContainer"},{"cnodes":"findUserExcludingAttributes","id":"findUserExcludingAttributes","title":"findUserExcludingAttributes","type":"keyTextContainer"}],"help":"impersonation.html","id":"impersonation","title":"impersonation"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"default":0,"id":"totp2fDisplayExistingSecret","title":"totp2fDisplayExistingSecret","type":"bool"},{"default":0,"id":"totp2fUserCanChangeKey","title":"totp2fUserCanChangeKey","type":"bool"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"},{"id":"mail2fSessionKey","title":"mail2fSessionKey"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":0,"help":"safejail.html","id":"avoidAssignment","title":"avoidAssignment","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"15, 30, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}]
\ No newline at end of file
+[{"_nodes":[{"_nodes":[{"default":"http://auth.example.com/","id":"portal","title":"portal"},{"_nodes":[{"_nodes":[{"default":1,"id":"portalDisplayLogout","title":"portalDisplayLogout","type":"boolOrExpr"},{"default":"$_auth =~ /^(LDAP|DBI|Demo)$/","id":"portalDisplayChangePassword","title":"portalDisplayChangePassword","type":"boolOrExpr"},{"default":1,"id":"portalDisplayAppslist","title":"portalDisplayAppslist","type":"boolOrExpr"},{"default":1,"id":"portalDisplayLoginHistory","title":"portalDisplayLoginHistory","type":"boolOrExpr"},{"default":"$_oidcConsents && $_oidcConsents =~ /\\w+/","id":"portalDisplayOidcConsents","title":"portalDisplayOidcConsents","type":"boolOrExpr"}],"id":"portalModules","title":"portalModules","type":"simpleInputContainer"},{"cnodes":"applicationList","default":[{"data":{"catname":"Default category","type":"category"},"id":"applicationList/default","title":"default","type":"catAndAppList"}],"help":"portalmenu.html#categories-and-applications","id":"applicationList","title":"applicationList","type":"catAndAppList"}],"help":"portalmenu.html","id":"portalMenu","title":"portalMenu"},{"_nodes":[{"default":"common/logos/logo_llng_400px.png","id":"portalMainLogo","title":"portalMainLogo"},{"default":1,"id":"showLanguages","title":"showLanguages","type":"bool"},{"id":"portalCustomCss","title":"portalCustomCss"},{"default":"bootstrap","id":"portalSkin","select":[{"k":"bootstrap","v":"Bootstrap"}],"title":"portalSkin","type":"portalskin"},{"id":"portalSkinBackground","select":[{"k":"","v":"None"},{"k":"1280px-Anse_Source_d'Argent_2-La_Digue.jpg","v":"Anse"},{"k":"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg","v":"Waterfall"},{"k":"1280px-BrockenSnowedTrees.jpg","v":"Snowed Trees"},{"k":"1280px-Cedar_Breaks_National_Monument_partially.jpg","v":"National Monument"},{"k":"1280px-Parry_Peak_from_Winter_Park.jpg","v":"Winter"},{"k":"Aletschgletscher_mit_Pinus_cembra1.jpg","v":"Pinus"}],"title":"portalSkinBackground","type":"portalskinbackground"},{"cnodes":"portalSkinRules","help":"portalcustom.html","id":"portalSkinRules","title":"portalSkinRules","type":"keyTextContainer"},{"_nodes":[{"default":1,"id":"portalCheckLogins","title":"portalCheckLogins","type":"bool"},{"default":0,"id":"portalDisplayResetPassword","title":"portalDisplayResetPassword","type":"bool"},{"default":3,"id":"passwordResetAllowedRetries","title":"passwordResetAllowedRetries","type":"int"},{"default":1,"id":"portalDisplayRegister","title":"portalDisplayRegister","type":"bool"},{"default":0,"id":"portalDisplayCertificateResetByMail","title":"portalDisplayCertificateResetByMail","type":"bool"}],"help":"portalcustom.html#buttons","id":"portalButtons","title":"portalButtons","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"portalRequireOldPassword","title":"portalRequireOldPassword","type":"boolOrExpr"},{"default":0,"id":"hideOldPassword","title":"hideOldPassword","type":"bool"},{"default":0,"id":"mailOnPasswordChange","title":"mailOnPasswordChange","type":"bool"}],"help":"portalcustom.html#password-management","id":"passwordManagement","title":"passwordManagement","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"passwordPolicyActivation","title":"passwordPolicyActivation","type":"boolOrExpr"},{"default":0,"id":"portalDisplayPasswordPolicy","title":"portalDisplayPasswordPolicy","type":"bool"},{"default":0,"id":"passwordPolicyMinSize","title":"passwordPolicyMinSize","type":"int"},{"default":0,"id":"passwordPolicyMinLower","title":"passwordPolicyMinLower","type":"int"},{"default":0,"id":"passwordPolicyMinUpper","title":"passwordPolicyMinUpper","type":"int"},{"default":0,"id":"passwordPolicyMinDigit","title":"passwordPolicyMinDigit","type":"int"},{"default":0,"id":"passwordPolicyMinSpeChar","title":"passwordPolicyMinSpeChar","type":"int"},{"default":"__ALL__","id":"passwordPolicySpecialChar","title":"passwordPolicySpecialChar"}],"help":"portalcustom.html#password-policy","id":"passwordPolicy","title":"passwordPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":"_user","id":"portalUserAttr","title":"portalUserAttr"},{"default":0,"id":"portalOpenLinkInNewWindow","title":"portalOpenLinkInNewWindow","type":"bool"},{"default":1,"id":"portalAntiFrame","title":"portalAntiFrame","type":"bool"},{"default":60000,"id":"portalPingInterval","title":"portalPingInterval","type":"int"},{"default":1,"id":"portalErrorOnExpiredSession","title":"portalErrorOnExpiredSession","type":"bool"},{"default":0,"id":"portalErrorOnMailNotFound","title":"portalErrorOnMailNotFound","type":"bool"},{"default":1,"id":"portalDisplayRefreshMyRights","title":"portalDisplayRefreshMyRights","type":"bool"}],"help":"portalcustom.html#other-parameters","id":"portalOther","title":"portalOther","type":"simpleInputContainer"}],"help":"portalcustom.html","id":"portalCustomization","title":"portalCustomization"},{"_nodes":[{"default":0,"id":"captcha_login_enabled","title":"captcha_login_enabled","type":"bool"},{"default":1,"id":"captcha_mail_enabled","title":"captcha_mail_enabled","type":"bool"},{"default":1,"id":"captcha_register_enabled","title":"captcha_register_enabled","type":"bool"},{"default":6,"id":"captcha_size","title":"captcha_size","type":"int"}],"help":"captcha.html","id":"portalCaptcha","title":"portalCaptcha","type":"simpleInputContainer"}],"help":"portal.html","id":"portalParams","title":"portalParams"},{"_nodes":[{"default":"Demo","id":"authentication","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"Choice","v":"authChoice"},{"k":"Combination","v":"combineMods"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"authentication","type":"select"},{"default":"Same","id":"userDB","select":[{"k":"Same","v":"Same"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"userDB","type":"select"},{"default":"Demo","id":"passwordDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Choice","v":"authChoice"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"passwordDB","type":"select"},{"default":"Null","id":"registerDB","select":[{"k":"AD","v":"Active Directory"},{"k":"Demo","v":"Demonstration"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"registerDB","type":"select"}],"_nodes_cond":[{"_nodes":[{"default":0,"id":"ADPwdMaxAge","title":"ADPwdMaxAge","type":"int"},{"default":0,"id":"ADPwdExpireWarning","title":"ADPwdExpireWarning","type":"int"}],"help":"authad.html","id":"adParams","show":false,"title":"adParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lmAuth","id":"authChoiceParam","title":"authChoiceParam"},{"cnodes":"authChoiceModules","id":"authChoiceModules","select":[[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"Facebook","v":"Facebook"},{"k":"LDAP","v":"LDAP"},{"k":"Null","v":"None"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"Proxy","v":"Proxy"},{"k":"REST","v":"REST"},{"k":"Remote","v":"Remote"},{"k":"SAML","v":"SAML v2"},{"k":"Slave","v":"Slave"},{"k":"WebID","v":"WebID"},{"k":"Custom","v":"customModule"}],[{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Demo","v":"Demo"},{"k":"LDAP","v":"LDAP"},{"k":"REST","v":"REST"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}]],"title":"authChoiceModules","type":"authChoiceContainer"},{"id":"authChoiceAuthBasic","title":"authChoiceAuthBasic"}],"help":"authchoice.html","id":"choiceParams","show":false,"title":"choiceParams"},{"_nodes":[{"default":3,"id":"apacheAuthnLevel","title":"apacheAuthnLevel","type":"int"}],"help":"authapache.html","id":"apacheParams","show":false,"title":"apacheParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"casAuthnLevel","title":"casAuthnLevel","type":"int"}],"help":"authcas.html","id":"casParams","show":false,"title":"casParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"dbiAuthnLevel","title":"dbiAuthnLevel","type":"int"},{"cnodes":"dbiExportedVars","default":[],"id":"dbiExportedVars","title":"dbiExportedVars","type":"keyTextContainer"},{"_nodes":[{"_nodes":[{"id":"dbiAuthChain","title":"dbiAuthChain"},{"id":"dbiAuthUser","title":"dbiAuthUser"},{"id":"dbiAuthPassword","title":"dbiAuthPassword","type":"password"}],"id":"dbiConnectionAuth","title":"dbiConnectionAuth","type":"simpleInputContainer"},{"_nodes":[{"id":"dbiUserChain","title":"dbiUserChain"},{"id":"dbiUserUser","title":"dbiUserUser"},{"id":"dbiUserPassword","title":"dbiUserPassword","type":"password"}],"id":"dbiConnectionUser","title":"dbiConnectionUser","type":"simpleInputContainer"}],"help":"authdbi.html#connection","id":"dbiConnection","title":"dbiConnection"},{"_nodes":[{"id":"dbiAuthTable","title":"dbiAuthTable"},{"id":"dbiUserTable","title":"dbiUserTable"},{"id":"dbiAuthLoginCol","title":"dbiAuthLoginCol"},{"id":"dbiAuthPasswordCol","title":"dbiAuthPasswordCol"},{"id":"dbiPasswordMailCol","title":"dbiPasswordMailCol"},{"id":"userPivot","title":"userPivot"}],"help":"authdbi.html#schema","id":"dbiSchema","title":"dbiSchema","type":"simpleInputContainer"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiAuthPasswordHash","title":"dbiAuthPasswordHash"},{"_nodes":[{"help":"authdbi.html#password","id":"dbiDynamicHashEnabled","title":"dbiDynamicHashEnabled","type":"bool"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSchemes","title":"dbiDynamicHashValidSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashValidSaltedSchemes","title":"dbiDynamicHashValidSaltedSchemes"},{"help":"authdbi.html#password","id":"dbiDynamicHashNewPasswordScheme","title":"dbiDynamicHashNewPasswordScheme"}],"help":"authdbi.html#password","id":"dbiDynamicHash","title":"dbiDynamicHash","type":"simpleInputContainer"}],"help":"authdbi.html#password","id":"dbiPassword","title":"dbiPassword"}],"help":"authdbi.html","id":"dbiParams","show":false,"title":"dbiParams"},{"_nodes":[{"cnodes":"demoExportedVars","default":[{"data":"cn","id":"demoExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"demoExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"demoExportedVars/uid","title":"uid","type":"keyText"}],"id":"demoExportedVars","title":"demoExportedVars","type":"keyTextContainer"}],"help":"authdemo.html","id":"demoParams","show":false,"title":"demoParams"},{"_nodes":[{"default":1,"id":"facebookAuthnLevel","title":"facebookAuthnLevel","type":"int"},{"cnodes":"facebookExportedVars","default":[],"id":"facebookExportedVars","title":"facebookExportedVars","type":"keyTextContainer"},{"id":"facebookAppId","title":"facebookAppId"},{"id":"facebookAppSecret","title":"facebookAppSecret"},{"default":"id","id":"facebookUserField","title":"facebookUserField"}],"help":"authfacebook.html","id":"facebookParams","show":false,"title":"facebookParams"},{"_nodes":[{"default":3,"id":"krbAuthnLevel","title":"krbAuthnLevel","type":"int"},{"id":"krbKeytab","title":"krbKeytab"},{"default":0,"id":"krbByJs","title":"krbByJs","type":"bool"},{"default":1,"id":"krbRemoveDomain","title":"krbRemoveDomain","type":"bool"},{"id":"krbAllowedDomains","title":"krbAllowedDomains"}],"help":"authkerberos.html","id":"kerberosParams","show":false,"title":"kerberosParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"ldapAuthnLevel","title":"ldapAuthnLevel","type":"int"},{"cnodes":"ldapExportedVars","default":[{"data":"cn","id":"ldapExportedVars/cn","title":"cn","type":"keyText"},{"data":"mail","id":"ldapExportedVars/mail","title":"mail","type":"keyText"},{"data":"uid","id":"ldapExportedVars/uid","title":"uid","type":"keyText"}],"id":"ldapExportedVars","title":"ldapExportedVars","type":"keyTextContainer"},{"_nodes":[{"default":"ldap://localhost","id":"ldapServer","title":"ldapServer"},{"id":"ldapPort","title":"ldapPort","type":"int"},{"default":"require","id":"ldapVerify","select":[{"k":"none","v":"None"},{"k":"optional","v":"Optional"},{"k":"require","v":"Require"}],"title":"ldapVerify","type":"select"},{"default":"dc=example,dc=com","id":"ldapBase","title":"ldapBase"},{"default":"","id":"managerDn","title":"managerDn"},{"default":"","id":"managerPassword","title":"managerPassword","type":"password"},{"default":10,"id":"ldapTimeout","title":"ldapTimeout","type":"int"},{"default":10,"id":"ldapIOTimeout","title":"ldapIOTimeout","type":"int"},{"default":3,"id":"ldapVersion","title":"ldapVersion","type":"int"},{"id":"ldapRaw","title":"ldapRaw"},{"id":"ldapCAFile","title":"ldapCAFile"},{"id":"ldapCAPath","title":"ldapCAPath"}],"help":"authldap.html#connection","id":"ldapConnection","title":"ldapConnection","type":"simpleInputContainer"},{"_nodes":[{"id":"LDAPFilter","title":"LDAPFilter"},{"id":"AuthLDAPFilter","title":"AuthLDAPFilter"},{"id":"mailLDAPFilter","title":"mailLDAPFilter"},{"default":"find","id":"ldapSearchDeref","select":[{"k":"never","v":"never"},{"k":"search","v":"search"},{"k":"find","v":"find"},{"k":"always","v":"always"}],"title":"ldapSearchDeref","type":"select"}],"help":"authldap.html#filters","id":"ldapFilters","title":"ldapFilters","type":"simpleInputContainer"},{"_nodes":[{"id":"ldapGroupBase","title":"ldapGroupBase"},{"default":"groupOfNames","id":"ldapGroupObjectClass","title":"ldapGroupObjectClass"},{"default":"member","id":"ldapGroupAttributeName","title":"ldapGroupAttributeName"},{"default":"dn","id":"ldapGroupAttributeNameUser","title":"ldapGroupAttributeNameUser"},{"default":"cn","id":"ldapGroupAttributeNameSearch","title":"ldapGroupAttributeNameSearch"},{"default":0,"id":"ldapGroupDecodeSearchedValue","title":"ldapGroupDecodeSearchedValue","type":"bool"},{"default":0,"id":"ldapGroupRecursive","title":"ldapGroupRecursive","type":"bool"},{"default":"dn","id":"ldapGroupAttributeNameGroup","title":"ldapGroupAttributeNameGroup"}],"help":"authldap.html#groups","id":"ldapGroups","title":"ldapGroups","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ldapPpolicyControl","title":"ldapPpolicyControl","type":"bool"},{"default":0,"id":"ldapSetPassword","title":"ldapSetPassword","type":"bool"},{"default":0,"id":"ldapChangePasswordAsUser","title":"ldapChangePasswordAsUser","type":"bool"},{"default":"utf-8","id":"ldapPwdEnc","title":"ldapPwdEnc"},{"default":1,"id":"ldapUsePasswordResetAttribute","title":"ldapUsePasswordResetAttribute","type":"bool"},{"default":"pwdReset","id":"ldapPasswordResetAttribute","title":"ldapPasswordResetAttribute"},{"default":"TRUE","id":"ldapPasswordResetAttributeValue","title":"ldapPasswordResetAttributeValue"},{"default":0,"id":"ldapAllowResetExpiredPassword","title":"ldapAllowResetExpiredPassword","type":"bool"},{"default":0,"id":"ldapITDS","title":"ldapITDS","type":"bool"}],"help":"authldap.html#password","id":"ldapPassword","title":"ldapPassword","type":"simpleInputContainer"}],"help":"authldap.html","id":"ldapParams","show":false,"title":"ldapParams"},{"_nodes":[{"default":1,"id":"linkedInAuthnLevel","title":"linkedInAuthnLevel","type":"int"},{"id":"linkedInClientID","title":"linkedInClientID"},{"id":"linkedInClientSecret","title":"linkedInClientSecret","type":"password"},{"default":"id,first-name,last-name,email-address","id":"linkedInFields","title":"linkedInFields"},{"default":"emailAddress","id":"linkedInUserField","title":"linkedInUserField"},{"default":"r_liteprofile r_emailaddress","id":"linkedInScope","title":"linkedInScope"}],"help":"authlinkedin.html","id":"linkedinParams","show":false,"title":"linkedinParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"githubAuthnLevel","title":"githubAuthnLevel","type":"int"},{"id":"githubClientID","title":"githubClientID"},{"id":"githubClientSecret","title":"githubClientSecret","type":"password"},{"default":"login","id":"githubUserField","title":"githubUserField"},{"default":"user:email","id":"githubScope","title":"githubScope"}],"help":"authgithub.html","id":"githubParams","show":false,"title":"githubParams","type":"simpleInputContainer"},{"_nodes":[{"id":"combination","title":"combination"},{"cnodes":"combModules","id":"combModules","select":[{"k":"Apache","v":"Apache"},{"k":"AD","v":"Active Directory"},{"k":"DBI","v":"Database (DBI)"},{"k":"Facebook","v":"Facebook"},{"k":"GitHub","v":"GitHub"},{"k":"GPG","v":"GPG"},{"k":"Kerberos","v":"Kerberos"},{"k":"LDAP","v":"LDAP"},{"k":"LinkedIn","v":"LinkedIn"},{"k":"PAM","v":"PAM"},{"k":"Radius","v":"Radius"},{"k":"REST","v":"REST"},{"k":"SSL","v":"SSL"},{"k":"Twitter","v":"Twitter"},{"k":"WebID","v":"WebID"},{"k":"Demo","v":"Demonstration"},{"k":"CAS","v":"Central Authentication Service (CAS)"},{"k":"OpenID","v":"OpenID"},{"k":"OpenIDConnect","v":"OpenID Connect"},{"k":"SAML","v":"SAML v2"},{"k":"Proxy","v":"Proxy"},{"k":"Remote","v":"Remote"},{"k":"Slave","v":"Slave"},{"k":"Null","v":"None"},{"k":"Custom","v":"customModule"}],"title":"combModules","type":"cmbModuleContainer"}],"help":"authcombination.html","id":"combinationParams","show":false,"title":"combinationParams"},{"_nodes":[{"default":0,"id":"nullAuthnLevel","title":"nullAuthnLevel","type":"int"}],"help":"authnull.html","id":"nullParams","show":false,"title":"nullParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"openIdAuthnLevel","title":"openIdAuthnLevel","type":"int"},{"cnodes":"openIdExportedVars","default":[],"id":"openIdExportedVars","title":"openIdExportedVars","type":"keyTextContainer"},{"id":"openIdSecret","title":"openIdSecret"},{"default":"0;","id":"openIdIDPList","title":"openIdIDPList","type":"blackWhiteList"}],"help":"authopenid.html","id":"openidParams","show":false,"title":"openidParams"},{"_nodes":[{"default":1,"id":"oidcAuthnLevel","title":"oidcAuthnLevel","type":"int"},{"default":"openidconnectcallback","id":"oidcRPCallbackGetParam","title":"oidcRPCallbackGetParam"},{"default":600,"id":"oidcRPStateTimeout","title":"oidcRPStateTimeout","type":"int"}],"help":"authopenidconnect.html","id":"oidcParams","show":false,"title":"oidcParams","type":"simpleInputContainer"},{"_nodes":[{"default":5,"id":"gpgAuthnLevel","title":"gpgAuthnLevel","type":"int"},{"default":"","id":"gpgDb","title":"gpgDb"}],"help":"authgpg.html","id":"gpgParams","show":false,"title":"gpgParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"proxyAuthnLevel","title":"proxyAuthnLevel","type":"int"},{"id":"proxyAuthService","title":"proxyAuthService"},{"id":"proxySessionService","title":"proxySessionService"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":0,"id":"proxyUseSoap","title":"proxyUseSoap","type":"bool"}],"help":"authproxy.html","id":"proxyParams","show":false,"title":"proxyParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"pamAuthnLevel","title":"pamAuthnLevel","type":"int"},{"default":"login","id":"pamService","title":"pamService"}],"help":"authpam.html","id":"pamParams","show":false,"title":"pamParams","type":"simpleInputContainer"},{"_nodes":[{"default":3,"id":"radiusAuthnLevel","title":"radiusAuthnLevel","type":"int"},{"id":"radiusSecret","title":"radiusSecret"},{"id":"radiusServer","title":"radiusServer"}],"help":"authradius.html","id":"radiusParams","show":false,"title":"radiusParams","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"restAuthnLevel","title":"restAuthnLevel","type":"int"},{"id":"restAuthUrl","title":"restAuthUrl"},{"id":"restUserDBUrl","title":"restUserDBUrl"},{"id":"restPwdConfirmUrl","title":"restPwdConfirmUrl"},{"id":"restPwdModifyUrl","title":"restPwdModifyUrl"}],"help":"authrest.html","id":"restParams","show":false,"title":"restParams","type":"simpleInputContainer"},{"_nodes":[{"id":"remotePortal","title":"remotePortal"},{"id":"remoteCookieName","title":"remoteCookieName"},{"default":"Lemonldap::NG::Common::Apache::Session::SOAP","id":"remoteGlobalStorage","title":"remoteGlobalStorage"},{"cnodes":"remoteGlobalStorageOptions","default":[{"data":"http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService","id":"remoteGlobalStorageOptions/ns","title":"ns","type":"keyText"},{"data":"http://auth.example.com/sessions","id":"remoteGlobalStorageOptions/proxy","title":"proxy","type":"keyText"}],"id":"remoteGlobalStorageOptions","title":"remoteGlobalStorageOptions","type":"keyTextContainer"}],"help":"authremote.html","id":"remoteParams","show":false,"title":"remoteParams"},{"_nodes":[{"default":2,"id":"slaveAuthnLevel","title":"slaveAuthnLevel","type":"int"},{"id":"slaveUserHeader","title":"slaveUserHeader"},{"id":"slaveMasterIP","title":"slaveMasterIP"},{"id":"slaveHeaderName","title":"slaveHeaderName"},{"id":"slaveHeaderContent","title":"slaveHeaderContent"},{"default":0,"id":"slaveDisplayLogo","title":"slaveDisplayLogo","type":"bool"},{"cnodes":"slaveExportedVars","default":[],"id":"slaveExportedVars","title":"slaveExportedVars","type":"keyTextContainer"}],"help":"authslave.html","id":"slaveParams","show":false,"title":"slaveParams"},{"_nodes":[{"default":5,"id":"SSLAuthnLevel","title":"SSLAuthnLevel","type":"int"},{"default":"SSL_CLIENT_S_DN_Email","id":"SSLVar","title":"SSLVar"},{"cnodes":"SSLVarIf","default":[],"id":"SSLVarIf","title":"SSLVarIf","type":"keyTextContainer"},{"default":0,"id":"sslByAjax","title":"sslByAjax","type":"bool"},{"id":"sslHost","title":"sslHost"}],"help":"authssl.html","id":"sslParams","show":false,"title":"sslParams"},{"_nodes":[{"default":1,"id":"twitterAuthnLevel","title":"twitterAuthnLevel","type":"int"},{"id":"twitterKey","title":"twitterKey"},{"id":"twitterSecret","title":"twitterSecret"},{"id":"twitterAppName","title":"twitterAppName"},{"default":"screen_name","id":"twitterUserField","title":"twitterUserField"}],"help":"authtwitter.html","id":"twitterParams","show":false,"title":"twitterParams","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"webIDAuthnLevel","title":"webIDAuthnLevel","type":"int"},{"cnodes":"webIDExportedVars","default":[],"id":"webIDExportedVars","title":"webIDExportedVars","type":"keyTextContainer"},{"id":"webIDWhitelist","title":"webIDWhitelist"}],"help":"authwebid.html","id":"webidParams","show":false,"title":"webidParams"},{"_nodes":[{"id":"customAuth","title":"customAuth"},{"id":"customUserDB","title":"customUserDB"},{"id":"customPassword","title":"customPassword"},{"id":"customRegister","title":"customRegister"},{"id":"customResetCertByMail","title":"customResetCertByMail"},{"cnodes":"customAddParams","id":"customAddParams","title":"customAddParams","type":"keyTextContainer"}],"help":"authcustom.html","id":"customParams","show":false,"title":"customParams"}],"_nodes_filter":"authParams","help":"start.html#authentication-users-and-password-databases","id":"authParams","title":"authParams","type":"authParams"},{"_nodes":[{"_nodes":[{"default":0,"id":"issuerDBSAMLActivation","title":"issuerDBSAMLActivation","type":"bool"},{"default":"^/saml/","id":"issuerDBSAMLPath","title":"issuerDBSAMLPath"},{"default":1,"id":"issuerDBSAMLRule","title":"issuerDBSAMLRule","type":"boolOrExpr"}],"help":"idpsaml.html","id":"issuerDBSAML","title":"issuerDBSAML","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBCASActivation","title":"issuerDBCASActivation","type":"bool"},{"default":"^/cas/","id":"issuerDBCASPath","title":"issuerDBCASPath"},{"default":1,"id":"issuerDBCASRule","title":"issuerDBCASRule","type":"boolOrExpr"}],"help":"idpcas.html#enabling-cas","id":"issuerDBCAS","title":"issuerDBCAS","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDActivation","title":"issuerDBOpenIDActivation","type":"bool"},{"default":"^/openidserver/","id":"issuerDBOpenIDPath","title":"issuerDBOpenIDPath"},{"default":1,"id":"issuerDBOpenIDRule","title":"issuerDBOpenIDRule","type":"boolOrExpr"},{"_nodes":[{"id":"openIdIssuerSecret","title":"openIdIssuerSecret"},{"id":"openIdAttr","title":"openIdAttr"},{"default":"0;","id":"openIdSPList","title":"openIdSPList","type":"blackWhiteList"},{"_nodes":[{"default":"cn","id":"openIdSreg_fullname","title":"openIdSreg_fullname"},{"default":"uid","id":"openIdSreg_nickname","title":"openIdSreg_nickname"},{"id":"openIdSreg_language","title":"openIdSreg_language"},{"id":"openIdSreg_postcode","title":"openIdSreg_postcode"},{"default":"_timezone","id":"openIdSreg_timezone","title":"openIdSreg_timezone"},{"id":"openIdSreg_country","title":"openIdSreg_country"},{"id":"openIdSreg_gender","title":"openIdSreg_gender"},{"default":"mail","id":"openIdSreg_email","title":"openIdSreg_email"},{"id":"openIdSreg_dob","title":"openIdSreg_dob"}],"id":"openIdSreg","title":"openIdSreg","type":"simpleInputContainer"}],"id":"issuerDBOpenIDOptions","title":"issuerDBOpenIDOptions"}],"help":"idpopenid.html","id":"issuerDBOpenID","title":"issuerDBOpenID"},{"_nodes":[{"default":0,"id":"issuerDBOpenIDConnectActivation","title":"issuerDBOpenIDConnectActivation","type":"bool"},{"default":"^/oauth2/","id":"issuerDBOpenIDConnectPath","title":"issuerDBOpenIDConnectPath"},{"default":1,"id":"issuerDBOpenIDConnectRule","title":"issuerDBOpenIDConnectRule","type":"boolOrExpr"}],"help":"idpopenidconnect.html","id":"issuerDBOpenIDConnect","title":"issuerDBOpenIDConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"issuerDBGetActivation","title":"issuerDBGetActivation","type":"bool"},{"default":"^/get/","id":"issuerDBGetPath","title":"issuerDBGetPath"},{"default":1,"id":"issuerDBGetRule","title":"issuerDBGetRule","type":"boolOrExpr"},{"default":[],"id":"issuerDBGetParameters","title":"issuerDBGetParameters","type":"doubleHash"}],"help":"issuerdbget.html","id":"issuerDBGet","title":"issuerDBGet"},{"_nodes":[{"default":120,"id":"issuersTimeout","title":"issuersTimeout","type":"int"}],"help":"start.html#options","id":"issuerOptions","title":"issuerOptions","type":"simpleInputContainer"}],"help":"start.html#identity-provider","id":"issuerParams","title":"issuerParams"},{"_nodes":[{"default":"uid","id":"whatToTrace","title":"whatToTrace"},{"id":"customToTrace","title":"customToTrace"},{"default":"_password _2fDevices","id":"hiddenAttributes","title":"hiddenAttributes"}],"help":"logs.html","id":"logParams","title":"logParams","type":"simpleInputContainer"},{"_nodes":[{"default":"lemonldap","id":"cookieName","title":"cookieName"},{"default":"example.com","id":"domain","title":"domain"},{"default":0,"id":"cda","title":"cda","type":"bool"},{"default":0,"id":"securedCookie","select":[{"k":"0","v":"unsecuredCookie"},{"k":"1","v":"securedCookie"},{"k":"2","v":"doubleCookie"},{"k":"3","v":"doubleCookieForSingleSession"}],"title":"securedCookie","type":"select"},{"default":1,"id":"httpOnly","title":"httpOnly","type":"bool"},{"id":"cookieExpiration","title":"cookieExpiration","type":"int"},{"default":"","id":"sameSite","select":[{"k":"","v":""},{"k":"Strict","v":"Strict"},{"k":"Lax","v":"Lax"},{"k":"None","v":"None"}],"title":"sameSite","type":"select"}],"help":"ssocookie.html","id":"cookieParams","title":"cookieParams","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"storePassword","title":"storePassword","type":"bool"},{"default":1,"id":"displaySessionId","title":"displaySessionId","type":"bool"},{"default":72000,"id":"timeout","title":"timeout","type":"int"},{"default":0,"id":"timeoutActivity","title":"timeoutActivity","type":"int"},{"default":60,"id":"timeoutActivityInterval","title":"timeoutActivityInterval","type":"int"},{"cnodes":"grantSessionRules","default":[],"id":"grantSessionRules","title":"grantSessionRules","type":"grantContainer"},{"_nodes":[{"default":"Apache::Session::File","id":"globalStorage","title":"globalStorage"},{"cnodes":"globalStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/sessions/","id":"globalStorageOptions/Directory","title":"Directory","type":"keyText"},{"data":"/var/lib/lemonldap-ng/sessions/lock/","id":"globalStorageOptions/LockDirectory","title":"LockDirectory","type":"keyText"},{"data":"Lemonldap::NG::Common::Apache::Session::Generate::SHA256","id":"globalStorageOptions/generateModule","title":"generateModule","type":"keyText"}],"id":"globalStorageOptions","title":"globalStorageOptions","type":"keyTextContainer"},{"default":"Cache::FileCache","id":"localSessionStorage","title":"localSessionStorage"},{"cnodes":"localSessionStorageOptions","default":[{"data":3,"id":"localSessionStorageOptions/cache_depth","title":"cache_depth","type":"keyText"},{"data":"/var/cache/lemonldap-ng","id":"localSessionStorageOptions/cache_root","title":"cache_root","type":"keyText"},{"data":600,"id":"localSessionStorageOptions/default_expires_in","title":"default_expires_in","type":"keyText"},{"data":"007","id":"localSessionStorageOptions/directory_umask","title":"directory_umask","type":"keyText"},{"data":"lemonldap-ng-sessions","id":"localSessionStorageOptions/namespace","title":"namespace","type":"keyText"}],"id":"localSessionStorageOptions","title":"localSessionStorageOptions","type":"keyTextContainer"}],"help":"start.html#sessions-database","id":"sessionStorage","title":"sessionStorage"},{"_nodes":[{"default":0,"id":"singleSession","title":"singleSession","type":"boolOrExpr"},{"default":0,"id":"singleIP","title":"singleIP","type":"boolOrExpr"},{"default":0,"id":"singleUserByIP","title":"singleUserByIP","type":"boolOrExpr"},{"default":1,"id":"notifyDeleted","title":"notifyDeleted","type":"bool"},{"default":0,"id":"notifyOther","title":"notifyOther","type":"bool"}],"id":"multipleSessions","title":"multipleSessions","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"disablePersistentStorage","title":"disablePersistentStorage","type":"bool"},{"id":"persistentStorage","title":"persistentStorage"},{"cnodes":"persistentStorageOptions","id":"persistentStorageOptions","title":"persistentStorageOptions","type":"keyTextContainer"}],"id":"persistentSessions","title":"persistentSessions"}],"help":"sessions.html","id":"sessionParams","title":"sessionParams"},{"_nodes":[{"default":5,"id":"reloadTimeout","title":"reloadTimeout","type":"int"},{"default":0,"id":"compactConf","title":"compactConf","type":"bool"},{"cnodes":"reloadUrls","help":"configlocation.html#configuration-reload","id":"reloadUrls","title":"reloadUrls","type":"keyTextContainer"}],"help":"configlocation.html#configuration-reload","id":"reloadParams","title":"reloadParams"},{"_nodes":[{"default":0,"help":"status.html","id":"portalStatus","title":"portalStatus","type":"bool"},{"default":1,"id":"upgradeSession","title":"upgradeSession","type":"bool"},{"id":"refreshSessions","title":"refreshSessions","type":"bool"},{"cnodes":"adaptativeAuthenticationLevelRules","id":"adaptativeAuthenticationLevelRules","title":"adaptativeAuthenticationLevelRules","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"stayConnected","title":"stayConnected","type":"bool"},{"default":2592000,"id":"stayConnectedTimeout","title":"stayConnectedTimeout","type":"int"},{"default":"llngconnection","id":"stayConnectedCookieName","title":"stayConnectedCookieName"}],"help":"stayconnected.html","id":"stayConnect","title":"stayConnect","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"wsdlServer","title":"wsdlServer","type":"bool"},{"default":0,"id":"restExportSecretKeys","title":"restExportSecretKeys","type":"bool"},{"default":15,"id":"restClockTolerance","title":"restClockTolerance","type":"int"},{"default":0,"id":"restSessionServer","title":"restSessionServer","type":"bool"},{"default":0,"id":"restConfigServer","title":"restConfigServer","type":"bool"},{"default":0,"id":"restAuthServer","title":"restAuthServer","type":"bool"},{"default":0,"id":"restPasswordServer","title":"restPasswordServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapSessionServer","title":"soapSessionServer","type":"bool"},{"default":0,"help":"soapservices.html","id":"soapConfigServer","title":"soapConfigServer","type":"bool"},{"id":"exportedAttr","title":"exportedAttr"}],"help":"portalservers.html","id":"portalServers","title":"portalServers","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"loginHistoryEnabled","title":"loginHistoryEnabled","type":"bool"},{"default":5,"id":"successLoginNumber","title":"successLoginNumber","type":"int"},{"default":5,"id":"failedLoginNumber","title":"failedLoginNumber","type":"int"},{"cnodes":"sessionDataToRemember","id":"sessionDataToRemember","title":"sessionDataToRemember","type":"keyTextContainer"}],"help":"loginhistory.html","id":"loginHistory","title":"loginHistory"},{"_nodes":[{"default":0,"id":"notification","title":"notification","type":"bool"},{"default":0,"id":"notificationsExplorer","title":"notificationsExplorer","type":"bool"},{"default":"allusers","id":"notificationWildcard","title":"notificationWildcard"},{"default":0,"id":"oldNotifFormat","title":"oldNotifFormat","type":"bool"},{"id":"notificationXSLTfile","title":"notificationXSLTfile"},{"default":"File","id":"notificationStorage","title":"notificationStorage"},{"cnodes":"notificationStorageOptions","default":[{"data":"/var/lib/lemonldap-ng/notifications","id":"notificationStorageOptions/dirName","title":"dirName","type":"keyText"}],"id":"notificationStorageOptions","title":"notificationStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"notificationServer","title":"notificationServer","type":"bool"},{"default":"","id":"notificationDefaultCond","title":"notificationDefaultCond"},{"default":"uid reference date title subtitle text check","id":"notificationServerSentAttributes","title":"notificationServerSentAttributes"},{"_nodes":[{"default":1,"id":"notificationServerPOST","title":"notificationServerPOST","type":"bool"},{"default":0,"id":"notificationServerGET","title":"notificationServerGET","type":"bool"},{"default":0,"id":"notificationServerDELETE","title":"notificationServerDELETE","type":"bool"}],"id":"notificationServerMethods","title":"notificationServerMethods","type":"simpleInputContainer"}],"help":"notifications.html#notification-server","id":"serverNotification","title":"serverNotification"}],"help":"notifications.html","id":"notifications","title":"notifications"},{"_nodes":[{"_nodes":[{"id":"mailSubject","title":"mailSubject"},{"id":"mailBody","title":"mailBody","type":"longtext"},{"id":"mailConfirmSubject","title":"mailConfirmSubject"},{"id":"mailConfirmBody","title":"mailConfirmBody","type":"longtext"}],"id":"mailContent","title":"mailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/resetpwd","id":"mailUrl","title":"mailUrl"},{"default":0,"id":"mailTimeout","title":"mailTimeout","type":"int"},{"default":1,"id":"portalDisplayGeneratePassword","title":"portalDisplayGeneratePassword","type":"bool"},{"default":"[A-Z]{3}[a-z]{5}.