Key name | Documentation | Portal | Handler | Manager | ini file only |
ADPwdExpireWarning | AD password expire warning | ✔ | | | |
ADPwdMaxAge | AD password max age | ✔ | | | |
AuthLDAPFilter | LDAP filter for auth search | ✔ | | | |
LDAPFilter | Default LDAP filter | ✔ | | | |
SMTPAuthPass | Password to use to send mails | ✔ | | | |
SMTPAuthUser | Login to use to send mails | ✔ | | | |
SMTPPort | Fix SMTP port | ✔ | | | |
SMTPServer | SMTP Server | ✔ | | | |
SMTPTLS | TLS protocol to use with SMTP | ✔ | | | |
SMTPTLSOpts | TLS/SSL options for SMTP | ✔ | | | |
SSLAuthnLevel | SSL authentication level | ✔ | | | |
SSLVar | | ✔ | | | |
SSLVarIf | | ✔ | | | |
activeTimer | Enable timers on portal pages | ✔ | | | |
apacheAuthnLevel | Apache authentication level | ✔ | | | |
applicationList | Applications list | ✔ | | | |
authChoiceModules | Hash list of Choice strings | ✔ | | | |
authChoiceParam | Applications list | ✔ | | | |
authentication | Authentication module | ✔ | | | |
autoSigninRules | List of auto signin rules | ✔ | | | |
available2F | Available second factor modules | ✔ | | | ✔ |
available2FSelfRegistration | Available self-registration modules for second factor | ✔ | | | ✔ |
captcha_login_enabled | Captcha on login page | ✔ | | | |
captcha_mail_enabled | Captcha on password reset page | ✔ | | | |
captcha_register_enabled | Captcha on account creation page | ✔ | | | |
captcha_size | Captcha size | ✔ | | | |
casAccessControlPolicy | CAS access control policy | ✔ | | | |
casAppMetaDataOptions | Root of CAS app options | ✔ | | | [1] |
casAttr | Pivot attribute for CAS | ✔ | | | |
casAttributes | CAS exported attributes | ✔ | | | |
casAuthnLevel | CAS authentication level | ✔ | | | |
casSrvMetaDataOptions | Root of CAS server options | ✔ | | | [1] |
casStorage | Apache::Session module to store CAS user data | ✔ | | | |
casStorageOptions | Apache::Session module parameters | ✔ | | | |
cda | Enable Cross Domain Authentication | ✔ | ✔ | | |
cfgAuthor | Name of the author of the current configuration | ✔ | | | ✔ |
cfgAuthorIP | Uploader IP address of the current configuration | ✔ | | | ✔ |
cfgDate | Timestamp of the current configuration | ✔ | | | ✔ |
cfgLog | Configuration update log | ✔ | | | ✔ |
cfgNum | Enable Cross Domain Authentication | ✔ | | | ✔ |
cfgVersion | Version of LLNG which build configuration | ✔ | | | ✔ |
checkState | Enable CheckState plugin | ✔ | | | |
checkStateSecret | Secret token for CheckState plugin | ✔ | | | |
checkTime | Timeout to check new configuration in local cache | ✔ | ✔ | | ✔ |
checkXSS | Check XSS | ✔ | | | |
combModules | Combination module description | ✔ | | | |
combination | Combination rule | ✔ | | | |
configStorage | Configuration storage | ✔ | ✔ | ✔ | ✔ |
confirmFormMethod | HTTP method for confirm page form | ✔ | | | |
cookieExpiration | Cookie expiration | ✔ | ✔ | | |
cookieName | Name of the main cookie | ✔ | ✔ | | |
cspConnect | Authorizated Ajax destination for Content-Security-Policy | ✔ | | | |
cspDefault | Default value for Content-Security-Policy | ✔ | | | |
cspFont | Font source for Content-Security-Policy | ✔ | | | |
cspImg | Image source for Content-Security-Policy | ✔ | | | |
cspScript | Javascript source for Content-Security-Policy | ✔ | | | |
