From 73fb96c026434fe1755e5c70cc997a7b385fac6b Mon Sep 17 00:00:00 2001 From: Benjamin Bohard Date: Mon, 15 Jul 2019 10:40:26 +0200 Subject: [PATCH] Update configuration and dictionnary for v2.0 --- dicos/70_lemonldap_ng.xml | 10 +- tmpl/lemonldap-ng.ini | 8 +- tmpl/lmConf-1.json | 441 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 453 insertions(+), 6 deletions(-) create mode 100644 tmpl/lmConf-1.json diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml index 718c96f..bfede2a 100644 --- a/dicos/70_lemonldap_ng.xml +++ b/dicos/70_lemonldap_ng.xml @@ -2,12 +2,12 @@ - - - - - + + + + + diff --git a/tmpl/lemonldap-ng.ini b/tmpl/lemonldap-ng.ini index c41aba4..921810f 100644 --- a/tmpl/lemonldap-ng.ini +++ b/tmpl/lemonldap-ng.ini @@ -110,6 +110,12 @@ localStorageOptions={ \ ; restart your server. This increase performances ;useLocalConf = 1 +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/portal/templates +; languages: available languages for portal interface +languages = fr, en ; PORTAL CUSTOMIZATION ; Name of the skin portalSkin = %%llSkin @@ -276,7 +282,7 @@ logLevel = warn staticPrefix = /static ; ; location of HTML templates directory -templateDir = /usr/share/lemonldap-ng/manager/templates +templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates ; languages: available languages for manager interface languages = fr, en diff --git a/tmpl/lmConf-1.json b/tmpl/lmConf-1.json new file mode 100644 index 0000000..80d4a31 --- /dev/null +++ b/tmpl/lmConf-1.json @@ -0,0 +1,441 @@ +%set %%ssoFilters = %%getSSOFilters +{ + "ldapGroupAttributeNameUser": "dn", + "cfgAuthorIP": "172.16.0.1", + "samlSPMetaDataXML": null, + "facebookAuthnLevel": 1, + "mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation", + "secureTokenAttribute": "uid", + "singleSession": 0, + "registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation", + "CAS_pgtFile": "/tmp/pgt.txt", + "cookieName": "lemonldap", + "slaveExportedVars": {}, + "whatToTrace": "_whatToTrace", + "oidcRPMetaDataOptions": {}, + "notifyDeleted": 1, + "useRedirectOnError": 1, + "samlSPMetaDataExportedAttributes": null, + "ldapPwdEnc": "utf-8", + "openIdSPList": "0;", + "samlNameIDFormatMapEmail": "mail", + "samlSPMetaDataOptions": null, + "issuerDBOpenIDRule": 1, + "casStorageOptions": {}, + "mailFrom": "noreply@%%nom_domaine_local", + "timeoutActivity": 0, + "oidcRPMetaDataExportedVars": {}, + "issuerDBSAMLActivation": 0, + "issuerDBCASPath": "^/%%casFolder/", + "randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}", + "samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;", + "samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", + "exportedHeaders": { + "test1.%%nom_domaine_local": { + "Auth-User": "$uid" + }, + "test2.%%nom_domaine_local": { + "Auth-User": "$uid" + }, + "%%managerWebName": {} + }, + "vhostOptions": { + "%%managerWebName": { + "vhostHttps" : "1" + }, + "test1.%%nom_domaine_local": {}, + "test2.%%nom_domaine_local": {} + }, + "radiusAuthnLevel": 3, + "dbiAuthnLevel": 2, + "ldapPasswordResetAttribute": "pwdReset", + "ldapGroupObjectClass": "groupOfNames", + "apacheAuthnLevel": 4, + "samlNameIDFormatMapKerberos": "uid", + "groups": {}, + "securedCookie": 0, + "httpOnly": 1, + "yubikeyAuthnLevel": 3, + "ADPwdMaxAge": 0, + "samlUseQueryStringSpecific": 0, + "loginHistoryEnabled": 1, + "samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;", + "failedLoginNumber": 5, + "samlServicePrivateKeyEncPwd": "", + "portalForceAuthnInterval": 