Update configuration and dictionnary for v2.0

This commit is contained in:
Benjamin Bohard 2019-07-15 10:40:26 +02:00
parent abb1d10a87
commit 73fb96c026
3 changed files with 453 additions and 6 deletions

View File

@ -2,12 +2,12 @@
<creole> <creole>
<files> <files>
<!-- Je suis un commentaire --> <!-- Je suis un commentaire -->
<file filelist='lemon' name='/etc/nginx/sites-available/manager-nginx.conf' mkdir='True' rm='True'/> <file filelist='lemon' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemon' name='/etc/nginx/sites-available/handler-nginx.conf' mkdir='True' rm='True'/> <file filelist='lemon' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/> <file filelist='lemon' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemon' name='/etc/nginx/sites-available/test-nginx.conf' mkdir='True' rm='True'/> <file filelist='lemon' name='/etc/lemonldap-ng/test-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/>
<file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/> <file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/> <file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/> <file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/> <file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>

View File

@ -110,6 +110,12 @@ localStorageOptions={ \
; restart your server. This increase performances ; restart your server. This increase performances
;useLocalConf = 1 ;useLocalConf = 1
; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = /static
; location of HTML templates directory
templateDir = /usr/share/lemonldap-ng/portal/templates
; languages: available languages for portal interface
languages = fr, en
; PORTAL CUSTOMIZATION ; PORTAL CUSTOMIZATION
; Name of the skin ; Name of the skin
portalSkin = %%llSkin portalSkin = %%llSkin
@ -276,7 +282,7 @@ logLevel = warn
staticPrefix = /static staticPrefix = /static
; ;
; location of HTML templates directory ; location of HTML templates directory
templateDir = /usr/share/lemonldap-ng/manager/templates templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates
; languages: available languages for manager interface ; languages: available languages for manager interface
languages = fr, en languages = fr, en

