parent
589239352e
commit
1ea5813c8f
@ -1,3 +1,4 @@
|
||||
%set %%boolean = {'oui': 1, 'non': 0}
|
||||
;==============================================================================
|
||||
; LemonLDAP::NG local configuration parameters
|
||||
;
|
||||
@ -11,9 +12,6 @@
|
||||
; Section "configuration" is used to load global configuration and set cache
|
||||
; (replace old storage.conf file)
|
||||
;
|
||||
; Section "apply" is read by Manager to reload handlers
|
||||
; (replace old apply.conf file)
|
||||
;
|
||||
; Other section are only read by the specific LemonLDAP::NG component
|
||||
;==============================================================================
|
||||
|
||||
@ -34,16 +32,80 @@
|
||||
; Warning: this can allow malicious code in custom functions or rules
|
||||
;useSafeJail = 0
|
||||
|
||||
; LOGGING
|
||||
;
|
||||
; 1 - Defined logging level
|
||||
; Set here one of error, warn, notice, info or debug
|
||||
logLevel = debug
|
||||
; Note that this has no effect for Apache2 logging: Apache LogLevel is used
|
||||
; instead
|
||||
;
|
||||
; 2 - Change logger
|
||||
;
|
||||
; By default, logging is set to:
|
||||
; - Lemonldap::NG::Common::Logger::Apache2 for ApacheMP2 handlers
|
||||
; - Lemonldap::NG::Common::Logger::Syslog for FastCGI (Nginx)
|
||||
; - Lemonldap::NG::Common::Logger::Std for PSGI applications (manager,
|
||||
; portal,...) when they are not
|
||||
; launched by FastCGI server
|
||||
; Other loggers availables:
|
||||
; - Lemonldap::NG::Common::Logger::Log4perl to use Log4perl
|
||||
;
|
||||
; "Std" is redirected to the web server logs for Apache. For Nginx, only if
|
||||
; request failed
|
||||
;
|
||||
; You can overload this in this section (for all) or in another section if
|
||||
; you want to change logger for a specified app.
|
||||
;
|
||||
; LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions
|
||||
; (userLogger). "userLogger" uses the same class as "logger" if not set.
|
||||
;logger = Lemonldap::NG::Common::Logger::Syslog
|
||||
;userLogger = Lemonldap::NG::Common::Logger::Std
|
||||
;
|
||||
; 2.1 - Using Syslog
|
||||
;
|
||||
; For Syslog logging, you can also overwrite facilities. Default values:
|
||||
;logger = Lemonldap::NG::Common::Logger::Syslog
|
||||
;syslogFacility = daemon
|
||||
;userSyslogFacility = auth
|
||||
;
|
||||
; 2.2 - Using Log4perl
|
||||
;
|
||||
; If you want to use Log4perl, you can set these parameters. Here are default
|
||||
; values:
|
||||
;logger = Lemonldap::NG::Common::Logger::Log4perl
|
||||
;log4perlConfFile = /etc/lemonldap-ng/log4perl.conf
|
||||
;log4perlLogger = LLNG
|
||||
;log4perlUserLogger = LLNG.user
|
||||
;
|
||||
; Here, Log4perl configuration is read from /etc/log4perl.conf. The "LLNG"
|
||||
; value points to the logger class. Example:
|
||||
; log4perl.logger.LLNG = WARN, File1
|
||||
; log4perl.logger.LLNG.user = INFO, File2
|
||||
; ...
|
||||
|
||||
; CONFIGURATION CHECK
|
||||
;
|
||||
; LLNG verify configuration at server start. If you use "reload" mechanism,
|
||||
; local cache will be updated. Configuration is checked locally every
|
||||
; 10 minutes by each LLNG component. You can change this value using
|
||||
; `checkTime` (time in seconds).
|
||||
; To increase performances, you should comment this parameter and rely on cache.
|
||||
checkTime = 1
|
||||
|
||||
[configuration]
|
||||
|
||||
; confTimeout: maximum time to get configuration (default 10)
|
||||
;confTimeout = 5
|
||||
|
||||
; GLOBAL CONFIGURATION ACCESS TYPE
|
||||
; (File, SOAP, RDBI/CDBI, LDAP)
|
||||
; (File, REST, SOAP, RDBI/CDBI, LDAP, YAMLFile)
|
||||
; Set here the parameters needed to access to LemonLDAP::NG configuration.
|
||||
; You have to set "type" to one of the followings :
|
||||
;
|
||||
; * File: you have to set 'dirName' parameter. Example:
|
||||
; * File/YAMLFile: you have to set 'dirName' parameter. Example:
|
||||
;
|
||||
; type = File
|
||||
; type = File ; or type = YAMLFile
|
||||
; dirName = /var/lib/lemonldap-ng/conf
|
||||
;
|
||||
; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
|
||||
@ -51,17 +113,28 @@
|
||||
;
|
||||
; type = RDBI
|
||||
; ;type = CDBI
|
||||
; dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
|
||||
; dbiChain = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4
|
||||
; dbiUser = lemonldap
|
||||
; dbiPassword = password
|
||||
;
|
||||
; * REST: REST configuration access is a sort of proxy: the portal is
|
||||
; configured to use the real session storage type (DBI or File for
|
||||
; example).
|
||||
; You have to set 'baseUrl' parameter. Example:
|
||||
;
|
||||
; type = REST
|
||||
; baseUrl = https://auth.example.com/config
|
||||
; proxyOptions = { timeout => 5 }
|
||||
; User = lemonldap
|
||||
; Password = mypassword
|
||||
;
|
||||
; * SOAP: SOAP configuration access is a sort of proxy: the portal is
|
||||
; configured to use the real session storage type (DBI or File for
|
||||
; example).
