From c9eadda66990264f92a33673ecba814a4f51a1d2 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 19 Aug 2022 22:37:46 +0200 Subject: [PATCH 1/6] Typos --- doc/sources/admin/applications/awx.rst | 2 +- doc/sources/admin/applications/bugzilla.rst | 2 +- doc/sources/admin/applications/dokuwiki.rst | 2 +- doc/sources/admin/applications/drupal.rst | 2 +- doc/sources/admin/applications/liferay.rst | 2 +- doc/sources/admin/applications/mediawiki.rst | 2 +- doc/sources/admin/applications/obm.rst | 2 +- doc/sources/admin/applications/phpldapadmin.rst | 2 +- doc/sources/admin/applications/sympa.rst | 2 +- doc/sources/admin/authfacebook.rst | 3 +-- doc/sources/admin/configvhost.rst | 6 +++--- doc/sources/admin/error.rst | 2 +- doc/sources/admin/formreplay.rst | 2 +- doc/sources/admin/nodehandler.rst | 2 +- doc/sources/admin/performances.rst | 3 +-- doc/sources/admin/restsessionbackend.rst | 4 ++-- doc/sources/admin/samlservice.rst | 2 +- doc/sources/admin/ssoaas.rst | 4 ++-- doc/sources/admin/variables.rst | 6 +++--- doc/sources/admin/writingrulesand_headers.rst | 2 +- 20 files changed, 26 insertions(+), 28 deletions(-) diff --git a/doc/sources/admin/applications/awx.rst b/doc/sources/admin/applications/awx.rst index 926bc8cf5b..d91b7c236b 100644 --- a/doc/sources/admin/applications/awx.rst +++ b/doc/sources/admin/applications/awx.rst @@ -184,7 +184,7 @@ Go to "SAML service providers", click on "Add SAML SP" and name it as you want (example : 'AWX') In the new subtree 'AWX', open 'Metadata' and paste the content of the -AWX Metadatas, wich can be found at the +AWX Metadata, wich can be found at the ``SAML Service Provider Metadata URL`` in AWX : https://awx.example.com/sso/metadata/saml/ diff --git a/doc/sources/admin/applications/bugzilla.rst b/doc/sources/admin/applications/bugzilla.rst index 59791a1764..385292464c 100644 --- a/doc/sources/admin/applications/bugzilla.rst +++ b/doc/sources/admin/applications/bugzilla.rst @@ -64,7 +64,7 @@ Configure Bugzilla virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/dokuwiki.rst b/doc/sources/admin/applications/dokuwiki.rst index 8cb424ad69..d22d24c1c2 100644 --- a/doc/sources/admin/applications/dokuwiki.rst +++ b/doc/sources/admin/applications/dokuwiki.rst @@ -69,7 +69,7 @@ Configure Dokuwiki virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/drupal.rst b/doc/sources/admin/applications/drupal.rst index f4dc202068..970078dfb4 100644 --- a/doc/sources/admin/applications/drupal.rst +++ b/doc/sources/admin/applications/drupal.rst @@ -66,7 +66,7 @@ Configure Drupal virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/liferay.rst b/doc/sources/admin/applications/liferay.rst index 0e98de3f69..127bc6f64a 100644 --- a/doc/sources/admin/applications/liferay.rst +++ b/doc/sources/admin/applications/liferay.rst @@ -124,7 +124,7 @@ Configure Liferay virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/mediawiki.rst b/doc/sources/admin/applications/mediawiki.rst index b2460bd983..2faa0fcf30 100644 --- a/doc/sources/admin/applications/mediawiki.rst +++ b/doc/sources/admin/applications/mediawiki.rst @@ -153,7 +153,7 @@ Configure MediaWiki virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/obm.rst b/doc/sources/admin/applications/obm.rst index b67457a884..4c33d22324 100644 --- a/doc/sources/admin/applications/obm.rst +++ b/doc/sources/admin/applications/obm.rst @@ -146,7 +146,7 @@ Edit also OBM configuration to enable LL::NG Handler: internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/phpldapadmin.rst b/doc/sources/admin/applications/phpldapadmin.rst index a4a538294c..c8baab5ff2 100644 --- a/doc/sources/admin/applications/phpldapadmin.rst +++ b/doc/sources/admin/applications/phpldapadmin.rst @@ -68,7 +68,7 @@ Configure phpLDAPadmin virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/sympa.rst b/doc/sources/admin/applications/sympa.rst index 5e28cf7545..d488915623 100644 --- a/doc/sources/admin/applications/sympa.rst +++ b/doc/sources/admin/applications/sympa.rst @@ -143,7 +143,7 @@ authentication URL. internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/authfacebook.rst b/doc/sources/admin/authfacebook.rst index 1067ec6948..65ddf61242 100644 --- a/doc/sources/admin/authfacebook.rst +++ b/doc/sources/admin/authfacebook.rst @@ -78,5 +78,4 @@ variables: .. tip:: You can use the same Facebook access token in your - applications. It is stored in session datas under the name - ``$_facebookToken``\ + applications. It is stored in session data under the name ``$_facebookToken``\ diff --git a/doc/sources/admin/configvhost.rst b/doc/sources/admin/configvhost.rst index abcb0b9eb2..4bc02a4208 100644 --- a/doc/sources/admin/configvhost.rst +++ b/doc/sources/admin/configvhost.rst @@ -139,7 +139,7 @@ Then you can take any virtual host and modify it: include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; @@ -215,7 +215,7 @@ Example of a protected virtual host for a local application: internal; include /etc/nginx/fastcgi_params; fastcgi_pass /path/to/llng-fastcgi-server.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname @@ -276,7 +276,7 @@ Reverse-Proxy internal; include /etc/nginx/fastcgi_params; fastcgi_pass /path/to/llng-fastcgi-server.sock; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/error.rst b/doc/sources/admin/error.rst index 8d32542d9b..16ef10e4de 100644 --- a/doc/sources/admin/error.rst +++ b/doc/sources/admin/error.rst @@ -14,7 +14,7 @@ Lemonldap::NG::Common Warning: key is not defined, set it in the manager ! -→ LemonLDAP::NG uses a key to crypt/decrypt some datas. You have to set +→ LemonLDAP::NG uses a key to crypt/decrypt some data. You have to set its value in Manager. This message is displayed only when you upgrade from a version older than 1.0 diff --git a/doc/sources/admin/formreplay.rst b/doc/sources/admin/formreplay.rst index 145c9aa09b..711f0a6aa7 100644 --- a/doc/sources/admin/formreplay.rst +++ b/doc/sources/admin/formreplay.rst @@ -22,7 +22,7 @@ anything to the user. If you configure form replay with LL::NG, the Handler will detect forms to fill, add a javascript in the html page to fill form fields with -dummy datas and submit it, then intercept the POST request and add POST +dummy data and submit it, then intercept the POST request and add POST data in the request body. POST data can be static values or computed from user's session. diff --git a/doc/sources/admin/nodehandler.rst b/doc/sources/admin/nodehandler.rst index fbf104600b..f40ae31c17 100644 --- a/doc/sources/admin/nodehandler.rst +++ b/doc/sources/admin/nodehandler.rst @@ -63,7 +63,7 @@ Nginx configuration include /etc/nginx/fastcgi_params; fastcgi_pass localhost:9090; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; diff --git a/doc/sources/admin/performances.rst b/doc/sources/admin/performances.rst index 5084b42d8b..7ade4ae5e4 100644 --- a/doc/sources/admin/performances.rst +++ b/doc/sources/admin/performances.rst @@ -79,8 +79,7 @@ Macros and groups are stored in session database. Local macros is a special feature of handler that permit one to have macros useable localy only. Those macros are calculated only at the first usage and stored in the local session cache (only for this server) and only if the user -access to the related applications. This avoid to have to many datas -stored. +access to the related applications. This avoid to have to many data stored. .. code-block:: perl diff --git a/doc/sources/admin/restsessionbackend.rst b/doc/sources/admin/restsessionbackend.rst index 0eb14bd594..b2fc7939f1 100644 --- a/doc/sources/admin/restsessionbackend.rst +++ b/doc/sources/admin/restsessionbackend.rst @@ -6,7 +6,7 @@ persistent sessions. LL::NG Portal provides REST end points for sessions management: -- GET /sessions// : get session datas +- GET /sessions// : get session data - GET /sessions/// : get a session key value - GET /sessions///[k1,k2] : get some keys value - POST /sessions/ : create a session @@ -15,7 +15,7 @@ LL::NG Portal provides REST end points for sessions management: Sessions for connected users (used by :doc:`LLNG Proxy`): -- GET /session/my/ : get session datas +- GET /session/my/ : get session data - GET /session/my//key : get session key - DELETE /session/my : ask for logout - DELETE /sessions/my : ask for global logout (if GlobalLogout plugin is on) diff --git a/doc/sources/admin/samlservice.rst b/doc/sources/admin/samlservice.rst index 82135ac761..2878971747 100644 --- a/doc/sources/admin/samlservice.rst +++ b/doc/sources/admin/samlservice.rst @@ -159,7 +159,7 @@ To define keys, you can: Converting a RSA public key to a certificate ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -If your application complains about the lack of certificate in SAML Metadatas, and you generated a public RSA key instead of a certificate in a previous version of LemonLDAP::NG, you can convert the public key into a certificate without changing the private key. +If your application complains about the lack of certificate in SAML Metadata, and you generated a public RSA key instead of a certificate in a previous version of LemonLDAP::NG, you can convert the public key into a certificate without changing the private key. Save the private key in a file, and use the ``openssl`` commands to issue a self-signed certificate: diff --git a/doc/sources/admin/ssoaas.rst b/doc/sources/admin/ssoaas.rst index bac5d1414f..40866e0f89 100644 --- a/doc/sources/admin/ssoaas.rst +++ b/doc/sources/admin/ssoaas.rst @@ -90,7 +90,7 @@ requesting a Central uWSGI server (Nginx only): fastcgi_pass 10.1.2.3:9090; fastcgi_param VHOSTTYPE DevOps; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; @@ -300,7 +300,7 @@ directory. # Force handler type: fastcgi_param VHOSTTYPE DevOps; - # Drop post datas + # Drop post data fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; diff --git a/doc/sources/admin/variables.rst b/doc/sources/admin/variables.rst index fbc51a3690..cafa67e643 100644 --- a/doc/sources/admin/variables.rst +++ b/doc/sources/admin/variables.rst @@ -56,7 +56,7 @@ Key Description Connection ---------- -Datas concerning the first connection to the portal +Data concerning the first connection to the portal ========== ======================================================================================================================================== Key Description @@ -69,7 +69,7 @@ ipAddr IP of the user (special care must be taken is you run the portal :doc Authentication -------------- -Datas around the authentication process. +Data around the authentication process. =================== ========================================================================================================= Key Description @@ -95,7 +95,7 @@ Key Description SAML ---- -Datas related to SAML protocol +Data related to SAML protocol =================== ================================================ Key Description diff --git a/doc/sources/admin/writingrulesand_headers.rst b/doc/sources/admin/writingrulesand_headers.rst index 39175cb8fa..63db047980 100644 --- a/doc/sources/admin/writingrulesand_headers.rst +++ b/doc/sources/admin/writingrulesand_headers.rst @@ -3,7 +3,7 @@ Writing rules and headers LL::NG manages applications by their hostname (Apache Virtual Hosts or Nginx Block Servers). Rules are used for protecting applications, -and HTTP headers are appended to each request for sending datas to protected +and HTTP headers are appended to each request for sending data to protected applications (for logs, profiles,...). -- GitLab From d8811199807b5cc888dd4317b231b86518dfe4c6 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 22 Aug 2022 12:24:05 +0200 Subject: [PATCH 2/6] Do not check self registration --- .../Lemonldap/NG/Common/Conf/DefaultValues.pm | 780 +- .../NG/Handler/Lib/StatusConstants.pm | 210 +- .../lib/Lemonldap/NG/Manager/Attributes.pm | 9281 +++++++++-------- .../lib/Lemonldap/NG/Portal/2F/TOTP.pm | 13 +- .../lib/Lemonldap/NG/Portal/2F/U2F.pm | 14 +- .../lib/Lemonldap/NG/Portal/2F/WebAuthn.pm | 14 +- .../lib/Lemonldap/NG/Portal/Main/Constants.pm | 524 +- lemonldap-ng-portal/t/01-WebAuthn.t | 2 +- lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t | 2 +- .../t/73-2F-UTOTP-TOTP-and-U2F-with-History.t | 1 - 10 files changed, 5493 insertions(+), 5348 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index ad84b84538..e25474c274 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -5,386 +5,406 @@ our $VERSION = '2.0.15'; sub defaultValues { return { - 'activeTimer' => 1, - 'ADPwdExpireWarning' => 0, - 'ADPwdMaxAge' => 0, - 'apacheAuthnLevel' => 3, - 'applicationList' => { - 'default' => { - 'catname' => 'Default category', - 'type' => 'category' - } - }, - 'authChoiceParam' => 'lmAuth', - 'authentication' => 'Demo', - 'available2F' => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius', - 'available2FSelfRegistration' => 'TOTP,U2F,WebAuthn,Yubikey', - 'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600', - 'bruteForceProtectionMaxAge' => 300, - 'bruteForceProtectionMaxFailed' => 3, - 'bruteForceProtectionMaxLockTime' => 900, - 'bruteForceProtectionTempo' => 30, - 'captcha_mail_enabled' => 1, - 'captcha_register_enabled' => 1, - 'captcha_size' => 6, - 'casAccessControlPolicy' => 'none', - 'casAuthnLevel' => 1, - 'casTicketExpiration' => 0, - 'certificateResetByMailCeaAttribute' => 'description', - 'certificateResetByMailCertificateAttribute' => 'userCertificate;binary', - 'certificateResetByMailURL' => 'http://auth.example.com/certificateReset', - 'certificateResetByMailValidityDelay' => 0, - 'checkDevOpsCheckSessionAttributes' => 1, - 'checkDevOpsDisplayNormalizedHeaders' => 1, - 'checkDevOpsDownload' => 1, - 'checkTime' => 600, - 'checkUserDisplayComputedSession' => 1, - 'checkUserDisplayEmptyHeaders' => 0, - 'checkUserDisplayEmptyValues' => 0, - 'checkUserDisplayHiddenAttributes' => 0, - 'checkUserDisplayHistory' => 0, - 'checkUserDisplayNormalizedHeaders' => 0, - 'checkUserDisplayPersistentInfo' => 0, - 'checkUserHiddenAttributes' => '_loginHistory, _session_id, hGroups', - 'checkUserIdRule' => 1, - 'checkXSS' => 1, - 'confirmFormMethod' => 'post', - 'contextSwitchingIdRule' => 1, - 'contextSwitchingPrefix' => 'switching', - 'contextSwitchingRule' => 0, - 'contextSwitchingStopWithLogout' => 1, - 'cookieName' => 'lemonldap', - 'corsAllow_Credentials' => 'true', - 'corsAllow_Headers' => '*', - 'corsAllow_Methods' => 'POST,GET', - 'corsAllow_Origin' => '*', - 'corsEnabled' => 1, - 'corsExpose_Headers' => '*', - 'corsMax_Age' => '86400', - 'crowdsecAction' => 'reject', - 'cspConnect' => '\'self\'', - 'cspDefault' => '\'self\'', - 'cspFont' => '\'self\'', - 'cspFormAction' => '*', - 'cspFrameAncestors' => '', - 'cspImg' => '\'self\' data:', - 'cspScript' => '\'self\'', - 'cspStyle' => '\'self\'', - 'dbiAuthnLevel' => 2, - 'dbiExportedVars' => {}, - 'decryptValueRule' => 0, - 'demoExportedVars' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'displaySessionId' => 1, - 'domain' => 'example.com', - 'exportedVars' => { - 'UA' => 'HTTP_USER_AGENT' - }, - 'ext2fActivation' => 0, - 'ext2fCodeActivation' => '\\d{6}', - 'facebookAuthnLevel' => 1, - 'facebookExportedVars' => {}, - 'facebookUserField' => 'id', - 'failedLoginNumber' => 5, - 'findUserControl' => '^[*\\w]+$', - 'findUserWildcard' => '*', - 'formTimeout' => 120, - 'githubAuthnLevel' => 1, - 'githubScope' => 'user:email', - 'githubUserField' => 'login', - 'globalLogoutRule' => 0, - 'globalLogoutTimer' => 1, - 'globalStorage' => 'Apache::Session::File', - 'globalStorageOptions' => { - 'Directory' => '/var/lib/lemonldap-ng/sessions/', - 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', - 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' - }, - 'gpgAuthnLevel' => 5, - 'gpgDb' => '', - 'grantSessionRules' => {}, - 'groups' => {}, - 'handlerInternalCache' => 15, - 'handlerServiceTokenTTL' => 30, - 'hiddenAttributes' => '_password, _2fDevices', - 'httpOnly' => 1, - 'https' => -1, - 'impersonationHiddenAttributes' => '_2fDevices, _loginHistory', - 'impersonationIdRule' => 1, - 'impersonationMergeSSOgroups' => 0, - 'impersonationPrefix' => 'real_', - 'impersonationRule' => 0, - 'impersonationSkipEmptyValues' => 1, - 'infoFormMethod' => 'get', - 'issuerDBCASPath' => '^/cas/', - 'issuerDBCASRule' => 1, - 'issuerDBGetParameters' => {}, - 'issuerDBGetPath' => '^/get/', - 'issuerDBGetRule' => 1, - 'issuerDBOpenIDConnectPath' => '^/oauth2/', - 'issuerDBOpenIDConnectRule' => 1, - 'issuerDBOpenIDPath' => '^/openidserver/', - 'issuerDBOpenIDRule' => 1, - 'issuerDBSAMLPath' => '^/saml/', - 'issuerDBSAMLRule' => 1, - 'issuersTimeout' => 120, - 'jsRedirect' => 0, - 'krbAuthnLevel' => 3, - 'krbRemoveDomain' => 1, - 'ldapAuthnLevel' => 2, - 'ldapBase' => 'dc=example,dc=com', - 'ldapExportedVars' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'ldapGroupAttributeName' => 'member', - 'ldapGroupAttributeNameGroup' => 'dn', - 'ldapGroupAttributeNameSearch' => 'cn', - 'ldapGroupAttributeNameUser' => 'dn', - 'ldapGroupObjectClass' => 'groupOfNames', - 'ldapIOTimeout' => 10, - 'ldapPasswordResetAttribute' => 'pwdReset', - 'ldapPasswordResetAttributeValue' => 'TRUE', - 'ldapPwdEnc' => 'utf-8', - 'ldapSearchDeref' => 'find', - 'ldapServer' => 'ldap://localhost', - 'ldapTimeout' => 10, - 'ldapUsePasswordResetAttribute' => 1, - 'ldapVerify' => 'require', - 'ldapVersion' => 3, - 'linkedInAuthnLevel' => 1, - 'linkedInFields' => 'id,first-name,last-name,email-address', - 'linkedInScope' => 'r_liteprofile r_emailaddress', - 'linkedInUserField' => 'emailAddress', - 'localSessionStorage' => 'Cache::FileCache', - 'localSessionStorageOptions' => { - 'cache_depth' => 3, - 'cache_root' => '/var/cache/lemonldap-ng', - 'default_expires_in' => 600, - 'directory_umask' => '007', - 'namespace' => 'lemonldap-ng-sessions' - }, - 'locationRules' => { - 'default' => 'deny' - }, - 'logoutServices' => {}, - 'macros' => {}, - 'mail2fActivation' => 0, - 'mail2fCodeRegex' => '\\d{6}', - 'mailCharset' => 'utf-8', - 'mailFrom' => 'noreply@example.com', - 'mailSessionKey' => 'mail', - 'mailTimeout' => 0, - 'mailUrl' => 'http://auth.example.com/resetpwd', - 'managerDn' => '', - 'managerPassword' => '', - 'max2FDevices' => 10, - 'max2FDevicesNameLength' => 20, - 'multiValuesSeparator' => '; ', - 'mySessionAuthorizedRWKeys' => [ - '_appsListOrder', - '_oidcConnectedRP', - '_oidcConsents' - ], - 'newLocationWarningLocationAttribute' => 'ipAddr', - 'newLocationWarningLocationDisplayAttribute' => '', - 'newLocationWarningMaxValues' => '0', - 'notificationDefaultCond' => '', - 'notificationServerPOST' => 1, - 'notificationServerSentAttributes' => 'uid reference date title subtitle text check', - 'notificationsMaxRetrieve' => 3, - 'notificationStorage' => 'File', - 'notificationStorageOptions' => { - 'dirName' => '/var/lib/lemonldap-ng/notifications' - }, - 'notificationWildcard' => 'allusers', - 'notifyDeleted' => 1, - 'nullAuthnLevel' => 0, - 'oidcAuthnLevel' => 1, - 'oidcRPCallbackGetParam' => 'openidconnectcallback', - 'oidcRPStateTimeout' => 600, - 'oidcServiceAccessTokenExpiration' => 3600, - 'oidcServiceAllowAuthorizationCodeFlow' => 1, - 'oidcServiceAuthorizationCodeExpiration' => 60, - 'oidcServiceIDTokenExpiration' => 3600, - 'oidcServiceMetaDataAuthnContext' => { - 'loa-1' => 1, - 'loa-2' => 2, - 'loa-3' => 3, - 'loa-4' => 4, - 'loa-5' => 5 - }, - 'oidcServiceMetaDataAuthorizeURI' => 'authorize', - 'oidcServiceMetaDataBackChannelURI' => 'blogout', - 'oidcServiceMetaDataCheckSessionURI' => 'checksession.html', - 'oidcServiceMetaDataEndSessionURI' => 'logout', - 'oidcServiceMetaDataFrontChannelURI' => 'flogout', - 'oidcServiceMetaDataIntrospectionURI' => 'introspect', - 'oidcServiceMetaDataJWKSURI' => 'jwks', - 'oidcServiceMetaDataRegistrationURI' => 'register', - 'oidcServiceMetaDataTokenURI' => 'token', - 'oidcServiceMetaDataUserInfoURI' => 'userinfo', - 'oidcServiceOfflineSessionExpiration' => 2592000, - 'openIdAuthnLevel' => 1, - 'openIdExportedVars' => {}, - 'openIdIDPList' => '0;', - 'openIdSPList' => '0;', - 'openIdSreg_email' => 'mail', - 'openIdSreg_fullname' => 'cn', - 'openIdSreg_nickname' => 'uid', - 'openIdSreg_timezone' => '_timezone', - 'pamAuthnLevel' => 2, - 'pamService' => 'login', - 'passwordDB' => 'Demo', - 'passwordPolicyActivation' => 1, - 'passwordPolicyMinDigit' => 0, - 'passwordPolicyMinLower' => 0, - 'passwordPolicyMinSize' => 0, - 'passwordPolicyMinSpeChar' => 0, - 'passwordPolicyMinUpper' => 0, - 'passwordPolicySpecialChar' => '__ALL__', - 'passwordResetAllowedRetries' => 3, - 'persistentSessionAttributes' => '_loginHistory _2fDevices notification_', - 'port' => -1, - 'portal' => 'http://auth.example.com/', - 'portalAntiFrame' => 1, - 'portalCheckLogins' => 1, - 'portalDisplayAppslist' => 1, - 'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/', - 'portalDisplayGeneratePassword' => 1, - 'portalDisplayLoginHistory' => 1, - 'portalDisplayLogout' => 1, - 'portalDisplayOidcConsents' => '$_oidcConsents && $_oidcConsents =~ /\\w+/', - 'portalDisplayRefreshMyRights' => 1, - 'portalDisplayRegister' => 1, - 'portalErrorOnExpiredSession' => 1, - 'portalFavicon' => 'common/favicon.ico', - 'portalForceAuthnInterval' => 5, - 'portalMainLogo' => 'common/logos/logo_llng_400px.png', - 'portalPingInterval' => 60000, - 'portalRequireOldPassword' => 1, - 'portalSkin' => 'bootstrap', - 'portalUserAttr' => '_user', - 'proxyAuthnLevel' => 2, - 'proxyAuthServiceChoiceParam' => 'lmAuth', - 'radius2fActivation' => 0, - 'radius2fTimeout' => 20, - 'radiusAuthnLevel' => 3, - 'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}', - 'redirectFormMethod' => 'get', - 'registerDB' => 'Null', - 'registerTimeout' => 0, - 'registerUrl' => 'http://auth.example.com/register', - 'reloadTimeout' => 5, - 'rememberAuthChoiceRule' => 0, - 'rememberCookieName' => 'llngrememberauthchoice', - 'rememberCookieTimeout' => 31536000, - 'rememberTimer' => 5, - 'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP', - 'remoteGlobalStorageOptions' => { - 'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', - 'proxy' => 'http://auth.example.com/sessions' - }, - 'requireToken' => 1, - 'rest2fActivation' => 0, - 'restAuthnLevel' => 2, - 'restClockTolerance' => 15, - 'sameSite' => '', - 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', - 'samlAuthnContextMapKerberos' => 4, - 'samlAuthnContextMapPassword' => 2, - 'samlAuthnContextMapPasswordProtectedTransport' => 3, - 'samlAuthnContextMapTLSClient' => 5, - 'samlEntityID' => '#PORTAL#/saml/metadata', - 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', - 'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1, - 'samlMetadataForceUTF8' => 1, - 'samlNameIDFormatMapEmail' => 'mail', - 'samlNameIDFormatMapKerberos' => 'uid', - 'samlNameIDFormatMapWindows' => 'uid', - 'samlNameIDFormatMapX509' => 'mail', - 'samlOrganizationDisplayName' => 'Example', - 'samlOrganizationName' => 'Example', - 'samlOrganizationURL' => 'http://www.example.com', - 'samlOverrideIDPEntityID' => '', - 'samlRelayStateTimeout' => 600, - 'samlServiceSignatureMethod' => 'RSA_SHA256', - 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', - 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', - 'samlSPSSODescriptorAuthnRequestsSigned' => 1, - 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'samlSPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', - 'samlSPSSODescriptorWantAssertionsSigned' => 1, - 'scrollTop' => 400, - 'securedCookie' => 0, - 'sfEngine' => '::2F::Engines::Default', - 'sfManagerRule' => 1, - 'sfRemovedMsgRule' => 0, - 'sfRemovedNotifMsg' => '_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', - 'sfRemovedNotifRef' => 'RemoveSF', - 'sfRemovedNotifTitle' => 'Second factor notification', - 'sfRequired' => 0, - 'showLanguages' => 1, - 'singleIP' => 0, - 'singleSession' => 0, - 'singleUserByIP' => 0, - 'slaveAuthnLevel' => 2, - 'slaveExportedVars' => {}, - 'SMTPServer' => '', - 'SMTPTLS' => '', - 'soapProxyUrn' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService', - 'SSLAuthnLevel' => 5, - 'SSLVar' => 'SSL_CLIENT_S_DN_Email', - 'SSLVarIf' => {}, - 'stayConnected' => 0, - 'stayConnectedCookieName' => 'llngconnection', - 'stayConnectedTimeout' => 2592000, - 'successLoginNumber' => 5, - 'timeout' => 72000, - 'timeoutActivity' => 0, - 'timeoutActivityInterval' => 60, - 'totp2fActivation' => 0, - 'totp2fDigits' => 6, - 'totp2fInterval' => 30, - 'totp2fRange' => 1, - 'totp2fSelfRegistration' => 0, - 'totp2fUserCanRemoveKey' => 1, - 'twitterAuthnLevel' => 1, - 'twitterUserField' => 'screen_name', - 'u2fActivation' => 0, - 'u2fSelfRegistration' => 0, - 'u2fUserCanRemoveKey' => 1, - 'upgradeSession' => 1, - 'userControl' => '^[\\w\\.\\-@]+$', - 'userDB' => 'Same', - 'useRedirectOnError' => 1, - 'useSafeJail' => 1, - 'utotp2fActivation' => 0, - 'viewerHiddenKeys' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes', - 'webauthn2fActivation' => 0, - 'webauthn2fSelfRegistration' => 0, - 'webauthn2fUserCanRemoveKey' => 1, - 'webauthn2fUserVerification' => 'preferred', - 'webIDAuthnLevel' => 1, - 'webIDExportedVars' => {}, - 'whatToTrace' => 'uid', - 'yubikey2fActivation' => 0, - 'yubikey2fPublicIDSize' => 12, - 'yubikey2fSelfRegistration' => 0, - 'yubikey2fUserCanRemoveKey' => 1 - }; + 'activeTimer' => 1, + 'ADPwdExpireWarning' => 0, + 'ADPwdMaxAge' => 0, + 'apacheAuthnLevel' => 3, + 'applicationList' => { + 'default' => { + 'catname' => 'Default category', + 'type' => 'category' + } + }, + 'authChoiceParam' => 'lmAuth', + 'authentication' => 'Demo', + 'available2F' => + 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius', + 'available2FSelfRegistration' => 'TOTP,U2F,WebAuthn,Yubikey', + 'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600', + 'bruteForceProtectionMaxAge' => 300, + 'bruteForceProtectionMaxFailed' => 3, + 'bruteForceProtectionMaxLockTime' => 900, + 'bruteForceProtectionTempo' => 30, + 'captcha_mail_enabled' => 1, + 'captcha_register_enabled' => 1, + 'captcha_size' => 6, + 'casAccessControlPolicy' => 'none', + 'casAuthnLevel' => 1, + 'casTicketExpiration' => 0, + 'certificateResetByMailCeaAttribute' => 'description', + 'certificateResetByMailCertificateAttribute' => + 'userCertificate;binary', + 'certificateResetByMailURL' => + 'http://auth.example.com/certificateReset', + 'certificateResetByMailValidityDelay' => 0, + 'checkDevOpsCheckSessionAttributes' => 1, + 'checkDevOpsDisplayNormalizedHeaders' => 1, + 'checkDevOpsDownload' => 1, + 'checkTime' => 600, + 'checkUserDisplayComputedSession' => 1, + 'checkUserDisplayEmptyHeaders' => 0, + 'checkUserDisplayEmptyValues' => 0, + 'checkUserDisplayHiddenAttributes' => 0, + 'checkUserDisplayHistory' => 0, + 'checkUserDisplayNormalizedHeaders' => 0, + 'checkUserDisplayPersistentInfo' => 0, + 'checkUserHiddenAttributes' => '_loginHistory, _session_id, hGroups', + 'checkUserIdRule' => 1, + 'checkXSS' => 1, + 'confirmFormMethod' => 'post', + 'contextSwitchingIdRule' => 1, + 'contextSwitchingPrefix' => 'switching', + 'contextSwitchingRule' => 0, + 'contextSwitchingStopWithLogout' => 1, + 'cookieName' => 'lemonldap', + 'corsAllow_Credentials' => 'true', + 'corsAllow_Headers' => '*', + 'corsAllow_Methods' => 'POST,GET', + 'corsAllow_Origin' => '*', + 'corsEnabled' => 1, + 'corsExpose_Headers' => '*', + 'corsMax_Age' => '86400', + 'crowdsecAction' => 'reject', + 'cspConnect' => '\'self\'', + 'cspDefault' => '\'self\'', + 'cspFont' => '\'self\'', + 'cspFormAction' => '*', + 'cspFrameAncestors' => '', + 'cspImg' => '\'self\' data:', + 'cspScript' => '\'self\'', + 'cspStyle' => '\'self\'', + 'dbiAuthnLevel' => 2, + 'dbiExportedVars' => {}, + 'decryptValueRule' => 0, + 'demoExportedVars' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'displaySessionId' => 1, + 'domain' => 'example.com', + 'exportedVars' => { + 'UA' => 'HTTP_USER_AGENT' + }, + 'ext2fActivation' => 0, + 'ext2fCodeActivation' => '\\d{6}', + 'facebookAuthnLevel' => 1, + 'facebookExportedVars' => {}, + 'facebookUserField' => 'id', + 'failedLoginNumber' => 5, + 'findUserControl' => '^[*\\w]+$', + 'findUserWildcard' => '*', + 'formTimeout' => 120, + 'githubAuthnLevel' => 1, + 'githubScope' => 'user:email', + 'githubUserField' => 'login', + 'globalLogoutRule' => 0, + 'globalLogoutTimer' => 1, + 'globalStorage' => 'Apache::Session::File', + 'globalStorageOptions' => { + 'Directory' => '/var/lib/lemonldap-ng/sessions/', + 'generateModule' => + 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', + 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' + }, + 'gpgAuthnLevel' => 5, + 'gpgDb' => '', + 'grantSessionRules' => {}, + 'groups' => {}, + 'handlerInternalCache' => 15, + 'handlerServiceTokenTTL' => 30, + 'hiddenAttributes' => '_password, _2fDevices', + 'httpOnly' => 1, + 'https' => -1, + 'impersonationHiddenAttributes' => '_2fDevices, _loginHistory', + 'impersonationIdRule' => 1, + 'impersonationMergeSSOgroups' => 0, + 'impersonationPrefix' => 'real_', + 'impersonationRule' => 0, + 'impersonationSkipEmptyValues' => 1, + 'infoFormMethod' => 'get', + 'issuerDBCASPath' => '^/cas/', + 'issuerDBCASRule' => 1, + 'issuerDBGetParameters' => {}, + 'issuerDBGetPath' => '^/get/', + 'issuerDBGetRule' => 1, + 'issuerDBOpenIDConnectPath' => '^/oauth2/', + 'issuerDBOpenIDConnectRule' => 1, + 'issuerDBOpenIDPath' => '^/openidserver/', + 'issuerDBOpenIDRule' => 1, + 'issuerDBSAMLPath' => '^/saml/', + 'issuerDBSAMLRule' => 1, + 'issuersTimeout' => 120, + 'jsRedirect' => 0, + 'krbAuthnLevel' => 3, + 'krbRemoveDomain' => 1, + 'ldapAuthnLevel' => 2, + 'ldapBase' => 'dc=example,dc=com', + 'ldapExportedVars' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'ldapGroupAttributeName' => 'member', + 'ldapGroupAttributeNameGroup' => 'dn', + 'ldapGroupAttributeNameSearch' => 'cn', + 'ldapGroupAttributeNameUser' => 'dn', + 'ldapGroupObjectClass' => 'groupOfNames', + 'ldapIOTimeout' => 10, + 'ldapPasswordResetAttribute' => 'pwdReset', + 'ldapPasswordResetAttributeValue' => 'TRUE', + 'ldapPwdEnc' => 'utf-8', + 'ldapSearchDeref' => 'find', + 'ldapServer' => 'ldap://localhost', + 'ldapTimeout' => 10, + 'ldapUsePasswordResetAttribute' => 1, + 'ldapVerify' => 'require', + 'ldapVersion' => 3, + 'linkedInAuthnLevel' => 1, + 'linkedInFields' => 'id,first-name,last-name,email-address', + 'linkedInScope' => 'r_liteprofile r_emailaddress', + 'linkedInUserField' => 'emailAddress', + 'localSessionStorage' => 'Cache::FileCache', + 'localSessionStorageOptions' => { + 'cache_depth' => 3, + 'cache_root' => '/var/cache/lemonldap-ng', + 'default_expires_in' => 600, + 'directory_umask' => '007', + 'namespace' => 'lemonldap-ng-sessions' + }, + 'locationRules' => { + 'default' => 'deny' + }, + 'logoutServices' => {}, + 'macros' => {}, + 'mail2fActivation' => 0, + 'mail2fCodeRegex' => '\\d{6}', + 'mailCharset' => 'utf-8', + 'mailFrom' => 'noreply@example.com', + 'mailSessionKey' => 'mail', + 'mailTimeout' => 0, + 'mailUrl' => 'http://auth.example.com/resetpwd', + 'managerDn' => '', + 'managerPassword' => '', + 'max2FDevices' => 10, + 'max2FDevicesNameLength' => 20, + 'multiValuesSeparator' => '; ', + 'mySessionAuthorizedRWKeys' => + [ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ], + 'newLocationWarningLocationAttribute' => 'ipAddr', + 'newLocationWarningLocationDisplayAttribute' => '', + 'newLocationWarningMaxValues' => '0', + 'notificationDefaultCond' => '', + 'notificationServerPOST' => 1, + 'notificationServerSentAttributes' => + 'uid reference date title subtitle text check', + 'notificationsMaxRetrieve' => 3, + 'notificationStorage' => 