cspStyle | Style source for Content-Security-Policy | ✔ | | | |
customAddParams | Custom additional parameters | ✔ | | | |
customAuth | Custom auth module | ✔ | | | |
customFunctions | List of custom functions | ✔ | ✔ | ✔ | |
customPassword | Custom password module | ✔ | | | |
customRegister | Custom register module | ✔ | | | |
customUserDB | Custom user DB module | ✔ | | | |
dbiAuthChain | | ✔ | | | |
dbiAuthLoginCol | | ✔ | | | |
dbiAuthPassword | | ✔ | | | |
dbiAuthPasswordCol | | ✔ | | | |
dbiAuthPasswordHash | | ✔ | | | |
dbiAuthTable | | ✔ | | | |
dbiAuthUser | | ✔ | | | |
dbiAuthnLevel | DBI authentication level | ✔ | | | |
dbiDynamicHashEnabled | | ✔ | | | |
dbiDynamicHashNewPasswordScheme | | ✔ | | | |
dbiDynamicHashValidSaltedSchemes | | ✔ | | | |
dbiDynamicHashValidSchemes | | ✔ | | | |
dbiExportedVars | DBI exported variables | ✔ | | | |
dbiPasswordMailCol | | ✔ | | | |
dbiUserChain | | ✔ | | | |
dbiUserPassword | | ✔ | | | |
dbiUserTable | | ✔ | | | |
dbiUserUser | | ✔ | | | |
demoExportedVars | Demo exported variables | ✔ | | | |
domain | DNS domain | ✔ | ✔ | | |
exportedAttr | List of attributes to export by SOAP or REST servers | ✔ | | | |
exportedVars | Main exported variables | ✔ | | | |
ext2FSendCommand | Send command of External second factor | ✔ | | | |
ext2FValidateCommand | Validation command of External second factor | ✔ | | | |
ext2fActivation | External second factor activation | ✔ | | | |
ext2fAuthnLevel | Authentication level for users authentified by External second factor | ✔ | | | |
ext2fLogo | Custom logo for External 2F | ✔ | | | |
facebookAppId | | ✔ | | | |
facebookAppSecret | | ✔ | | | |
facebookAuthnLevel | Facebook authentication level | ✔ | | | |
facebookExportedVars | Facebook exported variables | ✔ | | | |
failedLoginNumber | Number of failures stored in login history | ✔ | | | |
formTimeout | Token timeout for forms | ✔ | | | |
globalStorage | Session backend module | ✔ | ✔ | | |
globalStorageOptions | Session backend module options | ✔ | ✔ | | |
grantSessionRules | Rules to grant sessions | ✔ | | | |
groups | Groups | ✔ | | | |
hiddenAttributes | Name of attributes to hide in logs | ✔ | | | |
hideOldPassword | Hide old password in portal | ✔ | | | |
httpOnly | Enable httpOnly flag in cookie | ✔ | ✔ | | |
https | Use HTTPS for redirection from portal | | ✔ | | |
infoFormMethod | HTTP method for info page form | ✔ | | | |
issuerDBCASActivation | CAS server activation | ✔ | | | |
issuerDBCASPath | CAS server request path | ✔ | | | |
issuerDBCASRule | CAS server rule | ✔ | | | |
issuerDBGetActivation | Get issuer activation | ✔ | | | |
issuerDBGetParameters | List of virtualHosts with their get parameters | ✔ | | | |
issuerDBGetPath | Get issuer request path | ✔ | | | |
issuerDBGetRule | Get issuer rule | ✔ | | | |
issuerDBOpenIDActivation | OpenID server activation | ✔ | | | |
issuerDBOpenIDConnectActivation | OpenID Connect server activation | ✔ | | | |
issuerDBOpenIDConnectPath | OpenID Connect server request path | ✔ | | | |
issuerDBOpenIDConnectRule | OpenID Connect server rule | ✔ | | | |
issuerDBOpenIDPath | OpenID server request path | ✔ | | | |
issuerDBOpenIDRule | OpenID server rule | ✔ | | | |