\\d{2}","id":"randomPasswordRegexp","title":"randomPasswordRegexp"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetpassword.html","id":"passwordManagement","title":"passwordManagement"},{"_nodes":[{"_nodes":[{"id":"certificateResetByMailStep1Subject","title":"certificateResetByMailStep1Subject"},{"id":"certificateResetByMailStep1Body","title":"certificateResetByMailStep1Body","type":"longtext"},{"id":"certificateResetByMailStep2Subject","title":"certificateResetByMailStep2Subject"},{"id":"certificateResetByMailStep2Body","title":"certificateResetByMailStep2Body","type":"longtext"}],"id":"certificateMailContent","title":"certificateMailContent","type":"simpleInputContainer"},{"_nodes":[{"default":"http://auth.example.com/certificateReset","id":"certificateResetByMailURL","title":"certificateResetByMailURL"},{"default":"description","id":"certificateResetByMailCeaAttribute","title":"certificateResetByMailCeaAttribute"},{"default":"userCertificate;binary","id":"certificateResetByMailCertificateAttribute","title":"certificateResetByMailCertificateAttribute"},{"default":0,"id":"certificateResetByMailValidityDelay","title":"certificateResetByMailValidityDelay","type":"int"}],"id":"mailOther","title":"mailOther","type":"simpleInputContainer"}],"help":"resetcertificate.html","id":"certificateResetByMailManagement","title":"certificateResetByMailManagement"},{"_nodes":[{"default":"http://auth.example.com/register","id":"registerUrl","title":"registerUrl"},{"default":0,"id":"registerTimeout","title":"registerTimeout","type":"int"},{"id":"registerConfirmSubject","title":"registerConfirmSubject"},{"id":"registerDoneSubject","title":"registerDoneSubject"}],"help":"register.html","id":"register","title":"register","type":"simpleInputContainer"},{"_nodes":[{"cnodes":"autoSigninRules","id":"autoSigninRules","title":"autoSigninRules","type":"keyTextContainer"}],"help":"autosignin.html","id":"autoSignin","title":"autoSignin"},{"_nodes":[{"default":0,"id":"globalLogoutRule","title":"globalLogoutRule","type":"boolOrExpr"},{"default":1,"id":"globalLogoutTimer","title":"globalLogoutTimer","type":"bool"},{"id":"globalLogoutCustomParam","title":"globalLogoutCustomParam"}],"help":"globallogout.html","id":"globalLogout","title":"globalLogout","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkState","title":"checkState","type":"bool"},{"id":"checkStateSecret","title":"checkStateSecret"}],"help":"checkstate.html","id":"stateCheck","title":"stateCheck","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"checkUser","title":"checkUser","type":"bool"},{"default":1,"id":"checkUserIdRule","title":"checkUserIdRule"},{"id":"checkUserUnrestrictedUsersRule","title":"checkUserUnrestrictedUsersRule"},{"default":"_loginHistory _session_id hGroups","id":"checkUserHiddenAttributes","title":"checkUserHiddenAttributes"},{"id":"checkUserSearchAttributes","title":"checkUserSearchAttributes"},{"default":1,"id":"checkUserDisplayComputedSession","title":"checkUserDisplayComputedSession","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyHeaders","title":"checkUserDisplayEmptyHeaders","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayEmptyValues","title":"checkUserDisplayEmptyValues","type":"boolOrExpr"},{"default":0,"id":"checkUserDisplayPersistentInfo","title":"checkUserDisplayPersistentInfo","type":"boolOrExpr"},{"cnodes":"checkUserHiddenHeaders","id":"checkUserHiddenHeaders","title":"checkUserHiddenHeaders","type":"keyTextContainer"}],"help":"checkuser.html","id":"checkUsers","title":"checkUsers"},{"_nodes":[{"default":0,"id":"impersonationRule","title":"impersonationRule","type":"boolOrExpr"},{"default":1,"id":"impersonationIdRule","title":"impersonationIdRule"},{"id":"impersonationUnrestrictedUsersRule","title":"impersonationUnrestrictedUsersRule"},{"default":"_2fDevices _loginHistory","id":"impersonationHiddenAttributes","title":"impersonationHiddenAttributes"},{"default":1,"id":"impersonationSkipEmptyValues","title":"impersonationSkipEmptyValues","type":"bool"},{"default":0,"id":"impersonationMergeSSOgroups","title":"impersonationMergeSSOgroups","type":"boolOrExpr"}],"help":"impersonation.html","id":"impersonation","title":"impersonation","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"findUser","title":"findUser","type":"bool"},{"cnodes":"findUserSearchingAttributes","id":"findUserSearchingAttributes","title":"findUserSearchingAttributes","type":"keyTextContainer"},{"cnodes":"findUserExcludingAttributes","id":"findUserExcludingAttributes","title":"findUserExcludingAttributes","type":"keyTextContainer"}],"help":"finduser.html","id":"findUsers","title":"findUsers"},{"_nodes":[{"default":0,"id":"contextSwitchingRule","title":"contextSwitchingRule","type":"boolOrExpr"},{"default":1,"id":"contextSwitchingIdRule","title":"contextSwitchingIdRule"},{"id":"contextSwitchingUnrestrictedUsersRule","title":"contextSwitchingUnrestrictedUsersRule"},{"default":0,"id":"contextSwitchingAllowed2fModifications","title":"contextSwitchingAllowed2fModifications","type":"bool"},{"default":1,"id":"contextSwitchingStopWithLogout","title":"contextSwitchingStopWithLogout","type":"bool"}],"help":"contextswitching.html","id":"contextSwitching","title":"contextSwitching","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"decryptValueRule","title":"decryptValueRule","type":"boolOrExpr"},{"id":"decryptValueFunctions","title":"decryptValueFunctions"}],"help":"decryptvalue.html","id":"decryptValue","title":"decryptValue","type":"simpleInputContainer"},{"_nodes":[{"id":"customPlugins","title":"customPlugins"},{"cnodes":"customPluginsParams","id":"customPluginsParams","title":"customPluginsParams","type":"keyTextContainer"}],"help":"plugincustom.html","id":"customPluginsNode","title":"customPluginsNode"}],"help":"start.html#plugins","id":"plugins","title":"plugins"},{"_nodes":[{"default":1,"help":"secondfactor.html","id":"sfManagerRule","title":"sfManagerRule","type":"boolOrExpr"},{"default":0,"help":"secondfactor.html","id":"sfRequired","title":"sfRequired","type":"boolOrExpr"},{"help":"secondfactor.html","id":"sfOnlyUpgrade","title":"sfOnlyUpgrade","type":"bool"},{"_nodes":[{"default":0,"id":"utotp2fActivation","title":"utotp2fActivation","type":"boolOrExpr"},{"id":"utotp2fAuthnLevel","title":"utotp2fAuthnLevel","type":"int"},{"id":"utotp2fLabel","title":"utotp2fLabel"},{"id":"utotp2fLogo","title":"utotp2fLogo"}],"help":"utotp2f.html","id":"utotp2f","title":"utotp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"totp2fActivation","title":"totp2fActivation","type":"boolOrExpr"},{"default":0,"id":"totp2fSelfRegistration","title":"totp2fSelfRegistration","type":"boolOrExpr"},{"id":"totp2fIssuer","title":"totp2fIssuer"},{"default":30,"id":"totp2fInterval","title":"totp2fInterval","type":"int"},{"default":1,"id":"totp2fRange","title":"totp2fRange","type":"int"},{"default":6,"id":"totp2fDigits","title":"totp2fDigits","type":"int"},{"default":0,"id":"totp2fDisplayExistingSecret","title":"totp2fDisplayExistingSecret","type":"bool"},{"default":0,"id":"totp2fUserCanChangeKey","title":"totp2fUserCanChangeKey","type":"bool"},{"default":1,"id":"totp2fUserCanRemoveKey","title":"totp2fUserCanRemoveKey","type":"bool"},{"id":"totp2fTTL","title":"totp2fTTL","type":"int"},{"id":"totp2fAuthnLevel","title":"totp2fAuthnLevel","type":"int"},{"id":"totp2fLabel","title":"totp2fLabel"},{"id":"totp2fLogo","title":"totp2fLogo"}],"help":"totp2f.html","id":"totp2f","title":"totp2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"u2fActivation","title":"u2fActivation","type":"boolOrExpr"},{"default":0,"id":"u2fSelfRegistration","title":"u2fSelfRegistration","type":"boolOrExpr"},{"default":1,"id":"u2fUserCanRemoveKey","title":"u2fUserCanRemoveKey","type":"bool"},{"id":"u2fTTL","title":"u2fTTL","type":"int"},{"id":"u2fAuthnLevel","title":"u2fAuthnLevel","type":"int"},{"id":"u2fLabel","title":"u2fLabel"},{"id":"u2fLogo","title":"u2fLogo"}],"help":"u2f.html","id":"u2f","title":"u2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"yubikey2fActivation","title":"yubikey2fActivation","type":"boolOrExpr"},{"default":0,"id":"yubikey2fSelfRegistration","title":"yubikey2fSelfRegistration","type":"boolOrExpr"},{"id":"yubikey2fClientID","title":"yubikey2fClientID"},{"id":"yubikey2fSecretKey","title":"yubikey2fSecretKey"},{"id":"yubikey2fNonce","title":"yubikey2fNonce"},{"id":"yubikey2fUrl","title":"yubikey2fUrl"},{"default":12,"id":"yubikey2fPublicIDSize","title":"yubikey2fPublicIDSize","type":"int"},{"default":1,"id":"yubikey2fUserCanRemoveKey","title":"yubikey2fUserCanRemoveKey","type":"bool"},{"id":"yubikey2fFromSessionAttribute","title":"yubikey2fFromSessionAttribute"},{"id":"yubikey2fTTL","title":"yubikey2fTTL","type":"int"},{"id":"yubikey2fAuthnLevel","title":"yubikey2fAuthnLevel","type":"int"},{"id":"yubikey2fLabel","title":"yubikey2fLabel"},{"id":"yubikey2fLogo","title":"yubikey2fLogo"}],"help":"yubikey2f.html","id":"yubikey2f","title":"yubikey2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"mail2fActivation","title":"mail2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"mail2fCodeRegex","title":"mail2fCodeRegex"},{"id":"mail2fTimeout","title":"mail2fTimeout","type":"int"},{"id":"mail2fSubject","title":"mail2fSubject"},{"id":"mail2fBody","title":"mail2fBody","type":"longtext"},{"id":"mail2fAuthnLevel","title":"mail2fAuthnLevel","type":"int"},{"id":"mail2fLabel","title":"mail2fLabel"},{"id":"mail2fLogo","title":"mail2fLogo"},{"id":"mail2fSessionKey","title":"mail2fSessionKey"}],"help":"mail2f.html","id":"mail2f","title":"mail2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"ext2fActivation","title":"ext2fActivation","type":"boolOrExpr"},{"default":"\\d{6}","id":"ext2fCodeActivation","title":"ext2fCodeActivation"},{"id":"ext2FSendCommand","title":"ext2FSendCommand"},{"id":"ext2FValidateCommand","title":"ext2FValidateCommand"},{"id":"ext2fAuthnLevel","title":"ext2fAuthnLevel","type":"int"},{"id":"ext2fLabel","title":"ext2fLabel"},{"id":"ext2fLogo","title":"ext2fLogo"}],"help":"external2f.html","id":"ext2f","title":"ext2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"radius2fActivation","title":"radius2fActivation","type":"boolOrExpr"},{"id":"radius2fServer","title":"radius2fServer"},{"id":"radius2fSecret","title":"radius2fSecret"},{"id":"radius2fUsernameSessionKey","title":"radius2fUsernameSessionKey"},{"default":20,"id":"radius2fTimeout","title":"radius2fTimeout","type":"int"},{"id":"radius2fAuthnLevel","title":"radius2fAuthnLevel","type":"int"},{"id":"radius2fLogo","title":"radius2fLogo"},{"id":"radius2fLabel","title":"radius2fLabel"}],"help":"radius2f.html","id":"radius2f","title":"radius2f","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"rest2fActivation","title":"rest2fActivation","type":"boolOrExpr"},{"id":"rest2fInitUrl","title":"rest2fInitUrl"},{"cnodes":"rest2fInitArgs","id":"rest2fInitArgs","title":"rest2fInitArgs","type":"keyTextContainer"},{"id":"rest2fVerifyUrl","title":"rest2fVerifyUrl"},{"cnodes":"rest2fVerifyArgs","id":"rest2fVerifyArgs","title":"rest2fVerifyArgs","type":"keyTextContainer"},{"id":"rest2fAuthnLevel","title":"rest2fAuthnLevel","type":"int"},{"id":"rest2fLabel","title":"rest2fLabel"},{"id":"rest2fLogo","title":"rest2fLogo"}],"help":"rest2f.html","id":"rest2f","title":"rest2f"},{"cnodes":"sfExtra","id":"sfExtra","select":[{"k":"Mail2F","v":"E-Mail"},{"k":"REST","v":"REST"},{"k":"Ext2F","v":"External"},{"k":"Radius","v":"Radius"}],"title":"sfExtra","type":"sfExtraContainer"},{"_nodes":[{"default":0,"help":"secondfactor.html","id":"sfRemovedMsgRule","title":"sfRemovedMsgRule","type":"boolOrExpr"},{"default":0,"id":"sfRemovedUseNotif","title":"sfRemovedUseNotif","type":"bool"},{"default":"RemoveSF","help":"secondfactor.html","id":"sfRemovedNotifRef","title":"sfRemovedNotifRef"},{"default":"Second factor notification","help":"secondfactor.html","id":"sfRemovedNotifTitle","title":"sfRemovedNotifTitle"},{"default":"_removedSF_ expired second factor(s) has/have been removed!","help":"secondfactor.html","id":"sfRemovedNotifMsg","title":"sfRemovedNotifMsg"}],"help":"secondfactor.html","id":"sfRemovedNotification","title":"sfRemovedNotification","type":"simpleInputContainer"}],"help":"secondfactor.html","id":"secondFactors","title":"secondFactors"},{"_nodes":[{"help":"customfunctions.html","id":"customFunctions","title":"customFunctions"},{"default":"; ","id":"multiValuesSeparator","title":"multiValuesSeparator","type":"authParamsText"},{"default":0,"id":"groupsBeforeMacros","title":"groupsBeforeMacros","type":"bool"},{"_nodes":[{"default":"mail","id":"mailSessionKey","title":"mailSessionKey"},{"default":"","id":"SMTPServer","title":"SMTPServer"},{"id":"SMTPPort","title":"SMTPPort","type":"int"},{"id":"SMTPAuthUser","title":"SMTPAuthUser"},{"id":"SMTPAuthPass","title":"SMTPAuthPass","type":"password"},{"default":"","id":"SMTPTLS","select":[{"k":"","v":"none"},{"k":"starttls","v":"SMTP + STARTTLS"},{"k":"ssl","v":"SMTPS"}],"title":"SMTPTLS","type":"select"},{"cnodes":"SMTPTLSOpts","id":"SMTPTLSOpts","title":"SMTPTLSOpts","type":"keyTextContainer"},{"_nodes":[{"default":"noreply@example.com","id":"mailFrom","title":"mailFrom"},{"id":"mailReplyTo","title":"mailReplyTo"},{"default":"utf-8","id":"mailCharset","title":"mailCharset"}],"id":"mailHeaders","title":"mailHeaders","type":"simpleInputContainer"}],"help":"smtp.html","id":"SMTP","title":"SMTP","type":"SMTP"},{"_nodes":[{"default":"^[\\w\\.\\-@]+$","id":"userControl","title":"userControl"},{"default":0,"id":"browsersDontStorePassword","title":"browsersDontStorePassword","type":"bool"},{"default":0,"help":"forcereauthn.html","id":"portalForceAuthn","title":"portalForceAuthn","type":"bool"},{"default":5,"id":"portalForceAuthnInterval","title":"portalForceAuthnInterval","type":"int"},{"id":"key","title":"key","type":"password"},{"id":"trustedDomains","title":"trustedDomains"},{"default":1,"help":"safejail.html","id":"useSafeJail","title":"useSafeJail","type":"bool"},{"default":0,"help":"safejail.html","id":"avoidAssignment","title":"avoidAssignment","type":"bool"},{"default":1,"id":"checkXSS","title":"checkXSS","type":"bool"},{"default":1,"id":"requireToken","title":"requireToken","type":"boolOrExpr"},{"default":120,"id":"formTimeout","title":"formTimeout","type":"int"},{"default":0,"id":"tokenUseGlobalStorage","title":"tokenUseGlobalStorage","type":"bool"},{"_nodes":[{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtection","title":"bruteForceProtection","type":"bool"},{"default":30,"id":"bruteForceProtectionTempo","title":"bruteForceProtectionTempo","type":"int"},{"default":3,"id":"bruteForceProtectionMaxFailed","title":"bruteForceProtectionMaxFailed","type":"int"},{"default":0,"help":"bruteforceprotection.html","id":"bruteForceProtectionIncrementalTempo","title":"bruteForceProtectionIncrementalTempo","type":"bool"},{"default":"15, 30, 60, 300, 600","id":"bruteForceProtectionLockTimes","title":"bruteForceProtectionLockTimes"}],"help":"bruteforceprotection.html","id":"bruteForceAttackProtection","title":"bruteForceAttackProtection","type":"simpleInputContainer"},{"cnodes":"lwpOpts","id":"lwpOpts","title":"lwpOpts","type":"keyTextContainer"},{"cnodes":"lwpSslOpts","id":"lwpSslOpts","title":"lwpSslOpts","type":"keyTextContainer"},{"_nodes":[{"default":"'self'","id":"cspDefault","title":"cspDefault"},{"default":"'self' data:","id":"cspImg","title":"cspImg"},{"default":"'self'","id":"cspScript","title":"cspScript"},{"default":"'self'","id":"cspStyle","title":"cspStyle"},{"default":"'self'","id":"cspFont","title":"cspFont"},{"default":"*","id":"cspFormAction","title":"cspFormAction"},{"default":"'self'","id":"cspConnect","title":"cspConnect"},{"default":"","id":"cspFrameAncestors","title":"cspFrameAncestors"}],"help":"security.html#portal","id":"contentSecurityPolicy","title":"contentSecurityPolicy","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"corsEnabled","title":"corsEnabled","type":"bool"},{"default":true,"id":"corsAllow_Credentials","title":"corsAllow_Credentials"},{"default":"*","id":"corsAllow_Headers","title":"corsAllow_Headers"},{"default":"POST,GET","id":"corsAllow_Methods","title":"corsAllow_Methods"},{"default":"*","id":"corsAllow_Origin","title":"corsAllow_Origin"},{"default":"*","id":"corsExpose_Headers","title":"corsExpose_Headers"},{"default":"86400","id":"corsMax_Age","title":"corsMax_Age"}],"help":"security.html#portal","id":"crossOrigineResourceSharing","title":"crossOrigineResourceSharing","type":"simpleInputContainer"}],"help":"security.html#configure-security-settings","id":"security","title":"security"},{"_nodes":[{"default":-1,"id":"https","title":"https","type":"trool"},{"default":-1,"id":"port","title":"port","type":"int"},{"default":0,"id":"useRedirectOnForbidden","title":"useRedirectOnForbidden","type":"bool"},{"default":1,"id":"useRedirectOnError","title":"useRedirectOnError","type":"bool"},{"default":0,"id":"maintenance","title":"maintenance","type":"bool"}],"help":"redirections.html","id":"redirection","title":"redirection","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"jsRedirect","title":"jsRedirect","type":"boolOrExpr"},{"default":0,"id":"noAjaxHook","title":"noAjaxHook","type":"bool"},{"default":0,"id":"skipRenewConfirmation","title":"skipRenewConfirmation","type":"bool"},{"default":0,"id":"skipUpgradeConfirmation","title":"skipUpgradeConfirmation","type":"bool"}],"help":"redirections.html#portal-redirections","id":"portalRedirection","title":"portalRedirection","type":"simpleInputContainer"},{"cnodes":"nginxCustomHandlers","help":"handlerarch.html","id":"nginxCustomHandlers","title":"nginxCustomHandlers","type":"keyTextContainer"},{"cnodes":"logoutServices","default":[],"help":"logoutforward.html","id":"logoutServices","title":"logoutServices","type":"keyTextContainer"},{"_nodes":[{"default":"get","id":"infoFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"infoFormMethod","type":"select"},{"default":"post","id":"confirmFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"confirmFormMethod","type":"select"},{"default":"get","id":"redirectFormMethod","select":[{"k":"get","v":"GET"},{"k":"post","v":"POST"}],"title":"redirectFormMethod","type":"select"},{"default":1,"id":"activeTimer","title":"activeTimer","type":"bool"}],"id":"forms","title":"forms","type":"simpleInputContainer"}],"help":"start.html#advanced-features","id":"advancedParams","title":"advancedParams"}],"id":"generalParameters","title":"generalParameters"},{"_nodes":[{"cnodes":"exportedVars","default":[{"data":"HTTP_USER_AGENT","id":"exportedVars/UA","title":"UA","type":"keyText"}],"help":"exportedvars.html","id":"exportedVars","title":"exportedVars","type":"keyTextContainer"},{"cnodes":"macros","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"macros","title":"macros","type":"keyTextContainer"},{"cnodes":"groups","default":[],"help":"exportedvars.html#extend-variables-using-macros-and-groups","id":"groups","title":"groups","type":"keyTextContainer"}],"help":"variables.html","id":"variables","title":"variables"},{"cnodes":"virtualHosts","help":"configvhost.html","id":"virtualHosts","template":"virtualHost","title":"virtualHosts","type":"virtualHostContainer"},{"_nodes":[{"default":"#PORTAL#/saml/metadata","id":"samlEntityID","title":"samlEntityID"},{"_nodes":[{"get":["samlServicePrivateKeySig","samlServicePrivateKeySigPwd","samlServicePublicKeySig"],"id":"samlServiceSecuritySig","title":"samlServiceSecuritySig","type":"RSACertKey"},{"get":["samlServicePrivateKeyEnc","samlServicePrivateKeyEncPwd","samlServicePublicKeyEnc"],"id":"samlServiceSecurityEnc","title":"samlServiceSecurityEnc","type":"RSACertKey"},{"default":0,"id":"samlServiceUseCertificateInResponse","title":"samlServiceUseCertificateInResponse","type":"bool"},{"default":"RSA_SHA256","id":"samlServiceSignatureMethod","select":[{"k":"RSA_SHA1","v":"RSA SHA1"},{"k":"RSA_SHA256","v":"RSA SHA256"},{"k":"RSA_SHA384","v":"RSA SHA384"},{"k":"RSA_SHA512","v":"RSA SHA512"}],"title":"samlServiceSignatureMethod","type":"select"}],"help":"samlservice.html#security-parameters","id":"samlServiceSecurity","title":"samlServiceSecurity"},{"_nodes":[{"default":"mail","id":"samlNameIDFormatMapEmail","title":"samlNameIDFormatMapEmail"},{"default":"mail","id":"samlNameIDFormatMapX509","title":"samlNameIDFormatMapX509"},{"default":"uid","id":"samlNameIDFormatMapWindows","title":"samlNameIDFormatMapWindows"},{"default":"uid","id":"samlNameIDFormatMapKerberos","title":"samlNameIDFormatMapKerberos"}],"help":"samlservice.html#nameid-formats","id":"samlNameIDFormatMap","title":"samlNameIDFormatMap","type":"simpleInputContainer"},{"_nodes":[{"default":2,"id":"samlAuthnContextMapPassword","title":"samlAuthnContextMapPassword","type":"int"},{"default":3,"id":"samlAuthnContextMapPasswordProtectedTransport","title":"samlAuthnContextMapPasswordProtectedTransport","type":"int"},{"default":5,"id":"samlAuthnContextMapTLSClient","title":"samlAuthnContextMapTLSClient","type":"int"},{"default":4,"id":"samlAuthnContextMapKerberos","title":"samlAuthnContextMapKerberos","type":"int"}],"help":"samlservice.html#authentication-contexts","id":"samlAuthnContextMap","title":"samlAuthnContextMap","type":"simpleInputContainer"},{"_nodes":[{"default":"Example","id":"samlOrganizationDisplayName","title":"samlOrganizationDisplayName"},{"default":"Example","id":"samlOrganizationName","title":"samlOrganizationName"},{"default":"http://www.example.com","id":"samlOrganizationURL","title":"samlOrganizationURL"}],"help":"samlservice.html#organization","id":"samlOrganization","title":"samlOrganization","type":"simpleInputContainer"},{"_nodes":[{"default":1,"id":"samlSPSSODescriptorAuthnRequestsSigned","title":"samlSPSSODescriptorAuthnRequestsSigned","type":"bool"},{"default":1,"id":"samlSPSSODescriptorWantAssertionsSigned","title":"samlSPSSODescriptorWantAssertionsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn","id":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlSPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;","id":"samlSPSSODescriptorSingleLogoutServiceSOAP","title":"samlSPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlSPSSODescriptorSingleLogoutService","title":"samlSPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact","type":"samlAssertion"},{"default":"0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost","id":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","title":"samlSPSSODescriptorAssertionConsumerServiceHTTPPost","type":"samlAssertion"}],"id":"samlSPSSODescriptorAssertionConsumerService","title":"samlSPSSODescriptorAssertionConsumerService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlSPSSODescriptorArtifactResolutionServiceArtifact","title":"samlSPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlSPSSODescriptorArtifactResolutionService","title":"samlSPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#service-provider","id":"samlSPSSODescriptor","title":"samlSPSSODescriptor"},{"_nodes":[{"default":1,"id":"samlIDPSSODescriptorWantAuthnRequestsSigned","title":"samlIDPSSODescriptorWantAuthnRequestsSigned","type":"bool"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;","id":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","title":"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact","type":"samlService"}],"id":"samlIDPSSODescriptorSingleSignOnService","title":"samlIDPSSODescriptorSingleSignOnService"},{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn","id":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","title":"samlIDPSSODescriptorSingleLogoutServiceHTTPPost","type":"samlService"},{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;","id":"samlIDPSSODescriptorSingleLogoutServiceSOAP","title":"samlIDPSSODescriptorSingleLogoutServiceSOAP","type":"samlService"}],"id":"samlIDPSSODescriptorSingleLogoutService","title":"samlIDPSSODescriptorSingleLogoutService"},{"_nodes":[{"default":"1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact","id":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","title":"samlIDPSSODescriptorArtifactResolutionServiceArtifact","type":"samlAssertion"}],"id":"samlIDPSSODescriptorArtifactResolutionService","title":"samlIDPSSODescriptorArtifactResolutionService"}],"help":"samlservice.html#identity-provider","id":"samlIDPSSODescriptor","title":"samlIDPSSODescriptor"},{"_nodes":[{"_nodes":[{"default":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;","id":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","title":"samlAttributeAuthorityDescriptorAttributeServiceSOAP","type":"samlService"}],"id":"samlAttributeAuthorityDescriptorAttributeService","title":"samlAttributeAuthorityDescriptorAttributeService"}],"help":"samlservice.html#attribute-authority","id":"samlAttributeAuthorityDescriptor","title":"samlAttributeAuthorityDescriptor"},{"_nodes":[{"default":1,"id":"samlMetadataForceUTF8","title":"samlMetadataForceUTF8","type":"bool"},{"default":600,"id":"samlRelayStateTimeout","title":"samlRelayStateTimeout","type":"int"},{"default":0,"id":"samlUseQueryStringSpecific","title":"samlUseQueryStringSpecific","type":"bool"},{"default":"","id":"samlOverrideIDPEntityID","title":"samlOverrideIDPEntityID"},{"id":"samlStorage","title":"samlStorage"},{"cnodes":"samlStorageOptions","id":"samlStorageOptions","title":"samlStorageOptions","type":"keyTextContainer"},{"_nodes":[{"default":0,"id":"samlCommonDomainCookieActivation","title":"samlCommonDomainCookieActivation","type":"bool"},{"id":"samlCommonDomainCookieDomain","title":"samlCommonDomainCookieDomain"},{"id":"samlCommonDomainCookieReader","title":"samlCommonDomainCookieReader"},{"id":"samlCommonDomainCookieWriter","title":"samlCommonDomainCookieWriter"}],"id":"samlCommonDomainCookie","title":"samlCommonDomainCookie","type":"simpleInputContainer"},{"_nodes":[{"default":0,"id":"samlDiscoveryProtocolActivation","title":"samlDiscoveryProtocolActivation","type":"bool"},{"id":"samlDiscoveryProtocolURL","title":"samlDiscoveryProtocolURL"},{"id":"samlDiscoveryProtocolPolicy","title":"samlDiscoveryProtocolPolicy"},{"default":0,"id":"samlDiscoveryProtocolIsPassive","title":"samlDiscoveryProtocolIsPassive","type":"bool"}],"id":"samlDiscoveryProtocol","title":"samlDiscoveryProtocol","type":"simpleInputContainer"}],"help":"samlservice.html#advanced","id":"samlAdvanced","title":"samlAdvanced"}],"help":"samlservice.html","id":"samlServiceMetaData","title":"samlServiceMetaData"},{"cnodes":"samlIDPMetaDataNodes","help":"authsaml.html","id":"samlIDPMetaDataNodes","template":"samlIDPMetaDataNode","title":"samlIDPMetaDataNodes","type":"samlIDPMetaDataNodeContainer"},{"cnodes":"samlSPMetaDataNodes","help":"idpsaml.html","id":"samlSPMetaDataNodes","template":"samlSPMetaDataNode","title":"samlSPMetaDataNodes","type":"samlSPMetaDataNodeContainer"},{"_nodes":[{"id":"oidcServiceMetaDataIssuer","title":"oidcServiceMetaDataIssuer"},{"_nodes":[{"default":"authorize","id":"oidcServiceMetaDataAuthorizeURI","title":"oidcServiceMetaDataAuthorizeURI"},{"default":"token","id":"oidcServiceMetaDataTokenURI","title":"oidcServiceMetaDataTokenURI"},{"default":"userinfo","id":"oidcServiceMetaDataUserInfoURI","title":"oidcServiceMetaDataUserInfoURI"},{"default":"jwks","id":"oidcServiceMetaDataJWKSURI","title":"oidcServiceMetaDataJWKSURI"},{"default":"register","id":"oidcServiceMetaDataRegistrationURI","title":"oidcServiceMetaDataRegistrationURI"},{"default":"introspect","id":"oidcServiceMetaDataIntrospectionURI","title":"oidcServiceMetaDataIntrospectionURI"},{"default":"logout","id":"oidcServiceMetaDataEndSessionURI","title":"oidcServiceMetaDataEndSessionURI"},{"default":"checksession.html","id":"oidcServiceMetaDataCheckSessionURI","title":"oidcServiceMetaDataCheckSessionURI"},{"default":"flogout","id":"oidcServiceMetaDataFrontChannelURI","title":"oidcServiceMetaDataFrontChannelURI"},{"default":"blogout","id":"oidcServiceMetaDataBackChannelURI","title":"oidcServiceMetaDataBackChannelURI"}],"id":"oidcServiceMetaDataEndPoints","title":"oidcServiceMetaDataEndPoints","type":"simpleInputContainer"},{"cnodes":"oidcServiceMetaDataAuthnContext","default":[{"data":1,"id":"oidcServiceMetaDataAuthnContext/loa-1","title":"loa-1","type":"keyText"},{"data":2,"id":"oidcServiceMetaDataAuthnContext/loa-2","title":"loa-2","type":"keyText"},{"data":3,"id":"oidcServiceMetaDataAuthnContext/loa-3","title":"loa-3","type":"keyText"},{"data":4,"id":"oidcServiceMetaDataAuthnContext/loa-4","title":"loa-4","type":"keyText"},{"data":5,"id":"oidcServiceMetaDataAuthnContext/loa-5","title":"loa-5","type":"keyText"}],"id":"oidcServiceMetaDataAuthnContext","title":"oidcServiceMetaDataAuthnContext","type":"keyTextContainer"},{"_nodes":[{"get":["oidcServicePrivateKeySig","oidcServicePublicKeySig"],"id":"oidcServiceMetaDataKeys","title":"oidcServiceMetaDataKeys","type":"RSAKeyNoPassword"},{"id":"oidcServiceKeyIdSig","title":"oidcServiceKeyIdSig"},{"default":0,"id":"oidcServiceAllowDynamicRegistration","title":"oidcServiceAllowDynamicRegistration","type":"bool"},{"default":1,"id":"oidcServiceAllowAuthorizationCodeFlow","title":"oidcServiceAllowAuthorizationCodeFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowImplicitFlow","title":"oidcServiceAllowImplicitFlow","type":"bool"},{"default":0,"id":"oidcServiceAllowHybridFlow","title":"oidcServiceAllowHybridFlow","type":"bool"},{"default":60,"id":"oidcServiceAuthorizationCodeExpiration","title":"oidcServiceAuthorizationCodeExpiration","type":"int"},{"default":3600,"id":"oidcServiceAccessTokenExpiration","title":"oidcServiceAccessTokenExpiration","type":"int"},{"default":3600,"id":"oidcServiceIDTokenExpiration","title":"oidcServiceIDTokenExpiration","type":"int"},{"default":2592000,"id":"oidcServiceOfflineSessionExpiration","title":"oidcServiceOfflineSessionExpiration","type":"int"}],"id":"oidcServiceMetaDataSecurity","title":"oidcServiceMetaDataSecurity"},{"_nodes":[{"id":"oidcStorage","title":"oidcStorage"},{"cnodes":"oidcStorageOptions","id":"oidcStorageOptions","title":"oidcStorageOptions","type":"keyTextContainer"}],"id":"oidcServiceMetaDataSessions","title":"oidcServiceMetaDataSessions"},{"cnodes":"oidcServiceDynamicRegistrationExportedVars","id":"oidcServiceDynamicRegistrationExportedVars","title":"oidcServiceDynamicRegistrationExportedVars","type":"keyTextContainer"},{"cnodes":"oidcServiceDynamicRegistrationExtraClaims","id":"oidcServiceDynamicRegistrationExtraClaims","title":"oidcServiceDynamicRegistrationExtraClaims","type":"keyTextContainer"}],"help":"openidconnectservice.html#service-configuration","id":"oidcServiceMetaData","title":"oidcServiceMetaData"},{"cnodes":"oidcOPMetaDataNodes","help":"authopenidconnect.html#declare-the-openid-connect-provider-in-ll-ng","id":"oidcOPMetaDataNodes","title":"oidcOPMetaDataNodes","type":"oidcOPMetaDataNodeContainer"},{"cnodes":"oidcRPMetaDataNodes","help":"idpopenidconnect.html#configuration-of-relying-party-in-ll-ng","id":"oidcRPMetaDataNodes","title":"oidcRPMetaDataNodes","type":"oidcRPMetaDataNodeContainer"},{"_nodes":[{"id":"casAttr","title":"casAttr"},{"default":"none","id":"casAccessControlPolicy","select":[{"k":"none","v":"None"},{"k":"error","v":"Display error on portal"},{"k":"faketicket","v":"Send a fake service ticket"}],"title":"casAccessControlPolicy","type":"select"},{"id":"casStorage","title":"casStorage"},{"cnodes":"casStorageOptions","id":"casStorageOptions","title":"casStorageOptions","type":"keyTextContainer"},{"cnodes":"casAttributes","id":"casAttributes","title":"casAttributes","type":"keyTextContainer"}],"help":"idpcas.html#configuring-the-cas-service","id":"casServiceMetadata","title":"casServiceMetadata"},{"cnodes":"casSrvMetaDataNodes","help":"authcas.html","id":"casSrvMetaDataNodes","template":"casSrvMetaDataNode","title":"casSrvMetaDataNodes","type":"casSrvMetaDataNodeContainer"},{"cnodes":"casAppMetaDataNodes","help":"idpcas.html#configuring-cas-applications","id":"casAppMetaDataNodes","template":"casAppMetaDataNode","title":"casAppMetaDataNodes","type":"casAppMetaDataNodeContainer"}]
\ No newline at end of file
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
index 85b169fa2..1d66b2223 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
@@ -119,15 +119,15 @@ sub display {
 