'File', + 'notificationStorageOptions' => { + 'dirName' => '/var/lib/lemonldap-ng/notifications' + }, + 'notificationWildcard' => 'allusers', + 'notifyDeleted' => 1, + 'nullAuthnLevel' => 0, + 'oidcAuthnLevel' => 1, + 'oidcRPCallbackGetParam' => 'openidconnectcallback', + 'oidcRPStateTimeout' => 600, + 'oidcServiceAccessTokenExpiration' => 3600, + 'oidcServiceAllowAuthorizationCodeFlow' => 1, + 'oidcServiceAuthorizationCodeExpiration' => 60, + 'oidcServiceIDTokenExpiration' => 3600, + 'oidcServiceMetaDataAuthnContext' => { + 'loa-1' => 1, + 'loa-2' => 2, + 'loa-3' => 3, + 'loa-4' => 4, + 'loa-5' => 5 + }, + 'oidcServiceMetaDataAuthorizeURI' => 'authorize', + 'oidcServiceMetaDataBackChannelURI' => 'blogout', + 'oidcServiceMetaDataCheckSessionURI' => 'checksession.html', + 'oidcServiceMetaDataEndSessionURI' => 'logout', + 'oidcServiceMetaDataFrontChannelURI' => 'flogout', + 'oidcServiceMetaDataIntrospectionURI' => 'introspect', + 'oidcServiceMetaDataJWKSURI' => 'jwks', + 'oidcServiceMetaDataRegistrationURI' => 'register', + 'oidcServiceMetaDataTokenURI' => 'token', + 'oidcServiceMetaDataUserInfoURI' => 'userinfo', + 'oidcServiceOfflineSessionExpiration' => 2592000, + 'openIdAuthnLevel' => 1, + 'openIdExportedVars' => {}, + 'openIdIDPList' => '0;', + 'openIdSPList' => '0;', + 'openIdSreg_email' => 'mail', + 'openIdSreg_fullname' => 'cn', + 'openIdSreg_nickname' => 'uid', + 'openIdSreg_timezone' => '_timezone', + 'pamAuthnLevel' => 2, + 'pamService' => 'login', + 'passwordDB' => 'Demo', + 'passwordPolicyActivation' => 1, + 'passwordPolicyMinDigit' => 0, + 'passwordPolicyMinLower' => 0, + 'passwordPolicyMinSize' => 0, + 'passwordPolicyMinSpeChar' => 0, + 'passwordPolicyMinUpper' => 0, + 'passwordPolicySpecialChar' => '__ALL__', + 'passwordResetAllowedRetries' => 3, + 'persistentSessionAttributes' => + '_loginHistory _2fDevices notification_', + 'port' => -1, + 'portal' => 'http://auth.example.com/', + 'portalAntiFrame' => 1, + 'portalCheckLogins' => 1, + 'portalDisplayAppslist' => 1, + 'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/', + 'portalDisplayGeneratePassword' => 1, + 'portalDisplayLoginHistory' => 1, + 'portalDisplayLogout' => 1, + 'portalDisplayOidcConsents' => + '$_oidcConsents && $_oidcConsents =~ /\\w+/', + 'portalDisplayRefreshMyRights' => 1, + 'portalDisplayRegister' => 1, + 'portalErrorOnExpiredSession' => 1, + 'portalFavicon' => 'common/favicon.ico', + 'portalForceAuthnInterval' => 5, + 'portalMainLogo' => 'common/logos/logo_llng_400px.png', + 'portalPingInterval' => 60000, + 'portalRequireOldPassword' => 1, + 'portalSkin' => 'bootstrap', + 'portalUserAttr' => '_user', + 'proxyAuthnLevel' => 2, + 'proxyAuthServiceChoiceParam' => 'lmAuth', + 'radius2fActivation' => 0, + 'radius2fTimeout' => 20, + 'radiusAuthnLevel' => 3, + 'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}', + 'redirectFormMethod' => 'get', + 'registerDB' => 'Null', + 'registerTimeout' => 0, + 'registerUrl' => 'http://auth.example.com/register', + 'reloadTimeout' => 5, + 'rememberAuthChoiceRule' => 0, + 'rememberCookieName' => 'llngrememberauthchoice', + 'rememberCookieTimeout' => 31536000, + 'rememberTimer' => 5, + 'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP', + 'remoteGlobalStorageOptions' => { + 'ns' => + 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', + 'proxy' => 'http://auth.example.com/sessions' + }, + 'requireToken' => 1, + 'rest2fActivation' => 0, + 'restAuthnLevel' => 2, + 'restClockTolerance' => 15, + 'sameSite' => '', + 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => + 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', + 'samlAuthnContextMapKerberos' => 4, + 'samlAuthnContextMapPassword' => 2, + 'samlAuthnContextMapPasswordProtectedTransport' => 3, + 'samlAuthnContextMapTLSClient' => 5, + 'samlEntityID' => '#PORTAL#/saml/metadata', + 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', + 'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1, + 'samlMetadataForceUTF8' => 1, + 'samlNameIDFormatMapEmail' => 'mail', + 'samlNameIDFormatMapKerberos' => 'uid', + 'samlNameIDFormatMapWindows' => 'uid', + 'samlNameIDFormatMapX509' => 'mail', + 'samlOrganizationDisplayName' => 'Example', + 'samlOrganizationName' => 'Example', + 'samlOrganizationURL' => 'http://www.example.com', + 'samlOverrideIDPEntityID' => '', + 'samlRelayStateTimeout' => 600, + 'samlServiceSignatureMethod' => 'RSA_SHA256', + 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => +'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', + 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', + 'samlSPSSODescriptorAuthnRequestsSigned' => 1, + 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'samlSPSSODescriptorSingleLogoutServiceSOAP' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', + 'samlSPSSODescriptorWantAssertionsSigned' => 1, + 'scrollTop' => 400, + 'securedCookie' => 0, + 'sfEngine' => '::2F::Engines::Default', + 'sfManagerRule' => 1, + 'sfRemovedMsgRule' => 0, + 'sfRemovedNotifMsg' => +'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', + 'sfRemovedNotifRef' => 'RemoveSF', + 'sfRemovedNotifTitle' => 'Second factor notification', + 'sfRequired' => 0, + 'showLanguages' => 1, + 'singleIP' => 0, + 'singleSession' => 0, + 'singleUserByIP' => 0, + 'slaveAuthnLevel' => 2, + 'slaveExportedVars' => {}, + 'SMTPServer' => '', + 'SMTPTLS' => '', + 'soapProxyUrn' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService', + 'SSLAuthnLevel' => 5, + 'SSLVar' => 'SSL_CLIENT_S_DN_Email', + 'SSLVarIf' => {}, + 'stayConnected' => 0, + 'stayConnectedCookieName' => 'llngconnection', + 'stayConnectedTimeout' => 2592000, + 'successLoginNumber' => 5, + 'timeout' => 72000, + 'timeoutActivity' => 0, + 'timeoutActivityInterval' => 60, + 'totp2fActivation' => 0, + 'totp2fDigits' => 6, + 'totp2fInterval' => 30, + 'totp2fRange' => 1, + 'totp2fSelfRegistration' => 0, + 'totp2fUserCanRemoveKey' => 1, + 'twitterAuthnLevel' => 1, + 'twitterUserField' => 'screen_name', + 'u2fActivation' => 0, + 'u2fSelfRegistration' => 0, + 'u2fUserCanRemoveKey' => 1, + 'upgradeSession' => 1, + 'userControl' => '^[\\w\\.\\-@]+$', + 'userDB' => 'Same', + 'useRedirectOnError' => 1, + 'useSafeJail' => 1, + 'utotp2fActivation' => 0, + 'viewerHiddenKeys' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes', + 'webauthn2fActivation' => 0, + 'webauthn2fSelfRegistration' => 0, + 'webauthn2fUserCanRemoveKey' => 1, + 'webauthn2fUserVerification' => 'preferred', + 'webIDAuthnLevel' => 1, + 'webIDExportedVars' => {}, + 'whatToTrace' => 'uid', + 'yubikey2fActivation' => 0, + 'yubikey2fPublicIDSize' => 12, + 'yubikey2fSelfRegistration' => 0, + 'yubikey2fUserCanRemoveKey' => 1 + }; } 1; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm index 1e037d0213..3d9a7a172a 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm @@ -8,115 +8,115 @@ our $VERSION = '2.0.15'; sub portalConsts { return { - '-1' => 'PE_DONE', - '-2' => 'PE_REDIRECT', - '-3' => 'PE_INFO', - '-4' => 'PE_SENDRESPONSE', - '-5' => 'PE_IDPCHOICE', - '0' => 'PE_OK', - '1' => 'PE_SESSIONEXPIRED', - '10' => 'PE_BADCERTIFICATE', - '100' => 'PE_PP_NOT_ALLOWED_CHARACTER', - '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS', - '102' => 'PE_UPGRADESESSION', - '103' => 'PE_NO_SECOND_FACTORS', - '104' => 'PE_BAD_DEVOPS_FILE', - '105' => 'PE_FILENOTFOUND', - '106' => 'PE_OIDC_AUTH_ERROR', - '2' => 'PE_FORMEMPTY', - '20' => 'PE_NO_PASSWORD_BE', - '21' => 'PE_PP_ACCOUNT_LOCKED', - '22' => 'PE_PP_PASSWORD_EXPIRED', - '23' => 'PE_CERTIFICATEREQUIRED', - '24' => 'PE_ERROR', - '25' => 'PE_PP_CHANGE_AFTER_RESET', - '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', - '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', - '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', - '29' => 'PE_PP_PASSWORD_TOO_SHORT', - '3' => 'PE_WRONGMANAGERACCOUNT', - '30' => 'PE_PP_PASSWORD_TOO_YOUNG', - '31' => 'PE_PP_PASSWORD_IN_HISTORY', - '32' => 'PE_PP_GRACE', - '33' => 'PE_PP_EXP_WARNING', - '34' => 'PE_PASSWORD_MISMATCH', - '35' => 'PE_PASSWORD_OK', - '36' => 'PE_NOTIFICATION', - '37' => 'PE_BADURL', - '38' => 'PE_NOSCHEME', - '39' => 'PE_BADOLDPASSWORD', - '4' => 'PE_USERNOTFOUND', - '40' => 'PE_MALFORMEDUSER', - '41' => 'PE_SESSIONNOTGRANTED', - '42' => 'PE_CONFIRM', - '43' => 'PE_MAILFORMEMPTY', - '44' => 'PE_BADMAILTOKEN', - '45' => 'PE_MAILERROR', - '46' => 'PE_MAILOK', - '47' => 'PE_LOGOUT_OK', - '48' => 'PE_SAML_ERROR', - '49' => 'PE_SAML_LOAD_SERVICE_ERROR', - '5' => 'PE_BADCREDENTIALS', - '50' => 'PE_SAML_LOAD_IDP_ERROR', - '51' => 'PE_SAML_SSO_ERROR', - '52' => 'PE_SAML_UNKNOWN_ENTITY', - '53' => 'PE_SAML_DESTINATION_ERROR', - '54' => 'PE_SAML_CONDITIONS_ERROR', - '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', - '56' => 'PE_SAML_SLO_ERROR', - '57' => 'PE_SAML_SIGNATURE_ERROR', - '58' => 'PE_SAML_ART_ERROR', - '59' => 'PE_SAML_SESSION_ERROR', - '6' => 'PE_LDAPCONNECTFAILED', - '60' => 'PE_SAML_LOAD_SP_ERROR', - '61' => 'PE_SAML_ATTR_ERROR', - '62' => 'PE_OPENID_EMPTY', - '63' => 'PE_OPENID_BADID', - '64' => 'PE_MISSINGREQATTR', - '65' => 'PE_BADPARTNER', - '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT', - '67' => 'PE_PASSWORDFORMEMPTY', - '68' => 'PE_CAS_SERVICE_NOT_ALLOWED', - '69' => 'PE_MAILFIRSTACCESS', - '7' => 'PE_LDAPERROR', - '70' => 'PE_MAILNOTFOUND', - '71' => 'PE_PASSWORDFIRSTACCESS', - '72' => 'PE_MAILCONFIRMOK', - '73' => 'PE_RADIUSCONNECTFAILED', - '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD', - '75' => 'PE_FORBIDDENIP', - '76' => 'PE_CAPTCHAERROR', - '77' => 'PE_CAPTCHAEMPTY', - '78' => 'PE_REGISTERFIRSTACCESS', - '79' => 'PE_REGISTERFORMEMPTY', - '8' => 'PE_APACHESESSIONERROR', - '80' => 'PE_REGISTERALREADYEXISTS', - '81' => 'PE_NOTOKEN', - '82' => 'PE_TOKENEXPIRED', - '83' => 'PE_U2FFAILED', - '84' => 'PE_UNAUTHORIZEDPARTNER', - '85' => 'PE_RENEWSESSION', - '86' => 'PE_WAIT', - '87' => 'PE_MUSTAUTHN', - '88' => 'PE_MUSTHAVEMAIL', - '89' => 'PE_SAML_SERVICE_NOT_ALLOWED', - '9' => 'PE_FIRSTACCESS', - '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED', - '91' => 'PE_OID_SERVICE_NOT_ALLOWED', - '92' => 'PE_GET_SERVICE_NOT_ALLOWED', - '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', - '94' => 'PE_ISSUERMISSINGREQATTR', - '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', - '96' => 'PE_BADOTP', - '97' => 'PE_RESETCERTIFICATE_INVALID', - '98' => 'PE_RESETCERTIFICATE_FORMEMPTY', - '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS' - }; + '-1' => 'PE_DONE', + '-2' => 'PE_REDIRECT', + '-3' => 'PE_INFO', + '-4' => 'PE_SENDRESPONSE', + '-5' => 'PE_IDPCHOICE', + '0' => 'PE_OK', + '1' => 'PE_SESSIONEXPIRED', + '10' => 'PE_BADCERTIFICATE', + '100' => 'PE_PP_NOT_ALLOWED_CHARACTER', + '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS', + '102' => 'PE_UPGRADESESSION', + '103' => 'PE_NO_SECOND_FACTORS', + '104' => 'PE_BAD_DEVOPS_FILE', + '105' => 'PE_FILENOTFOUND', + '106' => 'PE_OIDC_AUTH_ERROR', + '2' => 'PE_FORMEMPTY', + '20' => 'PE_NO_PASSWORD_BE', + '21' => 'PE_PP_ACCOUNT_LOCKED', + '22' => 'PE_PP_PASSWORD_EXPIRED', + '23' => 'PE_CERTIFICATEREQUIRED', + '24' => 'PE_ERROR', + '25' => 'PE_PP_CHANGE_AFTER_RESET', + '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', + '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', + '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', + '29' => 'PE_PP_PASSWORD_TOO_SHORT', + '3' => 'PE_WRONGMANAGERACCOUNT', + '30' => 'PE_PP_PASSWORD_TOO_YOUNG', + '31' => 'PE_PP_PASSWORD_IN_HISTORY', + '32' => 'PE_PP_GRACE', + '33' => 'PE_PP_EXP_WARNING', + '34' => 'PE_PASSWORD_MISMATCH', + '35' => 'PE_PASSWORD_OK', + '36' => 'PE_NOTIFICATION', + '37' => 'PE_BADURL', + '38' => 'PE_NOSCHEME', + '39' => 'PE_BADOLDPASSWORD', + '4' => 'PE_USERNOTFOUND', + '40' => 'PE_MALFORMEDUSER', + '41' => 'PE_SESSIONNOTGRANTED', + '42' => 'PE_CONFIRM', + '43' => 'PE_MAILFORMEMPTY', + '44' => 'PE_BADMAILTOKEN', + '45' => 'PE_MAILERROR', + '46' => 'PE_MAILOK', + '47' => 'PE_LOGOUT_OK', + '48' => 'PE_SAML_ERROR', + '49' => 'PE_SAML_LOAD_SERVICE_ERROR', + '5' => 'PE_BADCREDENTIALS', + '50' => 'PE_SAML_LOAD_IDP_ERROR', + '51' => 'PE_SAML_SSO_ERROR', + '52' => 'PE_SAML_UNKNOWN_ENTITY', + '53' => 'PE_SAML_DESTINATION_ERROR', + '54' => 'PE_SAML_CONDITIONS_ERROR', + '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', + '56' => 'PE_SAML_SLO_ERROR', + '57' => 'PE_SAML_SIGNATURE_ERROR', + '58' => 'PE_SAML_ART_ERROR', + '59' => 'PE_SAML_SESSION_ERROR', + '6' => 'PE_LDAPCONNECTFAILED', + '60' => 'PE_SAML_LOAD_SP_ERROR', + '61' => 'PE_SAML_ATTR_ERROR', + '62' => 'PE_OPENID_EMPTY', + '63' => 'PE_OPENID_BADID', + '64' => 'PE_MISSINGREQATTR', + '65' => 'PE_BADPARTNER', + '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT', + '67' => 'PE_PASSWORDFORMEMPTY', + '68' => 'PE_CAS_SERVICE_NOT_ALLOWED', + '69' => 'PE_MAILFIRSTACCESS', + '7' => 'PE_LDAPERROR', + '70' => 'PE_MAILNOTFOUND', + '71' => 'PE_PASSWORDFIRSTACCESS', + '72' => 'PE_MAILCONFIRMOK', + '73' => 'PE_RADIUSCONNECTFAILED', + '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD', + '75' => 'PE_FORBIDDENIP', + '76' => 'PE_CAPTCHAERROR', + '77' => 'PE_CAPTCHAEMPTY', + '78' => 'PE_REGISTERFIRSTACCESS', + '79' => 'PE_REGISTERFORMEMPTY', + '8' => 'PE_APACHESESSIONERROR', + '80' => 'PE_REGISTERALREADYEXISTS', + '81' => 'PE_NOTOKEN', + '82' => 'PE_TOKENEXPIRED', + '83' => 'PE_U2FFAILED', + '84' => 'PE_UNAUTHORIZEDPARTNER', + '85' => 'PE_RENEWSESSION', + '86' => 'PE_WAIT', + '87' => 'PE_MUSTAUTHN', + '88' => 'PE_MUSTHAVEMAIL', + '89' => 'PE_SAML_SERVICE_NOT_ALLOWED', + '9' => 'PE_FIRSTACCESS', + '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED', + '91' => 'PE_OID_SERVICE_NOT_ALLOWED', + '92' => 'PE_GET_SERVICE_NOT_ALLOWED', + '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', + '94' => 'PE_ISSUERMISSINGREQATTR', + '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', + '96' => 'PE_BADOTP', + '97' => 'PE_RESETCERTIFICATE_INVALID', + '98' => 'PE_RESETCERTIFICATE_FORMEMPTY', + '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS' + }; } # EXPORTER PARAMETERS -our @EXPORT_OK = ( 'portalConsts' ); +our @EXPORT_OK = ('portalConsts'); our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], ); 1; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index b1304c8b54..b380cad505 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -4,4644 +4,4669 @@ package Lemonldap::NG::Manager::Attributes; our $VERSION = '2.0.15'; sub perlExpr { - my($val, $conf) = @_; - my $cpt = 'Safe'->new; - $cpt->share_from('MIME::Base64', ['&encode_base64']); - $cpt->share_from('Lemonldap::NG::Handler::Main::Jail', ['&encrypt', '&token', @Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions]); - $cpt->share_from('Lemonldap::NG::Common::Safelib', $Lemonldap::NG::Common::Safelib::functions); - $cpt->reval("BEGIN { 'warnings'->unimport; } $val"); - my $err = join('', grep({$_ =~ /(?:Undefined subroutine|Devel::StackTrace)/ ? () : $_;} split(/\n/, $@, 0))); - return -1, "__badExpression__: $err" if $err and $conf->{'useSafeJail'}; - return $val =~ qr/(?<=[^=\|\?])=(?![>=~])/ && $conf->{'avoidAssignment'} ? (1, '__badExpressionAssignment__') : 1; - }; - + my ( $val, $conf ) = @_; + my $cpt = 'Safe'->new; + $cpt->share_from( 'MIME::Base64', ['&encode_base64'] ); + $cpt->share_from( + 'Lemonldap::NG::Handler::Main::Jail', + [ + '&encrypt', '&token', + @Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions + ] + ); + $cpt->share_from( 'Lemonldap::NG::Common::Safelib', + $Lemonldap::NG::Common::Safelib::functions ); + $cpt->reval("BEGIN { 'warnings'->unimport; } $val"); + my $err = join( + '', + grep( { $_ =~ /(?:Undefined subroutine|Devel::StackTrace)/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return -1, "__badExpression__: $err" if $err and $conf->{'useSafeJail'}; + return $val =~ qr/(?<=[^=\|\?])=(?![>=~])/ + && $conf->{'avoidAssignment'} ? ( 1, '__badExpressionAssignment__' ) : 1; +} sub types { return { - 'array' => { - 'test' => sub { - 1; - } - }, - 'authParamsText' => { - 'test' => sub { - 1; - } - }, - 'blackWhiteList' => { - 'test' => sub { - 1; - } - }, - 'bool' => { - 'msgFail' => '__notABoolean__', - 'test' => qr/^[01]$/ + 'array' => { + 'test' => sub { + 1; + } + }, + 'authParamsText' => { + 'test' => sub { + 1; + } + }, + 'blackWhiteList' => { + 'test' => sub { + 1; + } + }, + 'bool' => { + 'msgFail' => '__notABoolean__', + 'test' => qr/^[01]$/ + }, + 'boolOrExpr' => { + 'msgFail' => '__notAValidPerlExpression__', + 'test' => sub { + return perlExpr(@_); + } + }, + 'catAndAppList' => { + 'test' => sub { + 1; + } + }, + 'file' => { + 'test' => sub { + 1; + } + }, + 'hostname' => { + 'form' => 'text', + 'msgFail' => '__badHostname__', + 'test' => +qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$/ + }, + 'int' => { + 'msgFail' => '__notAnInteger__', + 'test' => qr/^\-?\d+$/ + }, + 'keyText' => { + 'keyTest' => qr/^[a-zA-Z0-9_]+$/, + 'msgFail' => '__badValue__', + 'test' => qr/^.*$/ + }, + 'keyTextContainer' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/^\w[\w\.\-]*$/, + 'msgFail' => '__emptyValueNotAllowed__', + 'test' => qr/./ + }, + 'lmAttrOrMacro' => { + 'form' => 'text', + 'test' => sub { + my ( $val, $conf ) = @_; + return 1 if defined $conf->{'macros'}{$val} or $val =~ /^_/; + foreach $_ ( keys %$conf ) { + return 1 + if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val}; + } + return 1, "__unknownAttrOrMacro__: $val"; + } + }, + 'longtext' => { + 'test' => sub { + 1; + } + }, + 'menuApp' => { + 'test' => sub { + 1; + } + }, + 'menuCat' => { + 'test' => sub { + 1; + } + }, + 'oidcAttribute' => { + 'test' => sub { + 1; + } + }, + 'oidcmetadatajson' => { + 'test' => sub { + 1; + } + }, + 'oidcmetadatajwks' => { + 'test' => sub { + 1; + } + }, + 'oidcOPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'oidcRPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'password' => { + 'msgFail' => '__malformedValue__', + 'test' => sub { + 1; + } + }, + 'pcre' => { + 'form' => 'text', + 'test' => sub { + eval { + do { + qr/$_[0]/; + } + }; + return $@ ? ( 0, "__badRegexp__: $@" ) : 1; + } + }, + 'PerlModule' => { + 'form' => 'text', + 'msgFail' => '__badPerlPackageName__', + 'test' => qr/^(?:[a-zA-Z][a-zA-Z0-9]*)*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/ + }, + 'portalskin' => { + 'test' => sub { + 1; + } + }, + 'portalskinbackground' => { + 'test' => sub { + 1; + } + }, + 'post' => { + 'test' => sub { + 1; + } + }, + 'RSAPrivateKey' => { + 'test' => sub { + return $_[0] =~ +m[^(?:(?:\-+\s*BEGIN\s+(?:(?:RSA|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:(?:RSA|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s + ? 1 + : ( 1, '__badPemEncoding__' ); + } + }, + 'RSAPublicKey' => { + 'test' => sub { + return $_[0] =~ +m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s + ? 1 + : ( 1, '__badPemEncoding__' ); + } + }, + 'RSAPublicKeyOrCertificate' => { + 'test' => sub { + return $_[0] =~ +m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s + ? 1 + : ( 1, '__badPemEncoding__' ); + } + }, + 'rule' => { + 'test' => sub { + 1; + } + }, + 'samlAssertion' => { + 'test' => sub { + 1; + } + }, + 'samlAttribute' => { + 'test' => sub { + 1; + } + }, + 'samlIDPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'samlService' => { + 'test' => sub { + 1; + } + }, + 'samlSPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'select' => { + 'test' => sub { + return 0, 'Value is not a scalar' if ref $_[0]; + my $test = grep( { $_ eq $_[0]; } + map( { $_->{'k'}; } @{ $_[2]{'select'}; } ) ); + return $test + ? 1 + : ( 1, "Invalid value '$_[0]' for this select" ); + } + }, + 'subContainer' => { + 'keyTest' => qr/\w/, + 'test' => sub { + 1; + } + }, + 'text' => { + 'msgFail' => '__malformedValue__', + 'test' => sub { + 1; + } + }, + 'trool' => { + 'msgFail' => '__authorizedValues__: -1, 0, 1', + 'test' => qr/^(?:-1|0|1)$/ + }, + 'url' => { + 'form' => 'text', + 'msgFail' => '__badUrl__', + 'test' => +qr/(?:^$|(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/ + } + }; +} + +sub attributes { + return { + 'activeTimer' => { + 'default' => 1, + 'type' => 'bool' + }, + 'adaptativeAuthenticationLevelRules' => { + 'keyMsgFail' => '__badRegexp__', + 'keyTest' => sub { + eval { + do { + qr/$_[0]/; + } + }; + return $@ ? 0 : 1; + }, + 'type' => 'keyTextContainer' + }, + 'ADPwdExpireWarning' => { + 'default' => 0, + 'type' => 'int' + }, + 'ADPwdMaxAge' => { + 'default' => 0, + 'type' => 'int' + }, + 'apacheAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'applicationList' => { + 'default' => { + 'default' => { + 'catname' => 'Default category', + 'type' => 'category' + } + }, + 'keyTest' => qr/\w/, + 'type' => 'catAndAppList' + }, + 'authChoiceAuthBasic' => { + 'type' => 'text' + }, + 'authChoiceFindUser' => { + 'type' => 'text' + }, + 'authChoiceModules' => { + 'keyMsgFail' => '__badChoiceKey__', + 'keyTest' => qr/^(\d*)?[a-zA-Z0-9_]+$/, + 'select' => [ [ { + 'k' => 'Apache', + 'v' => 'Apache' }, - 'boolOrExpr' => { - 'msgFail' => '__notAValidPerlExpression__', - 'test' => sub { - return perlExpr(@_); - } - }, - 'catAndAppList' => { - 'test' => sub { - 1; - } - }, - 'file' => { - 'test' => sub { - 1; - } + { + 'k' => 'AD', + 'v' => 'Active Directory' }, - 'hostname' => { - 'form' => 'text', - 'msgFail' => '__badHostname__', - 'test' => qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$/ - }, - 'int' => { - 'msgFail' => '__notAnInteger__', - 'test' => qr/^\-?\d+$/ - }, - 'keyText' => { - 'keyTest' => qr/^[a-zA-Z0-9_]+$/, - 'msgFail' => '__badValue__', - 'test' => qr/^.*$/ - }, - 'keyTextContainer' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/^\w[\w\.\-]*$/, - 'msgFail' => '__emptyValueNotAllowed__', - 'test' => qr/./ - }, - 'lmAttrOrMacro' => { - 'form' => 'text', - 'test' => sub { - my($val, $conf) = @_; - return 1 if defined $conf->{'macros'}{$val} or $val =~ /^_/; - foreach $_ (keys %$conf) { - return 1 if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val}; - } - return 1, "__unknownAttrOrMacro__: $val"; - } - }, - 'longtext' => { - 'test' => sub { - 1; - } - }, - 'menuApp' => { - 'test' => sub { - 1; - } - }, - 'menuCat' => { - 'test' => sub { - 1; - } - }, - 'oidcAttribute' => { - 'test' => sub { - 1; - } - }, - 'oidcmetadatajson' => { - 'test' => sub { - 1; - } - }, - 'oidcmetadatajwks' => { - 'test' => sub { - 1; - } - }, - 'oidcOPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'oidcRPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'password' => { - 'msgFail' => '__malformedValue__', - 'test' => sub { - 1; - } - }, - 'pcre' => { - 'form' => 'text', - 'test' => sub { - eval { - do { - qr/$_[0]/ - } - }; - return $@ ? (0, "__badRegexp__: $@") : 1; - } + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' }, - 'PerlModule' => { - 'form' => 'text', - 'msgFail' => '__badPerlPackageName__', - 'test' => qr/^(?:[a-zA-Z][a-zA-Z0-9]*)*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/ - }, - 'portalskin' => { - 'test' => sub { - 1; - } - }, - 'portalskinbackground' => { - 'test' => sub { - 1; - } - }, - 'post' => { - 'test' => sub { - 1; - } + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' }, - 'RSAPrivateKey' => { - 'test' => sub { - return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+(?:(?:RSA|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:(?:RSA|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); - } - }, - 'RSAPublicKey' => { - 'test' => sub { - return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); - } - }, - 'RSAPublicKeyOrCertificate' => { - 'test' => sub { - return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); - } - }, - 'rule' => { - 'test' => sub { - 1; - } + { + 'k' => 'Demo', + 'v' => 'Demo' }, - 'samlAssertion' => { - 'test' => sub { - 1; - } - }, - 'samlAttribute' => { - 'test' => sub { - 1; - } - }, - 'samlIDPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'samlService' => { - 'test' => sub { - 1; - } - }, - 'samlSPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'select' => { - 'test' => sub { - return 0, 'Value is not a scalar' if ref $_[0]; - my $test = grep({$_ eq $_[0];} map({$_->{'k'};} @{$_[2]{'select'};})); - return $test ? 1 : (1, "Invalid value '$_[0]' for this select"); - } - }, - 'subContainer' => { - 'keyTest' => qr/\w/, - 'test' => sub { - 1; - } - }, - 'text' => { - 'msgFail' => '__malformedValue__', - 'test' => sub { - 1; - } + { + 'k' => 'Facebook', + 'v' => 'Facebook' }, - 'trool' => { - 'msgFail' => '__authorizedValues__: -1, 0, 1', - 'test' => qr/^(?:-1|0|1)$/ - }, - 'url' => { - 'form' => 'text', - 'msgFail' => '__badUrl__', - 'test' => qr/(?:^$|(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/ - } - }; -} - -sub attributes { - return { - 'activeTimer' => { - 'default' => 1, - 'type' => 'bool' - }, - 'adaptativeAuthenticationLevelRules' => { - 'keyMsgFail' => '__badRegexp__', - 'keyTest' => sub { - eval { - do { - qr/$_[0]/ - } - }; - return $@ ? 0 : 1; - }, - 'type' => 'keyTextContainer' - }, - 'ADPwdExpireWarning' => { - 'default' => 0, - 'type' => 'int' - }, - 'ADPwdMaxAge' => { - 'default' => 0, - 'type' => 'int' - }, - 'apacheAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'applicationList' => { - 'default' => { - 'default' => { - 'catname' => 'Default category', - 'type' => 'category' - } - }, - 'keyTest' => qr/\w/, - 'type' => 'catAndAppList' - }, - 'authChoiceAuthBasic' => { - 'type' => 'text' - }, - 'authChoiceFindUser' => { - 'type' => 'text' - }, - 'authChoiceModules' => { - 'keyMsgFail' => '__badChoiceKey__', - 'keyTest' => qr/^(\d*)?[a-zA-Z0-9_]+$/, - 'select' => [ - [ - { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'GitHub', - 'v' => 'GitHub' - }, - { - 'k' => 'GPG', - 'v' => 'GPG' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'LinkedIn', - 'v' => 'LinkedIn' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'SSL', - 'v' => 'SSL' - }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - [ - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - [ - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ] - ], - 'test' => sub { - 1; - }, - 'type' => 'authChoiceContainer' - }, - 'authChoiceParam' => { - 'default' => 'lmAuth', - 'type' => 'text' - }, - 'authentication' => { - 'default' => 'Demo', - 'select' => [ - { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'GitHub', - 'v' => 'GitHub' - }, - { - 'k' => 'GPG', - 'v' => 'GPG' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'LinkedIn', - 'v' => 'LinkedIn' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'SSL', - 'v' => 'SSL' - }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'Choice', - 'v' => 'authChoice' - }, - { - 'k' => 'Combination', - 'v' => 'combineMods' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'AuthLDAPFilter' => { - 'type' => 'text' - }, - 'autoSigninRules' => { - 'type' => 'keyTextContainer' - }, - 'available2F' => { - 'default' => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius', - 'type' => 'text' - }, - 'available2FSelfRegistration' => { - 'default' => 'TOTP,U2F,WebAuthn,Yubikey', - 'type' => 'text' - }, - 'avoidAssignment' => { - 'default' => 0, - 'type' => 'bool' - }, - 'browsersDontStorePassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'bruteForceProtection' => { - 'default' => 0, - 'type' => 'bool' - }, - 'bruteForceProtectionIncrementalTempo' => { - 'default' => 0, - 'type' => 'bool' - }, - 'bruteForceProtectionLockTimes' => { - 'default' => '15, 30, 60, 300, 600', - 'type' => 'text' - }, - 'bruteForceProtectionMaxAge' => { - 'default' => 300, - 'type' => 'int' - }, - 'bruteForceProtectionMaxFailed' => { - 'default' => 3, - 'type' => 'int' - }, - 'bruteForceProtectionMaxLockTime' => { - 'default' => 900, - 'type' => 'int' - }, - 'bruteForceProtectionTempo' => { - 'default' => 30, - 'type' => 'int' - }, - 'captcha' => { - 'type' => 'PerlModule' - }, - 'captcha_login_enabled' => { - 'default' => 0, - 'type' => 'bool' - }, - 'captcha_mail_enabled' => { - 'default' => 1, - 'type' => 'bool' - }, - 'captcha_register_enabled' => { - 'default' => 1, - 'type' => 'bool' - }, - 'captcha_size' => { - 'default' => 6, - 'type' => 'int' - }, - 'captchaOptions' => { - 'type' => 'keyTextContainer' - }, - 'casAccessControlPolicy' => { - 'default' => 'none', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'error', - 'v' => 'Display error on portal' - }, - { - 'k' => 'faketicket', - 'v' => 'Send a fake service ticket' - } - ], - 'type' => 'select' - }, - 'casAppMetaDataExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'type' => 'keyTextContainer' - }, - 'casAppMetaDataMacros' => { - 'default' => {}, - 'test' => { - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'casAppMetaDataNodes' => { - 'type' => 'casAppMetaDataNodeContainer' - }, - 'casAppMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'casAppMetaDataOptionsAuthnLevel' => { - 'type' => 'int' - }, - 'casAppMetaDataOptionsRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'casAppMetaDataOptionsService' => { - 'type' => 'text' - }, - 'casAppMetaDataOptionsUserAttribute' => { - 'type' => 'text' - }, - 'casAttr' => { - 'type' => 'text' - }, - 'casAttributes' => { - 'type' => 'keyTextContainer' - }, - 'casAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'casSrvMetaDataExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'type' => 'keyTextContainer' - }, - 'casSrvMetaDataNodes' => { - 'type' => 'casSrvMetaDataNodeContainer' - }, - 'casSrvMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'casSrvMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'casSrvMetaDataOptionsGateway' => { - 'default' => 0, - 'type' => 'bool' - }, - 'casSrvMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'casSrvMetaDataOptionsProxiedServices' => { - 'keyMsgFail' => '__badCasProxyId__', - 'keyTest' => qr/^\w/, - 'type' => 'keyTextContainer' - }, - 'casSrvMetaDataOptionsRenew' => { - 'default' => 0, - 'type' => 'bool' - }, - 'casSrvMetaDataOptionsResolutionRule' => { - 'default' => '', - 'type' => 'longtext' - }, - 'casSrvMetaDataOptionsSortNumber' => { - 'type' => 'int' - }, - 'casSrvMetaDataOptionsUrl' => { - 'msgFail' => '__badUrl__', - 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'text' - }, - 'casStorage' => { - 'type' => 'PerlModule' - }, - 'casStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'casStrictMatching' => { - 'default' => 0, - 'type' => 'bool' - }, - 'casTicketExpiration' => { - 'default' => 0, - 'type' => 'int' - }, - 'cda' => { - 'default' => 0, - 'type' => 'bool' - }, - 'certificateResetByMailCeaAttribute' => { - 'default' => 'description', - 'type' => 'text' - }, - 'certificateResetByMailCertificateAttribute' => { - 'default' => 'userCertificate;binary', - 'type' => 'text' - }, - 'certificateResetByMailStep1Body' => { - 'type' => 'longtext' - }, - 'certificateResetByMailStep1Subject' => { - 'type' => 'text' - }, - 'certificateResetByMailStep2Body' => { - 'type' => 'longtext' - }, - 'certificateResetByMailStep2Subject' => { - 'type' => 'text' - }, - 'certificateResetByMailURL' => { - 'default' => 'http://auth.example.com/certificateReset', - 'type' => 'url' - }, - 'certificateResetByMailValidityDelay' => { - 'default' => 0, - 'type' => 'int' - }, - 'cfgAuthor' => { - 'type' => 'text' - }, - 'cfgAuthorIP' => { - 'type' => 'text' - }, - 'cfgDate' => { - 'type' => 'int' - }, - 'cfgLog' => { - 'type' => 'longtext' - }, - 'cfgNum' => { - 'default' => 0, - 'type' => 'int' - }, - 'cfgVersion' => { - 'type' => 'text' - }, - 'checkDevOps' => { - 'default' => 0, - 'type' => 'bool' - }, - 'checkDevOpsCheckSessionAttributes' => { - 'default' => 1, - 'type' => 'bool' - }, - 'checkDevOpsDisplayNormalizedHeaders' => { - 'default' => 1, - 'type' => 'bool' - }, - 'checkDevOpsDownload' => { - 'default' => 1, - 'type' => 'bool' - }, - 'checkState' => { - 'default' => 0, - 'type' => 'bool' - }, - 'checkStateSecret' => { - 'type' => 'text' - }, - 'checkTime' => { - 'default' => 600, - 'type' => 'int' - }, - 'checkUser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'checkUserDisplayComputedSession' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayEmptyHeaders' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayEmptyValues' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayHiddenAttributes' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayHistory' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayNormalizedHeaders' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayPersistentInfo' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserHiddenAttributes' => { - 'default' => '_loginHistory, _session_id, hGroups', - 'type' => 'text' - }, - 'checkUserHiddenHeaders' => { - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^\S+$/, - 'test' => { - 'keyMsgFail' => '__badHeaderName__', - 'keyTest' => qr/^(?