issuerDBSAMLActivation | SAML IDP activation | ✔ | | | |
issuerDBSAMLPath | SAML IDP request path | ✔ | | | |
issuerDBSAMLRule | SAML IDP rule | ✔ | | | |
jsRedirect | Use javascript for redirections | ✔ | | | |
key | Secret key | ✔ | | | |
krbAuthnLevel | Null authentication level | ✔ | | | |
krbByJs | Launch Kerberos authentication by Ajax | ✔ | | | |
krbKeytab | Kerberos keytab | ✔ | | | |
krbRemoveDomain | Remove domain in Kerberos username | ✔ | | | |
ldapAllowResetExpiredPassword | Allow a user to reset his expired password | ✔ | | | |
ldapAuthnLevel | LDAP authentication level | ✔ | | | |
ldapBase | LDAP search base | ✔ | | | |
ldapChangePasswordAsUser | | ✔ | | | |
ldapExportedVars | LDAP exported variables | ✔ | | | |
ldapGroupAttributeName | LDAP attribute name for member in groups | ✔ | | | |
ldapGroupAttributeNameGroup | LDAP attribute name in group entry referenced as member in groups | ✔ | | | |
ldapGroupAttributeNameSearch | LDAP attributes to search in groups | ✔ | | | |
ldapGroupAttributeNameUser | LDAP attribute name in user entry referenced as member in groups | ✔ | | | |
ldapGroupBase | | ✔ | | | |
ldapGroupObjectClass | LDAP object class of groups | ✔ | | | |
ldapGroupRecursive | LDAP recursive search in groups | ✔ | | | |
ldapPasswordResetAttribute | LDAP password reset attribute | ✔ | | | |
ldapPasswordResetAttributeValue | LDAP password reset value | ✔ | | | |
ldapPort | LDAP port | ✔ | | | |
ldapPpolicyControl | | ✔ | | | |
ldapPwdEnc | LDAP password encoding | ✔ | | | |
ldapRaw | | ✔ | | | |
ldapSearchDeref | “deref” param of Net::LDAP::search() | ✔ | | | |
ldapServer | LDAP server (host or URI) | ✔ | | | |
ldapSetPassword | | ✔ | | | |
ldapTimeout | LDAP connection timeout | ✔ | | | |
ldapUsePasswordResetAttribute | LDAP store reset flag in an attribute | ✔ | | | |
ldapVersion | LDAP protocol version | ✔ | | | |
linkedInAuthnLevel | LinkedIn authentication level | ✔ | | | |
linkedInClientID | | ✔ | | | |
linkedInClientSecret | | ✔ | | | |
linkedInFields | | ✔ | | | |
linkedInScope | | ✔ | | | |
linkedInUserField | | ✔ | | | |
localSessionStorage | Local sessions cache module | ✔ | | | |
localSessionStorageOptions | Sessions cache module options | ✔ | | | |
localStorage | Local cache | ✔ | ✔ | ✔ | ✔ |
localStorageOptions | Local cache parameters | ✔ | ✔ | ✔ | ✔ |
log4perlConfFile | Log4Perl logger configuration file | ✔ | ✔ | ✔ | ✔ |
logLevel | Log level, must be set in .ini | ✔ | ✔ | ✔ | ✔ |
logger | technical logger | ✔ | ✔ | ✔ | ✔ |
loginHistoryEnabled | Enable login history | ✔ | | | |
logoutServices | Send logout trough GET request to these services | ✔ | | | |
lwpOpts | Options given to LWP::UserAgent | ✔ | | | |
lwpSslOpts | SSL options given to LWP::UserAgent | ✔ | | | |
macros | Macros | ✔ | | | |
mailBody | Custom mail body | ✔ | | | |
mailCharset | Mail charset | ✔ | | | |
mailConfirmBody | Custom confirm mail body | ✔ | | | |
mailConfirmSubject | Mail subject for reset confirmation | ✔ | | | |
mailFrom | Sender email | ✔ | | | |
mailLDAPFilter | LDAP filter for mail search | ✔ | | | |
mailOnPasswordChange | Send a mail when password is changed | ✔ | | | |
mailReplyTo | Reply-To address | ✔ | | | |