     # Display form
     my $params = {
-        PORTAL    => $self->conf->{portal},
-        MAIN_LOGO => $self->conf->{portalMainLogo},
-        SKIN      => $self->p->getSkin($req),
-        LANGS     => $self->conf->{showLanguages},
-        MSG       => 'contextSwitching_ON',
-        ALERTE    => 'alert-danger',
-        LOGIN     => '',
-        SPOOFID   => $self->conf->{contextSwitchingRule},
-        TOKEN     => (
+        PORTAL        => $self->conf->{portal},
+        MAIN_LOGO     => $self->conf->{portalMainLogo},
+        SKIN          => $self->p->getSkin($req),
+        LANGS         => $self->conf->{showLanguages},
+        MSG           => 'contextSwitching_ON',
+        ALERTE        => 'alert-danger',
+        LOGIN         => '',
+        IMPERSONATION => $self->conf->{contextSwitchingRule},
+        TOKEN         => (
               $self->ottRule->( $req, {} )
             ? $self->ott->createToken()
             : ''
@@ -139,8 +139,8 @@ sub display {
 
 sub run {
     my ( $self, $req ) = @_;
-    my $statut  = PE_OK;
-    my $realId  = $req->userData->{ $self->conf->{whatToTrace} };
+    my $statut = PE_OK;
+    my $realId = $req->userData->{ $self->conf->{whatToTrace} };
     my $spoofId = $req->param('spoofId') || '';    # ContextSwitching required ?
     my $unUser = $self->unrestrictedUsersRule->( $req, $req->userData ) || 0;
 
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json
index 6d3c05e7f..dd608787f 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":" إعادة تحميل الحقوق تحتاج إلى تسجيل الخروج وتسجيل الدخول مرة أخرى",
 "scope":"نطاق",
 "search":"Search",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"اختر موفر الهوية الخاص بك",
 "service":"Service",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/de.json b/lemonldap-ng-portal/site/htdocs/static/languages/de.json
index 114f8725c..fcd5595ac 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/de.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Zum Neuladen der Rechte musst du dich ab- und wieder anmelden",
 "scope":"Scope",
 "search":"Search",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Wähle deinen Identitätsanbieter aus",
 "service":"Dienst",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/en.json b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
index ab91d268c..d24768760 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Rights reloads need to logout and login again",
 "scope":"Scope",
 "search":"Search",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Select your Identity Provider",
 "service":"Service",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/es.json b/lemonldap-ng-portal/site/htdocs/static/languages/es.json
index b069d6fe2..ba57c521a 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/es.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"La recarga de derechos necesita desconectarse y conectarse de nuevo",
 "scope":"Alcance",
 "search":"Buscar",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Seleccione su proveedor de identidad",
 "service":"Servicio",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json
index 31b011208..1908d9777 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Rights reloads need to logout and login again",
 "scope":"Scope",
 "search":"Search",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Select your Identity Provider",
 "service":"Service",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
index d0a39b711..0fa9c2ce1 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout": "Le rechargement des droits nécessite une déconnexion",
 "scope": "Informations",
 "search":"Chercher",
+"searchAccount":"Chercher un compte",
 "seconds":"secondes",
 "selectIdP":"Choisissez votre fournisseur d'identité",
 "service":"Service",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/it.json b/lemonldap-ng-portal/site/htdocs/static/languages/it.json
index a4f353c88..3bd79e86f 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/it.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Le ricariche dei diritti necessitano di disconnettersi e di riconnettersi",
 "scope":"Ambito",
 "search":"Ricerca",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Seleziona il tuo provider di identità",
 "service":"Servizio",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json
index d9eb14ef9..99ed927c1 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Rights reloads need to logout and login again",
 "scope":"Scope",
 "search":"Search",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Select your Identity Provider",
 "service":"Service",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/pl.json b/lemonldap-ng-portal/site/htdocs/static/languages/pl.json
index 7e1c1f8a1..39207b456 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/pl.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Przeładowania uprawnień wymaga wylogowania i ponownego zalogowania",
 "scope":"Zakres",
 "search":"Szukaj",
+"searchAccount":"Search for account",
 "seconds":"sekundy",
 "selectIdP":"Wybierz dostawcę tożsamości",
 "service":"Usługa",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json
index 6e6f57da6..7fb6d51d7 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Rights reloads need to logout and login again",
 "scope":"Scope",
 "search":"Search",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Select your Identity Provider",
 "service":"Service",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json
index c1e163a26..1f9c83e92 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Rights reloads need to logout and login again",
 "scope":"Scope",
 "search":"Search",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Select your Identity Provider",
 "service":"Service",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/tr.json b/lemonldap-ng-portal/site/htdocs/static/languages/tr.json
index fcb08fdf6..c6aa4053c 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/tr.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Yetkiler yeniden yüklendiğinde çıkış yapıp tekrar giriş yapmanız gerekir",
 "scope":"Kapsam",
 "search":"Ara",
+"searchAccount":"Search for account",
 "seconds":"saniye",
 "selectIdP":"Kimlik Sağlayıcısını seç",
 "service":"Servis",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json
index f12152b0c..bb5ce1c4f 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"Tải lại quyền cần đăng xuất và đăng nhập lại",
 "scope":"Phạm vi",
 "search":"Search",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Chọn bộ cung cấp danh tính của bạn",
 "service":"Service",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json
index 44e76ebaf..43ea25893 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"重新加载权限需要登出并且再次登录",
 "scope":"Scope",
 "search":"搜索",
+"searchAccount":"Search for account",
 "seconds":"seconds",
 "selectIdP":"Select your Identity Provider",
 "service":"服务",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/zh_TW.json b/lemonldap-ng-portal/site/htdocs/static/languages/zh_TW.json
index 9b1e6fc39..f86f93411 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/zh_TW.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/zh_TW.json
@@ -265,6 +265,7 @@
 "rightsReloadNeedsLogout":"重新載入權限需要登出然後再次登入",
 "scope":"範圍",
 "search":"搜尋",
+"searchAccount":"Search for account",
 "seconds":"秒",
 "selectIdP":"選取您的身份提供者",
 "service":"服務",

From 18bd97bdf3fcfd5360f90027524896eb6198b1d0 Mon Sep 17 00:00:00 2001
From: Maxime Besson 
Date: Tue, 22 Dec 2020 10:33:41 +0100
Subject: [PATCH 045/357] Update mattermost doc (#2330)

---
 doc/sources/admin/applications/mattermost.rst | 20 +++++++++----------
 doc/sources/admin/idpopenidconnect.rst        |  2 ++
 doc/sources/admin/upgrade_2_0_x.rst           |  2 ++
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/doc/sources/admin/applications/mattermost.rst b/doc/sources/admin/applications/mattermost.rst
index c2c48875c..a90b4277b 100644
--- a/doc/sources/admin/applications/mattermost.rst
+++ b/doc/sources/admin/applications/mattermost.rst
@@ -101,15 +101,15 @@ with the following parameters:
    * ``username``: set it to the session attribute containing the user login
    * ``name``: session attribute containing the user's full name
    * ``email``: session attribute containing the user's email
-   * ``id``: session attribute containing the user's numeric ID
-
+   * ``id``: session attribute containing the user's numeric ID. You must set
+     this claim type to *Integer*
 
 .. danger::
 
-    Mattermost absolutely needs to receive a numerical value
-    in the ``id`` claim. If you are using a LDAP server, you could use the
-    ``uidNumber`` LDAP attribute. If you use something else, you will have
-    to find a trick to assign a unique numeric ID to each Mattermost user.
+    Mattermost absolutely needs to receive a numerical value in the ``id``
+    claim. If you are using a LDAP server, you could use the ``uidNumber`` LDAP
+    attribute. If you use something else, you will have to find a way to
+    assign a unique numeric ID to each Mattermost user.
 
     The ``id`` attribute has to be different for each user, since this is
     the field Mattermost will use internally to map Gitlab identities to
@@ -123,10 +123,10 @@ in ``(*GitLabUser).IsValid(...)`` , it probably means that you are not
 exporting the correct attributes, but it can also mean that ``id`` is
 exported as a JSON string.
 
-If this case, it can help to create a macro, for example
-``uidNumber_n``, with a value of ``$uidNumber + 0`` to force conversion
-to a numeric value. You must then export it as the ``id`` field in the
-Relaying Party configuration.
+.. note::
+   An issue in version 2.0.9 prevented the ``id`` field from being sent correctly.
+   Upgrade your LemonLDAP-NG installation to at least 2.0.10 and :ref:`set the claim
+   type ` to *Integer*
 
 .. |image0| image:: /applications/mattermost_logo.png
    :class: align-center
diff --git a/doc/sources/admin/idpopenidconnect.rst b/doc/sources/admin/idpopenidconnect.rst
index ab064c48c..8121ad54b 100644
--- a/doc/sources/admin/idpopenidconnect.rst
+++ b/doc/sources/admin/idpopenidconnect.rst
@@ -166,6 +166,8 @@ claim `__.
 
 .. include:: openidconnectclaims.rst
 
+.. _oidcexportedattr:
+
 For each OpenID Connect claim you want to release to applications, you can define:
 
 * **Claim name**: the name of the claim as it will appear in Userinfo responses
diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst
index 56e3652f9..314c4e4e9 100644
--- a/doc/sources/admin/upgrade_2_0_x.rst
+++ b/doc/sources/admin/upgrade_2_0_x.rst
@@ -24,6 +24,7 @@ backups and a rollback plan ready!
 - TOTP check tolerates forward AND backward clock drift (totp2fRange)
 - Avoid assignment in expressions option is disabled by default
 - RHEL/CentOS SELinux users should install the new ``lemonldap-ng-selinux`` package to fix `an issue with the new default cache directory `__
+- If you use :doc:`applications/mattermost` with OpenID Connect, you need to set the ``id`` claim type to *Integer*
 
 2.0.9
 -----
@@ -35,6 +36,7 @@ backups and a rollback plan ready!
 -  SAML SOAP calls are now using ``text/xml`` instead of ``application/xml`` as the MIME Content Type, as required by `the SOAP standard `__
 -  Incremental lock times values can now be set in BruteForceProtection plugin through Manager.
    It MUST be a list of comma separated values. Default values are ``5, 15, 60, 300, 600``
+-  This version is not compatible with :doc:`applications/mattermost`
 