=[^\-])[\w\-\s]+(?<=[^-])$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'checkUserIdRule' => { - 'default' => 1, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'checkUserSearchAttributes' => { - 'type' => 'text' - }, - 'checkUserUnrestrictedUsersRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'checkXSS' => { - 'default' => 1, - 'type' => 'bool' - }, - 'combination' => { - 'type' => 'text' - }, - 'combModules' => { - 'keyTest' => qr/^\w+$/, - 'select' => [ - { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'GitHub', - 'v' => 'GitHub' - }, - { - 'k' => 'GPG', - 'v' => 'GPG' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'LinkedIn', - 'v' => 'LinkedIn' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'SSL', - 'v' => 'SSL' - }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'test' => sub { - 1; - }, - 'type' => 'cmbModuleContainer' - }, - 'compactConf' => { - 'default' => 0, - 'type' => 'bool' - }, - 'configStorage' => { - 'type' => 'text' - }, - 'confirmFormMethod' => { - 'default' => 'post', - 'select' => [ - { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'contextSwitchingAllowed2fModifications' => { - 'default' => 0, - 'type' => 'bool' - }, - 'contextSwitchingIdRule' => { - 'default' => 1, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'contextSwitchingPrefix' => { - 'default' => 'switching', - 'type' => 'text' - }, - 'contextSwitchingRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'contextSwitchingStopWithLogout' => { - 'default' => 1, - 'type' => 'bool' - }, - 'contextSwitchingUnrestrictedUsersRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'cookieExpiration' => { - 'type' => 'int' - }, - 'cookieName' => { - 'default' => 'lemonldap', - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'corsAllow_Credentials' => { - 'default' => 'true', - 'type' => 'text' - }, - 'corsAllow_Headers' => { - 'default' => '*', - 'type' => 'text' - }, - 'corsAllow_Methods' => { - 'default' => 'POST,GET', - 'type' => 'text' - }, - 'corsAllow_Origin' => { - 'default' => '*', - 'type' => 'text' - }, - 'corsEnabled' => { - 'default' => 1, - 'type' => 'bool' - }, - 'corsExpose_Headers' => { - 'default' => '*', - 'type' => 'text' - }, - 'corsMax_Age' => { - 'default' => '86400', - 'type' => 'text' - }, - 'crowdsec' => { - 'type' => 'bool' - }, - 'crowdsecAction' => { - 'default' => 'reject', - 'select' => [ - { - 'k' => 'reject', - 'v' => 'Reject' - }, - { - 'k' => 'warn', - 'v' => 'Warn' - } - ], - 'type' => 'select' - }, - 'crowdsecKey' => { - 'type' => 'text' - }, - 'crowdsecUrl' => { - 'type' => 'url' - }, - 'cspConnect' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspDefault' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspFont' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspFormAction' => { - 'default' => '*', - 'type' => 'text' - }, - 'cspFrameAncestors' => { - 'default' => '', - 'type' => 'text' - }, - 'cspImg' => { - 'default' => '\'self\' data:', - 'type' => 'text' - }, - 'cspScript' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspStyle' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'customAddParams' => { - 'type' => 'keyTextContainer' - }, - 'customAuth' => { - 'type' => 'text' - }, - 'customFunctions' => { - 'msgFail' => '__badCustomFuncName__', - 'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/, - 'type' => 'text' - }, - 'customPassword' => { - 'type' => 'text' - }, - 'customPlugins' => { - 'type' => 'text' - }, - 'customPluginsParams' => { - 'type' => 'keyTextContainer' - }, - 'customRegister' => { - 'type' => 'text' - }, - 'customResetCertByMail' => { - 'type' => 'text' - }, - 'customToTrace' => { - 'type' => 'lmAttrOrMacro' - }, - 'customUserDB' => { - 'type' => 'text' - }, - 'dbiAuthChain' => { - 'type' => 'text' - }, - 'dbiAuthLoginCol' => { - 'type' => 'text' - }, - 'dbiAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'dbiAuthPassword' => { - 'type' => 'password' - }, - 'dbiAuthPasswordCol' => { - 'type' => 'text' - }, - 'dbiAuthPasswordHash' => { - 'type' => 'text' - }, - 'dbiAuthTable' => { - 'type' => 'text' - }, - 'dbiAuthUser' => { - 'type' => 'text' - }, - 'dbiDynamicHashEnabled' => { - 'type' => 'bool' - }, - 'dbiDynamicHashNewPasswordScheme' => { - 'type' => 'text' - }, - 'dbiDynamicHashValidSaltedSchemes' => { - 'type' => 'text' - }, - 'dbiDynamicHashValidSchemes' => { - 'type' => 'text' - }, - 'dbiExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'dbiPasswordMailCol' => { - 'type' => 'text' - }, - 'dbiUserChain' => { - 'type' => 'text' - }, - 'dbiUserPassword' => { - 'type' => 'password' - }, - 'dbiUserTable' => { - 'type' => 'text' - }, - 'dbiUserUser' => { - 'type' => 'text' - }, - 'decryptValueFunctions' => { - 'msgFail' => '__badCustomFuncName__', - 'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/, - 'type' => 'text' - }, - 'decryptValueRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'demoExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'disablePersistentStorage' => { - 'default' => 0, - 'type' => 'bool' - }, - 'displaySessionId' => { - 'default' => 1, - 'type' => 'bool' - }, - 'domain' => { - 'default' => 'example.com', - 'msgFail' => '__badDomainName__', - 'test' => qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, - 'type' => 'text' - }, - 'exportedAttr' => { - 'type' => 'text' - }, - 'exportedHeaders' => { - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^\S+$/, - 'test' => { - 'keyMsgFail' => '__badHeaderName__', - 'keyTest' => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'exportedVars' => { - 'default' => { - 'UA' => 'HTTP_USER_AGENT' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[_a-zA-Z][a-zA-Z0-9_]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[_a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'ext2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'ext2fAuthnLevel' => { - 'type' => 'int' - }, - 'ext2fCodeActivation' => { - 'default' => '\\d{6}', - 'type' => 'pcre' - }, - 'ext2fLabel' => { - 'type' => 'text' - }, - 'ext2fLogo' => { - 'type' => 'text' - }, - 'ext2fResendInterval' => { - 'type' => 'text' - }, - 'ext2FSendCommand' => { - 'type' => 'text' - }, - 'ext2FValidateCommand' => { - 'type' => 'text' - }, - 'facebookAppId' => { - 'type' => 'text' - }, - 'facebookAppSecret' => { - 'type' => 'text' - }, - 'facebookAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'facebookExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'facebookUserField' => { - 'default' => 'id', - 'type' => 'text' - }, - 'failedLoginNumber' => { - 'default' => 5, - 'type' => 'int' - }, - 'findUser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'findUserControl' => { - 'default' => '^[*\\w]+$', - 'type' => 'pcre' - }, - 'findUserExcludingAttributes' => { - 'keyTest' => qr/^\S+$/, - 'type' => 'keyTextContainer' - }, - 'findUserSearchingAttributes' => { - 'keyTest' => qr/^\S+$/, - 'type' => 'keyTextContainer' - }, - 'findUserWildcard' => { - 'default' => '*', - 'type' => 'text' - }, - 'forceGlobalStorageIssuerOTT' => { - 'type' => 'bool' - }, - 'forceGlobalStorageUpgradeOTT' => { - 'type' => 'bool' - }, - 'formTimeout' => { - 'default' => 120, - 'type' => 'int' - }, - 'githubAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'githubClientID' => { - 'type' => 'text' - }, - 'githubClientSecret' => { - 'type' => 'password' - }, - 'githubScope' => { - 'default' => 'user:email', - 'type' => 'text' - }, - 'githubUserField' => { - 'default' => 'login', - 'type' => 'text' - }, - 'globalLogoutCustomParam' => { - 'type' => 'text' - }, - 'globalLogoutRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'globalLogoutTimer' => { - 'default' => 1, - 'type' => 'bool' - }, - 'globalStorage' => { - 'default' => 'Apache::Session::File', - 'type' => 'PerlModule' - }, - 'globalStorageOptions' => { - 'default' => { - 'Directory' => '/var/lib/lemonldap-ng/sessions/', - 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', - 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' - }, - 'type' => 'keyTextContainer' - }, - 'gpgAuthnLevel' => { - 'default' => 5, - 'type' => 'int' - }, - 'gpgDb' => { - 'default' => '', - 'type' => 'text' - }, - 'grantSessionRules' => { - 'default' => {}, - 'keyTest' => sub { - return perlExpr(@_); - }, - 'test' => sub { - 1; - }, - 'type' => 'grantContainer' - }, - 'groups' => { - 'default' => {}, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'keyTextContainer' - }, - 'groupsBeforeMacros' => { - 'default' => 0, - 'type' => 'bool' - }, - 'handlerInternalCache' => { - 'default' => 15, - 'type' => 'int' - }, - 'handlerServiceTokenTTL' => { - 'default' => 30, - 'type' => 'int' - }, - 'hiddenAttributes' => { - 'default' => '_password, _2fDevices', - 'type' => 'text' - }, - 'hideOldPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'httpOnly' => { - 'default' => 1, - 'type' => 'bool' - }, - 'https' => { - 'default' => -1, - 'type' => 'trool' - }, - 'impersonationHiddenAttributes' => { - 'default' => '_2fDevices, _loginHistory', - 'type' => 'text' - }, - 'impersonationIdRule' => { - 'default' => 1, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'impersonationMergeSSOgroups' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'impersonationPrefix' => { - 'default' => 'real_', - 'type' => 'text' - }, - 'impersonationRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'impersonationSkipEmptyValues' => { - 'default' => 1, - 'type' => 'bool' - }, - 'impersonationUnrestrictedUsersRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'infoFormMethod' => { - 'default' => 'get', - 'select' => [ - { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'issuerDBCASActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBCASPath' => { - 'default' => '^/cas/', - 'type' => 'pcre' - }, - 'issuerDBCASRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBGetActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBGetParameters' => { - 'default' => {}, - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/, - 'test' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/, - 'test' => sub { - my($val, $conf) = @_; - return 1 if defined $conf->{'macros'}{$val} or $val eq '_timezone'; - foreach $_ (keys %$conf) { - return 1 if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val}; - } - return 1, "__unknownAttrOrMacro__: $val"; - } - }, - 'type' => 'doubleHash' - }, - 'issuerDBGetPath' => { - 'default' => '^/get/', - 'type' => 'text' - }, - 'issuerDBGetRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBOpenIDActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBOpenIDConnectActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBOpenIDConnectPath' => { - 'default' => '^/oauth2/', - 'type' => 'text' - }, - 'issuerDBOpenIDConnectRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBOpenIDPath' => { - 'default' => '^/openidserver/', - 'type' => 'pcre' - }, - 'issuerDBOpenIDRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBSAMLActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBSAMLPath' => { - 'default' => '^/saml/', - 'type' => 'pcre' - }, - 'issuerDBSAMLRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuersTimeout' => { - 'default' => 120, - 'type' => 'int' - }, - 'jsRedirect' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'key' => { - 'type' => 'password' - }, - 'krbAllowedDomains' => { - 'type' => 'text' - }, - 'krbAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'krbByJs' => { - 'default' => 0, - 'type' => 'bool' - }, - 'krbKeytab' => { - 'type' => 'text' - }, - 'krbRemoveDomain' => { - 'default' => 1, - 'type' => 'bool' - }, - 'ldapAllowResetExpiredPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'ldapBase' => { - 'default' => 'dc=example,dc=com', - 'msgFail' => '__badValue__', - 'test' => qr/^(?:\w+=.*|)$/, - 'type' => 'text' - }, - 'ldapCAFile' => { - 'type' => 'text' - }, - 'ldapCAPath' => { - 'type' => 'text' - }, - 'ldapChangePasswordAsUser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'LDAPFilter' => { - 'type' => 'text' - }, - 'ldapGetUserBeforePasswordChange' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapGroupAttributeName' => { - 'default' => 'member', - 'type' => 'text' - }, - 'ldapGroupAttributeNameGroup' => { - 'default' => 'dn', - 'type' => 'text' - }, - 'ldapGroupAttributeNameSearch' => { - 'default' => 'cn', - 'type' => 'text' - }, - 'ldapGroupAttributeNameUser' => { - 'default' => 'dn', - 'type' => 'text' - }, - 'ldapGroupBase' => { - 'type' => 'text' - }, - 'ldapGroupDecodeSearchedValue' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapGroupObjectClass' => { - 'default' => 'groupOfNames', - 'type' => 'text' - }, - 'ldapGroupRecursive' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapIOTimeout' => { - 'default' => 10, - 'type' => 'int' - }, - 'ldapITDS' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapPasswordResetAttribute' => { - 'default' => 'pwdReset', - 'type' => 'text' - }, - 'ldapPasswordResetAttributeValue' => { - 'default' => 'TRUE', - 'type' => 'text' - }, - 'ldapPort' => { - 'type' => 'int' - }, - 'ldapPpolicyControl' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapPwdEnc' => { - 'default' => 'utf-8', - 'msgFail' => '__badEncoding__', - 'test' => qr/^[a-zA-Z0-9_][a-zA-Z0-9_\-]*[a-zA-Z0-9_]$/, - 'type' => 'text' - }, - 'ldapRaw' => { - 'type' => 'text' - }, - 'ldapSearchDeref' => { - 'default' => 'find', - 'select' => [ - { - 'k' => 'never', - 'v' => 'never' - }, - { - 'k' => 'search', - 'v' => 'search' - }, - { - 'k' => 'find', - 'v' => 'find' - }, - { - 'k' => 'always', - 'v' => 'always' - } - ], - 'type' => 'select' - }, - 'ldapServer' => { - 'default' => 'ldap://localhost', - 'test' => sub { - my $l = shift(); - my @s = split(/[\s,]+/, $l, 0); - foreach my $s (@s) { - return 0, qq[__badLdapUri__: "$s"] unless $s =~ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$]o; - } - return 1; - }, - 'type' => 'text' - }, - 'ldapSetPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapTimeout' => { - 'default' => 10, - 'type' => 'int' - }, - 'ldapUsePasswordResetAttribute' => { - 'default' => 1, - 'type' => 'bool' - }, - 'ldapVerify' => { - 'default' => 'require', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'optional', - 'v' => 'Optional' - }, - { - 'k' => 'require', - 'v' => 'Require' - } - ], - 'type' => 'select' - }, - 'ldapVersion' => { - 'default' => 3, - 'type' => 'int' - }, - 'linkedInAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'linkedInClientID' => { - 'type' => 'text' - }, - 'linkedInClientSecret' => { - 'type' => 'password' - }, - 'linkedInFields' => { - 'default' => 'id,first-name,last-name,email-address', - 'type' => 'text' - }, - 'linkedInScope' => { - 'default' => 'r_liteprofile r_emailaddress', - 'type' => 'text' - }, - 'linkedInUserField' => { - 'default' => 'emailAddress', - 'type' => 'text' - }, - 'localSessionStorage' => { - 'default' => 'Cache::FileCache', - 'type' => 'PerlModule' - }, - 'localSessionStorageOptions' => { - 'default' => { - 'cache_depth' => 3, - 'cache_root' => '/var/cache/lemonldap-ng', - 'default_expires_in' => 600, - 'directory_umask' => '007', - 'namespace' => 'lemonldap-ng-sessions' - }, - 'type' => 'keyTextContainer' - }, - 'localStorage' => { - 'type' => 'text' - }, - 'localStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'locationRules' => { - 'default' => { - 'default' => 'deny' - }, - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^\S+$/, - 'test' => { - 'keyMsgFail' => '__badRegexp__', - 'keyTest' => sub { - eval { - do { - qr/$_[0]/ - } - }; - return $@ ? 0 : 1; - }, - 'msgFail' => '__badExpression__', - 'test' => sub { - my($val, $conf) = @_; - my $s = $val; - if ($s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*//) { - return $s =~ m[^(?:https?://.*)?$] ? 1 : (0, '__badUrl__'); - } - $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g; - return &perlExpr($s, $conf); - } - }, - 'type' => 'ruleContainer' - }, - 'log4perlConfFile' => { - 'type' => 'text' - }, - 'logger' => { - 'type' => 'text' - }, - 'loginHistoryEnabled' => { - 'default' => 0, - 'type' => 'bool' - }, - 'logLevel' => { - 'type' => 'text' - }, - 'logoutServices' => { - 'default' => {}, - 'type' => 'keyTextContainer' - }, - 'lwpOpts' => { - 'type' => 'keyTextContainer' - }, - 'lwpSslOpts' => { - 'type' => 'keyTextContainer' - }, - 'macros' => { - 'default' => {}, - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'keyTextContainer' - }, - 'mail2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'mail2fAuthnLevel' => { - 'type' => 'int' - }, - 'mail2fBody' => { - 'type' => 'longtext' - }, - 'mail2fCodeRegex' => { - 'default' => '\\d{6}', - 'type' => 'pcre' - }, - 'mail2fLabel' => { - 'type' => 'text' - }, - 'mail2fLogo' => { - 'type' => 'text' - }, - 'mail2fResendInterval' => { - 'type' => 'text' - }, - 'mail2fSessionKey' => { - 'type' => 'text' - }, - 'mail2fSubject' => { - 'type' => 'text' - }, - 'mail2fTimeout' => { - 'type' => 'int' - }, - 'mailBody' => { - 'type' => 'longtext' - }, - 'mailCharset' => { - 'default' => 'utf-8', - 'type' => 'text' - }, - 'mailConfirmBody' => { - 'type' => 'longtext' - }, - 'mailConfirmSubject' => { - 'type' => 'text' - }, - 'mailFrom' => { - 'default' => 'noreply@example.com', - 'type' => 'text' - }, - 'mailLDAPFilter' => { - 'type' => 'text' - }, - 'mailOnPasswordChange' => { - 'default' => 0, - 'type' => 'bool' - }, - 'mailReplyTo' => { - 'type' => 'text' - }, - 'mailSessionKey' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'mailSubject' => { - 'type' => 'text' - }, - 'mailTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'mailUrl' => { - 'default' => 'http://auth.example.com/resetpwd', - 'type' => 'url' - }, - 'maintenance' => { - 'default' => 0, - 'type' => 'bool' - }, - 'managerDn' => { - 'default' => '', - 'msgFail' => '__badValue__', - 'test' => qr/^.*$/, - 'type' => 'text' - }, - 'managerPassword' => { - 'default' => '', - 'msgFail' => '__badValue__', - 'test' => qr/^\S*$/, - 'type' => 'password' - }, - 'max2FDevices' => { - 'default' => 10, - 'type' => 'int' - }, - 'max2FDevicesNameLength' => { - 'default' => 20, - 'type' => 'int' - }, - 'multiValuesSeparator' => { - 'default' => '; ', - 'type' => 'authParamsText' - }, - 'mySessionAuthorizedRWKeys' => { - 'default' => [ - '_appsListOrder', - '_oidcConnectedRP', - '_oidcConsents' - ], - 'type' => 'array' - }, - 'newLocationWarning' => { - 'default' => 0, - 'type' => 'bool' - }, - 'newLocationWarningLocationAttribute' => { - 'default' => 'ipAddr', - 'type' => 'text' - }, - 'newLocationWarningLocationDisplayAttribute' => { - 'default' => '', - 'type' => 'text' - }, - 'newLocationWarningMailAttribute' => { - 'type' => 'text' - }, - 'newLocationWarningMailBody' => { - 'type' => 'longtext' - }, - 'newLocationWarningMailSubject' => { - 'type' => 'text' - }, - 'newLocationWarningMaxValues' => { - 'default' => '0', - 'type' => 'int' - }, - 'nginxCustomHandlers' => { - 'keyTest' => qr/^\w+$/, - 'msgFail' => '__badPerlPackageName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/, - 'type' => 'keyTextContainer' - }, - 'noAjaxHook' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notification' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationDefaultCond' => { - 'default' => '', - 'type' => 'text' - }, - 'notificationServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationServerDELETE' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationServerGET' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationServerPOST' => { - 'default' => 1, - 'type' => 'bool' - }, - 'notificationServerSentAttributes' => { - 'default' => 'uid reference date title subtitle text check', - 'type' => 'text' - }, - 'notificationsExplorer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationsMaxRetrieve' => { - 'default' => 3, - 'type' => 'int' - }, - 'notificationStorage' => { - 'default' => 'File', - 'type' => 'PerlModule' - }, - 'notificationStorageOptions' => { - 'default' => { - 'dirName' => '/var/lib/lemonldap-ng/notifications' - }, - 'type' => 'keyTextContainer' - }, - 'notificationWildcard' => { - 'default' => 'allusers', - 'type' => 'text' - }, - 'notificationXSLTfile' => { - 'type' => 'text' - }, - 'notifyDeleted' => { - 'default' => 1, - 'type' => 'bool' - }, - 'notifyOther' => { - 'default' => 0, - 'type' => 'bool' - }, - 'nullAuthnLevel' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'oidcOPMetaDataExportedVars' => { - 'default' => { - 'cn' => 'name', - 'mail' => 'email', - 'sn' => 'family_name', - 'uid' => 'sub' - }, - 'type' => 'keyTextContainer' - }, - 'oidcOPMetaDataJSON' => { - 'keyTest' => sub { - 1; - }, - 'type' => 'file' - }, - 'oidcOPMetaDataJWKS' => { - 'keyTest' => sub { - 1; - }, - 'type' => 'file' - }, - 'oidcOPMetaDataNodes' => { - 'type' => 'oidcOPMetaDataNodeContainer' - }, - 'oidcOPMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'oidcOPMetaDataOptionsAcrValues' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsCheckJWTSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcOPMetaDataOptionsClientID' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsClientSecret' => { - 'type' => 'password' - }, - 'oidcOPMetaDataOptionsConfigurationURI' => { - 'type' => 'url' - }, - 'oidcOPMetaDataOptionsDisplay' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'page', - 'v' => 'page' - }, - { - 'k' => 'popup', - 'v' => 'popup' - }, - { - 'k' => 'touch', - 'v' => 'touch' - }, - { - 'k' => 'wap', - 'v' => 'wap' - } - ], - 'type' => 'select' - }, - 'oidcOPMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsIDTokenMaxAge' => { - 'default' => 30, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsJWKSTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsMaxAge' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsPrompt' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsResolutionRule' => { - 'default' => '', - 'type' => 'longtext' - }, - 'oidcOPMetaDataOptionsScope' => { - 'default' => 'openid profile', - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsSortNumber' => { - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsStoreIDToken' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => { - 'default' => 'client_secret_post', - 'select' => [ - { - 'k' => 'client_secret_post', - 'v' => 'client_secret_post' - }, - { - 'k' => 'client_secret_basic', - 'v' => 'client_secret_basic' - } - ], - 'type' => 'select' - }, - 'oidcOPMetaDataOptionsUiLocales' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsUseNonce' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcRPCallbackGetParam' => { - 'default' => 'openidconnectcallback', - 'type' => 'text' - }, - 'oidcRPMetaDataExportedVars' => { - 'default' => { - 'email' => 'mail', - 'family_name' => 'sn', - 'name' => 'cn' - }, - 'keyTest' => qr/\w/, - 'test' => qr/\w/, - 'type' => 'oidcAttributeContainer' - }, - 'oidcRPMetaDataMacros' => { - 'default' => {}, - 'test' => { - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'oidcRPMetaDataNodes' => { - 'type' => 'oidcRPMetaDataNodeContainer' - }, - 'oidcRPMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'oidcRPMetaDataOptionsAccessTokenClaims' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAccessTokenExpiration' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsAccessTokenJWT' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAccessTokenSignAlg' => { - 'default' => 'RS256', - 'select' => [ - { - 'k' => 'RS256', - 'v' => 'RS256' - }, - { - 'k' => 'RS384', - 'v' => 'RS384' - }, - { - 'k' => 'RS512', - 'v' => 'RS512' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataOptionsAdditionalAudiences' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsAllowClientCredentialsGrant' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAllowOffline' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAllowPasswordGrant' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAuthnLevel' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsAuthorizationCodeExpiration' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsBypassConsent' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsClientID' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsClientSecret' => { - 'type' => 'password' - }, - 'oidcRPMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsExtraClaims' => { - 'default' => {}, - 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, - 'type' => 'keyTextContainer' - }, - 'oidcRPMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsIDTokenExpiration' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsIDTokenForceClaims' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsIDTokenSignAlg' => { - 'default' => 'HS512', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'HS256', - 'v' => 'HS256' - }, - { - 'k' => 'HS384', - 'v' => 'HS384' - }, - { - 'k' => 'HS512', - 'v' => 'HS512' - }, - { - 'k' => 'RS256', - 'v' => 'RS256' - }, - { - 'k' => 'RS384', - 'v' => 'RS384' - }, - { - 'k' => 'RS512', - 'v' => 'RS512' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataOptionsLogoutBypassConfirm' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsLogoutSessionRequired' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsLogoutType' => { - 'default' => 'front', - 'select' => [ - { - 'k' => 'front', - 'v' => 'Front Channel' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataOptionsLogoutUrl' => { - 'type' => 'url' - }, - 'oidcRPMetaDataOptionsOfflineSessionExpiration' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsPostLogoutRedirectUris' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsPublic' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsRedirectUris' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsRefreshToken' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsRequirePKCE' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsUserIDAttr' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsUserInfoSignAlg' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => 'JSON' - }, - { - 'k' => 'none', - 'v' => 'JWT/None' - }, - { - 'k' => 'HS256', - 'v' => 'JWT/HS256' - }, - { - 'k' => 'HS384', - 'v' => 'JWT/HS384' - }, - { - 'k' => 'HS512', - 'v' => 'JWT/HS512' - }, - { - 'k' => 'RS256', - 'v' => 'JWT/RS256' - }, - { - 'k' => 'RS384', - 'v' => 'JWT/RS384' - }, - { - 'k' => 'RS512', - 'v' => 'JWT/RS512' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataScopeRules' => { - 'default' => {}, - 'test' => { - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'oidcRPStateTimeout' => { - 'default' => 600, - 'type' => 'int' - }, - 'oidcServiceAccessTokenExpiration' => { - 'default' => 3600, - 'type' => 'int' - }, - 'oidcServiceAllowAuthorizationCodeFlow' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcServiceAllowDynamicRegistration' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAllowHybridFlow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAllowImplicitFlow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAllowOnlyDeclaredScopes' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAuthorizationCodeExpiration' => { - 'default' => 60, - 'type' => 'int' - }, - 'oidcServiceDynamicRegistrationExportedVars' => { - 'type' => 'keyTextContainer' - }, - 'oidcServiceDynamicRegistrationExtraClaims' => { - 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, - 'type' => 'keyTextContainer' - }, - 'oidcServiceIDTokenExpiration' => { - 'default' => 3600, - 'type' => 'int' - }, - 'oidcServiceKeyIdSig' => { - 'type' => 'text' - }, - 'oidcServiceMetaDataAuthnContext' => { - 'default' => { - 'loa-1' => 1, - 'loa-2' => 2, - 'loa-3' => 3, - 'loa-4' => 4, - 'loa-5' => 5 - }, - 'keyTest' => qr/\w/, - 'type' => 'keyTextContainer' - }, - 'oidcServiceMetaDataAuthorizeURI' => { - 'default' => 'authorize', - 'type' => 'text' - }, - 'oidcServiceMetaDataBackChannelURI' => { - 'default' => 'blogout', - 'type' => 'text' - }, - 'oidcServiceMetaDataCheckSessionURI' => { - 'default' => 'checksession.html', - 'type' => 'text' - }, - 'oidcServiceMetaDataEndSessionURI' => { - 'default' => 'logout', - 'type' => 'text' - }, - 'oidcServiceMetaDataFrontChannelURI' => { - 'default' => 'flogout', - 'type' => 'text' - }, - 'oidcServiceMetaDataIntrospectionURI' => { - 'default' => 'introspect', - 'type' => 'text' - }, - 'oidcServiceMetaDataIssuer' => { - 'type' => 'text' - }, - 'oidcServiceMetaDataJWKSURI' => { - 'default' => 'jwks', - 'type' => 'text' - }, - 'oidcServiceMetaDataRegistrationURI' => { - 'default' => 'register', - 'type' => 'text' - }, - 'oidcServiceMetaDataTokenURI' => { - 'default' => 'token', - 'type' => 'text' - }, - 'oidcServiceMetaDataUserInfoURI' => { - 'default' => 'userinfo', - 'type' => 'text' - }, - 'oidcServiceOfflineSessionExpiration' => { - 'default' => 2592000, - 'type' => 'int' - }, - 'oidcServicePrivateKeySig' => { - 'type' => 'RSAPrivateKey' - }, - 'oidcServicePublicKeySig' => { - 'type' => 'RSAPublicKey' - }, - 'oidcStorage' => { - 'type' => 'PerlModule' - }, - 'oidcStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'oldNotifFormat' => { - 'default' => 0, - 'type' => 'bool' - }, - 'openIdAttr' => { - 'type' => 'text' - }, - 'openIdAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'openIdExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'openIdIDPList' => { - 'default' => '0;', - 'type' => 'blackWhiteList' - }, - 'openIdIssuerSecret' => { - 'type' => 'text' - }, - 'openIdSecret' => { - 'type' => 'text' - }, - 'openIdSPList' => { - 'default' => '0;', - 'type' => 'blackWhiteList' - }, - 'openIdSreg_country' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_dob' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_email' => { - 'default' => 'mail', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_fullname' => { - 'default' => 'cn', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_gender' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_language' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_nickname' => { - 'default' => 'uid', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_postcode' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_timezone' => { - 'default' => '_timezone', - 'type' => 'lmAttrOrMacro' - }, - 'pamAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'pamService' => { - 'default' => 'login', - 'type' => 'text' - }, - 'passwordDB' => { - 'default' => 'Demo', - 'select' => [ - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'Choice', - 