dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
78c64717f1
lemonldap-ng/doc/pages/documentation/1.4/variables.html
Clément Oudot e3df94f9b4 Update doc to 1.4
2013-11-02 21:09:55 +00:00

287 lines
10 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="variables" id="variables">Variables</a></h1>
<div class="level1">
</div>
<!-- SECTION "Variables" [1-25] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
Variables can be used in rules and headers. All rules are concerned:
</p>
<ul>
<li class="level1"><div class="li"> Access rule in virtual host</div>
</li>
<li class="level1"><div class="li"> <acronym title="Security Assertion Markup Language">SAML</acronym> IDP preselection</div>
</li>
<li class="level1"><div class="li"> Session opening</div>
</li>
<li class="level1"><div class="li"></div>
</li>
</ul>
<p>
Variables are stored in the user session. We can distinguish several kind of variables:
</p>
<ul>
<li class="level1"><div class="li"> internal variables, managed by LemonLDAP::NG</div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.4/exportedvars.html" class="wikilink1" title="documentation:1.4:exportedvars">exported variables</a> collected from UserDB backend</div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.4/performances.html#macros_and_groups" class="wikilink1" title="documentation:1.4:performances">macro and groups</a></div>
</li>
</ul>
<p>
When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if <code>uid</code> variable match <code>coudot</code> :
</p>
<pre class="code">
$uid eq &quot;coudot&quot;
</pre>
<p>
<p><div class="notetip">You can inspect a user session with the sessions explorer (in Manager)
</div></p>
</p>
<p>
Below are documented internal variables.
</p>
</div>
<!-- SECTION "Presentation" [26-794] -->
<h2><a name="modules" id="modules">Modules</a></h2>
<div class="level2">
<p>
Register what module was used for authentication, user data, password, …
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> _auth </td><td class="col1 leftalign"> Authentication module </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> _userDB </td><td class="col1 leftalign"> User module </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> _passwordDB </td><td class="col1 leftalign"> Password module </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> _issuerDB </td><td class="col1 leftalign"> Issuer module (can be multivalued) </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> _authChoice </td><td class="col1 leftalign"> User choice done if <a href="../../documentation/1.4/authchoice.html" class="wikilink1" title="documentation:1.4:authchoice">authentication choice</a> was used </td>
</tr>
</table>
</div>
<!-- SECTION "Modules" [795-1161] -->
<h2><a name="connection" id="connection">Connection</a></h2>
<div class="level2">
<p>
Datas concerning the first connection to the portal
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> ipAddr </td><td class="col1 leftalign"> <acronym title="Internet Protocol">IP</acronym> of the user (can be the X Forwarded For <acronym title="Internet Protocol">IP</acronym> if trusted proxies are configured) </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _timezone </td><td class="col1"> Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _url </td><td class="col1 leftalign"> <acronym title="Uniform Resource Locator">URL</acronym> used before being redirected to the portal (empty if portal was used as entry point) </td>
</tr>
</table>
</div>
<!-- SECTION "Connection" [1162-1604] -->
<h2><a name="authentication" id="authentication">Authentication</a></h2>
<div class="level2">
<p>
Datas around the authentication process.
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _session_id </td><td class="col1 leftalign"> Session identifier (carried in cookie) </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _user </td><td class="col1 leftalign"> User found from login process </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _password </td><td class="col1 leftalign"> Password found from login process (only if <a href="../../documentation/1.4/passwordstore.html" class="wikilink1" title="documentation:1.4:passwordstore">password store in session</a> is configured) </td>
</tr>
<tr class="row4 roweven">
<td class="col0 leftalign"> authenticationLevel </td><td class="col1 leftalign"> Authentication level </td>
</tr>
</table>
</div>
<!-- SECTION "Authentication" [1605-1973] -->
<h2><a name="dates" id="dates">Dates</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _utime </td><td class="col1 leftalign"> Timestamp of session creation </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> startTime </td><td class="col1 leftalign"> Date of session creation </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> updateTime </td><td class="col1 leftalign"> Date of session last modification </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> _lastAuthnUTime </td><td class="col1 leftalign"> Timestamp of last authentication time </td>
</tr>
</table>
</div>
<!-- SECTION "Dates" [1974-2221] -->
<h2><a name="saml" id="saml">SAML</a></h2>
<div class="level2">
<p>
Datas related to <acronym title="Security Assertion Markup Language">SAML</acronym> protocol
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _idp </td><td class="col1 leftalign"> Name of IDP used for authentication </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _idpConfKey </td><td class="col1 leftalign"> Configuration key of IDP used for authentication </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _samlToken </td><td class="col1 leftalign"> <acronym title="Security Assertion Markup Language">SAML</acronym> token </td>
</tr>
<tr class="row4 roweven">
<td class="col0 leftalign"> _lassoSessionDump </td><td class="col1 leftalign"> Lasso session dump </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 leftalign"> _lassoIdentityDump </td><td class="col1 leftalign"> Lasso identity dump </td>
</tr>
</table>
</div>
<!-- SECTION "SAML" [2222-2538] -->
<h2><a name="notifications" id="notifications">Notifications</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _notification_<em>id</em> </td><td class="col1 leftalign"> Date of validation of the notification <em>id</em> </td>
</tr>
</table>
</div>
<!-- SECTION "Notifications" [2539-2667] -->
<h2><a name="login_history" id="login_history">Login history</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> loginHistory </td><td class="col1 leftalign"> HASH of login success and failures </td>
</tr>
</table>
</div>
<!-- SECTION "Login history" [2668-2777] -->
<h2><a name="ldap" id="ldap">LDAP</a></h2>
<div class="level2">
<p>
Only with UserDB <acronym title="Lightweight Directory Access Protocol">LDAP</acronym>.
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> dn </td><td class="col1"> Distinguished name </td>
</tr>
</table>
</div>
<!-- SECTION "LDAP" [2778-2875] -->
<h2><a name="openid" id="openid">OpenID</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _openid_<em>id</em> </td><td class="col1 leftalign"> Consent to share attribute <em>id</em> trough OpenID </td>
</tr>
</table>
</div>
<!-- SECTION "OpenID" [2876-2993] -->
<h2><a name="other" id="other">Other</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> appsListOrder </td><td class="col1 leftalign"> Order of categories in the menu </td>
</tr>
</table>
</div>
<!-- SECTION "Other" [2994-] --></div><!-- closes <div class="dokuwiki export">-->
Reference in New Issue View Git Blame Copy Permalink