287 lines
10 KiB
HTML
287 lines
10 KiB
HTML
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
|
|
lang="en" dir="ltr">
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title></title>
|
|
<!-- metadata -->
|
|
<meta name="generator" content="Offline" />
|
|
<meta name="version" content="Offline 0.1" />
|
|
<!-- style sheet links -->
|
|
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
|
|
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
|
|
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
|
|
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export">
|
|
|
|
|
|
|
|
|
|
<h1><a name="variables" id="variables">Variables</a></h1>
|
|
<div class="level1">
|
|
|
|
</div>
|
|
<!-- SECTION "Variables" [1-25] -->
|
|
<h2><a name="presentation" id="presentation">Presentation</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Variables can be used in rules and headers. All rules are concerned:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> Access rule in virtual host</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <acronym title="Security Assertion Markup Language">SAML</acronym> IDP preselection</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Session opening</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> …</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
|
|
Variables are stored in the user session. We can distinguish several kind of variables:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> internal variables, managed by LemonLDAP::NG</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <a href="../../documentation/1.4/exportedvars.html" class="wikilink1" title="documentation:1.4:exportedvars">exported variables</a> collected from UserDB backend</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <a href="../../documentation/1.4/performances.html#macros_and_groups" class="wikilink1" title="documentation:1.4:performances">macro and groups</a></div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if <code>uid</code> variable match <code>coudot</code> :
|
|
|
|
</p>
|
|
<pre class="code">
|
|
$uid eq "coudot"
|
|
</pre>
|
|
|
|
<p>
|
|
<p><div class="notetip">You can inspect a user session with the sessions explorer (in Manager)
|
|
</div></p>
|
|
</p>
|
|
|
|
<p>
|
|
Below are documented internal variables.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "Presentation" [26-794] -->
|
|
<h2><a name="modules" id="modules">Modules</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Register what module was used for authentication, user data, password, …
|
|
|
|
</p>
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 centeralign"> _auth </td><td class="col1 leftalign"> Authentication module </td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 centeralign"> _userDB </td><td class="col1 leftalign"> User module </td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0 centeralign"> _passwordDB </td><td class="col1 leftalign"> Password module </td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0 centeralign"> _issuerDB </td><td class="col1 leftalign"> Issuer module (can be multivalued) </td>
|
|
</tr>
|
|
<tr class="row5 rowodd">
|
|
<td class="col0 centeralign"> _authChoice </td><td class="col1 leftalign"> User choice done if <a href="../../documentation/1.4/authchoice.html" class="wikilink1" title="documentation:1.4:authchoice">authentication choice</a> was used </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "Modules" [795-1161] -->
|
|
<h2><a name="connection" id="connection">Connection</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Datas concerning the first connection to the portal
|
|
|
|
</p>
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> ipAddr </td><td class="col1 leftalign"> <acronym title="Internet Protocol">IP</acronym> of the user (can be the X Forwarded For <acronym title="Internet Protocol">IP</acronym> if trusted proxies are configured) </td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 leftalign"> _timezone </td><td class="col1"> Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) </td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0 leftalign"> _url </td><td class="col1 leftalign"> <acronym title="Uniform Resource Locator">URL</acronym> used before being redirected to the portal (empty if portal was used as entry point) </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "Connection" [1162-1604] -->
|
|
<h2><a name="authentication" id="authentication">Authentication</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Datas around the authentication process.
|
|
|
|
</p>
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> _session_id </td><td class="col1 leftalign"> Session identifier (carried in cookie) </td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 leftalign"> _user </td><td class="col1 leftalign"> User found from login process </td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0 leftalign"> _password </td><td class="col1 leftalign"> Password found from login process (only if <a href="../../documentation/1.4/passwordstore.html" class="wikilink1" title="documentation:1.4:passwordstore">password store in session</a> is configured) </td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0 leftalign"> authenticationLevel </td><td class="col1 leftalign"> Authentication level </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "Authentication" [1605-1973] -->
|
|
<h2><a name="dates" id="dates">Dates</a></h2>
|
|
<div class="level2">
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> _utime </td><td class="col1 leftalign"> Timestamp of session creation </td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 leftalign"> startTime </td><td class="col1 leftalign"> Date of session creation </td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0 leftalign"> updateTime </td><td class="col1 leftalign"> Date of session last modification </td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0"> _lastAuthnUTime </td><td class="col1 leftalign"> Timestamp of last authentication time </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "Dates" [1974-2221] -->
|
|
<h2><a name="saml" id="saml">SAML</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Datas related to <acronym title="Security Assertion Markup Language">SAML</acronym> protocol
|
|
|
|
</p>
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> _idp </td><td class="col1 leftalign"> Name of IDP used for authentication </td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 leftalign"> _idpConfKey </td><td class="col1 leftalign"> Configuration key of IDP used for authentication </td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0 leftalign"> _samlToken </td><td class="col1 leftalign"> <acronym title="Security Assertion Markup Language">SAML</acronym> token </td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0 leftalign"> _lassoSessionDump </td><td class="col1 leftalign"> Lasso session dump </td>
|
|
</tr>
|
|
<tr class="row5 rowodd">
|
|
<td class="col0 leftalign"> _lassoIdentityDump </td><td class="col1 leftalign"> Lasso identity dump </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "SAML" [2222-2538] -->
|
|
<h2><a name="notifications" id="notifications">Notifications</a></h2>
|
|
<div class="level2">
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> _notification_<em>id</em> </td><td class="col1 leftalign"> Date of validation of the notification <em>id</em> </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "Notifications" [2539-2667] -->
|
|
<h2><a name="login_history" id="login_history">Login history</a></h2>
|
|
<div class="level2">
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> loginHistory </td><td class="col1 leftalign"> HASH of login success and failures </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "Login history" [2668-2777] -->
|
|
<h2><a name="ldap" id="ldap">LDAP</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Only with UserDB <acronym title="Lightweight Directory Access Protocol">LDAP</acronym>.
|
|
|
|
</p>
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> dn </td><td class="col1"> Distinguished name </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "LDAP" [2778-2875] -->
|
|
<h2><a name="openid" id="openid">OpenID</a></h2>
|
|
<div class="level2">
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> _openid_<em>id</em> </td><td class="col1 leftalign"> Consent to share attribute <em>id</em> trough OpenID </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "OpenID" [2876-2993] -->
|
|
<h2><a name="other" id="other">Other</a></h2>
|
|
<div class="level2">
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0 leftalign"> appsListOrder </td><td class="col1 leftalign"> Order of categories in the menu </td>
|
|
</tr>
|
|
</table>
|
|
|
|
</div>
|
|
<!-- SECTION "Other" [2994-] --></div><!-- closes <div class="dokuwiki export">--> |