'v' => 'authChoice' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Combination', - 'v' => 'combineMods' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'passwordPolicyActivation' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'passwordPolicyMinDigit' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicyMinLower' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicyMinSize' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicyMinSpeChar' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicyMinUpper' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicySpecialChar' => { - 'default' => '__ALL__', - 'test' => qr/^(?:__ALL__|[\S\W]*)$/, - 'type' => 'text' - }, - 'passwordResetAllowedRetries' => { - 'default' => 3, - 'type' => 'int' - }, - 'pdataDomain' => { - 'default' => '', - 'msgFail' => '__badDomainName__', - 'test' => qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, - 'type' => 'text' - }, - 'persistentSessionAttributes' => { - 'default' => '_loginHistory _2fDevices notification_', - 'type' => 'text' - }, - 'persistentStorage' => { - 'type' => 'PerlModule' - }, - 'persistentStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'port' => { - 'default' => -1, - 'type' => 'int' + { + 'k' => 'GitHub', + 'v' => 'GitHub' + }, + { + 'k' => 'GPG', + 'v' => 'GPG' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'LinkedIn', + 'v' => 'LinkedIn' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + [ { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demo' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + [ { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demo' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' }, - 'portal' => { - 'default' => 'http://auth.example.com/', - 'msgFail' => '__badUrl__', - 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'url' - }, - 'portalAntiFrame' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalCheckLogins' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalCustomCss' => { - 'type' => 'text' - }, - 'portalDisplayAppslist' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayCertificateResetByMail' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalDisplayChangePassword' => { - 'default' => '$_auth =~ /^(LDAP|DBI|Demo)$/', - 'type' => 'boolOrExpr' - }, - 'portalDisplayGeneratePassword' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalDisplayLoginHistory' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayLogout' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayOidcConsents' => { - 'default' => '$_oidcConsents && $_oidcConsents =~ /\\w+/', - 'type' => 'boolOrExpr' - }, - 'portalDisplayPasswordPolicy' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalDisplayRefreshMyRights' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalDisplayRegister' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalDisplayResetPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalEnablePasswordDisplay' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalErrorOnExpiredSession' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalErrorOnMailNotFound' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalFavicon' => { - 'default' => 'common/favicon.ico', - 'type' => 'text' - }, - 'portalForceAuthn' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalForceAuthnInterval' => { - 'default' => 5, - 'type' => 'int' - }, - 'portalMainLogo' => { - 'default' => 'common/logos/logo_llng_400px.png', - 'type' => 'text' - }, - 'portalOpenLinkInNewWindow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalPingInterval' => { - 'default' => 60000, - 'type' => 'int' - }, - 'portalRequireOldPassword' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalSkin' => { - 'default' => 'bootstrap', - 'select' => [ - { - 'k' => 'bootstrap', - 'v' => 'Bootstrap' - } - ], - 'type' => 'portalskin' - }, - 'portalSkinBackground' => { - 'select' => [ - { - 'k' => '', - 'v' => 'None' - }, - { - 'k' => '1280px-Anse_Source_d\'Argent_2-La_Digue.jpg', - 'v' => 'Anse' - }, - { - 'k' => '1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg', - 'v' => 'Waterfall' - }, - { - 'k' => '1280px-BrockenSnowedTrees.jpg', - 'v' => 'Snowed Trees' - }, - { - 'k' => '1280px-Cedar_Breaks_National_Monument_partially.jpg', - 'v' => 'National Monument' - }, - { - 'k' => '1280px-Parry_Peak_from_Winter_Park.jpg', - 'v' => 'Winter' - }, - { - 'k' => 'Aletschgletscher_mit_Pinus_cembra1.jpg', - 'v' => 'Pinus' - } - ], - 'type' => 'portalskinbackground' - }, - 'portalSkinRules' => { - 'keyMsgFail' => '__badSkinRule__', - 'keyTest' => sub { - return perlExpr(@_); - }, - 'msgFail' => '__badValue__', - 'test' => qr/^\w+$/, - 'type' => 'keyTextContainer' - }, - 'portalStatus' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalUserAttr' => { - 'default' => '_user', - 'type' => 'text' - }, - 'post' => { - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^\S+$/, - 'test' => sub { - 1; - }, - 'type' => 'postContainer' + { + 'k' => 'Null', + 'v' => 'None' }, - 'protection' => { - 'msgFail' => '__authorizedValues__: none authenticate manager', - 'test' => qr/^(?:none|authenticate|manager|)$/, - 'type' => 'text' - }, - 'proxyAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'proxyAuthService' => { - 'type' => 'text' - }, - 'proxyAuthServiceChoiceParam' => { - 'default' => 'lmAuth', - 'type' => 'text' - }, - 'proxyAuthServiceChoiceValue' => { - 'type' => 'text' - }, - 'proxyAuthServiceImpersonation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'proxyCookieName' => { - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'proxySessionService' => { - 'type' => 'text' - }, - 'proxyUseSoap' => { - 'default' => 0, - 'type' => 'bool' - }, - 'radius2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'radius2fAuthnLevel' => { - 'type' => 'int' - }, - 'radius2fLabel' => { - 'type' => 'text' - }, - 'radius2fLogo' => { - 'type' => 'text' - }, - 'radius2fSecret' => { - 'type' => 'text' - }, - 'radius2fServer' => { - 'type' => 'text' - }, - 'radius2fTimeout' => { - 'default' => 20, - 'type' => 'int' - }, - 'radius2fUsernameSessionKey' => { - 'type' => 'text' - }, - 'radiusAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'radiusSecret' => { - 'type' => 'text' - }, - 'radiusServer' => { - 'type' => 'text' - }, - 'randomPasswordRegexp' => { - 'default' => '[A-Z]{3}[a-z]{5}.\\d{2}', - 'type' => 'pcre' - }, - 'redirectFormMethod' => { - 'default' => 'get', - 'select' => [ - { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'refreshSessions' => { - 'type' => 'bool' - }, - 'registerConfirmBody' => { - 'type' => 'longtext' - }, - 'registerConfirmSubject' => { - 'type' => 'text' - }, - 'registerDB' => { - 'default' => 'Null', - 'select' => [ - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'registerDoneBody' => { - 'type' => 'longtext' - }, - 'registerDoneSubject' => { - 'type' => 'text' - }, - 'registerTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'registerUrl' => { - 'default' => 'http://auth.example.com/register', - 'type' => 'text' - }, - 'reloadTimeout' => { - 'default' => 5, - 'type' => 'int' - }, - 'reloadUrls' => { - 'keyTest' => qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$/, - 'msgFail' => '__badUrl__', - 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'keyTextContainer' - }, - 'rememberAuthChoiceRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'rememberCookieName' => { - 'default' => 'llngrememberauthchoice', - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'rememberCookieTimeout' => { - 'default' => 31536000, - 'type' => 'int' - }, - 'rememberDefaultChecked' => { - 'default' => 0, - 'type' => 'bool' - }, - 'rememberTimer' => { - 'default' => 5, - 'type' => 'int' - }, - 'remoteCookieName' => { - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'remoteGlobalStorage' => { - 'default' => 'Lemonldap::NG::Common::Apache::Session::SOAP', - 'type' => 'PerlModule' - }, - 'remoteGlobalStorageOptions' => { - 'default' => { - 'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', - 'proxy' => 'http://auth.example.com/sessions' - }, - 'type' => 'keyTextContainer' - }, - 'remotePortal' => { - 'type' => 'text' - }, - 'requireToken' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'rest2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'rest2fAuthnLevel' => { - 'type' => 'int' - }, - 'rest2fCodeActivation' => { - 'type' => 'pcre' - }, - 'rest2fInitArgs' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/^\w+$/, - 'msgFail' => '__badValue__', - 'test' => qr/^\w+$/, - 'type' => 'keyTextContainer' - }, - 'rest2fInitUrl' => { - 'type' => 'url' - }, - 'rest2fLabel' => { - 'type' => 'text' - }, - 'rest2fLogo' => { - 'type' => 'text' - }, - 'rest2fResendInterval' => { - 'type' => 'text' - }, - 'rest2fVerifyArgs' => { - 'type' => 'keyTextContainer' - }, - 'rest2fVerifyUrl' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/^\w+$/, - 'msgFail' => '__badValue__', - 'test' => qr/^\w+$/, - 'type' => 'url' - }, - 'restAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'restAuthServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restAuthUrl' => { - 'type' => 'url' - }, - 'restClockTolerance' => { - 'default' => 15, - 'type' => 'int' - }, - 'restConfigServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restExportSecretKeys' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restFindUserDBUrl' => { - 'type' => 'url' - }, - 'restPasswordServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restPwdConfirmUrl' => { - 'type' => 'url' - }, - 'restPwdModifyUrl' => { - 'type' => 'url' - }, - 'restSessionServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restUserDBUrl' => { - 'type' => 'url' - }, - 'sameSite' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'Strict', - 'v' => 'Strict' - }, - { - 'k' => 'Lax', - 'v' => 'Lax' - }, - { - 'k' => 'None', - 'v' => 'None' - } - ], - 'type' => 'select' - }, - 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', - 'type' => 'samlService' - }, - 'samlAuthnContextMapKerberos' => { - 'default' => 4, - 'type' => 'int' - }, - 'samlAuthnContextMapPassword' => { - 'default' => 2, - 'type' => 'int' - }, - 'samlAuthnContextMapPasswordProtectedTransport' => { - 'default' => 3, - 'type' => 'int' - }, - 'samlAuthnContextMapTLSClient' => { - 'default' => 5, - 'type' => 'int' - }, - 'samlCommonDomainCookieActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlCommonDomainCookieDomain' => { - 'msgFail' => '__badDomainName__', - 'test' => qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/, - 'type' => 'text' - }, - 'samlCommonDomainCookieReader' => { - 'msgFail' => '__badUrl__', - 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'text' - }, - 'samlCommonDomainCookieWriter' => { - 'msgFail' => '__badUrl__', - 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'text' - }, - 'samlDiscoveryProtocolActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlDiscoveryProtocolIsPassive' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlDiscoveryProtocolPolicy' => { - 'type' => 'text' - }, - 'samlDiscoveryProtocolURL' => { - 'msgFail' => '__badUrl__', - 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'text' - }, - 'samlEntityID' => { - 'default' => '#PORTAL#/saml/metadata', - 'type' => 'text' - }, - 'samlIDPMetaDataExportedAttributes' => { - 'default' => {}, - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, - 'msgFail' => '__badValue__', - 'test' => qr/\w/, - 'type' => 'samlAttributeContainer' - }, - 'samlIDPMetaDataNodes' => { - 'type' => 'samlIDPMetaDataNodeContainer' - }, - 'samlIDPMetaDataOptions' => { - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, - 'type' => 'keyTextContainer' - }, - 'samlIDPMetaDataOptionsAdaptSessionUtime' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsAllowLoginFromIDP' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsAllowProxiedAuthn' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckAudience' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckTime' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'samlIDPMetaDataOptionsEncryptionMode' => { - 'default' => 'none', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'nameid', - 'v' => 'Name ID' - }, - { - 'k' => 'assertion', - 'v' => 'Assertion' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsForceAuthn' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsForceUTF8' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'samlIDPMetaDataOptionsIsPassive' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsNameIDFormat' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'unspecified', - 'v' => 'Unspecified' - }, - { - 'k' => 'email', - 'v' => 'Email' - }, - { - 'k' => 'x509', - 'v' => 'X509 certificate' - }, - { - 'k' => 'windows', - 'v' => 'Windows' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'entity', - 'v' => 'Entity' - }, - { - 'k' => 'persistent', - 'v' => 'Persistent' - }, - { - 'k' => 'transient', - 'v' => 'Transient' - }, - { - 'k' => 'encrypted', - 'v' => 'Encrypted' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsRelayStateURL' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsRequestedAuthnContext' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'password-protected-transport', - 'v' => 'Password protected transport' - }, - { - 'k' => 'password', - 'v' => 'Password' - }, - { - 'k' => 'tls-client', - 'v' => 'TLS client certificate' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsResolutionRule' => { - 'default' => '', - 'type' => 'longtext' - }, - 'samlIDPMetaDataOptionsSignatureMethod' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => 'default' - }, - { - 'k' => 'RSA_SHA1', - 'v' => 'RSA SHA1' - }, - { - 'k' => 'RSA_SHA256', - 'v' => 'RSA SHA256' - }, - { - 'k' => 'RSA_SHA384', - 'v' => 'RSA SHA384' - }, - { - 'k' => 'RSA_SHA512', - 'v' => 'RSA SHA512' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsSignSLOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlIDPMetaDataOptionsSignSSOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlIDPMetaDataOptionsSLOBinding' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'http-post', - 'v' => 'POST' - }, - { - 'k' => 'http-redirect', - 'v' => 'Redirect' - }, - { - 'k' => 'http-soap', - 'v' => 'SOAP' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsSortNumber' => { - 'type' => 'int' - }, - 'samlIDPMetaDataOptionsSSOBinding' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'http-post', - 'v' => 'POST' - }, - { - 'k' => 'http-redirect', - 'v' => 'Redirect' - }, - { - 'k' => 'artifact-get', - 'v' => 'Artifact GET' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsStoreSAMLToken' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsUserAttribute' => { - 'type' => 'text' - }, - 'samlIDPMetaDataXML' => { - 'test' => sub { - my $v = shift(); - return 1 unless $v and %$v; - my @msg; - my $res = 1; - my %entityIds; - foreach my $idpId (keys %$v) { - unless ($v->{$idpId}{'samlIDPMetaDataXML'} =~ /entityID="(.+?)"/is) { - push @msg, "$idpId SAML metadata has no EntityID"; - $res = 0; - next; - } - my $eid = $1; - if (defined $entityIds{$eid}) { - push @msg, "$idpId and $entityIds{$eid} have the same SAML EntityID"; - $res = 0; - next; - } - $entityIds{$eid} = $idpId; - } - return $res, join(', ', @msg); - }, - 'type' => 'file' - }, - 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => { - 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'type' => 'samlAssertion' - }, - 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorWantAuthnRequestsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlMetadataForceUTF8' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlNameIDFormatMapEmail' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'samlNameIDFormatMapKerberos' => { - 'default' => 'uid', - 'type' => 'text' - }, - 'samlNameIDFormatMapWindows' => { - 'default' => 'uid', - 'type' => 'text' - }, - 'samlNameIDFormatMapX509' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'samlOrganizationDisplayName' => { - 'default' => 'Example', - 'type' => 'text' - }, - 'samlOrganizationName' => { - 'default' => 'Example', - 'type' => 'text' - }, - 'samlOrganizationURL' => { - 'default' => 'http://www.example.com', - 'type' => 'text' - }, - 'samlOverrideIDPEntityID' => { - 'default' => '', - 'type' => 'text' - }, - 'samlRelayStateTimeout' => { - 'default' => 600, - 'type' => 'int' - }, - 'samlServicePrivateKeyEnc' => { - 'default' => '', - 'type' => 'RSAPrivateKey' - }, - 'samlServicePrivateKeyEncPwd' => { - 'type' => 'password' - }, - 'samlServicePrivateKeySig' => { - 'default' => '', - 'type' => 'RSAPrivateKey' - }, - 'samlServicePrivateKeySigPwd' => { - 'default' => '', - 'type' => 'password' - }, - 'samlServicePublicKeyEnc' => { - 'default' => '', - 'type' => 'RSAPublicKeyOrCertificate' - }, - 'samlServicePublicKeySig' => { - 'default' => '', - 'type' => 'RSAPublicKeyOrCertificate' - }, - 'samlServiceSignatureMethod' => { - 'default' => 'RSA_SHA256', - 'select' => [ - { - 'k' => 'RSA_SHA1', - 'v' => 'RSA SHA1' - }, - { - 'k' => 'RSA_SHA256', - 'v' => 'RSA SHA256' - }, - { - 'k' => 'RSA_SHA384', - 'v' => 'RSA SHA384' - }, - { - 'k' => 'RSA_SHA512', - 'v' => 'RSA SHA512' - } - ], - 'type' => 'select' - }, - 'samlServiceUseCertificateInResponse' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataExportedAttributes' => { - 'default' => {}, - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, - 'msgFail' => '__badValue__', - 'test' => qr/\w/, - 'type' => 'samlAttributeContainer' - }, - 'samlSPMetaDataMacros' => { - 'default' => {}, - 'test' => { - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'samlSPMetaDataNodes' => { - 'type' => 'samlSPMetaDataNodeContainer' - }, - 'samlSPMetaDataOptions' => { - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, - 'type' => 'keyTextContainer' - }, - 'samlSPMetaDataOptionsAuthnLevel' => { - 'type' => 'int' - }, - 'samlSPMetaDataOptionsCheckSLOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsCheckSSOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsEncryptionMode' => { - 'default' => 'none', - 'select' => [ - { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'nameid', - 'v' => 'Name ID' - }, - { - 'k' => 'assertion', - 'v' => 'Assertion' - } - ], - 'type' => 'select' - }, - 'samlSPMetaDataOptionsForceUTF8' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsNameIDFormat' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'unspecified', - 'v' => 'Unspecified' - }, - { - 'k' => 'email', - 'v' => 'Email' - }, - { - 'k' => 'x509', - 'v' => 'X509 certificate' - }, - { - 'k' => 'windows', - 'v' => 'Windows' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'entity', - 'v' => 'Entity' - }, - { - 'k' => 'persistent', - 'v' => 'Persistent' - }, - { - 'k' => 'transient', - 'v' => 'Transient' - }, - { - 'k' => 'encrypted', - 'v' => 'Encrypted' - } - ], - 'type' => 'select' - }, - 'samlSPMetaDataOptionsNameIDSessionKey' => { - 'type' => 'text' - }, - 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => { - 'default' => 72000, - 'type' => 'int' - }, - 'samlSPMetaDataOptionsOneTimeUse' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => { - 'default' => 72000, - 'type' => 'int' - }, - 'samlSPMetaDataOptionsSignatureMethod' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => 'default' - }, - { - 'k' => 'RSA_SHA1', - 'v' => 'RSA SHA1' - }, - { - 'k' => 'RSA_SHA256', - 'v' => 'RSA SHA256' - }, - { - 'k' => 'RSA_SHA384', - 'v' => 'RSA SHA384' - }, - { - 'k' => 'RSA_SHA512', - 'v' => 'RSA SHA512' - } - ], - 'type' => 'select' - }, - 'samlSPMetaDataOptionsSignSLOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlSPMetaDataOptionsSignSSOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlSPMetaDataXML' => { - 'type' => 'file' - }, - 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => { - 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => { - 'default' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => { - 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAuthnRequestsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorSingleLogoutServiceSOAP' => { - 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorWantAssertionsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlStorage' => { - 'type' => 'PerlModule' - }, - 'samlStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'samlUseQueryStringSpecific' => { - 'default' => 0, - 'type' => 'bool' - }, - 'scrollTop' => { - 'default' => 400, - 'type' => 'int' - }, - 'securedCookie' => { - 'default' => 0, - 'select' => [ - { - 'k' => '0', - 'v' => 'unsecuredCookie' - }, - { - 'k' => '1', - 'v' => 'securedCookie' - }, - { - 'k' => '2', - 'v' => 'doubleCookie' - }, - { - 'k' => '3', - 'v' => 'doubleCookieForSingleSession' - } - ], - 'type' => 'select' - }, - 'secureTokenAllowOnError' => { - 'type' => 'text' - }, - 'secureTokenAttribute' => { - 'type' => 'text' - }, - 'secureTokenExpiration' => { - 'type' => 'text' - }, - 'secureTokenHeader' => { - 'type' => 'text' - }, - 'secureTokenMemcachedServers' => { - 'type' => 'text' - }, - 'secureTokenUrls' => { - 'type' => 'text' - }, - 'sentryDsn' => { - 'type' => 'text' - }, - 'sessionDataToRemember' => { - 'keyMsgFail' => '__invalidSessionData__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'type' => 'keyTextContainer' - }, - 'sfEngine' => { - 'default' => '::2F::Engines::Default', - 'type' => 'text' - }, - 'sfExtra' => { - 'keyTest' => qr/^\w+$/, - 'select' => [ - { - 'k' => 'Mail2F', - 'v' => 'E-Mail' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Ext2F', - 'v' => 'External' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - } - ], - 'test' => sub { - 1; - }, - 'type' => 'sfExtraContainer' - }, - 'sfLoginTimeout' => { - 'type' => 'int' - }, - 'sfManagerRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'sfOnlyUpgrade' => { - 'type' => 'bool' - }, - 'sfRegisterTimeout' => { - 'type' => 'int' - }, - 'sfRemovedMsgRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'sfRemovedNotifMsg' => { - 'default' => '_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', - 'type' => 'text' - }, - 'sfRemovedNotifRef' => { - 'default' => 'RemoveSF', - 'type' => 'text' - }, - 'sfRemovedNotifTitle' => { - 'default' => 'Second factor notification', - 'type' => 'text' - }, - 'sfRemovedUseNotif' => { - 'default' => 0, - 'type' => 'bool' - }, - 'sfRequired' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'showLanguages' => { - 'default' => 1, - 'type' => 'bool' - }, - 'singleIP' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'singleSession' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'singleUserByIP' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'skipRenewConfirmation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'skipUpgradeConfirmation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'slaveAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'slaveDisplayLogo' => { - 'default' => 0, - 'type' => 'bool' - }, - 'slaveExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'slaveHeaderContent' => { - 'type' => 'text' - }, - 'slaveHeaderName' => { - 'type' => 'text' - }, - 'slaveMasterIP' => { - 'msgFail' => '__badIPv4Address__', - 'test' => qr/^((?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)\s*)*$/, - 'type' => 'text' - }, - 'slaveUserHeader' => { - 'type' => 'text' - }, - 'SMTPAuthPass' => { - 'type' => 'password' - }, - 'SMTPAuthUser' => { - 'type' => 'text' - }, - 'SMTPPort' => { - 'type' => 'int' - }, - 'SMTPServer' => { - 'default' => '', - 'test' => qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/, - 'type' => 'text' - }, - 'SMTPTLS' => { - 'default' => '', - 'select' => [ - { - 'k' => '', - 'v' => 'none' - }, - { - 'k' => 'starttls', - 'v' => 'SMTP + STARTTLS' - }, - { - 'k' => 'ssl', - 'v' => 'SMTPS' - } - ], - 'type' => 'select' - }, - 'SMTPTLSOpts' => { - 'type' => 'keyTextContainer' - }, - 'soapConfigServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'soapProxyUrn' => { - 'default' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService', - 'type' => 'text' - }, - 'soapSessionServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'SSLAuthnLevel' => { - 'default' => 5, - 'type' => 'int' - }, - 'sslByAjax' => { - 'default' => 0, - 'type' => 'bool' - }, - 'sslHost' => { - 'type' => 'url' - }, - 'SSLVar' => { - 'default' => 'SSL_CLIENT_S_DN_Email', - 'type' => 'text' - }, - 'SSLVarIf' => { - 'default' => {}, - 'keyTest' => sub { - 1; - }, - 'type' => 'keyTextContainer' - }, - 'staticPrefix' => { - 'type' => 'text' - }, - 'status' => { - 'type' => 'bool' - }, - 'stayConnected' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'stayConnectedBypassFG' => { - 'default' => 0, - 'type' => 'bool' - }, - 'stayConnectedCookieName' => { - 'default' => 'llngconnection', - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'stayConnectedTimeout' => { - 'default' => 2592000, - 'type' => 'int' - }, - 'storePassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'successLoginNumber' => { - 'default' => 5, - 'type' => 'int' - }, - 'syslogFacility' => { - 'type' => 'text' - }, - 'timeout' => { - 'default' => 72000, - 'test' => sub { - $_[0] > 0; - }, - 'type' => 'int' - }, - 'timeoutActivity' => { - 'default' => 0, - 'test' => sub { - $_[0] >= 0; - }, - 'type' => 'int' - }, - 'timeoutActivityInterval' => { - 'default' => 60, - 'test' => sub { - $_[0] >= 0; - }, - 'type' => 'int' - }, - 'tokenUseGlobalStorage' => { - 'default' => 0, - 'type' => 'bool' - }, - 'totp2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'totp2fAuthnLevel' => { - 'type' => 'int' - }, - 'totp2fDigits' => { - 'default' => 6, - 'type' => 'int' - }, - 'totp2fEncryptSecret' => { - 'default' => 0, - 'type' => 'bool' - }, - 'totp2fInterval' => { - 'default' => 30, - 'type' => 'int' - }, - 'totp2fIssuer' => { - 'type' => 'text' - }, - 'totp2fLabel' => { - 'type' => 'text' - }, - 'totp2fLogo' => { - 'type' => 'text' - }, - 'totp2fRange' => { - 'default' => 1, - 'type' => 'int' - }, - 'totp2fSelfRegistration' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'totp2fTTL' => { - 'type' => 'int' - }, - 'totp2fUserCanRemoveKey' => { - 'default' => 1, - 'type' => 'bool' - }, - 'trustedDomains' => { - 'type' => 'text' - }, - 'twitterAppName' => { - 'type' => 'text' - }, - 'twitterAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'twitterKey' => { - 'type' => 'text' - }, - 'twitterSecret' => { - 'type' => 'text' - }, - 'twitterUserField' => { - 'default' => 'screen_name', - 'type' => 'text' - }, - 'u2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'u2fAuthnLevel' => { - 'type' => 'int' - }, - 'u2fLabel' => { - 'type' => 'text' - }, - 'u2fLogo' => { - 'type' => 'text' - }, - 'u2fSelfRegistration' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'u2fTTL' => { - 'type' => 'int' - }, - 'u2fUserCanRemoveKey' => { - 'default' => 1, - 'type' => 'bool' - }, - 'upgradeSession' => { - 'default' => 1, - 'type' => 'bool' - }, - 'userControl' => { - 'default' => '^[\\w\\.