 Cookie issues with Chrome
 ~~~~~~~~~~~~~~~~~~~~~~~~~

From 561bc1df9ac4c8755ae25e5e31c6286051670ed8 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Tue, 22 Dec 2020 11:43:01 +0100
Subject: [PATCH 046/357] Update upgrade note

---
 doc/sources/admin/upgrade_2_0_x.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst
index 314c4e4e9..5194f987b 100644
--- a/doc/sources/admin/upgrade_2_0_x.rst
+++ b/doc/sources/admin/upgrade_2_0_x.rst
@@ -25,6 +25,7 @@ backups and a rollback plan ready!
 - Avoid assignment in expressions option is disabled by default
 - RHEL/CentOS SELinux users should install the new ``lemonldap-ng-selinux`` package to fix `an issue with the new default cache directory `__
 - If you use :doc:`applications/mattermost` with OpenID Connect, you need to set the ``id`` claim type to *Integer*
+- BruteForceProtection plugin now prevents authentication on backend if account is locked
 
 2.0.9
 -----

From 85574cf97e088a52f0c1bf4d80f84ac8f48ee5f5 Mon Sep 17 00:00:00 2001
From: Maxime Besson 
Date: Tue, 22 Dec 2020 12:21:22 +0100
Subject: [PATCH 047/357] Translate incoming JSON bools (#2318)

---
 .../lib/Lemonldap/NG/Manager/Api/Common.pm    | 21 +++++++++++++++++++
 .../lib/Lemonldap/NG/Manager/Api/Menu/App.pm  | 20 +++++++++---------
 .../lib/Lemonldap/NG/Manager/Api/Menu/Cat.pm  | 14 ++++++-------
 .../NG/Manager/Api/Providers/CasApp.pm        |  6 +++---
 .../NG/Manager/Api/Providers/OidcRp.pm        |  6 +++---
 .../NG/Manager/Api/Providers/SamlSp.pm        |  6 +++---
 6 files changed, 47 insertions(+), 26 deletions(-)

diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Common.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Common.pm
index 5da910b29..32a20fb3b 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Common.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Common.pm
@@ -127,4 +127,25 @@ sub _getSSOMod {
     return $mod;
 }
 
+sub _fix_bool {
+    my $h = shift;
+    if ( ref($h) eq "HASH" ) {
+        for my $k ( keys %{$h} ) {
+            if ( JSON::is_bool( $h->{$k} ) ) {
+                $h->{$k} = $h->{$k} ? 1 : 0;
+            }
+            else {
+                _fix_bool( $h->{$k} );
+            }
+        }
+    }
+}
+
+sub getJsonBody {
+    my ( $self, $req ) = @_;
+    my $obj = $req->jsonBodyToObj;
+    _fix_bool($obj);
+    return $obj;
+}
+
 1;
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Menu/App.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Menu/App.pm
index ac28bf206..53d6ae208 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Menu/App.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Menu/App.pm
@@ -58,7 +58,7 @@ sub getMenuApp {
 
         my @menuApps =
           map {
-            $self->_isCatApp( $cat->{$_} )
+                $self->_isCatApp( $cat->{$_} )
               ? $self->_getMenuAppByConfKey( $conf, $catConfKey, $_ )
               : ()
           }
@@ -105,7 +105,7 @@ sub findMenuAppByConfKey {
 
     my @menuApps =
       map {
-        $self->_isCatApp( $cat->{$_} )
+             $self->_isCatApp( $cat->{$_} )
           && $_ =~ $pattern
           ? $self->_getMenuAppByConfKey( $conf, $catConfKey, $_ )
           : ()
@@ -117,7 +117,7 @@ sub findMenuAppByConfKey {
 
 sub addMenuApp {
     my ( $self, $req ) = @_;
-    my $add = $req->jsonBodyToObj;
+    my $add = $self->getJsonBody($req);
 
     my $catConfKey = $req->params('confKey')
       or return $self->sendError( $req, 'Category confKey is missing', 400 );
@@ -132,8 +132,8 @@ sub addMenuApp {
         400 )
       if ( ref $add->{confKey} );
 
-    return $self->sendError( $req, 'Invalid input: confKey contains invalid characters',
-        400 )
+    return $self->sendError( $req,
+        'Invalid input: confKey contains invalid characters', 400 )
       unless ( $add->{confKey} =~ '^\w[\w\.\-]*$' );
 
     return $self->sendError( $req, 'Invalid input: name is missing', 400 )
@@ -185,7 +185,7 @@ sub updateMenuApp {
     my $appConfKey = $req->params('appConfKey')
       or return $self->sendError( $req, 'Application confKey is missing', 400 );
 
-    my $update = $req->jsonBodyToObj;
+    my $update = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($update);
@@ -229,7 +229,7 @@ sub replaceMenuApp {
     my $appConfKey = $req->params('appConfKey')
       or return $self->sendError( $req, 'Application confKey is missing', 400 );
 
-    my $replace = $req->jsonBodyToObj;
+    my $replace = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($replace);
@@ -241,10 +241,10 @@ sub replaceMenuApp {
         400 )
       if ( ref $replace->{confKey} );
 
-    return $self->sendError( $req, 'Invalid input: confKey contains invalid characters',
-        400 )
+    return $self->sendError( $req,
+        'Invalid input: confKey contains invalid characters', 400 )
       unless ( $replace->{confKey} =~ '^\w[\w\.\-]*$' );
-        
+
     return $self->sendError( $req, 'Invalid input: name is missing', 400 )
       unless ( defined $replace->{options}
         && defined $replace->{options}{name} );
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Menu/Cat.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Menu/Cat.pm
index 01672de28..6dc4ae65a 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Menu/Cat.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Menu/Cat.pm
@@ -64,7 +64,7 @@ sub findMenuCatByConfKey {
 
 sub addMenuCat {
     my ( $self, $req ) = @_;
-    my $add = $req->jsonBodyToObj;
+    my $add = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($add);
@@ -76,8 +76,8 @@ sub addMenuCat {
         400 )
       if ( ref $add->{confKey} );
 
-    return $self->sendError( $req, 'Invalid input: confKey contains invalid characters',
-        400 )
+    return $self->sendError( $req,
+        'Invalid input: confKey contains invalid characters', 400 )
       unless ( $add->{confKey} =~ '^\w[\w\.\-]*$' );
 
     return $self->sendError( $req, 'Invalid input: catname is missing', 400 )
@@ -116,7 +116,7 @@ sub updateMenuCat {
     my $confKey = $req->params('confKey')
       or return $self->sendError( $req, 'confKey is missing', 400 );
 
-    my $update = $req->jsonBodyToObj;
+    my $update = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($update);
@@ -147,7 +147,7 @@ sub replaceMenuCat {
     my $confKey = $req->params('confKey')
       or return $self->sendError( $req, 'confKey is missing', 400 );
 
-    my $replace = $req->jsonBodyToObj;
+    my $replace = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($replace);
@@ -159,8 +159,8 @@ sub replaceMenuCat {
         400 )
       if ( ref $replace->{confKey} );
 
-    return $self->sendError( $req, 'Invalid input: confKey contains invalid characters',
-        400 )
+    return $self->sendError( $req,
+        'Invalid input: confKey contains invalid characters', 400 )
       unless ( $replace->{confKey} =~ '^\w[\w\.\-]*$' );
 
     return $self->sendError( $req, 'Invalid input: catname is missing', 400 )
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/CasApp.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/CasApp.pm
index 3af2c3adf..efc4624b6 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/CasApp.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/CasApp.pm
@@ -91,7 +91,7 @@ sub findCasAppsByServiceUrl {
 
 sub addCasApp {
     my ( $self, $req ) = @_;
-    my $add = $req->jsonBodyToObj;
+    my $add = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($add);
@@ -153,7 +153,7 @@ sub updateCasApp {
     my $confKey = $req->params('confKey')
       or return $self->sendError( $req, 'confKey is missing', 400 );
 
-    my $update = $req->jsonBodyToObj;
+    my $update = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($update);
@@ -190,7 +190,7 @@ sub replaceCasApp {
     my $confKey = $req->params('confKey')
       or return $self->sendError( $req, 'confKey is missing', 400 );
 
-    my $replace = $req->jsonBodyToObj;
+    my $replace = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($replace);
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/OidcRp.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/OidcRp.pm
index 9058efea1..8afe3f1c6 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/OidcRp.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/OidcRp.pm
@@ -91,7 +91,7 @@ sub findOidcRpByClientId {
 
 sub addOidcRp {
     my ( $self, $req ) = @_;
-    my $add = $req->jsonBodyToObj;
+    my $add = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($add);
@@ -161,7 +161,7 @@ sub updateOidcRp {
     my $confKey = $req->params('confKey')
       or return $self->sendError( $req, 'confKey is missing', 400 );
 
-    my $update = $req->jsonBodyToObj;
+    my $update = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($update);
@@ -199,7 +199,7 @@ sub replaceOidcRp {
     my $confKey = $req->params('confKey')
       or return $self->sendError( $req, 'confKey is missing', 400 );
 
-    my $replace = $req->jsonBodyToObj;
+    my $replace = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($replace);
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/SamlSp.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/SamlSp.pm
index 3c86b5763..9a66e151f 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/SamlSp.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Providers/SamlSp.pm
@@ -85,7 +85,7 @@ sub findSamlSpByEntityId {
 
 sub addSamlSp {
     my ( $self, $req ) = @_;
-    my $add = $req->jsonBodyToObj;
+    my $add = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($add);
@@ -140,7 +140,7 @@ sub replaceSamlSp {
     my $confKey = $req->params('confKey')
       or return $self->sendError( $req, 'confKey is missing', 400 );
 
-    my $replace = $req->jsonBodyToObj;
+    my $replace = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($replace);
@@ -180,7 +180,7 @@ sub updateSamlSp {
     my $confKey = $req->params('confKey')
       or return $self->sendError( $req, 'confKey is missing', 400 );
 
-    my $update = $req->jsonBodyToObj;
+    my $update = $self->getJsonBody($req);
 
     return $self->sendError( $req, "Invalid input: " . $req->error, 400 )
       unless ($update);

From 5297337f0b978de139d4eb4b0230bc82e155914d Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Tue, 22 Dec 2020 13:20:24 +0100
Subject: [PATCH 048/357] Update upgrade_2_0_x.rst

---
 doc/sources/admin/upgrade_2_0_x.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst
index 5194f987b..2bd3dbf1b 100644
--- a/doc/sources/admin/upgrade_2_0_x.rst
+++ b/doc/sources/admin/upgrade_2_0_x.rst
@@ -25,7 +25,7 @@ backups and a rollback plan ready!
 - Avoid assignment in expressions option is disabled by default
 - RHEL/CentOS SELinux users should install the new ``lemonldap-ng-selinux`` package to fix `an issue with the new default cache directory `__
 - If you use :doc:`applications/mattermost` with OpenID Connect, you need to set the ``id`` claim type to *Integer*
-- BruteForceProtection plugin now prevents authentication on backend if account is locked
+- BruteForceProtection plugin now prevents authentication on backend if an account is locked
 
 2.0.9
 -----

From 9dcf70a5ef1cb10aa8cece35e10b36fefc9153d0 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Tue, 22 Dec 2020 14:05:22 +0100
Subject: [PATCH 049/357] Code cleaning

---
 .../lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm          | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
index 1d66b2223..6b5bb4787 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
@@ -125,7 +125,6 @@ sub display {
         LANGS         => $self->conf->{showLanguages},
         MSG           => 'contextSwitching_ON',
         ALERTE        => 'alert-danger',
-        LOGIN         => '',
         IMPERSONATION => $self->conf->{contextSwitchingRule},
         TOKEN         => (
               $self->ottRule->( $req, {} )

From 510a1dc1c2909389a35e097fae93beb824fd4318 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Tue, 22 Dec 2020 15:17:23 +0100
Subject: [PATCH 050/357] WIP: UserDB findUser (#1976)

---
 .../lib/Lemonldap/NG/Portal/Lib/LDAP.pm       | 33 +------------
 .../lib/Lemonldap/NG/Portal/UserDB/CAS.pm     |  7 ++-
 .../lib/Lemonldap/NG/Portal/UserDB/Choice.pm  | 10 +++-
 .../lib/Lemonldap/NG/Portal/UserDB/DBI.pm     | 47 ++++++++++++++-----
 .../lib/Lemonldap/NG/Portal/UserDB/Demo.pm    |  2 +
 .../Lemonldap/NG/Portal/UserDB/Facebook.pm    |  8 +++-
 .../lib/Lemonldap/NG/Portal/UserDB/Null.pm    |  4 ++
 .../lib/Lemonldap/NG/Portal/UserDB/OpenID.pm  |  4 ++
 .../NG/Portal/UserDB/OpenIDConnect.pm         |  8 +++-
 .../lib/Lemonldap/NG/Portal/UserDB/REST.pm    | 29 +++++++++++-
 .../lib/Lemonldap/NG/Portal/UserDB/SAML.pm    |  4 ++
 .../lib/Lemonldap/NG/Portal/UserDB/Slave.pm   |  4 ++
 .../lib/Lemonldap/NG/Portal/UserDB/WebID.pm   |  4 ++
 13 files changed, 116 insertions(+), 48 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
index eb7a20d56..fb0882064 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
 
 extends 'Lemonldap::NG::Common::Module';
 
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.11';
 
 # PROPERTIES
 
@@ -163,37 +163,6 @@ sub findUser {
 
     $self->bind();
 
-    my $mesg = $self->ldap->search(
-        base   => $self->conf->{ldapBase},
-        scope  => 'sub',
-        filter => (
-              $args{useMail}
-            ? $self->mailFilter->($req)
-            : $self->filter->($req)
-        ),
-        deref => $self->conf->{ldapSearchDeref} || 'find',
-        attrs => $self->attrs,
-    );
-    if ( $mesg->code() != 0 ) {
-        $self->logger->error(
-            'LDAP Search error ' . $mesg->code . ": " . $mesg->error );
-        return PE_LDAPERROR;
-    }
-    if ( $mesg->count() > 1 ) {
-        $self->logger->error('More than one entry returned by LDAP directory');
-        eval { $self->p->_authentication->setSecurity($req) };
-        return PE_BADCREDENTIALS;
-    }
-    unless ( $req->data->{ldapentry} = $mesg->entry(0) ) {
-        $self->userLogger->warn(
-                "$req->{user} was not found in LDAP directory ("
-              . $req->address
-              . ")" );
-        eval { $self->p->_authentication->setSecurity($req) };
-        return PE_BADCREDENTIALS;
-    }
-    $req->data->{dn} = $req->data->{ldapentry}->dn();
-
     return PE_OK;
 }
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/CAS.pm
index bd85d353b..b3c17f929 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/CAS.pm
@@ -7,7 +7,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_OK
 );
 
-our $VERSION = '2.0.0';
+our $VERSION = '2.0.11';
 
 extends 'Lemonldap::NG::Common::Module';
 
@@ -24,6 +24,11 @@ sub getUser {
     return PE_OK;
 }
 
+sub findUser {
+    my ( $self, $req ) = @_;
+    return PE_OK;
+}
+
 # Get all required attributes
 sub setSessionInfo {
     my ( $self, $req ) = @_;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Choice.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Choice.pm
index 33559058f..a02e656fc 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Choice.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Choice.pm
@@ -4,7 +4,7 @@ use strict;
 use Mouse;
 use Lemonldap::NG::Portal::Main::Constants qw(PE_FIRSTACCESS);
 
-our $VERSION = '2.0.0';
+our $VERSION = '2.0.11';
 
 extends 'Lemonldap::NG::Portal::Lib::Choice';
 
@@ -24,6 +24,14 @@ sub getUser {
     return $res;
 }
 
+sub findUser {
+    my ( $self, $req, %args ) = @_;
+    $self->checkChoice($req) or return PE_FIRSTACCESS;
+    my $res = $req->data->{enabledMods1}->[0]->findUser( $req, %args );
+    delete $req->pdata->{_choice} if ( $res > 0 );
+    return $res;
+}
+
 sub setSessionInfo {
     my $res = $_[1]->data->{enabledMods1}->[0]->setSessionInfo( $_[1] );
     delete $_[1]->pdata->{_choice} if ( $res > 0 );
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
index ee27f3c79..85950acae 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
@@ -6,7 +6,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_BADCREDENTIALS);
 
 extends 'Lemonldap::NG::Portal::Lib::DBI';
 
-our $VERSION = '2.0.6';
+our $VERSION = '2.0.11';
 
 # PROPERTIES
 
@@ -48,26 +48,51 @@ sub getUser {
 
 sub findUser {
     my ( $self, $req, %args ) = @_;
-    my $table = $self->table;
-    my $pivot = $args{useMail} ? $self->mailField : $self->pivot;
-    my $user  = $req->{user};
+    my $plugin =
+      $self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"};
+    my ( $searching, $excluding ) = $plugin->retreiveFindUserParams($req);
+    return PE_OK unless scalar @$searching;
+
+    my $table   = $self->table;
+    my $pivot   = $args{useMail} ? $self->mailField : $self->pivot;
+    my $request = 'SELECT $pivot FROM $table WHERE ';
+    my @args;
     my $sth;
+    foreach (@$searching) {
+        if ( $_->{value} ) {
+            $request .= '$' . $_->{key} . '=? AND ';
+            push @args, $_->{value};
+        }
+    }
+    foreach (@$excluding) {
+        if ( $_->{value} ) {
+            $request .= '$' . $_->{key} . '!=? AND ';
+            push @args, $_->{value};
+        }
+    }
+    $request =~ s/AND\s$//;
+
+    $self->logger->debug("DBI UserDB built condition: $request");
     eval {
-        $sth = $self->dbh->prepare("SELECT * FROM $table WHERE $pivot=?");
-        $sth->execute($user);
+        $sth = $self->dbh->prepare(eval "$request");
+        $sth->execute(@args);
     };
+    eval { $self->p->_authentication->setSecurity($req) };
+
     if ($@) {
 
         # If connection isn't available, error is displayed by dbh()
         $self->logger->error("DBI error: $@") if ( $self->_dbh );
-        eval { $self->p->_authentication->setSecurity($req) };
         return PE_ERROR;
     }
-    unless ( $req->data->{dbientry} = $sth->fetchrow_hashref() ) {
-        $self->userLogger->warn("User $user not found");
-        eval { $self->p->_authentication->setSecurity($req) };
-        return PE_BADCREDENTIALS;
+    if ( my $results = $sth->fetchrow_arrayref() ) {
+        my $rank = rand( scalar @$results );
+        $self->logger->debug(
+            'DBI UserDB number of result(s): ' . scalar @$results );
+        $self->logger->debug("Demo UserDB random rank: $rank");
+        $req->{findUser} = $results->[$rank];
     }
+
     PE_OK;
 }
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
index 30dd54e9a..7dd28b24b 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
@@ -77,6 +77,8 @@ sub findUser {
     my $plugin =
       $self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"};
     my ( $searching, $excluding ) = $plugin->retreiveFindUserParams($req);
+    return PE_OK unless scalar @$searching;
+
     my $cond = '';
     foreach (@$searching) {
         $cond .= '$' . $_->{key} . " eq '$_->{value}' && " if $_->{value};
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Facebook.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Facebook.pm
index 78e9fb85d..70b5a4d96 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Facebook.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Facebook.pm
@@ -6,7 +6,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_MISSINGREQATTR);
 
 extends 'Lemonldap::NG::Common::Module';
 
-our $VERSION = '2.0.0';
+our $VERSION = '2.0.11';
 
 has vars => (
     is      => 'rw',
@@ -33,6 +33,12 @@ sub getUser {
     PE_OK;
 }
 
+sub findUser {
+
+    # Nothing to do here
+    PE_OK;
+}
+
 sub setSessionInfo {
     my ( $self, $req ) = @_;
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Null.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Null.pm
index d55bba46e..7f119510f 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Null.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Null.pm
@@ -20,6 +20,10 @@ sub getUser {
     PE_OK;
 }
 
+sub findUser {
+    PE_OK;
+}
+
 sub setSessionInfo {
     PE_OK;
 }
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenID.pm
index 8f1d1be88..ac9eafd2c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenID.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenID.pm
@@ -25,6 +25,10 @@ sub getUser {
     PE_OK;
 }
 
+sub findUser {
+    PE_OK;
+}
+
 sub setSessionInfo {
     my ( $self, $req ) = @_;
     my %vars = (
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm
index 97a3ce497..befd3f649 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm
@@ -8,7 +8,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_OK
 );
 
-our $VERSION = '2.0.0';
+our $VERSION = '2.0.11';
 
 extends 'Lemonldap::NG::Common::Module',
   'Lemonldap::NG::Portal::Lib::OpenIDConnect';
@@ -56,6 +56,12 @@ sub getUser {
     return PE_OK;
 }
 
+sub findUser {
+
+    # Nothing to do here
+    PE_OK;
+}
+
 # Get all required attributes
 sub setSessionInfo {
     my ( $self, $req ) = @_;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/REST.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/REST.pm
index 8fb74e782..f46d4bd95 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/REST.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/REST.pm
@@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
 
 extends 'Lemonldap::NG::Common::Module', 'Lemonldap::NG::Portal::Lib::REST';
 
-our $VERSION = '2.0.9';
+our $VERSION = '2.0.11';
 
 # INITIALIZATION
 
@@ -55,6 +55,33 @@ sub getUser {
     return PE_OK;
 }
 
+sub findUser {
+    my ( $self, $req, %args ) = @_;
+    my $res;
+    # $res = eval {
+    #     $self->restCall(
+    #         $self->conf->{restUserDBUrl},
+    #         {
+    #             ( $args{useMail} ? 'mail' : 'user' ) => $req->user,
+    #             'useMail' => ( $args{useMail} ? JSON::true : JSON::false ),
+
+    #         }
+    #     );
+    # };
+    # if ($@) {
+    #     $self->logger->error("UserDB REST error: $@");
+    #     eval { $self->p->_authentication->setSecurity($req) };
+    #     return PE_ERROR;
+    # }
+    # unless ( $res->{result} ) {
+    #     $self->userLogger->warn( 'User ' . $req->user . ' not found' );
+    #     eval { $self->p->_authentication->setSecurity($req) };
+    #     return PE_BADCREDENTIALS;
+    # }
+    # $req->data->{restUserDBInfo} = $res->{info} || {};
+    return PE_OK;
+}
+
 sub setSessionInfo {
     my ( $self, $req ) = @_;
     $req->sessionInfo->{$_} = $req->data->{restUserDBInfo}->{$_}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/SAML.pm
index c605a9433..7913fa80c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/SAML.pm
@@ -33,6 +33,10 @@ sub getUser {
     PE_OK;
 }
 
+sub findUser {
+    PE_OK;
+}
+
 # Get all required attributes
 sub setSessionInfo {
     my ( $self, $req ) = @_;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Slave.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Slave.pm
index 02f0bd607..11bbf7f5c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Slave.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Slave.pm
@@ -30,6 +30,10 @@ sub getUser {
     PE_OK;
 }
 
+sub findUser {
+    PE_OK;
+}
+
 # Search exportedVars values in HTTP headers.
 sub setSessionInfo {
     my ( $self, $req ) = @_;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/WebID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/WebID.pm
index 639ed6bf3..ccb4792de 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/WebID.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/WebID.pm
@@ -24,6 +24,10 @@ sub getUser {
     PE_OK;
 }
 
+sub findUser {
+    PE_OK;
+}
+
 sub setSessionInfo {
     my ( $self, $req ) = @_;
     unless ( $req->data->{_webid} ) {

From 77c25b98cf1af00b947404855b5c65a980003158 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Tue, 22 Dec 2020 22:51:37 +0100
Subject: [PATCH 051/357] FindUser DBI & Append unit test (#1976)

---
 .../Lemonldap/NG/Portal/Plugins/FindUser.pm   |  45 ++--
 .../lib/Lemonldap/NG/Portal/UserDB/DBI.pm     |  17 +-
 .../lib/Lemonldap/NG/Portal/UserDB/Demo.pm    |   1 +
 lemonldap-ng-portal/t/68-FindUser-with-DBI.t  | 205 ++++++++++++++++++
 4 files changed, 247 insertions(+), 21 deletions(-)
 create mode 100644 lemonldap-ng-portal/t/68-FindUser-with-DBI.t

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
index cb5969634..f2a42b667 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
@@ -29,28 +29,45 @@ sub provideUser {
         return $req->error($error);
     }
     $req->mustRedirect(1);
+
+    return $self->sendJSONresponse(
+        $req,
+        {
+            user   => ( $req->{findUser} ? $req->{findUser} : '' ),
+            result => 1
+        }
+    ) if $req->wantJSON;
     return $self->p->do( $req, [ sub { PE_FIRSTACCESS } ] );
 }
 
 sub retreiveFindUserParams {
-    my ( $self,   $req )            = @_;
-    my ( $params, $excludedParams ) = ( [ {} ], [ {} ] );
+    my ( $self,      $req )       = @_;
+    my ( $searching, $excluding ) = ( [], [] );
     $self->logger->debug("FindUser: reading parameters...");
     foreach ( sort keys %{ $self->conf->{findUserSearchingAttributes} } ) {
-        $self->logger->debug( "Pushing searching parameter: $_ => " . $req->params($_) );
-        push @$params, { key => $_, value => $req->params($_) };
+        if ( $req->params($_) ) {
+            $self->logger->debug(
+                "Pushing searching parameter: $_ => " . $req->params($_) );
+            push @$searching, { key => $_, value => $req->params($_) };
+        }
     }
-    $self->logger->debug("FindUser: reading excluding parameters...");
-    foreach ( sort keys %{ $self->conf->{findUserExcludingAttributes} } ) {
-        $self->logger->debug( "Pushing excluded parameter: $_ => "
-              . $self->conf->{findUserExcludingAttributes}->{$_} );
-        push @$excludedParams,
-          {
-            key   => $_,
-            value => $self->conf->{findUserExcludingAttributes}->{$_}
-          };
+
+    if ( scalar @$searching ) {
+        $self->logger->debug("FindUser: reading excluding parameters...");
+        foreach ( sort keys %{ $self->conf->{findUserExcludingAttributes} } ) {
+            if ( $req->params($_) ) {
+                $self->logger->debug( "Pushing excluded parameter: $_ => "
