Adding first working templates
- manager-nginx.conf - portal-nginx.conf - handler-nginx.conf - lmConf-1.js (Any configuration modification in LemonLDAP Manager prevail over this configuration) Adding diagnose script - HTTP Ping the manager, the handler and the portal Adding posttempalte script - Enable nginx configuration if necessary - Add an entry ton /etc/hosts with the 3 web names
This commit is contained in:
parent
4eb5b96a70
commit
3e7bc2b56b
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ $(CreoleGet activerLemon) = "oui" ];then
|
||||||
|
. /usr/lib/eole/diagnose.sh
|
||||||
|
manager=$(CreoleGet managerWebName)
|
||||||
|
portal=$(CreoleGet authWebName)
|
||||||
|
handler=$(CreoleGet reloadWebName)
|
||||||
|
|
||||||
|
EchoGras "*** LemonLDAP::NG"
|
||||||
|
TestHTTPPage "Manager" "http://${manager}/"
|
||||||
|
TestHTTPPage "Portal" "http://${portal}/"
|
||||||
|
TestHTTPPage "Handler" "http://${handler}/"
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
|
@ -1,8 +1,11 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<creole>
|
<creole>
|
||||||
<files>
|
<files>
|
||||||
<!-- Je suis un commentaire -->
|
<!-- Je suis un commentaire -->
|
||||||
<file filelist='lemon' name='/etc/nginx/sites-available/http_lemon.conf' source='market.nginx' mkdir='True' rm='True'/>
|
<file filelist='lemon' name='/etc/nginx/sites-available/manager-nginx.conf' mkdir='True' rm='True'/>
|
||||||
|
<file filelist='lemon' name='/etc/nginx/sites-available/handler-nginx.conf' mkdir='True' rm='True'/>
|
||||||
|
<file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/>
|
||||||
|
<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/>
|
||||||
<service_access service='nginx'>
|
<service_access service='nginx'>
|
||||||
<port service_accesslist="saLemon">80</port>
|
<port service_accesslist="saLemon">80</port>
|
||||||
<port service_accesslist="saLemon">443</port>
|
<port service_accesslist="saLemon">443</port>
|
||||||
|
@ -10,33 +13,57 @@
|
||||||
</files>
|
</files>
|
||||||
<variables>
|
<variables>
|
||||||
<family name='Services'>
|
<family name='Services'>
|
||||||
<variable name='activerLemon' type='oui/non' description="Activer l'hébergement d'une place de marché HTTP ">
|
<variable name='activerLemon' type='oui/non' description="Activer LemonLDAP::NG">
|
||||||
<value>non</value>
|
<value>non</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
<family name='Lemon-LDAP-NG'>
|
<family name='LemonLDAP'>
|
||||||
<variable name='managerWebName' type='string' description="Nom DNS du manager LemonLDAP-NG"/>
|
<variable name='managerWebName' type='string' description="Nom DNS du manager LemonLDAP-NG"/>
|
||||||
<variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
|
<variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
|
||||||
<value>/srv/one/market</value>
|
<variable name='reloadWebName' type='string' description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
|
||||||
</variable>
|
<variable name='ldapScheme' type='string' description="Protocole LDAP à utiliser" mandatory='True'/> -->
|
||||||
|
<variable name='ldapServer' type='string' description="Adresse du Serveur LDAP utilisé par LemonLDAP::NG" mandatory="True"/>
|
||||||
|
<variable name='ldapServerPort' type='number' description="Port d'écoute du LDAP utilisé par LemonLDAP::NG" mandatory='True'/>
|
||||||
|
<variable name='ldapUserBaseDN' type='string' description="Base DN des utilisateurs dans l'annuaire" mandatory='True'/>
|
||||||
|
<variable name='ldapBindUserDN' type='string' description="Utilisateur de connection à l'annuaire" mandatory="True"/>
|
||||||
|
<variable name='ldapBindUserPassword' type='string' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
|
||||||
|
<variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
|
||||||
</family>
|
</family>
|
||||||
|
<separators>
|
||||||
|
<separator name="managerWebName">Configuration DNS</separator>
|
||||||
|
<separator name="ldapScheme">Configuration LDAP</separator>
|
||||||
|
</separators>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name='concat' target='managerWebName'>
|
<fill name='concat' target='managerWebName'>
|
||||||
<param type='eole'>nom_machine</param>
|
<param>manager.</param>
|
||||||
<param>.</param>
|
|
||||||
<param type='eole'>nom_domaine_local</param>
|
<param type='eole'>nom_domaine_local</param>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name='concat' target='authWebName'>
|
||||||
|
<param>auth.</param>
|
||||||
|
<param type='eole'>nom_domaine_local</param>
|
||||||
|
</fill>
|
||||||
|
<fill name='concat' target='reloadWebName'>
|
||||||
|
<param>reload.</param>
|
||||||
|
<param type='eole'>nom_domaine_local</param>
|
||||||
|
</fill>
|
||||||
|
<fill name='concat' target='samlOrganizationName'>
|
||||||
|
<param>SAML</param>
|
||||||
|
<param type='eole'>nom_domaine_local</param>
|
||||||
|
</fill>
|
||||||
|
<check name="valid_enum" target="ldapScheme">
|
||||||
|
<param>['ldaps','ldap']</param>
|
||||||
|
</check>
|
||||||
<condition name='disabled_if_in' source='activerLemon'>
|
<condition name='disabled_if_in' source='activerLemon'>
|
||||||
<param>non</param>
|
<param>non</param>
|
||||||
<target type='filelist'>lemon</target>
|
<target type='filelist'>lemon</target>
|
||||||
<target type='family'>Lemon-LDAP-NG</target>
|
<target type='family'>LemonLDAP</target>
|
||||||
<target type='service_accesslist'>saLemon</target>
|
<target type='service_accesslist'>saLemon</target>
|
||||||
</condition>
|
</condition>
|