441
tmpl/lmConf-1.json Normal file
View File

@ -0,0 +1,441 @@
%set %%ssoFilters = %%getSSOFilters
{
"ldapGroupAttributeNameUser": "dn",
"cfgAuthorIP": "172.16.0.1",
"samlSPMetaDataXML": null,
"facebookAuthnLevel": 1,
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
"secureTokenAttribute": "uid",
"singleSession": 0,
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
"CAS_pgtFile": "/tmp/pgt.txt",
"cookieName": "lemonldap",
"slaveExportedVars": {},
"whatToTrace": "_whatToTrace",
"oidcRPMetaDataOptions": {},
"notifyDeleted": 1,
"useRedirectOnError": 1,
"samlSPMetaDataExportedAttributes": null,
"ldapPwdEnc": "utf-8",
"openIdSPList": "0;",
"samlNameIDFormatMapEmail": "mail",
"samlSPMetaDataOptions": null,
"issuerDBOpenIDRule": 1,
"casStorageOptions": {},
"mailFrom": "noreply@%%nom_domaine_local",
"timeoutActivity": 0,
"oidcRPMetaDataExportedVars": {},
"issuerDBSAMLActivation": 0,
"issuerDBCASPath": "^/%%casFolder/",
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"exportedHeaders": {
"test1.%%nom_domaine_local": {
"Auth-User": "$uid"
},
"test2.%%nom_domaine_local": {
"Auth-User": "$uid"
},
"%%managerWebName": {}
},
"vhostOptions": {
"%%managerWebName": {
"vhostHttps" : "1"
},
"test1.%%nom_domaine_local": {},
"test2.%%nom_domaine_local": {}
},
"radiusAuthnLevel": 3,
"dbiAuthnLevel": 2,
"ldapPasswordResetAttribute": "pwdReset",
"ldapGroupObjectClass": "groupOfNames",
"apacheAuthnLevel": 4,
"samlNameIDFormatMapKerberos": "uid",
"groups": {},
"securedCookie": 0,
"httpOnly": 1,
"yubikeyAuthnLevel": 3,
"ADPwdMaxAge": 0,
"samlUseQueryStringSpecific": 0,
"loginHistoryEnabled": 1,
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
"failedLoginNumber": 5,
"samlServicePrivateKeyEncPwd": "",
"portalForceAuthnInterval": 0,
"cfgLog": "",
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"exportedVars": {
"UA": "HTTP_USER_AGENT",
%for att in %%casAttribute
"%%att": "%%att",
%end for
%set %%idx = 0
%set %%size = %%len(%%ssoFilters) - 1
%for key,value in %%ssoFilters
%if %%idx == %%size
"%%key": "%%value"
%else
"%%key": "%%value",
%end if
%set %%idx += 1
%end for
},
"notificationStorage": "File",
"applicationList": {
"1sample": {
"test2": {
"options": {
"name": "Application Test 2",
"logo": "thumbnail.png",
"uri": "https://test2.%%nom_domaine_local/",
"display": "auto",
"description": "The same simple application displaying authenticated user"
},
"type": "application"
},
"type": "category",
"catname": "Sample applications",
"test1": {
"type": "application",
"options": {
"description": "A simple application displaying authenticated user",
"uri": "https://test1.%%nom_domaine_local/",
"logo": "demo.png",
"display": "auto",
"name": "Application Test 1"
}
}
},
"2administration": {
"notifications": {
"options": {
"name": "Notifications explorer",
"display": "auto",
"description": "Explore WebSSO notifications",
"uri": "https://%%managerWebName/notifications.pl",
"logo": "database.png"
},
"type": "application"
},
"manager": {
"options": {
"uri": "https://%%managerWebName/",
"display": "auto",
"description": "Configure LemonLDAP::NG WebSSO",
"logo": "configure.png",
"name": "WebSSO Manager"
},
"type": "application"
},
"type": "category",
"sessions": {
"type": "application",
"options": {
"description": "Explore WebSSO sessions",
"uri": "https://%%managerWebName/sessions.pl",
"logo": "database.png",
"display": "auto",
"name": "Sessions explorer"
}
},
"catname": "Administration"
},
"3documentation": {
"catname": "Documentation",
"officialwebsite": {
"type": "application",
"options": {
"name": "Offical Website",
"description": "Official LemonLDAP::NG Website",
"logo": "network.png",
"display": "on",
"uri": "http://lemonldap-ng.org/"
}
},
"type": "category",
"localdoc": {
"options": {
"logo": "help.png",
"description": "Documentation supplied with LemonLDAP::NG",
