dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cc79680b89
lemonldap-ng/doc/pages/documentation/current/variables.html
Clément OUDOT 2f81f4b3b5 Update documentation
2019-02-12 17:32:02 +01:00

371 lines
15 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:variables</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,variables"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="variables.html"/>
<link rel="contents" href="variables.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:variables","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#modules">Modules</a></div></li>
<li class="level1"><div class="li"><a href="#connection">Connection</a></div></li>
<li class="level1"><div class="li"><a href="#authentication">Authentication</a></div></li>
<li class="level1"><div class="li"><a href="#dates">Dates</a></div></li>
<li class="level1"><div class="li"><a href="#saml">SAML</a></div></li>
<li class="level1"><div class="li"><a href="#notifications">Notifications</a></div></li>
<li class="level1"><div class="li"><a href="#login_history">Login history</a></div></li>
<li class="level1"><div class="li"><a href="#ldap">LDAP</a></div></li>
<li class="level1"><div class="li"><a href="#openid">OpenID</a></div></li>
<li class="level1"><div class="li"><a href="#openid_connect">OpenID Connect</a></div></li>
<li class="level1"><div class="li"><a href="#other">Other</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="variables">Variables</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Variables" [1-25] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Variables can be used in rules and headers. All rules are concerned:
</p>
<ul>
<li class="level1"><div class="li"> Access rule in virtual host</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> IDP preselection</div>
</li>
<li class="level1"><div class="li"> Session opening</div>
</li>
<li class="level1"><div class="li"> ...</div>
</li>
</ul>
<p>
Variables are stored in the user session. We can distinguish several kind of variables:
</p>
<ul>
<li class="level1"><div class="li"> internal variables, managed by LemonLDAP::NG</div>
</li>
<li class="level1"><div class="li"> <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables</a> collected from UserDB backend</div>
</li>
<li class="level1"><div class="li"> <a href="performances.html#macros_and_groups" class="wikilink1" title="documentation:2.0:performances">macro and groups</a></div>
</li>
</ul>
<p>
When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if <code>uid</code> variable match <code>coudot</code> :
</p>
<pre class="code">$uid eq &quot;coudot&quot;</pre>
<div class="notetip">You can inspect a user session with the sessions explorer (in Manager)
</div>
<p>
Below are documented internal variables.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [26-794] -->
<h2 class="sectionedit3" id="modules">Modules</h2>
<div class="level2">
<p>
Register what module was used for authentication, user data, password, ...
</p>
<div class="table sectionedit4"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> _auth </td><td class="col1 leftalign"> Authentication module </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> _userDB </td><td class="col1 leftalign"> User module </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> _passwordDB </td><td class="col1 leftalign"> Password module </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> _issuerDB </td><td class="col1 leftalign"> Issuer module (can be multivalued) </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> _authChoice </td><td class="col1 leftalign"> User choice done if <a href="authchoice.html" class="wikilink1" title="documentation:2.0:authchoice">authentication choice</a> was used </td>
</tr>
<tr class="row6 roweven">
<td class="col0 centeralign"> _authMulti </td><td class="col1 leftalign"> Full name of authentication module (with <code>#label</code>) used in Multi </td>
</tr>
<tr class="row7 rowodd">
<td class="col0 centeralign"> _userDBMulti </td><td class="col1 leftalign"> Full name of user module (with <code>#label</code>) used in Multi </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [891-1328] -->
</div>
<!-- EDIT3 SECTION "Modules" [795-1328] -->
<h2 class="sectionedit5" id="connection">Connection</h2>
<div class="level2">
<p>
Datas concerning the first connection to the portal
</p>
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> ipAddr </td><td class="col1 leftalign"> <abbr title="Internet Protocol">IP</abbr> of the user (special care must be taken is you run the portal <a href="behindproxyminihowto.html" class="wikilink1" title="documentation:2.0:behindproxyminihowto">behind a reverse proxy</a>) </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _timezone </td><td class="col1"> Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _url </td><td class="col1 leftalign"> <abbr title="Uniform Resource Locator">URL</abbr> used before being redirected to the portal (empty if portal was used as entry point) </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [1406-1821] -->
</div>
<!-- EDIT5 SECTION "Connection" [1329-1822] -->
<h2 class="sectionedit7" id="authentication">Authentication</h2>
<div class="level2">
<p>
Datas around the authentication process.
