Variables can be used in rules and headers. All rules are concerned:
Variables are stored in the user session. We can distinguish several kind of variables:
When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if uid
variable match coudot
:
$uid eq "coudot"
Below are documented internal variables.
Register what module was used for authentication, user data, password, …
Key | Description |
---|---|
_auth | Authentication module |
_userDB | User module |
_passwordDB | Password module |
_issuerDB | Issuer module (can be multivalued) |
_authChoice | User choice done if authentication choice was used |
_authMulti | Full name of authentication module (with #label ) used in Multi |
_userDBMulti | Full name of user module (with #label ) used in Multi |
Datas concerning the first connection to the portal
Key | Description |
---|---|
ipAddr | IP of the user (can be the X Forwarded For IP if trusted proxies are configured) |
_timezone | Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) |
_url | URL used before being redirected to the portal (empty if portal was used as entry point) |
Datas around the authentication process.
Key | Description |
---|---|
_session_id | Session identifier (carried in cookie) |
_user | User found from login process |
_password | Password found from login process (only if password store in session is configured) |
authenticationLevel | Authentication level |
Key | Description |
---|---|
_utime | Timestamp of session creation |
_startTime | Date of session creation |
_updateTime | Date of session last modification |
_lastAuthnUTime | Timestamp of last authentication time |
Datas related to SAML protocol
Key | Description |
---|---|
_idp | Name of IDP used for authentication |
_idpConfKey | Configuration key of IDP used for authentication |
_samlToken | SAML token |
_lassoSessionDump | Lasso session dump |
_lassoIdentityDump | Lasso identity dump |
Key | Description |
---|---|
_notification_id | Date of validation of the notification id |
Key | Description |
---|---|
_loginHistory | HASH of login success and failures |
Only with UserDB LDAP.
Key | Description |
---|---|
_dn | Distinguished name |
Key | Description |
---|---|
_openid_id | Consent to share attribute id trough OpenID |
Key | Description |
---|---|
_oidc_id_token | ID Token |
_oidc_OP | Configuration key of OP used for authentication |
_oidc_access_token | OAuth2 Access Token used to get UserInfo data |
_oidc_consent_scope_rp | Scope for which consent was given for RP rp |
_oidc_consent_time_rp | Time when consent was given for RP rp |
Key | Description |
---|---|
_appsListOrder | Order of categories in the menu |
_session_kind | Type of session (SSO, Persistent, …) |