|
||||
; You have to set 'proxy' parameter. Example:
|
||||
;
|
||||
; type = SOAP
|
||||
; proxy = https://auth.example.com/index.pl/config
|
||||
; proxy = https://auth.example.com/config
|
||||
; proxyOptions = { timeout => 5 }
|
||||
; User = lemonldap
|
||||
; Password = mypassword
|
||||
@ -91,7 +164,7 @@ dirName = /var/lib/lemonldap-ng/conf
|
||||
; 'default_expires_in' => 600, \
|
||||
; 'directory_umask' => '007', \
|
||||
; 'cache_root' => '/tmp', \
|
||||
; 'cache_depth' => 0, \
|
||||
; 'cache_depth' => 3, \
|
||||
; }
|
||||
localStorage=Cache::FileCache
|
||||
localStorageOptions={ \
|
||||
@ -99,33 +172,31 @@ localStorageOptions={ \
|
||||
'default_expires_in' => 600, \
|
||||
'directory_umask' => '007', \
|
||||
'cache_root' => '/tmp', \
|
||||
'cache_depth' => 0, \
|
||||
'cache_depth' => 3, \
|
||||
}
|
||||
|
||||
[portal]
|
||||
|
||||
; PERFORMANCES
|
||||
; By setting useLocalConf, Portal will use only local cached configuration
|
||||
; To refresh it, you must have an handler on the same server or you have to
|
||||
; restart your server. This increase performances
|
||||
;useLocalConf = 1
|
||||
; PORTAL CUSTOMIZATION
|
||||
|
||||
; I - Required parameters
|
||||
|
||||
; staticPrefix: relative (or URL) location of static HTML components
|
||||
staticPrefix = /static
|
||||
|
||||
; location of HTML templates directory
|
||||
templateDir = /usr/share/lemonldap-ng/portal/templates
|
||||
|
||||
; languages: available languages for portal interface
|
||||
languages = fr, en
|
||||
; PORTAL CUSTOMIZATION
|
||||
languages = fr, en, vi, it, ar, de, fi, tr
|
||||
|
||||
; II - Optional parameters (overwrite configuration)
|
||||
|
||||
; Name of the skin
|
||||
portalSkin = %%llSkin
|
||||
; Modules displayed
|
||||
;portalDisplayLogout = 1
|
||||
%if %%llResetPassword == "oui"
|
||||
portalDisplayResetPassword = 1
|
||||
%else
|
||||
portalDisplayResetPassword = 0
|
||||
%end if
|
||||
portalDisplayResetPassword = %%boolean[%%llResetPassword]
|
||||
;portalDisplayChangePassword = 1
|
||||
;portalDisplayAppslist = 1
|
||||
;portalDisplayLoginHistory = 1
|
||||
@ -142,16 +213,17 @@ portalDisplayResetPassword = 0
|
||||
; For example to use <TMPL_VAR NAME="myparam">
|
||||
;tpl_myparam = test
|
||||
|
||||
; LOG
|
||||
; By default, all is logged in Apache file. To log user actions by
|
||||
; syslog, just set syslog facility here:
|
||||
; COMBINATION FORMS
|
||||
; If you want to fix forms to display, you can use this;
|
||||
;combinationForms = standardform, yubikeyform
|
||||
|
||||
;syslog = auth
|
||||
; SOAP FUNCTIONS
|
||||
; Remove comment to activate SOAP Functions getCookies(user,pwd) and
|
||||
; error(language, code)
|
||||
;Soap = 1
|
||||
; Note that getAttibutes() will be activated but on a different URI
|
||||
; (http://auth.example.com/index.pl/sessions)
|
||||
; (http://auth.example.com/sessions)
|
||||
; You can also restrict attributes and macros exported by getAttributes
|
||||
;exportedAttr = uid mail
|
||||
|
||||
@ -208,8 +280,8 @@ portalDisplayResetPassword = 0
|
||||
; Use it to be able to notify messages during authentication
|
||||
;notification = 1
|
||||
; Note that the SOAP function newNotification will be activated on
|
||||
; http://auth.example.com/index.pl/notification
|
||||
; If you want to hide this, just protect "/index.pl/notification" in
|
||||
; http://auth.example.com/notification
|
||||
; If you want to hide this, just protect "/index.fcgi/notification" in
|
||||
; your Apache configuration file
|
||||
; XSS protection bypass
|
||||
; By default, the portal refuse redirections that comes from sites not
|
||||
@ -225,6 +297,21 @@ portalDisplayResetPassword = 0
|
||||
; Set to 0 to disable error on XSS attack detection
|
||||
;checkXSS = 0
|
||||
|
||||
; pdata cookie domain
|
||||
; pdata cookie could not be sent with cross domains AJAX request
|
||||
; Null is default value
|
||||
;pdataDomain = example.com
|
||||
|
||||
; CUSTOM PLUGINS
|
||||
; If you want to add custom plugins, set list here (comma separated)
|
||||
; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page.
|
||||
;customPlugins = ::My::Package1, ::My::Package2
|
||||
|
||||
; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers
|
||||
; you can override OTT configuration to store Upgrade or Issuer OTT into global storage
|
||||
;forceGlobalStorageUpgradeOTT = 1
|
||||
;forceGlobalStorageIssuerOTT = 1
|
||||
|
||||
[handler]
|
||||
|
||||
; Handler cache configuration
|
||||
@ -240,7 +327,7 @@ portalDisplayResetPassword = 0
|
||||
|
||||
; Set https to 1 if your handler protect a https website (used only for
|
||||
; redirections to the portal)
|
||||
;https = 0
|
||||
https = 1
|
||||
; Set port if your your hanlder protect a website on a non standard port
|
||||
; - 80 for http, 443 for https (used only for redirections to the portal)
|
||||
;port = 8080
|
||||
@ -252,6 +339,10 @@ status = 0
|
||||
;useRedirectOnForbidden = 1
|
||||
; Hide LemonLDAP::NG Handler in Apache Server Signature
|
||||
;hideSignature = 1
|
||||
; Set ServiceToken timeout
|
||||
;handlerServiceTokenTTL = 30
|
||||
; Set Impersonation/ContextSwitching prefix
|
||||
; impersonationPrefix = real_
|
||||
useRedirectOnError = 1
|
||||
|
||||
; Zimbra Handler parameters
|
||||
@ -275,9 +366,6 @@ useRedirectOnError = 1
|
||||
; * none : no protection
|
||||
protection = manager
|
||||
|
||||
; logLevel. Set here one of error, warn, notice, info or debug
|
||||
logLevel = warn
|
||||
|
||||
; staticPrefix: relative (or URL) location of static HTML components
|
||||
staticPrefix = /static
|
||||
;
|
||||
@ -285,10 +373,29 @@ staticPrefix = /static
|
||||
templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates
|
||||
|
||||
; languages: available languages for manager interface
|
||||
languages = fr, en
|
||||
languages = fr, en, it, vi, ar, tr
|
||||
|
||||
; Manager modules enabled
|
||||
; Set here the list of modules you want to see in manager interface
|
||||
; The first will be used as default module displayed
|
||||
enabledModules = conf, sessions, notifications
|
||||
;enabledModules = conf, sessions, notifications, 2ndFA, viewer
|
||||
enabledModules = conf, sessions, notifications, 2ndFA
|
||||
|
||||
; To avoid restricted users to edit configuration, defaulModule MUST be different than 'conf'
|
||||
; 'conf' is set by default
|
||||
;defaultModule = viewer
|
||||
|
||||
; Viewer module allows us to edit configuration in read-only mode
|
||||
; Options can be set with specific rules like this :
|
||||
;viewerAllowBrowser = $uid eq 'dwho'
|
||||
;viewerAllowDiff = $uid ne 'dwho'
|
||||
;
|
||||
; Viewer options - Default values
|
||||
;viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions
|
||||
;viewerAllowBrowser = 0
|
||||
;viewerAllowDiff = 0
|
||||
|
||||
;[node-handler]
|
||||
;
|
||||
;This section is for node-lemonldap-ng-handler
|
||||
;nodeVhosts = test3.example.com, test4.example.com
|
||||
|
441
tmpl/lmConf-1.js
441
tmpl/lmConf-1.js
@ -1,441 +0,0 @@
|
||||
%set %%ssoFilters = %%getSSOFilters
|
||||
{
|
||||
"ldapGroupAttributeNameUser": "dn",
|
||||
"cfgAuthorIP": "172.16.0.1",
|
||||
"samlSPMetaDataXML": null,
|
||||
"facebookAuthnLevel": 1,
|
||||
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
||||
"secureTokenAttribute": "uid",
|
||||
"singleSession": 0,
|
||||
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
||||
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||
"cookieName": "lemonldap",
|
||||
"slaveExportedVars": {},
|
||||
"whatToTrace": "_whatToTrace",
|
||||
"oidcRPMetaDataOptions": {},
|
||||
"notifyDeleted": 1,
|
||||
"useRedirectOnError": 1,
|
||||
"samlSPMetaDataExportedAttributes": null,
|
||||
"ldapPwdEnc": "utf-8",
|
||||
"openIdSPList": "0;",
|
||||
"samlNameIDFormatMapEmail": "mail",
|
||||
"samlSPMetaDataOptions": null,
|
||||
"issuerDBOpenIDRule": 1,
|
||||
"casStorageOptions": {},
|
||||
"mailFrom": "noreply@%%nom_domaine_local",
|
||||
"timeoutActivity": 0,
|
||||
"oidcRPMetaDataExportedVars": {},
|
||||
"issuerDBSAMLActivation": 0,
|
||||
"issuerDBCASPath": "^/%%casFolder/",
|
||||
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
||||
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
||||
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||
"exportedHeaders": {
|
||||
"test1.%%nom_domaine_local": {
|
||||
"Auth-User": "$uid"
|
||||
},
|
||||
"test2.%%nom_domaine_local": {
|
||||
"Auth-User": "$uid"
|
||||
},
|
||||
"%%managerWebName": {}
|
||||
},
|
||||
"vhostOptions": {
|
||||
"%%managerWebName": {
|
||||
"vhostHttps" : "1"
|
||||
},
|
||||
"test1.%%nom_domaine_local": {},
|
||||
"test2.%%nom_domaine_local": {}
|
||||
},
|
||||
"radiusAuthnLevel": 3,
|
||||
"dbiAuthnLevel": 2,
|
||||
"ldapPasswordResetAttribute": "pwdReset",
|
||||
"ldapGroupObjectClass": "groupOfNames",
|
||||
"apacheAuthnLevel": 4,
|
||||
"samlNameIDFormatMapKerberos": "uid",
|
||||
"groups": {},
|
||||
"securedCookie": 0,
|
||||
"httpOnly": 1,
|
||||
"yubikeyAuthnLevel": 3,
|
||||
"ADPwdMaxAge": 0,
|
||||
"samlUseQueryStringSpecific": 0,
|
||||
"loginHistoryEnabled": 1,
|
||||
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
||||
"failedLoginNumber": 5,
|
||||
"samlServicePrivateKeyEncPwd": "",
|
||||
"portalForceAuthnInterval": 0,
|
||||
"cfgLog": "",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"exportedVars": {
|
||||
"UA": "HTTP_USER_AGENT",
|
||||
%for att in %%casAttribute
|
||||
"%%att": "%%att",
|
||||
%end for
|
||||
%set %%idx = 0
|
||||
%set %%size = %%len(%%ssoFilters) - 1
|
||||
%for key,value in %%ssoFilters
|
||||
%if %%idx == %%size
|
||||
"%%key": "%%value"
|
||||
%else
|
||||
"%%key": "%%value",
|
||||
%end if
|
||||
%set %%idx += 1
|
||||
%end for
|
||||
},
|
||||
"notificationStorage": "File",
|
||||
"applicationList": {
|
||||
"1sample": {
|
||||
"test2": {
|
||||
"options": {
|
||||
"name": "Application Test 2",
|
||||
"logo": "thumbnail.png",
|
||||
"uri": "https://test2.%%nom_domaine_local/",
|
||||
"display": "auto",
|
||||
"description": "The same simple application displaying authenticated user"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"type": "category",
|
||||
"catname": "Sample applications",
|
||||
"test1": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"description": "A simple application displaying authenticated user",
|
||||
"uri": "https://test1.%%nom_domaine_local/",
|
||||
"logo": "demo.png",
|
||||
"display": "auto",
|
||||
"name": "Application Test 1"
|
||||
}
|
||||
}
|
||||
},
|
||||
"2administration": {
|
||||
"notifications": {
|
||||
"options": {
|
||||
"name": "Notifications explorer",
|
||||
"display": "auto",
|
||||
"description": "Explore WebSSO notifications",
|
||||
"uri": "https://%%managerWebName/notifications.pl",
|
||||
"logo": "database.png"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"manager": {
|
||||
"options": {
|
||||
"uri": "https://%%managerWebName/",
|
||||
"display": "auto",
|
||||
"description": "Configure LemonLDAP::NG WebSSO",
|
||||
"logo": "configure.png",
|
||||
"name": "WebSSO Manager"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"type": "category",
|
||||
"sessions": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"description": "Explore WebSSO sessions",
|
||||
"uri": "https://%%managerWebName/sessions.pl",
|
||||
"logo": "database.png",
|
||||
"display": "auto",
|
||||
"name": "Sessions explorer"
|
||||
}
|
||||
},
|
||||
"catname": "Administration"
|
||||
},
|
||||
"3documentation": {
|
||||
"catname": "Documentation",
|
||||
"officialwebsite": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"name": "Offical Website",
|
||||
"description": "Official LemonLDAP::NG Website",
|
||||
"logo": "network.png",
|
||||
"display": "on",
|
||||
"uri": "http://lemonldap-ng.org/"
|
||||
}
|
||||
},
|
||||
"type": "category",
|
||||
"localdoc": {
|
||||
"options": {
|
||||
"logo": "help.png",
|
||||
"description": "Documentation supplied with LemonLDAP::NG",
|
||||
"display": "on",
|
||||
"uri": "https://%%managerWebName/doc/",
|
||||
"name": "Local documentation"
|
||||
},
|
||||
"type": "application"
|
||||
}
|
||||
}
|
||||
},
|
||||
"userControl": "^[\\w\\.\\-@]+$",
|
||||
"timeout": 72000,
|
||||
"portalAntiFrame": 1,
|
||||
"SMTPServer": "",
|
||||
"ldapTimeout": 120,
|
||||
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
||||
"ldapUsePasswordResetAttribute": 1,
|
||||
"ldapPpolicyControl": 0,
|
||||
"casAttributes": {
|
||||
%for att in %%casAttribute
|
||||
"%%att": "%%att.casLDAPAttribute",
|
||||
%end for
|
||||
%set %%idx = 0
|
||||
%set %%size = %%len(%%ssoFilters) - 1
|
||||
%for key,value in %%ssoFilters
|
||||
%if %%idx == %%size
|
||||
"%%key": "%%key"
|
||||
%else
|
||||
"%%key": "%%key",
|
||||
%end if
|
||||
%set %%idx += 1
|
||||
%end for
|
||||
},
|
||||
"issuerDBSAMLPath": "^/saml/",
|
||||
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
||||
"portalDisplayAppslist": 1,
|
||||
"confirmFormMethod": "post",
|
||||
"domain": "%%nom_domaine_local",
|
||||
"cfgNum": "1",
|
||||
"authentication": "LDAP",
|
||||
"samlNameIDFormatMapWindows": "uid",
|
||||
"authChoiceModules": {},
|
||||
"ldapGroupAttributeName": "member",
|
||||
"samlServicePrivateKeySigPwd": "",
|
||||
"googleAuthnLevel": 1,
|
||||
"successLoginNumber": 5,
|
||||
"localSessionStorageOptions": {
|
||||
"cache_root": "/tmp",
|
||||
"namespace": "lemonldap-ng-sessions",
|
||||
"default_expires_in": 600,
|
||||
"directory_umask": "007",
|
||||
