%set %%ssoFilters = %%getSSOFilters { "ldapGroupAttributeNameUser": "dn", "cfgAuthorIP": "172.16.0.1", "samlSPMetaDataXML": null, "facebookAuthnLevel": 1, "mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation", "secureTokenAttribute": "uid", "singleSession": 0, "registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation", "CAS_pgtFile": "/tmp/pgt.txt", "cookieName": "lemonldap", "slaveExportedVars": {}, "whatToTrace": "_whatToTrace", "oidcRPMetaDataOptions": {}, "notifyDeleted": 1, "useRedirectOnError": 1, "samlSPMetaDataExportedAttributes": null, "ldapPwdEnc": "utf-8", "openIdSPList": "0;", "samlNameIDFormatMapEmail": "mail", "samlSPMetaDataOptions": null, "issuerDBOpenIDRule": 1, "casStorageOptions": {}, "mailFrom": "noreply@%%nom_domaine_local", "timeoutActivity": 0, "oidcRPMetaDataExportedVars": {}, "issuerDBSAMLActivation": 0, "issuerDBCASPath": "^/%%casFolder/", "randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}", "samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;", "samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", "exportedHeaders": { "test1.%%nom_domaine_local": { "Auth-User": "$uid" }, "test2.%%nom_domaine_local": { "Auth-User": "$uid" }, "%%managerWebName": {} }, "vhostOptions": { "%%managerWebName": { "vhostHttps" : "1" }, "test1.%%nom_domaine_local": {}, "test2.%%nom_domaine_local": {} }, "radiusAuthnLevel": 3, "dbiAuthnLevel": 2, "ldapPasswordResetAttribute": "pwdReset", "ldapGroupObjectClass": "groupOfNames", "apacheAuthnLevel": 4, "samlNameIDFormatMapKerberos": "uid", "groups": {}, "securedCookie": 0, "httpOnly": 1, "yubikeyAuthnLevel": 3, "ADPwdMaxAge": 0, "samlUseQueryStringSpecific": 0, "loginHistoryEnabled": 1, "samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;", "failedLoginNumber": 5, "samlServicePrivateKeyEncPwd": "", "portalForceAuthnInterval": 0, "cfgLog": "", "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", "exportedVars": { "UA": "HTTP_USER_AGENT", %for att in %%casAttribute "%%att": "%%att", %end for %set %%idx = 0 %set %%size = %%len(%%ssoFilters) - 1 %for key,value in %%ssoFilters %if %%idx == %%size "%%key": "%%value" %else "%%key": "%%value", %end if %set %%idx += 1 %end for }, "notificationStorage": "File", "applicationList": { "1sample": { "test2": { "options": { "name": "Application Test 2", "logo": "thumbnail.png", "uri": "https://test2.%%nom_domaine_local/", "display": "auto", "description": "The same simple application displaying authenticated user" }, "type": "application" }, "type": "category", "catname": "Sample applications", "test1": { "type": "application", "options": { "description": "A simple application displaying authenticated user", "uri": "https://test1.%%nom_domaine_local/", "logo": "demo.png", "display": "auto", "name": "Application Test 1" } } }, "2administration": { "notifications": { "options": { "name": "Notifications explorer", "display": "auto", "description": "Explore WebSSO notifications", "uri": "https://%%managerWebName/notifications.pl", "logo": "database.png" }, "type": "application" }, "manager": { "options": { "uri": "https://%%managerWebName/", "display": "auto", "description": "Configure LemonLDAP::NG WebSSO", "logo": "configure.png", "name": "WebSSO Manager" }, "type": "application" }, "type": "category", "sessions": { "type": "application", "options": { "description": "Explore WebSSO sessions", "uri": "https://%%managerWebName/sessions.pl", "logo": "database.png", "display": "auto", "name": "Sessions explorer" } }, "catname": "Administration" }, "3documentation": { "catname": "Documentation", "officialwebsite": { "type": "application", "options": { "name": "Offical Website", "description": "Official LemonLDAP::NG Website", "logo": "network.png", "display": "on", "uri": "http://lemonldap-ng.org/" } }, "type": "category", "localdoc": { "options": { "logo": "help.png", "description": "Documentation supplied with LemonLDAP::NG", "display": "on", "uri": "https://%%managerWebName/doc/", "name": "Local documentation" }, "type": "application" } } }, "userControl": "^[\\w\\.