||||||
</constraints>
|
</constraints>
|
||||||
<help>
|
<help>
|
||||||
<variable name='activer_http_lemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
|
<variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
|
||||||
<variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP-NG ex:manager.cadoles.com</variable>
|
<variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.cadoles.com</variable>
|
||||||
<variable name='authWebName'>Nom DNS de l'application de gestion de LemonLDAP-NG ex:manager.cadoles.com</variable>
|
<variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable>
|
||||||
</help>
|
</help>
|
||||||
</creole>
|
</creole>
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
ENABLE=$(CreoleGet activerLemon 'non')
|
||||||
|
HOSTS="/etc/hosts"
|
||||||
|
|
||||||
|
if [ "${ENABLE}" = 'oui' ];then
|
||||||
|
manager=$(CreoleGet managerWebName)
|
||||||
|
handler=$(CreoleGet reloadWebName)
|
||||||
|
portal=$(CreoleGet authWebName)
|
||||||
|
ipaddr=$(CreoleGet adresse_ip_eth0)
|
||||||
|
line="${ipaddr} ${manager} ${handler} ${portal}"
|
||||||
|
grep -q "${line}" ${HOSTS}
|
||||||
|
if [[ ${?} -eq 0 ]]
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo ${line} >> ${HOSTS}
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
ENABLE=$(CreoleGet activerLemon 'non')
|
||||||
|
CONF_FILES='manager-nginx.conf'
|
||||||
|
CONF_FILES='${CONF_FILE} handler-nginx.conf'
|
||||||
|
CONF_FILES='${CONF_FILE} portal-nginx.conf'
|
||||||
|
|
||||||
|
for CONF_FILE in ${CONF_FILES}
|
||||||
|
do
|
||||||
|
if [ -L /etc/nginx/sites-enabled/${CONF_FILE} ];then
|
||||||
|
rm /etc/nginx/sites-enabled/${CONF_FILE}
|
||||||
|
fi
|
||||||
|
if [ "${ENABLE}" = 'oui' ];then
|
||||||
|
ln -s /etc/nginx/sites-available/${CONF_FILE} /etc/nginx/sites-enabled/${CONF_FILE}
|
||||||
|
fi
|
||||||
|
done
|
|
@ -18,7 +18,28 @@ include /etc/lemonldap-ng/nginx-lmlog.conf;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name reload.example.com;
|
server_name %%reloadWebName;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443;
|
||||||
|
ssl on;
|
||||||
|
%if %%cert_type == "letsencrypt"
|
||||||
|
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
||||||
|
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
||||||
|
%else
|
||||||
|
ssl_certificate %%server_cert;
|
||||||
|
ssl_certificate_key %%server_key;
|
||||||
|
%end if
|
||||||
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
||||||
|
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
|
||||||
|
server_name %%reloadWebName;
|
||||||
|
|
||||||
|
error_page 403 404 502 503 504 /nginx.html;
|
||||||
|
location = /nginx.html{
|
||||||
|
root /usr/share/nginx/www;
|
||||||
|
}
|
||||||
root /var/www/html;
|
root /var/www/html;
|
||||||
|
|
||||||
location = /reload {
|
location = /reload {
|
||||||
|
@ -45,4 +66,4 @@ server {
|
||||||
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
# fastcgi_param LLTYPE status;
|
# fastcgi_param LLTYPE status;
|
||||||
#}
|
#}
|
||||||
}
|
}
|
539
tmpl/lmConf-1.js
539
tmpl/lmConf-1.js
|
@ -1,167 +1,386 @@
|
||||||
{
|
{
|
||||||
"applicationList" : {
|
"ldapGroupAttributeNameUser": "dn",
|
||||||
"1sample" : {
|
"cfgAuthorIP": "172.16.0.1",
|
||||||
"catname" : "Sample applications",
|
"samlSPMetaDataXML": null,
|
||||||
"test1" : {
|
"facebookAuthnLevel": 1,
|
||||||
"options" : {
|
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
||||||
"description" : "A simple application displaying authenticated user",
|
"secureTokenAttribute": "uid",
|
||||||
"display" : "auto",
|
"singleSession": 0,
|
||||||
"logo" : "demo.png",
|
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
||||||
"name" : "Application Test 1",
|
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||||
"uri" : "http://test1.example.com/"
|
"cookieName": "lemonldap",
|
||||||
|
"slaveExportedVars": {},
|
||||||
|
"whatToTrace": "_whatToTrace",
|
||||||
|
"oidcRPMetaDataOptions": {},
|
||||||
|
"notifyDeleted": 1,
|
||||||
|
"useRedirectOnError": 1,
|
||||||
|
"samlSPMetaDataExportedAttributes": null,
|
||||||
|
"ldapPwdEnc": "utf-8",
|
||||||
|
"openIdSPList": "0;",
|
||||||
|
"samlNameIDFormatMapEmail": "mail",
|
||||||
|
"samlSPMetaDataOptions": null,
|
||||||
|
"issuerDBOpenIDRule": 1,
|
||||||
|
"casStorageOptions": {},
|
||||||
|
"mailFrom": "noreply@%%nom_domaine_local",
|
||||||
|
"timeoutActivity": 0,
|
||||||
|
"oidcRPMetaDataExportedVars": {},
|
||||||
|
"issuerDBSAMLActivation": 0,
|
||||||
|
"issuerDBCASPath": "^/cas/",
|
||||||
|
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||||
|
"exportedHeaders": {
|
||||||
|
"test1.%%nom_domaine_local": {
|
||||||
|
"Auth-User": "$uid"
|
||||||
|
},
|
||||||
|
"test2.%%nom_domaine_local": {
|
||||||
|
"Auth-User": "$uid"
|
||||||
|
},
|
||||||
|
"%%managerWebName": {}
|
||||||
|
},
|
||||||
|
"vhostOptions": {
|
||||||
|
"%%managerWebName": {},
|
||||||
|
"test1.%%nom_domaine_local": {},
|
||||||
|
"test2.%%nom_domaine_local": {}
|
||||||
|
},
|
||||||
|
"radiusAuthnLevel": 3,
|
||||||
|
"dbiAuthnLevel": 2,
|
||||||
|
"ldapPasswordResetAttribute": "pwdReset",
|
||||||
|
"ldapGroupObjectClass": "groupOfNames",
|
||||||
|
"apacheAuthnLevel": 4,
|
||||||
|
"samlNameIDFormatMapKerberos": "uid",
|
||||||
|
"groups": {},
|
||||||
|
"securedCookie": 0,
|
||||||
|
"httpOnly": 1,
|
||||||
|
"yubikeyAuthnLevel": 3,
|
||||||
|
"ADPwdMaxAge": 0,
|
||||||
|
"samlUseQueryStringSpecific": 0,
|
||||||
|
"loginHistoryEnabled": 1,
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
||||||