0, + "cfgLog": "", + "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", + "exportedVars": { + "UA": "HTTP_USER_AGENT", +%for att in %%casAttribute + "%%att": "%%att", +%end for +%set %%idx = 0 +%set %%size = %%len(%%ssoFilters) - 1 +%for key,value in %%ssoFilters + %if %%idx == %%size + "%%key": "%%value" + %else + "%%key": "%%value", + %end if + %set %%idx += 1 +%end for + }, + "notificationStorage": "File", + "applicationList": { + "1sample": { + "test2": { + "options": { + "name": "Application Test 2", + "logo": "thumbnail.png", + "uri": "https://test2.%%nom_domaine_local/", + "display": "auto", + "description": "The same simple application displaying authenticated user" + }, + "type": "application" + }, + "type": "category", + "catname": "Sample applications", + "test1": { + "type": "application", + "options": { + "description": "A simple application displaying authenticated user", + "uri": "https://test1.%%nom_domaine_local/", + "logo": "demo.png", + "display": "auto", + "name": "Application Test 1" + } + } + }, + "2administration": { + "notifications": { + "options": { + "name": "Notifications explorer", + "display": "auto", + "description": "Explore WebSSO notifications", + "uri": "https://%%managerWebName/notifications.pl", + "logo": "database.png" + }, + "type": "application" + }, + "manager": { + "options": { + "uri": "https://%%managerWebName/", + "display": "auto", + "description": "Configure LemonLDAP::NG WebSSO", + "logo": "configure.png", + "name": "WebSSO Manager" + }, + "type": "application" + }, + "type": "category", + "sessions": { + "type": "application", + "options": { + "description": "Explore WebSSO sessions", + "uri": "https://%%managerWebName/sessions.pl", + "logo": "database.png", + "display": "auto", + "name": "Sessions explorer" + } + }, + "catname": "Administration" + }, + "3documentation": { + "catname": "Documentation", + "officialwebsite": { + "type": "application", + "options": { + "name": "Offical Website", + "description": "Official LemonLDAP::NG Website", + "logo": "network.png", + "display": "on", + "uri": "http://lemonldap-ng.org/" + } + }, + "type": "category", + "localdoc": { + "options": { + "logo": "help.png", + "description": "Documentation supplied with LemonLDAP::NG", + "display": "on", + "uri": "http://%%managerWebName/doc/", + "name": "Local documentation" + }, + "type": "application" + } + } + }, + "userControl": "^[\\w\\.\\-@]+$", + "timeout": 72000, + "portalAntiFrame": 1, + "SMTPServer": "", + "ldapTimeout": 120, + "samlAuthnContextMapPasswordProtectedTransport": 3, + "ldapUsePasswordResetAttribute": 1, + "ldapPpolicyControl": 0, + "casAttributes": { +%for att in %%casAttribute + "%%att": "%%att.casLDAPAttribute", +%end for +%set %%idx = 0 +%set %%size = %%len(%%ssoFilters) - 1 +%for key,value in %%ssoFilters + %if %%idx == %%size + "%%key": "%%key" + %else + "%%key": "%%key", + %end if + %set %%idx += 1 +%end for + }, + "issuerDBSAMLPath": "^/saml/", + "samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;", + "portalDisplayAppslist": 1, + "confirmFormMethod": "post", + "domain": "%%nom_domaine_local", + "cfgNum": "1", + "authentication": "LDAP", + "samlNameIDFormatMapWindows": "uid", + "authChoiceModules": {}, + "ldapGroupAttributeName": "member", + "samlServicePrivateKeySigPwd": "", + "googleAuthnLevel": 1, + "successLoginNumber": 5, + "localSessionStorageOptions": { + "cache_root": "/tmp", + "namespace": "lemonldap-ng-sessions", + "default_expires_in": 600, + "directory_umask": "007", + "cache_depth": 3 + }, + "samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", + "portalRequireOldPassword": 1, + "samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;", + "ADPwdExpireWarning": 0, + "yubikeyPublicIDSize": 12, + "ldapGroupAttributeNameGroup": "dn", + "oidcRPMetaDataOptionsExtraClaims": null, + "ldapGroupRecursive": 0, + "mailSubject": "[LemonLDAP::NG] Your new password", + "nginxCustomHandlers": {}, + "samlSPSSODescriptorAuthnRequestsSigned": 1, +%if %%llResetPassword == "oui" + "portalDisplayResetPassword": 1, +%else + "portalDisplayResetPassword": 0, +%end if + "openIdSreg_timezone": "_timezone", + "infoFormMethod": "get", + "openIdAuthnLevel": 1, + "openIdSreg_nickname": "uid", + "samlServicePublicKeyEnc": "", + "userDB": "LDAP", + "grantSessionRules": {}, + "remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP", + "reloadUrls": { + "%%reloadWebName": "https://%%reloadWebName/reload" + }, + "registerTimeout": 0, + "samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;", + "slaveAuthnLevel": 2, + "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", + "Soap": 1, +%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo') +%if %%RegisterDB == "Custom" + "registerDB": "Null", +%else + "registerDB": "%%RegisterDB", +%end if + "locationRules": { + "%%managerWebName": { + "default": "$uid eq \"%%lemonAdmin\"" + }, + "test1.%%nom_domaine_local": { + "default": "accept", + "^/logout": "logout_sso" + }, + "test2.%%nom_domaine_local": { + "default": "accept", + "^/logout": "logout_sso" + } + }, + "portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/", + "hideOldPassword": 0, +%if %%is_file(%%ldapBindUserPassword) + "managerPassword": "%%readPass("", %%ldapBindUserPassword)", +%else + "managerPassword": "%%ldapBindUserPassword", +%end if + "authChoiceParam": "lmAuth", + "lwpSslOpts": {}, + "portalSkinRules": {}, + "issuerDBOpenIDPath": "^/openidserver/", + "redirectFormMethod": "get", + "portalDisplayRegister": 1, + "secureTokenMemcachedServers": "127.0.0.1:11211", + "notificationStorageOptions": { + "dirName": "/var/lib/lemonldap-ng/notifications" + }, + "browserIdAuthnLevel": 1, + "portalUserAttr": "_user", + "ldapVersion": 3, + "sessionDataToRemember": {}, + "samlNameIDFormatMapX509": "mail", + "managerDn": "%%ldapBindUserDN", + "mailSessionKey": "mail", + "openIdSreg_email": "mail", + "localSessionStorage": "Cache::FileCache", + "persistentStorage": "Apache::Session::File", + "mailOnPasswordChange": 0, + "captchaStorage": "Apache::Session::File", + "remoteGlobalStorageOptions": { + "proxy": "https://%%authWebName/index.pl/sessions", + "ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService" + }, + "passwordDB": "LDAP", + "captcha_size": 6, + "mailCharset": "utf-8", + "facebookExportedVars": {}, + "nullAuthnLevel": 2, + "singleIP": 0, + "dbiExportedVars": {}, + "portalSkin": "bootstrap", + "storePassword": 0, + "hiddenAttributes": "_password", + "samlServicePrivateKeySig": "", + "globalStorage": "Apache::Session::File", + "notificationWildcard": "allusers", + "portalForceAuthn": 0, + "samlMetadataForceUTF8": 1, + "secureTokenUrls": ".