"cache_depth": 3
|
||||
},
|
||||
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||
"portalRequireOldPassword": 1,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
||||
"ADPwdExpireWarning": 0,
|
||||
"yubikeyPublicIDSize": 12,
|
||||
"ldapGroupAttributeNameGroup": "dn",
|
||||
"oidcRPMetaDataOptionsExtraClaims": null,
|
||||
"ldapGroupRecursive": 0,
|
||||
"mailSubject": "[LemonLDAP::NG] Your new password",
|
||||
"nginxCustomHandlers": {},
|
||||
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
||||
%if %%llResetPassword == "oui"
|
||||
"portalDisplayResetPassword": 1,
|
||||
%else
|
||||
"portalDisplayResetPassword": 0,
|
||||
%end if
|
||||
"openIdSreg_timezone": "_timezone",
|
||||
"infoFormMethod": "get",
|
||||
"openIdAuthnLevel": 1,
|
||||
"openIdSreg_nickname": "uid",
|
||||
"samlServicePublicKeyEnc": "",
|
||||
"userDB": "LDAP",
|
||||
"grantSessionRules": {},
|
||||
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
||||
"reloadUrls": {
|
||||
"%%reloadWebName": "https://%%reloadWebName/reload"
|
||||
},
|
||||
"registerTimeout": 0,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
||||
"slaveAuthnLevel": 2,
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"Soap": 1,
|
||||
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
|
||||
%if %%RegisterDB == "Custom"
|
||||
"registerDB": "Null",
|
||||
%else
|
||||
"registerDB": "%%RegisterDB",
|
||||
%end if
|
||||
"locationRules": {
|
||||
"%%managerWebName": {
|
||||
"default": "$uid eq \"%%lemonAdmin\""
|
||||
},
|
||||
"test1.%%nom_domaine_local": {
|
||||
"default": "accept",
|
||||
"^/logout": "logout_sso"
|
||||
},
|
||||
"test2.%%nom_domaine_local": {
|
||||
"default": "accept",
|
||||
"^/logout": "logout_sso"
|
||||
}
|
||||
},
|
||||
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
|
||||
"hideOldPassword": 0,
|
||||
%if %%is_file(%%ldapBindUserPassword)
|
||||
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
|
||||
%else
|
||||
"managerPassword": "%%ldapBindUserPassword",
|
||||
%end if
|
||||
"authChoiceParam": "lmAuth",
|
||||
"lwpSslOpts": {},
|
||||
"portalSkinRules": {},
|
||||
"issuerDBOpenIDPath": "^/openidserver/",
|
||||
"redirectFormMethod": "get",
|
||||
"portalDisplayRegister": 1,
|
||||
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
||||
"notificationStorageOptions": {
|
||||
"dirName": "/var/lib/lemonldap-ng/notifications"
|
||||
},
|
||||
"browserIdAuthnLevel": 1,
|
||||
"portalUserAttr": "_user",
|
||||
"ldapVersion": 3,
|
||||
"sessionDataToRemember": {},
|
||||
"samlNameIDFormatMapX509": "mail",
|
||||
"managerDn": "%%ldapBindUserDN",
|
||||
"mailSessionKey": "mail",
|
||||
"openIdSreg_email": "mail",
|
||||
"localSessionStorage": "Cache::FileCache",
|
||||
"persistentStorage": "Apache::Session::File",
|
||||
"mailOnPasswordChange": 0,
|
||||
"captchaStorage": "Apache::Session::File",
|
||||
"remoteGlobalStorageOptions": {
|
||||
"proxy": "https://%%authWebName/index.pl/sessions",
|
||||
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
|
||||
},
|
||||
"passwordDB": "LDAP",
|
||||
"captcha_size": 6,
|
||||
"mailCharset": "utf-8",
|
||||
"facebookExportedVars": {},
|
||||
"nullAuthnLevel": 2,
|
||||
"singleIP": 0,
|
||||
"dbiExportedVars": {},
|
||||
"portalSkin": "bootstrap",
|
||||
"storePassword": 0,
|
||||
"hiddenAttributes": "_password",
|
||||
"samlServicePrivateKeySig": "",
|
||||
"globalStorage": "Apache::Session::File",
|
||||
"notificationWildcard": "allusers",
|
||||
"portalForceAuthn": 0,
|
||||
"samlMetadataForceUTF8": 1,
|
||||
"secureTokenUrls": ".*",
|
||||
"secureTokenAllowOnError": 1,
|
||||
"samlAuthnContextMapTLSClient": 5,
|
||||
"ldapAllowResetExpiredPassword": 0,
|
||||
"oidcOPMetaDataExportedVars": {},
|
||||
"notifyOther": 0,
|
||||
"secureTokenExpiration": 60,
|
||||
"captcha_mail_enabled": 0,
|
||||
"samlStorageOptions": {},
|
||||
"samlOrganizationDisplayName": "Example",
|
||||
"trustedProxies": "",
|
||||
"secureTokenHeader": "Auth-Token",
|
||||
"issuerDBCASActivation": 1,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
||||
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||
"samlIDPMetaDataXML": {},
|
||||
"oidcStorageOptions": {},
|
||||
"cfgDate": 1519998069,
|
||||
"samlAuthnContextMapPassword": 2,
|
||||
"portalDisplayLoginHistory": 1,
|
||||
"ldapPasswordResetAttributeValue": "TRUE",
|
||||
"ldapServer": "%%ldapScheme://%%ldapServer",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
||||
"samlIDPMetaDataExportedAttributes": null,
|
||||
"samlServicePrivateKeyEnc": "",
|
||||
"useRedirectOnForbidden": 0,
|
||||
"captcha_login_enabled": 0,
|
||||
"https": 0,
|
||||
"checkXSS": 1,
|
||||
"ldapSetPassword": 0,
|
||||
"portalPingInterval": 60000,
|
||||
"captchaStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
||||
},
|
||||
"useSafeJail": 1,
|
||||
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
||||
"issuerDBCASRule": 1,
|
||||
"samlAuthnContextMapKerberos": 4,
|
||||
"ldapGroupAttributeNameSearch": "cn",
|
||||
"logoutServices": {},
|
||||
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
||||
"portalDisplayLogout": 1,
|
||||
"issuerDBGetParameters": {},
|
||||
"googleExportedVars": {},
|
||||
"openIdSreg_fullname": "cn",
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
||||
"demoExportedVars": {
|
||||
"mail": "mail",
|
||||
"uid": "uid",
|
||||
"cn": "cn"
|
||||
},
|
||||
"oidcOPMetaDataJSON": null,
|
||||
"samlIdPResolveCookie": "lemonldapidp",
|
||||
"samlRelayStateTimeout": 600,
|
||||
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
|
||||
"globalStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/sessions",
|
||||
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
||||
},
|
||||
"ldapExportedVars": {
|
||||
"mail": "mail",
|
||||
"cn": "cn",
|
||||
"uid": "uid"
|
||||
},
|
||||
"webIDExportedVars": {},
|
||||
"activeTimer": 1,
|
||||
"cda": 0,
|
||||
"samlServicePublicKeySig": "",
|
||||
%if %%llCheckLogins == "oui"
|
||||
"portalCheckLogins": 1,
|
||||
%else
|
||||
"portalCheckLogins": 0,
|
||||
%end if
|
||||
"CAS_authnLevel": 1,
|
||||
"macros": {
|
||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||
},
|
||||
"samlIDPMetaDataOptions": null,
|
||||
"twitterAuthnLevel": 1,
|
||||
"openIdExportedVars": {},
|
||||
"captcha_register_enabled": 1,
|
||||
"oidcOPMetaDataJWKS": null,
|
||||
"webIDAuthnLevel": 1,
|
||||
"issuerDBOpenIDActivation": "1",
|
||||
%if %%is_empty(%%llResetUrl)
|
||||
"mailUrl": "https://%%authWebName/mail.pl",
|
||||
%else
|
||||
"mailUrl": "%%llResetUrl",
|
||||
%end if
|
||||
"maintenance": 0,
|
||||
"jsRedirect": 0,
|
||||
"cfgAuthor": "Cadoles",
|
||||
"persistentStorageOptions": {
|
||||
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
|
||||