mailSessionKey | Session parameter where mail is stored | ✔ | | | |
mailSubject | Mail subject for new password email | ✔ | | | |
mailTimeout | Mail session timeout | ✔ | | | |
mailUrl | URL of password reset page | ✔ | | | |
maintenance | Maintenance mode for all virtual hosts | | ✔ | | |
managerDn | LDAP manager DN | ✔ | | | |
managerPassword | LDAP manager Password | ✔ | | | |
max2FDevices | Maximum registered 2F devices | ✔ | | | ✔ |
max2FDevicesNameLength | Maximum 2F devices name length | ✔ | | | ✔ |
multiValuesSeparator | Separator for multiple values | ✔ | ✔ | ✔ | |
mySessionAuthorizedRWKeys | Alterable session keys by user itself | ✔ | | | ✔ |
nginxCustomHandlers | Custom Nginx handler (deprecated) | ✔ | | | |
noAjaxHook | Avoid replacing 302 by 401 for Ajax responses | ✔ | | | |
notification | Notification activation | ✔ | | | |
notificationServer | Notification server activation | ✔ | | | |
notificationStorage | Notification backend | ✔ | | | |
notificationStorageOptions | Notification backend options | ✔ | | | |
notificationWildcard | Notification string to match all users | ✔ | | | |
notificationXSLTfile | Custom XSLT document for notifications | ✔ | | | |
notifyDeleted | Show deleted sessions in portal | ✔ | | | |
notifyOther | Show other sessions in portal | ✔ | | | |
nullAuthnLevel | Null authentication level | ✔ | | | |
oidcAuthnLevel | OpenID Connect authentication level | ✔ | | | |
oidcOPMetaDataOptions | | ✔ | | | [1] |
oidcRPCallbackGetParam | OpenID Connect Callback GET URLparameter | ✔ | | | |
oidcRPMetaDataOptions | | ✔ | | | [1] |
oidcRPStateTimeout | OpenID Connect Timeout of state sessions | ✔ | | | |
oidcServiceAllowAuthorizationCodeFlow | OpenID Connect allow authorization code flow | ✔ | | | |
oidcServiceAllowDynamicRegistration | OpenID Connect allow dynamic client registration | ✔ | | | |
oidcServiceAllowHybridFlow | OpenID Connect allow hybrid flow | ✔ | | | |
oidcServiceAllowImplicitFlow | OpenID Connect allow implicit flow | ✔ | | | |
oidcServiceKeyIdSig | OpenID Connect Signature Key ID | ✔ | | | |
oidcServiceMetaDataAuthnContext | OpenID Connect Authentication Context Class Ref | ✔ | | | |
oidcServiceMetaDataAuthorizeURI | OpenID Connect authorizaton endpoint | ✔ | | | |
oidcServiceMetaDataBackChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ | | | |
oidcServiceMetaDataCheckSessionURI | OpenID Connect check session iframe | ✔ | | | |
oidcServiceMetaDataEndSessionURI | OpenID Connect end session endpoint | ✔ | | | |
oidcServiceMetaDataFrontChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ | | | |
oidcServiceMetaDataIssuer | OpenID Connect issuer | ✔ | | | |
oidcServiceMetaDataJWKSURI | OpenID Connect JWKS endpoint | ✔ | | | |
oidcServiceMetaDataRegistrationURI | OpenID Connect registration endpoint | ✔ | | | |
oidcServiceMetaDataTokenURI | OpenID Connect token endpoint | ✔ | | | |
oidcServiceMetaDataUserInfoURI | OpenID Connect user info endpoint | ✔ | | | |
oidcServicePrivateKeySig | | ✔ | | | |
oidcServicePublicKeySig | | ✔ | | | |
oidcStorage | Apache::Session module to store OIDC user data | ✔ | | | |
oidcStorageOptions | Apache::Session module parameters | ✔ | | | |
oldNotifFormat | Use old XML format for notifications | ✔ | | | |
openIdAttr | | ✔ | | | |