|
"failedLoginNumber": 5,
|
||||||
|
"samlServicePrivateKeyEncPwd": "",
|
||||||
|
"portalForceAuthnInterval": 0,
|
||||||
|
"cfgLog": "",
|
||||||
|
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||||
|
"exportedVars": {
|
||||||
|
"UA": "HTTP_USER_AGENT"
|
||||||
|
},
|
||||||
|
"notificationStorage": "File",
|
||||||
|
"applicationList": {
|
||||||
|
"1sample": {
|
||||||
|
"test2": {
|
||||||
|
"options": {
|
||||||
|
"name": "Application Test 2",
|
||||||
|
"logo": "thumbnail.png",
|
||||||
|
"uri": "http://test2.%%nom_domaine_local/",
|
||||||
|
"display": "auto",
|
||||||
|
"description": "The same simple application displaying authenticated user"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
},
|
},
|
||||||
"type" : "application"
|
"type": "category",
|
||||||
},
|
"catname": "Sample applications",
|
||||||
"test2" : {
|
"test1": {
|
||||||
"options" : {
|
"type": "application",
|
||||||
"description" : "The same simple application displaying authenticated user",
|
"options": {
|
||||||
"display" : "auto",
|
"description": "A simple application displaying authenticated user",
|
||||||
"logo" : "thumbnail.png",
|
"uri": "http://test1.%%nom_domaine_local/",
|
||||||
"name" : "Application Test 2",
|
"logo": "demo.png",
|
||||||
"uri" : "http://test2.example.com/"
|
"display": "auto",
|
||||||
|
"name": "Application Test 1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2administration": {
|
||||||
|
"notifications": {
|
||||||
|
"options": {
|
||||||
|
"name": "Notifications explorer",
|
||||||
|
"display": "auto",
|
||||||
|
"description": "Explore WebSSO notifications",
|
||||||
|
"uri": "https://%%managerWebName/notifications.pl",
|
||||||
|
"logo": "database.png"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
},
|
},
|
||||||
"type" : "application"
|
"manager": {
|
||||||
},
|
"options": {
|
||||||
"type" : "category"
|
"uri": "https://%%managerWebName/",
|
||||||
},
|
"display": "auto",
|
||||||
"2administration" : {
|
"description": "Configure LemonLDAP::NG WebSSO",
|
||||||
"catname" : "Administration",
|
"logo": "configure.png",
|
||||||
"manager" : {
|
"name": "WebSSO Manager"
|
||||||
"options" : {
|
},
|
||||||
"description" : "Configure LemonLDAP::NG WebSSO",
|
"type": "application"
|
||||||
"display" : "auto",
|
|
||||||
"logo" : "configure.png",
|
|
||||||
"name" : "WebSSO Manager",
|
|
||||||
"uri" : "http://manager.example.com/manager.html"
|
|
||||||
},
|
},
|
||||||
"type" : "application"
|
"type": "category",
|
||||||
},
|
"sessions": {
|
||||||
"notifications" : {
|
"type": "application",
|
||||||
"options" : {
|
"options": {
|
||||||
"description" : "Explore WebSSO notifications",
|
"description": "Explore WebSSO sessions",
|
||||||
"display" : "auto",
|
"uri": "https://%%managerWebName/sessions.pl",
|
||||||
"logo" : "database.png",
|
"logo": "database.png",
|
||||||
"name" : "Notifications explorer",
|
"display": "auto",
|
||||||
"uri" : "http://manager.example.com/notifications.html"
|
"name": "Sessions explorer"
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"type" : "application"
|
"catname": "Administration"
|
||||||
},
|
},
|
||||||
"sessions" : {
|
"3documentation": {
|
||||||
"options" : {
|
"catname": "Documentation",
|
||||||
"description" : "Explore WebSSO sessions",
|
"officialwebsite": {
|
||||||
"display" : "auto",
|
"type": "application",
|
||||||
"logo" : "database.png",
|
"options": {
|
||||||
"name" : "Sessions explorer",
|
"name": "Offical Website",
|
||||||
"uri" : "http://manager.example.com/sessions.html"
|
"description": "Official LemonLDAP::NG Website",
|
||||||
|
"logo": "network.png",
|
||||||
|
"display": "on",
|
||||||
|
"uri": "http://lemonldap-ng.org/"
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"type" : "application"
|
"type": "category",
|
||||||
},
|
"localdoc": {
|
||||||
"type" : "category"
|
"options": {
|
||||||
},
|
"logo": "help.png",
|
||||||
"3documentation" : {
|
"description": "Documentation supplied with LemonLDAP::NG",
|
||||||
"catname" : "Documentation",
|
"display": "on",
|
||||||
"localdoc" : {
|
"uri": "http://%%managerWebName/doc/",
|
||||||
"options" : {
|
"name": "Local documentation"
|
||||||
"description" : "Documentation supplied with LemonLDAP::NG",
|
},
|
||||||
"display" : "on",
|
"type": "application"
|
||||||
"logo" : "help.png",
|
}
|
||||||
"name" : "Local documentation",
|
}
|
||||||
"uri" : "http://manager.example.com/doc/"
|
},
|
||||||
},
|
"userControl": "^[\\w\\.\\-@]+$",
|
||||||
"type" : "application"
|
"timeout": 72000,
|
||||||
},
|
"portalAntiFrame": 1,
|
||||||
"officialwebsite" : {
|
"SMTPServer": "",
|
||||||
"options" : {
|
"ldapTimeout": 120,
|
||||||
"description" : "Official LemonLDAP::NG Website",
|
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
||||||
"display" : "on",
|
"ldapUsePasswordResetAttribute": 1,
|
||||||
"logo" : "network.png",
|
"ldapPpolicyControl": 0,
|
||||||
"name" : "Offical Website",
|
"casAttributes": {},
|
||||||
"uri" : "http://lemonldap-ng.org/"
|
"issuerDBSAMLPath": "^/saml/",
|
||||||
},
|
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
||||||
"type" : "application"
|
"portalDisplayAppslist": 1,
|
||||||
},
|
"confirmFormMethod": "post",
|
||||||
"type" : "category"
|
"domain": "%%nom_domaine_local",
|
||||||
}
|
"cfgNum": "9",
|
||||||
},
|
"authentication": "LDAP",
|
||||||
"authentication" : "Demo",
|
"samlNameIDFormatMapWindows": "uid",
|
||||||
"cfgAuthor" : "The LemonLDAP::NG team",
|
"authChoiceModules": {},
|
||||||