\\-@]+$', - 'type' => 'pcre' - }, - 'userDB' => { - 'default' => 'Same', - 'select' => [ - { - 'k' => 'Same', - 'v' => 'Same' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'useRedirectOnError' => { - 'default' => 1, - 'type' => 'bool' - }, - 'useRedirectOnForbidden' => { - 'default' => 0, - 'type' => 'bool' - }, - 'userLogger' => { - 'type' => 'text' - }, - 'userPivot' => { - 'type' => 'text' - }, - 'userSyslogFacility' => { - 'type' => 'text' - }, - 'useSafeJail' => { - 'default' => 1, - 'type' => 'bool' - }, - 'utotp2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'utotp2fAuthnLevel' => { - 'type' => 'int' - }, - 'utotp2fLabel' => { - 'type' => 'text' - }, - 'utotp2fLogo' => { - 'type' => 'text' - }, - 'vhostAccessToTrace' => { - 'default' => '', - 'type' => 'text' - }, - 'vhostAliases' => { - 'default' => '', - 'type' => 'text' - }, - 'vhostAuthnLevel' => { - 'type' => 'int' - }, - 'vhostDevOpsRulesUrl' => { - 'type' => 'url' - }, - 'vhostHttps' => { - 'default' => -1, - 'type' => 'trool' - }, - 'vhostMaintenance' => { - 'default' => 0, - 'type' => 'bool' - }, - 'vhostOptions' => { - 'type' => 'subContainer' - }, - 'vhostPort' => { - 'default' => -1, - 'type' => 'int' - }, - 'vhostServiceTokenTTL' => { - 'default' => -1, - 'type' => 'int' - }, - 'vhostType' => { - 'default' => 'Main', - 'select' => [ - { - 'k' => 'AuthBasic', - 'v' => 'AuthBasic' - }, - { - 'k' => 'CDA', - 'v' => 'CDA' - }, - { - 'k' => 'DevOps', - 'v' => 'DevOps' - }, - { - 'k' => 'DevOpsST', - 'v' => 'DevOpsST' - }, - { - 'k' => 'Main', - 'v' => 'Main' - }, - { - 'k' => 'OAuth2', - 'v' => 'OAuth2' - }, - { - 'k' => 'SecureToken', - 'v' => 'SecureToken' - }, - { - 'k' => 'ServiceToken', - 'v' => 'ServiceToken' - }, - { - 'k' => 'ZimbraPreAuth', - 'v' => 'ZimbraPreAuth' - } - ], - 'type' => 'select' - }, - 'viewerAllowBrowser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'viewerAllowDiff' => { - 'default' => 0, - 'type' => 'bool' - }, - 'viewerHiddenKeys' => { - 'default' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes', - 'type' => 'text' - }, - 'virtualHosts' => { - 'type' => 'virtualHostContainer' - }, - 'webauthn2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'webauthn2fAuthnLevel' => { - 'type' => 'int' - }, - 'webauthn2fLabel' => { - 'type' => 'text' - }, - 'webauthn2fLogo' => { - 'type' => 'text' - }, - 'webauthn2fSelfRegistration' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'webauthn2fUserCanRemoveKey' => { - 'default' => 1, - 'type' => 'bool' - }, - 'webauthn2fUserVerification' => { - 'default' => 'preferred', - 'select' => [ - { - 'k' => 'discouraged', - 'v' => 'Discouraged' - }, - { - 'k' => 'preferred', - 'v' => 'Preferred' - }, - { - 'k' => 'required', - 'v' => 'Required' - } - ], - 'type' => 'select' - }, - 'webauthnDisplayNameAttr' => { - 'type' => 'text' - }, - 'webauthnRpName' => { - 'type' => 'text' - }, - 'webIDAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'webIDExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'webIDWhitelist' => { - 'type' => 'text' - }, - 'whatToTrace' => { - 'default' => 'uid', - 'type' => 'lmAttrOrMacro' - }, - 'wsdlServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'yubikey2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'yubikey2fAuthnLevel' => { - 'type' => 'int' - }, - 'yubikey2fClientID' => { - 'type' => 'text' - }, - 'yubikey2fFromSessionAttribute' => { - 'type' => 'text' - }, - 'yubikey2fLabel' => { - 'type' => 'text' - }, - 'yubikey2fLogo' => { - 'type' => 'text' - }, - 'yubikey2fNonce' => { - 'type' => 'text' - }, - 'yubikey2fPublicIDSize' => { - 'default' => 12, - 'type' => 'int' - }, - 'yubikey2fSecretKey' => { - 'type' => 'text' - }, - 'yubikey2fSelfRegistration' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'yubikey2fTTL' => { - 'type' => 'int' - }, - 'yubikey2fUrl' => { - 'type' => 'text' - }, - 'yubikey2fUserCanRemoveKey' => { - 'default' => 1, - 'type' => 'bool' - }, - 'zimbraAccountKey' => { - 'type' => 'text' - }, - 'zimbraBy' => { - 'type' => 'text' - }, - 'zimbraPreAuthKey' => { - 'type' => 'text' - }, - 'zimbraSsoUrl' => { - 'type' => 'text' - }, - 'zimbraUrl' => { - 'type' => 'text' - } - }; + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ] + ], + 'test' => sub { + 1; + }, + 'type' => 'authChoiceContainer' + }, + 'authChoiceParam' => { + 'default' => 'lmAuth', + 'type' => 'text' + }, + 'authentication' => { + 'default' => 'Demo', + 'select' => [ { + 'k' => 'Apache', + 'v' => 'Apache' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'GitHub', + 'v' => 'GitHub' + }, + { + 'k' => 'GPG', + 'v' => 'GPG' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'LinkedIn', + 'v' => 'LinkedIn' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'Choice', + 'v' => 'authChoice' + }, + { + 'k' => 'Combination', + 'v' => 'combineMods' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'AuthLDAPFilter' => { + 'type' => 'text' + }, + 'autoSigninRules' => { + 'type' => 'keyTextContainer' + }, + 'available2F' => { + 'default' => + 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius', + 'type' => 'text' + }, + 'available2FSelfRegistration' => { + 'default' => 'TOTP,U2F,WebAuthn,Yubikey', + 'type' => 'text' + }, + 'avoidAssignment' => { + 'default' => 0, + 'type' => 'bool' + }, + 'browsersDontStorePassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'bruteForceProtection' => { + 'default' => 0, + 'type' => 'bool' + }, + 'bruteForceProtectionIncrementalTempo' => { + 'default' => 0, + 'type' => 'bool' + }, + 'bruteForceProtectionLockTimes' => { + 'default' => '15, 30, 60, 300, 600', + 'type' => 'text' + }, + 'bruteForceProtectionMaxAge' => { + 'default' => 300, + 'type' => 'int' + }, + 'bruteForceProtectionMaxFailed' => { + 'default' => 3, + 'type' => 'int' + }, + 'bruteForceProtectionMaxLockTime' => { + 'default' => 900, + 'type' => 'int' + }, + 'bruteForceProtectionTempo' => { + 'default' => 30, + 'type' => 'int' + }, + 'captcha' => { + 'type' => 'PerlModule' + }, + 'captcha_login_enabled' => { + 'default' => 0, + 'type' => 'bool' + }, + 'captcha_mail_enabled' => { + 'default' => 1, + 'type' => 'bool' + }, + 'captcha_register_enabled' => { + 'default' => 1, + 'type' => 'bool' + }, + 'captcha_size' => { + 'default' => 6, + 'type' => 'int' + }, + 'captchaOptions' => { + 'type' => 'keyTextContainer' + }, + 'casAccessControlPolicy' => { + 'default' => 'none', + 'select' => [ { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'error', + 'v' => 'Display error on portal' + }, + { + 'k' => 'faketicket', + 'v' => 'Send a fake service ticket' + } + ], + 'type' => 'select' + }, + 'casAppMetaDataExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'type' => 'keyTextContainer' + }, + 'casAppMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'casAppMetaDataNodes' => { + 'type' => 'casAppMetaDataNodeContainer' + }, + 'casAppMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'casAppMetaDataOptionsAuthnLevel' => { + 'type' => 'int' + }, + 'casAppMetaDataOptionsRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'casAppMetaDataOptionsService' => { + 'type' => 'text' + }, + 'casAppMetaDataOptionsUserAttribute' => { + 'type' => 'text' + }, + 'casAttr' => { + 'type' => 'text' + }, + 'casAttributes' => { + 'type' => 'keyTextContainer' + }, + 'casAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'casSrvMetaDataExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'type' => 'keyTextContainer' + }, + 'casSrvMetaDataNodes' => { + 'type' => 'casSrvMetaDataNodeContainer' + }, + 'casSrvMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'casSrvMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'casSrvMetaDataOptionsGateway' => { + 'default' => 0, + 'type' => 'bool' + }, + 'casSrvMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'casSrvMetaDataOptionsProxiedServices' => { + 'keyMsgFail' => '__badCasProxyId__', + 'keyTest' => qr/^\w/, + 'type' => 'keyTextContainer' + }, + 'casSrvMetaDataOptionsRenew' => { + 'default' => 0, + 'type' => 'bool' + }, + 'casSrvMetaDataOptionsResolutionRule' => { + 'default' => '', + 'type' => 'longtext' + }, + 'casSrvMetaDataOptionsSortNumber' => { + 'type' => 'int' + }, + 'casSrvMetaDataOptionsUrl' => { + 'msgFail' => '__badUrl__', + 'test' => +qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'text' + }, + 'casStorage' => { + 'type' => 'PerlModule' + }, + 'casStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'casStrictMatching' => { + 'default' => 0, + 'type' => 'bool' + }, + 'casTicketExpiration' => { + 'default' => 0, + 'type' => 'int' + }, + 'cda' => { + 'default' => 0, + 'type' => 'bool' + }, + 'certificateResetByMailCeaAttribute' => { + 'default' => 'description', + 'type' => 'text' + }, + 'certificateResetByMailCertificateAttribute' => { + 'default' => 'userCertificate;binary', + 'type' => 'text' + }, + 'certificateResetByMailStep1Body' => { + 'type' => 'longtext' + }, + 'certificateResetByMailStep1Subject' => { + 'type' => 'text' + }, + 'certificateResetByMailStep2Body' => { + 'type' => 'longtext' + }, + 'certificateResetByMailStep2Subject' => { + 'type' => 'text' + }, + 'certificateResetByMailURL' => { + 'default' => 'http://auth.example.com/certificateReset', + 'type' => 'url' + }, + 'certificateResetByMailValidityDelay' => { + 'default' => 0, + 'type' => 'int' + }, + 'cfgAuthor' => { + 'type' => 'text' + }, + 'cfgAuthorIP' => { + 'type' => 'text' + }, + 'cfgDate' => { + 'type' => 'int' + }, + 'cfgLog' => { + 'type' => 'longtext' + }, + 'cfgNum' => { + 'default' => 0, + 'type' => 'int' + }, + 'cfgVersion' => { + 'type' => 'text' + }, + 'checkDevOps' => { + 'default' => 0, + 'type' => 'bool' + }, + 'checkDevOpsCheckSessionAttributes' => { + 'default' => 1, + 'type' => 'bool' + }, + 'checkDevOpsDisplayNormalizedHeaders' => { + 'default' => 1, + 'type' => 'bool' + }, + 'checkDevOpsDownload' => { + 'default' => 1, + 'type' => 'bool' + }, + 'checkState' => { + 'default' => 0, + 'type' => 'bool' + }, + 'checkStateSecret' => { + 'type' => 'text' + }, + 'checkTime' => { + 'default' => 600, + 'type' => 'int' + }, + 'checkUser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'checkUserDisplayComputedSession' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayEmptyHeaders' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayEmptyValues' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayHiddenAttributes' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayHistory' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayNormalizedHeaders' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayPersistentInfo' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserHiddenAttributes' => { + 'default' => '_loginHistory, _session_id, hGroups', + 'type' => 'text' + }, + 'checkUserHiddenHeaders' => { + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^\S+$/, + 'test' => { + 'keyMsgFail' => '__badHeaderName__', + 'keyTest' => qr/^(?=[^\-])[\w\-\s]+(?<=[^-])$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'checkUserIdRule' => { + 'default' => 1, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'checkUserSearchAttributes' => { + 'type' => 'text' + }, + 'checkUserUnrestrictedUsersRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'checkXSS' => { + 'default' => 1, + 'type' => 'bool' + }, + 'combination' => { + 'type' => 'text' + }, + 'combModules' => { + 'keyTest' => qr/^\w+$/, + 'select' => [ { + 'k' => 'Apache', + 'v' => 'Apache' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'GitHub', + 'v' => 'GitHub' + }, + { + 'k' => 'GPG', + 'v' => 'GPG' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'LinkedIn', + 'v' => 'LinkedIn' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'test' => sub { + 1; + }, + 'type' => 'cmbModuleContainer' + }, + 'compactConf' => { + 'default' => 0, + 'type' => 'bool' + }, + 'configStorage' => { + 'type' => 'text' + }, + 'confirmFormMethod' => { + 'default' => 'post', + 'select' => [ { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'contextSwitchingAllowed2fModifications' => { + 'default' => 0, + 'type' => 'bool' + }, + 'contextSwitchingIdRule' => { + 'default' => 1, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'contextSwitchingPrefix' => { + 'default' => 'switching', + 'type' => 'text' + }, + 'contextSwitchingRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'contextSwitchingStopWithLogout' => { + 'default' => 1, + 'type' => 'bool' + }, + 'contextSwitchingUnrestrictedUsersRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'cookieExpiration' => { + 'type' => 'int' + }, + 'cookieName' => { + 'default' => 'lemonldap', + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'corsAllow_Credentials' => { + 'default' => 'true', + 'type' => 'text' + }, + 'corsAllow_Headers' => { + 'default' => '*', + 'type' => 'text' + }, + 'corsAllow_Methods' => { + 'default' => 'POST,GET', + 'type' => 'text' + }, + 'corsAllow_Origin' => { + 'default' => '*', + 'type' => 'text' + }, + 'corsEnabled' => { + 'default' => 1, + 'type' => 'bool' + }, + 'corsExpose_Headers' => { + 'default' => '*', + 'type' => 'text' + }, + 'corsMax_Age' => { + 'default' => '86400', + 'type' => 'text' + }, + 'crowdsec' => { + 'type' => 'bool' + }, + 'crowdsecAction' => { + 'default' => 'reject', + 'select' => [ { + 'k' => 'reject', + 'v' => 'Reject' + }, + { + 'k' => 'warn', + 'v' => 'Warn' + } + ], + 'type' => 'select' + }, + 'crowdsecKey' => { + 'type' => 'text' + }, + 'crowdsecUrl' => { + 'type' => 'url' + }, + 'cspConnect' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspDefault' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspFont' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspFormAction' => { + 'default' => '*', + 'type' => 'text' + }, + 'cspFrameAncestors' => { + 'default' => '', + 'type' => 'text' + }, + 'cspImg' => { + 'default' => '\'self\' data:', + 'type' => 'text' + }, + 'cspScript' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspStyle' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'customAddParams' => { + 'type' => 'keyTextContainer' + }, + 'customAuth' => { + 'type' => 'text' + }, + 'customFunctions' => { + 'msgFail' => '__badCustomFuncName__', + 'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/, + 'type' => 'text' + }, + 'customPassword' => { + 'type' => 'text' + }, + 'customPlugins' => { + 'type' => 'text' + }, + 'customPluginsParams' => { + 'type' => 'keyTextContainer' + }, + 'customRegister' => { + 'type' => 'text' + }, + 'customResetCertByMail' => { + 'type' => 'text' + }, + 'customToTrace' => { + 'type' => 'lmAttrOrMacro' + }, + 'customUserDB' => { + 'type' => 'text' + }, + 'dbiAuthChain' => { + 'type' => 'text' + }, + 'dbiAuthLoginCol' => { + 'type' => 'text' + }, + 'dbiAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'dbiAuthPassword' => { + 'type' => 'password' + }, + 'dbiAuthPasswordCol' => { + 'type' => 'text' + }, + 'dbiAuthPasswordHash' => { + 'type' => 'text' + }, + 'dbiAuthTable' => { + 'type' => 'text' + }, + 'dbiAuthUser' => { + 'type' => 'text' + }, + 'dbiDynamicHashEnabled' => { + 'type' => 'bool' + }, + 'dbiDynamicHashNewPasswordScheme' => { + 'type' => 'text' + }, + 'dbiDynamicHashValidSaltedSchemes' => { + 'type' => 'text' + }, + 'dbiDynamicHashValidSchemes' => { + 'type' => 'text' + }, + 'dbiExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'dbiPasswordMailCol' => { + 'type' => 'text' + }, + 'dbiUserChain' => { + 'type' => 'text' + }, + 'dbiUserPassword' => { + 'type' => 'password' + }, + 'dbiUserTable' => { + 'type' => 'text' + }, + 'dbiUserUser' => { + 'type' => 'text' + }, + 'decryptValueFunctions' => { + 'msgFail' => '__badCustomFuncName__', + 'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/, + 'type' => 'text' + }, + 'decryptValueRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'demoExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'disablePersistentStorage' => { + 'default' => 0, + 'type' => 'bool' + }, + 'displaySessionId' => { + 'default' => 1, + 'type' => 'bool' + }, + 'domain' => { + 'default' => 'example.com', + 'msgFail' => '__badDomainName__', + 'test' => +qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, + 'type' => 'text' + }, + 'exportedAttr' => { + 'type' => 'text' + }, + 'exportedHeaders' => { + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^\S+$/, + 'test' => { + 'keyMsgFail' => '__badHeaderName__', + 'keyTest' => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'exportedVars' => { + 'default' => { + 'UA' => 'HTTP_USER_AGENT' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[_a-zA-Z][a-zA-Z0-9_]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[_a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'ext2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'ext2fAuthnLevel' => { + 'type' => 'int' + }, + 'ext2fCodeActivation' => { + 'default' => '\\d{6}', + 'type' => 'pcre' + }, + 'ext2fLabel' => { + 'type' => 'text' + }, + 'ext2fLogo' => { + 'type' => 'text' + }, + 'ext2fResendInterval' => { + 'type' => 'text' + }, + 'ext2FSendCommand' => { + 'type' => 'text' + }, + 'ext2FValidateCommand' => { + 'type' => 'text' + }, + 'facebookAppId' => { + 'type' => 'text' + }, + 'facebookAppSecret' => { + 'type' => 'text' + }, + 'facebookAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'facebookExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'facebookUserField' => { + 'default' => 'id', + 'type' => 'text' + }, + 'failedLoginNumber' => { + 'default' => 5, + 'type' => 'int' + }, + 'findUser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'findUserControl' => { + 'default' => '^[*\\w]+$', + 'type' => 'pcre' + }, + 'findUserExcludingAttributes' => { + 'keyTest' => qr/^\S+$/, + 'type' => 'keyTextContainer' + }, + 'findUserSearchingAttributes' => { + 'keyTest' => qr/^\S+$/, + 'type' => 'keyTextContainer' + }, + 'findUserWildcard' => { + 'default' => '*', + 'type' => 'text' + }, + 'forceGlobalStorageIssuerOTT' => { + 'type' => 'bool' + }, + 'forceGlobalStorageUpgradeOTT' => { + 'type' => 'bool' + }, + 'formTimeout' => { + 'default' => 120, + 'type' => 'int' + }, + 'githubAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'githubClientID' => { + 'type' => 'text' + }, + 'githubClientSecret' => { + 'type' => 'password' + }, + 'githubScope' => { + 'default' => 'user:email', + 'type' => 'text' + }, + 'githubUserField' => { + 'default' => 'login', + 'type' => 'text' + }, + 'globalLogoutCustomParam' => { + 'type' => 'text' + }, + 'globalLogoutRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'globalLogoutTimer' => { + 'default' => 1, + 'type' => 'bool' + }, + 'globalStorage' => { + 'default' => 'Apache::Session::File', + 'type' => 'PerlModule' + }, + 'globalStorageOptions' => { + 'default' => { + 'Directory' => '/var/lib/lemonldap-ng/sessions/', + 'generateModule' => + 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', + 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' + }, + 'type' => 'keyTextContainer' + }, + 'gpgAuthnLevel' => { + 'default' => 5, + 'type' => 'int' + }, + 'gpgDb' => { + 'default' => '', + 'type' => 'text' + }, + 'grantSessionRules' => { + 'default' => {}, + 'keyTest' => sub { + return perlExpr(@_); + }, + 'test' => sub { + 1; + }, + 'type' => 'grantContainer' + }, + 'groups' => { + 'default' => {}, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'keyTextContainer' + }, + 'groupsBeforeMacros' => { + 'default' => 0, + 'type' => 'bool' + }, + 'handlerInternalCache' => { + 'default' => 15, + 'type' => 'int' + }, + 'handlerServiceTokenTTL' => { + 'default' => 30, + 'type' => 'int' + }, + 'hiddenAttributes' => { + 'default' => '_password, _2fDevices', + 'type' => 'text' + }, + 'hideOldPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'httpOnly' => { + 'default' => 1, + 'type' => 'bool' + }, + 'https' => { + 'default' => -1, + 'type' => 'trool' + }, + 'impersonationHiddenAttributes' => { + 'default' => '_2fDevices, _loginHistory', + 'type' => 'text' + }, + 'impersonationIdRule' => { + 'default' => 1, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'impersonationMergeSSOgroups' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'impersonationPrefix' => { + 'default' => 'real_', + 'type' => 'text' + }, + 'impersonationRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'impersonationSkipEmptyValues' => { + 'default' => 1, + 'type' => 'bool' + }, + 'impersonationUnrestrictedUsersRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'infoFormMethod' => { + 'default' => 'get', + 'select' => [ { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'issuerDBCASActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBCASPath' => { + 'default' => '^/cas/', + 'type' => 'pcre' + }, + 'issuerDBCASRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBGetActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBGetParameters' => { + 'default' => {}, + 'keyMsgFail' => '__badHostname__', + 'keyTest' => +qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/, + 'test' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/, + 'test' => sub { + my ( $val, $conf ) = @_; + return 1 + if defined $conf->{'macros'}{$val} or $val eq '_timezone'; + foreach $_ ( keys %$conf ) { + return 1 + if $_ =~ /exportedvars$/i + and defined $conf->{$_}{$val}; + } + return 1, "__unknownAttrOrMacro__: $val"; + } + }, + 'type' => 'doubleHash' + }, + 'issuerDBGetPath' => { + 'default' => '^/get/', + 'type' => 'text' + }, + 'issuerDBGetRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBOpenIDActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBOpenIDConnectActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBOpenIDConnectPath' => { + 'default' => '^/oauth2/', + 'type' => 'text' + }, + 'issuerDBOpenIDConnectRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBOpenIDPath' => { + 'default' => '^/openidserver/', + 'type' => 'pcre' + }, + 'issuerDBOpenIDRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBSAMLActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBSAMLPath' => { + 'default' => '^/saml/', + 'type' => 'pcre' + }, + 'issuerDBSAMLRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuersTimeout' => { + 'default' => 120, + 'type' => 'int' + }, + 'jsRedirect' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'key' => { + 'type' => 'password' + }, + 'krbAllowedDomains' => { + 'type' => 'text' + }, + 'krbAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'krbByJs' => { + 'default' => 0, + 'type' => 'bool' + }, + 'krbKeytab' => { + 'type' => 'text' + }, + 'krbRemoveDomain' => { + 'default' => 1, + 'type' => 'bool' + }, + 'ldapAllowResetExpiredPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'ldapBase' => { + 'default' => 'dc=example,dc=com', + 'msgFail' => '__badValue__', + 'test' => qr/^(?:\w+=.*|)$/, + 'type' => 'text' + }, + 'ldapCAFile' => { + 'type' => 'text' + }, + 'ldapCAPath' => { + 'type' => 'text' + }, + 'ldapChangePasswordAsUser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'LDAPFilter' => { + 'type' => 'text' + }, + 'ldapGetUserBeforePasswordChange' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapGroupAttributeName' => { + 'default' => 'member', + 'type' => 'text' + }, + 'ldapGroupAttributeNameGroup' => { + 'default' => 'dn', + 'type' => 'text' + }, + 'ldapGroupAttributeNameSearch' => { + 'default' => 'cn', + 'type' => 'text' + }, + 'ldapGroupAttributeNameUser' => { + 'default' => 'dn', + 'type' => 'text' + }, + 'ldapGroupBase' => { + 'type' => 'text' + }, + 'ldapGroupDecodeSearchedValue' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapGroupObjectClass' => { + 'default' => 'groupOfNames', + 'type' => 'text' + }, + 'ldapGroupRecursive' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapIOTimeout' => { + 'default' => 10, + 'type' => 'int' + }, + 'ldapITDS' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapPasswordResetAttribute' => { + 'default' => 'pwdReset', + 'type' => 'text' + }, + 'ldapPasswordResetAttributeValue' => { + 'default' => 'TRUE', + 'type' => 'text' + }, + 'ldapPort' => { + 'type' => 'int' + }, + 'ldapPpolicyControl' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapPwdEnc' => { + 'default' => 'utf-8', + 'msgFail' => '__badEncoding__', + 'test' => qr/^[a-zA-Z0-9_][a-zA-Z0-9_\-]*[a-zA-Z0-9_]$/, + 'type' => 'text' + }, + 'ldapRaw' => { + 'type' => 'text' + }, + 'ldapSearchDeref' => { + 'default' => 'find', + 'select' => [ { + 'k' => 'never', + 'v' => 'never' + }, + { + 'k' => 'search', + 'v' => 'search' + }, + { + 'k' => 'find', + 'v' => 'find' + }, + { + 'k' => 'always', + 'v' => 'always' + } + ], + 'type' => 'select' + }, + 'ldapServer' => { + 'default' => 'ldap://localhost', + 'test' => sub { + my $l = shift(); + my @s = split( /[\s,]+/, $l, 0 ); + foreach my $s (@s) { + return 0, qq[__badLdapUri__: "$s"] + unless $s =~ +m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$]o; + } + return 1; + }, + 'type' => 'text' + }, + 'ldapSetPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapTimeout' => { + 'default' => 10, + 'type' => 'int' + }, + 'ldapUsePasswordResetAttribute' => { + 'default' => 1, + 'type' => 'bool' + }, + 'ldapVerify' => { + 'default' => 'require', + 'select' => [ { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'optional', + 'v' => 'Optional' + }, + { + 'k' => 'require', + 'v' => 'Require' + } + ], + 'type' => 'select' + }, + 'ldapVersion' => { + 'default' => 3, + 'type' => 'int' + }, + 'linkedInAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'linkedInClientID' => { + 'type' => 'text' + }, + 'linkedInClientSecret' => { + 'type' => 'password' + }, + 'linkedInFields' => { + 'default' => 'id,first-name,last-name,email-address', + 'type' => 'text' + }, + 'linkedInScope' => { + 'default' => 'r_liteprofile r_emailaddress', + 'type' => 'text' + }, + 'linkedInUserField' => { + 'default' => 'emailAddress', + 'type' => 'text' + }, + 'localSessionStorage' => { + 'default' => 'Cache::FileCache', + 'type' => 'PerlModule' + }, + 'localSessionStorageOptions' => { + 'default' => { + 'cache_depth' => 3, + 'cache_root' => '/var/cache/lemonldap-ng', + 'default_expires_in' => 600, + 'directory_umask' => '007', + 'namespace' => 'lemonldap-ng-sessions' + }, + 'type' => 'keyTextContainer' + }, + 'localStorage' => { + 'type' => 'text' + }, + 'localStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'locationRules' => { + 'default' => { + 'default' => 'deny' + }, + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^\S+$/, + 'test' => { + 'keyMsgFail' => '__badRegexp__', + 'keyTest' => sub { + eval { + do { + qr/$_[0]/; + } + }; + return $@ ? 0 : 1; + }, + 'msgFail' => '__badExpression__', + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = $val; + if ( $s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*// ) { + return $s =~ m[^(?:https?://.*)?$] + ? 1 + : ( 0, '__badUrl__' ); + } + $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g; + return &perlExpr( $s, $conf ); + } + }, + 'type' => 'ruleContainer' + }, + 'log4perlConfFile' => { + 'type' => 'text' + }, + 'logger' => { + 'type' => 'text' + }, + 'loginHistoryEnabled' => { + 'default' => 0, + 'type' => 'bool' + }, + 'logLevel' => { + 'type' => 'text' + }, + 'logoutServices' => { + 'default' => {}, + 'type' => 'keyTextContainer' + }, + 'lwpOpts' => { + 'type' => 'keyTextContainer' + }, + 'lwpSslOpts' => { + 'type' => 'keyTextContainer' + }, + 'macros' => { + 'default' => {}, + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'keyTextContainer' + }, + 'mail2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'mail2fAuthnLevel' => { + 'type' => 'int' + }, + 'mail2fBody' => { + 'type' => 'longtext' + }, + 'mail2fCodeRegex' => { + 'default' => '\\d{6}', + 'type' => 'pcre' + }, + 'mail2fLabel' => { + 'type' => 'text' + }, + 'mail2fLogo' => { + 'type' => 'text' + }, + 'mail2fResendInterval' => { + 'type' => 'text' + }, + 'mail2fSessionKey' => { + 'type' => 'text' + }, + 'mail2fSubject' => { + 'type' => 'text' + }, + 'mail2fTimeout' => { + 'type' => 'int' + }, + 'mailBody' => { + 'type' => 'longtext' + }, + 'mailCharset' => { + 'default' => 'utf-8', + 'type' => 'text' + }, + 'mailConfirmBody' => { + 'type' => 'longtext' + }, + 'mailConfirmSubject' => { + 'type' => 'text' + }, + 'mailFrom' => { + 'default' => 'noreply@example.com', + 'type' => 'text' + }, + 'mailLDAPFilter' => { + 'type' => 'text' + }, + 'mailOnPasswordChange' => { + 'default' => 0, + 'type' => 'bool' + }, + 'mailReplyTo' => { + 'type' => 'text' + }, + 'mailSessionKey' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'mailSubject' => { + 'type' => 'text' + }, + 'mailTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'mailUrl' => { + 'default' => 'http://auth.example.com/resetpwd', + 'type' => 'url' + }, + 'maintenance' => { + 'default' => 0, + 'type' => 'bool' + }, + 'managerDn' => { + 'default' => '', + 'msgFail' => '__badValue__', + 'test' => qr/^.*$/, + 'type' => 'text' + }, + 'managerPassword' => { + 'default' => '', + 'msgFail' => '__badValue__', + 'test' => qr/^\S*$/, + 'type' => 'password' + }, + 'max2FDevices' => { + 'default' => 10, + 'type' => 'int' + }, + 'max2FDevicesNameLength' => { + 'default' => 20, + 'type' => 'int' + }, + 'multiValuesSeparator' => { + 'default' => '; ', + 'type' => 'authParamsText' + }, + 'mySessionAuthorizedRWKeys' => { + 'default' => + [ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ], + 'type' => 'array' + }, + 'newLocationWarning' => { + 'default' => 0, + 'type' => 'bool' + }, + 'newLocationWarningLocationAttribute' => { + 'default' => 'ipAddr', + 'type' => 'text' + }, + 'newLocationWarningLocationDisplayAttribute' => { + 'default' => '', + 'type' => 'text' + }, + 'newLocationWarningMailAttribute' => { + 'type' => 'text' + }, + 'newLocationWarningMailBody' => { + 'type' => 'longtext' + }, + 'newLocationWarningMailSubject' => { + 'type' => 'text' + }, + 'newLocationWarningMaxValues' => { + 'default' => '0', + 'type' => 'int' + }, + 'nginxCustomHandlers' => { + 'keyTest' => qr/^\w+$/, + 'msgFail' => '__badPerlPackageName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/, + 'type' => 'keyTextContainer' + }, + 'noAjaxHook' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notification' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationDefaultCond' => { + 'default' => '', + 'type' => 'text' + }, + 'notificationServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationServerDELETE' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationServerGET' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationServerPOST' => { + 'default' => 1, + 'type' => 'bool' + }, + 'notificationServerSentAttributes' => { + 'default' => 'uid reference date title subtitle text check', + 'type' => 'text' + }, + 'notificationsExplorer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationsMaxRetrieve' => { + 'default' => 3, + 'type' => 'int' + }, + 'notificationStorage' => { + 'default' => 'File', + 'type' => 'PerlModule' + }, + 'notificationStorageOptions' => { + 'default' => { + 'dirName' => '/var/lib/lemonldap-ng/notifications' + }, + 'type' => 'keyTextContainer' + }, + 'notificationWildcard' => { + 'default' => 'allusers', + 'type' => 'text' + }, + 'notificationXSLTfile' => { + 'type' => 'text' + }, + 'notifyDeleted' => { + 'default' => 1, + 'type' => 'bool' + }, + 'notifyOther' => { + 'default' => 0, + 'type' => 'bool' + }, + 'nullAuthnLevel' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'oidcOPMetaDataExportedVars' => { + 'default' => { + 'cn' => 'name', + 'mail' => 'email', + 'sn' => 'family_name', + 'uid' => 'sub' + }, + 'type' => 'keyTextContainer' + }, + 'oidcOPMetaDataJSON' => { + 'keyTest' => sub { + 1; + }, + 'type' => 'file' + }, + 'oidcOPMetaDataJWKS' => { + 'keyTest' => sub { + 1; + }, + 'type' => 'file' + }, + 'oidcOPMetaDataNodes' => { + 'type' => 'oidcOPMetaDataNodeContainer' + }, + 'oidcOPMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'oidcOPMetaDataOptionsAcrValues' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsCheckJWTSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcOPMetaDataOptionsClientID' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsClientSecret' => { + 'type' => 'password' + }, + 'oidcOPMetaDataOptionsConfigurationURI' => { + 'type' => 'url' + }, + 'oidcOPMetaDataOptionsDisplay' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'page', + 'v' => 'page' + }, + { + 'k' => 'popup', + 'v' => 'popup' + }, + { + 'k' => 'touch', + 'v' => 'touch' + }, + { + 'k' => 'wap', + 'v' => 'wap' + } + ], + 'type' => 'select' + }, + 'oidcOPMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsIDTokenMaxAge' => { + 'default' => 30, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsJWKSTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsMaxAge' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsPrompt' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsResolutionRule' => { + 'default' => '', + 'type' => 'longtext' + }, + 'oidcOPMetaDataOptionsScope' => { + 'default' => 'openid profile', + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsSortNumber' => { + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsStoreIDToken' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => { + 'default' => 'client_secret_post', + 'select' => [ { + 'k' => 'client_secret_post', + 'v' => 'client_secret_post' + }, + { + 'k' => 'client_secret_basic', + 'v' => 'client_secret_basic' + } + ], + 'type' => 'select' + }, + 'oidcOPMetaDataOptionsUiLocales' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsUseNonce' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcRPCallbackGetParam' => { + 'default' => 'openidconnectcallback', + 'type' => 'text' + }, + 'oidcRPMetaDataExportedVars' => { + 'default' => { + 'email' => 'mail', + 'family_name' => 'sn', + 'name' => 'cn' + }, + 'keyTest' => qr/\w/, + 'test' => qr/\w/, + 'type' => 'oidcAttributeContainer' + }, + 'oidcRPMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'oidcRPMetaDataNodes' => { + 'type' => 'oidcRPMetaDataNodeContainer' + }, + 'oidcRPMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'oidcRPMetaDataOptionsAccessTokenClaims' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAccessTokenExpiration' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsAccessTokenJWT' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAccessTokenSignAlg' => { + 'default' => 'RS256', + 'select' => [ { + 'k' => 'RS256', + 'v' => 'RS256' + }, + { + 'k' => 'RS384', + 'v' => 'RS384' + }, + { + 'k' => 'RS512', + 'v' => 'RS512' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataOptionsAdditionalAudiences' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsAllowClientCredentialsGrant' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAllowOffline' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAllowPasswordGrant' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAuthnLevel' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsAuthorizationCodeExpiration' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsBypassConsent' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsClientID' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsClientSecret' => { + 'type' => 'password' + }, + 'oidcRPMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsExtraClaims' => { + 'default' => {}, + 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, + 'type' => 'keyTextContainer' + }, + 'oidcRPMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsIDTokenExpiration' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsIDTokenForceClaims' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsIDTokenSignAlg' => { + 'default' => 'HS512', + 'select' => [ { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'HS256', + 'v' => 'HS256' + }, + { + 'k' => 'HS384', + 'v' => 'HS384' + }, + { + 'k' => 'HS512', + 'v' => 'HS512' + }, + { + 'k' => 'RS256', + 'v' => 'RS256' + }, + { + 'k' => 'RS384', + 'v' => 'RS384' + }, + { + 'k' => 'RS512', + 'v' => 'RS512' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataOptionsLogoutBypassConfirm' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsLogoutSessionRequired' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsLogoutType' => { + 'default' => 'front', + 'select' => [ { + 'k' => 'front', + 'v' => 'Front Channel' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataOptionsLogoutUrl' => { + 'type' => 'url' + }, + 'oidcRPMetaDataOptionsOfflineSessionExpiration' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsPostLogoutRedirectUris' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsPublic' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsRedirectUris' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsRefreshToken' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsRequirePKCE' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsUserIDAttr' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsUserInfoSignAlg' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => 'JSON' + }, + { + 'k' => 'none', + 'v' => 'JWT/None' + }, + { + 'k' => 'HS256', + 'v' => 'JWT/HS256' + }, + { + 'k' => 'HS384', + 'v' => 'JWT/HS384' + }, + { + 'k' => 'HS512', + 'v' => 'JWT/HS512' + }, + { + 'k' => 'RS256', + 'v' => 'JWT/RS256' + }, + { + 'k' => 'RS384', + 'v' => 'JWT/RS384' + }, + { + 'k' => 'RS512', + 'v' => 'JWT/RS512' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataScopeRules' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'oidcRPStateTimeout' => { + 'default' => 600, + 'type' => 'int' + }, + 'oidcServiceAccessTokenExpiration' => { + 'default' => 3600, + 'type' => 'int' + }, + 'oidcServiceAllowAuthorizationCodeFlow' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcServiceAllowDynamicRegistration' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAllowHybridFlow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAllowImplicitFlow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAllowOnlyDeclaredScopes' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAuthorizationCodeExpiration' => { + 'default' => 60, + 'type' => 'int' + }, + 'oidcServiceDynamicRegistrationExportedVars' => { + 'type' => 'keyTextContainer' + }, + 'oidcServiceDynamicRegistrationExtraClaims' => { + 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, + 'type' => 'keyTextContainer' + }, + 'oidcServiceIDTokenExpiration' => { + 'default' => 3600, + 'type' => 'int' + }, + 'oidcServiceKeyIdSig' => { + 'type' => 'text' + }, + 'oidcServiceMetaDataAuthnContext' => { + 'default' => { + 'loa-1' => 1, + 'loa-2' => 2, + 'loa-3' => 3, + 'loa-4' => 4, + 'loa-5' => 5 + }, + 'keyTest' => qr/\w/, + 'type' => 'keyTextContainer' + }, + 'oidcServiceMetaDataAuthorizeURI' => { + 'default' => 'authorize', + 'type' => 'text' + }, + 'oidcServiceMetaDataBackChannelURI' => { + 'default' => 'blogout', + 'type' => 'text' + }, + 'oidcServiceMetaDataCheckSessionURI' => { + 'default' => 'checksession.html', + 'type' => 'text' + }, + 'oidcServiceMetaDataEndSessionURI' => { + 'default' => 'logout', + 'type' => 'text' + }, + 'oidcServiceMetaDataFrontChannelURI' => { + 'default' => 'flogout', + 'type' => 'text' + }, + 'oidcServiceMetaDataIntrospectionURI' => { + 'default' => 'introspect', + 'type' => 'text' + }, + 'oidcServiceMetaDataIssuer' => { + 'type' => 'text' + }, + 'oidcServiceMetaDataJWKSURI' => { + 'default' => 'jwks', + 'type' => 'text' + }, + 'oidcServiceMetaDataRegistrationURI' => { + 'default' => 'register', + 'type' => 'text' + }, + 'oidcServiceMetaDataTokenURI' => { + 'default' => 'token', + 'type' => 'text' + }, + 'oidcServiceMetaDataUserInfoURI' => { + 'default' => 'userinfo', + 'type' => 'text' + }, + 'oidcServiceOfflineSessionExpiration' => { + 'default' => 2592000, + 'type' => 'int' + }, + 'oidcServicePrivateKeySig' => { + 'type' => 'RSAPrivateKey' + }, + 'oidcServicePublicKeySig' => { + 'type' => 'RSAPublicKey' + }, + 'oidcStorage' => { + 'type' => 'PerlModule' + }, + 'oidcStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'oldNotifFormat' => { + 'default' => 0, + 'type' => 'bool' + }, + 'openIdAttr' => { + 'type' => 'text' + }, + 'openIdAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'openIdExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'openIdIDPList' => { + 'default' => '0;', + 'type' => 'blackWhiteList' + }, + 'openIdIssuerSecret' => { + 'type' => 'text' + }, + 'openIdSecret' => { + 'type' => 'text' + }, + 'openIdSPList' => { + 'default' => '0;', + 'type' => 'blackWhiteList' + }, + 'openIdSreg_country' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_dob' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_email' => { + 'default' => 'mail', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_fullname' => { + 'default' => 'cn', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_gender' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_language' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_nickname' => { + 'default' => 'uid', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_postcode' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_timezone' => { + 'default' => '_timezone', + 'type' => 'lmAttrOrMacro' + }, + 'pamAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'pamService' => { + 'default' => 'login', + 'type' => 'text' + }, + 'passwordDB' => { + 'default' => 'Demo', + 'select' => [ { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'Choice', + 'v' => 'authChoice' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Combination', + 'v' => 'combineMods' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'passwordPolicyActivation' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'passwordPolicyMinDigit' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicyMinLower' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicyMinSize' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicyMinSpeChar' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicyMinUpper' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicySpecialChar' => { + 'default' => '__ALL__', + 'test' => qr/^(?:__ALL__|[\S\W]*)$/, + 'type' => 'text' + }, + 'passwordResetAllowedRetries' => { + 'default' => 3, + 'type' => 'int' + }, + 'pdataDomain' => { + 'default' => '', + 'msgFail' => '__badDomainName__', + 'test' => +qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, + 'type' => 'text' + }, + 'persistentSessionAttributes' => { + 'default' => '_loginHistory _2fDevices notification_', + 'type' => 'text' + }, + 'persistentStorage' => { + 'type' => 'PerlModule' + }, + 'persistentStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'port' => { + 'default' => -1, + 'type' => 'int' + }, + 'portal' => { + 'default' => 'http://auth.example.com/', + 'msgFail' => '__badUrl__', + 'test' => +qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'url' + }, + 'portalAntiFrame' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalCheckLogins' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalCustomCss' => { + 'type' => 'text' + }, + 'portalDisplayAppslist' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayCertificateResetByMail' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalDisplayChangePassword' => { + 'default' => '$_auth =~ /^(LDAP|DBI|Demo)$/', + 'type' => 'boolOrExpr' + }, + 'portalDisplayGeneratePassword' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalDisplayLoginHistory' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayLogout' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayOidcConsents' => { + 'default' => '$_oidcConsents && $_oidcConsents =~ /\\w+/', + 'type' => 'boolOrExpr' + }, + 'portalDisplayPasswordPolicy' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalDisplayRefreshMyRights' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalDisplayRegister' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalDisplayResetPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalEnablePasswordDisplay' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalErrorOnExpiredSession' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalErrorOnMailNotFound' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalFavicon' => { + 'default' => 'common/favicon.ico', + 'type' => 'text' + }, + 'portalForceAuthn' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalForceAuthnInterval' => { + 'default' => 5, + 'type' => 'int' + }, + 'portalMainLogo' => { + 'default' => 'common/logos/logo_llng_400px.png', + 'type' => 'text' + }, + 'portalOpenLinkInNewWindow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalPingInterval' => { + 'default' => 60000, + 'type' => 'int' + }, + 'portalRequireOldPassword' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalSkin' => { + 'default' => 'bootstrap', + 'select' => [ { + 'k' => 'bootstrap', + 'v' => 'Bootstrap' + } + ], + 'type' => 'portalskin' + }, + 'portalSkinBackground' => { + 'select' => [ { + 'k' => '', + 'v' => 'None' + }, + { + 'k' => '1280px-Anse_Source_d\'Argent_2-La_Digue.jpg', + 'v' => 'Anse' + }, + { + 'k' => +'1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg', + 'v' => 'Waterfall' + }, + { + 'k' => '1280px-BrockenSnowedTrees.jpg', + 'v' => 'Snowed Trees' + }, + { + 'k' => + '1280px-Cedar_Breaks_National_Monument_partially.jpg', + 'v' => 'National Monument' + }, + { + 'k' => '1280px-Parry_Peak_from_Winter_Park.jpg', + 'v' => 'Winter' + }, + { + 'k' => 'Aletschgletscher_mit_Pinus_cembra1.jpg', + 'v' => 'Pinus' + } + ], + 'type' => 'portalskinbackground' + }, + 'portalSkinRules' => { + 'keyMsgFail' => '__badSkinRule__', + 'keyTest' => sub { + return perlExpr(@_); + }, + 'msgFail' => '__badValue__', + 'test' => qr/^\w+$/, + 'type' => 'keyTextContainer' + }, + 'portalStatus' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalUserAttr' => { + 'default' => '_user', + 'type' => 'text' + }, + 'post' => { + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^\S+$/, + 'test' => sub { + 1; + }, + 'type' => 'postContainer' + }, + 'protection' => { + 'msgFail' => '__authorizedValues__: none authenticate manager', + 'test' => qr/^(?:none|authenticate|manager|)$/, + 'type' => 'text' + }, + 'proxyAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'proxyAuthService' => { + 'type' => 'text' + }, + 'proxyAuthServiceChoiceParam' => { + 'default' => 'lmAuth', + 'type' => 'text' + }, + 'proxyAuthServiceChoiceValue' => { + 'type' => 'text' + }, + 'proxyAuthServiceImpersonation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'proxyCookieName' => { + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'proxySessionService' => { + 'type' => 'text' + }, + 'proxyUseSoap' => { + 'default' => 0, + 'type' => 'bool' + }, + 'radius2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'radius2fAuthnLevel' => { + 'type' => 'int' + }, + 'radius2fLabel' => { + 'type' => 'text' + }, + 'radius2fLogo' => { + 'type' => 'text' + }, + 'radius2fSecret' => { + 'type' => 'text' + }, + 'radius2fServer' => { + 'type' => 'text' + }, + 'radius2fTimeout' => { + 'default' => 20, + 'type' => 'int' + }, + 'radius2fUsernameSessionKey' => { + 'type' => 'text' + }, + 'radiusAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'radiusSecret' => { + 'type' => 'text' + }, + 'radiusServer' => { + 'type' => 'text' + }, + 'randomPasswordRegexp' => { + 'default' => '[A-Z]{3}[a-z]{5}.\\d{2}', + 'type' => 'pcre' + }, + 'redirectFormMethod' => { + 'default' => 'get', + 'select' => [ { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'refreshSessions' => { + 'type' => 'bool' + }, + 'registerConfirmBody' => { + 'type' => 'longtext' + }, + 'registerConfirmSubject' => { + 'type' => 'text' + }, + 'registerDB' => { + 'default' => 'Null', + 'select' => [ { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'registerDoneBody' => { + 'type' => 'longtext' + }, + 'registerDoneSubject' => { + 'type' => 'text' + }, + 'registerTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'registerUrl' => { + 'default' => 'http://auth.example.com/register', + 'type' => 'text' + }, + 'reloadTimeout' => { + 'default' => 5, + 'type' => 'int' + }, + 'reloadUrls' => { + 'keyTest' => +qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$/, + 'msgFail' => '__badUrl__', + 'test' => +qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'keyTextContainer' + }, + 'rememberAuthChoiceRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'rememberCookieName' => { + 'default' => 'llngrememberauthchoice', + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'rememberCookieTimeout' => { + 'default' => 31536000, + 'type' => 'int' + }, + 'rememberDefaultChecked' => { + 'default' => 0, + 'type' => 'bool' + }, + 'rememberTimer' => { + 'default' => 5, + 'type' => 'int' + }, + 'remoteCookieName' => { + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'remoteGlobalStorage' => { + 'default' => 'Lemonldap::NG::Common::Apache::Session::SOAP', + 'type' => 'PerlModule' + }, + 'remoteGlobalStorageOptions' => { + 'default' => { + 'ns' => +'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', + 'proxy' => 'http://auth.example.com/sessions' + }, + 'type' => 'keyTextContainer' + }, + 'remotePortal' => { + 'type' => 'text' + }, + 'requireToken' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'rest2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'rest2fAuthnLevel' => { + 'type' => 'int' + }, + 'rest2fCodeActivation' => { + 'type' => 'pcre' + }, + 'rest2fInitArgs' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/^\w+$/, + 'msgFail' => '__badValue__', + 'test' => qr/^\w+$/, + 'type' => 'keyTextContainer' + }, + 'rest2fInitUrl' => { + 'type' => 'url' + }, + 'rest2fLabel' => { + 'type' => 'text' + }, + 'rest2fLogo' => { + 'type' => 'text' + }, + 'rest2fResendInterval' => { + 'type' => 'text' + }, + 'rest2fVerifyArgs' => { + 'type' => 'keyTextContainer' + }, + 'rest2fVerifyUrl' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/^\w+$/, + 'msgFail' => '__badValue__', + 'test' => qr/^\w+$/, + 'type' => 'url' + }, + 'restAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'restAuthServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restAuthUrl' => { + 'type' => 'url' + }, + 'restClockTolerance' => { + 'default' => 15, + 'type' => 'int' + }, + 'restConfigServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restExportSecretKeys' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restFindUserDBUrl' => { + 'type' => 'url' + }, + 'restPasswordServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restPwdConfirmUrl' => { + 'type' => 'url' + }, + 'restPwdModifyUrl' => { + 'type' => 'url' + }, + 'restSessionServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restUserDBUrl' => { + 'type' => 'url' + }, + 'sameSite' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'Strict', + 'v' => 'Strict' + }, + { + 'k' => 'Lax', + 'v' => 'Lax' + }, + { + 'k' => 'None', + 'v' => 'None' + } + ], + 'type' => 'select' + }, + 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', + 'type' => 'samlService' + }, + 'samlAuthnContextMapKerberos' => { + 'default' => 4, + 'type' => 'int' + }, + 'samlAuthnContextMapPassword' => { + 'default' => 2, + 'type' => 'int' + }, + 'samlAuthnContextMapPasswordProtectedTransport' => { + 'default' => 3, + 'type' => 'int' + }, + 'samlAuthnContextMapTLSClient' => { + 'default' => 5, + 'type' => 'int' + }, + 'samlCommonDomainCookieActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlCommonDomainCookieDomain' => { + 'msgFail' => '__badDomainName__', + 'test' => +qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/, + 'type' => 'text' + }, + 'samlCommonDomainCookieReader' => { + 'msgFail' => '__badUrl__', + 'test' => +qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'text' + }, + 'samlCommonDomainCookieWriter' => { + 'msgFail' => '__badUrl__', + 'test' => +qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'text' + }, + 'samlDiscoveryProtocolActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlDiscoveryProtocolIsPassive' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlDiscoveryProtocolPolicy' => { + 'type' => 'text' + }, + 'samlDiscoveryProtocolURL' => { + 'msgFail' => '__badUrl__', + 'test' => +qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'text' + }, + 'samlEntityID' => { + 'default' => '#PORTAL#/saml/metadata', + 'type' => 'text' + }, + 'samlIDPMetaDataExportedAttributes' => { + 'default' => {}, + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, + 'msgFail' => '__badValue__', + 'test' => qr/\w/, + 'type' => 'samlAttributeContainer' + }, + 'samlIDPMetaDataNodes' => { + 'type' => 'samlIDPMetaDataNodeContainer' + }, + 'samlIDPMetaDataOptions' => { + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, + 'type' => 'keyTextContainer' + }, + 'samlIDPMetaDataOptionsAdaptSessionUtime' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsAllowLoginFromIDP' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsAllowProxiedAuthn' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckAudience' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckTime' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'samlIDPMetaDataOptionsEncryptionMode' => { + 'default' => 'none', + 'select' => [ { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'nameid', + 'v' => 'Name ID' + }, + { + 'k' => 'assertion', + 'v' => 'Assertion' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsForceAuthn' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsForceUTF8' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'samlIDPMetaDataOptionsIsPassive' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsNameIDFormat' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'unspecified', + 'v' => 'Unspecified' + }, + { + 'k' => 'email', + 'v' => 'Email' + }, + { + 'k' => 'x509', + 'v' => 'X509 certificate' + }, + { + 'k' => 'windows', + 'v' => 'Windows' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'entity', + 'v' => 'Entity' + }, + { + 'k' => 'persistent', + 'v' => 'Persistent' + }, + { + 'k' => 'transient', + 'v' => 'Transient' + }, + { + 'k' => 'encrypted', + 'v' => 'Encrypted' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsRelayStateURL' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsRequestedAuthnContext' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'password-protected-transport', + 'v' => 'Password protected transport' + }, + { + 'k' => 'password', + 'v' => 'Password' + }, + { + 'k' => 'tls-client', + 'v' => 'TLS client certificate' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsResolutionRule' => { + 'default' => '', + 'type' => 'longtext' + }, + 'samlIDPMetaDataOptionsSignatureMethod' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => 'default' + }, + { + 'k' => 'RSA_SHA1', + 'v' => 'RSA SHA1' + }, + { + 'k' => 'RSA_SHA256', + 'v' => 'RSA SHA256' + }, + { + 'k' => 'RSA_SHA384', + 'v' => 'RSA SHA384' + }, + { + 'k' => 'RSA_SHA512', + 'v' => 'RSA SHA512' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsSignSLOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlIDPMetaDataOptionsSignSSOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlIDPMetaDataOptionsSLOBinding' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'http-post', + 'v' => 'POST' + }, + { + 'k' => 'http-redirect', + 'v' => 'Redirect' + }, + { + 'k' => 'http-soap', + 'v' => 'SOAP' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsSortNumber' => { + 'type' => 'int' + }, + 'samlIDPMetaDataOptionsSSOBinding' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'http-post', + 'v' => 'POST' + }, + { + 'k' => 'http-redirect', + 'v' => 'Redirect' + }, + { + 'k' => 'artifact-get', + 'v' => 'Artifact GET' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsStoreSAMLToken' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsUserAttribute' => { + 'type' => 'text' + }, + 'samlIDPMetaDataXML' => { + 'test' => sub { + my $v = shift(); + return 1 unless $v and %$v; + my @msg; + my $res = 1; + my %entityIds; + foreach my $idpId ( keys %$v ) { + unless ( $v->{$idpId}{'samlIDPMetaDataXML'} =~ + /entityID="(.+?)"/is ) + { + push @msg, "$idpId SAML metadata has no EntityID"; + $res = 0; + next; + } + my $eid = $1; + if ( defined $entityIds{$eid} ) { + push @msg, +"$idpId and $entityIds{$eid} have the same SAML EntityID"; + $res = 0; + next; + } + $entityIds{$eid} = $idpId; + } + return $res, join( ', ', @msg ); + }, + 'type' => 'file' + }, + 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => { + 'default' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'type' => 'samlAssertion' + }, + 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorWantAuthnRequestsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlMetadataForceUTF8' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlNameIDFormatMapEmail' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'samlNameIDFormatMapKerberos' => { + 'default' => 'uid', + 'type' => 'text' + }, + 'samlNameIDFormatMapWindows' => { + 'default' => 'uid', + 'type' => 'text' + }, + 'samlNameIDFormatMapX509' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'samlOrganizationDisplayName' => { + 'default' => 'Example', + 'type' => 'text' + }, + 'samlOrganizationName' => { + 'default' => 'Example', + 'type' => 'text' + }, + 'samlOrganizationURL' => { + 'default' => 'http://www.example.com', + 'type' => 'text' + }, + 'samlOverrideIDPEntityID' => { + 'default' => '', + 'type' => 'text' + }, + 'samlRelayStateTimeout' => { + 'default' => 600, + 'type' => 'int' + }, + 'samlServicePrivateKeyEnc' => { + 'default' => '', + 'type' => 'RSAPrivateKey' + }, + 'samlServicePrivateKeyEncPwd' => { + 'type' => 'password' + }, + 'samlServicePrivateKeySig' => { + 'default' => '', + 'type' => 'RSAPrivateKey' + }, + 'samlServicePrivateKeySigPwd' => { + 'default' => '', + 'type' => 'password' + }, + 'samlServicePublicKeyEnc' => { + 'default' => '', + 'type' => 'RSAPublicKeyOrCertificate' + }, + 'samlServicePublicKeySig' => { + 'default' => '', + 'type' => 'RSAPublicKeyOrCertificate' + }, + 'samlServiceSignatureMethod' => { + 'default' => 'RSA_SHA256', + 'select' => [ { + 'k' => 'RSA_SHA1', + 'v' => 'RSA SHA1' + }, + { + 'k' => 'RSA_SHA256', + 'v' => 'RSA SHA256' + }, + { + 'k' => 'RSA_SHA384', + 'v' => 'RSA SHA384' + }, + { + 'k' => 'RSA_SHA512', + 'v' => 'RSA SHA512' + } + ], + 'type' => 'select' + }, + 'samlServiceUseCertificateInResponse' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataExportedAttributes' => { + 'default' => {}, + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, + 'msgFail' => '__badValue__', + 'test' => qr/\w/, + 'type' => 'samlAttributeContainer' + }, + 'samlSPMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'samlSPMetaDataNodes' => { + 'type' => 'samlSPMetaDataNodeContainer' + }, + 'samlSPMetaDataOptions' => { + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, + 'type' => 'keyTextContainer' + }, + 'samlSPMetaDataOptionsAuthnLevel' => { + 'type' => 'int' + }, + 'samlSPMetaDataOptionsCheckSLOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsCheckSSOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsEncryptionMode' => { + 'default' => 'none', + 'select' => [ { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'nameid', + 'v' => 'Name ID' + }, + { + 'k' => 'assertion', + 'v' => 'Assertion' + } + ], + 'type' => 'select' + }, + 'samlSPMetaDataOptionsForceUTF8' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsNameIDFormat' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'unspecified', + 'v' => 'Unspecified' + }, + { + 'k' => 'email', + 'v' => 'Email' + }, + { + 'k' => 'x509', + 'v' => 'X509 certificate' + }, + { + 'k' => 'windows', + 'v' => 'Windows' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'entity', + 'v' => 'Entity' + }, + { + 'k' => 'persistent', + 'v' => 'Persistent' + }, + { + 'k' => 'transient', + 'v' => 'Transient' + }, + { + 'k' => 'encrypted', + 'v' => 'Encrypted' + } + ], + 'type' => 'select' + }, + 'samlSPMetaDataOptionsNameIDSessionKey' => { + 'type' => 'text' + }, + 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => { + 'default' => 72000, + 'type' => 'int' + }, + 'samlSPMetaDataOptionsOneTimeUse' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => { + 'default' => 72000, + 'type' => 'int' + }, + 'samlSPMetaDataOptionsSignatureMethod' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => 'default' + }, + { + 'k' => 'RSA_SHA1', + 'v' => 'RSA SHA1' + }, + { + 'k' => 'RSA_SHA256', + 'v' => 'RSA SHA256' + }, + { + 'k' => 'RSA_SHA384', + 'v' => 'RSA SHA384' + }, + { + 'k' => 'RSA_SHA512', + 'v' => 'RSA SHA512' + } + ], + 'type' => 'select' + }, + 'samlSPMetaDataOptionsSignSLOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlSPMetaDataOptionsSignSSOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlSPMetaDataXML' => { + 'type' => 'file' + }, + 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => { + 'default' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => { + 'default' => +'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => { + 'default' => +'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAuthnRequestsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorSingleLogoutServiceSOAP' => { + 'default' => +'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorWantAssertionsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlStorage' => { + 'type' => 'PerlModule' + }, + 'samlStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'samlUseQueryStringSpecific' => { + 'default' => 0, + 'type' => 'bool' + }, + 'scrollTop' => { + 'default' => 400, + 'type' => 'int' + }, + 'securedCookie' => { + 'default' => 0, + 'select' => [ { + 'k' => '0', + 'v' => 'unsecuredCookie' + }, + { + 'k' => '1', + 'v' => 'securedCookie' + }, + { + 'k' => '2', + 'v' => 'doubleCookie' + }, + { + 'k' => '3', + 'v' => 'doubleCookieForSingleSession' + } + ], + 'type' => 'select' + }, + 'secureTokenAllowOnError' => { + 'type' => 'text' + }, + 'secureTokenAttribute' => { + 'type' => 'text' + }, + 'secureTokenExpiration' => { + 'type' => 'text' + }, + 'secureTokenHeader' => { + 'type' => 'text' + }, + 'secureTokenMemcachedServers' => { + 'type' => 'text' + }, + 'secureTokenUrls' => { + 'type' => 'text' + }, + 'sentryDsn' => { + 'type' => 'text' + }, + 'sessionDataToRemember' => { + 'keyMsgFail' => '__invalidSessionData__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'type' => 'keyTextContainer' + }, + 'sfEngine' => { + 'default' => '::2F::Engines::Default', + 'type' => 'text' + }, + 'sfExtra' => { + 'keyTest' => qr/^\w+$/, + 'select' => [ { + 'k' => 'Mail2F', + 'v' => 'E-Mail' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Ext2F', + 'v' => 'External' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + } + ], + 'test' => sub { + 1; + }, + 'type' => 'sfExtraContainer' + }, + 'sfLoginTimeout' => { + 'type' => 'int' + }, + 'sfManagerRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'sfOnlyUpgrade' => { + 'type' => 'bool' + }, + 'sfRegisterTimeout' => { + 'type' => 'int' + }, + 'sfRemovedMsgRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'sfRemovedNotifMsg' => { + 'default' => +'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', + 'type' => 'text' + }, + 'sfRemovedNotifRef' => { + 'default' => 'RemoveSF', + 'type' => 'text' + }, + 'sfRemovedNotifTitle' => { + 'default' => 'Second factor notification', + 'type' => 'text' + }, + 'sfRemovedUseNotif' => { + 'default' => 0, + 'type' => 'bool' + }, + 'sfRequired' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'showLanguages' => { + 'default' => 1, + 'type' => 'bool' + }, + 'singleIP' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'singleSession' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'singleUserByIP' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'skipRenewConfirmation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'skipUpgradeConfirmation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'slaveAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'slaveDisplayLogo' => { + 'default' => 0, + 'type' => 'bool' + }, + 'slaveExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'slaveHeaderContent' => { + 'type' => 'text' + }, + 'slaveHeaderName' => { + 'type' => 'text' + }, + 'slaveMasterIP' => { + 'msgFail' => '__badIPv4Address__', + 'test' => qr/^((?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)\s*)*$/, + 'type' => 'text' + }, + 'slaveUserHeader' => { + 'type' => 'text' + }, + 'SMTPAuthPass' => { + 'type' => 'password' + }, + 'SMTPAuthUser' => { + 'type' => 'text' + }, + 'SMTPPort' => { + 'type' => 'int' + }, + 'SMTPServer' => { + 'default' => '', + 'test' => +qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/, + 'type' => 'text' + }, + 'SMTPTLS' => { + 'default' => '', + 'select' => [ { + 'k' => '', + 'v' => 'none' + }, + { + 'k' => 'starttls', + 'v' => 'SMTP + STARTTLS' + }, + { + 'k' => 'ssl', + 'v' => 'SMTPS' + } + ], + 'type' => 'select' + }, + 'SMTPTLSOpts' => { + 'type' => 'keyTextContainer' + }, + 'soapConfigServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'soapProxyUrn' => { + 'default' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService', + 'type' => 'text' + }, + 'soapSessionServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'SSLAuthnLevel' => { + 'default' => 5, + 'type' => 'int' + }, + 'sslByAjax' => { + 'default' => 0, + 'type' => 'bool' + }, + 'sslHost' => { + 'type' => 'url' + }, + 'SSLVar' => { + 'default' => 'SSL_CLIENT_S_DN_Email', + 'type' => 'text' + }, + 'SSLVarIf' => { + 'default' => {}, + 'keyTest' => sub { + 1; + }, + 'type' => 'keyTextContainer' + }, + 'staticPrefix' => { + 'type' => 'text' + }, + 'status' => { + 'type' => 'bool' + }, + 'stayConnected' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'stayConnectedBypassFG' => { + 'default' => 0, + 'type' => 'bool' + }, + 'stayConnectedCookieName' => { + 'default' => 'llngconnection', + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'stayConnectedTimeout' => { + 'default' => 2592000, + 'type' => 'int' + }, + 'storePassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'successLoginNumber' => { + 'default' => 5, + 'type' => 'int' + }, + 'syslogFacility' => { + 'type' => 'text' + }, + 'timeout' => { + 'default' => 72000, + 'test' => sub { + $_[0] > 0; + }, + 'type' => 'int' + }, + 'timeoutActivity' => { + 'default' => 0, + 'test' => sub { + $_[0] >= 0; + }, + 'type' => 'int' + }, + 'timeoutActivityInterval' => { + 'default' => 60, + 'test' => sub { + $_[0] >= 0; + }, + 'type' => 'int' + }, + 'tokenUseGlobalStorage' => { + 'default' => 0, + 'type' => 'bool' + }, + 'totp2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'totp2fAuthnLevel' => { + 'type' => 'int' + }, + 'totp2fDigits' => { + 'default' => 6, + 'type' => 'int' + }, + 'totp2fEncryptSecret' => { + 'default' => 0, + 'type' => 'bool' + }, + 'totp2fInterval' => { + 'default' => 30, + 'type' => 'int' + }, + 'totp2fIssuer' => { + 'type' => 'text' + }, + 'totp2fLabel' => { + 'type' => 'text' + }, + 'totp2fLogo' => { + 'type' => 'text' + }, + 'totp2fRange' => { + 'default' => 1, + 'type' => 'int' + }, + 'totp2fSelfRegistration' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'totp2fTTL' => { + 'type' => 'int' + }, + 'totp2fUserCanRemoveKey' => { + 'default' => 1, + 'type' => 'bool' + }, + 'trustedDomains' => { + 'type' => 'text' + }, + 'twitterAppName' => { + 'type' => 'text' + }, + 'twitterAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'twitterKey' => { + 'type' => 'text' + }, + 'twitterSecret' => { + 'type' => 'text' + }, + 'twitterUserField' => { + 'default' => 'screen_name', + 'type' => 'text' + }, + 'u2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'u2fAuthnLevel' => { + 'type' => 'int' + }, + 'u2fLabel' => { + 'type' => 'text' + }, + 'u2fLogo' => { + 'type' => 'text' + }, + 'u2fSelfRegistration' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'u2fTTL' => { + 'type' => 'int' + }, + 'u2fUserCanRemoveKey' => { + 'default' => 1, + 'type' => 'bool' + }, + 'upgradeSession' => { + 'default' => 1, + 'type' => 'bool' + }, + 'userControl' => { + 'default' => '^[\\w\\.\\-@]+$', + 'type' => 'pcre' + }, + 'userDB' => { + 'default' => 'Same', + 'select' => [ { + 'k' => 'Same', + 'v' => 'Same' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'useRedirectOnError' => { + 'default' => 1, + 'type' => 'bool' + }, + 'useRedirectOnForbidden' => { + 'default' => 0, + 'type' => 'bool' + }, + 'userLogger' => { + 'type' => 'text' + }, + 'userPivot' => { + 'type' => 'text' + }, + 'userSyslogFacility' => { + 'type' => 'text' + }, + 'useSafeJail' => { + 'default' => 1, + 'type' => 'bool' + }, + 'utotp2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'utotp2fAuthnLevel' => { + 'type' => 'int' + }, + 'utotp2fLabel' => { + 'type' => 'text' + }, + 'utotp2fLogo' => { + 'type' => 'text' + }, + 'vhostAccessToTrace' => { + 'default' => '', + 'type' => 'text' + }, + 'vhostAliases' => { + 'default' => '', + 'type' => 'text' + }, + 'vhostAuthnLevel' => { + 'type' => 'int' + }, + 'vhostDevOpsRulesUrl' => { + 'type' => 'url' + }, + 'vhostHttps' => { + 'default' => -1, + 'type' => 'trool' + }, + 'vhostMaintenance' => { + 'default' => 0, + 'type' => 'bool' + }, + 'vhostOptions' => { + 'type' => 'subContainer' + }, + 'vhostPort' => { + 'default' => -1, + 'type' => 'int' + }, + 'vhostServiceTokenTTL' => { + 'default' => -1, + 'type' => 'int' + }, + 'vhostType' => { + 'default' => 'Main', + 'select' => [ { + 'k' => 'AuthBasic', + 'v' => 'AuthBasic' + }, + { + 'k' => 'CDA', + 'v' => 'CDA' + }, + { + 'k' => 'DevOps', + 'v' => 'DevOps' + }, + { + 'k' => 'DevOpsST', + 'v' => 'DevOpsST' + }, + { + 'k' => 'Main', + 'v' => 'Main' + }, + { + 'k' => 'OAuth2', + 'v' => 'OAuth2' + }, + { + 'k' => 'SecureToken', + 'v' => 'SecureToken' + }, + { + 'k' => 'ServiceToken', + 'v' => 'ServiceToken' + }, + { + 'k' => 'ZimbraPreAuth', + 'v' => 'ZimbraPreAuth' + } + ], + 'type' => 'select' + }, + 'viewerAllowBrowser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'viewerAllowDiff' => { + 'default' => 0, + 'type' => 'bool' + }, + 'viewerHiddenKeys' => { + 'default' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes', + 'type' => 'text' + }, + 'virtualHosts' => { + 'type' => 'virtualHostContainer' + }, + 'webauthn2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'webauthn2fAuthnLevel' => { + 'type' => 'int' + }, + 'webauthn2fLabel' => { + 'type' => 'text' + }, + 'webauthn2fLogo' => { + 'type' => 'text' + }, + 'webauthn2fSelfRegistration' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'webauthn2fUserCanRemoveKey' => { + 'default' => 1, + 'type' => 'bool' + }, + 'webauthn2fUserVerification' => { + 'default' => 'preferred', + 'select' => [ { + 'k' => 'discouraged', + 'v' => 'Discouraged' + }, + { + 'k' => 'preferred', + 'v' => 'Preferred' + }, + { + 'k' => 'required', + 'v' => 'Required' + } + ], + 'type' => 'select' + }, + 'webauthnDisplayNameAttr' => { + 'type' => 'text' + }, + 'webauthnRpName' => { + 'type' => 'text' + }, + 'webIDAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'webIDExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'webIDWhitelist' => { + 'type' => 'text' + }, + 'whatToTrace' => { + 'default' => 'uid', + 'type' => 'lmAttrOrMacro' + }, + 'wsdlServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'yubikey2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'yubikey2fAuthnLevel' => { + 'type' => 'int' + }, + 'yubikey2fClientID' => { + 'type' => 'text' + }, + 'yubikey2fFromSessionAttribute' => { + 'type' => 'text' + }, + 'yubikey2fLabel' => { + 'type' => 'text' + }, + 'yubikey2fLogo' => { + 'type' => 'text' + }, + 'yubikey2fNonce' => { + 'type' => 'text' + }, + 'yubikey2fPublicIDSize' => { + 'default' => 12, + 'type' => 'int' + }, + 'yubikey2fSecretKey' => { + 'type' => 'text' + }, + 'yubikey2fSelfRegistration' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'yubikey2fTTL' => { + 'type' => 'int' + }, + 'yubikey2fUrl' => { + 'type' => 'text' + }, + 'yubikey2fUserCanRemoveKey' => { + 'default' => 1, + 'type' => 'bool' + }, + 'zimbraAccountKey' => { + 'type' => 'text' + }, + 'zimbraBy' => { + 'type' => 'text' + }, + 'zimbraPreAuthKey' => { + 'type' => 'text' + }, + 'zimbraSsoUrl' => { + 'type' => 'text' + }, + 'zimbraUrl' => { + 'type' => 'text' + } + }; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm index 8304810540..aaf6ffbfa1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm @@ -30,14 +30,11 @@ has logo => ( is => 'rw', default => 'totp.png' ); sub init { my ($self) = @_; - # If self registration is enabled and "activation" is just set to - # "enabled", replace the rule to detect if user has registered its key - if ( $self->conf->{totp2fSelfRegistration} - and $self->conf->{totp2fActivation} eq '1' ) - { - $self->conf->{totp2fActivation} = - '$_2fDevices && $_2fDevices =~ /"type":\s*"TOTP"/s'; - } + # If "activation" is just set to "enabled", + # replace the rule to detect if user has registered its key + $self->conf->{totp2fActivation} = 'has2f("TOTP")' + if $self->conf->{totp2fActivation} eq '1'; + return $self->SUPER::init(); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm index cc766bb12c..110188829e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm @@ -32,14 +32,12 @@ has logo => ( is => 'rw', default => 'u2f.png' ); sub init { my ($self) = @_; - # If self registration is enabled and "activation" is just set to - # "enabled", replace the rule to detect if user has registered its key - if ( $self->conf->{u2fSelfRegistration} - and $self->conf->{u2fActivation} eq '1' ) - { - $self->conf->{u2fActivation} = - '$_2fDevices && $_2fDevices =~ /"type":\s*"U2F"/s'; - } + # If "activation" is just set to "enabled", + # replace the rule to detect if user has registered its key + $self->conf->{u2fActivation} = 'has2f("U2F")' + if ( $self->conf->{u2fActivation} eq '1' + and !$self->conf->{sfOnlyUpgrade} ); + return 0 unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init() and $self->Lemonldap::NG::Portal::Lib::U2F::init() ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm index ff27e4eea8..f17ff22b69 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm @@ -31,15 +31,13 @@ has logo => ( is => 'rw', default => 'webauthn.png' ); sub init { my ($self) = @_; - # If self registration is enabled and "activation" is just set to - # "enabled", replace the rule to detect if user has registered its key - if ( $self->conf->{webauthn2fSelfRegistration} - and $self->conf->{webauthn2fActivation} eq '1' ) - { - $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")'; - } + # If "activation" is just set to "enabled", + # replace the rule to detect if user has registered its key + $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")' + if $self->conf->{webauthn2fActivation} eq '1'; + return 0 - unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init() ); + unless ( $self->SUPER::init() ); return 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm index 2fb7371d0a..ef4851aea7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm @@ -7,224 +7,332 @@ use Exporter 'import'; our $VERSION = '2.0.15'; use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main'; -use constant URIRE => qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:\@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)}; +use constant URIRE => +qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:\@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)}; use constant { - PE_IDPCHOICE => -5, - PE_SENDRESPONSE => -4, - PE_INFO => -3, - PE_REDIRECT => -2, - PE_DONE => -1, - PE_OK => 0, - PE_SESSIONEXPIRED => 1, - PE_FORMEMPTY => 2, - PE_WRONGMANAGERACCOUNT => 3, - PE_USERNOTFOUND => 4, - PE_BADCREDENTIALS => 5, - PE_LDAPCONNECTFAILED => 6, - PE_LDAPERROR => 7, - PE_APACHESESSIONERROR => 8, - PE_FIRSTACCESS => 9, - PE_BADCERTIFICATE => 10, - PE_NO_PASSWORD_BE => 20, - PE_PP_ACCOUNT_LOCKED => 21, - PE_PP_PASSWORD_EXPIRED => 22, - PE_CERTIFICATEREQUIRED => 23, - PE_ERROR => 24, - PE_PP_CHANGE_AFTER_RESET => 25, - PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26, - PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27, - PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28, - PE_PP_PASSWORD_TOO_SHORT => 29, - PE_PP_PASSWORD_TOO_YOUNG => 30, - PE_PP_PASSWORD_IN_HISTORY => 31, - PE_PP_GRACE => 32, - PE_PP_EXP_WARNING => 33, - PE_PASSWORD_MISMATCH => 34, - PE_PASSWORD_OK => 35, - PE_NOTIFICATION => 36, - PE_BADURL => 37, - PE_NOSCHEME => 38, - PE_BADOLDPASSWORD => 39, - PE_MALFORMEDUSER => 40, - PE_SESSIONNOTGRANTED => 41, - PE_CONFIRM => 42, - PE_MAILFORMEMPTY => 43, - PE_BADMAILTOKEN => 44, - PE_MAILERROR => 45, - PE_MAILOK => 46, - PE_LOGOUT_OK => 47, - PE_SAML_ERROR => 48, - PE_SAML_LOAD_SERVICE_ERROR => 49, - PE_SAML_LOAD_IDP_ERROR => 50, - PE_SAML_SSO_ERROR => 51, - PE_SAML_UNKNOWN_ENTITY => 52, - PE_SAML_DESTINATION_ERROR => 53, - PE_SAML_CONDITIONS_ERROR => 54, - PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55, - PE_SAML_SLO_ERROR => 56, - PE_SAML_SIGNATURE_ERROR => 57, - PE_SAML_ART_ERROR => 58, - PE_SAML_SESSION_ERROR => 59, - PE_SAML_LOAD_SP_ERROR => 60, - PE_SAML_ATTR_ERROR => 61, - PE_OPENID_EMPTY => 62, - PE_OPENID_BADID => 63, - PE_MISSINGREQATTR => 64, - PE_BADPARTNER => 65, - PE_MAILCONFIRMATION_ALREADY_SENT => 66, - PE_PASSWORDFORMEMPTY => 67, - PE_CAS_SERVICE_NOT_ALLOWED => 68, - PE_MAILFIRSTACCESS => 69, - PE_MAILNOTFOUND => 70, - PE_PASSWORDFIRSTACCESS => 71, - PE_MAILCONFIRMOK => 72, - PE_RADIUSCONNECTFAILED => 73, - PE_MUST_SUPPLY_OLD_PASSWORD => 74, - PE_FORBIDDENIP => 75, - PE_CAPTCHAERROR => 76, - PE_CAPTCHAEMPTY => 77, - PE_REGISTERFIRSTACCESS => 78, - PE_REGISTERFORMEMPTY => 79, - PE_REGISTERALREADYEXISTS => 80, - PE_NOTOKEN => 81, - PE_TOKENEXPIRED => 82, - PE_U2FFAILED => 83, - PE_UNAUTHORIZEDPARTNER => 84, - PE_RENEWSESSION => 85, - PE_WAIT => 86, - PE_MUSTAUTHN => 87, - PE_MUSTHAVEMAIL => 88, - PE_SAML_SERVICE_NOT_ALLOWED => 89, - PE_OIDC_SERVICE_NOT_ALLOWED => 90, - PE_OID_SERVICE_NOT_ALLOWED => 91, - PE_GET_SERVICE_NOT_ALLOWED => 92, + PE_IDPCHOICE => -5, + PE_SENDRESPONSE => -4, + PE_INFO => -3, + PE_REDIRECT => -2, + PE_DONE => -1, + PE_OK => 0, + PE_SESSIONEXPIRED => 1, + PE_FORMEMPTY => 2, + PE_WRONGMANAGERACCOUNT => 3, + PE_USERNOTFOUND => 4, + PE_BADCREDENTIALS => 5, + PE_LDAPCONNECTFAILED => 6, + PE_LDAPERROR => 7, + PE_APACHESESSIONERROR => 8, + PE_FIRSTACCESS => 9, + PE_BADCERTIFICATE => 10, + PE_NO_PASSWORD_BE => 20, + PE_PP_ACCOUNT_LOCKED => 21, + PE_PP_PASSWORD_EXPIRED => 22, + PE_CERTIFICATEREQUIRED => 23, + PE_ERROR => 24, + PE_PP_CHANGE_AFTER_RESET => 25, + PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26, + PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27, + PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28, + PE_PP_PASSWORD_TOO_SHORT => 29, + PE_PP_PASSWORD_TOO_YOUNG => 30, + PE_PP_PASSWORD_IN_HISTORY => 31, + PE_PP_GRACE => 32, + PE_PP_EXP_WARNING => 33, + PE_PASSWORD_MISMATCH => 34, + PE_PASSWORD_OK => 35, + PE_NOTIFICATION => 36, + PE_BADURL => 37, + PE_NOSCHEME => 38, + PE_BADOLDPASSWORD => 39, + PE_MALFORMEDUSER => 40, + PE_SESSIONNOTGRANTED => 41, + PE_CONFIRM => 42, + PE_MAILFORMEMPTY => 43, + PE_BADMAILTOKEN => 44, + PE_MAILERROR => 45, + PE_MAILOK => 46, + PE_LOGOUT_OK => 47, + PE_SAML_ERROR => 48, + PE_SAML_LOAD_SERVICE_ERROR => 49, + PE_SAML_LOAD_IDP_ERROR => 50, + PE_SAML_SSO_ERROR => 51, + PE_SAML_UNKNOWN_ENTITY => 52, + PE_SAML_DESTINATION_ERROR => 53, + PE_SAML_CONDITIONS_ERROR => 54, + PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55, + PE_SAML_SLO_ERROR => 56, + PE_SAML_SIGNATURE_ERROR => 57, + PE_SAML_ART_ERROR => 58, + PE_SAML_SESSION_ERROR => 59, + PE_SAML_LOAD_SP_ERROR => 60, + PE_SAML_ATTR_ERROR => 61, + PE_OPENID_EMPTY => 62, + PE_OPENID_BADID => 63, + PE_MISSINGREQATTR => 64, + PE_BADPARTNER => 65, + PE_MAILCONFIRMATION_ALREADY_SENT => 66, + PE_PASSWORDFORMEMPTY => 67, + PE_CAS_SERVICE_NOT_ALLOWED => 68, + PE_MAILFIRSTACCESS => 69, + PE_MAILNOTFOUND => 70, + PE_PASSWORDFIRSTACCESS => 71, + PE_MAILCONFIRMOK => 72, + PE_RADIUSCONNECTFAILED => 73, + PE_MUST_SUPPLY_OLD_PASSWORD => 74, + PE_FORBIDDENIP => 75, + PE_CAPTCHAERROR => 76, + PE_CAPTCHAEMPTY => 77, + PE_REGISTERFIRSTACCESS => 78, + PE_REGISTERFORMEMPTY => 79, + PE_REGISTERALREADYEXISTS => 80, + PE_NOTOKEN => 81, + PE_TOKENEXPIRED => 82, + PE_U2FFAILED => 83, + PE_UNAUTHORIZEDPARTNER => 84, + PE_RENEWSESSION => 85, + PE_WAIT => 86, + PE_MUSTAUTHN => 87, + PE_MUSTHAVEMAIL => 88, + PE_SAML_SERVICE_NOT_ALLOWED => 89, + PE_OIDC_SERVICE_NOT_ALLOWED => 90, + PE_OID_SERVICE_NOT_ALLOWED => 91, + PE_GET_SERVICE_NOT_ALLOWED => 92, PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93, - PE_ISSUERMISSINGREQATTR => 94, - PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95, - PE_BADOTP => 96, - PE_RESETCERTIFICATE_INVALID => 97, - PE_RESETCERTIFICATE_FORMEMPTY => 98, - PE_RESETCERTIFICATE_FIRSTACCESS => 99, - PE_PP_NOT_ALLOWED_CHARACTER => 100, - PE_PP_NOT_ALLOWED_CHARACTERS => 101, - PE_UPGRADESESSION => 102, - PE_NO_SECOND_FACTORS => 103, - PE_BAD_DEVOPS_FILE => 104, - PE_FILENOTFOUND => 105, - PE_OIDC_AUTH_ERROR => 106, + PE_ISSUERMISSINGREQATTR => 94, + PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95, + PE_BADOTP => 96, + PE_RESETCERTIFICATE_INVALID => 97, + PE_RESETCERTIFICATE_FORMEMPTY => 98, + PE_RESETCERTIFICATE_FIRSTACCESS => 99, + PE_PP_NOT_ALLOWED_CHARACTER => 100, + PE_PP_NOT_ALLOWED_CHARACTERS => 101, + PE_UPGRADESESSION => 102, + PE_NO_SECOND_FACTORS => 103, + PE_BAD_DEVOPS_FILE => 104, + PE_FILENOTFOUND => 105, + PE_OIDC_AUTH_ERROR => 106, }; sub portalConsts { return { - '-1' => 'PE_DONE', - '-2' => 'PE_REDIRECT', - '-3' => 'PE_INFO', - '-4' => 'PE_SENDRESPONSE', - '-5' => 'PE_IDPCHOICE', - '0' => 'PE_OK', - '1' => 'PE_SESSIONEXPIRED', - '10' => 'PE_BADCERTIFICATE', - '100' => 'PE_PP_NOT_ALLOWED_CHARACTER', - '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS', - '102' => 'PE_UPGRADESESSION', - '103' => 'PE_NO_SECOND_FACTORS', - '104' => 'PE_BAD_DEVOPS_FILE', - '105' => 'PE_FILENOTFOUND', - '106' => 'PE_OIDC_AUTH_ERROR', - '2' => 'PE_FORMEMPTY', - '20' => 'PE_NO_PASSWORD_BE', - '21' => 'PE_PP_ACCOUNT_LOCKED', - '22' => 'PE_PP_PASSWORD_EXPIRED', - '23' => 'PE_CERTIFICATEREQUIRED', - '24' => 'PE_ERROR', - '25' => 'PE_PP_CHANGE_AFTER_RESET', - '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', - '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', - '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', - '29' => 'PE_PP_PASSWORD_TOO_SHORT', - '3' => 'PE_WRONGMANAGERACCOUNT', - '30' => 'PE_PP_PASSWORD_TOO_YOUNG', - '31' => 'PE_PP_PASSWORD_IN_HISTORY', - '32' => 'PE_PP_GRACE', - '33' => 'PE_PP_EXP_WARNING', - '34' => 'PE_PASSWORD_MISMATCH', - '35' => 'PE_PASSWORD_OK', - '36' => 'PE_NOTIFICATION', - '37' => 'PE_BADURL', - '38' => 'PE_NOSCHEME', - '39' => 'PE_BADOLDPASSWORD', - '4' => 'PE_USERNOTFOUND', - '40' => 'PE_MALFORMEDUSER', - '41' => 'PE_SESSIONNOTGRANTED', - '42' => 'PE_CONFIRM', - '43' => 'PE_MAILFORMEMPTY', - '44' => 'PE_BADMAILTOKEN', - '45' => 'PE_MAILERROR', - '46' => 'PE_MAILOK', - '47' => 'PE_LOGOUT_OK', - '48' => 'PE_SAML_ERROR', - '49' => 'PE_SAML_LOAD_SERVICE_ERROR', - '5' => 'PE_BADCREDENTIALS', - '50' => 'PE_SAML_LOAD_IDP_ERROR', - '51' => 'PE_SAML_SSO_ERROR', - '52' => 'PE_SAML_UNKNOWN_ENTITY', - '53' => 'PE_SAML_DESTINATION_ERROR', - '54' => 'PE_SAML_CONDITIONS_ERROR', - '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', - '56' => 'PE_SAML_SLO_ERROR', - '57' => 'PE_SAML_SIGNATURE_ERROR', - '58' => 'PE_SAML_ART_ERROR', - '59' => 'PE_SAML_SESSION_ERROR', - '6' => 'PE_LDAPCONNECTFAILED', - '60' => 'PE_SAML_LOAD_SP_ERROR', - '61' => 'PE_SAML_ATTR_ERROR', - '62' => 'PE_OPENID_EMPTY', - '63' => 'PE_OPENID_BADID', - '64' => 'PE_MISSINGREQATTR', - '65' => 'PE_BADPARTNER', - '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT', - '67' => 'PE_PASSWORDFORMEMPTY', - '68' => 'PE_CAS_SERVICE_NOT_ALLOWED', - '69' => 'PE_MAILFIRSTACCESS', - '7' => 'PE_LDAPERROR', - '70' => 'PE_MAILNOTFOUND', - '71' => 'PE_PASSWORDFIRSTACCESS', - '72' => 'PE_MAILCONFIRMOK', - '73' => 'PE_RADIUSCONNECTFAILED', - '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD', - '75' => 'PE_FORBIDDENIP', - '76' => 'PE_CAPTCHAERROR', - '77' => 'PE_CAPTCHAEMPTY', - '78' => 'PE_REGISTERFIRSTACCESS', - '79' => 'PE_REGISTERFORMEMPTY', - '8' => 'PE_APACHESESSIONERROR', - '80' => 'PE_REGISTERALREADYEXISTS', - '81' => 'PE_NOTOKEN', - '82' => 'PE_TOKENEXPIRED', - '83' => 'PE_U2FFAILED', - '84' => 'PE_UNAUTHORIZEDPARTNER', - '85' => 'PE_RENEWSESSION', - '86' => 'PE_WAIT', - '87' => 'PE_MUSTAUTHN', - '88' => 'PE_MUSTHAVEMAIL', - '89' => 'PE_SAML_SERVICE_NOT_ALLOWED', - '9' => 'PE_FIRSTACCESS', - '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED', - '91' => 'PE_OID_SERVICE_NOT_ALLOWED', - '92' => 'PE_GET_SERVICE_NOT_ALLOWED', - '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', - '94' => 'PE_ISSUERMISSINGREQATTR', - '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', - '96' => 'PE_BADOTP', - '97' => 'PE_RESETCERTIFICATE_INVALID', - '98' => 'PE_RESETCERTIFICATE_FORMEMPTY', - '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS' - }; + '-1' => 'PE_DONE', + '-2' => 'PE_REDIRECT', + '-3' => 'PE_INFO', + '-4' => 'PE_SENDRESPONSE', + '-5' => 'PE_IDPCHOICE', + '0' => 'PE_OK', + '1' => 'PE_SESSIONEXPIRED', + '10' => 'PE_BADCERTIFICATE', + '100' => 'PE_PP_NOT_ALLOWED_CHARACTER', + '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS', + '102' => 'PE_UPGRADESESSION', + '103' => 'PE_NO_SECOND_FACTORS', + '104' => 'PE_BAD_DEVOPS_FILE', + '105' => 'PE_FILENOTFOUND', + '106' => 'PE_OIDC_AUTH_ERROR', + '2' => 'PE_FORMEMPTY', + '20' => 'PE_NO_PASSWORD_BE', + '21' => 'PE_PP_ACCOUNT_LOCKED', + '22' => 'PE_PP_PASSWORD_EXPIRED', + '23' => 'PE_CERTIFICATEREQUIRED', + '24' => 'PE_ERROR', + '25' => 'PE_PP_CHANGE_AFTER_RESET', + '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', + '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', + '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', + '29' => 'PE_PP_PASSWORD_TOO_SHORT', + '3' => 'PE_WRONGMANAGERACCOUNT', + '30' => 'PE_PP_PASSWORD_TOO_YOUNG', + '31' => 'PE_PP_PASSWORD_IN_HISTORY', + '32' => 'PE_PP_GRACE', + '33' => 'PE_PP_EXP_WARNING', + '34' => 'PE_PASSWORD_MISMATCH', + '35' => 'PE_PASSWORD_OK', + '36' => 'PE_NOTIFICATION', + '37' => 'PE_BADURL', + '38' => 'PE_NOSCHEME', + '39' => 'PE_BADOLDPASSWORD', + '4' => 'PE_USERNOTFOUND', + '40' => 'PE_MALFORMEDUSER', + '41' => 'PE_SESSIONNOTGRANTED', + '42' => 'PE_CONFIRM', + '43' => 'PE_MAILFORMEMPTY', + '44' => 'PE_BADMAILTOKEN', + '45' => 'PE_MAILERROR', + '46' => 'PE_MAILOK', + '47' => 'PE_LOGOUT_OK', + '48' => 'PE_SAML_ERROR', + '49' => 'PE_SAML_LOAD_SERVICE_ERROR', + '5' => 'PE_BADCREDENTIALS', + '50' => 'PE_SAML_LOAD_IDP_ERROR', + '51' => 'PE_SAML_SSO_ERROR', + '52' => 'PE_SAML_UNKNOWN_ENTITY', + '53' => 'PE_SAML_DESTINATION_ERROR', + '54' => 'PE_SAML_CONDITIONS_ERROR', + '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', + '56' => 'PE_SAML_SLO_ERROR', + '57' => 'PE_SAML_SIGNATURE_ERROR', + '58' => 'PE_SAML_ART_ERROR', + '59' => 'PE_SAML_SESSION_ERROR', + '6' => 'PE_LDAPCONNECTFAILED', + '60' => 'PE_SAML_LOAD_SP_ERROR', + '61' => 'PE_SAML_ATTR_ERROR', + '62' => 'PE_OPENID_EMPTY', + '63' => 'PE_OPENID_BADID', + '64' => 'PE_MISSINGREQATTR', + '65' => 'PE_BADPARTNER', + '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT', + '67' => 'PE_PASSWORDFORMEMPTY', + '68' => 'PE_CAS_SERVICE_NOT_ALLOWED', + '69' => 'PE_MAILFIRSTACCESS', + '7' => 'PE_LDAPERROR', + '70' => 'PE_MAILNOTFOUND', + '71' => 'PE_PASSWORDFIRSTACCESS', + '72' => 'PE_MAILCONFIRMOK', + '73' => 'PE_RADIUSCONNECTFAILED', + '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD', + '75' => 'PE_FORBIDDENIP', + '76' => 'PE_CAPTCHAERROR', + '77' => 'PE_CAPTCHAEMPTY', + '78' => 'PE_REGISTERFIRSTACCESS', + '79' => 'PE_REGISTERFORMEMPTY', + '8' => 'PE_APACHESESSIONERROR', + '80' => 'PE_REGISTERALREADYEXISTS', + '81' => 'PE_NOTOKEN', + '82' => 'PE_TOKENEXPIRED', + '83' => 'PE_U2FFAILED', + '84' => 'PE_UNAUTHORIZEDPARTNER', + '85' => 'PE_RENEWSESSION', + '86' => 'PE_WAIT', + '87' => 'PE_MUSTAUTHN', + '88' => 'PE_MUSTHAVEMAIL', + '89' => 'PE_SAML_SERVICE_NOT_ALLOWED', + '9' => 'PE_FIRSTACCESS', + '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED', + '91' => 'PE_OID_SERVICE_NOT_ALLOWED', + '92' => 'PE_GET_SERVICE_NOT_ALLOWED', + '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', + '94' => 'PE_ISSUERMISSINGREQATTR', + '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', + '96' => 'PE_BADOTP', + '97' => 'PE_RESETCERTIFICATE_INVALID', + '98' => 'PE_RESETCERTIFICATE_FORMEMPTY', + '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS' + }; } # EXPORTER PARAMETERS -our @EXPORT_OK = ( 'portalConsts', 'HANDLER', 'URIRE', 'PE_IDPCHOICE', 'PE_SENDRESPONSE', 'PE_INFO', 'PE_REDIRECT', 'PE_DONE', 'PE_OK', 'PE_SESSIONEXPIRED', 'PE_FORMEMPTY', 'PE_WRONGMANAGERACCOUNT', 'PE_USERNOTFOUND', 'PE_BADCREDENTIALS', 'PE_LDAPCONNECTFAILED', 'PE_LDAPERROR', 'PE_APACHESESSIONERROR', 'PE_FIRSTACCESS', 'PE_BADCERTIFICATE', 'PE_NO_PASSWORD_BE', 'PE_PP_ACCOUNT_LOCKED', 'PE_PP_PASSWORD_EXPIRED', 'PE_CERTIFICATEREQUIRED', 'PE_ERROR', 'PE_PP_CHANGE_AFTER_RESET', 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', 'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_PASSWORD_TOO_YOUNG', 'PE_PP_PASSWORD_IN_HISTORY', 'PE_PP_GRACE', 'PE_PP_EXP_WARNING', 'PE_PASSWORD_MISMATCH', 'PE_PASSWORD_OK', 'PE_NOTIFICATION', 'PE_BADURL', 'PE_NOSCHEME', 'PE_BADOLDPASSWORD', 'PE_MALFORMEDUSER', 'PE_SESSIONNOTGRANTED', 'PE_CONFIRM', 'PE_MAILFORMEMPTY', 'PE_BADMAILTOKEN', 'PE_MAILERROR', 'PE_MAILOK', 'PE_LOGOUT_OK', 'PE_SAML_ERROR', 'PE_SAML_LOAD_SERVICE_ERROR', 'PE_SAML_LOAD_IDP_ERROR', 'PE_SAML_SSO_ERROR', 'PE_SAML_UNKNOWN_ENTITY', 'PE_SAML_DESTINATION_ERROR', 'PE_SAML_CONDITIONS_ERROR', 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', 'PE_SAML_SLO_ERROR', 'PE_SAML_SIGNATURE_ERROR', 'PE_SAML_ART_ERROR', 'PE_SAML_SESSION_ERROR', 'PE_SAML_LOAD_SP_ERROR', 'PE_SAML_ATTR_ERROR', 'PE_OPENID_EMPTY', 'PE_OPENID_BADID', 'PE_MISSINGREQATTR', 'PE_BADPARTNER', 'PE_MAILCONFIRMATION_ALREADY_SENT', 'PE_PASSWORDFORMEMPTY', 'PE_CAS_SERVICE_NOT_ALLOWED', 'PE_MAILFIRSTACCESS', 'PE_MAILNOTFOUND', 'PE_PASSWORDFIRSTACCESS', 'PE_MAILCONFIRMOK', 'PE_RADIUSCONNECTFAILED', 'PE_MUST_SUPPLY_OLD_PASSWORD', 'PE_FORBIDDENIP', 'PE_CAPTCHAERROR', 'PE_CAPTCHAEMPTY', 'PE_REGISTERFIRSTACCESS', 'PE_REGISTERFORMEMPTY', 'PE_REGISTERALREADYEXISTS', 'PE_NOTOKEN', 'PE_TOKENEXPIRED', 'PE_U2FFAILED', 'PE_UNAUTHORIZEDPARTNER', 'PE_RENEWSESSION', 'PE_WAIT', 'PE_MUSTAUTHN', 'PE_MUSTHAVEMAIL', 'PE_SAML_SERVICE_NOT_ALLOWED', 'PE_OIDC_SERVICE_NOT_ALLOWED', 'PE_OID_SERVICE_NOT_ALLOWED', 'PE_GET_SERVICE_NOT_ALLOWED', 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', 'PE_ISSUERMISSINGREQATTR', 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', 'PE_BADOTP', 'PE_RESETCERTIFICATE_INVALID', 'PE_RESETCERTIFICATE_FORMEMPTY', 'PE_RESETCERTIFICATE_FIRSTACCESS', 'PE_PP_NOT_ALLOWED_CHARACTER', 'PE_PP_NOT_ALLOWED_CHARACTERS', 'PE_UPGRADESESSION', 'PE_NO_SECOND_FACTORS', 'PE_BAD_DEVOPS_FILE', 'PE_FILENOTFOUND', 'PE_OIDC_AUTH_ERROR' ); +our @EXPORT_OK = ( + 'portalConsts', + 'HANDLER', + 'URIRE', + 'PE_IDPCHOICE', + 'PE_SENDRESPONSE', + 'PE_INFO', + 'PE_REDIRECT', + 'PE_DONE', + 'PE_OK', + 'PE_SESSIONEXPIRED', + 'PE_FORMEMPTY', + 'PE_WRONGMANAGERACCOUNT', + 'PE_USERNOTFOUND', + 'PE_BADCREDENTIALS', + 'PE_LDAPCONNECTFAILED', + 'PE_LDAPERROR', + 'PE_APACHESESSIONERROR', + 'PE_FIRSTACCESS', + 'PE_BADCERTIFICATE', + 'PE_NO_PASSWORD_BE', + 'PE_PP_ACCOUNT_LOCKED', + 'PE_PP_PASSWORD_EXPIRED', + 'PE_CERTIFICATEREQUIRED', + 'PE_ERROR', + 'PE_PP_CHANGE_AFTER_RESET', + 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', + 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', + 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', + 'PE_PP_PASSWORD_TOO_SHORT', + 'PE_PP_PASSWORD_TOO_YOUNG', + 'PE_PP_PASSWORD_IN_HISTORY', + 'PE_PP_GRACE', + 'PE_PP_EXP_WARNING', + 'PE_PASSWORD_MISMATCH', + 'PE_PASSWORD_OK', + 'PE_NOTIFICATION', + 'PE_BADURL', + 'PE_NOSCHEME', + 'PE_BADOLDPASSWORD', + 'PE_MALFORMEDUSER', + 'PE_SESSIONNOTGRANTED', + 'PE_CONFIRM', + 'PE_MAILFORMEMPTY', + 'PE_BADMAILTOKEN', + 'PE_MAILERROR', + 'PE_MAILOK', + 'PE_LOGOUT_OK', + 'PE_SAML_ERROR', + 'PE_SAML_LOAD_SERVICE_ERROR', + 'PE_SAML_LOAD_IDP_ERROR', + 'PE_SAML_SSO_ERROR', + 'PE_SAML_UNKNOWN_ENTITY', + 'PE_SAML_DESTINATION_ERROR', + 'PE_SAML_CONDITIONS_ERROR', + 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', + 'PE_SAML_SLO_ERROR', + 'PE_SAML_SIGNATURE_ERROR', + 'PE_SAML_ART_ERROR', + 'PE_SAML_SESSION_ERROR', + 'PE_SAML_LOAD_SP_ERROR', + 'PE_SAML_ATTR_ERROR', + 'PE_OPENID_EMPTY', + 'PE_OPENID_BADID', + 'PE_MISSINGREQATTR', + 'PE_BADPARTNER', + 'PE_MAILCONFIRMATION_ALREADY_SENT', + 'PE_PASSWORDFORMEMPTY', + 'PE_CAS_SERVICE_NOT_ALLOWED', + 'PE_MAILFIRSTACCESS', + 'PE_MAILNOTFOUND', + 'PE_PASSWORDFIRSTACCESS', + 'PE_MAILCONFIRMOK', + 'PE_RADIUSCONNECTFAILED', + 'PE_MUST_SUPPLY_OLD_PASSWORD', + 'PE_FORBIDDENIP', + 'PE_CAPTCHAERROR', + 'PE_CAPTCHAEMPTY', + 'PE_REGISTERFIRSTACCESS', + 'PE_REGISTERFORMEMPTY', + 'PE_REGISTERALREADYEXISTS', + 'PE_NOTOKEN', + 'PE_TOKENEXPIRED', + 'PE_U2FFAILED', + 'PE_UNAUTHORIZEDPARTNER', + 'PE_RENEWSESSION', + 'PE_WAIT', + 'PE_MUSTAUTHN', + 'PE_MUSTHAVEMAIL', + 'PE_SAML_SERVICE_NOT_ALLOWED', + 'PE_OIDC_SERVICE_NOT_ALLOWED', + 'PE_OID_SERVICE_NOT_ALLOWED', + 'PE_GET_SERVICE_NOT_ALLOWED', + 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', + 'PE_ISSUERMISSINGREQATTR', + 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', + 'PE_BADOTP', + 'PE_RESETCERTIFICATE_INVALID', + 'PE_RESETCERTIFICATE_FORMEMPTY', + 'PE_RESETCERTIFICATE_FIRSTACCESS', + 'PE_PP_NOT_ALLOWED_CHARACTER', + 'PE_PP_NOT_ALLOWED_CHARACTERS', + 'PE_UPGRADESESSION', + 'PE_NO_SECOND_FACTORS', + 'PE_BAD_DEVOPS_FILE', + 'PE_FILENOTFOUND', + 'PE_OIDC_AUTH_ERROR' +); our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], ); our @EXPORT = qw(import PE_OK); diff --git a/lemonldap-ng-portal/t/01-WebAuthn.t b/lemonldap-ng-portal/t/01-WebAuthn.t index 1e7d4632da..e52ba7e90b 100644 --- a/lemonldap-ng-portal/t/01-WebAuthn.t +++ b/lemonldap-ng-portal/t/01-WebAuthn.t @@ -40,7 +40,7 @@ ENDKEY ini => { logLevel => 'error', useSafeJail => 1, - webauthn2fSelfRegistration => 1, + webauthn2fSelfRegistration => 0, webauthn2fActivation => 1, webauthn2fUserCanRemoveKey => 1, } diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t b/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t index b4d12be918..0f04fd935c 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t @@ -15,7 +15,7 @@ SKIP: { my $client = LLNG::Manager::Test->new( { ini => { logLevel => 'error', - totp2fSelfRegistration => 1, + totp2fSelfRegistration => '$uid eq "dwho"', totp2fActivation => 1, totp2fTTL => 120, sfManagerRule => 0, diff --git a/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t b/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t index d07cb632ac..fcf9e38640 100644 --- a/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t +++ b/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t @@ -22,7 +22,6 @@ SKIP: { logLevel => 'error', utotp2fActivation => 1, totp2fSelfRegistration => 1, - u2fSelfRegistration => 1, u2fSelfRegistration => '$_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s', loginHistoryEnabled => 1, -- GitLab From b5fd4c732326017ee58364dbf0007aebf79d6c7e Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 22 Aug 2022 22:06:37 +0200 Subject: [PATCH 3/6] Update version (#2712) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm | 2 +- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm | 2 +- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm index aaf6ffbfa1..07819d74c6 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm @@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_SENDRESPONSE ); -our $VERSION = '2.0.10'; +our $VERSION = '2.0.15'; extends qw( Lemonldap::NG::Portal::Main::SecondFactor diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm index 110188829e..4c16ecd953 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm @@ -16,7 +16,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_BADCREDENTIALS ); -our $VERSION = '2.0.12'; +our $VERSION = '2.0.15'; extends qw( Lemonldap::NG::Portal::Main::SecondFactor diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm index f17ff22b69..6f05c72ed6 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm @@ -36,8 +36,7 @@ sub init { $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")' if $self->conf->{webauthn2fActivation} eq '1'; - return 0 - unless ( $self->SUPER::init() ); + return 0 unless $self->SUPER::init(); return 1; } -- GitLab From 02a2a4a7fd30f18f0ca9349e884daac4c5d6c1fd Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 22 Aug 2022 22:37:16 +0200 Subject: [PATCH 4/6] Do not check selfRegistration (#2712) --- .../lib/Lemonldap/NG/Portal/2F/UTOTP.pm | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm index 778f685e62..6f2dc615aa 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm @@ -6,7 +6,7 @@ use JSON qw(from_json to_json); use Lemonldap::NG::Portal::Main::Constants qw( ); -our $VERSION = '2.0.8'; +our $VERSION = '2.0.15'; extends 'Lemonldap::NG::Portal::Main::SecondFactor'; @@ -26,16 +26,9 @@ use Lemonldap::NG::Portal::Main::Constants qw( sub init { my ($self) = @_; - if ( ( - $self->conf->{totp2fSelfRegistration} - or $self->conf->{u2fSelfRegistration} - ) - and $self->conf->{utotp2fActivation} eq '1' - ) - { - $self->conf->{utotp2fActivation} = - '$_2fDevices && $_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s'; - } + $self->conf->{utotp2fActivation} = 'has2f("TOTP") or has2f("U2F")' + if ( $self->conf->{utotp2fActivation} eq '1' ); + foreach (qw(U2F TOTP)) { # Arg "noRoute" is set for sub 2F modules to avoid enabling direct -- GitLab From 58d3924803ef2903e40e20c9f15b0188da624a0d Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 24 Aug 2022 11:44:03 +0200 Subject: [PATCH 5/6] Revert tidy --- .../Lemonldap/NG/Common/Conf/DefaultValues.pm | 780 +- .../NG/Handler/Lib/StatusConstants.pm | 210 +- .../lib/Lemonldap/NG/Manager/Attributes.pm | 9281 ++++++++--------- .../lib/Lemonldap/NG/Portal/Main/Constants.pm | 524 +- 4 files changed, 5321 insertions(+), 5474 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index e25474c274..ad84b84538 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -5,406 +5,386 @@ our $VERSION = '2.0.15'; sub defaultValues { return { - 'activeTimer' => 1, - 'ADPwdExpireWarning' => 0, - 'ADPwdMaxAge' => 0, - 'apacheAuthnLevel' => 3, - 'applicationList' => { - 'default' => { - 'catname' => 'Default category', - 'type' => 'category' - } - }, - 'authChoiceParam' => 'lmAuth', - 'authentication' => 'Demo', - 'available2F' => - 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius', - 'available2FSelfRegistration' => 'TOTP,U2F,WebAuthn,Yubikey', - 'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600', - 'bruteForceProtectionMaxAge' => 300, - 'bruteForceProtectionMaxFailed' => 3, - 'bruteForceProtectionMaxLockTime' => 900, - 'bruteForceProtectionTempo' => 30, - 'captcha_mail_enabled' => 1, - 'captcha_register_enabled' => 1, - 'captcha_size' => 6, - 'casAccessControlPolicy' => 'none', - 'casAuthnLevel' => 1, - 'casTicketExpiration' => 0, - 'certificateResetByMailCeaAttribute' => 'description', - 'certificateResetByMailCertificateAttribute' => - 'userCertificate;binary', - 'certificateResetByMailURL' => - 