openIdAuthnLevel | OpenID authentication level | ✔ | | | |
openIdExportedVars | OpenID exported variables | ✔ | | | |
openIdIDPList | | ✔ | | | |
openIdIssuerSecret | | ✔ | | | |
openIdSPList | | ✔ | | | |
openIdSecret | | ✔ | | | |
openIdSreg_country | | ✔ | | | |
openIdSreg_dob | | ✔ | | | |
openIdSreg_email | OpenID SREG email session parameter | ✔ | | | |
openIdSreg_fullname | OpenID SREG fullname session parameter | ✔ | | | |
openIdSreg_gender | | ✔ | | | |
openIdSreg_language | | ✔ | | | |
openIdSreg_nickname | OpenID SREG nickname session parameter | ✔ | | | |
openIdSreg_postcode | | ✔ | | | |
openIdSreg_timezone | OpenID SREG timezone session parameter | ✔ | | | |
pamAuthnLevel | PAM authentication level | ✔ | | | |
pamService | PAM service | ✔ | | | |
passwordDB | Password module | ✔ | | | |
persistentStorage | Storage module for persistent sessions | ✔ | | | |
persistentStorageOptions | Options for persistent sessions storage module | ✔ | | | |
port | Force port in redirection | | ✔ | | |
portal | Portal URL | ✔ | ✔ | ✔ | |
portalAntiFrame | Avoid portal to be displayed inside frames | ✔ | | | |
portalCheckLogins | Display login history checkbox in portal | ✔ | | | |
portalDisplayAppslist | Display applications tab in portal | ✔ | | | |
portalDisplayChangePassword | Display password tab in portal | ✔ | | | |
portalDisplayLoginHistory | Display login history tab in portal | ✔ | | | |
portalDisplayLogout | Display logout tab in portal | ✔ | | | |
portalDisplayOidcConsents | Display OIDC consent tab in portal | ✔ | | | |
portalDisplayRegister | Display register button in portal | ✔ | | | |
portalDisplayResetPassword | Display reset password button in portal | ✔ | | | |
portalErrorOnExpiredSession | Show error if session is expired | ✔ | | | |
portalErrorOnMailNotFound | Show error if mail is not found in password reset process | ✔ | | | |
portalForceAuthnInterval | Minimum number of seconds since last authentifcation to force reauthentication | ✔ | | | |
portalOpenLinkInNewWindow | Open applications in new windows | ✔ | | | |
portalPingInterval | Interval in ms between portal Ajax pings | ✔ | | | |
portalRequireOldPassword | Old password is required to change the password | ✔ | | | |
portalSkin | Name of portal skin | ✔ | | | |
portalSkinBackground | Background image of portal skin | ✔ | | | |
portalSkinRules | Rules to choose portal skin | ✔ | | | |
portalStatus | Enable portal status | ✔ | | | |
portalUserAttr | Session parameter to display connected user in portal | ✔ | | | |
protection | Manager protection method | | ✔ | ✔ | ✔ |
proxyAuthService | | ✔ | | | |
proxyAuthnLevel | Proxy authentication level | ✔ | | | |
proxySessionService | | ✔ | | | |
proxyUseSoap | Use SOAP instead of REST | ✔ | | | |
radiusAuthnLevel | Radius authentication level | ✔ | | | |
radiusSecret | | ✔ | | | |
radiusServer | | ✔ | | | |
randomPasswordRegexp | Regular expression to create a random password | ✔ | | | |
redirectFormMethod | HTTP method for redirect page form | ✔ | | | |
registerConfirmSubject | Mail subject for register confirmation | ✔ | | | |
registerDB | Register module | ✔ | | | |
registerDoneSubject | Mail subject when register is done | ✔ | | | |