"Directory": "/var/lib/lemonldap-ng/psessions"
|
||||
},
|
||||
"SSLAuthnLevel": 5,
|
||||
"oidcServiceMetaDataAuthnContext": {},
|
||||
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||
"notification": 1,
|
||||
"ldapChangePasswordAsUser": 0,
|
||||
"CAS_proxiedServices": {},
|
||||
"key": "e\"bTCt3*eU9^\\V%b",
|
||||
"portal": "https://%%authWebName/",
|
||||
"singleSessionUserByIP": 0,
|
||||
"portalOpenLinkInNewWindow": 0,
|
||||
"post": {
|
||||
"test2.%%nom_domaine_local": {},
|
||||
"test1.%%nom_domaine_local": {},
|
||||
"%%managerWebName": {}
|
||||
},
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
||||
"issuerDBSAMLRule": 1,
|
||||
"samlCommonDomainCookieActivation": 0,
|
||||
"syslog": "",
|
||||
"ldapBase": "%%ldapUserBaseDN",
|
||||
"ldapAuthnLevel": 2,
|
||||
"mailTimeout": 0,
|
||||
"samlEntityID": "#PORTAL#/saml/metadata",
|
||||
"oidcOPMetaDataOptions": null,
|
||||
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
||||
"samlOrganizationName": "%%samlOrganizationName",
|
||||
%if %%RegisterDB == "Custom"
|
||||
"registerUrl": "%%llRegisterURL",
|
||||
%else
|
||||
"registerUrl": "https://%%authWebName/register.pl",
|
||||
%end if
|
||||
"casAccessControlPolicy": "none",
|
||||
"multiValuesSeparator": ";",
|
||||
"ldapPort": %%ldapServerPort
|
||||
}
|
@ -1,441 +1,378 @@
|
||||
%set %%boolean = {'oui': 1, 'non': 0}
|
||||
%set %%ssoFilters = %%getSSOFilters
|
||||
%set %%exported_vars = ['"UA": "HTTP_USER_AGENT"']
|
||||
%set %%cas_attributes = []
|
||||
%for %%attr in %%casAttribute
|
||||
%silent %%exported_vars.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
|
||||
%silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
|
||||
%end for
|
||||
%for %%key, %%value in %%ssoFilters
|
||||
%silent %%exported_vars.append('"' + %%key + '": "' + %%value + '"')
|
||||
%silent %%cas_attributes.append('"' + %%key + '": "' + %%value + '"')
|
||||
%end for
|
||||
%silent %%exported_vars.sort()
|
||||
%silent %%cas_attributes.sort()
|
||||
{
|
||||
"ldapGroupAttributeNameUser": "dn",
|
||||
"cfgAuthorIP": "172.16.0.1",
|
||||
"samlSPMetaDataXML": null,
|
||||
"facebookAuthnLevel": 1,
|
||||
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
||||
"secureTokenAttribute": "uid",
|
||||
"singleSession": 0,
|
||||
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
||||
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||
"cookieName": "lemonldap",
|
||||
"slaveExportedVars": {},
|
||||
"whatToTrace": "_whatToTrace",
|
||||
"oidcRPMetaDataOptions": {},
|
||||
"notifyDeleted": 1,
|
||||
"useRedirectOnError": 1,
|
||||
"samlSPMetaDataExportedAttributes": null,
|
||||
"ldapPwdEnc": "utf-8",
|
||||
"openIdSPList": "0;",
|
||||
"samlNameIDFormatMapEmail": "mail",
|
||||
"samlSPMetaDataOptions": null,
|
||||
"issuerDBOpenIDRule": 1,
|
||||
"casStorageOptions": {},
|
||||
"mailFrom": "noreply@%%nom_domaine_local",
|
||||
"timeoutActivity": 0,
|
||||
"oidcRPMetaDataExportedVars": {},
|
||||
"issuerDBSAMLActivation": 0,
|
||||
"issuerDBCASPath": "^/%%casFolder/",
|
||||
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
||||
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
||||
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||
"exportedHeaders": {
|
||||
"test1.%%nom_domaine_local": {
|
||||
"Auth-User": "$uid"
|
||||
},
|
||||
"test2.%%nom_domaine_local": {
|
||||
"Auth-User": "$uid"
|
||||
},
|
||||
"%%managerWebName": {}
|
||||
},
|
||||
"vhostOptions": {
|
||||
"%%managerWebName": {
|
||||
"vhostHttps" : "1"
|
||||
},
|
||||
"test1.%%nom_domaine_local": {},
|
||||
"test2.%%nom_domaine_local": {}
|
||||
},
|
||||
"radiusAuthnLevel": 3,
|
||||
"dbiAuthnLevel": 2,
|
||||
"ldapPasswordResetAttribute": "pwdReset",
|
||||
"ldapGroupObjectClass": "groupOfNames",
|
||||
"apacheAuthnLevel": 4,
|
||||
"samlNameIDFormatMapKerberos": "uid",
|
||||
"groups": {},
|
||||
"securedCookie": 0,
|
||||
"httpOnly": 1,
|
||||
"yubikeyAuthnLevel": 3,
|
||||
"ADPwdExpireWarning": 0,
|
||||
"ADPwdMaxAge": 0,
|
||||
"samlUseQueryStringSpecific": 0,
|
||||
"loginHistoryEnabled": 1,
|
||||
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
||||
"failedLoginNumber": 5,
|
||||
"samlServicePrivateKeyEncPwd": "",
|
||||
"portalForceAuthnInterval": 0,
|
||||
"cfgLog": "",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"exportedVars": {
|
||||
"UA": "HTTP_USER_AGENT",
|
||||
%for att in %%casAttribute
|
||||
"%%att": "%%att",
|
||||
%end for
|
||||
%set %%idx = 0
|
||||
%set %%size = %%len(%%ssoFilters) - 1
|
||||
%for key,value in %%ssoFilters
|
||||
%if %%idx == %%size
|
||||
"%%key": "%%value"
|
||||
%else
|
||||
"%%key": "%%value",
|
||||
%end if
|
||||
%set %%idx += 1
|
||||
%end for
|
||||
},
|
||||
"notificationStorage": "File",
|
||||
"CAS_authnLevel": 1,
|
||||
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||
"CAS_proxiedServices": {},
|
||||
"SMTPServer": "",
|
||||
"SSLAuthnLevel": 5,
|
||||
"Soap": 1,
|
||||
"activeTimer": 1,
|
||||
"apacheAuthnLevel": 4,
|
||||
"applicationList": {
|
||||
"1sample": {
|
||||
"test2": {
|
||||
"options": {
|
||||
"name": "Application Test 2",
|
||||
"logo": "thumbnail.png",
|
||||
"uri": "https://test2.%%nom_domaine_local/",
|
||||
"display": "auto",
|
||||
"description": "The same simple application displaying authenticated user"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"type": "category",
|
||||
"catname": "Sample applications",
|
||||
"test1": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"description": "A simple application displaying authenticated user",
|
||||
"uri": "https://test1.%%nom_domaine_local/",
|
||||
"logo": "demo.png",
|
||||
"display": "auto",
|
||||
"name": "Application Test 1"
|
||||
}
|
||||
}
|
||||
},
|
||||
"2administration": {
|
||||
"notifications": {
|
||||
"options": {
|
||||
"name": "Notifications explorer",
|
||||
"display": "auto",
|
||||
"description": "Explore WebSSO notifications",
|
||||
"uri": "https://%%managerWebName/notifications.pl",
|
||||
"logo": "database.png"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"1administration": {
|
||||
"catname": "Administration",
|
||||
"manager": {
|
||||
"options": {
|
||||
"uri": "https://%%managerWebName/",
|
||||
"display": "auto",
|
||||
"description": "Configure LemonLDAP::NG WebSSO",
|
||||
"display": "auto",
|
||||
"logo": "configure.png",
|
||||
"name": "WebSSO Manager"
|
||||
"name": "WebSSO Manager",
|
||||
"uri": "https://%%managerWebName/"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"notifications": {
|
||||
"options": {
|
||||
"description": "Explore WebSSO notifications",
|
||||
"display": "auto",
|
||||
"logo": "database.png",
|
||||
"name": "Notifications explorer",
|
||||