+                      . $self->conf->{findUserExcludingAttributes}->{$_} );
+                push @$excluding,
+                  {
+                    key   => $_,
+                    value => $self->conf->{findUserExcludingAttributes}->{$_}
+                  };
+            }
+        }
     }
-    return ( $params, $excludedParams );
+
+    return ( $searching, $excluding );
 }
 
 1;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
index 85950acae..5d3f12f77 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
@@ -50,31 +50,32 @@ sub findUser {
     my ( $self, $req, %args ) = @_;
     my $plugin =
       $self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"};
-    my ( $searching, $excluding ) = $plugin->retreiveFindUserParams($req);
+    my ( $searching, $excluding, $result ) = $plugin->retreiveFindUserParams($req);
     return PE_OK unless scalar @$searching;
 
     my $table   = $self->table;
     my $pivot   = $args{useMail} ? $self->mailField : $self->pivot;
-    my $request = 'SELECT $pivot FROM $table WHERE ';
+    my $request = "SELECT $pivot FROM $table WHERE ";
     my @args;
     my $sth;
     foreach (@$searching) {
         if ( $_->{value} ) {
-            $request .= '$' . $_->{key} . '=? AND ';
+            $request .= "$_->{key} = ? AND ";
             push @args, $_->{value};
         }
     }
     foreach (@$excluding) {
         if ( $_->{value} ) {
-            $request .= '$' . $_->{key} . '!=? AND ';
+            $request .= "$_->{key} != ? AND ";
             push @args, $_->{value};
         }
     }
     $request =~ s/AND\s$//;
 
     $self->logger->debug("DBI UserDB built condition: $request");
+    $self->logger->debug( "DBI UserDB built args: " . join '|', @args );
     eval {
-        $sth = $self->dbh->prepare(eval "$request");
+        $sth = $self->dbh->prepare($request);
         $sth->execute(@args);
     };
     eval { $self->p->_authentication->setSecurity($req) };
@@ -85,12 +86,14 @@ sub findUser {
         $self->logger->error("DBI error: $@") if ( $self->_dbh );
         return PE_ERROR;
     }
-    if ( my $results = $sth->fetchrow_arrayref() ) {
+    my $results = $sth->fetchall_arrayref();
+    if ( $results->[0]->[0] ) {
         my $rank = rand( scalar @$results );
         $self->logger->debug(
             'DBI UserDB number of result(s): ' . scalar @$results );
         $self->logger->debug("Demo UserDB random rank: $rank");
-        $req->{findUser} = $results->[$rank];
+        $self->userLogger->info("FindUser: DBI UserDB returns $results->[$rank]->[0]");
+        $req->{findUser} = $results->[$rank]->[0];
     }
 
     PE_OK;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
index 7dd28b24b..e00d969ad 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
@@ -102,6 +102,7 @@ sub findUser {
     $self->logger->debug(
         'Demo UserDB number of result(s): ' . scalar @results );
     $self->logger->debug("Demo UserDB random rank: $rank");
+    $self->userLogger->info("FindUser: Demo UserDB returns $results[$rank]");
     $req->{findUser} = $results[$rank];
 
     eval { $self->p->_authentication->setSecurity($req) };
diff --git a/lemonldap-ng-portal/t/68-FindUser-with-DBI.t b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
new file mode 100644
index 000000000..471023f63
--- /dev/null
+++ b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
@@ -0,0 +1,205 @@
+use Test::More;
+use strict;
+use JSON;
+use IO::String;
+
+require 't/test-lib.pm';
+
+my $res;
+my $maintests = 31;
+
+my $userdb = tempdb();
+
+SKIP: {
+    eval { require DBI; require DBD::SQLite; };
+    if ($@) {
+        skip 'DBD::SQLite not found', $maintests;
+    }
+    my $res;
+    my $json;
+    my $request;
+    my $dbh = DBI->connect("dbi:SQLite:dbname=$userdb");
+    $dbh->do(
+'CREATE TABLE users (user text,password text,name text, type text, guy text)'
+    );
+    $dbh->do(
+        "INSERT INTO users VALUES ('dwho','dwho','Doctor who', 'serie', 'good')"
+    );
+    $dbh->do(
+"INSERT INTO users VALUES ('rtyler','rtyler','Rose Tyler', 'serie', 'good')"
+    );
+    $dbh->do(
+        "INSERT INTO users VALUES ('davros','davros','Davros', 'serie', 'bad')"
+    );
+    $dbh->do(
+"INSERT INTO users VALUES ('msmith','msmith','Mr Smith', 'serie', 'good')"
+    );
+    $dbh->do(
+        "INSERT INTO users VALUES ('spoke','spoke','Mr Spoke', 'movie', 'good')"
+    );
+    my $client = LLNG::Manager::Test->new( {
+            ini => {
+                logLevel              => 'debug',
+                useSafeJail           => 1,
+                authentication        => 'DBI',
+                userDB                => 'Same',
+                dbiAuthChain          => "dbi:SQLite:dbname=$userdb",
+                dbiAuthUser           => '',
+                dbiAuthPassword       => '',
+                dbiAuthTable          => 'users',
+                dbiAuthLoginCol       => 'user',
+                dbiAuthPasswordCol    => 'password',
+                dbiAuthPasswordHash   => '',
+                dbiDynamicHashEnabled => 0,
+                passwordDB            => 'DBI',
+                requireToken          => 1,
+                findUser              => 1,
+                impersonationRule     => 1,
+                findUserSearchingAttributes =>
+                  { user => 'Login', guy => 'Kind' },
+                findUserExcludingAttributes => { type => 'movie' },
+            }
+        }
+    );
+
+    ## Simple access
+    ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
+    my ( $host, $url, $query ) =
+      expectForm( $res, '#', undef, 'user', 'password', 'spoofId', 'token' );
+
+    $request = 'user=dwho';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'text/html',
+            length => length($request)
+        ),
+        'Post FindFuser request'
+    );
+    ( $host, $url, $query ) =
+      expectForm( $res, '#', undef, 'user', 'password', 'spoofId', 'token' );
+    ok( $res->[2]->[0] =~ m%value="dwho"%, 'value="dwho"' )
+      or explain( $res->[2]->[0], 'value="dwho"' );
+    ok( $res->[2]->[0] =~ m%autocomplete="off"%, 'autocomplete="off"' )
+      or explain( $res->[2]->[0], 'autocomplete="off"' );
+
+    $request = 'user=dwho';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{user} eq 'dwho', ' Good user' )
+      or explain( $json, 'user => dwho' );
+
+    $request = 'user=dwo';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request no result'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{user} eq '', ' No user' )
+      or explain( $json, "user => ''" );
+
+    $request = 'guy=bad';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request one result'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{user} eq 'davros', ' Good user' )
+      or explain( $json, "user => 'davros'" );
+
+    $request = 'guy=good&type=serie';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request multi results'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{user} =~ /^(dwho|rtyler|msmith)$/, " Good user ($1)" )
+      or explain( $json, "user => $1" );
+
+    $request = 'arg=good';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request with bad arg'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{result} == 1, ' Good result' )
+      or explain( $json, 'result => 1' );
+    ok( $json->{user} eq '', ' No user' )
+      or explain( $json, 'user => ?' );
+
+    $request = 'guy=good&user=msmith';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request with two args'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{user} eq 'msmith', ' Good user' )
+      or explain( $json, 'user => msmith' );
+
+    $request = 'guy=bad&user=msmith';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request with wrong args'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{result} == 1, ' Good result' )
+      or explain( $json, 'result => 1' );
+    ok( $json->{user} eq '', ' No user' )
+      or explain( $json, 'user => ?' );
+
+    $request = 'user=spoke&type=good';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request with excluding result'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{result} == 1, ' Good result' )
+      or explain( $json, 'result => 1' );
+    ok( $json->{user} eq '', ' No user' )
+      or explain( $json, 'user => ?' );
+}
+count($maintests);
+done_testing( count() );

From 076a84764e3ad7b1f501e4cadad86b5e5eb5667c Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Tue, 22 Dec 2020 22:52:41 +0100
Subject: [PATCH 052/357] Make manifest

---
 lemonldap-ng-portal/MANIFEST | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index 293fea4f5..c0adbfb2f 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -489,9 +489,9 @@ t/20-Auth-and-password-DBI-dynamic-hash.t
 t/20-Auth-and-password-DBI.t
 t/20-Auth-DBI-utf8.t
 t/21-Auth-and-password-LDAP.t
+t/21-Auth-LDAP-attributes.t
 t/21-Auth-LDAP-Policy-only.t
 t/21-Auth-LDAP-Policy.t
-t/21-Auth-LDAP-utf8.t
 t/22-Auth-and-password-AD.t
 t/23-Auth-and-password-REST.t
 t/24-AuthApache.t
@@ -510,6 +510,7 @@ t/29-AuthSSL.t
 t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t
 t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t
 t/30-Auth-and-issuer-SAML-Metadata.t
+t/30-Auth-and-issuer-SAML-POST-Hook.t
 t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t
 t/30-Auth-and-issuer-SAML-POST-Missing-SLO.t
 t/30-Auth-and-issuer-SAML-POST.t
@@ -556,6 +557,7 @@ t/32-CAS-Macros.t
 t/32-OIDC-ClaimTypes.t
 t/32-OIDC-Code-Flow-with-2F-UpgradeOnly.t
 t/32-OIDC-Code-Flow-with-2F.t
+t/32-OIDC-Hooks.t
 t/32-OIDC-Macro.t
 t/32-OIDC-Offline-Session.t
 t/32-OIDC-Password-Grant-with-Bruteforce.t
@@ -651,6 +653,7 @@ t/63-History.t
 t/64-StayConnected-with-2F-and-History.t
 t/64-StayConnected-with-History.t
 t/65-AutoSignin.t
+t/65-CheckState.t
 t/66-CDA-already-auth.t
 t/66-CDA-PSGI-Try.t
 t/66-CDA-with-doubleCookies.t
@@ -727,9 +730,11 @@ t/lib/Lemonldap/NG/Portal/Auth/LDAPPolicy.pm
 t/lib/Lemonldap/NG/Portal/Custom.pm
 t/lmConf-1.json
 t/oidc-lib.pm
+t/OidcHookPlugin.pm
 t/pdata.pm
 t/README.md
 t/saml-lib.pm
+t/SamlHookPlugin.pm
 t/sendCode.pl
 t/sendOTP.pl
 t/separate-handler.pm

From ed8ed39c4fac3c15b35a7f0d50a0c288af67d099 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Tue, 22 Dec 2020 22:53:04 +0100
Subject: [PATCH 053/357] Make manifest

---
 lemonldap-ng-portal/MANIFEST | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index 293fea4f5..864f8365d 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -110,6 +110,7 @@ lib/Lemonldap/NG/Portal/Plugins/CheckState.pm
 lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
 lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
 lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm
+lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
 lib/Lemonldap/NG/Portal/Plugins/ForceAuthn.pm
 lib/Lemonldap/NG/Portal/Plugins/GlobalLogout.pm
 lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm
@@ -400,6 +401,7 @@ site/templates/bootstrap/decryptvalue.tpl
 site/templates/bootstrap/error.tpl
 site/templates/bootstrap/errormsg.tpl
 site/templates/bootstrap/ext2fcheck.tpl
+site/templates/bootstrap/finduser.tpl
 site/templates/bootstrap/footer.tpl
 site/templates/bootstrap/globallogout.tpl
 site/templates/bootstrap/gpgform.tpl
@@ -489,9 +491,9 @@ t/20-Auth-and-password-DBI-dynamic-hash.t
 t/20-Auth-and-password-DBI.t
 t/20-Auth-DBI-utf8.t
 t/21-Auth-and-password-LDAP.t
+t/21-Auth-LDAP-attributes.t
 t/21-Auth-LDAP-Policy-only.t
 t/21-Auth-LDAP-Policy.t
-t/21-Auth-LDAP-utf8.t
 t/22-Auth-and-password-AD.t
 t/23-Auth-and-password-REST.t
 t/24-AuthApache.t
@@ -510,6 +512,7 @@ t/29-AuthSSL.t
 t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t
 t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t
 t/30-Auth-and-issuer-SAML-Metadata.t
+t/30-Auth-and-issuer-SAML-POST-Hook.t
 t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t
 t/30-Auth-and-issuer-SAML-POST-Missing-SLO.t
 t/30-Auth-and-issuer-SAML-POST.t
@@ -556,6 +559,7 @@ t/32-CAS-Macros.t
 t/32-OIDC-ClaimTypes.t
 t/32-OIDC-Code-Flow-with-2F-UpgradeOnly.t
 t/32-OIDC-Code-Flow-with-2F.t
+t/32-OIDC-Hooks.t
 t/32-OIDC-Macro.t
 t/32-OIDC-Offline-Session.t
 t/32-OIDC-Password-Grant-with-Bruteforce.t
@@ -651,6 +655,7 @@ t/63-History.t
 t/64-StayConnected-with-2F-and-History.t
 t/64-StayConnected-with-History.t
 t/65-AutoSignin.t
+t/65-CheckState.t
 t/66-CDA-already-auth.t
 t/66-CDA-PSGI-Try.t
 t/66-CDA-with-doubleCookies.t
@@ -671,6 +676,7 @@ t/68-ContextSwitching-with-Logout.t
 t/68-ContextSwitching-with-TOTP-and-Notification.t
 t/68-ContextSwitching-with-UnrestrictedUser.t
 t/68-ContextSwitching.t
+t/68-FindUser-with-DBI.t
 t/68-Impersonation-with-2F.t
 t/68-Impersonation-with-doubleCookies.t
 t/68-Impersonation-with-filtered-merge.t
@@ -727,9 +733,11 @@ t/lib/Lemonldap/NG/Portal/Auth/LDAPPolicy.pm
 t/lib/Lemonldap/NG/Portal/Custom.pm
 t/lmConf-1.json
 t/oidc-lib.pm
+t/OidcHookPlugin.pm
 t/pdata.pm
 t/README.md
 t/saml-lib.pm
+t/SamlHookPlugin.pm
 t/sendCode.pl
 t/sendOTP.pl
 t/separate-handler.pm

From 02aafdeddd0f0970528750eba0b94877a7ddc6ac Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Tue, 22 Dec 2020 23:04:47 +0100
Subject: [PATCH 054/357] Improve unit test DBI (#1976)

---
 lemonldap-ng-portal/t/68-FindUser-with-DBI.t | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/lemonldap-ng-portal/t/68-FindUser-with-DBI.t b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
index 471023f63..660ca9e42 100644
--- a/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
+++ b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
@@ -6,7 +6,7 @@ use IO::String;
 require 't/test-lib.pm';
 
 my $res;
-my $maintests = 31;
+my $maintests = 34;
 
 my $userdb = tempdb();
 
@@ -39,7 +39,7 @@ SKIP: {
     );
     my $client = LLNG::Manager::Test->new( {
             ini => {
-                logLevel              => 'debug',
+                logLevel              => 'error',
                 useSafeJail           => 1,
                 authentication        => 'DBI',
                 userDB                => 'Same',
@@ -82,6 +82,18 @@ SKIP: {
       or explain( $res->[2]->[0], 'value="dwho"' );
     ok( $res->[2]->[0] =~ m%autocomplete="off"%, 'autocomplete="off"' )
       or explain( $res->[2]->[0], 'autocomplete="off"' );
+    ok( $res->[2]->[0] =~ m%Search an account%, 'Search an account' )
+      or explain( $res->[2]->[0], 'Search an account' );
+    ok(
+        $res->[2]->[0] =~
+m%%,
+        'id="findUserguy"'
+    ) or explain( $res->[2]->[0], 'id="findUserguy"' );
+    ok(
+        $res->[2]->[0] =~
+m%%,
+        'id="findUseruser"'
+    ) or explain( $res->[2]->[0], 'id="findUseruser"' );
 
     $request = 'user=dwho';
     ok(

From 60ce68ce23a057ef012eaf3752215ff85f4a88eb Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Wed, 23 Dec 2020 10:32:06 +0100
Subject: [PATCH 055/357] Use OTT (#1976)

---
 .../Lemonldap/NG/Portal/Plugins/FindUser.pm   | 42 ++++++++++++++++--
 .../lib/Lemonldap/NG/Portal/UserDB/DBI.pm     |  9 ++--
 .../lib/Lemonldap/NG/Portal/UserDB/Demo.pm    |  2 +-
 .../site/templates/bootstrap/finduser.tpl     | 43 ++++++++++---------
 lemonldap-ng-portal/t/68-FindUser-with-DBI.t  |  6 +--
 5 files changed, 71 insertions(+), 31 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
index f2a42b667..e5e8d324e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
@@ -4,14 +4,30 @@ use strict;
 use Mouse;
 use Lemonldap::NG::Portal::Main::Constants qw(
   PE_OK
+  PE_NOTOKEN
+  PE_TOKENEXPIRED
   PE_FIRSTACCESS
 );
 
 our $VERSION = '2.0.11';
 
-extends 'Lemonldap::NG::Portal::Main::Plugin';
+extends qw(
+  Lemonldap::NG::Portal::Main::Plugin
+  Lemonldap::NG::Portal::Lib::_tokenRule
+);
 
 # INITIALIZATION
+has ott => (
+    is      => 'rw',
+    lazy    => 1,
+    default => sub {
+        my $ott =
+          $_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
+        $ott->timeout( $_[0]->{conf}->{formTimeout} );
+        return $ott;
+    }
+);
+
 sub init {
     my ($self) = @_;
     my $imp = grep /::Plugins::Impersonation$/, $self->p->enabledPlugins;
@@ -23,13 +39,33 @@ sub init {
 # RUNNING METHOD
 sub provideUser {
     my ( $self, $req ) = @_;
+    my $error;
+
+    # Check token
+    if ( $self->ottRule->( $req, {} ) ) {
+        my $token = $req->param('token');
+        unless ($token) {
+            $self->userLogger->warn('FindUser called without token');
+            $error = PE_NOTOKEN;
+        }
+        unless ( $self->ott->getToken($token) ) {
+            $self->userLogger->warn(
+                'FindUser called with an expired/bad token');
+            $error = PE_TOKENEXPIRED;
+        }
+    }
+    if ($error) {
+        eval { $self->p->_authentication->setSecurity($req) };
+        return $self->p->do( $req, [ sub { $error } ] );
+    }
+
     $req->steps( ['findUser'] );
-    if ( my $error = $self->p->process($req) ) {
+    if ( $error = $self->p->process($req) ) {
         $self->logger->debug("Process returned error: $error");
         return $req->error($error);
     }
-    $req->mustRedirect(1);
 
+    $req->mustRedirect(0);
     return $self->sendJSONresponse(
         $req,
         {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
index 5d3f12f77..75863ac9a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
@@ -50,7 +50,8 @@ sub findUser {
     my ( $self, $req, %args ) = @_;
     my $plugin =
       $self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"};
-    my ( $searching, $excluding, $result ) = $plugin->retreiveFindUserParams($req);
+    my ( $searching, $excluding ) = $plugin->retreiveFindUserParams($req);
+    eval { $self->p->_authentication->setSecurity($req) };
     return PE_OK unless scalar @$searching;
 
     my $table   = $self->table;
@@ -78,21 +79,21 @@ sub findUser {
         $sth = $self->dbh->prepare($request);
         $sth->execute(@args);
     };
-    eval { $self->p->_authentication->setSecurity($req) };
-
     if ($@) {
 
         # If connection isn't available, error is displayed by dbh()
         $self->logger->error("DBI error: $@") if ( $self->_dbh );
         return PE_ERROR;
     }
+
     my $results = $sth->fetchall_arrayref();
     if ( $results->[0]->[0] ) {
         my $rank = rand( scalar @$results );
         $self->logger->debug(
             'DBI UserDB number of result(s): ' . scalar @$results );
         $self->logger->debug("Demo UserDB random rank: $rank");
-        $self->userLogger->info("FindUser: DBI UserDB returns $results->[$rank]->[0]");
+        $self->userLogger->info(
+            "FindUser: DBI UserDB returns $results->[$rank]->[0]");
         $req->{findUser} = $results->[$rank]->[0];
     }
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
index e00d969ad..3a7bdefc4 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
@@ -77,6 +77,7 @@ sub findUser {
     my $plugin =
       $self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"};
     my ( $searching, $excluding ) = $plugin->retreiveFindUserParams($req);
+    eval { $self->p->_authentication->setSecurity($req) };
     return PE_OK unless scalar @$searching;
 
     my $cond = '';
@@ -105,7 +106,6 @@ sub findUser {
     $self->userLogger->info("FindUser: Demo UserDB returns $results[$rank]");
     $req->{findUser} = $results[$rank];
 
-    eval { $self->p->_authentication->setSecurity($req) };
     PE_OK;
 }
 
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/finduser.tpl b/lemonldap-ng-portal/site/templates/bootstrap/finduser.tpl
index d091df3e2..b8223e98f 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/finduser.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/finduser.tpl
@@ -1,23 +1,26 @@
 
-

-

-

-
 
diff --git a/lemonldap-ng-portal/t/68-FindUser-with-DBI.t b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
index 660ca9e42..b2fa4e3cb 100644
--- a/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
+++ b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
@@ -52,7 +52,7 @@ SKIP: {
                 dbiAuthPasswordHash   => '',
                 dbiDynamicHashEnabled => 0,
                 passwordDB            => 'DBI',
-                requireToken          => 1,
+                requireToken          => 0,
                 findUser              => 1,
                 impersonationRule     => 1,
                 findUserSearchingAttributes =>
@@ -65,7 +65,7 @@ SKIP: {
     ## Simple access
     ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
     my ( $host, $url, $query ) =
-      expectForm( $res, '#', undef, 'user', 'password', 'spoofId', 'token' );
+      expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
 
     $request = 'user=dwho';
     ok(
@@ -77,7 +77,7 @@ SKIP: {
         'Post FindFuser request'
     );
     ( $host, $url, $query ) =
-      expectForm( $res, '#', undef, 'user', 'password', 'spoofId', 'token' );
+      expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
     ok( $res->[2]->[0] =~ m%value="dwho"%, 'value="dwho"' )
       or explain( $res->[2]->[0], 'value="dwho"' );
     ok( $res->[2]->[0] =~ m%autocomplete="off"%, 'autocomplete="off"' )

From 0236dc00d6a9d4a9b678f2d3acf254186fd58064 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Wed, 23 Dec 2020 14:57:55 +0100
Subject: [PATCH 056/357] Removing workaround with MailPasswordReset

---
 .../Lemonldap/NG/Common/Notifications/XML.pm  |  2 +-
 .../lib/Lemonldap/NG/Manager.pm               |  7 +++---
 .../lib/Lemonldap/NG/Manager/2ndFA.pm         |  4 +---
 .../lib/Lemonldap/NG/Manager/Api.pm           | 12 +++++-----
 .../lib/Lemonldap/NG/Manager/Api/Misc.pm      | 17 +++----------
 .../lib/Lemonldap/NG/Manager/Conf.pm          | 13 +++++-----
 .../lib/Lemonldap/NG/Manager/Conf/Tests.pm    |  1 +
 .../lib/Lemonldap/NG/Manager/Conf/Zero.pm     |  2 ++
 .../lib/Lemonldap/NG/Manager/Notifications.pm |  6 ++---
 .../lib/Lemonldap/NG/Manager/Plugin.pm        |  3 ++-
 .../lib/Lemonldap/NG/Manager/Sessions.pm      | 24 ++++++++++---------
 .../lib/Lemonldap/NG/Manager/Viewer.pm        |  4 +---
 lemonldap-ng-manager/t/test-lib.pm            |  2 +-
 .../lib/Lemonldap/NG/Portal/Password/AD.pm    | 18 +++++---------
 .../lib/Lemonldap/NG/Portal/Password/Base.pm  | 13 +++++++++-
 .../lib/Lemonldap/NG/Portal/Password/LDAP.pm  | 16 ++++---------
 .../NG/Portal/Plugins/MailPasswordReset.pm    |  5 ----
 17 files changed, 67 insertions(+), 82 deletions(-)

diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm
index 6bda0ba6a..859ccc8d9 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm
@@ -4,7 +4,7 @@ use strict;
 use Mouse;
 use XML::LibXML;
 
-our $VERSION = '2.0.8';
+our $VERSION = '2.0.10';
 
 # XML parser
 has parser => (
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
index f4b00d825..82b5cbfbe 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
@@ -19,11 +19,12 @@ use Lemonldap::NG::Common::PSGI::Constants;
 
 our $VERSION = '2.0.10';
 
-extends 'Lemonldap::NG::Common::Conf::AccessLib',
-  'Lemonldap::NG::Handler::PSGI::Router';
+extends qw(
+  Lemonldap::NG::Handler::PSGI::Router
+  Lemonldap::NG::Common::Conf::AccessLib
+);
 
 has csp => ( is => 'rw' );
-
 has loadedPlugins  => ( is => 'rw', default => sub { [] } );
 has hLoadedPlugins => ( is => 'rw', default => sub { {} } );
 
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
index 35ea50615..192d7f413 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
@@ -1,7 +1,7 @@
 package Lemonldap::NG::Manager::2ndFA;
 
-use utf8;
 use strict;
+use utf8;
 use Mouse;
 
 use Lemonldap::NG::Common::Session;
@@ -9,8 +9,6 @@ use Lemonldap::NG::Common::Conf::Constants;
 use Lemonldap::NG::Common::PSGI::Constants;
 use Lemonldap::NG::Common::Conf::ReConstants;
 
-use feature 'state';
-
 extends qw(
   Lemonldap::NG::Manager::Plugin
   Lemonldap::NG::Common::Session::REST
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm
index 6f0854a3e..09d03fc4f 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm
@@ -5,12 +5,6 @@ use strict;
 use utf8;
 use Mouse;
 
-extends qw(
-  Lemonldap::NG::Manager::Plugin
-  Lemonldap::NG::Common::Session::REST
-  Lemonldap::NG::Common::Conf::RESTServer
-);
-
 use Lemonldap::NG::Manager::Api::2F;
 use Lemonldap::NG::Manager::Api::Misc;
 use Lemonldap::NG::Manager::Api::Providers::OidcRp;
@@ -19,6 +13,12 @@ use Lemonldap::NG::Manager::Api::Providers::CasApp;
 use Lemonldap::NG::Manager::Api::Menu::Cat;
 use Lemonldap::NG::Manager::Api::Menu::App;
 
+extends qw(
+  Lemonldap::NG::Manager::Plugin
+  Lemonldap::NG::Common::Conf::RESTServer
+  Lemonldap::NG::Common::Session::REST
+);
+
 our $VERSION = '2.0.10';
 
 #############################
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Misc.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Misc.pm
index 478d4c1dc..742c8b92b 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Misc.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Misc.pm
@@ -86,16 +86,11 @@ sub _getSessionDBState {
 
     # Handle DBI-type session stores
     if ( $fakeobj->{object_store}->isa("Apache::Session::Store::DBI") ) {
-        #
+        
         # The 'connection' method will fail if the DB is unreachable
         # this is good enough a test for now
         eval { $fakeobj->{object_store}->connection($fakeobj) };
-        if ($@) {
-            return 0;
-        }
-        else {
-            return 1;
-        }
+        return $@ ? 0 : 1;
     }
 
     # Handle MongoDB
@@ -106,17 +101,11 @@ sub _getSessionDBState {
             $fakeobj->{object_store}->connection($fakeobj);
             $fakeobj->{object_store}->{collection}->estimated_document_count;
         };
-        if ($@) {
-            return 0;
-        }
-        else {
-            return 1;
-        }
+        return $@ ? 0 : 1;
     }
 
     # We don't know
     return 2;
-
 }
 
 sub _getObjectSessionModule {
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
index 5ec6855e1..f41e20dfa 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
@@ -17,12 +17,12 @@ use Convert::PEM;
 use URI::URL;
 use Net::SSLeay;
 
-use feature 'state';
+extends qw(