registerTimeout | Register session timeout | ✔ | | | |
registerUrl | URL of register page | ✔ | | | |
reloadUrls | URL to call on reload | ✔ | | | |
remoteCookieName | | ✔ | | | |
remoteGlobalStorage | Remote session backend | ✔ | | | |
remoteGlobalStorageOptions | Apache::Session module parameters | ✔ | | | |
remotePortal | | ✔ | | | |
requireToken | Enable token for forms | ✔ | | | |
rest2fActivation | REST second factor activation | ✔ | | | |
rest2fAuthnLevel | Authentication level for users authentified by REST second factor | ✔ | | | |
rest2fInitArgs | Args for REST 2F init | ✔ | | | |
rest2fInitUrl | REST 2F init URL | ✔ | | | |
rest2fLogo | Custom logo for REST 2F | ✔ | | | |
rest2fVerifyArgs | Args for REST 2F init | ✔ | | | |
rest2fVerifyUrl | REST 2F init URL | ✔ | | | |
restAuthUrl | | ✔ | | | |
restConfigServer | Enable REST config server | ✔ | | | |
restPwdConfirmUrl | | ✔ | | | |
restPwdModifyUrl | | ✔ | | | |
restSessionServer | Enable REST session server | ✔ | | | |
restUserDBUrl | | ✔ | | | |
samlAttributeAuthorityDescriptorAttributeServiceSOAP | SAML Attribute Authority SOAP | ✔ | | | |
samlAuthnContextMapKerberos | SAML authn context kerberos level | ✔ | | | |
samlAuthnContextMapPassword | SAML authn context password level | ✔ | | | |
samlAuthnContextMapPasswordProtectedTransport | SAML authn context password protected transport level | ✔ | | | |
samlAuthnContextMapTLSClient | SAML authn context TLS client level | ✔ | | | |
samlCommonDomainCookieActivation | SAML CDC activation | ✔ | | | |
samlCommonDomainCookieDomain | | ✔ | | | |
samlCommonDomainCookieReader | | ✔ | | | |
samlCommonDomainCookieWriter | | ✔ | | | |
samlEntityID | SAML service entityID | ✔ | | | |
samlIDPMetaDataOptions | | ✔ | | | [1] |
samlIDPSSODescriptorArtifactResolutionServiceArtifact | SAML IDP artifact resolution service | ✔ | | | |
samlIDPSSODescriptorSingleLogoutServiceHTTPPost | SAML IDP SLO HTTP POST | ✔ | | | |
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect | SAML IDP SLO HTTP Redirect | ✔ | | | |
samlIDPSSODescriptorSingleLogoutServiceSOAP | SAML IDP SLO SOAP | ✔ | | | |
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact | SAML IDP SSO HTTP Artifact | ✔ | | | |
samlIDPSSODescriptorSingleSignOnServiceHTTPPost | SAML IDP SSO HTTP POST | ✔ | | | |
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect | SAML IDP SSO HTTP Redirect | ✔ | | | |
samlIDPSSODescriptorWantAuthnRequestsSigned | SAML IDP want authn request signed | ✔ | | | |
samlIdPResolveCookie | SAML IDP resolution cookie | ✔ | | | |
samlMetadataForceUTF8 | SAML force metadata UTF8 conversion | ✔ | | | |
samlNameIDFormatMapEmail | SAML session parameter for NameID email | ✔ | | | |
samlNameIDFormatMapKerberos | SAML session parameter for NameID kerberos | ✔ | | | |
samlNameIDFormatMapWindows | SAML session parameter for NameID windows | ✔ | | | |
samlNameIDFormatMapX509 | SAML session parameter for NameID x509 | ✔ | | | |
samlOrganizationDisplayName | SAML service organization display name | ✔ | | | |
samlOrganizationName | SAML service organization name | ✔ | | | |
samlOrganizationURL | SAML service organization URL | ✔ | | | |
samlRelayStateTimeout | SAML timeout of relay state | ✔ | | | |