"uri": "https://%%managerWebName/notifications.pl"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"type": "category",
|
||||
"sessions": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"description": "Explore WebSSO sessions",
|
||||
"uri": "https://%%managerWebName/sessions.pl",
|
||||
"logo": "database.png",
|
||||
"display": "auto",
|
||||
"name": "Sessions explorer"
|
||||
}
|
||||
},
|
||||
"catname": "Administration"
|
||||
},
|
||||
"3documentation": {
|
||||
"catname": "Documentation",
|
||||
"officialwebsite": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"name": "Offical Website",
|
||||
"description": "Official LemonLDAP::NG Website",
|
||||
"logo": "network.png",
|
||||
"display": "on",
|
||||
"uri": "http://lemonldap-ng.org/"
|
||||
}
|
||||
},
|
||||
"type": "category",
|
||||
"localdoc": {
|
||||
"options": {
|
||||
"logo": "help.png",
|
||||
"description": "Documentation supplied with LemonLDAP::NG",
|
||||
"display": "on",
|
||||
"uri": "http://%%managerWebName/doc/",
|
||||
"name": "Local documentation"
|
||||
"logo": "database.png",
|
||||
"name": "Sessions explorer",
|
||||
"uri": "https://%%managerWebName/sessions.pl"
|
||||
},
|
||||
"type": "application"
|
||||
}
|
||||
},
|
||||
"type": "category"
|
||||
},
|
||||
"2documentation": {
|
||||
"catname": "Documentation",
|
||||
"localdoc": {
|
||||
"options": {
|
||||
"description": "Documentation supplied with LemonLDAP::NG",
|
||||
"display": "on",
|
||||
"logo": "help.png",
|
||||
"name": "Local documentation",
|
||||
"uri": "http://%%managerWebName/doc/"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"officialwebsite": {
|
||||
"options": {
|
||||
"description": "Official LemonLDAP::NG Website",
|
||||
"display": "on",
|
||||
"logo": "network.png",
|
||||
"name": "Offical Website",
|
||||
"uri": "http://lemonldap-ng.org/"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"type": "category"
|
||||
}
|
||||
},
|
||||
"userControl": "^[\\w\\.\\-@]+$",
|
||||
"timeout": 72000,
|
||||
"portalAntiFrame": 1,
|
||||
"SMTPServer": "",
|
||||
"ldapTimeout": 120,
|
||||
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
||||
"ldapUsePasswordResetAttribute": 1,
|
||||
"ldapPpolicyControl": 0,
|
||||
"casAttributes": {
|
||||
%for att in %%casAttribute
|
||||
"%%att": "%%att.casLDAPAttribute",
|
||||
%end for
|
||||
%set %%idx = 0
|
||||
%set %%size = %%len(%%ssoFilters) - 1
|
||||
%for key,value in %%ssoFilters
|
||||
%if %%idx == %%size
|
||||
"%%key": "%%key"
|
||||
%else
|
||||
"%%key": "%%key",
|
||||
%end if
|
||||
%set %%idx += 1
|
||||
%end for
|
||||
},
|
||||
"issuerDBSAMLPath": "^/saml/",
|
||||
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
||||
"portalDisplayAppslist": 1,
|
||||
"confirmFormMethod": "post",
|
||||
"domain": "%%nom_domaine_local",
|
||||
"cfgNum": "1",
|
||||
"authentication": "LDAP",
|
||||
"samlNameIDFormatMapWindows": "uid",
|
||||
"authChoiceModules": {},
|
||||
"ldapGroupAttributeName": "member",
|
||||
"samlServicePrivateKeySigPwd": "",
|
||||
"authChoiceParam": "lmAuth",
|
||||
"authentication": "LDAP",
|
||||
"browserIdAuthnLevel": 1,
|
||||
"captchaStorage": "Apache::Session::File",
|
||||
"captchaStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
||||
},
|
||||
"captcha_login_enabled": 0,
|
||||
"captcha_mail_enabled": 0,
|
||||
"captcha_register_enabled": 1,
|
||||
"captcha_size": 6,
|
||||
"casAccessControlPolicy": "none",
|
||||
"casAttributes": {
|
||||
%%custom_join(%%cas_attributes, ',\n ')
|
||||
},
|
||||
"casStorageOptions": {},
|
||||
"cda": 0,
|
||||
"cfgAuthor": "EOLE",
|
||||
"cfgAuthorIP": "127.0.0.1",
|
||||
"cfgDate": 1600257889,
|
||||
"cfgLog": "",
|
||||
"cfgNum": "1",
|
||||
"checkXSS": 1,
|
||||
"confirmFormMethod": "post",
|
||||
"cookieName": "lemonldap",
|
||||
"dbiAuthnLevel": 2,
|
||||
"dbiExportedVars": {},
|
||||
"demoExportedVars": {
|
||||
"cn": "cn",
|
||||
"mail": "mail",
|
||||
"uid": "uid"
|
||||
},
|
||||
"domain": "%%nom_domaine_local",
|
||||
"exportedHeaders": {
|
||||
"%%managerWebName": {}
|
||||
},
|
||||
"exportedVars": {
|
||||
%%custom_join(%%exported_vars, ',\n ')
|
||||
},
|
||||
"facebookAuthnLevel": 1,
|
||||
"facebookExportedVars": {},
|
||||
"failedLoginNumber": 5,
|
||||
"globalStorage": "Apache::Session::File",
|
||||
"globalStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/sessions",
|
||||
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
||||
},
|
||||
"googleAuthnLevel": 1,
|
||||
"successLoginNumber": 5,
|
||||
"googleExportedVars": {},
|
||||
"grantSessionRules": {},
|
||||
"groups": {},
|
||||
"hiddenAttributes": "_password",
|
||||
"hideOldPassword": 0,
|
||||
"httpOnly": 1,
|
||||
"https": 0,
|
||||
"infoFormMethod": "get",
|
||||
"issuerDBCASActivation": 1,
|
||||
"issuerDBCASPath": "^/%%casFolder/",
|
||||
"issuerDBCASRule": 1,
|
||||
"issuerDBGetParameters": {},
|
||||
"issuerDBOpenIDActivation": "1",
|
||||
"issuerDBOpenIDPath": "^/openidserver/",
|
||||
"issuerDBOpenIDRule": 1,
|
||||
"issuerDBSAMLActivation": 0,
|
||||
"issuerDBSAMLPath": "^/saml/",
|
||||
"issuerDBSAMLRule": 1,
|
||||
"jsRedirect": 0,
|
||||
"key": "e\"bTCt3*eU9^\\V%b",
|
||||
"ldapAllowResetExpiredPassword": 0,
|
||||
"ldapAuthnLevel": 2,
|
||||
"ldapBase": "%%ldapUserBaseDN",
|
||||
"ldapChangePasswordAsUser": 0,
|
||||
"ldapExportedVars": {
|
||||
"cn": "cn",
|
||||
"mail": "mail",
|
||||
"uid": "uid"
|
||||
},
|
||||
"ldapGroupAttributeName": "memberUid",
|
||||
"ldapGroupAttributeNameGroup": "dn",
|
||||
"ldapGroupAttributeNameSearch": "cn",
|
||||
"ldapGroupAttributeNameUser": "uid",
|
||||
"ldapGroupObjectClass": "eolegroupe",
|
||||
"ldapGroupRecursive": 0,
|
||||
"ldapPasswordResetAttribute": "pwdReset",
|
||||
"ldapPasswordResetAttributeValue": "TRUE",
|
||||
"ldapPort": "%%ldapServerPort",
|
||||
"ldapPpolicyControl": 0,
|
||||
"ldapPwdEnc": "utf-8",
|
||||
"ldapServer": "%%ldapScheme://%%ldapServer",
|
||||
"ldapSetPassword": 0,
|
||||
"ldapTimeout": 120,
|
||||
"ldapUsePasswordResetAttribute": 1,
|
||||
"ldapVersion": 3,
|
||||
"localSessionStorage": "Cache::FileCache",
|
||||
"localSessionStorageOptions": {
|
||||
"cache_depth": 3,
|
||||
"cache_root": "/tmp",
|
||||
"namespace": "lemonldap-ng-sessions",
|
||||
"default_expires_in": 600,
|
||||
"directory_umask": "007",
|
||||
"cache_depth": 3
|
||||
"namespace": "lemonldap-ng-sessions"
|
||||
},
|
||||
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||
"portalRequireOldPassword": 1,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
||||
"ADPwdExpireWarning": 0,
|
||||
"yubikeyPublicIDSize": 12,
|
||||
"ldapGroupAttributeNameGroup": "dn",
|
||||
"oidcRPMetaDataOptionsExtraClaims": null,
|
||||
"ldapGroupRecursive": 0,
|
||||
"mailSubject": "[LemonLDAP::NG] Your new password",
|
||||
"nginxCustomHandlers": {},