"display": "on",
"uri": "http://%%managerWebName/doc/",
"name": "Local documentation"
},
"type": "application"
}
}
},
"userControl": "^[\\w\\.\\-@]+$",
"timeout": 72000,
"portalAntiFrame": 1,
"SMTPServer": "",
"ldapTimeout": 120,
"samlAuthnContextMapPasswordProtectedTransport": 3,
"ldapUsePasswordResetAttribute": 1,
"ldapPpolicyControl": 0,
"casAttributes": {
%for att in %%casAttribute
"%%att": "%%att.casLDAPAttribute",
%end for
%set %%idx = 0
%set %%size = %%len(%%ssoFilters) - 1
%for key,value in %%ssoFilters
%if %%idx == %%size
"%%key": "%%key"
%else
"%%key": "%%key",
%end if
%set %%idx += 1
%end for
},
"issuerDBSAMLPath": "^/saml/",
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
"portalDisplayAppslist": 1,
"confirmFormMethod": "post",
"domain": "%%nom_domaine_local",
"cfgNum": "1",
"authentication": "LDAP",
"samlNameIDFormatMapWindows": "uid",
"authChoiceModules": {},
"ldapGroupAttributeName": "member",
"samlServicePrivateKeySigPwd": "",
"googleAuthnLevel": 1,
"successLoginNumber": 5,
"localSessionStorageOptions": {
"cache_root": "/tmp",
"namespace": "lemonldap-ng-sessions",
"default_expires_in": 600,
"directory_umask": "007",
"cache_depth": 3
},
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"portalRequireOldPassword": 1,
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
"ADPwdExpireWarning": 0,
"yubikeyPublicIDSize": 12,
"ldapGroupAttributeNameGroup": "dn",
"oidcRPMetaDataOptionsExtraClaims": null,
"ldapGroupRecursive": 0,
"mailSubject": "[LemonLDAP::NG] Your new password",
"nginxCustomHandlers": {},
"samlSPSSODescriptorAuthnRequestsSigned": 1,
%if %%llResetPassword == "oui"
"portalDisplayResetPassword": 1,
%else
"portalDisplayResetPassword": 0,
%end if
"openIdSreg_timezone": "_timezone",
"infoFormMethod": "get",
"openIdAuthnLevel": 1,
"openIdSreg_nickname": "uid",
"samlServicePublicKeyEnc": "",
"userDB": "LDAP",
"grantSessionRules": {},
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
"reloadUrls": {
"%%reloadWebName": "https://%%reloadWebName/reload"
},
"registerTimeout": 0,
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
"slaveAuthnLevel": 2,
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"Soap": 1,
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
%if %%RegisterDB == "Custom"
"registerDB": "Null",
%else
"registerDB": "%%RegisterDB",
%end if
"locationRules": {
"%%managerWebName": {
"default": "$uid eq \"%%lemonAdmin\""
},
"test1.%%nom_domaine_local": {
"default": "accept",
"^/logout": "logout_sso"
},
"test2.%%nom_domaine_local": {
"default": "accept",
"^/logout": "logout_sso"
}
},
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
"hideOldPassword": 0,
%if %%is_file(%%ldapBindUserPassword)
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
%else
"managerPassword": "%%ldapBindUserPassword",
%end if
"authChoiceParam": "lmAuth",
"lwpSslOpts": {},
"portalSkinRules": {},
"issuerDBOpenIDPath": "^/openidserver/",
"redirectFormMethod": "get",
"portalDisplayRegister": 1,
"secureTokenMemcachedServers": "127.0.0.1:11211",
"notificationStorageOptions": {
"dirName": "/var/lib/lemonldap-ng/notifications"
},
"browserIdAuthnLevel": 1,
"portalUserAttr": "_user",
"ldapVersion": 3,
"sessionDataToRemember": {},
"samlNameIDFormatMapX509": "mail",
"managerDn": "%%ldapBindUserDN",
"mailSessionKey": "mail",
"openIdSreg_email": "mail",
"localSessionStorage": "Cache::FileCache",
"persistentStorage": "Apache::Session::File",
"mailOnPasswordChange": 0,
"captchaStorage": "Apache::Session::File",
"remoteGlobalStorageOptions": {
"proxy": "https://%%authWebName/index.pl/sessions",
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
},
"passwordDB": "LDAP",
"captcha_size": 6,
"mailCharset": "utf-8",
"facebookExportedVars": {},
"nullAuthnLevel": 2,
"singleIP": 0,
"dbiExportedVars": {},
"portalSkin": "bootstrap",