+  Lemonldap::NG::Manager::Plugin
+  Lemonldap::NG::Common::Conf::RESTServer
+);
 
-extends 'Lemonldap::NG::Manager::Plugin',
-  'Lemonldap::NG::Common::Conf::RESTServer';
-
-our $VERSION = '2.0.9';
+our $VERSION = '2.0.10';
 
 #############################
 # I. INITIALIZATION METHODS #
@@ -315,7 +315,8 @@ sub prx {
 
 sub getConfByNum {
     my ( $self, $cfgNum, @args ) = @_;
-    unless ( %{ $self->currentConf }
+    unless ($self->currentConf
+        and %{ $self->currentConf }
         and $cfgNum == $self->currentConf->{cfgNum} )
     {
         my $tmp;
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
index 40a0b8827..f811c239c 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
@@ -2,6 +2,7 @@ package Lemonldap::NG::Manager::Conf::Tests;
 
 use strict;
 use utf8;
+use strict;
 use Lemonldap::NG::Common::Regexp;
 use Lemonldap::NG::Handler::Main;
 use Lemonldap::NG::Common::Util qw(getSameSite);
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
index 39b56034f..591fc9964 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
@@ -1,5 +1,7 @@
 package Lemonldap::NG::Manager::Conf::Zero;
 
+use strict;
+
 our $VERSION = '2.0.9';
 
 sub zeroConf {
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm
index f5c559921..949f8b7d4 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm
@@ -12,15 +12,13 @@ use Lemonldap::NG::Common::PSGI::Constants;
 use Lemonldap::NG::Common::Conf::ReConstants;
 require Lemonldap::NG::Common::Notifications;
 
-use feature 'state';
-
 extends qw(
   Lemonldap::NG::Manager::Plugin
-  Lemonldap::NG::Common::Conf::AccessLib
   Lemonldap::NG::Common::PSGI::Router
+  Lemonldap::NG::Common::Conf::AccessLib
 );
 
-our $VERSION = '2.0.9';
+our $VERSION = '2.0.10';
 
 has notifAccess => ( is => 'rw' );
 has notifFormat => ( is => 'rw' );
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Plugin.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Plugin.pm
index 39df7fa62..bcbf45132 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Plugin.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Plugin.pm
@@ -2,7 +2,8 @@ package Lemonldap::NG::Manager::Plugin;
 
 use strict;
 use Mouse;
-our $VERSION = '2.0.8';
+
+our $VERSION = '2.0.10';
 
 extends 'Lemonldap::NG::Common::Module';
 
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
index 965ec9e24..2641fe1de 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
@@ -1,7 +1,7 @@
 package Lemonldap::NG::Manager::Sessions;
 
-use utf8;
 use strict;
+use utf8;
 use Mouse;
 
 use Lemonldap::NG::Common::Session;
@@ -11,11 +11,13 @@ use Lemonldap::NG::Common::PSGI::Constants;
 use Lemonldap::NG::Common::Conf::ReConstants;
 use Lemonldap::NG::Common::IPv6;
 
-use feature 'state';
+#use feature 'state';
 
-extends 'Lemonldap::NG::Manager::Plugin',
-  'Lemonldap::NG::Common::Conf::AccessLib',
-  'Lemonldap::NG::Common::Session::REST';
+extends qw(
+  Lemonldap::NG::Manager::Plugin
+  Lemonldap::NG::Common::Session::REST
+  Lemonldap::NG::Common::Conf::AccessLib
+);
 
 our $VERSION = '2.0.10';
 
@@ -75,15 +77,15 @@ sub delOIDCConsent {
     my $epoch  = $params->{epoch};
     my $rp     = $params->{rp};
 
-    my $id =  $req->params('sessionId')
+    my $id = $req->params('sessionId')
       or return $self->sendError( $req, 'sessionId is missing', 400 );
 
-    $req->parameters->set('sessionId', $self->_maybeDecryptSessionId($id));
+    $req->parameters->set( 'sessionId', $self->_maybeDecryptSessionId($id) );
 
     if ( $rp =~ /\b[\w-]+\b/ and defined $epoch ) {
         $self->logger->debug(
             "Call procedure deleteOIDCConsent with RP=$rp and epoch=$epoch");
-        return $self->deleteOIDCConsent( $req );
+        return $self->deleteOIDCConsent($req);
     }
     else {
         return $self->sendError( $req, undef, 400 );
@@ -448,12 +450,12 @@ sub _maybeEncryptSessionId {
 
 sub delSession {
     my ( $self, $req ) = @_;
-    my $id =  $req->params('sessionId')
+    my $id = $req->params('sessionId')
       or return $self->sendError( $req, 'sessionId is missing', 400 );
 
-    $req->parameters->set('sessionId', $self->_maybeDecryptSessionId($id));
+    $req->parameters->set( 'sessionId', $self->_maybeDecryptSessionId($id) );
 
-    return $self->SUPER::delSession( $req );
+    return $self->SUPER::delSession($req);
 }
 
 sub cmpIPv4 {
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm
index 80efd4162..1e487b8e8 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm
@@ -7,14 +7,12 @@ use Lemonldap::NG::Common::Conf::Constants;
 use Lemonldap::NG::Common::UserAgent;
 use URI::URL;
 
-use feature 'state';
-
 extends 'Lemonldap::NG::Manager::Conf';
 
 has diffRule => ( is => 'rw', default => sub { 0 } );
 has brwRule  => ( is => 'rw', default => sub { 0 } );
 
-our $VERSION = '2.0.8';
+our $VERSION = '2.0.10';
 
 #############################
 # I. INITIALIZATION METHODS #
diff --git a/lemonldap-ng-manager/t/test-lib.pm b/lemonldap-ng-manager/t/test-lib.pm
index c0b80df2b..a90f4f99e 100644
--- a/lemonldap-ng-manager/t/test-lib.pm
+++ b/lemonldap-ng-manager/t/test-lib.pm
@@ -2,7 +2,7 @@
 
 use strict;
 use Data::Dumper;
-use 5.10.0;
+
 use_ok('Lemonldap::NG::Manager::Cli::Lib');
 
 our $client;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
index de15c54ed..b4f959548 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
@@ -29,25 +29,19 @@ sub confirm {
 }
 
 sub modifyPassword {
-    my ( $self, $req, $pwd ) = @_;
+    my ( $self, $req, $pwd, $useMail ) = @_;
     my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
     unless ($dn) {
-        $self->logger->error('"dn" is not set, aborting password modification');
+        $self->logger->error('"dn" is not set, abort password modification');
         return PE_ERROR;
     }
-    my $rule = $self->p->HANDLER->buildSub(
-        $self->p->HANDLER->substitute(
-            $self->conf->{portalRequireOldPassword}
-        )
-    );
-    unless ($rule) {
-        my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
-    }
+
     my $requireOldPassword = (
           $req->userData
-        ? $rule->( $req, $req->userData )
-        : $rule->( $req, $req->sessionInfo )
+        ? $self->requireOldPwdRule->( $req, $req->userData )
+        : $self->requireOldPwdRule->( $req, $req->sessionInfo )
     );
+    $requireOldPassword = 0 if $useMail;
 
     # Ensure connection is valid
     $self->bind;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
index 47abde07a..83878a14f 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
@@ -21,8 +21,19 @@ our $VERSION = '2.0.10';
 
 # INITIALIZATION
 
+has requireOldPwdRule => ( is => 'rw' );
+
 sub init {
-    $_[0]->p->{_passwordDB} = $_[0];
+    my ($self) = shift;
+    $self->requireOldPwdRule(
+        $self->p->buildRule(
+            $self->conf->{portalRequireOldPassword},
+            'portalRequireOldPassword'
+        )
+    );
+    return 0 unless $self->requireOldPwdRule;
+
+    $self->p->{_passwordDB} = $self;
 }
 
 # INTERFACE
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
index fdf8b5059..476fc3fd3 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
@@ -28,31 +28,25 @@ sub confirm {
 }
 
 sub modifyPassword {
-    my ( $self, $req, $pwd ) = @_;
+    my ( $self, $req, $pwd, $useMail ) = @_;
     my $dn;
     my $requireOldPassword;
-    my $rule = $self->p->HANDLER->buildSub(
-        $self->p->HANDLER->substitute(
-            $self->conf->{portalRequireOldPassword}
-        )
-    );
-    unless ($rule) {
-        my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
-    }
+
     if ( $req->data->{dn} ) {
         $dn                 = $req->data->{dn};
-        $requireOldPassword = $rule->( $req, $req->userData );
+        $requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData );
         $self->logger->debug("Get DN from request data: $dn");
     }
     else {
         $dn                 = $req->sessionInfo->{_dn};
-        $requireOldPassword = $rule->( $req, $req->sessionInfo );
+        $requireOldPassword = $self->requireOldPwdRule->( $req, $req->sessionInfo );
         $self->logger->debug("Get DN from session data: $dn");
     }
     unless ($dn) {
         $self->logger->error('"dn" is not set, aborting password modification');
         return PE_ERROR;
     }
+    $requireOldPassword = 0 if $useMail;
 
     # Ensure connection is valid
     $self->bind;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
index e6f3552db..19b2b7d5c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
@@ -473,16 +473,11 @@ sub changePwd {
         return $cpq;
     }
 
-    # Modify the password TODO: change this
-    # Populate $req->{user} for logging purpose
-    my $tmp = $self->conf->{portalRequireOldPassword};
-    $self->conf->{portalRequireOldPassword} = 0;
     $req->user( $req->{sessionInfo}->{_user} );
     my $result =
       $self->p->_passwordDB->modifyPassword( $req,
         $req->data->{newpassword}, 1 );
     $req->{user} = undef;
-    $self->conf->{portalRequireOldPassword} = $tmp;
 
     # Mail token can be used only one time, delete the session if all is ok
     unless ( $result == PE_PASSWORD_OK or $result == PE_OK ) {

From c3d2b2b4638603635e82b114ea6163a49e72c2de Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Wed, 23 Dec 2020 16:23:28 +0100
Subject: [PATCH 057/357] Fix warnings

---
 lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t       | 1 -
 .../t/32-Auth-and-issuer-OIDC-authorization_code-with-info.t   | 2 --
 lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F-UpgradeOnly.t  | 1 -
 lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F.t              | 2 +-
 lemonldap-ng-portal/t/32-OIDC-Macro.t                          | 3 +--
 lemonldap-ng-portal/t/65-CheckState.t                          | 2 +-
 lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t    | 1 -
 lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t            | 1 -
 8 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
index 6c5c0ad98..393b98538 100644
--- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
+++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
@@ -106,7 +106,6 @@ SKIP: {
         ),
         'Unauth SP request'
     );
-    ( $host, $url, $query );
     ( $url, $query ) = expectRedirection( $res,
         qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
 
diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-info.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-info.t
index 0dea07b46..3ec8b1676 100644
--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-info.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-info.t
@@ -88,8 +88,6 @@ my $metadata = $res->[2]->[0];
 count(3);
 
 # Do a user login to have an existing session
-
-$res;
 my $query = "user=french&password=french";
 ok(
     $res = $op->_post(
diff --git a/lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F-UpgradeOnly.t b/lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F-UpgradeOnly.t
index 77a155586..3a7972958 100644
--- a/lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F-UpgradeOnly.t
+++ b/lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F-UpgradeOnly.t
@@ -192,7 +192,6 @@ $pdata = expectCookie( $res, 'lemonldappdata' );
 is( $pdata, '', "Pdata was cleared" );
 count(1);
 
-( $host, my $tmp );
 ( $host, $url, $query ) =
   expectForm( $res, undef, qr#/oauth2/authorize.*#, 'confirm' );
 
diff --git a/lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F.t b/lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F.t
index 3041fa8df..5b1ae3c9c 100644
--- a/lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F.t
+++ b/lemonldap-ng-portal/t/32-OIDC-Code-Flow-with-2F.t
@@ -165,7 +165,7 @@ $pdata = expectCookie( $res, 'lemonldappdata' );
 is( $pdata, '', "Pdata was cleared" );
 count(1);
 
-( $host, my $tmp );
+my $tmp;
 ( $host, $url, $query ) =
   expectForm( $res, undef, qr#/oauth2/authorize.*#, 'confirm' );
 
diff --git a/lemonldap-ng-portal/t/32-OIDC-Macro.t b/lemonldap-ng-portal/t/32-OIDC-Macro.t
index b562f10b5..54197e7e1 100644
--- a/lemonldap-ng-portal/t/32-OIDC-Macro.t
+++ b/lemonldap-ng-portal/t/32-OIDC-Macro.t
@@ -13,7 +13,6 @@ BEGIN {
 
 my $debug = 'error';
 my $res;
-my $url;
 
 # Initialization
 ok( my $op = op(), 'OP portal' );
@@ -49,7 +48,7 @@ ok(
         accept => 'text/html',
         length => length($query),
     ),
-    "Post authentication,        endpoint $url"
+    "Post authentication"
 );
 my $idpId = expectCookie($res);
 my ($code) = expectRedirection( $res, qr#http://rp.com/\?.*code=([^&]+)# );
diff --git a/lemonldap-ng-portal/t/65-CheckState.t b/lemonldap-ng-portal/t/65-CheckState.t
index e1dd93dc1..af8af02e6 100644
--- a/lemonldap-ng-portal/t/65-CheckState.t
+++ b/lemonldap-ng-portal/t/65-CheckState.t
@@ -80,7 +80,7 @@ ok(
     ),
     'Test correct secret with good user auth'
 );
-my $j = expectJSON($res);
+$j = expectJSON($res);
 is( $j->{result}, 1, "response has a result key with value 1" );
 
 done_testing();
diff --git a/lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t b/lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t
index 694513e95..fa7b3f6f2 100644
--- a/lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t
+++ b/lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t
@@ -201,7 +201,6 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
             version          => "U2F_V2"
         }
     );
-    ( $host, $url, $query );
     $query = Lemonldap::NG::Common::FormEncode::build_urlencoded(
         registration => $registrationData,
         challenge    => $res->[2]->[0],
diff --git a/lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t b/lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t
index ed15ab871..d95300187 100644
--- a/lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t
+++ b/lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t
@@ -201,7 +201,6 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
             version          => "U2F_V2"
         }
     );
-    ( $host, $url, $query );
     $query = Lemonldap::NG::Common::FormEncode::build_urlencoded(
         registration => $registrationData,
         challenge    => $res->[2]->[0],

From fd5568ca2bec8572845ab41005ddbf4492081e0b Mon Sep 17 00:00:00 2001
From: Maxime Besson 
Date: Sun, 29 Nov 2020 11:26:03 +0100
Subject: [PATCH 058/357] Add doc index page

---
 doc/sources/admin/documentation.rst    | 168 +++++++++++++++++++++++++
 doc/sources/admin/icons/bad.png        | Bin 0 -> 24944 bytes
 doc/sources/admin/icons/maybe.png      | Bin 0 -> 931 bytes
 doc/sources/admin/icons/terminal.png   | Bin 0 -> 2812 bytes
 doc/sources/admin/icons/tutorials.png  | Bin 0 -> 4036 bytes
 doc/sources/admin/icons/tux.png        | Bin 0 -> 6469 bytes
 doc/sources/admin/icons/windowlist.png | Bin 0 -> 1910 bytes
 doc/sources/admin/icons/wizard.png     | Bin 0 -> 5813 bytes
 doc/sources/admin/start.rst            |   4 +
 9 files changed, 172 insertions(+)
 create mode 100644 doc/sources/admin/documentation.rst
 create mode 100644 doc/sources/admin/icons/bad.png
 create mode 100644 doc/sources/admin/icons/maybe.png
 create mode 100644 doc/sources/admin/icons/terminal.png
 create mode 100644 doc/sources/admin/icons/tutorials.png
 create mode 100644 doc/sources/admin/icons/tux.png
 create mode 100644 doc/sources/admin/icons/windowlist.png
 create mode 100644 doc/sources/admin/icons/wizard.png

diff --git a/doc/sources/admin/documentation.rst b/doc/sources/admin/documentation.rst
new file mode 100644
index 000000000..7dbc6630c
--- /dev/null
+++ b/doc/sources/admin/documentation.rst
@@ -0,0 +1,168 @@
+Documentation
+=============
+
+Presentation
+------------
+
+|image0|
+
+-  :doc:`How it works `
+-  :doc:`Main features `
+-  :doc:`Quick start tutorial `
+
+Workshops
+---------
+
+-  LDAPCon 2019: `Connect LL::NG to OpenLDAP and use 2FA, configure SSO
+   on Fusion Directory and
+   Dokuwiki `__
+-  Pass the SALT 2019: `Connect LL::NG to OpenLDAP and use 2FA,
+   configure SSO on Fusion
+   Directory `__
+
+Installation and configuration
+------------------------------
+
+|image1|
+
+-  Maintained versions:
+
+   -  `Version 3.0 `__ (dev)
+   -  `Version 2.0 `__ (stable)
+   -  `Version 1.9 `__ (oldstable)
+
+-  Archived versions (unmaintained by `LLNG Team `__ )
+
+   -  `Version 1.4 `__
+   -  `Version 1.3 `__
+   -  `Version 1.2 `__
+   -  `Version 1.1 `__
+   -  `Version 1.0 `__
+
+Packaged versions
+~~~~~~~~~~~~~~~~~
+
+These versions are maintained under distribution umbrella following
+their policy.
+
+Debian
+^^^^^^
+
+Following Debian Policy, LLNG packages are never upgraded in
+published distributions. However, security patches are backported by
+maintenance teams *(except minor ones)*.
+
+=========== ======================== ======================================== ===================================================== ============================================================ =============================== =============================================================
+Debian dist                          LLNG version                             Secured                                               Maintenance                                                  LTS Limit                       `Extended LTS `__ Limit
+=========== ======================== ======================================== ===================================================== ============================================================ =============================== =============================================================
+*6*         *Squeeze*                *0.9.4.1*                                |maybe| No known vulnerability                        *None*                                                       *February 2016*                 *April 2019*
+**7**       Wheezy                   `1.1.2 `__          |maybe| No known vulnerability                        **None**  [1]_                                               May 2018                        Probably 2021
+**8**       Jessie                   `1.3.3 `__          |clean| CVE-2019-19791 tagged as minor                **None**  [1]_                                               June 2020                       Probably 2023
+**9**       Stretch                  `1.9.7 `__          |clean| CVE-2019-19791 tagged as minor                `Debian LTS Team `__            June 2022                      
+\           *Stretch-backports*      `2.0.2 `__          |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941  *None*                                                       *June 2019*                    
+\           Stretch-backports-sloppy `2.0.9 `__ or later |clean|                                               `LLNG Team `__, "best effort"  [3]_                   Until Debian 11 release  [4]_  
+**10**      Buster                   `2.0.2 `__          |clean| CVE-2019-19791 tagged as minor                `Debian Security Team `__ Probably July 2024             
+\           Buster-backports         Latest  [5]_                             |clean|                                               `LLNG Team `__                                        Until next Debian release  [4]_
+**Next**    Testing                  Latest  [5]_                             |clean|                                               `LLNG Team `__                                                                       
+=========== ======================== ======================================== ===================================================== ============================================================ =============================== =============================================================
+
+See `Debian Security
+Tracker `__
+and `Debian Package
+Tracker `__ for more.
+
+Ubuntu
+^^^^^^
+
+Ubuntu version are included in "universe" branch [8]_, so
+not really security maintained. Prefer to use our repositories or Debian
+ones
+
+=========== ============= ================================ ==================================================================== ===========
+Ubuntu dist               LLNG version                     Secured                                                              Maintenance
+=========== ============= ================================ ==================================================================== ===========
+12.04       Precise       `1.1.2 `__  |maybe| No known vulnerability                                       None
+14.04       Trusty        `1.2.5 `__  |maybe| No known vulnerability                                       None
+16.04       Xenial  [9]_  `1.4.6 `__  |bad| CVE-2019-12046, CVE-2019-13031                                 None
+18.04       Bionic  [9]_  `1.9.16 `__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2020-24660                 None
+18.10       Cosmic        `1.9.17 `__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2020-24660                 None
+19.04       Disco         `2.0.2 `__  |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941, CVE-2020-24660 None
+19.10       Eoan          `2.0.5 `__  |bad| CVE-2019-15941, CVE-2020-24660                                 None
+20.04       Focal  [9]_   `2.0.7 `__  |bad| CVE-2020-24660                                                 None
+20.10       Groovy        `2.0.8 `__  |bad| CVE-2020-24660                                                 None
+=========== ============= ================================ ==================================================================== ===========
+
+Bug report
+----------
+
+See :doc:`Reporting a bug `.
+
+Development
+-----------
+
+|image13|
+
+-  `Bugtracker `__
+-  `Source
+   code `__
+-  `Nightly trunk builds `__
+   *(for Debian or Ubuntu,*\ **really unstable**\ *)*
+-  Git access:
+
+::
+
+   git clone https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git
+
+-  CPAN test reports:
+
+   -  `LemonLDAP::NG
+      Common `__
+   -  `LemonLDAP::NG
+      Handler `__
+   -  `LemonLDAP::NG
+      Portal `__
+   -  `LemonLDAP::NG
+      Manager `__
+
+Other
+-----
+
+|image14|
+
+-  `Conferences `__
+-  `References `__
+-  `Press `__
+
+.. [1]
+   Possible `Extended LTS `__
+
+.. [3]
+   updated by `LLNG Team `__ until dependencies are compatible
+
+.. [4]
+   around June 2021
+
+.. [5]
+   few days after release
+
+.. [8]
+   Ubuntu universe/multiverse branches are community maintained *(so not
+   maintained by Canonical)*, but in fact nobody considers LLNG security
+   issues. See `this
+   issue `__
+   for example
+
+.. [9]
+   LTS
+
+.. |clean| image:: /icons/clean.png
+   :width: 20px
+.. |bad| image:: /icons/bad.png
+   :width: 20px
+.. |maybe| image:: /icons/maybe.png
+   :width: 20px
+.. |image0| image:: /icons/tutorials.png
+.. |image1| image:: /icons/windowlist.png
+.. |image13| image:: /icons/terminal.png
+.. |image14| image:: /icons/wizard.png
+
diff --git a/doc/sources/admin/icons/bad.png b/doc/sources/admin/icons/bad.png
new file mode 100644
index 0000000000000000000000000000000000000000..c0e3119fcf688ac0500c18f11addbadce2207896
GIT binary patch
literal 24944
zcmX_{1yoeg`u6Egsi8~h?x7`>M!HL2=tg2FNl6t1C4>>_97;gCB?mzm7(g0nknZnz
z?|1*}tXZ=-Yu1^=p0nTmywCI7Z}fE3i3#Wk(9qC`pFdN1frf@I4!orBaDX$?Q7`9#
zHynFSbrrOSe@8)kNjh)_-}{-F9~v4V#lIIiT6Qi7IEm~3Tw4`)jerE73wt_ctN}R1
z=wfKTTr@NmwC5^M4TI+Q+C#l9
zXTvxy^ZaZU(a_(%<)r_FrKtUAjy4A?>Sf(r_T!ECQmxZx+CS2tJvTPyAA6d^x;`)u-wc9F#K*8!0yoXR8LDc%&^vLRR^
z!wbG2$~iwsT`b98{8~gi@bE93s3}i+j6~DF%ZSv+>!nZ{$a
zy3?D!{C5N{U7qSd3;38)>GJ<`*ep!2#VSP&w!6H1`Is@`&wa-)dS3dNdOkD`@K#iJ
zT5_`cPB)oS7YMUxnwfNqp`xOqtoY+pNciWf%F5E?vtO6UVnKr#G9qH)s24kj@75=l
zt}pubNxf_+mck}<52xEd`E_)w_AlZ_MxM9~j!-B)iZEH2ZNGTsNAxtM=J&v$a)jq7
zR}p{irw1JxA*?~RLs;`&H@s-Y@%mO|BK(n#qSU)^FgfYZ(06gOqzdkbQSrLeN_3?u
z-WS*$)(mKC_nqmvpL_Sm7)7mwf?c6^Lh^L;pT$1x@5t~h1?iJTkVg4j{Kldb3u&aF
zAAMNzgocNdL~I)${>=4@^dpN$&qbHO+!60;LU+Pk$O}rrphKS|?h-=NK;xmt!Ni4O
zF)&~)G7{~pK$TN!6b3jMXmA;DZ5c|zkyf}LF@-iUaEMv5kqX85UkoDk$OIJ4zA+QT
zyyeTI^J9LT@^HFz39dHs^5PrJhoib7
zJ2kty(8;Wnm}IpuULi_%Awr?{B0ACqEgM}Rc>2Qz{Xyxs@JD6V^5Pv;X=$E6KLxL$
z)(UZYJ}KHaN*~={9GxjV__dwQ&)QLG)|MN6Y$9GoVx*80IMJETa?jx6*1A1}-zLR}
zRaw;h_3_|qfacF%mz-f=QOUr^x&s{94R
zM9|)X=&;f2JxocWjjNstemGvFdB8Av*rdOle#Z{Fwh3oKHWI4LViCnFLXzRtou9dO
zX&koq=t*euKESVMBcii(@|5o8FKR2yqsM89IC4LC?tH?mB3O5g?68h*zxKEtT;n`~
zrQJOWKVGs?_jG60C?;9zAA1%es8zEqw9bHg-gt5RGpi%!gV%%H-y#vM@u$H;G8)|2
z&I}oTWIY9#LSRh68U3sHh_23?bcKGa&YSNao7YHegY^35ET2^|WY^`rjPdh<)KDES
z?eUFAY*Y+AK=8lsi0k1~;*1pGbk_ugRlYVgm
zmAWi$BSjdf{A}7(my^ZiJn%q#D4h1z$gIxGCksKlsG+Q31TChW{m(W&Eh*yth-U(9
zL@mLLxr>@e0^Oj6(64gs~3^YQR@
zJ?L^J?QMNDNlH}WdSv|0!r7q-4H-u7%21XDSKAe}_5EsA0l#ImBkIjBY#C%(Q8XgZ
z$V2L|GcBv*)RA&2gg$yBz^BSxRCaZ?+FO#tSq4EvbNu&{XtRU@=X>JRgnn*=89#^?
zPxaY-wGWP~Xn|=@Hp{uM!T(UWx#T%0Y4q|RUq8WEjyEkkP58G)x|IKAL!Y3!}L
z3wVWVufOSDP++Nn8}o4tW^=9|Gi>{i-*$7NBc{i~%b}o-Bo9}&c3t`#SI9|j&W87T
z7PaujG%ergI0mm9!edabDmy=NI3vK*?I)h^no1j}+4Kg6Vb+75?z22VM{WJN_jY?~
z$flEIunAh+rA)9p3ge(ZnMvo2R{54MnV<6hI|uaSu83akF^$b
zK|Y^UqGNZp@5OFIj+gRx%rW}q3Au$G{?-H(+hoh>9dG8_dMbN^84EmZi4@FChh9so
z-d}TOxeB4iEDf#1V?IqW#Zp@cspuad-`yT~*#3x3Ah`wqYvlEOSuoXbNBkBEA1bcN
zn^-VHpQXXF1tSGauNL|Du?U9LTXJB~rH1&e2XCjGkH=#PL8cbbD>~udXlQwMU#(O7
z>ZwGJgK#t)+x%8AHg)sWJddTdI24uZ*!>89;&(j@)iHF|QgSa*tm*h|B-~W}ri@$(
zL%5+P%&ZULySpny8;w)vqMkl2y2C2r&=RS+HNG<3KWqD8xR!xlI>W$V=57Ft>&TF4
zrC!|}$6M2p2z;X3R3HI`r>U@6cCff?uE;O#;DJM0W&Dd?O5r<&##
zWS&cLYVXB{;xxW5{51VG_R&Y>
zr#4Gdj|JPnKy`as_xw4VMD{w`?Q7$@mhhp#&WS@x?_C6eS9?lZ5&{y}@mTh`wXy$l
zYYZ~cO^BgsyUTU<^Fd7MalqAOTS$Y`&9FBJXJ+OI_6KA&
z;#Hz?=%}cc$7HBi0@m~X#tk{&DSl?#hiwL&X|*%2y}4RLt-6?X7Wxk)b&f
zM3iYJLuitA+w+7JYb&IRvHxyDO33!o5wG?MU4MI4zf_!SDzmah>ush@d~pDJ=cjzC
zGkbR$YvpQFr6r$&!gp*JNY(oA@Xse&Cq)CZ^lRy}StL;i-~LC{ZGk`3Ay=-9*$WvR
z+JB6ap1SYN-+;=&LdrLfr?v)7q1j%Jj&o!0^&Sq|K7jg;j%s&R!L`=dOIBS;`46%L
zUe<9&WnDv3aZR5hOSQSn>7Is7aD{JNM3An%TEI^xLeD1AdGEk$24Ny1B`s+M{oLF$
zS#t}ZwWp`c*DBkWkwoDb&v*xTQlIGN$HFZYQ@i;qJs`yHue5%$Mk;g7;QnoP`O9(u
z4#sG9#Hb~TB$U|w&}gJU$UC^zrXbl?1Qq-tN#-fn76Oc0VRU>Eaq;_jt?;|B2%K5S|7k~-
zx5Oi*+K!ITJ3Yf&CuQN*;vG6E6Bg`HL9%6tBbRuD+|k4eX=FZ7_!dP{p+0HJ(>}JOS&F{
zXuRDcRYJdQ^k`p%v2()=Yo=im45H