|
||||
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
||||
%if %%llResetPassword == "oui"
|
||||
"portalDisplayResetPassword": 1,
|
||||
%else
|
||||
"portalDisplayResetPassword": 0,
|
||||
%end if
|
||||
"openIdSreg_timezone": "_timezone",
|
||||
"infoFormMethod": "get",
|
||||
"openIdAuthnLevel": 1,
|
||||
"openIdSreg_nickname": "uid",
|
||||
"samlServicePublicKeyEnc": "",
|
||||
"userDB": "LDAP",
|
||||
"grantSessionRules": {},
|
||||
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
||||
"reloadUrls": {
|
||||
"%%reloadWebName": "https://%%reloadWebName/reload"
|
||||
},
|
||||
"registerTimeout": 0,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
||||
"slaveAuthnLevel": 2,
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"Soap": 1,
|
||||
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
|
||||
%if %%RegisterDB == "Custom"
|
||||
"registerDB": "Null",
|
||||
%else
|
||||
"registerDB": "%%RegisterDB",
|
||||
%end if
|
||||
"locationRules": {
|
||||
"%%managerWebName": {
|
||||
"default": "$uid eq \"%%lemonAdmin\""
|
||||
},
|
||||
"test1.%%nom_domaine_local": {
|
||||
"default": "accept",
|
||||
"^/logout": "logout_sso"
|
||||
},
|
||||
"test2.%%nom_domaine_local": {
|
||||
"default": "accept",
|
||||
"^/logout": "logout_sso"
|
||||
}
|
||||
},
|
||||
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
|
||||
"hideOldPassword": 0,
|
||||
"loginHistoryEnabled": 1,
|
||||
"logoutServices": {},
|
||||
"lwpSslOpts": {},
|
||||
"macros": {
|
||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||
},
|
||||
"mailCharset": "utf-8",
|
||||
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
||||
"mailFrom": "noreply@%%nom_domaine_local",
|
||||
"mailOnPasswordChange": 0,
|
||||
"mailSessionKey": "mail",
|
||||
"mailSubject": "[LemonLDAP::NG] Your new password",
|
||||
"mailTimeout": 0,
|
||||
%if %%llResetPassword == "oui"
|
||||
%if %%is_empty(%%llResetUrl)
|
||||
"mailUrl": "https://%%authWebName/mail.pl",
|
||||
%else
|
||||
"mailUrl": "%%llResetUrl",
|
||||
%end if
|
||||
%end if
|
||||
"maintenance": 0,
|
||||
"managerDn": "%%ldapBindUserDN",
|
||||
%if %%is_file(%%ldapBindUserPassword)
|
||||
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
|
||||
%else
|
||||
"managerPassword": "%%ldapBindUserPassword",
|
||||
%end if
|
||||
"authChoiceParam": "lmAuth",
|
||||
"lwpSslOpts": {},
|
||||
"portalSkinRules": {},
|
||||
"issuerDBOpenIDPath": "^/openidserver/",
|
||||
"redirectFormMethod": "get",
|
||||
"portalDisplayRegister": 1,
|
||||
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
||||
"multiValuesSeparator": ";",
|
||||
"nginxCustomHandlers": {},
|
||||
"notification": 1,
|
||||
"notificationStorage": "File",
|
||||
"notificationStorageOptions": {
|
||||
"dirName": "/var/lib/lemonldap-ng/notifications"
|
||||
},
|
||||
"browserIdAuthnLevel": 1,
|
||||
"portalUserAttr": "_user",
|
||||
"ldapVersion": 3,
|
||||
"sessionDataToRemember": {},
|
||||
"samlNameIDFormatMapX509": "mail",
|
||||
"managerDn": "%%ldapBindUserDN",
|
||||
"mailSessionKey": "mail",
|
||||
"openIdSreg_email": "mail",
|
||||
"localSessionStorage": "Cache::FileCache",
|
||||
"persistentStorage": "Apache::Session::File",
|
||||
"mailOnPasswordChange": 0,
|
||||
"captchaStorage": "Apache::Session::File",
|
||||
"remoteGlobalStorageOptions": {
|
||||
"proxy": "https://%%authWebName/index.pl/sessions",
|
||||
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
|
||||
},
|
||||
"passwordDB": "LDAP",
|
||||
"captcha_size": 6,
|
||||
"mailCharset": "utf-8",
|
||||
"facebookExportedVars": {},
|
||||
"nullAuthnLevel": 2,
|
||||
"singleIP": 0,
|
||||
"dbiExportedVars": {},
|
||||
"portalSkin": "bootstrap",
|
||||
"storePassword": 0,
|
||||
"hiddenAttributes": "_password",
|
||||
"samlServicePrivateKeySig": "",
|
||||
"globalStorage": "Apache::Session::File",
|
||||
"notificationWildcard": "allusers",
|
||||
"portalForceAuthn": 0,
|
||||
"samlMetadataForceUTF8": 1,
|
||||
"secureTokenUrls": ".*",
|
||||
"secureTokenAllowOnError": 1,
|
||||
"samlAuthnContextMapTLSClient": 5,
|
||||
"ldapAllowResetExpiredPassword": 0,
|
||||
"oidcOPMetaDataExportedVars": {},
|
||||
"notifyDeleted": 1,
|
||||
"notifyOther": 0,
|
||||
"secureTokenExpiration": 60,
|
||||
"captcha_mail_enabled": 0,
|
||||
"samlStorageOptions": {},
|
||||
"samlOrganizationDisplayName": "Example",
|
||||
"trustedProxies": "",
|
||||
"secureTokenHeader": "Auth-Token",
|
||||
"issuerDBCASActivation": 1,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
||||
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||
"samlIDPMetaDataXML": {},
|
||||
"oidcStorageOptions": {},
|
||||
"cfgDate": 1519998069,
|
||||
"samlAuthnContextMapPassword": 2,
|
||||
"portalDisplayLoginHistory": 1,
|
||||
"ldapPasswordResetAttributeValue": "TRUE",
|
||||
"ldapServer": "%%ldapScheme://%%ldapServer",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
||||
"samlIDPMetaDataExportedAttributes": null,
|
||||
"samlServicePrivateKeyEnc": "",
|
||||
"useRedirectOnForbidden": 0,
|
||||
"captcha_login_enabled": 0,
|
||||
"https": 0,
|
||||
"checkXSS": 1,
|
||||
"ldapSetPassword": 0,
|
||||
"portalPingInterval": 60000,
|
||||
"captchaStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
||||
},
|
||||
"useSafeJail": 1,
|
||||
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
||||
"issuerDBCASRule": 1,
|
||||
"samlAuthnContextMapKerberos": 4,
|
||||
"ldapGroupAttributeNameSearch": "cn",
|
||||
"logoutServices": {},
|
||||
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
||||
"portalDisplayLogout": 1,
|
||||
"issuerDBGetParameters": {},
|
||||
"googleExportedVars": {},
|
||||
"openIdSreg_fullname": "cn",
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
||||
"demoExportedVars": {
|
||||
"mail": "mail",
|
||||
"uid": "uid",
|
||||
"cn": "cn"
|
||||
},
|
||||
"nullAuthnLevel": 2,
|
||||
"oidcOPMetaDataExportedVars": {},
|
||||
"oidcOPMetaDataJSON": null,
|
||||
"samlIdPResolveCookie": "lemonldapidp",
|
||||
"samlRelayStateTimeout": 600,
|
||||
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
|
||||
"globalStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/sessions",
|
||||
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
||||
},
|
||||
"ldapExportedVars": {
|
||||
"mail": "mail",
|
||||
"cn": "cn",
|
||||
"uid": "uid"
|
||||
},
|
||||
"webIDExportedVars": {},
|
||||
"activeTimer": 1,
|
||||
"cda": 0,
|
||||
"samlServicePublicKeySig": "",
|
||||
%if %%llCheckLogins == "oui"
|
||||
"portalCheckLogins": 1,
|
||||
%else
|
||||
"portalCheckLogins": 0,
|
||||
%end if
|
||||
"CAS_authnLevel": 1,
|
||||
"macros": {
|
||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||
},
|
||||
"samlIDPMetaDataOptions": null,
|
||||
"twitterAuthnLevel": 1,
|