samlSPMetaDataOptions | | ✔ | | | [1] |
samlSPSSODescriptorArtifactResolutionServiceArtifact | SAML SP artifact resolution service | ✔ | | | |
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact | SAML SP ACS HTTP artifact | ✔ | | | |
samlSPSSODescriptorAssertionConsumerServiceHTTPPost | SAML SP ACS HTTP POST | ✔ | | | |
samlSPSSODescriptorAuthnRequestsSigned | SAML SP AuthnRequestsSigned | ✔ | | | |
samlSPSSODescriptorSingleLogoutServiceHTTPPost | SAML SP SLO HTTP POST | ✔ | | | |
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect | SAML SP SLO HTTP Redirect | ✔ | | | |
samlSPSSODescriptorSingleLogoutServiceSOAP | SAML SP SLO SOAP | ✔ | | | |
samlSPSSODescriptorWantAssertionsSigned | SAML SP WantAssertionsSigned | ✔ | | | |
samlServicePrivateKeyEnc | SAML encryption private key | ✔ | | | |
samlServicePrivateKeyEncPwd | | ✔ | | | |
samlServicePrivateKeySig | SAML signature private key | ✔ | | | |
samlServicePrivateKeySigPwd | SAML signature private key password | ✔ | | | |
samlServicePublicKeyEnc | SAML encryption public key | ✔ | | | |
samlServicePublicKeySig | SAML signature public key | ✔ | | | |
samlServiceSignatureMethod | | ✔ | | | |
samlServiceUseCertificateInResponse | Use certificate instead of public key in SAML responses | ✔ | | | |
samlStorage | Apache::Session module to store SAML user data | ✔ | | | |
samlStorageOptions | Apache::Session module parameters | ✔ | | | |
samlUseQueryStringSpecific | SAML use specific method for query_string | ✔ | | | |
secureTokenAllowOnError | Secure Token allow requests in error | | ✔ | | ✔ |
secureTokenAttribute | Secure Token attribute | | ✔ | | ✔ |
secureTokenExpiration | Secure Token expiration | | ✔ | | ✔ |
secureTokenHeader | Secure Token header | | ✔ | | ✔ |
secureTokenMemcachedServers | Secure Token Memcached servers | | ✔ | | ✔ |
secureTokenUrls | | | ✔ | | ✔ |
securedCookie | Cookie securisation method | ✔ | ✔ | | |
sentryDsn | Sentry logger DSN | ✔ | ✔ | ✔ | ✔ |
sessionDataToRemember | Data to remember in login history | ✔ | | | |
sfEngine | Second factor engine | ✔ | | | ✔ |
singleIP | Allow only one session per IP | ✔ | | | |
singleSession | Allow only one session per user | ✔ | | | |
singleSessionUserByIP | Allow only one session per user on an IP | ✔ | | | |
singleUserByIP | Allow only one user per IP | ✔ | | | |
skipRenewConfirmation | Avoid asking confirmation when an Issuer asks to renew auth | ✔ | | | |
slaveAuthnLevel | Slave authentication level | ✔ | | | |
slaveExportedVars | Slave exported variables | ✔ | | | |
slaveHeaderContent | | ✔ | | | |
slaveHeaderName | | ✔ | | | |
slaveMasterIP | | ✔ | | | |
slaveUserHeader | | ✔ | | | |
soapConfigServer | Enable SOAP config server | ✔ | | | |
soapSessionServer | Enable SOAP session server | ✔ | | | |
sslByAjax | Use Ajax request for SSL | ✔ | | | |
sslHost | URL for SSL Ajax request | ✔ | | | |
staticPrefix | Prefix of static files for HTML templates | ✔ | | | ✔ |
status | Status daemon activation | | ✔ | | ✔ |
stayConnected | Enable StayConnected plugin | ✔ | | | |
storePassword | Store password in session | ✔ | | | |
successLoginNumber | Number of success stored in login history | ✔ | | | |
syslogFacility | Syslog logger technical facility | ✔ | ✔ | ✔ | ✔ |