\\-@]+$", "timeout": 72000, "portalAntiFrame": 1, "SMTPServer": "", "ldapTimeout": 120, "samlAuthnContextMapPasswordProtectedTransport": 3, "ldapUsePasswordResetAttribute": 1, "ldapPpolicyControl": 0, "casAttributes": { %for att in %%casAttribute "%%att": "%%att.casLDAPAttribute", %end for %set %%idx = 0 %set %%size = %%len(%%ssoFilters) - 1 %for key,value in %%ssoFilters %if %%idx == %%size "%%key": "%%key" %else "%%key": "%%key", %end if %set %%idx += 1 %end for }, "issuerDBSAMLPath": "^/saml/", "samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;", "portalDisplayAppslist": 1, "confirmFormMethod": "post", "domain": "%%nom_domaine_local", "cfgNum": "1", "authentication": "LDAP", "samlNameIDFormatMapWindows": "uid", "authChoiceModules": {}, "ldapGroupAttributeName": "member", "samlServicePrivateKeySigPwd": "", "googleAuthnLevel": 1, "successLoginNumber": 5, "localSessionStorageOptions": { "cache_root": "/tmp", "namespace": "lemonldap-ng-sessions", "default_expires_in": 600, "directory_umask": "007", "cache_depth": 3 }, "samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", "portalRequireOldPassword": 1, "samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;", "ADPwdExpireWarning": 0, "yubikeyPublicIDSize": 12, "ldapGroupAttributeNameGroup": "dn", "oidcRPMetaDataOptionsExtraClaims": null, "ldapGroupRecursive": 0, "mailSubject": "[LemonLDAP::NG] Your new password", "nginxCustomHandlers": {}, "samlSPSSODescriptorAuthnRequestsSigned": 1, %if %%llResetPassword == "oui" "portalDisplayResetPassword": 1, %else "portalDisplayResetPassword": 0, %end if "openIdSreg_timezone": "_timezone", "infoFormMethod": "get", "openIdAuthnLevel": 1, "openIdSreg_nickname": "uid", "samlServicePublicKeyEnc": "", "userDB": "LDAP", "grantSessionRules": {}, "remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP", "reloadUrls": { "%%reloadWebName": "https://%%reloadWebName/reload" }, "registerTimeout": 0, "samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;", "slaveAuthnLevel": 2, "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", "Soap": 1, %set %%RegisterDB=%%getVar('llRegisterDB', 'Demo') %if %%RegisterDB == "Custom" "registerDB": "Null", %else "registerDB": "%%RegisterDB", %end if "locationRules": { "%%managerWebName": { "default": "$uid eq \"%%lemonAdmin\"" }, "test1.%%nom_domaine_local": { "default": "accept", "^/logout": "logout_sso" }, "test2.%%nom_domaine_local": { "default": "accept", "^/logout": "logout_sso" } }, "portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/", "hideOldPassword": 0, %if %%is_file(%%ldapBindUserPassword) "managerPassword": "%%readPass("", %%ldapBindUserPassword)", %else "managerPassword": "%%ldapBindUserPassword", %end if "authChoiceParam": "lmAuth", "lwpSslOpts": {}, "portalSkinRules": {}, "issuerDBOpenIDPath": "^/openidserver/", "redirectFormMethod": "get", "portalDisplayRegister": 1, "secureTokenMemcachedServers": "127.0.0.1:11211", "notificationStorageOptions": { "dirName": "/var/lib/lemonldap-ng/notifications" }, "browserIdAuthnLevel": 1, "portalUserAttr": "_user", "ldapVersion": 3, "sessionDataToRemember": {}, "samlNameIDFormatMapX509": "mail", "managerDn": "%%ldapBindUserDN", "mailSessionKey": "mail", "openIdSreg_email": "mail", "localSessionStorage": "Cache::FileCache", "persistentStorage": "Apache::Session::File", "mailOnPasswordChange": 0, "captchaStorage": "Apache::Session::File", "remoteGlobalStorageOptions": { "proxy": "https://%%authWebName/index.pl/sessions", "ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService" }, "passwordDB": "LDAP", "captcha_size": 6, "mailCharset": "utf-8", "facebookExportedVars": {}, "nullAuthnLevel": 2, "singleIP": 0, "dbiExportedVars": {}, "portalSkin": "bootstrap", "storePassword": 0, "hiddenAttributes": "_password", "samlServicePrivateKeySig": "", "globalStorage": "Apache::Session::File", "notificationWildcard": "allusers", "portalForceAuthn": 0, "samlMetadataForceUTF8": 1, "secureTokenUrls": ".