||||
"openIdExportedVars": {},
|
||||
"captcha_register_enabled": 1,
|
||||
"oidcOPMetaDataJWKS": null,
|
||||
"webIDAuthnLevel": 1,
|
||||
"issuerDBOpenIDActivation": "1",
|
||||
%if %%is_empty(%%llResetUrl)
|
||||
"mailUrl": "https://%%authWebName/mail.pl",
|
||||
%else
|
||||
"mailUrl": "%%llResetUrl",
|
||||
%end if
|
||||
"maintenance": 0,
|
||||
"jsRedirect": 0,
|
||||
"cfgAuthor": "Cadoles",
|
||||
"persistentStorageOptions": {
|
||||
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
|
||||
"Directory": "/var/lib/lemonldap-ng/psessions"
|
||||
},
|
||||
"SSLAuthnLevel": 5,
|
||||
"oidcOPMetaDataOptions": null,
|
||||
"oidcRPMetaDataExportedVars": {},
|
||||
"oidcRPMetaDataOptions": {},
|
||||
"oidcRPMetaDataOptionsExtraClaims": null,
|
||||
"oidcServiceMetaDataAuthnContext": {},
|
||||
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||
"notification": 1,
|
||||
"ldapChangePasswordAsUser": 0,
|
||||
"CAS_proxiedServices": {},
|
||||
"key": "e\"bTCt3*eU9^\\V%b",
|
||||
"oidcStorageOptions": {},
|
||||
"openIdAuthnLevel": 1,
|
||||
"openIdExportedVars": {},
|
||||
"openIdSPList": "0;",
|
||||
"openIdSreg_email": "mail",
|
||||
"openIdSreg_fullname": "cn",
|
||||
"openIdSreg_nickname": "uid",
|
||||
"openIdSreg_timezone": "_timezone",
|
||||
"passwordDB": "LDAP",
|
||||
"persistentStorage": "Apache::Session::File",
|
||||
"persistentStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/psessions",
|
||||
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock"
|
||||
},
|
||||
"portal": "https://%%authWebName/",
|
||||
"singleSessionUserByIP": 0,
|
||||
"portalAntiFrame": 1,
|
||||
"portalCheckLogins": %%boolean[%%llCheckLogins],
|
||||
"portalDisplayAppslist": 1,
|
||||
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
|
||||
"portalDisplayLoginHistory": 1,
|
||||
"portalDisplayLogout": 1,
|
||||
"portalDisplayRegister": 1,
|
||||
"portalDisplayResetPassword": %%boolean[%%llResetPassword],
|
||||
"portalForceAuthn": 0,
|
||||
"portalForceAuthnInterval": 0,
|
||||
"portalOpenLinkInNewWindow": 0,
|
||||
"portalPingInterval": 60000,
|
||||
"portalRequireOldPassword": 1,
|
||||
"portalSkin": "bootstrap",
|
||||
"portalSkinRules": {},
|
||||
"portalUserAttr": "_user",
|
||||
"post": {
|
||||
"test2.%%nom_domaine_local": {},
|
||||
"test1.%%nom_domaine_local": {},
|
||||
"%%managerWebName": {}
|
||||
},
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
||||
"issuerDBSAMLRule": 1,
|
||||
"samlCommonDomainCookieActivation": 0,
|
||||
"syslog": "",
|
||||
"ldapBase": "%%ldapUserBaseDN",
|
||||
"ldapAuthnLevel": 2,
|
||||
"mailTimeout": 0,
|
||||
"samlEntityID": "#PORTAL#/saml/metadata",
|
||||
"oidcOPMetaDataOptions": null,
|
||||
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
||||
"samlOrganizationName": "%%samlOrganizationName",
|
||||
%if %%RegisterDB == "Custom"
|
||||
"radiusAuthnLevel": 3,
|
||||
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
||||
"redirectFormMethod": "get",
|
||||
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
||||
%set %%register_db = %%getVar('llRegisterDB', 'Demo')
|
||||
%if %%register_db == 'Custom'
|
||||
"registerDB": "Null",
|
||||
"registerUrl": "%%llRegisterURL",
|
||||
%else
|
||||
"registerDB": "%%register_db",
|
||||
"registerUrl": "https://%%authWebName/register.pl",
|
||||
%end if
|
||||
"casAccessControlPolicy": "none",
|
||||
"multiValuesSeparator": ";",
|
||||
"ldapPort": %%ldapServerPort
|
||||
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
||||
"registerTimeout": 0,
|
||||
"reloadUrls": {
|
||||
"%%reloadWebName": "https://%%reloadWebName/reload"
|
||||
},
|
||||
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
||||
"remoteGlobalStorageOptions": {
|
||||
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService",
|
||||
"proxy": "https://%%authWebName/index.pl/sessions"
|
||||
},
|
||||
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
||||
"samlAuthnContextMapKerberos": 4,
|
||||
"samlAuthnContextMapPassword": 2,
|
||||
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
||||
"samlAuthnContextMapTLSClient": 5,
|
||||
"samlCommonDomainCookieActivation": 0,
|
||||
"samlEntityID": "#PORTAL#/saml/metadata",
|
||||
"samlIDPMetaDataExportedAttributes": null,
|
||||
"samlIDPMetaDataOptions": null,
|
||||
"samlIDPMetaDataXML": {},
|
||||
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
||||
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
||||
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
||||
"samlIdPResolveCookie": "lemonldapidp",
|
||||
"samlMetadataForceUTF8": 1,
|
||||
"samlNameIDFormatMapEmail": "mail",
|
||||
"samlNameIDFormatMapKerberos": "uid",
|
||||
"samlNameIDFormatMapWindows": "uid",
|
||||
"samlNameIDFormatMapX509": "mail",
|
||||
"samlOrganizationDisplayName": "Example",
|
||||
"samlOrganizationName": "%%samlOrganizationName",
|
||||
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
|
||||
"samlRelayStateTimeout": 600,
|
||||
"samlSPMetaDataExportedAttributes": null,
|
||||
"samlSPMetaDataOptions": null,
|
||||
"samlSPMetaDataXML": null,
|
||||
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
||||
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
||||
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
||||
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
||||
"samlServicePrivateKeyEnc": "",
|
||||
"samlServicePrivateKeyEncPwd": "",
|
||||
"samlServicePrivateKeySig": "",
|
||||
"samlServicePrivateKeySigPwd": "",
|
||||
"samlServicePublicKeyEnc": "",
|
||||
"samlServicePublicKeySig": "",
|
||||
"samlStorageOptions": {},
|
||||
"samlUseQueryStringSpecific": 0,
|
||||
"secureTokenAllowOnError": 1,
|
||||
"secureTokenAttribute": "uid",
|
||||
"secureTokenExpiration": 60,
|
||||
"secureTokenHeader": "Auth-Token",
|
||||
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
||||
"secureTokenUrls": ".*",
|
||||
"securedCookie": 0,
|
||||
"sessionDataToRemember": {},
|
||||
"singleIP": 0,
|
||||
"singleSession": 0,
|
||||
"singleSessionUserByIP": 0,
|
||||
"slaveAuthnLevel": 2,
|
||||
"slaveExportedVars": {},
|
||||
"storePassword": 0,
|
||||
"successLoginNumber": 5,
|
||||
"syslog": "",
|
||||
"timeout": 72000,
|
||||
"timeoutActivity": 0,
|
||||
"trustedProxies": "",
|
||||
"twitterAuthnLevel": 1,
|
||||
"useRedirectOnError": 1,
|
||||
"useRedirectOnForbidden": 0,
|
||||
"useSafeJail": 1,
|
||||
"userControl": "^[\\w\\.\\-@]+$",
|
||||
"userDB": "LDAP",
|
||||
"vhostOptions": {
|
||||
"%%managerWebName": {
|
||||
"vhostHttps": "1"
|
||||
}
|
||||
},
|
||||
"webIDAuthnLevel": 1,
|
||||
"webIDExportedVars": {},
|
||||
"whatToTrace": "_whatToTrace",
|
||||
"yubikeyAuthnLevel": 3,
|
||||
"yubikeyPublicIDSize": 12
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user