Variables can be used in rules and headers. All rules are concerned:

Access rule in virtual host
SAML IDP preselection
Session opening
…

Variables are stored in the user session. We can distinguish several kind of variables:

internal variables, managed by LemonLDAP::NG
exported variables collected from UserDB backend
macro and groups

When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if uid variable match coudot :

$uid =~ /^coudot$/

You can inspect a user session with the sessions explorer (in Manager)

Below are documented internal variables.

Register what module was used for authentication, user data, password, …

Key	Description
_auth	Authentication module
_userDB	User module
_passwordDB	Password module
_issuerDB	Issuer module (can be multivalued)
_authChoice	Choice done if authentication choice was used

Data concerning the first connection to the portal

Key	Description
ipAddr	IP of the user (can be the X Forwarded For IP if trusted proxies are configured)
_timezone	Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used)
_url	URL used before being redirected to the portal (empty if portal was used as entry point)

Data around the authentication process.

Key	Description
_session_id	Session identifier (carried in cookie)
_user	User found from login process
_password	Password found from login process (only if password store in session is configured)
authenticationLevel	Authentication level

Key	Description
_utime	Timestamp of session creation
startTime	Date of session creation
updateTime	Date of session last modification
_lastAuthnUTime	Timestamp of last authentication time

Data related to SAML protocol

Key	Description
_idp	Name of IDP used for authentication
_idpConfKey	Configuration key of IDP used for authentication
_samlToken	SAML token
_lassoSessionDump	Lasso session dump
_lassoIdentityDump	Lasso identity dump

Key	Description
_notification_id	Date of validation of the notification id

Key	Description
loginHistory	HASH of login success and failures

Only with UserDB LDAP.

Key	Description
dn	Distinguished name

Key	Description
_openid_id	Consent to share attribute id trough OpenID

Key	Description
appsListOrder	Order of categories in the menu

Variables

Presentation

Modules

Connection

Authentication

Dates

SAML

Notifications

Login history

LDAP

OpenID

Other