</p>
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _session_id </td><td class="col1 leftalign"> Session identifier (carried in cookie) </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _user </td><td class="col1 leftalign"> User found from login process </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _password </td><td class="col1 leftalign"> Password found from login process (only if <a href="passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">password store in session</a> is configured) </td>
</tr>
<tr class="row4 roweven">
<td class="col0 leftalign"> authenticationLevel </td><td class="col1 leftalign"> Authentication level </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [1893-2190] -->
</div>
<!-- EDIT7 SECTION "Authentication" [1823-2191] -->
<h2 class="sectionedit9" id="dates">Dates</h2>
<div class="level2">
<div class="table sectionedit10"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _utime </td><td class="col1 leftalign"> Timestamp of session creation </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _startTime </td><td class="col1 leftalign"> Date of session creation </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _updateTime </td><td class="col1 leftalign"> Date of session last modification </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> _lastAuthnUTime </td><td class="col1 leftalign"> Timestamp of last authentication time </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [2211-2440] -->
</div>
<!-- EDIT9 SECTION "Dates" [2192-2441] -->
<h2 class="sectionedit11" id="saml">SAML</h2>
<div class="level2">
<p>
Datas related to <abbr title="Security Assertion Markup Language">SAML</abbr> protocol
</p>
<div class="table sectionedit12"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _idp </td><td class="col1 leftalign"> Name of IDP used for authentication </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _idpConfKey </td><td class="col1 leftalign"> Configuration key of IDP used for authentication </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _samlToken </td><td class="col1 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> token </td>
</tr>
<tr class="row4 roweven">
<td class="col0 leftalign"> _lassoSessionDump </td><td class="col1 leftalign"> Lasso session dump </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 leftalign"> _lassoIdentityDump </td><td class="col1 leftalign"> Lasso identity dump </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [2492-2757] -->
</div>
<!-- EDIT11 SECTION "SAML" [2442-2758] -->
<h2 class="sectionedit13" id="notifications">Notifications</h2>
<div class="level2">
<div class="table sectionedit14"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _notification_<em>id</em> </td><td class="col1 leftalign"> Date of validation of the notification <em>id</em> </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [2786-2886] -->
</div>
<!-- EDIT13 SECTION "Notifications" [2759-2887] -->
<h2 class="sectionedit15" id="login_history">Login history</h2>
<div class="level2">
<div class="table sectionedit16"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _loginHistory </td><td class="col1 leftalign"> HASH of login success and failures </td>
</tr>
</table></div>
<!-- EDIT16 TABLE [2915-2997] -->
</div>
<!-- EDIT15 SECTION "Login history" [2888-2998] -->
<h2 class="sectionedit17" id="ldap">LDAP</h2>
<div class="level2">
<p>
Only with UserDB LDAP.
</p>
<div class="table sectionedit18"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _dn </td><td class="col1"> Distinguished name </td>
</tr>
</table></div>
<!-- EDIT18 TABLE [3041-3096] -->
</div>
<!-- EDIT17 SECTION "LDAP" [2999-3097] -->
<h2 class="sectionedit19" id="openid">OpenID</h2>
<div class="level2">
<div class="table sectionedit20"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _openid_<em>id</em> </td><td class="col1 leftalign"> Consent to share attribute <em>id</em> trough OpenID </td>
</tr>
</table></div>
<!-- EDIT20 TABLE [3118-3214] -->
</div>
<!-- EDIT19 SECTION "OpenID" [3098-3215] -->
<h2 class="sectionedit21" id="openid_connect">OpenID Connect</h2>
<div class="level2">
<div class="table sectionedit22"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _oidc_id_token </td><td class="col1 leftalign"> ID Token </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _oidc_OP </td><td class="col1 leftalign"> Configuration key of OP used for authentication </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _oidc_access_token </td><td class="col1 leftalign"> OAuth2 Access Token used to get UserInfo data </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> _oidc_consent_scope_<em>rp</em> </td><td class="col1 leftalign"> Scope for which consent was given for RP <em>rp</em> </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> _oidc_consent_time_<em>rp</em> </td><td class="col1 leftalign"> Time when consent was given for RP <em>rp</em> </td>
</tr>
</table></div>
<!-- EDIT22 TABLE [3244-3596] -->
</div>
<!-- EDIT21 SECTION "OpenID Connect" [3216-3597] -->
<h2 class="sectionedit23" id="other">Other</h2>
<div class="level2">
<div class="table sectionedit24"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _appsListOrder </td><td class="col1 leftalign"> Order of categories in the menu </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _session_kind </td><td class="col1 leftalign"> Type of session (<abbr title="Single Sign On">SSO</abbr>, Persistent, ...) </td>
</tr>
</table></div>
<!-- EDIT24 TABLE [3617-3758] -->
</div>
<!-- EDIT23 SECTION "Other" [3598-] --></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink