401 lines
15 KiB
JSON
401 lines
15 KiB
JSON
%set %%boolean = {'oui': 1, 'non': 0}
|
|
%set %%ssoFilters = %%getSSOFilters
|
|
%set %%exported_vars = ['"UA": "HTTP_USER_AGENT"']
|
|
%set %%cas_attributes = []
|
|
%for %%attr in %%casAttribute
|
|
%silent %%exported_vars.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
|
|
%silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
|
|
%end for
|
|
%for %%key, %%value in %%ssoFilters
|
|
%silent %%exported_vars.append('"' + %%key + '": "' + %%value + '"')
|
|
%silent %%cas_attributes.append('"' + %%key + '": "' + %%value + '"')
|
|
%end for
|
|
%silent %%exported_vars.sort()
|
|
%silent %%cas_attributes.sort()
|
|
{
|
|
%if %%lemon_user_db == "AD"
|
|
"ADPwdExpireWarning": %%llADPasswordExpireWarn,
|
|
"ADPwdMaxAge": %%llADPasswordMaxAge,
|
|
%end if
|
|
"CAS_authnLevel": 1,
|
|
"CAS_pgtFile": "/tmp/pgt.txt",
|
|
"CAS_proxiedServices": {},
|
|
"SMTPServer": "",
|
|
"SSLAuthnLevel": 5,
|
|
"Soap": 1,
|
|
"activeTimer": 1,
|
|
"apacheAuthnLevel": 4,
|
|
"applicationList": {
|
|
"1administration": {
|
|
"catname": "Administration",
|
|
"manager": {
|
|
"options": {
|
|
"description": "Configure LemonLDAP::NG WebSSO",
|
|
"display": "auto",
|
|
"logo": "configure.png",
|
|
"name": "WebSSO Manager",
|
|
"uri": "https://%%managerWebName/"
|
|
},
|
|
"type": "application"
|
|
},
|
|
"notifications": {
|
|
"options": {
|
|
"description": "Explore WebSSO notifications",
|
|
"display": "auto",
|
|
"logo": "database.png",
|
|
"name": "Notifications explorer",
|
|
"uri": "https://%%managerWebName/notifications.pl"
|
|
},
|
|
"type": "application"
|
|
},
|
|
"sessions": {
|
|
"options": {
|
|
"description": "Explore WebSSO sessions",
|
|
"display": "auto",
|
|
"logo": "database.png",
|
|
"name": "Sessions explorer",
|
|
"uri": "https://%%managerWebName/sessions.pl"
|
|
},
|
|
"type": "application"
|
|
},
|
|
"type": "category"
|
|
},
|
|
"2documentation": {
|
|
"catname": "Documentation",
|
|
"localdoc": {
|
|
"options": {
|
|
"description": "Documentation supplied with LemonLDAP::NG",
|
|
"display": "on",
|
|
"logo": "help.png",
|
|
"name": "Local documentation",
|
|
"uri": "http://%%managerWebName/doc/"
|
|
},
|
|
"type": "application"
|
|
},
|
|
"officialwebsite": {
|
|
"options": {
|
|
"description": "Official LemonLDAP::NG Website",
|
|
"display": "on",
|
|
"logo": "network.png",
|
|
"name": "Offical Website",
|
|
"uri": "http://lemonldap-ng.org/"
|
|
},
|
|
"type": "application"
|
|
},
|
|
"type": "category"
|
|
}
|
|
},
|
|
"authChoiceModules": {},
|
|
"authChoiceParam": "lmAuth",
|
|
"authentication": "%%lemon_user_db",
|
|
"browserIdAuthnLevel": 1,
|
|
"captchaStorage": "Apache::Session::File",
|
|
"captchaStorageOptions": {
|
|
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
|
},
|
|
"captcha_login_enabled": 0,
|
|
"captcha_mail_enabled": 0,
|
|
"captcha_register_enabled": 1,
|
|
"captcha_size": 6,
|
|
"casAccessControlPolicy": "none",
|
|
"casAttributes": {
|
|
%%custom_join(%%cas_attributes, ',\n ')
|
|
},
|
|
"casStorageOptions": {},
|
|
"cda": 0,
|
|
"cfgAuthor": "EOLE",
|
|
"cfgAuthorIP": "127.0.0.1",
|
|
"cfgDate": 1600257889,
|
|
"cfgLog": "",
|
|
"cfgNum": "1",
|
|
"checkXSS": 1,
|
|
"confirmFormMethod": "post",
|
|
"cookieName": "lemonldap",
|
|
"dbiAuthnLevel": 2,
|
|
"dbiExportedVars": {},
|
|
"demoExportedVars": {
|
|
"cn": "cn",
|
|
"mail": "mail",
|
|
"uid": "uid"
|
|
},
|
|
"domain": "%%nom_domaine_local",
|
|
"exportedHeaders": {
|
|
"%%managerWebName": {}
|
|
},
|
|
"exportedVars": {
|
|
%%custom_join(%%exported_vars, ',\n ')
|
|
},
|
|
"facebookAuthnLevel": 1,
|
|
"facebookExportedVars": {},
|
|
"failedLoginNumber": 5,
|
|
"globalStorage": "Apache::Session::File",
|
|
"globalStorageOptions": {
|
|
"Directory": "/var/lib/lemonldap-ng/sessions",
|
|
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
|
},
|
|
"googleAuthnLevel": 1,
|
|
"googleExportedVars": {},
|
|
"grantSessionRules": {},
|
|
"groups": {},
|
|
"hiddenAttributes": "_password",
|
|
"hideOldPassword": 0,
|
|
"httpOnly": 1,
|
|
"https": 0,
|
|
"infoFormMethod": "get",
|
|
"issuerDBCASActivation": 1,
|
|
"issuerDBCASPath": "^/%%casFolder/",
|
|
"issuerDBCASRule": 1,
|
|
"issuerDBGetParameters": {},
|
|
"issuerDBOpenIDActivation": "1",
|
|
"issuerDBOpenIDPath": "^/openidserver/",
|
|
"issuerDBOpenIDRule": 1,
|
|
"issuerDBSAMLActivation": 0,
|
|
"issuerDBSAMLPath": "^/saml/",
|
|
"issuerDBSAMLRule": 1,
|
|
"jsRedirect": 0,
|
|
"key": "e\"bTCt3*eU9^\\V%b",
|
|
%if %%llResetPassword == "oui"
|
|
%if %%llResetExpiredPassword == "oui"
|
|
%if %%lemon_user_db == "AD"
|
|
"ldapPpolicyControl": 0,
|
|
%else
|
|
"ldapPpolicyControl": 1,
|
|
%end if
|
|
"ldapAllowResetExpiredPassword": 1,
|
|
"ldapChangePasswordAsUser": 1,
|
|
%else
|
|
"ldapPpolicyControl": 0,
|
|
"ldapAllowResetExpiredPassword": 0,
|
|
"ldapChangePasswordAsUser": 1,
|
|
%end if
|
|
%end if
|
|
"ldapAuthnLevel": 2,
|
|
"ldapSearchDeref": "find",
|
|
"ldapBase": "%%ldapUserBaseDN",
|
|
"ldapExportedVars": {
|
|
"cn": "cn",
|
|
"mail": "mail",
|
|
"uid": "uid"
|
|
},
|
|
"ldapGroupAttributeName": "memberUid",
|
|
"ldapGroupAttributeNameGroup": "dn",
|
|
"ldapGroupAttributeNameSearch": "cn",
|
|
"ldapGroupAttributeNameUser": "uid",
|
|
"ldapGroupObjectClass": "eolegroupe",
|
|
"ldapGroupRecursive": 0,
|
|
"ldapPasswordResetAttribute": "pwdReset",
|
|
"ldapPasswordResetAttributeValue": "TRUE",
|
|
"ldapPort": "%%ldapServerPort",
|
|
"ldapPwdEnc": "utf-8",
|
|
"ldapServer": "%%ldapScheme://%%ldapServer",
|
|
%if %%ldapScheme == "ldaps"
|
|
%if %%lmldapverify == "oui"
|
|
"ldapVerify": "required",
|
|
%else
|
|
"ldapVerify": "none",
|
|
%end if
|
|
%end if
|
|
"ldapSetPassword": 0,
|
|
"ldapTimeout": 120,
|
|
"ldapUsePasswordResetAttribute": 1,
|
|
"ldapVersion": 3,
|
|
"localSessionStorage": "Cache::FileCache",
|
|
"localSessionStorageOptions": {
|
|
"cache_depth": 3,
|
|
"cache_root": "/tmp",
|
|
"default_expires_in": 600,
|
|
"directory_umask": "007",
|
|
"namespace": "lemonldap-ng-sessions"
|
|
},
|
|
"locationRules": {
|
|
"%%managerWebName": {
|
|
"default": "$uid eq \"%%lemonAdmin\""
|
|
}
|
|
},
|
|
"loginHistoryEnabled": 1,
|
|
"logoutServices": {},
|
|
"lwpSslOpts": {},
|
|
"macros": {
|
|
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
|
},
|
|
"mailCharset": "utf-8",
|
|
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
|
"mailFrom": "noreply@%%nom_domaine_local",
|
|
"mailOnPasswordChange": 0,
|
|
"mailSessionKey": "mail",
|
|
"mailSubject": "[LemonLDAP::NG] Your new password",
|
|
"mailTimeout": 0,
|
|
%if %%llResetPassword == "oui"
|
|
%if %%is_empty(%%llResetUrl)
|
|
"mailUrl": "https://%%authWebName/resetpwd",
|
|
%else
|
|
"mailUrl": "%%llResetUrl",
|
|
%end if
|
|
%end if
|
|
"maintenance": 0,
|
|
"managerDn": "%%ldapBindUserDN",
|
|
%if %%is_file(%%ldapBindUserPassword)
|
|
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
|
|
%else
|
|
"managerPassword": "%%ldapBindUserPassword",
|
|
%end if
|
|
"multiValuesSeparator": ";",
|
|
"nginxCustomHandlers": {},
|
|
"notification": 1,
|
|
"notificationStorage": "File",
|
|
"notificationStorageOptions": {
|
|
"dirName": "/var/lib/lemonldap-ng/notifications"
|
|
},
|
|
"notificationWildcard": "allusers",
|
|
"notifyDeleted": 1,
|
|
"notifyOther": 0,
|
|
"nullAuthnLevel": 2,
|
|
"oidcOPMetaDataExportedVars": {},
|
|
"oidcOPMetaDataJSON": null,
|
|
"oidcOPMetaDataJWKS": null,
|
|
"oidcOPMetaDataOptions": null,
|
|
"oidcRPMetaDataExportedVars": {},
|
|
"oidcRPMetaDataOptions": {},
|
|
"oidcRPMetaDataOptionsExtraClaims": null,
|
|
"oidcServiceMetaDataAuthnContext": {},
|
|
"oidcStorageOptions": {},
|
|
"openIdAuthnLevel": 1,
|
|
"openIdExportedVars": {},
|
|
"openIdSPList": "0;",
|
|
"openIdSreg_email": "mail",
|
|
"openIdSreg_fullname": "cn",
|
|
"openIdSreg_nickname": "uid",
|
|
"openIdSreg_timezone": "_timezone",
|
|
"passwordDB": "%%lemon_user_db",
|
|
"persistentStorage": "Apache::Session::File",
|
|
"persistentStorageOptions": {
|
|
"Directory": "/var/lib/lemonldap-ng/psessions",
|
|
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock"
|
|
},
|
|
"portal": "https://%%authWebName/",
|
|
"portalAntiFrame": 1,
|
|
"portalCheckLogins": %%boolean[%%llCheckLogins],
|
|
"portalDisplayAppslist": 1,
|
|
"portalDisplayChangePassword": "$_auth =~ /^(AD|LDAP|DBI|Demo)$/",
|
|
"portalDisplayLoginHistory": 1,
|
|
"portalDisplayLogout": 1,
|
|
"portalDisplayRegister": 1,
|
|
"portalDisplayResetPassword": %%boolean[%%llResetPassword],
|
|
"portalForceAuthn": 0,
|
|
"portalForceAuthnInterval": 0,
|
|
"portalOpenLinkInNewWindow": 0,
|
|
"portalPingInterval": 60000,
|
|
"portalRequireOldPassword": 1,
|
|
"portalSkin": "bootstrap",
|
|
"portalSkinRules": {},
|
|
"portalUserAttr": "_user",
|
|
"post": {
|
|
"%%managerWebName": {}
|
|
},
|
|
"radiusAuthnLevel": 3,
|
|
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
|
"redirectFormMethod": "get",
|
|
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
|
%set %%register_db = %%getVar('llRegisterDB', 'Demo')
|
|
%if %%register_db == 'Custom'
|
|
"registerDB": "Null",
|
|
"registerUrl": "%%llRegisterURL",
|
|
%else
|
|
"registerDB": "%%register_db",
|
|
"registerUrl": "https://%%authWebName/register.pl",
|
|
%end if
|
|
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
|
"registerTimeout": 0,
|
|
"reloadUrls": {
|
|
"%%reloadWebName": "https://%%reloadWebName/reload"
|
|
},
|
|
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
|
"remoteGlobalStorageOptions": {