"cfgNum" : 1,
|
"ldapGroupAttributeName": "member",
|
||||||
"cookieName" : "lemonldap",
|
"samlServicePrivateKeySigPwd": "",
|
||||||
"demoExportedVars" : {
|
"googleAuthnLevel": 1,
|
||||||
"cn" : "cn",
|
"successLoginNumber": 5,
|
||||||
"mail" : "mail",
|
"localSessionStorageOptions": {
|
||||||
"uid" : "uid"
|
"cache_root": "/tmp",
|
||||||
},
|
"namespace": "lemonldap-ng-sessions",
|
||||||
"domain" : "example.com",
|
"default_expires_in": 600,
|
||||||
"exportedHeaders" : {
|
"directory_umask": "007",
|
||||||
"test1.example.com" : {
|
"cache_depth": 3
|
||||||
"Auth-User" : "$uid"
|
},
|
||||||
},
|
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||||
"test2.example.com" : {
|
"portalRequireOldPassword": 1,
|
||||||
"Auth-User" : "$uid"
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
||||||
}
|
"ADPwdExpireWarning": 0,
|
||||||
},
|
"yubikeyPublicIDSize": 12,
|
||||||
"exportedVars" : {
|
"ldapGroupAttributeNameGroup": "dn",
|
||||||
"UA" : "HTTP_USER_AGENT"
|
"oidcRPMetaDataOptionsExtraClaims": null,
|
||||||
},
|
"ldapGroupRecursive": 0,
|
||||||
"globalStorage" : "Apache::Session::File",
|
"mailSubject": "[LemonLDAP::NG] Your new password",
|
||||||
"globalStorageOptions" : {
|
"nginxCustomHandlers": {},
|
||||||
"Directory" : "/var/lib/lemonldap-ng/sessions",
|
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
||||||
"LockDirectory" : "/var/lib/lemonldap-ng/sessions/lock",
|
"portalDisplayResetPassword": 1,
|
||||||
"generateModule" : "Lemonldap::NG::Common::Apache::Session::Generate::SHA256"
|
"openIdSreg_timezone": "_timezone",
|
||||||
},
|
"infoFormMethod": "get",
|
||||||
"groups" : {},
|
"openIdAuthnLevel": 1,
|
||||||
"localSessionStorage" : "Cache::FileCache",
|
"openIdSreg_nickname": "uid",
|
||||||
"localSessionStorageOptions" : {
|
"samlServicePublicKeyEnc": "",
|
||||||
"cache_depth" : 3,
|
"userDB": "LDAP",
|
||||||
"cache_root" : "/tmp",
|
"grantSessionRules": {},
|
||||||
"default_expires_in" : 600,
|
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
||||||
"directory_umask" : "007",
|
"reloadUrls": {
|
||||||
"namespace" : "lemonldap-ng-sessions"
|
"%%reloadWebName": "http://%%reloadWebName/reload"
|
||||||
},
|
},
|
||||||
"locationRules" : {
|
"registerTimeout": 0,
|
||||||
"manager.example.com" : {
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
||||||
"(?#Configuration)^/(manager\\.html|conf/)" : "$uid eq \"dwho\"",
|
"slaveAuthnLevel": 2,
|
||||||
"(?#Notifications)/notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||||
"(?#Sessions)/sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
"Soap": 1,
|
||||||
"default" : "$uid eq \"dwho\""
|
"registerDB": "Demo",
|
||||||
},
|
"locationRules": {
|
||||||
"test1.example.com" : {
|
"%%managerWebName": {
|
||||||
"^/logout" : "logout_sso",
|
"default": "$uid eq \"dwho\""
|
||||||
"default" : "accept"
|
},
|
||||||
},
|
"test1.%%nom_domaine_local": {
|
||||||
"test2.example.com" : {
|
"default": "accept",
|
||||||
"^/logout" : "logout_sso",
|
"^/logout": "logout_sso"
|
||||||
"default" : "accept"
|
},
|
||||||
}
|
"test2.%%nom_domaine_local": {
|
||||||
},
|
"default": "accept",
|
||||||
"loginHistoryEnabled" : 1,
|
"^/logout": "logout_sso"
|
||||||
"macros" : {
|
}
|
||||||
"_whatToTrace" : "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
},
|
||||||
},
|
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
|
||||||
"mailUrl" : "http://auth.example.com/mail.pl",
|
"hideOldPassword": 0,
|
||||||
"notification" : 1,
|
"managerPassword": "%%ldapBindUserPassword",
|
||||||
"notificationStorage" : "File",
|
"authChoiceParam": "lmAuth",
|
||||||
"notificationStorageOptions" : {
|
"lwpSslOpts": {},
|
||||||
"dirName" : "/var/lib/lemonldap-ng/notifications"
|
"portalSkinRules": {},
|
||||||
},
|
"issuerDBOpenIDPath": "^/openidserver/",
|
||||||
"passwordDB" : "Demo",
|
"redirectFormMethod": "get",
|
||||||
"persistentStorage" : "Apache::Session::File",
|
"portalDisplayRegister": 1,
|
||||||
"persistentStorageOptions" : {
|
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
||||||
"Directory" : "/var/lib/lemonldap-ng/psessions",
|
"notificationStorageOptions": {
|
||||||
"LockDirectory" : "/var/lib/lemonldap-ng/psessions/lock"
|
"dirName": "/var/lib/lemonldap-ng/notifications"
|
||||||
},
|
},
|
||||||
"portal" : "http://auth.example.com/",
|
"browserIdAuthnLevel": 1,
|
||||||
"portalSkin" : "bootstrap",
|
"portalUserAttr": "_user",
|
||||||
"portalSkinBackground" : "1280px-Cedar_Breaks_National_Monument_partially.jpg",
|
"ldapVersion": 3,
|
||||||
"registerDB" : "Demo",
|
"sessionDataToRemember": {},
|
||||||
"registerUrl" : "http://auth.example.com/register.pl",
|
"samlNameIDFormatMapX509": "mail",
|
||||||
"reloadUrls" : {
|
"managerDn": "%%ldapBindUserDN",
|
||||||
"reload.example.com" : "http://reload.example.com/reload"
|
"mailSessionKey": "mail",
|
||||||
},
|
"openIdSreg_email": "mail",
|
||||||
"securedCookie" : 0,
|
"localSessionStorage": "Cache::FileCache",
|
||||||
"sessionDataToRemember" : {},
|
"persistentStorage": "Apache::Session::File",
|
||||||
"timeout" : 72000,
|
"mailOnPasswordChange": 0,
|
||||||
"userDB" : "Demo",
|
"captchaStorage": "Apache::Session::File",
|
||||||
"whatToTrace" : "_whatToTrace"
|
"remoteGlobalStorageOptions": {
|
||||||
|
"proxy": "http://%%authWebName/index.pl/sessions",
|
||||||
|
"ns": "http://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
|
||||||
|
},
|
||||||
|
"passwordDB": "LDAP",
|
||||||
|
"captcha_size": 6,
|
||||||
|
"mailCharset": "utf-8",
|
||||||
|
"facebookExportedVars": {},
|
||||||
|
"nullAuthnLevel": 2,
|
||||||
|
"singleIP": 0,
|
||||||
|
"dbiExportedVars": {},
|
||||||
|
"portalSkin": "bootstrap",
|
||||||
|
"storePassword": 0,
|
||||||
|
"hiddenAttributes": "_password",
|
||||||
|
"samlServicePrivateKeySig": "",
|
||||||
|
"globalStorage": "Apache::Session::File",
|
||||||
|
"notificationWildcard": "allusers",
|
||||||
|
"portalForceAuthn": 0,
|
||||||
|
"samlMetadataForceUTF8": 1,
|
||||||
|
"secureTokenUrls": ".*",
|
||||||
|
"secureTokenAllowOnError": 1,
|
||||||
|
"samlAuthnContextMapTLSClient": 5,
|
||||||
|
"ldapAllowResetExpiredPassword": 0,
|
||||||
|
"oidcOPMetaDataExportedVars": {},
|
||||||
|
"notifyOther": 0,
|
||||||
|
"secureTokenExpiration": 60,
|
||||||
|
"captcha_mail_enabled": 0,
|
||||||
|
"samlStorageOptions": {},
|
||||||
|
"samlOrganizationDisplayName": "Example",
|
||||||
|
"trustedProxies": "",
|
||||||
|
"secureTokenHeader": "Auth-Token",
|
||||||
|
"issuerDBCASActivation": 1,
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||||
|
"samlIDPMetaDataXML": {},
|
||||||
|
"oidcStorageOptions": {},
|
||||||
|
"cfgDate": 1519998069,
|
||||||
|
"samlAuthnContextMapPassword": 2,
|
||||||
|
"portalDisplayLoginHistory": 1,
|
||||||
|
"ldapPasswordResetAttributeValue": "TRUE",
|
||||||
|
"ldapServer": "%%ldapScheme://%%ldapServer",
|
||||||
|
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
||||||
|
"samlIDPMetaDataExportedAttributes": null,
|
||||||
|
"samlServicePrivateKeyEnc": "",
|
||||||
|
"useRedirectOnForbidden": 0,
|
||||||
|
"captcha_login_enabled": 0,
|
||||||
|
"https": 0,
|
||||||
|
"checkXSS": 1,
|
||||||
|
"ldapSetPassword": 0,
|
||||||
|
"portalPingInterval": 60000,
|
||||||
|
"captchaStorageOptions": {
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
||||||
|
},
|
||||||
|
"useSafeJail": 1,
|
||||||
|
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
||||||
|
"issuerDBCASRule": 1,
|
||||||
|
"samlAuthnContextMapKerberos": 4,
|
||||||
|
"ldapGroupAttributeNameSearch": "cn",
|
||||||
|
"logoutServices": {},
|
||||||
|
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
||||||
|
"portalDisplayLogout": 1,
|
||||||
|
"issuerDBGetParameters": {},
|
||||||
|
"googleExportedVars": {},
|
||||||
|
"openIdSreg_fullname": "cn",
|
||||||
|
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
||||||
|
"demoExportedVars": {
|
||||||
|
"mail": "mail",
|
||||||
|
"uid": "uid",
|
||||||
|
"cn": "cn"
|
||||||
|
},
|
||||||
|
"oidcOPMetaDataJSON": null,
|
||||||
|
"samlIdPResolveCookie": "lemonldapidp",
|
||||||
|
"samlRelayStateTimeout": 600,
|
||||||
|
"samlOrganizationURL": "http://www.%%nom_domaine_local",
|
||||||
|
"globalStorageOptions": {
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/sessions",
|
||||||
|
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
||||||
|
},
|
||||||
|
"ldapExportedVars": {
|
||||||
|
"mail": "mail",
|
||||||
|
"cn": "cn",
|
||||||
|
"uid": "uid"
|
||||||
|
},
|
||||||
|
"webIDExportedVars": {},
|
||||||
|
"activeTimer": 1,
|
||||||
|
"cda": 0,
|
||||||
|
"samlServicePublicKeySig": "",
|
||||||
|
"portalCheckLogins": 1,
|
||||||
|
"CAS_authnLevel": 1,
|
||||||
|
"macros": {
|
||||||
|
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||||
|
},
|
||||||
|
"samlIDPMetaDataOptions": null,
|
||||||
|
"twitterAuthnLevel": 1,
|
||||||
|
"openIdExportedVars": {},
|
||||||
|
"captcha_register_enabled": 1,
|
||||||
|
"oidcOPMetaDataJWKS": null,
|
||||||
|
"webIDAuthnLevel": 1,
|
||||||
|
"issuerDBOpenIDActivation": "1",
|
||||||
|
"mailUrl": "http://%%authWebName/mail.pl",
|
||||||
|
"maintenance": 0,
|
||||||
|
"jsRedirect": 0,
|
||||||
|
"cfgAuthor": "dwho",
|
||||||
|
"persistentStorageOptions": {
|
||||||
|
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/psessions"
|
||||||
|
},
|
||||||
|
"SSLAuthnLevel": 5,
|
||||||
|
"oidcServiceMetaDataAuthnContext": {},
|
||||||
|
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||||
|
"notification": 1,
|
||||||
|
"ldapChangePasswordAsUser": 0,
|
||||||
|
"CAS_proxiedServices": {},
|
||||||
|
"key": "e\"bTCt3*eU9^\\V%b",
|
||||||
|
"portal": "http://%%authWebName/",
|
||||||
|
"singleSessionUserByIP": 0,
|
||||||
|
"portalOpenLinkInNewWindow": 0,
|
||||||
|
"post": {
|
||||||
|
"test2.%%nom_domaine_local": {},
|
||||||
|
"test1.%%nom_domaine_local": {},
|
||||||
|
"%%managerWebName": {}
|
||||||
|
},
|
||||||
|
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
||||||
|
"issuerDBSAMLRule": 1,
|
||||||
|
"samlCommonDomainCookieActivation": 0,
|
||||||
|
"syslog": "",
|
||||||
|
"ldapBase": "%%ldapUserBaseDN",
|
||||||
|
"ldapAuthnLevel": 2,
|
||||||
|
"mailTimeout": 0,
|
||||||
|
"samlEntityID": "#PORTAL#/saml/metadata",
|
||||||
|
"oidcOPMetaDataOptions": null,
|
||||||
|
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
||||||
|
"samlOrganizationName": "%%samlOrganizationName",
|
||||||
|
"registerUrl": "http://%%authWebName/register.pl",
|
||||||
|
"casAccessControlPolicy": "none",
|
||||||
|
"multiValuesSeparator": ";",
|
||||||
|
"ldapPort": %%ldapServerPort
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,386 +0,0 @@
|
||||||
{
|
|
||||||
"ldapGroupAttributeNameUser": "dn",
|
|
||||||
"cfgAuthorIP": "172.16.0.1",
|
|
||||||
"samlSPMetaDataXML": null,
|
|
||||||
"facebookAuthnLevel": 1,
|
|
||||||
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
|
||||||
"secureTokenAttribute": "uid",
|
|
||||||
"singleSession": 0,
|
|
||||||
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
|
||||||
"CAS_pgtFile": "/tmp/pgt.txt",
|
|
||||||
"cookieName": "lemonldap",
|
|
||||||
"slaveExportedVars": {},
|
|
||||||
"whatToTrace": "_whatToTrace",
|
|
||||||
"oidcRPMetaDataOptions": {},
|
|
||||||
"notifyDeleted": 1,
|
|
||||||
"useRedirectOnError": 1,
|
|
||||||
"samlSPMetaDataExportedAttributes": null,
|
|
||||||
"ldapPwdEnc": "utf-8",
|
|
||||||
"openIdSPList": "0;",
|
|
||||||
"samlNameIDFormatMapEmail": "mail",
|
|
||||||
"samlSPMetaDataOptions": null,
|
|
||||||
"issuerDBOpenIDRule": 1,
|
|
||||||
"casStorageOptions": {},
|
|
||||||
"mailFrom": "noreply@%%nom_domaine_local",
|
|
||||||
"timeoutActivity": 0,
|
|
||||||
"oidcRPMetaDataExportedVars": {},
|
|
||||||
"issuerDBSAMLActivation": 0,
|
|
||||||
"issuerDBCASPath": "^/cas/",
|
|
||||||
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
|
||||||
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
|
||||||
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
|
||||||
"exportedHeaders": {
|
|
||||||
"test1.%%nom_domaine_local": {
|
|
||||||
"Auth-User": "$uid"
|
|
||||||
},
|
|
||||||
"test2.%%nom_domaine_local": {
|
|
||||||
"Auth-User": "$uid"
|
|
||||||
},
|
|
||||||
"manager.%%nom_domaine_local": {}
|
|
||||||
},
|
|
||||||
"vhostOptions": {
|
|
||||||
"manager.%%nom_domaine_local": {},
|
|
||||||
"test1.%%nom_domaine_local": {},
|
|
||||||
"test2.%%nom_domaine_local": {}
|
|
||||||
},
|
|
||||||
"radiusAuthnLevel": 3,
|
|
||||||
"dbiAuthnLevel": 2,
|
|
||||||
"ldapPasswordResetAttribute": "pwdReset",
|
|
||||||
"ldapGroupObjectClass": "groupOfNames",
|
|
||||||
"apacheAuthnLevel": 4,
|
|
||||||
"samlNameIDFormatMapKerberos": "uid",
|
|
||||||
"groups": {},
|
|
||||||
"securedCookie": 0,
|
|
||||||
"httpOnly": 1,
|
|
||||||
"yubikeyAuthnLevel": 3,
|
|
||||||
"ADPwdMaxAge": 0,
|
|
||||||
"samlUseQueryStringSpecific": 0,
|
|
||||||
"loginHistoryEnabled": 1,
|
|
||||||
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
|
||||||
"failedLoginNumber": 5,
|
|
||||||
"samlServicePrivateKeyEncPwd": "",
|
|
||||||
"portalForceAuthnInterval": 0,
|
|
||||||
"cfgLog": "",
|
|
||||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
|
||||||
"exportedVars": {
|
|
||||||
"UA": "HTTP_USER_AGENT"
|
|
||||||
},
|
|
||||||
"notificationStorage": "File",
|
|
||||||
"applicationList": {
|
|
||||||
"1sample": {
|
|
||||||
"test2": {
|
|
||||||
"options": {
|
|
||||||
"name": "Application Test 2",
|
|
||||||
"logo": "thumbnail.png",
|
|
||||||
"uri": "http://test2.%%nom_domaine_local/",
|
|
||||||
"display": "auto",
|
|
||||||
"description": "The same simple application displaying authenticated user"
|
|
||||||
},
|
|
||||||
"type": "application"
|
|
||||||
},
|
|
||||||
"type": "category",
|
|
||||||
"catname": "Sample applications",
|
|
||||||
"test1": {
|
|
||||||
"type": "application",
|
|
||||||
"options": {
|
|
||||||
"description": "A simple application displaying authenticated user",
|
|
||||||
"uri": "http://test1.%%nom_domaine_local/",
|
|
||||||
"logo": "demo.png",
|
|
||||||
"display": "auto",
|
|
||||||
"name": "Application Test 1"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"2administration": {
|
|
||||||
"notifications": {
|
|
||||||
"options": {
|
|
||||||
"name": "Notifications explorer",
|
|
||||||
"display": "auto",
|
|
||||||
"description": "Explore WebSSO notifications",
|
|
||||||
"uri": "http://manager.%%nom_domaine_local/notifications.pl",
|
|
||||||
"logo": "database.png"
|
|
||||||
},
|
|
||||||
"type": "application"
|
|
||||||
},
|
|
||||||
"manager": {
|
|
||||||
"options": {
|
|
||||||
"uri": "http://manager.%%nom_domaine_local/",
|
|
||||||
"display": "auto",
|
|
||||||
"description": "Configure LemonLDAP::NG WebSSO",
|
|
||||||
"logo": "configure.png",
|
|
||||||
"name": "WebSSO Manager"
|
|
||||||
},
|
|
||||||
"type": "application"
|
|
||||||
},
|
|
||||||
"type": "category",
|
|
||||||
"sessions": {
|
|
||||||
"type": "application",
|
|
||||||
"options": {
|
|
||||||
"description": "Explore WebSSO sessions",
|
|
||||||
"uri": "http://manager.%%nom_domaine_local/sessions.pl",
|
|
||||||
"logo": "database.png",
|
|
||||||
"display": "auto",
|
|
||||||
"name": "Sessions explorer"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"catname": "Administration"
|
|
||||||
},
|
|
||||||
"3documentation": {
|
|
||||||
"catname": "Documentation",
|
|
||||||
"officialwebsite": {
|
|
||||||
"type": "application",
|
|
||||||
"options": {
|
|
||||||
"name": "Offical Website",
|
|
||||||
"description": "Official LemonLDAP::NG Website",
|
|
||||||
"logo": "network.png",
|
|
||||||
"display": "on",
|
|
||||||
"uri": "http://lemonldap-ng.org/"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "category",
|
|
||||||
"localdoc": {
|
|
||||||
"options": {
|
|
||||||
"logo": "help.png",
|
|
||||||
"description": "Documentation supplied with LemonLDAP::NG",
|
|
||||||
"display": "on",
|
|
||||||
"uri": "http://manager.%%nom_domaine_local/doc/",
|
|
||||||
"name": "Local documentation"
|
|
||||||
},
|
|
||||||
"type": "application"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"userControl": "^[\\w\\.\\-@]+$",
|
|
||||||
"timeout": 72000,
|
|
||||||
"portalAntiFrame": 1,
|
|
||||||
"SMTPServer": "",
|
|
||||||
"ldapTimeout": 120,
|
|
||||||
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
|
||||||
"ldapUsePasswordResetAttribute": 1,
|
|
||||||
"ldapPpolicyControl": 0,
|
|
||||||
"casAttributes": {},
|
|
||||||
"issuerDBSAMLPath": "^/saml/",
|
|
||||||
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
|
||||||
"portalDisplayAppslist": 1,
|
|
||||||
"confirmFormMethod": "post",
|
|
||||||
"domain": "%%nom_domaine_local",
|
|
||||||
"cfgNum": "9",
|
|
||||||
"authentication": "LDAP",
|
|
||||||
"samlNameIDFormatMapWindows": "uid",
|
|
||||||
"authChoiceModules": {},
|
|
||||||
"ldapGroupAttributeName": "member",
|
|
||||||
"samlServicePrivateKeySigPwd": "",
|
|
||||||
"googleAuthnLevel": 1,
|
|
||||||
"successLoginNumber": 5,
|
|
||||||
"localSessionStorageOptions": {
|
|
||||||
"cache_root": "/tmp",
|
|
||||||
"namespace": "lemonldap-ng-sessions",
|
|
||||||
"default_expires_in": 600,
|
|
||||||
"directory_umask": "007",
|
|
||||||
"cache_depth": 3
|
|
||||||
},
|
|
||||||
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
|
||||||
"portalRequireOldPassword": 1,
|
|
||||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
|
||||||
"ADPwdExpireWarning": 0,
|
|
||||||
"yubikeyPublicIDSize": 12,
|
|
||||||
"ldapGroupAttributeNameGroup": "dn",
|
|
||||||
"oidcRPMetaDataOptionsExtraClaims": null,
|
|
||||||
"ldapGroupRecursive": 0,
|
|
||||||
"mailSubject": "[LemonLDAP::NG] Your new password",
|
|
||||||
"nginxCustomHandlers": {},
|
|
||||||
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
|
||||||
"portalDisplayResetPassword": 1,
|
|
||||||
"openIdSreg_timezone": "_timezone",
|
|
||||||
"infoFormMethod": "get",
|
|
||||||
"openIdAuthnLevel": 1,
|
|
||||||
"openIdSreg_nickname": "uid",
|
|
||||||
"samlServicePublicKeyEnc": "",
|
|
||||||
"userDB": "LDAP",
|
|
||||||
"grantSessionRules": {},
|
|
||||||
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
|
||||||
"reloadUrls": {
|
|
||||||
"reload.%%nom_domaine_local": "http://reload.%%nom_domaine_local/reload"
|
|
||||||
},
|
|
||||||
"registerTimeout": 0,
|
|
||||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
|
||||||
"slaveAuthnLevel": 2,
|
|
||||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
|
||||||
"Soap": 1,
|
|
||||||
"registerDB": "Demo",
|
|
||||||
"locationRules": {
|
|
||||||
"manager.%%nom_domaine_local": {
|
|
||||||
"default": "$uid eq \"dwho\""
|
|
||||||
},
|
|
||||||
"test1.%%nom_domaine_local": {
|
|
||||||
"default": "accept",
|
|
||||||
"^/logout": "logout_sso"
|
|
||||||
},
|
|
||||||
"test2.%%nom_domaine_local": {
|
|
||||||
"default": "accept",
|
|
||||||
"^/logout": "logout_sso"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
|
|
||||||
"hideOldPassword": 0,
|
|
||||||
"managerPassword": "ohc7kei8lil8Zoesai5chisaiGhu5Yaisai6kaegh9aingai0pae8ohb",
|
|
||||||
"authChoiceParam": "lmAuth",
|
|
||||||
"lwpSslOpts": {},
|
|
||||||
"portalSkinRules": {},
|
|
||||||
"issuerDBOpenIDPath": "^/openidserver/",
|
|
||||||
"redirectFormMethod": "get",
|
|
||||||
"portalDisplayRegister": 1,
|
|
||||||
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
|
||||||
"notificationStorageOptions": {
|
|
||||||
"dirName": "/var/lib/lemonldap-ng/notifications"
|
|
||||||
},
|
|
||||||
"browserIdAuthnLevel": 1,
|
|
||||||
"portalUserAttr": "_user",
|
|
||||||
"ldapVersion": 3,
|
|
||||||
"sessionDataToRemember": {},
|
|
||||||
"samlNameIDFormatMapX509": "mail",
|
|
||||||
"managerDn": "cn=reader,o=gouv,c=fr",
|
|
||||||
"mailSessionKey": "mail",
|
|
||||||
"openIdSreg_email": "mail",
|
|
||||||
"localSessionStorage": "Cache::FileCache",
|
|
||||||
"persistentStorage": "Apache::Session::File",
|
|
||||||
"mailOnPasswordChange": 0,
|
|
||||||
"captchaStorage": "Apache::Session::File",
|
|
||||||
"remoteGlobalStorageOptions": {
|
|
||||||
"proxy": "http://auth.%%nom_domaine_local/index.pl/sessions",
|
|
||||||
"ns": "http://auth.%%nom_domaine_local/Lemonldap/NG/Common/CGI/SOAPService"
|
|
||||||
},
|
|
||||||
"passwordDB": "LDAP",
|
|
||||||
"captcha_size": 6,
|
|
||||||
"mailCharset": "utf-8",
|
|
||||||
"facebookExportedVars": {},
|
|
||||||
"nullAuthnLevel": 2,
|
|
||||||
"singleIP": 0,
|
|
||||||
"dbiExportedVars": {},
|
|
||||||
"portalSkin": "bootstrap",
|
|
||||||
"storePassword": 0,
|
|
||||||
"hiddenAttributes": "_password",
|
|
||||||
"samlServicePrivateKeySig": "",
|
|
||||||
"globalStorage": "Apache::Session::File",
|
|
||||||
"notificationWildcard": "allusers",
|
|
||||||
"portalForceAuthn": 0,
|
|
||||||
"samlMetadataForceUTF8": 1,
|
|
||||||
"secureTokenUrls": ".*",
|
|
||||||
"secureTokenAllowOnError": 1,
|
|
||||||
"samlAuthnContextMapTLSClient": 5,
|
|
||||||
"ldapAllowResetExpiredPassword": 0,
|
|
||||||
"oidcOPMetaDataExportedVars": {},
|
|
||||||
"notifyOther": 0,
|
|
||||||
"secureTokenExpiration": 60,
|
|
||||||
"captcha_mail_enabled": 0,
|
|
||||||
"samlStorageOptions": {},
|
|
||||||
"samlOrganizationDisplayName": "Example",
|
|
||||||
"trustedProxies": "",
|
|
||||||
"secureTokenHeader": "Auth-Token",
|
|
||||||
"issuerDBCASActivation": 1,
|
|
||||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
|
||||||
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
|
||||||
"samlIDPMetaDataXML": {},
|
|
||||||
"oidcStorageOptions": {},
|
|
||||||
"cfgDate": 1519998069,
|
|
||||||
"samlAuthnContextMapPassword": 2,
|
|
||||||
"portalDisplayLoginHistory": 1,
|
|
||||||
"ldapPasswordResetAttributeValue": "TRUE",
|
|
||||||
"ldapServer": "%%ldapScheme://%%ldapServer",
|
|
||||||
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
|
||||||
"samlIDPMetaDataExportedAttributes": null,
|
|
||||||
"samlServicePrivateKeyEnc": "",
|
|
||||||
"useRedirectOnForbidden": 0,
|
|
||||||
"captcha_login_enabled": 0,
|
|
||||||
"https": 0,
|
|
||||||
"checkXSS": 1,
|
|
||||||
"ldapSetPassword": 0,
|
|
||||||
"portalPingInterval": 60000,
|
|
||||||
"captchaStorageOptions": {
|
|
||||||
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
|
||||||
},
|
|
||||||
"useSafeJail": 1,
|
|
||||||
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
|
||||||
"issuerDBCASRule": 1,
|
|
||||||
"samlAuthnContextMapKerberos": 4,
|
|
||||||
"ldapGroupAttributeNameSearch": "cn",
|
|
||||||
"logoutServices": {},
|
|
||||||
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
|
||||||
"portalDisplayLogout": 1,
|
|
||||||
"issuerDBGetParameters": {},
|
|
||||||
"googleExportedVars": {},
|
|
||||||
"openIdSreg_fullname": "cn",
|
|
||||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
|
||||||
"demoExportedVars": {
|
|
||||||
"mail": "mail",
|
|
||||||
"uid": "uid",
|
|
||||||
"cn": "cn"
|
|
||||||
},
|
|
||||||
"oidcOPMetaDataJSON": null,
|
|
||||||
"samlIdPResolveCookie": "lemonldapidp",
|
|
||||||
"samlRelayStateTimeout": 600,
|
|
||||||
"samlOrganizationURL": "http://www.%%nom_domaine_local",
|
|
||||||
"globalStorageOptions": {
|
|
||||||
"Directory": "/var/lib/lemonldap-ng/sessions",
|
|
||||||
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
|
||||||
},
|
|
||||||
"ldapExportedVars": {
|
|
||||||
"mail": "mail",
|
|
||||||
"cn": "cn",
|
|
||||||
"uid": "uid"
|
|
||||||
},
|
|
||||||
"webIDExportedVars": {},
|
|
||||||
"activeTimer": 1,
|
|
||||||
"cda": 0,
|
|
||||||
"samlServicePublicKeySig": "",
|
|
||||||
"portalCheckLogins": 1,
|
|
||||||
"CAS_authnLevel": 1,
|
|
||||||
"macros": {
|
|
||||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
|
||||||
},
|
|
||||||
"samlIDPMetaDataOptions": null,
|
|
||||||
"twitterAuthnLevel": 1,
|
|
||||||
"openIdExportedVars": {},
|
|
||||||
"captcha_register_enabled": 1,
|
|
||||||
"oidcOPMetaDataJWKS": null,
|
|
||||||
"webIDAuthnLevel": 1,
|
|
||||||
"issuerDBOpenIDActivation": "1",
|
|
||||||
"mailUrl": "http://auth.%%nom_domaine_local/mail.pl",
|
|
||||||
"maintenance": 0,
|
|
||||||
"jsRedirect": 0,
|
|
||||||
"cfgAuthor": "dwho",
|
|
||||||
"persistentStorageOptions": {
|
|
||||||
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
|
|
||||||
"Directory": "/var/lib/lemonldap-ng/psessions"
|
|
||||||
},
|
|
||||||
"SSLAuthnLevel": 5,
|
|
||||||
"oidcServiceMetaDataAuthnContext": {},
|
|
||||||
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
|
||||||
"notification": 1,
|
|
||||||
"ldapChangePasswordAsUser": 0,
|
|
||||||
"CAS_proxiedServices": {},
|
|
||||||
"key": "e\"bTCt3*eU9^\\V%b",
|
|
||||||
"portal": "http://auth.%%nom_domaine_local/",
|
|
||||||
"singleSessionUserByIP": 0,
|
|
||||||
"portalOpenLinkInNewWindow": 0,
|
|
||||||
"post": {
|
|
||||||
"test2.%%nom_domaine_local": {},
|
|
||||||
"test1.%%nom_domaine_local": {},
|
|
||||||
"manager.%%nom_domaine_local": {}
|
|
||||||
},
|
|
||||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
|
||||||
"issuerDBSAMLRule": 1,
|
|
||||||
"samlCommonDomainCookieActivation": 0,
|
|
||||||
"syslog": "",
|
|
||||||
"ldapBase": %%ldapUserBaseDN,
|
|
||||||
"ldapAuthnLevel": 2,
|
|
||||||
"mailTimeout": 0,
|
|
||||||
"samlEntityID": "#PORTAL#/saml/metadata",
|
|
||||||
"oidcOPMetaDataOptions": null,
|
|
||||||
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
|
||||||
"samlOrganizationName": "%%samlOrganizationName",
|
|
||||||
"registerUrl": "http://auth.%%nom_domaine_local/register.pl",
|
|
||||||
"casAccessControlPolicy": "none",
|
|
||||||
"multiValuesSeparator": ";",
|
|
||||||
"ldapPort": %%ldapServerPort
|
|
||||||
}
|
|
|
@ -1,17 +1,22 @@
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name manager.%%nom_domaine_local;
|
server_name %%managerWebName;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443;
|
||||||
ssl on;
|
ssl on;
|
||||||
|
%if %%cert_type == "letsencrypt"
|
||||||
|
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
||||||
|
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
||||||
|
%else
|
||||||
ssl_certificate %%server_cert;
|
ssl_certificate %%server_cert;
|
||||||
ssl_certificate_key %%server_key;
|
ssl_certificate_key %%server_key;
|
||||||
|
%end if
|
||||||
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
||||||
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
|
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
|
||||||
server_name manager.%%nom_domaine_local;
|
server_name %%managerWebName;
|
||||||
|
|
||||||
error_page 403 404 502 503 504 /nginx.html;
|
error_page 403 404 502 503 504 /nginx.html;
|
||||||
location = /nginx.html{
|
location = /nginx.html{
|
||||||
|
|
|
@ -1,17 +1,22 @@
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name auth.%%nom_domaine_local;
|
server_name %%authWebName;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443;
|
||||||
ssl on;
|
ssl on;
|
||||||
|
%if %%cert_type == "letsencrypt"
|
||||||
|
ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
|
||||||
|
ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
|
||||||
|
%else
|
||||||
ssl_certificate %%server_cert;
|
ssl_certificate %%server_cert;
|
||||||
ssl_certificate_key %%server_key;
|
ssl_certificate_key %%server_key;
|
||||||
|
%end if
|
||||||
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
||||||
access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
|
access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
|
||||||
server_name auth.%%nom_domaine_local;
|
server_name %%authWebName;
|
||||||
root /var/lib/lemonldap-ng/portal/;
|
root /var/lib/lemonldap-ng/portal/;
|
||||||
|
|
||||||
location ~ \.pl(?:$|/) {
|
location ~ \.pl(?:$|/) {
|
||||||
|
|
Loading…
Reference in New Issue