*", "secureTokenAllowOnError": 1, "samlAuthnContextMapTLSClient": 5, "ldapAllowResetExpiredPassword": 0, "oidcOPMetaDataExportedVars": {}, "notifyOther": 0, "secureTokenExpiration": 60, "captcha_mail_enabled": 0, "samlStorageOptions": {}, "samlOrganizationDisplayName": "Example", "trustedProxies": "", "secureTokenHeader": "Auth-Token", "issuerDBCASActivation": 1, "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;", "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", "samlIDPMetaDataXML": {}, "oidcStorageOptions": {}, "cfgDate": 1519998069, "samlAuthnContextMapPassword": 2, "portalDisplayLoginHistory": 1, "ldapPasswordResetAttributeValue": "TRUE", "ldapServer": "%%ldapScheme://%%ldapServer", "samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;", "samlIDPMetaDataExportedAttributes": null, "samlServicePrivateKeyEnc": "", "useRedirectOnForbidden": 0, "captcha_login_enabled": 0, "https": 0, "checkXSS": 1, "ldapSetPassword": 0, "portalPingInterval": 60000, "captchaStorageOptions": { "Directory": "/var/lib/lemonldap-ng/captcha/" }, "useSafeJail": 1, "registerDoneSubject": "[LemonLDAP::NG] Your new account", "issuerDBCASRule": 1, "samlAuthnContextMapKerberos": 4, "ldapGroupAttributeNameSearch": "cn", "logoutServices": {}, "samlIDPSSODescriptorWantAuthnRequestsSigned": 1, "portalDisplayLogout": 1, "issuerDBGetParameters": {}, "googleExportedVars": {}, "openIdSreg_fullname": "cn", "samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact", "demoExportedVars": { "mail": "mail", "uid": "uid", "cn": "cn" }, "oidcOPMetaDataJSON": null, "samlIdPResolveCookie": "lemonldapidp", "samlRelayStateTimeout": 600, "samlOrganizationURL": "https://auth.%%nom_domaine_local", "globalStorageOptions": { "Directory": "/var/lib/lemonldap-ng/sessions", "LockDirectory": "/var/lib/lemonldap-ng/sessions/lock" }, "ldapExportedVars": { "mail": "mail", "cn": "cn", "uid": "uid" }, "webIDExportedVars": {}, "activeTimer": 1, "cda": 0, "samlServicePublicKeySig": "", %if %%llCheckLogins == "oui" "portalCheckLogins": 1, %else "portalCheckLogins": 0, %end if "CAS_authnLevel": 1, "macros": { "_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\"" }, "samlIDPMetaDataOptions": null, "twitterAuthnLevel": 1, "openIdExportedVars": {}, "captcha_register_enabled": 1, "oidcOPMetaDataJWKS": null, "webIDAuthnLevel": 1, "issuerDBOpenIDActivation": "1", %if %%llResetPassword == "oui" %if %%is_empty(%%llResetUrl) "mailUrl": "https://%%authWebName/mail.pl", %else "mailUrl": "%%llResetUrl", %end if %end if "maintenance": 0, "jsRedirect": 0, "cfgAuthor": "Cadoles", "persistentStorageOptions": { "LockDirectory": "/var/lib/lemonldap-ng/psessions/lock", "Directory": "/var/lib/lemonldap-ng/psessions" }, "SSLAuthnLevel": 5, "oidcServiceMetaDataAuthnContext": {}, "samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", "notification": 1, "ldapChangePasswordAsUser": 0, "CAS_proxiedServices": {}, "key": "e\"bTCt3*eU9^\\V%b", "portal": "https://%%authWebName/", "singleSessionUserByIP": 0, "portalOpenLinkInNewWindow": 0, "post": { "test2.%%nom_domaine_local": {}, "test1.%%nom_domaine_local": {}, "%%managerWebName": {} }, "samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost", "issuerDBSAMLRule": 1, "samlCommonDomainCookieActivation": 0, "syslog": "", "ldapBase": "%%ldapUserBaseDN", "ldapAuthnLevel": 2, "mailTimeout": 0, "samlEntityID": "#PORTAL#/saml/metadata", "oidcOPMetaDataOptions": null, "samlSPSSODescriptorWantAssertionsSigned": 1, "samlOrganizationName": "%%samlOrganizationName", %if %%RegisterDB == "Custom" "registerUrl": "%%llRegisterURL", %else "registerUrl": "https://%%authWebName/register.pl", %end if "casAccessControlPolicy": "none", "multiValuesSeparator": ";", "ldapPort": %%ldapServerPort }