timeout | Session timeout on server side | ✔ | | | |
timeoutActivity | Session activity timeout on server side | ✔ | | | |
timeoutActivityInterval | Update session timeout interval on server side | ✔ | | | |
tokenUseGlobalStorage | Enable global token storage | ✔ | | | |
totp2fActivation | TOTP activation | ✔ | | | |
totp2fAuthnLevel | Authentication level for users authentified by password+TOTP | ✔ | | | |
totp2fDigits | Number of digits for TOTP code | ✔ | | | |
totp2fDisplayExistingSecret | Display existing TOTP secret in registration form | ✔ | | | |
totp2fInterval | TOTP interval | ✔ | | | |
totp2fIssuer | TOTP Issuer | ✔ | | | |
totp2fRange | TOTP range (number of interval to test) | ✔ | | | |
totp2fSelfRegistration | TOTP self registration activation | ✔ | | | |
totp2fUserCanChangeKey | Authorize users to change existing TOTP secret | ✔ | | | |
totp2fUserCanRemoveKey | Authorize users to remove existing TOTP secret | ✔ | | | |
trustedDomains | Trusted domains | ✔ | | | |
trustedProxies | Trusted proxies | ✔ | | | |
twitterAppName | | ✔ | | | |
twitterAuthnLevel | Twitter authentication level | ✔ | | | |
twitterKey | | ✔ | | | |
twitterSecret | | ✔ | | | |
u2fActivation | U2F activation | ✔ | | | |
u2fAuthnLevel | Authentication level for users authentified by password+U2F | ✔ | | | |
u2fSelfRegistration | U2F self registration activation | ✔ | | | |
u2fUserCanRemoveKey | Authorize users to remove existing U2F key | ✔ | | | |
upgradeSession | Upgrade session activation | ✔ | | | |
useRedirectOnError | Use 302 redirect code for error (500) | | ✔ | | |
useRedirectOnForbidden | Use 302 redirect code for forbidden (403) | ✔ | | | |
useSafeJail | Activate Safe jail | ✔ | ✔ | | |
userControl | Regular expression to validate login | ✔ | | | |
userDB | User module | ✔ | | | |
userLogger | User actions logger | ✔ | ✔ | ✔ | ✔ |
userPivot | | ✔ | | | |
userSyslogFacility | Syslog logger user-actions facility | ✔ | ✔ | ✔ | ✔ |
utotp2fActivation | UTOTP activation (mixed U2F/TOTP module) | ✔ | | | |
utotp2fAuthnLevel | Authentication level for users authentified by password+(U2F or TOTP) | ✔ | | | |
vhostOptions | | ✔ | | | [1] |
webIDAuthnLevel | WebID authentication level | ✔ | | | |
webIDExportedVars | WebID exported variables | ✔ | | | |
webIDWhitelist | | ✔ | | | |
whatToTrace | Session parameter used to fill REMOTE_USER | ✔ | ✔ | | |
yubikey2fActivation | Yubikey second factor activation | ✔ | | | |
yubikey2fAuthnLevel | Authentication level for users authentified by Yubikey second factor | ✔ | | | |
yubikey2fClientID | Yubico client ID | ✔ | | | |
yubikey2fNonce | Yubico nonce | ✔ | | | |
yubikey2fPublicIDSize | Yubikey public ID size | ✔ | | | |
yubikey2fSecretKey | Yubico secret key | ✔ | | | |
yubikey2fSelfRegistration | Yubikey self registration activation | ✔ | | | |
yubikey2fUrl | Yubico server | ✔ | | | |
yubikey2fUserCanRemoveKey | Authorize users to remove existing Yubikey | ✔ | | | |
zimbraAccountKey | Zimbra account session key | | ✔ | | ✔ |
zimbraBy | Zimbra account type | | ✔ | | ✔ |
zimbraPreAuthKey | Zimbra preauthentication key | | ✔ | | ✔ |
zimbraSsoUrl | Zimbra local SSO URL pattern | | ✔ | | ✔ |
zimbraUrl | Zimbra preauthentication URL | | ✔ | | ✔ |