|
|
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService",
|
|
"proxy": "https://%%authWebName/index.pl/sessions"
|
|
},
|
|
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
|
"samlAuthnContextMapKerberos": 4,
|
|
"samlAuthnContextMapPassword": 2,
|
|
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
|
"samlAuthnContextMapTLSClient": 5,
|
|
"samlCommonDomainCookieActivation": 0,
|
|
"samlEntityID": "#PORTAL#/saml/metadata",
|
|
"samlIDPMetaDataExportedAttributes": null,
|
|
"samlIDPMetaDataOptions": null,
|
|
"samlIDPMetaDataXML": {},
|
|
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
|
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
|
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
|
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
|
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
|
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
|
"samlIdPResolveCookie": "lemonldapidp",
|
|
"samlMetadataForceUTF8": 1,
|
|
"samlNameIDFormatMapEmail": "mail",
|
|
"samlNameIDFormatMapKerberos": "uid",
|
|
"samlNameIDFormatMapWindows": "uid",
|
|
"samlNameIDFormatMapX509": "mail",
|
|
"samlOrganizationDisplayName": "Example",
|
|
"samlOrganizationName": "%%samlOrganizationName",
|
|
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
|
|
"samlRelayStateTimeout": 600,
|
|
"samlSPMetaDataExportedAttributes": null,
|
|
"samlSPMetaDataOptions": null,
|
|
"samlSPMetaDataXML": null,
|
|
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
|
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
|
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
|
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
|
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
|
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
|
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
|
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
|
"samlServicePrivateKeyEnc": "",
|
|
"samlServicePrivateKeyEncPwd": "",
|
|
"samlServicePrivateKeySig": "",
|
|
"samlServicePrivateKeySigPwd": "",
|
|
"samlServicePublicKeyEnc": "",
|
|
"samlServicePublicKeySig": "",
|
|
"samlStorageOptions": {},
|
|
"samlUseQueryStringSpecific": 0,
|
|
"secureTokenAllowOnError": 1,
|
|
"secureTokenAttribute": "uid",
|
|
"secureTokenExpiration": 60,
|
|
"secureTokenHeader": "Auth-Token",
|
|
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
|
"secureTokenUrls": ".*",
|
|
"securedCookie": 0,
|
|
"sessionDataToRemember": {},
|
|
"singleIP": 0,
|
|
"singleSession": 0,
|
|
"singleSessionUserByIP": 0,
|
|
"slaveAuthnLevel": 2,
|
|
"slaveExportedVars": {},
|
|
"storePassword": 0,
|
|
"successLoginNumber": 5,
|
|
"syslog": "",
|
|
"timeout": 72000,
|
|
"timeoutActivity": 0,
|
|
"trustedProxies": "",
|
|
"twitterAuthnLevel": 1,
|
|
"useRedirectOnError": 1,
|
|
"useRedirectOnForbidden": 0,
|
|
"useSafeJail": 1,
|
|
"userControl": "^[\\w\\.\\-@]+$",
|
|
"userDB": "%%lemon_user_db",
|
|
"vhostOptions": {
|
|
"%%managerWebName": {
|
|
"vhostHttps": "1"
|
|
}
|
|
},
|
|
"webIDAuthnLevel": 1,
|
|
"webIDExportedVars": {},
|
|
"whatToTrace": "_whatToTrace",
|
|
"yubikeyAuthnLevel": 3,
|
|
"yubikeyPublicIDSize": 12
|
|
}
|