*", + "secureTokenAllowOnError": 1, + "samlAuthnContextMapTLSClient": 5, + "ldapAllowResetExpiredPassword": 0, + "oidcOPMetaDataExportedVars": {}, + "notifyOther": 0, + "secureTokenExpiration": 60, + "captcha_mail_enabled": 0, + "samlStorageOptions": {}, + "samlOrganizationDisplayName": "Example", + "trustedProxies": "", + "secureTokenHeader": "Auth-Token", + "issuerDBCASActivation": 1, + "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;", + "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", + "samlIDPMetaDataXML": {}, + "oidcStorageOptions": {}, + "cfgDate": 1519998069, + "samlAuthnContextMapPassword": 2, + "portalDisplayLoginHistory": 1, + "ldapPasswordResetAttributeValue": "TRUE", + "ldapServer": "%%ldapScheme://%%ldapServer", + "samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;", + "samlIDPMetaDataExportedAttributes": null, + "samlServicePrivateKeyEnc": "", + "useRedirectOnForbidden": 0, + "captcha_login_enabled": 0, + "https": 0, + "checkXSS": 1, + "ldapSetPassword": 0, + "portalPingInterval": 60000, + "captchaStorageOptions": { + "Directory": "/var/lib/lemonldap-ng/captcha/" + }, + "useSafeJail": 1, + "registerDoneSubject": "[LemonLDAP::NG] Your new account", + "issuerDBCASRule": 1, + "samlAuthnContextMapKerberos": 4, + "ldapGroupAttributeNameSearch": "cn", + "logoutServices": {}, + "samlIDPSSODescriptorWantAuthnRequestsSigned": 1, + "portalDisplayLogout": 1, + "issuerDBGetParameters": {}, + "googleExportedVars": {}, + "openIdSreg_fullname": "cn", + "samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact", + "demoExportedVars": { + "mail": "mail", + "uid": "uid", + "cn": "cn" + }, + "oidcOPMetaDataJSON": null, + "samlIdPResolveCookie": "lemonldapidp", + "samlRelayStateTimeout": 600, + "samlOrganizationURL": "https://auth.%%nom_domaine_local", + "globalStorageOptions": { + "Directory": "/var/lib/lemonldap-ng/sessions", + "LockDirectory": "/var/lib/lemonldap-ng/sessions/lock" + }, + "ldapExportedVars": { + "mail": "mail", + "cn": "cn", + "uid": "uid" + }, + "webIDExportedVars": {}, + "activeTimer": 1, + "cda": 0, + "samlServicePublicKeySig": "", +%if %%llCheckLogins == "oui" + "portalCheckLogins": 1, +%else + "portalCheckLogins": 0, +%end if + "CAS_authnLevel": 1, + "macros": { + "_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\"" + }, + "samlIDPMetaDataOptions": null, + "twitterAuthnLevel": 1, + "openIdExportedVars": {}, + "captcha_register_enabled": 1, + "oidcOPMetaDataJWKS": null, + "webIDAuthnLevel": 1, + "issuerDBOpenIDActivation": "1", +%if %%is_empty(%%llResetUrl) + "mailUrl": "https://%%authWebName/mail.pl", +%else + "mailUrl": "%%llResetUrl", +%end if + "maintenance": 0, + "jsRedirect": 0, + "cfgAuthor": "Cadoles", + "persistentStorageOptions": { + "LockDirectory": "/var/lib/lemonldap-ng/psessions/lock", + "Directory": "/var/lib/lemonldap-ng/psessions" + }, + "SSLAuthnLevel": 5, + "oidcServiceMetaDataAuthnContext": {}, + "samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", + "notification": 1, + "ldapChangePasswordAsUser": 0, + "CAS_proxiedServices": {}, + "key": "e\"bTCt3*eU9^\\V%b", + "portal": "https://%%authWebName/", + "singleSessionUserByIP": 0, + "portalOpenLinkInNewWindow": 0, + "post": { + "test2.%%nom_domaine_local": {}, + "test1.%%nom_domaine_local": {}, + "%%managerWebName": {} + }, + "samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost", + "issuerDBSAMLRule": 1, + "samlCommonDomainCookieActivation": 0, + "syslog": "", + "ldapBase": "%%ldapUserBaseDN", + "ldapAuthnLevel": 2, + "mailTimeout": 0, + "samlEntityID": "#PORTAL#/saml/metadata", + "oidcOPMetaDataOptions": null, + "samlSPSSODescriptorWantAssertionsSigned": 1, + "samlOrganizationName": "%%samlOrganizationName", +%if %%RegisterDB == "Custom" + "registerUrl": "%%llRegisterURL", +%else + "registerUrl": "https://%%authWebName/register.pl", +%end if + "casAccessControlPolicy": "none", + "multiValuesSeparator": ";", + "ldapPort": %%ldapServerPort +}