zP1}6{Z^fD3eSIRw8i=eau1jhcmM0*w7qzWQh;1?Z_lZ9ON}9vIf!A}5(MDyq
z+yB1P<`Uy*$*92m)tpkDaw0q@&re<25y_#$MoN^VgWmQ%GVA{G#3~9g?-yjgd_0uk
zalc(}`q9rN$({3bp)Vj3e&CU85@3sx?078SfCrCGLm0z_c3W5{QFhVqwq#`zXUpGOj@a$3AG^HYrRWq4TmPaIHC~_#Io-K}py@5<
zB+?
zGk|t$QMxI2?J--Ehq9{=6oRt_T)k+-3n;?wp+p`PaLEaHaDuiV-^%SAFkpFUED{^Y
z3=c7mCn_)872*Q#_sssp7Ack}dchi&KW>0>W_fvDF@41*_%kC3%^>Ap;1+7O-oFN!
zkAMis{|47Fy#^NZYC&0YFa}{&B3Nx&xU5>zS`anw)KYlW`^EKHE1b
z(V*z37lIFaNd+b}wllkB@KA)9WXEXyIgO2cEPdAROpseBO?!-}?B^*0(LVyCZ$R`P
z3z2dejUIHkr5-mVVXFoMkgpF_*>RgPKNc;`t!;s
z?<)W7@zv5fUg*v0JHl-v4JJ+6>f+q${XRxq^WjjdX4Xe-NYTypQxi2ZSZ!eCRNZ{F
z*7tT!V&cXY-Q!};9&Cc0HaQrM4dj9{BHmlLRayTtPjjb8!JPZaGh^h_r2m2La>{W4|~
z+nD`P$5)6pkhutRc9xZUw;pQaW-N+g*}*LiiMQGs*pTVzrmVw{upB9D&9x>Pd)aOf
zpSkm6_ZUt^fF4L%VQrF7Ws_$SWDs&)Zztcdp)`1fXnpc^iU>{{sE1cpH8U_q6ypt}
zf&3Hgp;4ghrT84lH)&%I2u40Chbv^pS&T)G(-lI>E<8Dj>|o{#{=hs7v-#6u-(m}|
z8ILAzc?kjb24hB@9B4@Enr&B=@=cPUTPctXNPX;$D41dX5O`bJvGm10Z8i=whgi7W5aSy0Eh-3SXDzg$l
z@vkdvw;;TGAtpvD`++A4>H2<3m%DhgA0uvuw(c$k%rSV}#PQo0!S-zLm4AA1zh&0G(U(LXhN-hOCT
zYW->#nLRi=-x=249xCv%)d)U`hx@6S*?h`
zxAEQJI7Zwvx7l0ihJ_HJxS2GQl0b!e28Zwd2iTS^L6ftxLY5dh8ZLuU#~WAsYUB5L
zLh>5i{@z4F9AxvcN$4>%{7}du1`#kD9>Y#-hv0TG{`eSv23(Xu3o*gDzhf|Kce~DZ
zFXy-9cWG_t~2-aTxMkh*(bbBnUv!(4lpN-4T&R!PY)F6)C
z8UT$kconhtcX#}Ku6}ND>qEgn=d^NAT9dvhy|*LFo-Ld=|R42@eI0V2{e45K%jAM*V8U
zW43r7t$FgH{|!oa%}s4XM~Z@^3g|s<8Jxz$sRn#uxWLohds_)#hW&qnCLYRab~W(82s8X8M#o!93x0%_q0Bow8{?lAZX|
zyFKcx$mf#_Wx_a>AC9hPt+A}Es9JM}qdd5!cC^P8$1*RGPQa83IaWE$T33r+c!#@X
zvZ?Gx>xS#v)avU=P4w(W5f`X61r-%RcW#0hPoid47aZ!qM7J^~wMUydh@Aig=yNTk
z#_Zvxf@B>!C`gvsB66{?d$73DgsiMDesdTZdxeO>bnguE=S0q2Ay-MshS9662OGUQ
z@WVIqx`<2Uz8cr8$^5>wFx?O#x{zs`r+1{!|JZbeWRNL%@r#$MG@rbAG=7s+ER8fp
zDIoRhoAQ8xcf3_=d0w|wdj4x3Y~mO=$bhzsiwN98b6k%co#sxRuPFmwJ@AjF@)9OR
zJhEk4R(7ojnEvxDgCp2RjZNB$GDTZ-a)Nn-6UhtKv&~|kuF~0~gWnHUdSfZyqNk-I
z&53cELlCt6UQ%1HmrT{%1tz~r#by*}UPy~=CVs74*%>7QT1$;cQvQSMuY8OzEB!bS
z!f6Mb^P~Aue$a=T-)SsZjV(U|pw^XLYYw3sr=rAG`uzuR54>dW?1Tn%F|zpu25a!0
zRtzaW3H(Bu+58no980gi-`8UO+e=)p)V|5-H|b+kzt$Y4XlP;|we2Dk>=BFSW9+k@
zJ6h$+IfMfUqDDy(!bL14VNY09Qai@X0_aC{
z%m~Q3oVL9yCBlDC!J8~#=y^Laz#&%WKZn$IFV
zln*G$Hl$a>hU+AA9!>jF50EfniOId-L}8S6#^~Q=osWc9`wMQhV5nAOMBz!I#!E
zzH}W4Ku^<|$;%lm22%NNy@sP0l$B4Gf6WTjn)}zg^U0~y`Q`ITjKpuY3#P)2
z4>mF)K4X%oGfI5|i;)m~X6~9;48|3b#R|gSe?jW$X1$ObyKQrmbqP|7It1a
zu=OjSd^~$f&Zj{I;xi#P_IWUzxHE=+PVUx7l(_bd&+W*2P_jqM9IHJG{_Q;^4ZhH3?k
zA-+|xxKOKggUQ>QJu9_Xn&^Y>e#C;JwG9{fqru#5Tnn(h5D1Nf261wDI+uIRN|im
znS-6XK=i$LgQ?xQ*;s$6o7HkA1ReO!Z{Mu>bK2H|q5utl_1Cd2XovFjVoANj9CsyE
z37eKx{8@ktC9(Bwie>eOCBDIX1Dx%saa&GofeI2%A!}dvh2Xh*
zo>L^LhZD7*ZXW(IOh3}~1!X~tK*_2yYG^+7TX|VGEpzXpdYV0Oy?iZ*POdNG@n|40
z9q!@G*vaVh=3RK9_rRc@xVU$@JxN|*kO(shFtF&M?joY4{`-4Q)K-EsjUUDngqX9L
zl~3LYyaTzZ67hF7fO_MpRfaP#W5mIyRLtftGKg|z-h@Yy+gi=q=_aqF7N)HfmvLwK
z%@jX+XQ5#wqNM*zHO~HY`D-HFLo_+-3JJwoe5+xk086pG?307g;yR+i8N1^pWSEzg
z4e~JNn2dc`$#Y&9Y7zSHIW73D`|iNH{a8kV&&xH
z0t_%q#!MBB((FS@Ife(RCuO}uQmADYa$1DX$#p=AV6Fr~|Fwv~K^$WfxOX_tNr~=v
zD1`WBX>}HNwXVVdC{F=arv~?=tL0Q7^6>wQ28_=&wMPF7ZjrTuQWp&P;yRmz$8YP5
zQOH)5xzL=ADm#x6e(RUJn3t-VQ;wBZyaX|U=kAJUZxkIRWZ?306^~xOFH%OKhJ20r
z2#qwF{9{Y@+haKfKrbr{5?@qDA>T`rO8EWdachUH6PLkSsv#F%OXsszetp!1+(M#<
zYz;+;aUNF`%RC&LGmVY8FQyD%$xvF@g*58{?N
zIe
zfCor>l0S8Ko><)(WvFcY#aI(u5Y6t4s+~z}mgd|+oEBmH4U~JkVd%3oUa6k*B7+a}
z`qES=PEAbear=4wx&-%|F&64~@Y*gPF&sAbrkl@FB!MF;Z1yKI)ESO-%@_&$r!IiG
z`U~y5`h}J1+B@@)r2LjmlR^2msH027OKtRFm(>9SD8%ABzshz0qVt|3c#fZ<`C?so
z?^CYI50Mp!ISYrD0h-*W5b`J_7f^3Drzx4Fe2C_e9j1N7bvlfS0`lM0(X+j=GzrGd&zfCn=DcLM9zW~6Mvfke#aR;&#qg&R^aPFmXNEey?S
zcYMy&ZsjR^&b=-kabb!FRA(Unv2B-y(7zxgKgH_jDl&`Bq|~UJGo__jzIgUmVfZx)
zHPhDEeN=YPmfw
z=uPktReuHsm~iv7VJJ~&PkBr%!`dE~+M10Sb@l}Ig6gL%q$%jz4Vh~n!kvgZ>GGh0
z=4haPOUS#OY+ac>k+dq^SX`W3`Gm~8BMR}Qy&&h1Ps2Q-;n$DPGrUlvBeEQ@cTlyww5fv*UTUO~G$
z3!q$TP0s3o63mC12k2^H5>{5LULxN!Shi+k91lf$M~ZyQ
zs{hxW~thgYSApz>lPXp7%wUqN2O)Z^EvpN*`4HM_}54J8p+f2Pj*KNjF;
zfyXhte^8$CyZQ|Ln=#Z~F`7a9ov~vP)Y^pkj
zT^&n36E)QU|~j0;xN;97dwaz
z*TO*RF^g;0FWx?#4g5k|t2iSpCoiTDxA_+)j+A(vA5EqoU3}_1Wkauhh2X2GP*gVw
z!6r$}u7S&8Qxes^$MDM
zg2s&EEy?!@P&HvUn>2pLKN_F8hj@**|6yuEy5f5)R|BIwGhn&!zWSfEtO^qWTpbW(iboFPyUA0>}6sE;Bp1}x!SQGIlJ~nh0
zA3?+nHn9#OG@M8zetkc0dF5`Hv*O^U_*;!JN6}sBq`>`SDaC84cZQDJg5IAN9cq^n
z0CzAiymGIJUre(G;
zYHA@y16xX(~tq#~+LK
zLzkCm*QVnh2Xn2}?zJu}`^`zTS&w^{L@K$=fkh_VdCor$#ye><_k;+?OwV0qTpvs(b_nPaURl#_(y!ow?BefS{YJm@JqW}jT=d+j9~{3Qwz(#-fS
z@U@>jp^h)D60W^_eDTrt+TdMf>9T{t><=CGrnY@W8y+k&lq^u_!!y>G-x3@RvR%q$sXy~$MuL6sx
z7;}AQ77o14rx^8uw6AG_0VtNy%fRRV$Lg8kZVpofTuSpUKz2>yfVua
zju(UZu-&rt_Io%ZrZ24e3!w&M-Z7e+_gm5``#*?5`9DqajEeokh2@h?=U#NeaK1au
zS((No{I$8i!zs^nzx-DC!`1|C++k}nK>QA6#yq1-V1^jX<~7(x@YZvyYL^rgWA~t!
zw34Lz=#47|9|`Gm@t-76XjJc{$0LTp?9{L)(kYaiT$&F*r{*TSN4wJMTZmfgHqjZs
z(>nIXR7q%W!n2z}7S*1;d>?E-Xn_1*I?q_R)noy6QX=HfavZJO)W;l;AK`($E_2Cg
zDP)g^b`s!f6d33@i-qbyy99IHS&q3ZHy)ObA^mzSl9r!>lhK+^%I~-@lLVw4RM8qx
zhyj<`X54d=skexQOzB2O(I1cOPmpqdu(U(@
zC%7c@33E;w(w?A@QbVsPJ=c-}$U98GJ9uHsi9Y2%fltD79BBQGWYx_CrE8=#r#BwY
zr>a2Y)~4%L9o)FO)n!Nl((OsohO!%MWDX1C^j7{4{?|+iW(!69@I&ig!3FN>QX&(w
zRyuWp35Y;fqN=UjdE+Z&PXaOCZX%NlS9e8DNgbo@XMwF6rn}x}L{;LyEf1LwWT>;n
zqLC|=f8^5SS1%HItn?k*TRXz!8{V`xZw-+r>o9qn!MSpe^d|UN@Zn|(C-tkR>2+UXAg)>5
zyMOrE_Ld{n7_;LMqubkfO1trQIbt1JdFGP2k77j0mReH*X2mzNhIg1_Ky{zguugIA
zoK?bW#5jcvC{iMmlz##gi$Mo9v8pAM3{ahNojQ-mvMOTbc8a#az#-=-Lum8J)!#Y60qO`
zd-vhG1qyxnh94^O4VCsbi**r_A{~sK?DfkIsIViJ1NrOtTF!xNe|
z)T*A8)f01mbf@m>@^+vT;mDZnn=V@?t4Htgd-y?FMdR
zg9GS&G}6OkUB1cH-GhN$8xE+7OCWls&AXZ%FNQ*n1G0v%iOPx&xuX6FI7ut{CU(U6
zVshPZA`j{{I6Lmec%;OAcgLo(fewE!uN&DicBnk9lxs{v<)5hN|1)hGixaf@hr`7;
zv#k2=1<`q=qW~vFCQUw(RO=1M-0COgaxP}ZUXZ-l#&nb4Ck?23;pa!U9qn))qy4@Y
z8T&`kBCN_T28oF-Pw7$dp-ghGb2vz05K!qEI;_yw)#_xZG;JNwX=X(lM{t+r2D5A{
zc-Se;YMLOUeSxVYF_Pj7iO1>kV~t{NsrwA>k|wJGa-%X4z)lhgFm%YxR&u+GN38ac
ziSx`P3roc5G6rK6#*?&|=~%G>cT}hDw9mq4RE*kfskuTm?}aVP;Rzfc$7*UK(f6Pf7v+qXfAbJ%l>cAF
za;0ehJeCtE8#7Z<_bNcpQ(Vjrbx(Zyjg+L98VY$0KPR&_TMqk@+fk)cg-W^wo>-la
zH;K*{N7JRNI!+N!HM4OqZY6YA|2XH+?f?OK^_KxbHO{e-`E}(L)!JU+Mno
z-MfuTO0j3=r8(;kNo?{o@D16%z(;$T_)$nDGb1J7u3b2s!4YdeD2QV+P2-EnZZh-C
zIi-Gl&l7FWJJx@Em%rJuDo!f3W!tCf-oh|i_8hQR}Dx>s~uL65=WTLLQ0mOZ=uMVa!C3*)r*u@Vw$WqHI
zf?1?VnU1fJJK4ht2Uz|%&1O0VS(ga9c+Dt;yK_R8H?8Afx7@B#n`9gym4>ALG*;URlW
zg}9`bP?|l7<*y5jK9M?62%=-(7g)kTpz(EOjL
zFz$j&M25j`XrFOmNMxEe>YE7y>}Kv%J~M32-tZ^Rg+a)gF}q|09D*l7qhoDl_O)8by8gzL8c$}qBu8O1gjqK64UM7
zd8%g^H@5*;iE;i9ELvX4z@2`$>@4pIE6>&L^8j}p#dxtxzid`T$DCZ=GT}w#q0tRx
zzkxyTSIGh;05y0W-usxfDZAQkQOtWvT_N%J^`5h^lnBH8%V81qabc=^fMieI8}JG{
zuW#OFS4at%(!&Gp^9>!$X38?vj}`
z$r?|wktT6=}`EPFo?)~uXu<*SFg%&9`~VDgTrxcQH3UnGe$d!u$WgYM?Guy=3n?cG6eI%>2<2rcw*UdL+YNg=TZsPZ;qlY7Zt$o`GR(BcF!uNhh@xTr*D
z#ND522?xB4@7k!~g7$3=A}#wi|1^|2=-sgA9B=1cDw@gWS~D}VVr77Zz%+o(CAhk~
zHO^{csvVy*!=)8ql
zMXGgE*t>s@-mUs~xkA+O$oDzAHNunk9?2!6QxYsJlK_Z`UZKi2I%*3LY5)tYKE5eO
zF`_pE)y_#~{}#juz>56eF#D3(L$Di0Ixe6y#zv1L4YA(h_-Im3X8H`__yMr;|c~=C~n@&-`#0#u19NY=Y01e^sEX8}L!_@Yv+HV>a
zNKJ0Ini53pxR2D0lxsI^a1iXp($v2j1V93&A9FBgjM>ff|9#Pz3;%4U3zHIWCY!LB
zG7R3){$(fGuJ%CD!n_ZNKbGegc*Bhi*M?hw$@Wg2Vl3R3&6-HyrjnBMBm}HI5cQ!E
zz#=D_$bDQjO6r;4X6GI^Fr?nvqXX%kkApivt*gsbW@zb?7J+mprEH}DL9ktZGjfaz=ly-sSkR45Gz|k@6__mO^&^jf>rhIJRXx2gr>O
zR7-`5tBVm*U6A%=Sf>TT15&sT4SbHpmC@r@*%fV$K-k+n5VMcl4=McOc}Mw%$ek&_
z33eM(5|)PM<0rEP!m)^J+AZ7D8J98yu)BG4T`02@yfY_TBxMr
z{ZBH|@(1_wKNDbP0Kgp7nj7o5?k0h^!V>wDN-vYZK3$v?O_F!Vl_@A8w^Z5
z&G%P_sbLO4MFQ-Svha`RgIjr??#gQ?^+rE2)5Wo6H%=K&ILcr=1&MASJp3cDhUHnx
z4Ed>5)WU4h0Fe33ErP6Id--v2o+B){Htgor+S*i3aHp806ZKL{`*CB5I2r!J&$zZv
zHQcqveT^oYVcJn`6(ihBGz>W+juwl|zKl7Q!I3a47CO~OJ^|F(xTtRtlJXt$cxX?K
zzlhf?I5R9;vy3^QKIZi=80gE39V_-vtQmTL0rq!{4|oPoyhY0Wqki4|{9dPx*?qE+
z3H=4(JV2Q7#pxucy^cnXI#-5Worw>IWPEDcgB&%lZwTf=!!J9M)c
zC<8TjpxOmoA+e%87aHqx%=`g+EzBx{MZq-qDIUyD{RpU1>SEZ2qgr!;mHMC3_@5VP
zEK*-1%7USgT(klewqVKtCrT`D_b9~pgzf$5b_~dTq0ms=b@-=9)NT4D@^$N%r#Oq@
zq!Fig0vQI|uU}id2$K$_28w3%nHrHcOw1AGV?_Z=XR$vqDtFp)0QyRU-4lv;6a+$&
z+$`I^!^7Jr?o)Y!~&1w})GIBvx3P
z5~@o}UNjnGeKh@cw}ZT1DkImilOi%T>usC^k1B*wVVK=;`R0
zIi;qgv!rW2{`XjcVA4(Dt#+s4`Pn2Si$1o`voWrUitw1TXK{*vF|dA`o|`uttcUNy
zbR_>v775RvsZdYK@OZ|V=P3hhCLx3nJU)TF*>mEx8b5ko?(UG#MD@s+`fyLSFSAp?
zg^3c|KKpppfhsrZyhW
zMsSl8UkvnvV_?>s6^AL79i;bv;=^1;_joU5mstU!JdM4G?)<{H^Eh@sC1YzUCr0^+
zMUlmdZ%O%|k(Ftg)qtC%`Zz9;o>*k`E~32i74C8&CCvUIcqy$9S&HZ?Xr!LBB)y98
z1R$CP+NZLtbOWEAGURw>8fEN4lZyeaQ?~=6y<>du`BT
z2HK>Xe)^(|PRO#00ns4EO9&dGlqKNV$KL?$S$8VvFB5*1*g_F{tD?=j=xVBobFwbKGe
z5NA+V(DZWqrJ2mZ^v@7Ip8yGRd9f^bV1W~_Az}smB&MsFlImX$Nb~S_QlV@4ly&d=
z6Zbzb1p&{|AEvG4HfoH@%jSHO=276J33acB12DBIwj$p4qM_khlqM9C`p<-suzFvf
zQOAe)hM5{*5G^Mh_nlehwOl%`9@7vkcf#QxlOrEOd435hFD?#|lc}Ag{Xe#HW~7Pz
z@9txOuKW)a87K0!oP^(^&%+?G&M|TimGsY*00^Q2do$BnF+(w8$B`awTuy9z)HfPO
zO%@5qxp5N|)IF6^uT0}6vnbbGGhXe9l}>kjW@oru9BImHvM2(nC)$i(6OY|V@`C@9
z7l-a~oonfQ$*s36d9qoc!>s`xQFqrtgL7BK^KEf4B&BXR_!*V==p>&#!z(EcMSBQ0xx#g|4+4Vn?2aGw71W2Agg&?^gG{CS-+3DU1D2Elhm9A^=
zeR5}MN_6QqzOQ75mlS`jL~6k>8y5l0WLfK-m&mP@Too&a7u^4gaH~35hR%EDP$S^gx^V-D1{{?d57^(
zluCw8;K8i`1kg(Z7b=GF?wndPWS{paUr^VVTz(bhAaF|pfEB;mgD$uDSSuyo53#5JR>{1TkT
z)c>dZd4`rK4(x|!>a{|aH!$?WnUoGWpuyI%D1)DUZ_3;Qv!7{8r2G8;Er}02<*0V$
z0*&uicJbP4L_l-c(i&F*lNKA!RctjkYx3&`tEark@WV-l3j@zAJ4ntSk7`6odrHzj
zb_<|_R-J>*^c|o?fV&_L!_hGdJfR;?w9d;@1vXGstCLya=FM~H8V`5BDfK)@N&pDT
z$niBv%S2!WU;EYHGmdV>uU8HQ0JwO0kN*#|IM*VG;iyjGdp$aDhU;s5`d?#A9{>~)
zB2+_4j?e4yj-R0f-cp5a^&oB9!b%MxASF3>qX
zb>Jsfc`{neM&gv5vNAQu94{V*x7)(tN*Ajv!Hlt7Q0ltsY+*1JwA_aea&X|=j-XZ3L5R1f7_
zSzLzH_w|}CE{Mq9;|^nSA^@pe0HBYLQ&U}v@?=QTbi%hEc{LkeNhTnL-o}IFQvTsP
z9T6DfICQCf|6>8BPGv}?OfbM^%=Y1aQnxj~00oAq{z{3sMlJ&$2mL<7Rgxrb2Z#p_Dr(ML+-b
zNj_&W|60u+ZoS+|53!E>%H{Td4M%mmwa!JKrqZeiKtc04mrB(eN2uwc}_rVqus`J&@``5TBOjB
z)$M>_dv9iM7j5-$Db;&t4gq3lcbH%@;C6;J`Bj(Lj=s-vgXsm@rX7Os$Vx9M56x8TCh=
z*JV0Cnh=Lq`P#Pp+6uzf1V3-R9#oFZNua5yvRU{|4FtD+feCB39$d`O+l~T-nDt87
z!)Q}d?mVAJ(`;C=t;gY>LV;elJ0?-2GU7o(qDX$gymtbN+~MoHvf}OVuIa{nMTEm3
zDJ+*9_N+doHd%;Az*MH8`Qccx5TCqHWFin^INnz60qYkuY)d8Ad5@c@6bU^vX`o7)
zUeRfKq8*kIa04SkQkTs!T1jcbk8rv=xx^7%Yo0OM5b2G;G^NBce#O{TJWbB*4>@bTbYAsdIrDYj5lQ=o%*FDYfN*}Wu
zwd;`Hj5g&?;JmvVW59eXV&F&Da`o5Em^8u_#a?_ZBxBvUyW)T6K~GkDK?w|$YNOZs
zuGIz{0;M1fpAh9E{fVBW0Z6^QoaB_Dq~^qDv`OEiXohIYO3xE>3E5tldtNpCLw
z=KSwq5JM+GUja>2o0)mP)}d9$UrLEZ^gH6SZVl2Og{Z?4`~>em6aYw-oHUKdav+db
zEohbD4i=$j#K7y;&G%~qglu~x$ygL!fKiTI*i1*D4m&JPMAqSkqD!&vQVvx$>7@Ly
zoR*_mM4I-J@Hcc?o?xEv3<=ZQL@6lP`8hk#8oH10q<=hup8)}1U
zqqXg4>fe$6cY4%N)#c_u@SU8z|4MlB*q-4J0`9?gclOb;1`=(!6`vY_%sB{P1rk_5
zY+%X?Z`563D@p!8fYF-1%SMBut9vD>5z`yl99C{qxe-6ac*T%+}D}CTY`vYDs06w&GKod6kw@E3b
z?sXKqoB2fTRTq59{r`{UtghINmP)+Yfm|$0Dn!x)fq@C;BE^9Nqq50P=%|+R`d8oi
zdF^G}Pc6K#GNnwie%gV;U+U%oyQd(CP@&A`isw2
zq7`Q*6M6iG2$-bl^4o@;?j|$sYp}O!vHR6aAdqpAUt!~tQ9UFz!lqp1D(S7t*H6?T
z(pj9^)O`5}qc`snLE%i>Cp9&UxP`w9b)M%r5L%F7
z6+M1EAug^^rmF!WQpW}2C-_MnMYKFIq3^%>z~cNs5U~pf=JCdxe*eLWzJ}1LwU&-I
z_(LiJ6u*x#ky|hT!?1s3WeZku)>rYvqH^y>XY6L{9>5tAdCytQVJM;~ITK_-52P(w
z4pSsnQT$!2p;qwQgwUo!89*Ur;c(AbDAVOHjD-7|uT`)-Odol`%U6w@-oYMBij$)|
zo9^HCp_GCujpS9mDg9p%PVILf#M8ou-xqBSHTS+V1~T547z%Jl`m#KMGjqgYK53+f
z)D~sJSb0uKymcaw9kvzyV@M-(6HV>Q_&tn$Kh>8ZDNRZFUf#b9s0uJ>w|8T|0raqD
z?Y$0z=UZIBSnk)!h%fi2tMMdk=tQqzQie?11L?04J?JhYw)oX9`qX(~Xy0@(-*yKW
z`}W_CjkqJaMQ?@Ap*X08lxHD#&wDuNaiqY6Br7)-LFv+TU@}F@pn3~5y__(w{C&q^
zYrod$0J{iq*B{7nF&$f6RP~31@S(!9!b%(I7xema=4JCUQ>J~;psq2dc?N!#mhVE3
z#Rl-Hbp3Us*vC(C9K0Bd7{1XWlC#MKptwCceO2%_Ak$fn#ivKe2zdK6PnqVye1Yf3
zMfVs41p%-bD6mT6tF}CPYSDu{WKR&My%l|7C
zJ>Rd-6JiV?zV+W?eCH*uJG5vTSyPA)qL|A={zxh|b15r~wU>IlHzTAaYB>q|o97{A
zxlyDO7KMi06l_i@&k%Jm(#xJ$O1T7gUr?cijLYkFJ6pU
zbPwzYm<|DJf35}Z5lOam-AbrDtLhVX_bvk|65B+l*{Z1$p%n?77uGZ
zHaL~EDlbL>TBMW4jwafZ&a8CN&0!@JWO1Xle0!6BH586J`La(l`8XEOiQ9$g73&|@
zMglPyMFd(U&Ct+vAYS&va{tIdyAr#P%eB7*W}S7u4*8-={%d=2bha0wFYHeNXaNm`
zHS=8E2ueK&ByeMHAvd4dbFw?{PM416Ns!eSoMPJ0E6$YZ*uZW5=)6Di_!7hKLZGa;
z$sPFs>VZp-Hk_K-U~ygi4h6q&jv+m3Tt~$ikiKlD>10}#IDzVL-c>l|(ZV8*WEQ&R
z>Pw@SfKoSp#8a{AS@I#S(P^YGa(G(V$-2|HC#wdF{R%`(VFn#_s6zSHfmhk
zH@aZ*8X9g$?O~{9E%B=)nRxguO&X_Oz{{w4xlan3R-C2NVieW6YmemOdJ&Nlj|**P
z&DL^R`;#tH)T%hUYP)p7ulG*t%b_BtjA@_ko~o3}pDi^_8M$(p5T&u-8t@O_5P7*
zFt%@-$?Bcf{4BptduAr-Um@1E>u5mng#kU?PX?2Wt7f}(3@elCCvtXTKY0!u;`VW>9Cad!%Q_+CXo2L{u<9EP2dHGV$I29rt
z*M7hGvdoVP_YD=az^Vir?2%@wspPl=Jz!`BA_uwJ(lZd6i;$gFy_BRMP{9PV4E+YugC3qm|R>5I>5<#7M+Da#k&}?mtT*ak8KwVzIZ+
zDI3eF@a0DO59u#190~db$ygOa-Y$90hq6ikIFJ28&=N=|^c6Dd-H~gl^yo0*8d?u_
z81VZy+^>ymD$++gqJYv_GJXI!!YfCBe-!;r3g|0SaV0e}$GkUSOVhk^SCFNDb{u1c
z;jQ~?&|9aI!c+;^Qtev8LYCkz0;>pH_{0J=-NGsm8688>N`!0lrLmJpkUM>h!t8te
zUaX!&AMD+8$|ODe{wi<-7Aih~0Y(olHlG1+?>j4q-Dtmwwo4@iNMQ?%gxv#uXOLP7
z{9`e+ytOj$5qk&sO0_SJVgKNZ=6n}-#5B?D1RG&lW)yJ6;Dwfpd!GSo1CCZk1hSKO
zo`q@)It5UX?X)n0ps1T=%E~2cl(opNb`%1@p!2
zEO1G$VP2hy%7xr+{fGrDsTXu}zN}r5py<{=-nK`>R=tD`W&@lkiFOrykGFGi?@(j$VG0Dqcn3`Fka
zDFbb&jSR{7J53s=YXf-}NLMkU-vmoK^A}6;k({Zd2{J`bKwRyW?`EQO<&M}Yc4yoG;x+-O*ZUp%-{245QLKeO~@%3GH?}nl9veuK%fc$@Wx43|6vPunAS?Nz)_4
zSCWvhxby|ECeHCm2r7!P1%ab+cLcEO`EPChoI55n;Er>qfAS!tD2Y(i}=@Y}g6K8PFR@L;j7Cr%!@7G4$}
zX(hcH;7I)QfgVT)$<0;U0$WMkgS9eal~8>eBf+TS{Xy~<#^b-5Y|cb{6mFYRmto4*
z{~pekPX0yi`#%z?>b@APzT~Ho+!|?7U%b|v`kquJA6M@b@!qJ!N(?b*TW+mao|k7q
zh(xGE`TegwYt+`lVBYf)?Gh*OXaM~eODRV~jQr;?q^AD3&*<@18$WP(kPM1-3}X$0
z=sS#6C-jNyzDaqpfrn8ei!lwyNoE{2RBJJ114JH-yiCk+?gqM`1Bt)C#WBNll;&Fr
zLfWsf*I|&2+fC+lAT@h`av%6+VBx~L=jFzbLR=@_>{qyue2=R#z4?-DY%H7V=Hyep
zQ_i4y5~H1tJjGEA1MuhCPx*TvLslOuM6viMSo~>9W=a{azTH??9`@Rp#%a
zREAUOkTzmF(w@WxDP&KLVMV=Derr`4(LCAA&8tJ|zb%G>HMn~Q)e|r?&rc;#2W^AA
zw;Ftp2h(!%_-`A})RTciPOX1Dzp#cyk?M~i+Iy6V5HH+Mr$#K^d){HT_=ZA!2|geO
zGN6F-s7+-Tsj;@K-=thgV&1@EdsANOWniuxU?&PECsvv>k^@m2kFDGLuDDoC(Au%?
zA|qW8>DbT=!;7?|KyeSJVCtUU80cvp$ku$$8o>Ew8l<2NKSp@~$J+-UOD`i-h^_GW
znP0L2(C(PO5{|fGpALxQ{o45GxDxl1bsFs^8<(hX%Iy^BTi}8)SE?wrhJ$M36BZf2
z9Lk=)?09D#Y{#@$c_wfZ_Z~hYk
z{JoN*+n(WWRQ5bi9f;}lk8In;@kx2-VUw-Wyu6vl^xV#xq#+q?jTM_uKx}PDI)!L+
z;ECD%L>dU~V#y_O^`>OCRr=MFp2>tlz)mprO3%J!Mv8~#t%Lz-K;6TN104mb2EI&;=g0T^=jy5fPOUc(N`OSUhNwBA%vq~nOjhKcnTA~!RS57jxAw4v
z$RD$Y01NQY1wf;-*}&NK+%6writ99*R-WdAdB@zV%A|miuWfL!v=bQ!p@_f^cTYJdt#cQSW*aF8AJ(?qI*4|+7ZU|X1@f=ivsHG`9
zTN&dqZg{gD+m2aZvOWEUyCPp1O)VFsZ%!!wfT^3zc0%QxWe`(*j|N{Rt(VDn0=r9F
zR@#J7=8*CSdb9yl<7
zV1IYJ{GBXbr;pw2`#o^#PkTZTAB`*swk0_qzHSk6%yD_~71%X+x7{=Q&X4V!W^8vj
z`{JA&!810(Z)t=MsCHyfrpjOT8ZKmReaXzTeufl;_iAL-TgF#k;P{=n{I|FO#i9Zqa*eiDJHvxvXi`<`ZH$_j!}Riv125-`p6&tR
zwMqYqcQkW7_RuEX-)`|1Lz!yVb9#Nrpy0&sZH|wLDbl^T0#9xxTem~pUu^(mpXITJVZW0P@IzGeSVLZdv
z;mfyRs7LYDj5?xcd#Q}J9!s$Ye|!9xshsBgc$o$`@CxVO*T|p~u{Em1UJn>z4SVru
zTA+8YJnlm@ZTHMCV185V`l(;lWi-(?nHF@6Jj7^}{_1{N7US~zt4#gT*`zN>F8WjA
zCC}E&+B-R9oU_V+NBZ}LpXJmOvVA!1B
z&z#42iU*g$8d8g*hv#MFhR4}|(VPFga@&0#oF$dNC#m34eScCzlZqsJuOKv2qD>{d
ztQZ@XsvIal!rqA16mYLH5b}u5JQhP-B@chedn(mliYqG$zx6u*SdpmKZ(=rs>zQA(
z^X~H;|81AlfL9N1-3b<-4LI!2I%yfaxA$#JD=Sgtb`BZFV&E&4e@KAzm`)fEF@#wo
z<*fB%yA^K?50D%6wPh=25yR+<7WAAwdLsOsr+gNL81hk{ZcvQ~1;qN=k5>~t!?bbR
z9Pq3}WY+{UClvI3()pqLPWKxrR}Q=?5GFMt5xr(*4dRjaw5wC!CYJsivIayK0gRIaPAF?I)e1U3V(M
zV`6H}D$$AC%ZuT?xbf1vncgcp&=mf4&vEI8&UG<#Zb6ZM9E@ly+3-wB2G=gP<0X(C
z@^#0H{ESI86#DP-#p_SkHqG7dl-C?k$dBhYzlE6)oU8cXswo}81I@HF9IoSR!@*)p
z?s?}p>wGHtk%$EP=WI+9gl@RnHue+dXan#6i@d6$!YW^)+*=xgDQKcLPfA3#8-^=*
zN*NRh#fJ{V(JVVZkG!STbCi4S^bV7=Qm%usvwhr1+C
zb8L88sB^UNBlB0|lC~vXs0Iq5;(8T_RF~ksE*&s#ieu@kZCre!9IaOkZIQ|g4IfvJI&vNr*sjk(seZ%i&dtK)`qIW(f`wUTGcOs{mh=qfF(Q^bC4q_?WuQ@XVn
zwQ|_kpQOCu?oUq1wY9XH&hW=f%9b(D%E!`}A1~U*J~sw7ShY_{n-n=w_AAY*yZmvP
zE=$b#_{&3-)rx5a8i{}9E$zo+U`U9aSXSGJv4FiHyAx}W#lT5eU(bFsm^NPfd0ZnT
zPcL*-8jO@>$oQHn5D7%}$ET@3x&o~cH5=D_5|`L5V8KGM!h1X;#(p7HxqvKHE!mNy
zvfBLvHvjHR*(qv(SUQxfT8jS~i+~9s&OhcOe*v*E5y7xRYHTuE&X*~-vJw#OB%wZY
zCA2cf6*tzMuIhGk-{~w)%70|DAu{_o8>J&)#o9eMR&%t?zFb>yFCJxrH1ih*6Oa=V
z6U5#hy~~{a-dn?mQUw6RYQ
z0f!$lOpjdY#|`{Jx|0{R@eqM5ihNfX-tp;iZaX_jIl?PiszJSd)&=)FUMu@mx9{Xe
zRcZoyqKy*(NLZ__&Qp5*y)NZ{T&&Xue+ayB7EgN6M01DZ-h$FIrJ+8LNi~L|9u48A
zpW+y)s1)s~=RZF-R9sJVz3K;^V5fL*h1_TqR8@G`D^ZX;_1c--J^A>=kW((Yke1j$
zzu?ZU6ousStZs-ow6TRCvV(O?4h$DsSF(a!35!rGS
zsgD(T=#pGFcm??`18b`^9~+z+MBNYB+}zA4>K(s~?^4h>r(%CWpV}KZ!>F!a8c84O
zNGN8hczG-v9OMofy!0nNEPBj8AVsUAy)eJOB;|j}v9}SN_oTB|jZ<6c)&rAUUWe*0
z=#xiMC5i(-Jf$7WN6Pz`P(_^|`sgiii}60Hr&w&@=3Ma7Wl-W~L(g-Bi#L#~rj+K~
zMXlVZ3bD;g#Y(JL59A)Zot&!MB?O5K7OaJP%H_sl3vEoT%zG()NX)oTn5+oRS_;Rxv_ELue*ME;#FT?w4E&nzh
zzu1Ug1pD~!q7R=OuY99IX4PhNMJvU9mM+#V$8Hg@Mwh6C0^bg(`TLE4NE(8;uw~Dk
zYDbVs^WZ@%84oWLe)!Q5o!6yWn&BbeuVpJEUMAslc5{I`d5!#EIZIyGnQ|Qa!3zZ)TECo7zW2(g<1$MwxNzZ0kWz|Sri%zM#z?i2X`IPqe!X|^JudDfV>Ioehj+MedG~w1_nhxJ
z7an2FI!|PB6j0WH=4V_$xgwR)C9JKY0le>P?r$M{mEBKfp}PqW$~$&6_aX8K*tu
zRNwj*+yHWqlmO)njB2
zUmgj$h30Jrw=W+6`M-Xo`}JA0cOMOT+$;cLb1dxZylQIcPswu`l2i~=MobD~Km%|&1A+(tX?)|%$*Gp$7&Pb^m^=48K8$&9fJ~Hw->iVefgDN<1o2+F^
z%pD#M*Le!d!_xD1EL>v|1O?E528a3_LOzNDZVScpG|G0?`2TP?hh;UH0a8J9bY+OW
ztsw$Q%$xfI#qm0Dcfa+Hnun8k?wC`Yml{#D`+sQ!3cC>gW(~{5eP;V+j+l|%>~mfT
zEf)M1cilSMeuIwRpySrrc3Z53HuKpMbN>Z^mO;wF4wyUyQ*K8%kG{eY_B#c$#S_|F4yzCpH=QA
zX2$be)VwD!@A86xc~4;8AdIl3*DC`&vWE?4z0DTk47V;X^Je%#&5m#
z)-j;20ZV^1+y6twVU+|VbC}4yio@zmfQS%91jCH&tt~9{dH@lWQcy%7r9ebbia?|$
zXRCsWph$^&d7o5y-}MuHtkSwhSk+o^!t4cz)Cf>YxdBd}K8;hSP9e{8*Ct=!*Pr$}RG+oY
zuPdd%%vfJv$NKtujWoktyPgnGsi;z=+7r>tFANp=yw#vCZ3-3H-`3@rew~OA$1x5L
z4si44P3-LK)aL^RoBEt5K0uZB3R7xAQ54WxqbQ1?)TR+LD{)7uca3jD;l{=W*4EaL
zrfH2Nr4(QQX466dl}?OR$)vS6OF))o0DvfpY7%-(hMpmVhPY%!x)42-g^({&Yi>WzyFS}zy2D({PGL-_V%EZ
za$4~$RC!iXlv2pD41fOlC+^(26O?+L0EZuJT1|k!6|0s2r4%+dH*w*@1-$$2yZGRP
z4{+ha1>C=XAK!laEx!BiJKVi{*F}+MVbfg%0i}i}NrGFqZechaP6clT3~*ztMid|_
z9ik<``hd;NOwjPNRq^n&<5aX>Q*pT
z>c*Ivqe>YC0OL79mkN^-*&dMtZ;vuljIg`Ai|f~~
zkYyQ)qNtGi{qq4Djo(zhYx!<4E93fRfA>AD|QgTsHw54YDjl9LIR$jW_WA
z`|soI*|S()UdD|ZH}K6j-{6lw{&3;bO72M|F57G<+uGW~=H{jo#!-txrJ2kSE}$6&
zZ2oV7Ypv1i^{}$Cf)79Z5O2TzHu5~j_uqeyYuB#fx8HulXf#5v*K?D7R;sU*!e}(Y
z#>NJAcXum69UXl6pdG)=1)2m@3l+Q8w;GV9DPDW+HC()S5f2|e#OI%Xj_cR2V|{%c
zMNuG*W5jXn)YOtj6_G~;Z>0_ZJ3Bkr+}uQ-=T8pY;wJ*Q=}_ZIk80(Hx(NV4k|g-_
z(@*j9&p+eAg9k43MNtH1u7U6O`*`)$S8;G~;G}kx&__f_(-e2^+(D8glgU42sWKKA
z8w;!AoS>?fvvw_D9S{KAyLS)Qu3f{UM~@K4F{pBq(oYmcf$?~ZGiT1=i!Z*w`Sa&7
z9*EwJV5)rnxw(#Yb
zU*g7%8*Ut1LRtWn64qMd-o1Nx`0$~#fB(6sE!GE^woGu63)Bf{1MCA)O5yhH+qiuB
zGNLF#uh$DsUasDhQWy*d*xufD&eR7!?Y*-Uw=iPUk_jriv!gl*XnV0$RizaA{l05!
zTf*8%^Web)Cw034GYbLokaO%{pzQDUYeWH?(uN3-KtrpoPAc`W_
zCZo?(0u(8?t82H!BslApL)zej58WRQhe(pdNj;=Fvzov(>01-F;e4{iSB?{m0_8Th
zFoo(NSwgBmjgX=!u(!8|(P$Kux^Md-0;Z85Ro>SMr4+Q*wWWGc13=A9(Kef(<_n~w
z+uPfN)*1^73ypqlL;B0x&NB-(&kNgr5`0#fo)10+ys3L%xZ>Ngk+FdB_OL=Bbi
zBB2d@7ZJW6kl?KomnINg3`ytZn}8j_KjgFa$g&Iv2M2By*%dM5wQmM(plzEE8kl@I
zvG&i*&{~)8s+qv#J+XYDeS!Q)B2}o(2iW>}JjQrD1^_H9EOh#eu5wfp@SUG+x8C1|
zca&cS!al$aC_ww*Ly^FG+Tm~rtu^8}?(`wkNSHMT2&sLW3E24DLQ5&3cwCLqCw
z%pgru93CD5s7t*|YuZTY$^o9l`NzJD7L%|&@h7ym*4hVfCE69
zrYMR6Q51C&_1`c7nd|$&<+YuIVFtB@K{gD-2E-*03s9=O{Z!uT^%{;+63`YxyGZB)
zFY9fqKY6xm0ACY3eE`H)6YB&m5W8(9N$DbBRxM~NM+twvCP)X^x*7~^h`2#3Cuo_o
ziG-DUNbTE9=BS~tEdPbfHTp=)JR{0Xo-s^UXK$`s=R)=*|S&Bpj0T
zEUF(QqLL1S-6F=fWxsA6y8JQ3{{DWsC=c=^PMN&=XqkFH)$
zjd?OTH&JnKGHG@iR$T$^dJ>jgdo@<*-el~G9`>FC!xRR&*3ddfp-cbucrd`@{e9?a
zSGz%gjgdqItqTku58Qz40jqj>!g`wMo*#vVbbd+HsMbXT8=RyB#SPOn|UO?&qN0aer>k@1N!4Kw2S*g}JVn>TN+
zpEz-1x!3D)zu#BxqXvVRnHWr!DG)Og$~JqA^4fwEWLZgj8dS4oA5g;=H0->l9ArQI
zftUaoW-bcNS{Gat1)D-c>w>k`U@%6*(Qbo)fB*E;ic%^D&;zglV3C;@0rUa%nYmxp
zZF>(yF_cd4Y%)t9zET$R1SwAcrbqNE`^9eSqxM?P2V}%msh~
z74QmB#>^Rjl$kSTP61?9d(LcfW@x2Uas2pk2bz5Q2^0z(DsV)BHuCBrA|!YpxbeY@
zHcNuNUwF^>WCly~%S5xtf&TBxbN`o_7X-|E0`o2}2$=T-=3Sn90{#QG+}}K1nup6qDB1$2p
zs*2h_3PPfwqDlx<{((P`_=5`Z7ylqsAw*RWLRG7lLR%G3MU%8?Q3(!px^ZI1@xHw8
znVp@PotgVM5B|6_`||91lh|nr{;jUYGk4CN^ZB0d`Q3BQJ%+n+H}1yW_*_$3X|@2^@d$#FM}JRlppk+)t$dSHJuD(V`Qa&lE-`gqNK(N}ZL$JYcP5vsPhY
zap|ddf8r0m4X9gP%Y6&#`=;XRcRxQ`&J3J)vqKZY&rVtuO$zLBtVKs1%;q}QTENh1
zN8~a-)|&SMKL8qlJ?Q#xD*9h{Vz+=Nxp1%w^OSWMi;G%MIGp48#C
zYxGVO;kyzr%vT=t3eIDhY-wU7aR-Te|mtVZF+9waU5*IW;=SxuN4|ZLk;$LFVKWXHE@W
zyga>dtGeBG0p_0h^0{0PJnrQOCXnugHSr`+vc{m=4NMYlLs`%|%~MLJttq;Wwbmk$
z2m#BD8Z*@@3+*NwMzI`s$PVNw4i=FzhjtRqT7$JF%?HBpiC=o(*^8H_UjaIIOn|v(
zzIHBG%slSp2PUy%(i$}(1bL%1NvBTSZh-}D6xOCzHb!F%2muZP$CWrzkZ~O>FjuKE
zU#qgzX;U>3RTbkEaumvWWT^;3GA6qf5Fmu4W}@_VW)0dHGQP{hr^e3$Ur)cae;zoL
z0QTvp-37mLE|)1h;pR&dR&c@UN?S3qlx-7Dz0{7z_rb46byL
zQfxtMYnZE4nOma-KqbzP(*v0|I4R2F~Rbp)R0gH}5{
zW7%@ho=hAo#r3rnW-3)SY{E*^rhz73E|NQz1p&So=Ey#
zF$05TawAy~4p|Y9JrLHxbyF(~XU{17b->#0-_EjCk~BY9i#F-q@#?tgChi;PK2?BXXjpKt(_*PhD{h89VRpEgK!B%fuIkp5F)j(n;tj8
z+TE{j1a{ZCZrK(IN~R-09UHKQBZI|9NVD#N0@#20kLT)t@yDNjEuZxtP+F1CWteI#
zFf-udluHzZq_71mkTL}lQfz_V4p_4{SM3AaFFe<0C2lb!1X85qfl?v&D7Q$2vimb}
zrxRWV&^k?Or%T6aswS@IB3+5&x%fGsTro>f3MdQ}C=3_Km2&ubAIEnPQf#FRYc0l_
zUB^xUv-7Weepgwue_4yYsk}r|5ec?C7Qk8xx$MaY#zx8568wk$i&_YrDcYQUnC^sXeVb$;VRPd<7W0rcYX
z+DpCLnIjBV#~dq^a6D(b2fdZBZ@?96G65^PW0Z7?{P^j69%nlb>@UDqzWv>F@J%|r;#O=nKlqLgB|oPP+&+)4oR#cw`a4a0C=B1ocif^q~u
zy?7tko(g|1js|fz8zfA@aQ@~ptM2=
z;eYz0Pd>&ziEx(yiz{m{IZ~jNMk#|)F@qxWreN=^E5PhJEEQL$YeU^zA=Ys2^oet%
zGs6P~&|m(}4`09<5MZ?@xg(INfY5t
z-kSt4U;5T}D^V1!N-P+#)-Y(?+YWncR~!!3ke*A+riT@hRU$BH9DrC=f1-K~>
z>=eKPal74_vc{ryTA}-#0UA-`w!-c%yBF3R9@ZL+wT!q$umWQ(j*zT~7;6l!NGEgy
zxy;GIe7<-q0RWPEEBsNq6r27))<8kHTNU0r7`a`r+a);=cCRZ=2gms2y&vS)#@<8O
z$zgz1nXWH7j=*9N;D7R$Cm*3tBHSy0TB%kqW6aj_l1U;4yW;_4x91bL8`d5O+us$w
zaQVRKyRg=9Oay%L=zEyR9cRr+>*64g(nI<_XYU_7LvKCq00HzjpSkor)*?hYPclj|
zY`gA1<$P|jX&wTXVH;oAU
zjgQ4g-ZOFh*vP<#u@z5`0pEM^O7goOd;g~#VY7+Sc#fon
zV#d>N5cbZv!e~Rg6*4PgR!l^`-XyRZ5w|faLP!T81i~n^wggA+LkK5JtNP*hO`QDx
zm!7^f+t&er_gf!&^5=8Dd!IJxW9PsNc%CX!IJXJ*^||6i=>(I$BddCcpRDzxu*P
zJ8=QI-(sO!sWmT+j|?C%D3xH74oBQ9l~m4MUw*T&y%^38ap9hK^XSMU?qe)WZSo*u&ykR%$DQH*G(n+V@LY`?M-N8ib@c9|>x
z^*mBNwp5*8T5mN;_XTyjM@YI|F4O(@
z9IymLu>S)C3nZIiG*v8Q&tnZ37_u%li7-xP$Jh42x&cT15@TMOF&S_~34%@=v(ZGg
zZggSOn)INz&0~-|n#35xMlGb?iu78&wK`v^FT6CjI(L1sHuK||<=Kr^+=GpPcK5Qa
zE_m;K)cql^``RnRK>`4%;c7)0gK~
z=UN@r-UGY$h;|&h+v>fM8*D!p*wt4L5#^C6C}jNIn;0OSBlj-oxCjA8#aIK%
z7@DmPwN@utt!*w}TUejDvQU|Sb)hmlHM2S&DburQxDRZnD@Ob}U=JM!Ilux@s~x?R
z@tyNgoZ!3Z4h|u@>jTmOA&`EWot4(qnr+r=8_|uWwZ-epwb{$_t8)vh8#jJ*efdVD
zOo#23+iT%o!rBR|U~4jXN8(ljB%L^VIhP5}8*A|$3C5%+v}U8(rrrvprD}8WwWamh
z%k!&qGt0HP7p^VMvE5%owp({^pM6VV`^Bxc$*JY_#`A&a{$>~}YMbrO!dheg`ttgX
zsp;kG)2p@lshQO!cEk2svuER8tH(PI%})TfU)*ZDybFwf?7e3`e)UGxd-3{8m2C@$
zZ1>Y1bnoc3YQozHwqM*z00|5L$AMu|n4QqQmi?)K?H7mn4-+owTAEJ^*z2!9b+B(H
qcI*ec8+YSw+>N_&H}1y&k@#PBqFmbNklhHIH_5B^y6wW#RB{%tYKfv4F{*{2Y`vKnW_OArI-4F0~w}0^j
zcyGl`#x`tdp9j8==XGwYwWh19OO?yzHOrSTzhvdgl^cbWE0>Qf?_08@U)Adkclhw(
znJ8)Oj3-PlF%;z@!EQfWu`6+MgWk-@oroKl@ukz?m&gQ?%9$
z4i0X;{F{`&uX*=3hq(^adfMx#N!UMG%Y
zthHEcfebK!5E&^-DS|MhR;^O4R%x|b?A-bDr+@InAO7Y3efxI!zLzM^drK|gts!7+
z15q5&)6;Xs9k<{9XYafE>i0YAn3|fT)oNj_#TZSRYK$>hYjMskB0x%sQVP%WP)ebc
zqFgT1-`|h&Jf3;_>F2)v_kaI|lP6DpzZ8}bLj3lZ(K*Kd5TR;val
zPo1LGY@)SpFNXqj0riYSWOfC{q@f&eKm>~x%SBuRo&ir(H{N~ID}6wzoj
z2!fElzFvlghIrw{7x#bjzHffK*=+vQ_x-nzfU&U+SKfK&ojW#e+_3WK(WA`G&C%Q2
z%N18#!J0K|2*Qy1{5-pM?c&*IpT%0c$U`h_)>_guWz(ijTz$@dR<4uy*YlKJt-|uwlank|e-Mjzx|0)5aqwBhsE?xTQ=;-Jb;FzDE=Y|_T
zz$ZTWNsQ5iVaPMjJj0*-@gGyK*SX`4JGlGqyGfFiLim+ZNGUmS@+7ThlNHNX5QG6~
zngZZlCWc`c@TD((iLZU_YgDUMKL7d8bIrDGM6C$l_qp%B`}p>^AEaC^Q>j!KA0LnQ
zy!`Tw`(J+fi8n&P8;S(WY(pB+16Hu`!}3;_kb@z_xAM
zh~gNP1IWx<@V)PSFIV;3+HOw>nJ)v8B{nt%(*jii>1DPLSZ8szNO~OK{qA>ZwOVYy
z^;V>i7-KNjVzkEdeGVKrz#o0_4@r`QiHQj&CMW6c>b`65-aR|sG6FVi-1tW)j-U81
zD^@J0TCK8e+cy5-55I^`HA+dOl1QmgGK=R+r4j(z7zAVi(8B01okBFe4~^#`*oy7B
z5rV!v;d5ALv8Hf=J^-y&)Q%{PH5hHs+E6N&_~w20anC(pMk$Y7yLK@$GO|ZXb>;s3
z`{rH?+iPmT`t@TY&1Um6_4+&jK^XGucYQbuZ7JgU!f*x7IpR1*h}^8D$iO=X&4W;X
z91(vH%#V&r;m%qty-EsUO1W17P9|lLKsibbxNc+#d9)hl!&mnQmtHC}?N{$3aejbB<=K
z$>mr43aeJF#^wRk)YR0)UFxr8-q))2>WTcm8>$seqE
z;C6EkTUyP`JAcGX&xg@z4O+k)Fbm8Bry-eJ!U^w_93J{Au??^$&F&*I_}LIP3zUlG
zXI)lbFb2=__`r=fwufD|Y#Ehm^%FxwL!~!Nz~;@HOWU_^|Gisox#h101_qd)&({A<
zH{XnN*`Ut4T(Pq>*S2TmT!R=yZ5`vof5G0`w>hG}Kx6K5biJRsAR;$Ij(a|lp-+udJ+qZAO?tBEC
zZ)5eZ{GZ8&1Ul*k3IGn$B!QepufML2fp=fMn*=EQV{q7%2Vy)g;x|aJe9je
zmHYP$LKH>J&dxG7ACYK;*nFlb2
zG&LBlNp(sb$Fy1zK@jlY{_CG|-+lLH#7o8I%@=d!l~I&p*HaoCJ8D
z*S})LiofXX?fuxHLx-51on1uC)z@6ZU;p)&an9j;9-i;v`#zq^KzmB%M=x`WLZVa_
z8werL#?Wjun4g~~NfNTTl?cqDaeUvWR;#s>C6fm|Swdtm#*>#hDmo3FOO<6lS%HZH26B85ddphShdh{sAjvcG{zW-NJ%1zeV|Ij7?aMs$S
z^H68E^g%INl>vpA5iQ(Z9
zk~GWJZ9WUGmuinygc{aO!J
ztJQ!7rhh>K$b!^7ZFSVTx{y+$wQeUjQc9%A#4iJ*(G;`la7v+^#9D`x5-SB#bVw^&
z0p8|o-dWrB@8(RfslgOP=nQD3>dgMW*^9
zFMWB8f`j6DCMC%
zk1#B?u{h^s6h({u?S%*cOi|93Qnq(>(lo(2Fh)}fON1p01Rw-XJCrJBQlezmt;ka1
zg%uwmI~uVNd|UjSTcGmxj5Tja(=_Wk%_78nDOl_9Jb?tHlI;q0?t#u(_&6s4Qp#DG
z1MobLDBs_+)@3>%GO^NHlZGi_5D@qQp6{WQLs^Ma3M(B_W`R;M`y#IhEnEW5b}~C#
zSb^&ZptZKG^u=~t+Y0h-v~Fji);f$f?I;w8t+kCeVgVCUN-d@IJkO(EuahK6E`(|B
z@G>BoMOe~QXQAGskE`;9uyNJw;w!{Nzn+$d_1
zrr8!--WtH^*G+(P?zoV0Qc5)>q-1`6ojkG37Q?lx9ghJqCfF{Jb62|!L(sxFH
zKnRr|Wv5WmhF`=2_G}%nu1$h2@&TP-O@z}C)}&|+*5vibe2e|`>C?nhn%Cjn`i&em#O`=pXXLI|48Ca1Xu=XnVLu-5)WN%=k@B|6m{JaB-mTQ5Tjft0h1tqs_8@w*Tr
z;`GsbnVx)}>F65jdJJQ_G16;WLTC0D?j-c0oXjCno6%o@cQ73fUMiKDx?Y|9efv3UvDe*`xRA_Z}b
z+VWc&i2jaN`Yf%aMx=)k!q0R-6icBKJT10>gL)h=`a0^r6a2e2iAf4
z5um`Hq*OW0=8K1U>7_}Ydtr)+iQ|+?0Z9t|z47Dqy59SSE#OB_I{T@+8h?w6SvAt&
z;?XI*^a-|J(o5*?fpi9}&AK@OVlQ1I*U(?xL)F_0dWJNKvtmUY6UQ-8eq7j-;yfv?
zB_zf5BqdEFq?@28*u_9!L}lrvkp2_c2&@KYA%2B{!D%kusHjgo#OR7yh6W;>NxA#q
z$M>8MBfQ4O$g!urHDCGGJD$-ulvDK_xy`FM)8uVe14n#thUubYmkgI4-zRICj
zW;rzT0p_CBI7*9VzbJJtltGtgj*IGj*5a%|$$18T{XJ@;QiE}0~*@sASt?zl
z5FY^HgNp!@cOS6eOtu`NV_;7KK2i>ah_zP%Z-M~VXc6x@jarfmT|VOlaIpaRLK4gz
zo?61vB`_boOfy-^>1K$rGV}MYvxQRZkF@E?$&peLdNF;qlPv4mM_*qzm?N2$Nt1)k
z2@v_w`S~?J3oI;|wdzCX41ivnfHl@|`29zbJy&8|IRUz}?$1Sl&3k&3YNd~*y~ml4
z50RQ4T50Vp0v5J*iYx@4G;~#FS=POW!QLjGj3GV^ssz@7w2Q%G7Jy%14M>vasaG%b
zj_HLrN1IPhVM7RpfOs)@agNz92yh9)#Vn~+X+(R8lBKxDDiTxbq|OEK4g(0Xs!=Iy
zFwpf1%X(j-7DkZFfymzwl_pbv5p=+dGpxb|fP(0!xa8o>g&T8AM$3H|`6?wp7-T%cXJ4ASg(wn>kC
zmBHF_>hVSlOELD0Ve`l^@FM!UrWvg4qnsWG97vI^XSo2hG`TfcIv!vS^mGQ?y0*Id
zhRXqx1cVU6o#FQ{;037CpqCO*sEAHL9|w6N6C@GjL^!aydvrQK&n{y@>X=$-hVCwl
zR%KEhvamo?xW>?f?pjLKjze02CkGqnBotyC=eICmV=zhQmc`b)fwaZ&oi`P=yR-H8
z`~-}-S8XD`At(54S~&?JS@7%}=oX09+3zp7GkQKrByszN$%^VaD=p3nrwPItWZGJg
zCX%lYGRqPv+5URoEQ?c1OSU>QiO`R}#Q%Em`_2j>Jiwf31s9A2cl|&Fo7QlfYjB6J
zxk5@-p{U^H)CoFra3K;>c=p6F-+%FPW}BmgVK-rr?Fc!t?W!n>u;~=5hIaG8cRb5b
zPcs88&geyx`GokLF-Rb4ae8K+!>>&7%;V3?`|o{7{Pd-L=rpxyu9WU|5g>#RH@p{q
z_!H+I__7yz9wVM&UDe~AHR;|lP;r|Ed)-*Ip8-5FIY=Pi6za@Q0+FHd)u+Op_x?j|
z=HQWX;G8OZo)-!se83rNB5Q114%61VE@|+oTN|scxk$egg}`3`T;{|F*|}|E#!rcf
zL*w4zS0=nyUY(Ttj!&!olQZ)0sR?=f#3?m5Gp7=Vh@>D*l0;8WPdi(@M#2S_fOF1u
z_bd^YUiuE%-@V?2fg3M{_H+>1-JVBRwPcqJcIk`8mLyxY4maMjZdr3nrO)=XH+ywv
z9rHp>J$a)0$9sdwigb+RD>$?!_4mJ5MW#k+}4
zOixcQn(^~mz~JD3*uMQXtV8;KC~?jQLMbUpNku6tp64n-Xv$sHsQaSs*;N~QPHtIU
zJ+Y-LoFA6Ts?&bg;g{p(PwhLr;_%^<%Vz7XN(ze;qM}?*UM}~f6}?^a;p&m&{p*(<
z+PK;sxiU0yU#f$~Og!-FfyU@B57bxepKNu{rAc6%@vK87AR{4&gb>Z5ODS4Hh!zkF
zA<`sCY_(doU;p~o*|~G4yC4Cd`OIg;b=Td%^vs+H!%#^nJ*fz!AQV!R1eB#PW#!_E
z&wMphvz3xRS1S4SYUtOio{B?l!=!138g;X_9-F~LP_ncOqjZ3`2@wdakg_F9@_4DH
z4%A9&sv?C^+Ek;+^fqGMpJ=tZGD%B4r9P1`!L05VQm?5`q?xIOh`QoVM1Q