"storePassword": 0,
"hiddenAttributes": "_password",
"samlServicePrivateKeySig": "",
"globalStorage": "Apache::Session::File",
"notificationWildcard": "allusers",
"portalForceAuthn": 0,
"samlMetadataForceUTF8": 1,
"secureTokenUrls": ".*",
"secureTokenAllowOnError": 1,
"samlAuthnContextMapTLSClient": 5,
"ldapAllowResetExpiredPassword": 0,
"oidcOPMetaDataExportedVars": {},
"notifyOther": 0,
"secureTokenExpiration": 60,
"captcha_mail_enabled": 0,
"samlStorageOptions": {},
"samlOrganizationDisplayName": "Example",
"trustedProxies": "",
"secureTokenHeader": "Auth-Token",
"issuerDBCASActivation": 1,
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"samlIDPMetaDataXML": {},
"oidcStorageOptions": {},
"cfgDate": 1519998069,
"samlAuthnContextMapPassword": 2,
"portalDisplayLoginHistory": 1,
"ldapPasswordResetAttributeValue": "TRUE",
"ldapServer": "%%ldapScheme://%%ldapServer",
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
"samlIDPMetaDataExportedAttributes": null,
"samlServicePrivateKeyEnc": "",
"useRedirectOnForbidden": 0,
"captcha_login_enabled": 0,
"https": 0,
"checkXSS": 1,
"ldapSetPassword": 0,
"portalPingInterval": 60000,
"captchaStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/captcha/"
},
"useSafeJail": 1,
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
"issuerDBCASRule": 1,
"samlAuthnContextMapKerberos": 4,
"ldapGroupAttributeNameSearch": "cn",
"logoutServices": {},
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
"portalDisplayLogout": 1,
"issuerDBGetParameters": {},
"googleExportedVars": {},
"openIdSreg_fullname": "cn",
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
"demoExportedVars": {
"mail": "mail",
"uid": "uid",
"cn": "cn"
},
"oidcOPMetaDataJSON": null,
"samlIdPResolveCookie": "lemonldapidp",
"samlRelayStateTimeout": 600,
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
"globalStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/sessions",
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
},
"ldapExportedVars": {
"mail": "mail",
"cn": "cn",
"uid": "uid"
},
"webIDExportedVars": {},
"activeTimer": 1,
"cda": 0,
"samlServicePublicKeySig": "",
%if %%llCheckLogins == "oui"
"portalCheckLogins": 1,
%else
"portalCheckLogins": 0,
%end if
"CAS_authnLevel": 1,
"macros": {
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
},
"samlIDPMetaDataOptions": null,
"twitterAuthnLevel": 1,
"openIdExportedVars": {},
"captcha_register_enabled": 1,
"oidcOPMetaDataJWKS": null,
"webIDAuthnLevel": 1,
"issuerDBOpenIDActivation": "1",
%if %%is_empty(%%llResetUrl)
"mailUrl": "https://%%authWebName/mail.pl",
%else
"mailUrl": "%%llResetUrl",
%end if
"maintenance": 0,
"jsRedirect": 0,
"cfgAuthor": "Cadoles",
"persistentStorageOptions": {
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
"Directory": "/var/lib/lemonldap-ng/psessions"
},
"SSLAuthnLevel": 5,
"oidcServiceMetaDataAuthnContext": {},
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"notification": 1,
"ldapChangePasswordAsUser": 0,
"CAS_proxiedServices": {},
"key": "e\"bTCt3*eU9^\\V%b",
"portal": "https://%%authWebName/",
"singleSessionUserByIP": 0,
"portalOpenLinkInNewWindow": 0,
"post": {
"test2.%%nom_domaine_local": {},
"test1.%%nom_domaine_local": {},
"%%managerWebName": {}
},
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
"issuerDBSAMLRule": 1,
"samlCommonDomainCookieActivation": 0,
"syslog": "",
"ldapBase": "%%ldapUserBaseDN",
"ldapAuthnLevel": 2,
"mailTimeout": 0,
"samlEntityID": "#PORTAL#/saml/metadata",
"oidcOPMetaDataOptions": null,
"samlSPSSODescriptorWantAssertionsSigned": 1,
"samlOrganizationName": "%%samlOrganizationName",
%if %%RegisterDB == "Custom"
"registerUrl": "%%llRegisterURL",
%else
"registerUrl": "https://%%authWebName/register.pl",
%end if
"casAccessControlPolicy": "none",
"multiValuesSeparator": ";",
"ldapPort": %%ldapServerPort
}