z!NEbdY15|HCxQTn4n8VybtQ%NrAtC#(~_{JEU{%NbVUkX21*FecX$e<1Si1>;RHB^
z^J=EW(zG5`ZK@GkTbwJ#7Dy%Wq;Q_ETq!hk1*cVD#(iuokv7)=g%HY#{J+m3l(Pf|
zQA(XC$4-PXsvJ2Pwh-kOq8vFZuY@>Oa6gtKBkEi>KhBQ+I-^z-7XT(B`>
z!KIXfc?QbU1j>Sxi=Ixj|8XF!1LJVo;!-1QsOa
frSm**5#av=n4q*q!*7Jc00000NkvXXu0mjfhSj~O

literal 0
HcmV?d00001

diff --git a/doc/sources/admin/icons/windowlist.png b/doc/sources/admin/icons/windowlist.png
new file mode 100644
index 0000000000000000000000000000000000000000..80aa0fa665ef70048669e49636594f5204b59ab4
GIT binary patch
literal 1910
zcmV-+2Z{KJP)bDm!Ud#k}-v;E;rAx0JKYskxcs$-@@#@3;{5;ds(;Pf_kpBLD9LHgDa*}vF&Y?qx
z@H~(4@o|(=3=Itdkjv#59UUDX85wzTVqzi-=z7`|z#bVH$qfz;TAt@&jM;{+ZH;6y
z$=uu=u~>{7H*RqH^l8S%#uywNB$-T-NF>N)GW7KHkWQzWpP%QQ{e?|`*>+O>g}NF-tbd-wW*b^<8CPN&m!baY_b_IC8GCJYP=u(X&ak?3aO
z{dtZYIl|<`zeyx|NIMRLgMF-KvaGIZe9xt?x346x<2dAUxhT*=-l}UhV;evzMI;j0
zj(*jQuC6YQ9vi}U4XvMfj+R!N&%bz-Rc8&$7NQ-k0Hp5c-Mq7_qx7!U8e@!*?|l6V
zux)!sN56>9_(mC8da4JeyDzq(jPLtcmKCT?8^E%xU7>)WXoR~;7VyVE45N^W$RH0X
z{u3!*BS^8JtSd*k?E3rVyQ=zrMVo@EsArulQf#~YXk{hM&KS`LuHF$ioZT0mG8V9^M5l`KG%gp>po(kKav2ui}K
z08x3FgIccuozv6PE8}BReBq_q0wH4zf1g~Ut*wnnBwRB`Cimd(pND6E@Wbz(`YE8x
z93WD&7H5+wp4s2W{wFtnm^@Cr{>w4mUvdD$t6x7#Pgj&TFTcyJ_m=QHpI2Ufo&y8j
z{QS*P?%YkIwdUKe9P3T&X+1yo*Y91q{F@)$EXM(ss>ub6G2B_q@Z`t3`OD}nQkmR#
z_VJ-uSa3)=IhI#52*QP54D<1)_cAlP$ZB>CL3r(r5uO_CVm3#fyqkQu#pS4wc
z%MdVI5eU`B0a|N3&*jS4Eu0vIWo?2C(u?k3)JEQ#hjs7LT9XfdwN$3Vz9Tj6Kw<~V9*%gg-`EC
zP#CSjG8mx0H-mHVXJl*P)gC+(aM#PSz02yGkO$M@uYlD!1FcF9_TOKtKfjzT|g;CBGyiu
z<#OzBZ}X&n449c)MOC*)V{V^mWScR8G8cRp*1T4!&Dpm~w%>t!tZWvvlkor^B1`epl1&S6BJ{J%vd_EV%
zuHb-rDycjVmjx8v*IFM3)YXwfQKiC{NG)c-i>Tm$+D)KXHjGJ>QVwxF2cUvjK=|^A
zmQv+qJp#`H`LcFMU7&E1KNKHGJr+=UsVOo&R)|QI*fu~WlUa*K+gsm$`<=qdt5CHB
zTRIiA(fn`G@VQTY6w3-0MWcjsO9W{NNQ4SOK06rven=*=m
z-2@BpLdpSx!uOlN0j}>6#?L_!@S0%(u3ujcWw$^izrBa?}0B
zZS*{1W?7e^*|Lr5hn4qo!0gS@1qh}9^ONs?iVCOfFFd$1n2~w0iG(Hhlvb);6Csl;8q|D05ZTFd28Ck);WaT1RqEN
w3qY=siOeSdGc}8FS%4;=|9C)N86Rx?AGQ5J)|3i4ZU6uP07*qoM6N<$g1VcRmH+?%

literal 0
HcmV?d00001

diff --git a/doc/sources/admin/icons/wizard.png b/doc/sources/admin/icons/wizard.png
new file mode 100644
index 0000000000000000000000000000000000000000..9e57c22463803f1223f8d3742dc60bbc781a852a
GIT binary patch
literal 5813
zcmV;m7E0-fP)^S8Cx1{v7N=lA$Ut3ub$ymxnA)WDoIf+c}2ZqsfeN~
zkcGv>Py{fL@JA|v0MCS!-?Ni=2?QI-j))Y?mTftwEjFLyl)f85*MGqNR(
zgcqvFH#ODw_H>_nzTY|L`+nat#9E90$U@)l3B29%0|4Ic3B29%0|4Ic3B29%0|4Ic
z3B29H--to};`3hsA)WgcwJ^ry_ppGqu-3vD18ZA<%kPb8y>Ht0))<)9z0SvJhD|*F
z*yCt48lZ##gaFp!^w~3)o!_Bn4?6(vq=epm?A2FZzWuh_{&Zkqz`kJs{CkyW4jrCg
zjQ)2i=*yfU3cDf`_J_C_566bRH}4U0ywUVQ>RX0dV2cd`|rR1MCGg~;P|Cm=17!@1
z(Uej;58xCbYhFK?7r#7p$pY2
z{`T+wF9!PuP`yxn{-K8-da$>*?~C_+_V;F9Zyd6oVCawj@N++Et^GunWgm>=7)cT%
zO*@L`%69;;*0!f_b0Co0ECNa>D5Id1fiVWoIRximJin%t)hVSX2=Jn@=6lAN=ZrQ-
z0W5@3h_65VbyTa>?!MmMpLq8zw|w;WJMOq`U}z9WjvT?`k3WV(&pcCW)EnRY&;RA_
zFPF=~KYjIqzrC!2mj&PtK6_s`q2%|{H2sAz3`rcvNYfNbX=tUOUPtkKxE2WceeMNb
zyQBmFp(F=}QZUBB8G{fUTnGp*AcO#8>_VopSLWyE_fJht)A!zT%YVE1-S65ICkdW@
z`YAm5dBvA~d6hKhe5C+b2`{B9{T-Svo98gMLGRA&QEA=-I
zKK#&$)pK0q294352%F7qVKYR_;H6pGw)WQKllIFcEZ0|1tJT`u_~KP1AeUTqV+_(X
z1tkQdBV*XPYZt~gZp6~^687%fhnJ4Lh~?#FNLQl2zaLUcEG;cTDFs0V9O=NoqFf2E
zvb>U0V@g2?I^KmbaKYg^4qPcGr7I^Xr62#Vci;VhR_1rV@z^6%Yj(h|@ASZuxXCUbI)P=^l7AN3h7Dsz7NiM`+JRg14=6hArJ%swAP@MVxWHj%S+2>)NAd9
zpp=5q901M*1m}>_h3}WZ7=yKTR%`XY9{tw0o@nm?t@SU5&CpBYq^*4J@)WevFvtyF
zoW`gwRbN-h)vMgPHpU>!GH}K)GBS!CJ9c1fd>qYY6VE^YJYISEWh^c(z*-B}bmwS!YKNTf0k~Be+#1heR>M@M((v7$AJ(6*4nmmtH;w?!xZk;7=t*DK?s58c}U|J%|@er
z};4O>0h*MfYJH`X`1${v~YEqf>NuQp2_{Z
zL3?G4F>8!jYjR2{2+lD!x)IxV?!?%pjfmqICr+NgiQ}(ger_IN7y<+kLV!}*R_ana
zspVO$waBszLI}8y3#&AmVGagih2oqSe|O;f9z4&3QX2E~^O#$hM-)ciAcTDC!cz6Q
zHUJj(-7RC+`fVw$wT96KrkD`1fOK5cnhodz2vd-m?(QD!-t|sQ?%0k}xs18FS?vGL
zcW~~^8B~|5h@uDpz&QsY1X-57uF|WGY0L03#^4l+GfH8KGAK!ht7q`{4+I
zD2{RN+<9E6UdZAkd6W|J$BWeq|GfH{8~|!7E1M`|&_+WW18oYWi&tGFD_ZW%;R2F7
zXrw6w7wGNn#mzUr3ll%|4kSr}(^IE0eex9M=I5}yw2UZ@KnQ6YwJghCv(4MbC%<@&
z(vA>dl%jRAg>VYmEa18>eBXzZ64n^3)M}Wzu!wrCHmj8WDxvtxg~i3gcpc#YaQ5su
zIx#Vkqut`~1=-27GWizFltPjua2*FbckaY(x8H&7J9oeugKs|mC=MR@E@scqV18j9
z)oL|&b(Dfq3Jd$16>mw)l`_g8c<##`$AKdpaL#gmvC7vAF5ox%c1apvqQWec+cv30#5T)dSnYr0#E~oTs0H|K5K0Z4$
z`|CqPLr9YpiYjQD2Q^SRx%k+urKM#&@$Dz@g)e*_FTHpK
zo|LEr0bIug7re;Xh}pi2nAzBWXL&$;P9kGIS5cLl>q=tOG`L=_5|vU
zI;7_%a|;VUM+y0Vix)05*Q@v%002C7{KWBZOV7Kr9F$juw?LL=7#$nKPyLVoiGlup
z2*Gje)#G^lvB&VpH@}JRzjOrFS_};iwkc~nG&U{mE((XOU9-w9rSsf?XrJq#5}>P6
z0plF?S{>78rcqs51|fi7Dq(DV9D_qc@wu7v-&kC{dgXytOmOq~_-4-76I-skZlbTR
z4^b2$3`4|m0>I*@Kl~AF-nb;EHSG#U-e&dp(IX$c?%-QC>?irp6{39>ZB;LuR`)KmL*PM@Ay
z!||^g005ZSH2%ZZn!g$7A9&a3*eHC@&r?rHf-uU%;zpwZ;RrCw+Go2H%Ug7kA)S~2
zq+{svd_jKRg~*jIm&>SB0tm-J*bH%gW(F%OD{x!~1A~L;9~gk+xJc3jVY7)SigJTW
z2nPBG!hd?=+uP4fO`rNV15kkAX{~>SG4_i=P#&pNDhSE}q?F)-gE0mG&`LvT)!_=Q
z1c@N0o_g~$9X8O$OHw1tV5S#j~wRak0K0pY47o}v2Qo5_sI+rY0
z#t}|VWu4qFGsg1mOV)
zvMfUwh6tk&Ns_j65nOQiehIEC^PE7IB8nm;X`ZP0{!1_EV@HqPc<{i17p?_>b*IJ8
zo;x=KVCMIKKe_q;Km0JpHg3eb-}@f)^z?!+a=8rOF987JBt{hGR9YK@`Gt8rwRbP}@88d|Ec35L
z`Ktn;CCz4YLmWlew{IVg9X*PjyLMs6u3Z=(A4gZE3sU;NE}Y~Q{e*Wa)ewnFE6+^pwF(FUrS;%j0>H_WC&{s6$9jbjz(wApRRW_lr?k?O@LZV#
zASGN^LOL#7SHkl=NY8_{7D*B#iDRTir06(K&M1qTLY8Gk>aFvf7O$q1z!MTlk_^8k
z0NixbO}@2u(D(f{D?xyEbjOMq-6{BdD?#D;KBVWvl^$Fv!8vc|@jC94T>9bYgz3c{
zC}WVG2U@R>U5oO-Rkp}1FE95?Df=A9Ddtq<53srjdJ*MitWc14>IPTYo!W`aJNXLO
z+#bjr%n@>V^e!n^1ppyrR7&ZQqBR9Tr!M$bwA|V}-dO$PI1U`g839namLabS0LIuB
z&-2!-dOP&JmZx8ZSc^Q^YL(xSCu%6AkW%&o7`c{luL=OiakdH}ppEG?J*}G1n=KbV
zPwPAq^?jccLVoC4#=I&3Jm1?%DTPvM&FY)C;s}sc&of1W)*57K3MnNRW4o?p*mVQo
zm;93N`ID{OKag)h+i8n=Q-z?zAZ=j>jJ1g47(xhe&ThVzajyu#@W^n>x=udlsR0!Eu6gAGJQLB(<1-IYqEcVu*gOl+Q5w@0`v0Am}+2q8oaZWv^Y
zu@49#Sfklolj&_Me{EjqswK}r>2|kCk|aoy1fKLZS=gH>rJNALwp_PmT@$)20F+Y3
z7?X^$en&WW8DkJO8msz&-hAu-dSa|Cs?~XaL8D%W>o^p^os6+Ep+piw)^)ru`JpY>
zZK00i2-kHz#@Kct#CuxYyd|rXAa4Z^Ajp#|gpf9=veu$jueSoF4{^>%1s5g8nAo~)
z>lHz`Bo+33p8}ASQZGxh_iCamD=RBdN`W$#D_=A+wI=mu3u6>a=YN*A%Pj4|dWNiuixq2_d}XmyRBN<>;xEm6grysI67oEBbL-K~H;E&{bLCs{o_jQOfdKKWD66
z_vc(dYXhoikyPmb1ppg2Zag?VJiMTk%2Ux-XtxC}gHR9zCJ2J8TrQ{m{r$D~zyJMz
zMF>$X4$uOj9sR9RzI8-eh0nIZTJ?Ve9WT-f^liILMpqY4SurkUMOP`>tKNzel~O2`
zO7pkgdh1t%AW%UNL_rXwK@eOKfJ^Rxa=B~(B!rMUA*8Z%=g#j@O8@MUM;`g#aU8px
z^GjNOf>j}GTUoP;%C>5UIiazp^S)VCUTdY;TeXEw*IoV{Z8YLIMx|1jyXT&J{%~k$
z=u8~PO>1qvXwlcNo!vSCkWv}|DW$YVDV2;f{v+@Ek$)T>8D9MQ!(acInVFe)7~gLf
zDOPuim^NeUbc-sb!ITDN3Y4jKdP^x)RG9KUM6EQG$-7gG)@{1I`aepvQte974L58(
z_!B>Q_m_LRd#1uDY!X5iw9++WO={P{(JxyV`Q#@*NeLk?<1BE5(z1S^yBx>qbsQ(~JWo`s)eQ#^9=zq?fdjWr
zPoKFS*7B~dF7$MFqf)6L2=ba@4uXW^<~c#903k1L#mHJp7qm7h6c58DYAY+aP`!Ya
zl^VF<%`IED9C_cZ@7ue3_wHw0!Mr*YBZ|VjEY@tI*=!(ehDeea*4i`(g1OPL(G%Myw;h?BoIElz
zGIExH#8DinEX$fosaldG^(cy(VKa=wFjSxV)Th=Rovphz__;s&9Pxdhd7dYvl&<4A
zz7V3s7%OqkJ=b-)5Q1r~Wo@O_GdnjsG&?gpGCw~*ytueH&}@diTI(QAQb`CL$C1#+
zKxL_=lqS-3BT8wltE;lq*WWicykW!n4I4Jh3=R&?m&@fEfHX-Hm8NN?wGNe1%`D5p
zG)==ej*~D9vu2}d_UzenRh)d?0JP*QfBh9IrKGOwa>sET!G+5?cNt@nF(xUc4(D75
zAt>jZQA(*Xh8ttJ)>$({wR8dA1Aw(H%j8e*EDl=N?)EJX!
ztz)HCtdxqgEK9R2OXE1!aU7eEeE1{R6qEle{z^2t>y7y?00000NkvXXu0mjf6wMQ(

literal 0
HcmV?d00001

diff --git a/doc/sources/admin/start.rst b/doc/sources/admin/start.rst
index 219cd5c31..71e7aeebc 100644
--- a/doc/sources/admin/start.rst
+++ b/doc/sources/admin/start.rst
@@ -1,6 +1,10 @@
 Documentation for LemonLDAP::NG 2.0
 ===================================
 
+.. toctree::
+   
+   Documentation index
+
 .. toctree::
    :caption: Getting started
    :hidden:

From f956810e48e3c45eb8dbfe4be46441219f089fdd Mon Sep 17 00:00:00 2001
From: Christophe Maudoux 
Date: Wed, 23 Dec 2020 22:38:58 +0100
Subject: [PATCH 059/357] Redirect to Portal (#1976)

---
 .../site/htdocs/static/languages/ar.json            |  2 +-
 .../site/htdocs/static/languages/de.json            |  2 +-
 .../site/htdocs/static/languages/es.json            |  2 +-
 .../site/htdocs/static/languages/fr.json            |  2 +-
 .../site/htdocs/static/languages/it.json            |  2 +-
 .../site/htdocs/static/languages/pl.json            |  2 +-
 .../site/htdocs/static/languages/tr.json            |  2 +-
 .../site/htdocs/static/languages/vi.json            |  2 +-
 .../site/htdocs/static/languages/zh.json            |  2 +-
 .../site/htdocs/static/languages/zh_TW.json         |  2 +-
 .../lib/Lemonldap/NG/Portal/Main/Display.pm         |  2 +-
 .../lib/Lemonldap/NG/Portal/Plugins/FindUser.pm     |  6 +++---
 .../lib/Lemonldap/NG/Portal/UserDB/Demo.pm          | 13 ++++++++-----
 lemonldap-ng-portal/site/coffee/portal.coffee       |  4 ++++
 .../site/htdocs/static/common/js/portal.js          |  8 +++++++-
 .../site/htdocs/static/common/js/portal.min.js      |  3 +--
 .../site/htdocs/static/common/js/portal.min.js.map  |  2 +-
 .../site/templates/bootstrap/finduser.tpl           |  4 ++--
 lemonldap-ng-portal/t/68-FindUser-with-DBI.t        |  8 ++++----
 19 files changed, 41 insertions(+), 29 deletions(-)

diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
index ae50ceeee..07f74ad37 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"عدد عمليات تسجيل الدخول الفاشلة المسجلة",
 "fileToUpload":"الملف الذي ستحمله",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"لست مخولا بعرض هذه الصفحة",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
index 6aa8271ac..a34a1c089 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"Number of registered failed logins",
 "fileToUpload":"File to upload",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"You're not authorized to show this page",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/es.json b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
index 26cae317a..ae5062ad3 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"Número de fallos en la identificación",
 "fileToUpload":"Fichero a cargar",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"No está autorizado a mostrar esta página",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
index 3bf4b1c8c..be612c88b 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"Nombre d'échecs de connexion mémorisés",
 "fileToUpload":"Fichier à télécharger",
 "findUser":"Activation",
-"findUsers":"Rechercher un compte",
+"findUsers":"Recherche de compte",
 "findUserSearchingAttributes":"Attributs de recherche",
 "findUserExcludingAttributes":"Attributs d'exclusion",
 "forbidden":"Vous n'êtes pas autorisé à visualiser cette page",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
index afd0265ed..66f28adb7 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"Numero di login registrati non riusciti",
 "fileToUpload":"File da caricare",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"Non sei autorizzato a mostrare questa pagina",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
index dd11b6043..cd5797135 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"Liczba zarejestrowanych nieudanych prób logowania",
 "fileToUpload":"Plik do przesłania",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"Nie masz uprawnień do wyświetlania tej strony",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
index 37c5004a5..1f862e9b8 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"Kayıtlı başarısız giriş sayısı",
 "fileToUpload":"Yüklenecek dosya",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"Bu sayfayı görüntülemek için yetkili değilsiniz",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
index c8f390490..37796b6a1 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"Số lượt đăng nhập thất bại",
 "fileToUpload":"Tập tin để tải lên",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"Bạn không được ủy quyền để hiển thị trang này",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
index 97c25bfd3..dcd8b3e81 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"Number of registered failed logins",
 "fileToUpload":"上传的文件",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"You're not authorized to show this page",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
index eea69a926..fbb916788 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
@@ -329,7 +329,7 @@
 "failedLoginNumber":"已註冊的失敗登入數",
 "fileToUpload":"上傳失敗",
 "findUser":"Activation",
-"findUsers":"Search user account",
+"findUsers":"Search for user account",
 "findUserSearchingAttributes":"Searching attributes",
 "findUserExcludingAttributes":"Excluding attributes",
 "forbidden":"您無權顯示此頁面",
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index 4d50e0ef3..2ca925e7c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -485,7 +485,7 @@ sub display {
             {
                 $login = $req->{findUser};
                 $self->logger->debug(
-                    'Build an array ref with searching fields...');
+                    'Building array ref with searching fields...');
                 @$fields = map { {
                         key => $_,
                         value =>
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
index e5e8d324e..d9c67fdf0 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
@@ -64,8 +64,6 @@ sub provideUser {
         $self->logger->debug("Process returned error: $error");
         return $req->error($error);
     }
-
-    $req->mustRedirect(0);
     return $self->sendJSONresponse(
         $req,
         {
@@ -88,7 +86,9 @@ sub retreiveFindUserParams {
         }
     }
 
-    if ( scalar @$searching ) {
+    if ( scalar @$searching
+        && keys %{ $self->conf->{findUserExcludingAttributes} } )
+    {
         $self->logger->debug("FindUser: reading excluding parameters...");
         foreach ( sort keys %{ $self->conf->{findUserExcludingAttributes} } ) {
             if ( $req->params($_) ) {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
index 3a7bdefc4..7decc803a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
@@ -99,13 +99,16 @@ sub findUser {
           : ();
     } keys %demoAccounts;
 
-    my $rank = rand( scalar @results );
     $self->logger->debug(
         'Demo UserDB number of result(s): ' . scalar @results );
-    $self->logger->debug("Demo UserDB random rank: $rank");
-    $self->userLogger->info("FindUser: Demo UserDB returns $results[$rank]");
-    $req->{findUser} = $results[$rank];
-
+    if ( scalar @results ) {
+        my $rank = rand( scalar @results );
+        $self->logger->debug("Demo UserDB random rank: $rank");
+        $self->userLogger->info(
+            "FindUser: Demo UserDB returns $results[$rank]");
+        $req->{findUser} = $results[$rank];
+    }
+    
     PE_OK;
 }
 
diff --git a/lemonldap-ng-portal/site/coffee/portal.coffee b/lemonldap-ng-portal/site/coffee/portal.coffee
index 88d257170..9bcdd3226 100644
--- a/lemonldap-ng-portal/site/coffee/portal.coffee
+++ b/lemonldap-ng-portal/site/coffee/portal.coffee
@@ -529,3 +529,7 @@ $(window).on 'load', () ->
 			$("#show-hide-icon-button").addClass 'fa-eye'
 
 	#$('#formpass').on 'submit', changePwd
+
+	if window.location.href.match /\/finduser/
+		console.log 'Set Portal URL: ' + portal
+		window.history.pushState({page: 'Portal'}, 'Portal', portal)
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
index f8da288b0..673117ac5 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
@@ -548,7 +548,7 @@ LemonLDAP::NG Portal jQuery scripts
     $('.oidcConsent').on('click', function() {
       return removeOidcConsent($(this).attr('partner'));
     });
-    return $('#show-hide-button').on('click', function() {
+    $('#show-hide-button').on('click', function() {
       if ($("#newpassword").attr('type') === 'password') {
         console.log('Show passwords');
         $("#newpassword").attr('type', 'input');
@@ -563,6 +563,12 @@ LemonLDAP::NG Portal jQuery scripts
         return $("#show-hide-icon-button").addClass('fa-eye');
       }
     });
+    if (window.location.href.match(/\/finduser/)) {
+      console.log('Set Portal URL: ' + portal);
+      return window.history.pushState({
+        page: 'Portal'
+      }, 'Portal', portal);
+    }
   });
 
 }).call(this);
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
index 2f625932a..3e4a92987 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
@@ -1,2 +1 @@
-(function(){var e,a,t,n,o,s,i,r,c,l,d,p,u,g,f,h=[].indexOf||function(e){for(var a=0,t=this.length;a div.category",update:function(){return d()}}),r(),$("div.message").fadeIn("slow"),$("input[name=timezone]").val(-(new Date).getTimezoneOffset()/60),G=$("#menu").tabs({active:0}),A=$('#menu a[href="#'+e.displaytab+'"]').parent().index(),A<0&&(A=0),G.tabs("option","active",A),f=$("#authMenu").tabs({active:0}),p=$('#authMenu a[href="#'+e.displaytab+'"]').parent().index(),p<0&&(p=0),f.tabs("option","active",p),e.choicetab&&f.tabs("option","active",$('#authMenu a[href="#'+e.choicetab+'"]').parent().index()),e.login?$("input[type=password]:first").focus():0===$("input[autofocus]").length&&$("input[type!=hidden]:first").focus(),e.newwindow&&$("#appslist a").attr("target","_blank"),$("p.removeOther").length&&(a=$("#form").attr("action"),I=$("#form").attr("method"),console.log("method=",I),v="",$("#form input[type=hidden]")&&(console.log("Parse hidden values"),$("#form input[type=hidden]").each(function(e){return console.log(" ->",$(this).attr("name"),$(this).val()),v+="&"+$(this).attr("name")+"="+$(this).val()})),w="",a&&(console.log("action=",a),-1!==a.indexOf("?")?a.substring(0,a.indexOf("?")):w=a+"?",w+=v,v=""),P=$("p.removeOther a").attr("href")+"&method="+I+v,w&&(P+="&url="+btoa(w)),$("p.removeOther a").attr("href",P)),window.location.search&&(N=n("llnglanguage"),N&&console.log("Get lang from parameter"),1===(Z=n("setCookieLang"))&&console.log("Set lang cookie")),x||(x=t("llnglanguage"))&&!N&&console.log("Get lang from cookie"),x)h.call(window.availableLanguages,x)<0&&(x=window.availableLanguages[0],N||console.log("Lang not available -> Get default lang"));else if(navigator){for(O=[],L=[],_=[navigator.language],navigator.languages&&(_=navigator.languages),V=window.availableLanguages,k=0,T=V.length;k ';for(z=0,j=_.length;z Get default lang"),N=window.availableLanguages[0]),console.log("Selected lang ->",N),Z&&(console.log("Set cookie lang ->",N),c("llnglanguage",N)),g(N)):(console.log("Selected lang ->",x),c("llnglanguage",x),g(x)),C="",H=window.availableLanguages,M=0,S=H.length;M ';return $("#languages").html(C),$(".langicon").on("click",function(){return x=$(this).attr("title"),c("llnglanguage",x),g(x)}),b=function(e){var a;return(a=e.charCodeAt(0))>47&&a<58||a>64&&a<91||a>96&&a<123},m=function(e){var a,t,n,o,s,i,r,c,l;if(c=!0,window.datas.ppolicy.minsize>0&&(e.length>=window.datas.ppolicy.minsize?($("#ppolicy-minsize-feedback").addClass("fa-check text-success"),$("#ppolicy-minsize-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minsize-feedback").removeClass("fa-check text-success"),$("#ppolicy-minsize-feedback").addClass("fa-times text-danger"),c=!1)),window.datas.ppolicy.minupper>0&&(l=e.match(/[A-Z]/g),l&&l.length>=window.datas.ppolicy.minupper?($("#ppolicy-minupper-feedback").addClass("fa-check text-success"),$("#ppolicy-minupper-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minupper-feedback").removeClass("fa-check text-success"),$("#ppolicy-minupper-feedback").addClass("fa-times text-danger"),c=!1)),window.datas.ppolicy.minlower>0&&(s=e.match(/[a-z]/g),s&&s.length>=window.datas.ppolicy.minlower?($("#ppolicy-minlower-feedback").addClass("fa-check text-success"),$("#ppolicy-minlower-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minlower-feedback").removeClass("fa-check text-success"),$("#ppolicy-minlower-feedback").addClass("fa-times text-danger"),c=!1)),window.datas.ppolicy.mindigit>0&&(a=e.match(/[0-9]/g),a&&a.length>=window.datas.ppolicy.mindigit?($("#ppolicy-mindigit-feedback").addClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").removeClass("fa-times text-danger")):($("#ppolicy-mindigit-feedback").removeClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").addClass("fa-times text-danger"),c=!1)),window.datas.ppolicy.allowedspechar){for(i=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),t=!1,n=0,o=e.length;n0&&window.datas.ppolicy.allowedspechar){for(r=0,i=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),n=0;n=0&&r++,n++;r>=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),c=!1)}if(window.datas.ppolicy.minspechar>0&&!window.datas.ppolicy.allowedspechar){for(r=0,n=0;n=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),c=!1)}c?($(".ppolicy").removeClass("border-danger").addClass("border-success"),$("#newpassword")[0].setCustomValidity("")):($(".ppolicy").removeClass("border-success").addClass("border-danger"),$("#newpassword")[0].setCustomValidity(u("PE28")))},null!=window.datas.ppolicy&&$("#newpassword").length&&(m(""),$("#newpassword").keyup(function(e){m(e.target.value)})),y=function(){return $("#confirmpassword")[0].value===$("#newpassword")[0].value?($("#confirmpassword")[0].setCustomValidity(""),!0):($("#confirmpassword")[0].setCustomValidity(u("PE34")),!1)},$("#newpassword").change(y),$("#confirmpassword").change(y),e.pingInterval&&e.pingInterval>0&&window.setTimeout(s,e.pingInterval),$(".localeDate").each(function(){var e;return e=new Date(1e3*$(this).attr("val")),$(this).text(e.toLocaleString())}),$(".oidcConsent").on("click",function(){return i($(this).attr("partner"))}),$("#show-hide-button").on("click",function(){return"password"===$("#newpassword").attr("type")?(console.log("Show passwords"),$("#newpassword").attr("type","input"),$("#confirmpassword").attr("type","input"),$("#show-hide-icon-button").removeClass("fa-eye"),$("#show-hide-icon-button").addClass("fa-eye-slash")):(console.log("Hide passwords"),$("#newpassword").attr("type","password"),$("#confirmpassword").attr("type","password"),$("#show-hide-icon-button").removeClass("fa-eye-slash"),$("#show-hide-icon-button").addClass("fa-eye"))})})}).call(this);
-//# sourceMappingURL=portal.min.js.map
\ No newline at end of file
+(function(){var G,a,I,D,R,U,_,M,N,e,V,g,J,H,i,Z=[].indexOf||function(e){for(var a=0,t=this.length;a div.category",update:function(){return V()}}),M(),$("div.message").fadeIn("slow"),$("input[name=timezone]").val(-(new Date).getTimezoneOffset()/60),k=$("#menu").tabs({active:0}),(b=$('#menu a[href="#'+G.displaytab+'"]').parent().index())<0&&(b=0),k.tabs("option","active",b),n=$("#authMenu").tabs({active:0}),(t=$('#authMenu a[href="#'+G.displaytab+'"]').parent().index())<0&&(t=0),n.tabs("option","active",t),G.choicetab&&n.tabs("option","active",$('#authMenu a[href="#'+G.choicetab+'"]').parent().index()),G.login?$("input[type=password]:first").focus():0===$("input[autofocus]").length&&$("input[type!=hidden]:first").focus(),G.newwindow&&$("#appslist a").attr("target","_blank"),$("p.removeOther").length&&(e=$("#form").attr("action"),x=$("#form").attr("method"),console.log("method=",x),r="",$("#form input[type=hidden]")&&(console.log("Parse hidden values"),$("#form input[type=hidden]").each(function(e){return console.log(" ->",$(this).attr("name"),$(this).val()),r+="&"+$(this).attr("name")+"="+$(this).val()})),o="",e&&(console.log("action=",e),-1!==e.indexOf("?")?e.substring(0,e.indexOf("?")):o=e+"?",o+=r,r=""),y=$("p.removeOther a").attr("href")+"&method="+x+r,o&&(y+="&url="+btoa(o)),$("p.removeOther a").attr("href",y)),window.location.search&&((P=D("llnglanguage"))&&console.log("Get lang from parameter"),1===(A=D("setCookieLang"))&&console.log("Set lang cookie")),c||(c=I("llnglanguage"))&&!P&&console.log("Get lang from cookie"),c)Z.call(window.availableLanguages,c)<0&&(c=window.availableLanguages[0],P||console.log("Lang not available -> Get default lang"));else if(navigator){for(u=[],g=[],O=[navigator.language],navigator.languages&&(O=navigator.languages),l=0,f=(j=window.availableLanguages).length;l ';for(v=0,h=O.length;v Get default lang"),P=window.availableLanguages[0]),console.log("Selected lang ->",P),A&&(console.log("Set cookie lang ->",P),N("llnglanguage",P)),H(P)):(console.log("Selected lang ->",c),N("llnglanguage",c),H(c)),p="",T=0,m=(z=window.availableLanguages).length;T ';if($("#languages").html(p),$(".langicon").on("click",function(){return c=$(this).attr("title"),N("llnglanguage",c),H(c)}),d=function(e){var a;return 47<(a=e.charCodeAt(0))&&a<58||64=window.datas.ppolicy.minsize?($("#ppolicy-minsize-feedback").addClass("fa-check text-success"),$("#ppolicy-minsize-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minsize-feedback").removeClass("fa-check text-success"),$("#ppolicy-minsize-feedback").addClass("fa-times text-danger"),l=!1)),0=window.datas.ppolicy.minupper?($("#ppolicy-minupper-feedback").addClass("fa-check text-success"),$("#ppolicy-minupper-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minupper-feedback").removeClass("fa-check text-success"),$("#ppolicy-minupper-feedback").addClass("fa-times text-danger"),l=!1)),0=window.datas.ppolicy.minlower?($("#ppolicy-minlower-feedback").addClass("fa-check text-success"),$("#ppolicy-minlower-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minlower-feedback").removeClass("fa-check text-success"),$("#ppolicy-minlower-feedback").addClass("fa-times text-danger"),l=!1)),0=window.datas.ppolicy.mindigit?($("#ppolicy-mindigit-feedback").addClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").removeClass("fa-times text-danger")):($("#ppolicy-mindigit-feedback").removeClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").addClass("fa-times text-danger"),l=!1)),window.datas.ppolicy.allowedspechar){for(i=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),t=!1,n=0,o=e.length;n=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),l=!1)}if(0=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),l=!1)}l?($(".ppolicy").removeClass("border-danger").addClass("border-success"),$("#newpassword")[0].setCustomValidity("")):($(".ppolicy").removeClass("border-success").addClass("border-danger"),$("#newpassword")[0].setCustomValidity(J("PE28")))},null!=window.datas.ppolicy&&$("#newpassword").length&&(s(""),$("#newpassword").keyup(function(e){s(e.target.value)})),i=function(){return $("#confirmpassword")[0].value===$("#newpassword")[0].value?($("#confirmpassword")[0].setCustomValidity(""),!0):($("#confirmpassword")[0].setCustomValidity(J("PE34")),!1)},$("#newpassword").change(i),$("#confirmpassword").change(i),G.pingInterval&&0
   

   

-