'http://auth.example.com/certificateReset', - 'certificateResetByMailValidityDelay' => 0, - 'checkDevOpsCheckSessionAttributes' => 1, - 'checkDevOpsDisplayNormalizedHeaders' => 1, - 'checkDevOpsDownload' => 1, - 'checkTime' => 600, - 'checkUserDisplayComputedSession' => 1, - 'checkUserDisplayEmptyHeaders' => 0, - 'checkUserDisplayEmptyValues' => 0, - 'checkUserDisplayHiddenAttributes' => 0, - 'checkUserDisplayHistory' => 0, - 'checkUserDisplayNormalizedHeaders' => 0, - 'checkUserDisplayPersistentInfo' => 0, - 'checkUserHiddenAttributes' => '_loginHistory, _session_id, hGroups', - 'checkUserIdRule' => 1, - 'checkXSS' => 1, - 'confirmFormMethod' => 'post', - 'contextSwitchingIdRule' => 1, - 'contextSwitchingPrefix' => 'switching', - 'contextSwitchingRule' => 0, - 'contextSwitchingStopWithLogout' => 1, - 'cookieName' => 'lemonldap', - 'corsAllow_Credentials' => 'true', - 'corsAllow_Headers' => '*', - 'corsAllow_Methods' => 'POST,GET', - 'corsAllow_Origin' => '*', - 'corsEnabled' => 1, - 'corsExpose_Headers' => '*', - 'corsMax_Age' => '86400', - 'crowdsecAction' => 'reject', - 'cspConnect' => '\'self\'', - 'cspDefault' => '\'self\'', - 'cspFont' => '\'self\'', - 'cspFormAction' => '*', - 'cspFrameAncestors' => '', - 'cspImg' => '\'self\' data:', - 'cspScript' => '\'self\'', - 'cspStyle' => '\'self\'', - 'dbiAuthnLevel' => 2, - 'dbiExportedVars' => {}, - 'decryptValueRule' => 0, - 'demoExportedVars' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'displaySessionId' => 1, - 'domain' => 'example.com', - 'exportedVars' => { - 'UA' => 'HTTP_USER_AGENT' - }, - 'ext2fActivation' => 0, - 'ext2fCodeActivation' => '\\d{6}', - 'facebookAuthnLevel' => 1, - 'facebookExportedVars' => {}, - 'facebookUserField' => 'id', - 'failedLoginNumber' => 5, - 'findUserControl' => '^[*\\w]+$', - 'findUserWildcard' => '*', - 'formTimeout' => 120, - 'githubAuthnLevel' => 1, - 'githubScope' => 'user:email', - 'githubUserField' => 'login', - 'globalLogoutRule' => 0, - 'globalLogoutTimer' => 1, - 'globalStorage' => 'Apache::Session::File', - 'globalStorageOptions' => { - 'Directory' => '/var/lib/lemonldap-ng/sessions/', - 'generateModule' => - 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', - 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' - }, - 'gpgAuthnLevel' => 5, - 'gpgDb' => '', - 'grantSessionRules' => {}, - 'groups' => {}, - 'handlerInternalCache' => 15, - 'handlerServiceTokenTTL' => 30, - 'hiddenAttributes' => '_password, _2fDevices', - 'httpOnly' => 1, - 'https' => -1, - 'impersonationHiddenAttributes' => '_2fDevices, _loginHistory', - 'impersonationIdRule' => 1, - 'impersonationMergeSSOgroups' => 0, - 'impersonationPrefix' => 'real_', - 'impersonationRule' => 0, - 'impersonationSkipEmptyValues' => 1, - 'infoFormMethod' => 'get', - 'issuerDBCASPath' => '^/cas/', - 'issuerDBCASRule' => 1, - 'issuerDBGetParameters' => {}, - 'issuerDBGetPath' => '^/get/', - 'issuerDBGetRule' => 1, - 'issuerDBOpenIDConnectPath' => '^/oauth2/', - 'issuerDBOpenIDConnectRule' => 1, - 'issuerDBOpenIDPath' => '^/openidserver/', - 'issuerDBOpenIDRule' => 1, - 'issuerDBSAMLPath' => '^/saml/', - 'issuerDBSAMLRule' => 1, - 'issuersTimeout' => 120, - 'jsRedirect' => 0, - 'krbAuthnLevel' => 3, - 'krbRemoveDomain' => 1, - 'ldapAuthnLevel' => 2, - 'ldapBase' => 'dc=example,dc=com', - 'ldapExportedVars' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'ldapGroupAttributeName' => 'member', - 'ldapGroupAttributeNameGroup' => 'dn', - 'ldapGroupAttributeNameSearch' => 'cn', - 'ldapGroupAttributeNameUser' => 'dn', - 'ldapGroupObjectClass' => 'groupOfNames', - 'ldapIOTimeout' => 10, - 'ldapPasswordResetAttribute' => 'pwdReset', - 'ldapPasswordResetAttributeValue' => 'TRUE', - 'ldapPwdEnc' => 'utf-8', - 'ldapSearchDeref' => 'find', - 'ldapServer' => 'ldap://localhost', - 'ldapTimeout' => 10, - 'ldapUsePasswordResetAttribute' => 1, - 'ldapVerify' => 'require', - 'ldapVersion' => 3, - 'linkedInAuthnLevel' => 1, - 'linkedInFields' => 'id,first-name,last-name,email-address', - 'linkedInScope' => 'r_liteprofile r_emailaddress', - 'linkedInUserField' => 'emailAddress', - 'localSessionStorage' => 'Cache::FileCache', - 'localSessionStorageOptions' => { - 'cache_depth' => 3, - 'cache_root' => '/var/cache/lemonldap-ng', - 'default_expires_in' => 600, - 'directory_umask' => '007', - 'namespace' => 'lemonldap-ng-sessions' - }, - 'locationRules' => { - 'default' => 'deny' - }, - 'logoutServices' => {}, - 'macros' => {}, - 'mail2fActivation' => 0, - 'mail2fCodeRegex' => '\\d{6}', - 'mailCharset' => 'utf-8', - 'mailFrom' => 'noreply@example.com', - 'mailSessionKey' => 'mail', - 'mailTimeout' => 0, - 'mailUrl' => 'http://auth.example.com/resetpwd', - 'managerDn' => '', - 'managerPassword' => '', - 'max2FDevices' => 10, - 'max2FDevicesNameLength' => 20, - 'multiValuesSeparator' => '; ', - 'mySessionAuthorizedRWKeys' => - [ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ], - 'newLocationWarningLocationAttribute' => 'ipAddr', - 'newLocationWarningLocationDisplayAttribute' => '', - 'newLocationWarningMaxValues' => '0', - 'notificationDefaultCond' => '', - 'notificationServerPOST' => 1, - 'notificationServerSentAttributes' => - 'uid reference date title subtitle text check', - 'notificationsMaxRetrieve' => 3, - 'notificationStorage' => 'File', - 'notificationStorageOptions' => { - 'dirName' => '/var/lib/lemonldap-ng/notifications' - }, - 'notificationWildcard' => 'allusers', - 'notifyDeleted' => 1, - 'nullAuthnLevel' => 0, - 'oidcAuthnLevel' => 1, - 'oidcRPCallbackGetParam' => 'openidconnectcallback', - 'oidcRPStateTimeout' => 600, - 'oidcServiceAccessTokenExpiration' => 3600, - 'oidcServiceAllowAuthorizationCodeFlow' => 1, - 'oidcServiceAuthorizationCodeExpiration' => 60, - 'oidcServiceIDTokenExpiration' => 3600, - 'oidcServiceMetaDataAuthnContext' => { - 'loa-1' => 1, - 'loa-2' => 2, - 'loa-3' => 3, - 'loa-4' => 4, - 'loa-5' => 5 - }, - 'oidcServiceMetaDataAuthorizeURI' => 'authorize', - 'oidcServiceMetaDataBackChannelURI' => 'blogout', - 'oidcServiceMetaDataCheckSessionURI' => 'checksession.html', - 'oidcServiceMetaDataEndSessionURI' => 'logout', - 'oidcServiceMetaDataFrontChannelURI' => 'flogout', - 'oidcServiceMetaDataIntrospectionURI' => 'introspect', - 'oidcServiceMetaDataJWKSURI' => 'jwks', - 'oidcServiceMetaDataRegistrationURI' => 'register', - 'oidcServiceMetaDataTokenURI' => 'token', - 'oidcServiceMetaDataUserInfoURI' => 'userinfo', - 'oidcServiceOfflineSessionExpiration' => 2592000, - 'openIdAuthnLevel' => 1, - 'openIdExportedVars' => {}, - 'openIdIDPList' => '0;', - 'openIdSPList' => '0;', - 'openIdSreg_email' => 'mail', - 'openIdSreg_fullname' => 'cn', - 'openIdSreg_nickname' => 'uid', - 'openIdSreg_timezone' => '_timezone', - 'pamAuthnLevel' => 2, - 'pamService' => 'login', - 'passwordDB' => 'Demo', - 'passwordPolicyActivation' => 1, - 'passwordPolicyMinDigit' => 0, - 'passwordPolicyMinLower' => 0, - 'passwordPolicyMinSize' => 0, - 'passwordPolicyMinSpeChar' => 0, - 'passwordPolicyMinUpper' => 0, - 'passwordPolicySpecialChar' => '__ALL__', - 'passwordResetAllowedRetries' => 3, - 'persistentSessionAttributes' => - '_loginHistory _2fDevices notification_', - 'port' => -1, - 'portal' => 'http://auth.example.com/', - 'portalAntiFrame' => 1, - 'portalCheckLogins' => 1, - 'portalDisplayAppslist' => 1, - 'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/', - 'portalDisplayGeneratePassword' => 1, - 'portalDisplayLoginHistory' => 1, - 'portalDisplayLogout' => 1, - 'portalDisplayOidcConsents' => - '$_oidcConsents && $_oidcConsents =~ /\\w+/', - 'portalDisplayRefreshMyRights' => 1, - 'portalDisplayRegister' => 1, - 'portalErrorOnExpiredSession' => 1, - 'portalFavicon' => 'common/favicon.ico', - 'portalForceAuthnInterval' => 5, - 'portalMainLogo' => 'common/logos/logo_llng_400px.png', - 'portalPingInterval' => 60000, - 'portalRequireOldPassword' => 1, - 'portalSkin' => 'bootstrap', - 'portalUserAttr' => '_user', - 'proxyAuthnLevel' => 2, - 'proxyAuthServiceChoiceParam' => 'lmAuth', - 'radius2fActivation' => 0, - 'radius2fTimeout' => 20, - 'radiusAuthnLevel' => 3, - 'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}', - 'redirectFormMethod' => 'get', - 'registerDB' => 'Null', - 'registerTimeout' => 0, - 'registerUrl' => 'http://auth.example.com/register', - 'reloadTimeout' => 5, - 'rememberAuthChoiceRule' => 0, - 'rememberCookieName' => 'llngrememberauthchoice', - 'rememberCookieTimeout' => 31536000, - 'rememberTimer' => 5, - 'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP', - 'remoteGlobalStorageOptions' => { - 'ns' => - 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', - 'proxy' => 'http://auth.example.com/sessions' - }, - 'requireToken' => 1, - 'rest2fActivation' => 0, - 'restAuthnLevel' => 2, - 'restClockTolerance' => 15, - 'sameSite' => '', - 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => - 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', - 'samlAuthnContextMapKerberos' => 4, - 'samlAuthnContextMapPassword' => 2, - 'samlAuthnContextMapPasswordProtectedTransport' => 3, - 'samlAuthnContextMapTLSClient' => 5, - 'samlEntityID' => '#PORTAL#/saml/metadata', - 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => -'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => -'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', - 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', - 'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1, - 'samlMetadataForceUTF8' => 1, - 'samlNameIDFormatMapEmail' => 'mail', - 'samlNameIDFormatMapKerberos' => 'uid', - 'samlNameIDFormatMapWindows' => 'uid', - 'samlNameIDFormatMapX509' => 'mail', - 'samlOrganizationDisplayName' => 'Example', - 'samlOrganizationName' => 'Example', - 'samlOrganizationURL' => 'http://www.example.com', - 'samlOverrideIDPEntityID' => '', - 'samlRelayStateTimeout' => 600, - 'samlServiceSignatureMethod' => 'RSA_SHA256', - 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => -'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => -'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', - 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => -'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', - 'samlSPSSODescriptorAuthnRequestsSigned' => 1, - 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'samlSPSSODescriptorSingleLogoutServiceSOAP' => -'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', - 'samlSPSSODescriptorWantAssertionsSigned' => 1, - 'scrollTop' => 400, - 'securedCookie' => 0, - 'sfEngine' => '::2F::Engines::Default', - 'sfManagerRule' => 1, - 'sfRemovedMsgRule' => 0, - 'sfRemovedNotifMsg' => -'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', - 'sfRemovedNotifRef' => 'RemoveSF', - 'sfRemovedNotifTitle' => 'Second factor notification', - 'sfRequired' => 0, - 'showLanguages' => 1, - 'singleIP' => 0, - 'singleSession' => 0, - 'singleUserByIP' => 0, - 'slaveAuthnLevel' => 2, - 'slaveExportedVars' => {}, - 'SMTPServer' => '', - 'SMTPTLS' => '', - 'soapProxyUrn' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService', - 'SSLAuthnLevel' => 5, - 'SSLVar' => 'SSL_CLIENT_S_DN_Email', - 'SSLVarIf' => {}, - 'stayConnected' => 0, - 'stayConnectedCookieName' => 'llngconnection', - 'stayConnectedTimeout' => 2592000, - 'successLoginNumber' => 5, - 'timeout' => 72000, - 'timeoutActivity' => 0, - 'timeoutActivityInterval' => 60, - 'totp2fActivation' => 0, - 'totp2fDigits' => 6, - 'totp2fInterval' => 30, - 'totp2fRange' => 1, - 'totp2fSelfRegistration' => 0, - 'totp2fUserCanRemoveKey' => 1, - 'twitterAuthnLevel' => 1, - 'twitterUserField' => 'screen_name', - 'u2fActivation' => 0, - 'u2fSelfRegistration' => 0, - 'u2fUserCanRemoveKey' => 1, - 'upgradeSession' => 1, - 'userControl' => '^[\\w\\.\\-@]+$', - 'userDB' => 'Same', - 'useRedirectOnError' => 1, - 'useSafeJail' => 1, - 'utotp2fActivation' => 0, - 'viewerHiddenKeys' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes', - 'webauthn2fActivation' => 0, - 'webauthn2fSelfRegistration' => 0, - 'webauthn2fUserCanRemoveKey' => 1, - 'webauthn2fUserVerification' => 'preferred', - 'webIDAuthnLevel' => 1, - 'webIDExportedVars' => {}, - 'whatToTrace' => 'uid', - 'yubikey2fActivation' => 0, - 'yubikey2fPublicIDSize' => 12, - 'yubikey2fSelfRegistration' => 0, - 'yubikey2fUserCanRemoveKey' => 1 - }; + 'activeTimer' => 1, + 'ADPwdExpireWarning' => 0, + 'ADPwdMaxAge' => 0, + 'apacheAuthnLevel' => 3, + 'applicationList' => { + 'default' => { + 'catname' => 'Default category', + 'type' => 'category' + } + }, + 'authChoiceParam' => 'lmAuth', + 'authentication' => 'Demo', + 'available2F' => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius', + 'available2FSelfRegistration' => 'TOTP,U2F,WebAuthn,Yubikey', + 'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600', + 'bruteForceProtectionMaxAge' => 300, + 'bruteForceProtectionMaxFailed' => 3, + 'bruteForceProtectionMaxLockTime' => 900, + 'bruteForceProtectionTempo' => 30, + 'captcha_mail_enabled' => 1, + 'captcha_register_enabled' => 1, + 'captcha_size' => 6, + 'casAccessControlPolicy' => 'none', + 'casAuthnLevel' => 1, + 'casTicketExpiration' => 0, + 'certificateResetByMailCeaAttribute' => 'description', + 'certificateResetByMailCertificateAttribute' => 'userCertificate;binary', + 'certificateResetByMailURL' => 'http://auth.example.com/certificateReset', + 'certificateResetByMailValidityDelay' => 0, + 'checkDevOpsCheckSessionAttributes' => 1, + 'checkDevOpsDisplayNormalizedHeaders' => 1, + 'checkDevOpsDownload' => 1, + 'checkTime' => 600, + 'checkUserDisplayComputedSession' => 1, + 'checkUserDisplayEmptyHeaders' => 0, + 'checkUserDisplayEmptyValues' => 0, + 'checkUserDisplayHiddenAttributes' => 0, + 'checkUserDisplayHistory' => 0, + 'checkUserDisplayNormalizedHeaders' => 0, + 'checkUserDisplayPersistentInfo' => 0, + 'checkUserHiddenAttributes' => '_loginHistory, _session_id, hGroups', + 'checkUserIdRule' => 1, + 'checkXSS' => 1, + 'confirmFormMethod' => 'post', + 'contextSwitchingIdRule' => 1, + 'contextSwitchingPrefix' => 'switching', + 'contextSwitchingRule' => 0, + 'contextSwitchingStopWithLogout' => 1, + 'cookieName' => 'lemonldap', + 'corsAllow_Credentials' => 'true', + 'corsAllow_Headers' => '*', + 'corsAllow_Methods' => 'POST,GET', + 'corsAllow_Origin' => '*', + 'corsEnabled' => 1, + 'corsExpose_Headers' => '*', + 'corsMax_Age' => '86400', + 'crowdsecAction' => 'reject', + 'cspConnect' => '\'self\'', + 'cspDefault' => '\'self\'', + 'cspFont' => '\'self\'', + 'cspFormAction' => '*', + 'cspFrameAncestors' => '', + 'cspImg' => '\'self\' data:', + 'cspScript' => '\'self\'', + 'cspStyle' => '\'self\'', + 'dbiAuthnLevel' => 2, + 'dbiExportedVars' => {}, + 'decryptValueRule' => 0, + 'demoExportedVars' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'displaySessionId' => 1, + 'domain' => 'example.com', + 'exportedVars' => { + 'UA' => 'HTTP_USER_AGENT' + }, + 'ext2fActivation' => 0, + 'ext2fCodeActivation' => '\\d{6}', + 'facebookAuthnLevel' => 1, + 'facebookExportedVars' => {}, + 'facebookUserField' => 'id', + 'failedLoginNumber' => 5, + 'findUserControl' => '^[*\\w]+$', + 'findUserWildcard' => '*', + 'formTimeout' => 120, + 'githubAuthnLevel' => 1, + 'githubScope' => 'user:email', + 'githubUserField' => 'login', + 'globalLogoutRule' => 0, + 'globalLogoutTimer' => 1, + 'globalStorage' => 'Apache::Session::File', + 'globalStorageOptions' => { + 'Directory' => '/var/lib/lemonldap-ng/sessions/', + 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', + 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' + }, + 'gpgAuthnLevel' => 5, + 'gpgDb' => '', + 'grantSessionRules' => {}, + 'groups' => {}, + 'handlerInternalCache' => 15, + 'handlerServiceTokenTTL' => 30, + 'hiddenAttributes' => '_password, _2fDevices', + 'httpOnly' => 1, + 'https' => -1, + 'impersonationHiddenAttributes' => '_2fDevices, _loginHistory', + 'impersonationIdRule' => 1, + 'impersonationMergeSSOgroups' => 0, + 'impersonationPrefix' => 'real_', + 'impersonationRule' => 0, + 'impersonationSkipEmptyValues' => 1, + 'infoFormMethod' => 'get', + 'issuerDBCASPath' => '^/cas/', + 'issuerDBCASRule' => 1, + 'issuerDBGetParameters' => {}, + 'issuerDBGetPath' => '^/get/', + 'issuerDBGetRule' => 1, + 'issuerDBOpenIDConnectPath' => '^/oauth2/', + 'issuerDBOpenIDConnectRule' => 1, + 'issuerDBOpenIDPath' => '^/openidserver/', + 'issuerDBOpenIDRule' => 1, + 'issuerDBSAMLPath' => '^/saml/', + 'issuerDBSAMLRule' => 1, + 'issuersTimeout' => 120, + 'jsRedirect' => 0, + 'krbAuthnLevel' => 3, + 'krbRemoveDomain' => 1, + 'ldapAuthnLevel' => 2, + 'ldapBase' => 'dc=example,dc=com', + 'ldapExportedVars' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'ldapGroupAttributeName' => 'member', + 'ldapGroupAttributeNameGroup' => 'dn', + 'ldapGroupAttributeNameSearch' => 'cn', + 'ldapGroupAttributeNameUser' => 'dn', + 'ldapGroupObjectClass' => 'groupOfNames', + 'ldapIOTimeout' => 10, + 'ldapPasswordResetAttribute' => 'pwdReset', + 'ldapPasswordResetAttributeValue' => 'TRUE', + 'ldapPwdEnc' => 'utf-8', + 'ldapSearchDeref' => 'find', + 'ldapServer' => 'ldap://localhost', + 'ldapTimeout' => 10, + 'ldapUsePasswordResetAttribute' => 1, + 'ldapVerify' => 'require', + 'ldapVersion' => 3, + 'linkedInAuthnLevel' => 1, + 'linkedInFields' => 'id,first-name,last-name,email-address', + 'linkedInScope' => 'r_liteprofile r_emailaddress', + 'linkedInUserField' => 'emailAddress', + 'localSessionStorage' => 'Cache::FileCache', + 'localSessionStorageOptions' => { + 'cache_depth' => 3, + 'cache_root' => '/var/cache/lemonldap-ng', + 'default_expires_in' => 600, + 'directory_umask' => '007', + 'namespace' => 'lemonldap-ng-sessions' + }, + 'locationRules' => { + 'default' => 'deny' + }, + 'logoutServices' => {}, + 'macros' => {}, + 'mail2fActivation' => 0, + 'mail2fCodeRegex' => '\\d{6}', + 'mailCharset' => 'utf-8', + 'mailFrom' => 'noreply@example.com', + 'mailSessionKey' => 'mail', + 'mailTimeout' => 0, + 'mailUrl' => 'http://auth.example.com/resetpwd', + 'managerDn' => '', + 'managerPassword' => '', + 'max2FDevices' => 10, + 'max2FDevicesNameLength' => 20, + 'multiValuesSeparator' => '; ', + 'mySessionAuthorizedRWKeys' => [ + '_appsListOrder', + '_oidcConnectedRP', + '_oidcConsents' + ], + 'newLocationWarningLocationAttribute' => 'ipAddr', + 'newLocationWarningLocationDisplayAttribute' => '', + 'newLocationWarningMaxValues' => '0', + 'notificationDefaultCond' => '', + 'notificationServerPOST' => 1, + 'notificationServerSentAttributes' => 'uid reference date title subtitle text check', + 'notificationsMaxRetrieve' => 3, + 'notificationStorage' => 'File', + 'notificationStorageOptions' => { + 'dirName' => '/var/lib/lemonldap-ng/notifications' + }, + 'notificationWildcard' => 'allusers', + 'notifyDeleted' => 1, + 'nullAuthnLevel' => 0, + 'oidcAuthnLevel' => 1, + 'oidcRPCallbackGetParam' => 'openidconnectcallback', + 'oidcRPStateTimeout' => 600, + 'oidcServiceAccessTokenExpiration' => 3600, + 'oidcServiceAllowAuthorizationCodeFlow' => 1, + 'oidcServiceAuthorizationCodeExpiration' => 60, + 'oidcServiceIDTokenExpiration' => 3600, + 'oidcServiceMetaDataAuthnContext' => { + 'loa-1' => 1, + 'loa-2' => 2, + 'loa-3' => 3, + 'loa-4' => 4, + 'loa-5' => 5 + }, + 'oidcServiceMetaDataAuthorizeURI' => 'authorize', + 'oidcServiceMetaDataBackChannelURI' => 'blogout', + 'oidcServiceMetaDataCheckSessionURI' => 'checksession.html', + 'oidcServiceMetaDataEndSessionURI' => 'logout', + 'oidcServiceMetaDataFrontChannelURI' => 'flogout', + 'oidcServiceMetaDataIntrospectionURI' => 'introspect', + 'oidcServiceMetaDataJWKSURI' => 'jwks', + 'oidcServiceMetaDataRegistrationURI' => 'register', + 'oidcServiceMetaDataTokenURI' => 'token', + 'oidcServiceMetaDataUserInfoURI' => 'userinfo', + 'oidcServiceOfflineSessionExpiration' => 2592000, + 'openIdAuthnLevel' => 1, + 'openIdExportedVars' => {}, + 'openIdIDPList' => '0;', + 'openIdSPList' => '0;', + 'openIdSreg_email' => 'mail', + 'openIdSreg_fullname' => 'cn', + 'openIdSreg_nickname' => 'uid', + 'openIdSreg_timezone' => '_timezone', + 'pamAuthnLevel' => 2, + 'pamService' => 'login', + 'passwordDB' => 'Demo', + 'passwordPolicyActivation' => 1, + 'passwordPolicyMinDigit' => 0, + 'passwordPolicyMinLower' => 0, + 'passwordPolicyMinSize' => 0, + 'passwordPolicyMinSpeChar' => 0, + 'passwordPolicyMinUpper' => 0, + 'passwordPolicySpecialChar' => '__ALL__', + 'passwordResetAllowedRetries' => 3, + 'persistentSessionAttributes' => '_loginHistory _2fDevices notification_', + 'port' => -1, + 'portal' => 'http://auth.example.com/', + 'portalAntiFrame' => 1, + 'portalCheckLogins' => 1, + 'portalDisplayAppslist' => 1, + 'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/', + 'portalDisplayGeneratePassword' => 1, + 'portalDisplayLoginHistory' => 1, + 'portalDisplayLogout' => 1, + 'portalDisplayOidcConsents' => '$_oidcConsents && $_oidcConsents =~ /\\w+/', + 'portalDisplayRefreshMyRights' => 1, + 'portalDisplayRegister' => 1, + 'portalErrorOnExpiredSession' => 1, + 'portalFavicon' => 'common/favicon.ico', + 'portalForceAuthnInterval' => 5, + 'portalMainLogo' => 'common/logos/logo_llng_400px.png', + 'portalPingInterval' => 60000, + 'portalRequireOldPassword' => 1, + 'portalSkin' => 'bootstrap', + 'portalUserAttr' => '_user', + 'proxyAuthnLevel' => 2, + 'proxyAuthServiceChoiceParam' => 'lmAuth', + 'radius2fActivation' => 0, + 'radius2fTimeout' => 20, + 'radiusAuthnLevel' => 3, + 'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}', + 'redirectFormMethod' => 'get', + 'registerDB' => 'Null', + 'registerTimeout' => 0, + 'registerUrl' => 'http://auth.example.com/register', + 'reloadTimeout' => 5, + 'rememberAuthChoiceRule' => 0, + 'rememberCookieName' => 'llngrememberauthchoice', + 'rememberCookieTimeout' => 31536000, + 'rememberTimer' => 5, + 'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP', + 'remoteGlobalStorageOptions' => { + 'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', + 'proxy' => 'http://auth.example.com/sessions' + }, + 'requireToken' => 1, + 'rest2fActivation' => 0, + 'restAuthnLevel' => 2, + 'restClockTolerance' => 15, + 'sameSite' => '', + 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', + 'samlAuthnContextMapKerberos' => 4, + 'samlAuthnContextMapPassword' => 2, + 'samlAuthnContextMapPasswordProtectedTransport' => 3, + 'samlAuthnContextMapTLSClient' => 5, + 'samlEntityID' => '#PORTAL#/saml/metadata', + 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', + 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', + 'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1, + 'samlMetadataForceUTF8' => 1, + 'samlNameIDFormatMapEmail' => 'mail', + 'samlNameIDFormatMapKerberos' => 'uid', + 'samlNameIDFormatMapWindows' => 'uid', + 'samlNameIDFormatMapX509' => 'mail', + 'samlOrganizationDisplayName' => 'Example', + 'samlOrganizationName' => 'Example', + 'samlOrganizationURL' => 'http://www.example.com', + 'samlOverrideIDPEntityID' => '', + 'samlRelayStateTimeout' => 600, + 'samlServiceSignatureMethod' => 'RSA_SHA256', + 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', + 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', + 'samlSPSSODescriptorAuthnRequestsSigned' => 1, + 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'samlSPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', + 'samlSPSSODescriptorWantAssertionsSigned' => 1, + 'scrollTop' => 400, + 'securedCookie' => 0, + 'sfEngine' => '::2F::Engines::Default', + 'sfManagerRule' => 1, + 'sfRemovedMsgRule' => 0, + 'sfRemovedNotifMsg' => '_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', + 'sfRemovedNotifRef' => 'RemoveSF', + 'sfRemovedNotifTitle' => 'Second factor notification', + 'sfRequired' => 0, + 'showLanguages' => 1, + 'singleIP' => 0, + 'singleSession' => 0, + 'singleUserByIP' => 0, + 'slaveAuthnLevel' => 2, + 'slaveExportedVars' => {}, + 'SMTPServer' => '', + 'SMTPTLS' => '', + 'soapProxyUrn' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService', + 'SSLAuthnLevel' => 5, + 'SSLVar' => 'SSL_CLIENT_S_DN_Email', + 'SSLVarIf' => {}, + 'stayConnected' => 0, + 'stayConnectedCookieName' => 'llngconnection', + 'stayConnectedTimeout' => 2592000, + 'successLoginNumber' => 5, + 'timeout' => 72000, + 'timeoutActivity' => 0, + 'timeoutActivityInterval' => 60, + 'totp2fActivation' => 0, + 'totp2fDigits' => 6, + 'totp2fInterval' => 30, + 'totp2fRange' => 1, + 'totp2fSelfRegistration' => 0, + 'totp2fUserCanRemoveKey' => 1, + 'twitterAuthnLevel' => 1, + 'twitterUserField' => 'screen_name', + 'u2fActivation' => 0, + 'u2fSelfRegistration' => 0, + 'u2fUserCanRemoveKey' => 1, + 'upgradeSession' => 1, + 'userControl' => '^[\\w\\.\\-@]+$', + 'userDB' => 'Same', + 'useRedirectOnError' => 1, + 'useSafeJail' => 1, + 'utotp2fActivation' => 0, + 'viewerHiddenKeys' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes', + 'webauthn2fActivation' => 0, + 'webauthn2fSelfRegistration' => 0, + 'webauthn2fUserCanRemoveKey' => 1, + 'webauthn2fUserVerification' => 'preferred', + 'webIDAuthnLevel' => 1, + 'webIDExportedVars' => {}, + 'whatToTrace' => 'uid', + 'yubikey2fActivation' => 0, + 'yubikey2fPublicIDSize' => 12, + 'yubikey2fSelfRegistration' => 0, + 'yubikey2fUserCanRemoveKey' => 1 + }; } 1; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm index 3d9a7a172a..1e037d0213 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm @@ -8,115 +8,115 @@ our $VERSION = '2.0.15'; sub portalConsts { return { - '-1' => 'PE_DONE', - '-2' => 'PE_REDIRECT', - '-3' => 'PE_INFO', - '-4' => 'PE_SENDRESPONSE', - '-5' => 'PE_IDPCHOICE', - '0' => 'PE_OK', - '1' => 'PE_SESSIONEXPIRED', - '10' => 'PE_BADCERTIFICATE', - '100' => 'PE_PP_NOT_ALLOWED_CHARACTER', - '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS', - '102' => 'PE_UPGRADESESSION', - '103' => 'PE_NO_SECOND_FACTORS', - '104' => 'PE_BAD_DEVOPS_FILE', - '105' => 'PE_FILENOTFOUND', - '106' => 'PE_OIDC_AUTH_ERROR', - '2' => 'PE_FORMEMPTY', - '20' => 'PE_NO_PASSWORD_BE', - '21' => 'PE_PP_ACCOUNT_LOCKED', - '22' => 'PE_PP_PASSWORD_EXPIRED', - '23' => 'PE_CERTIFICATEREQUIRED', - '24' => 'PE_ERROR', - '25' => 'PE_PP_CHANGE_AFTER_RESET', - '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', - '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', - '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', - '29' => 'PE_PP_PASSWORD_TOO_SHORT', - '3' => 'PE_WRONGMANAGERACCOUNT', - '30' => 'PE_PP_PASSWORD_TOO_YOUNG', - '31' => 'PE_PP_PASSWORD_IN_HISTORY', - '32' => 'PE_PP_GRACE', - '33' => 'PE_PP_EXP_WARNING', - '34' => 'PE_PASSWORD_MISMATCH', - '35' => 'PE_PASSWORD_OK', - '36' => 'PE_NOTIFICATION', - '37' => 'PE_BADURL', - '38' => 'PE_NOSCHEME', - '39' => 'PE_BADOLDPASSWORD', - '4' => 'PE_USERNOTFOUND', - '40' => 'PE_MALFORMEDUSER', - '41' => 'PE_SESSIONNOTGRANTED', - '42' => 'PE_CONFIRM', - '43' => 'PE_MAILFORMEMPTY', - '44' => 'PE_BADMAILTOKEN', - '45' => 'PE_MAILERROR', - '46' => 'PE_MAILOK', - '47' => 'PE_LOGOUT_OK', - '48' => 'PE_SAML_ERROR', - '49' => 'PE_SAML_LOAD_SERVICE_ERROR', - '5' => 'PE_BADCREDENTIALS', - '50' => 'PE_SAML_LOAD_IDP_ERROR', - '51' => 'PE_SAML_SSO_ERROR', - '52' => 'PE_SAML_UNKNOWN_ENTITY', - '53' => 'PE_SAML_DESTINATION_ERROR', - '54' => 'PE_SAML_CONDITIONS_ERROR', - '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', - '56' => 'PE_SAML_SLO_ERROR', - '57' => 'PE_SAML_SIGNATURE_ERROR', - '58' => 'PE_SAML_ART_ERROR', - '59' => 'PE_SAML_SESSION_ERROR', - '6' => 'PE_LDAPCONNECTFAILED', - '60' => 'PE_SAML_LOAD_SP_ERROR', - '61' => 'PE_SAML_ATTR_ERROR', - '62' => 'PE_OPENID_EMPTY', - '63' => 'PE_OPENID_BADID', - '64' => 'PE_MISSINGREQATTR', - '65' => 'PE_BADPARTNER', - '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT', - '67' => 'PE_PASSWORDFORMEMPTY', - '68' => 'PE_CAS_SERVICE_NOT_ALLOWED', - '69' => 'PE_MAILFIRSTACCESS', - '7' => 'PE_LDAPERROR', - '70' => 'PE_MAILNOTFOUND', - '71' => 'PE_PASSWORDFIRSTACCESS', - '72' => 'PE_MAILCONFIRMOK', - '73' => 'PE_RADIUSCONNECTFAILED', - '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD', - '75' => 'PE_FORBIDDENIP', - '76' => 'PE_CAPTCHAERROR', - '77' => 'PE_CAPTCHAEMPTY', - '78' => 'PE_REGISTERFIRSTACCESS', - '79' => 'PE_REGISTERFORMEMPTY', - '8' => 'PE_APACHESESSIONERROR', - '80' => 'PE_REGISTERALREADYEXISTS', - '81' => 'PE_NOTOKEN', - '82' => 'PE_TOKENEXPIRED', - '83' => 'PE_U2FFAILED', - '84' => 'PE_UNAUTHORIZEDPARTNER', - '85' => 'PE_RENEWSESSION', - '86' => 'PE_WAIT', - '87' => 'PE_MUSTAUTHN', - '88' => 'PE_MUSTHAVEMAIL', - '89' => 'PE_SAML_SERVICE_NOT_ALLOWED', - '9' => 'PE_FIRSTACCESS', - '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED', - '91' => 'PE_OID_SERVICE_NOT_ALLOWED', - '92' => 'PE_GET_SERVICE_NOT_ALLOWED', - '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', - '94' => 'PE_ISSUERMISSINGREQATTR', - '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', - '96' => 'PE_BADOTP', - '97' => 'PE_RESETCERTIFICATE_INVALID', - '98' => 'PE_RESETCERTIFICATE_FORMEMPTY', - '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS' - }; + '-1' => 'PE_DONE', + '-2' => 'PE_REDIRECT', + '-3' => 'PE_INFO', + '-4' => 'PE_SENDRESPONSE', + '-5' => 'PE_IDPCHOICE', + '0' => 'PE_OK', + '1' => 'PE_SESSIONEXPIRED', + '10' => 'PE_BADCERTIFICATE', + '100' => 'PE_PP_NOT_ALLOWED_CHARACTER', + '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS', + '102' => 'PE_UPGRADESESSION', + '103' => 'PE_NO_SECOND_FACTORS', + '104' => 'PE_BAD_DEVOPS_FILE', + '105' => 'PE_FILENOTFOUND', + '106' => 'PE_OIDC_AUTH_ERROR', + '2' => 'PE_FORMEMPTY', + '20' => 'PE_NO_PASSWORD_BE', + '21' => 'PE_PP_ACCOUNT_LOCKED', + '22' => 'PE_PP_PASSWORD_EXPIRED', + '23' => 'PE_CERTIFICATEREQUIRED', + '24' => 'PE_ERROR', + '25' => 'PE_PP_CHANGE_AFTER_RESET', + '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', + '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', + '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', + '29' => 'PE_PP_PASSWORD_TOO_SHORT', + '3' => 'PE_WRONGMANAGERACCOUNT', + '30' => 'PE_PP_PASSWORD_TOO_YOUNG', + '31' => 'PE_PP_PASSWORD_IN_HISTORY', + '32' => 'PE_PP_GRACE', + '33' => 'PE_PP_EXP_WARNING', + '34' => 'PE_PASSWORD_MISMATCH', + '35' => 'PE_PASSWORD_OK', + '36' => 'PE_NOTIFICATION', + '37' => 'PE_BADURL', + '38' => 'PE_NOSCHEME', + '39' => 'PE_BADOLDPASSWORD', + '4' => 'PE_USERNOTFOUND', + '40' => 'PE_MALFORMEDUSER', + '41' => 'PE_SESSIONNOTGRANTED', + '42' => 'PE_CONFIRM', + '43' => 'PE_MAILFORMEMPTY', + '44' => 'PE_BADMAILTOKEN', + '45' => 'PE_MAILERROR', + '46' => 'PE_MAILOK', + '47' => 'PE_LOGOUT_OK', + '48' => 'PE_SAML_ERROR', + '49' => 'PE_SAML_LOAD_SERVICE_ERROR', + '5' => 'PE_BADCREDENTIALS', + '50' => 'PE_SAML_LOAD_IDP_ERROR', + '51' => 'PE_SAML_SSO_ERROR', + '52' => 'PE_SAML_UNKNOWN_ENTITY', + '53' => 'PE_SAML_DESTINATION_ERROR', + '54' => 'PE_SAML_CONDITIONS_ERROR', + '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', + '56' => 'PE_SAML_SLO_ERROR', + '57' => 'PE_SAML_SIGNATURE_ERROR', + '58' => 'PE_SAML_ART_ERROR', + '59' => 'PE_SAML_SESSION_ERROR', + '6' => 'PE_LDAPCONNECTFAILED', + '60' => 'PE_SAML_LOAD_SP_ERROR', + '61' => 'PE_SAML_ATTR_ERROR', + '62' => 'PE_OPENID_EMPTY', + '63' => 'PE_OPENID_BADID', + '64' => 'PE_MISSINGREQATTR', + '65' => 'PE_BADPARTNER', + '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT', + '67' => 'PE_PASSWORDFORMEMPTY', + '68' => 'PE_CAS_SERVICE_NOT_ALLOWED', + '69' => 'PE_MAILFIRSTACCESS', + '7' => 'PE_LDAPERROR', + '70' => 'PE_MAILNOTFOUND', + '71' => 'PE_PASSWORDFIRSTACCESS', + '72' => 'PE_MAILCONFIRMOK', + '73' => 'PE_RADIUSCONNECTFAILED', + '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD', + '75' => 'PE_FORBIDDENIP', + '76' => 'PE_CAPTCHAERROR', + '77' => 'PE_CAPTCHAEMPTY', + '78' => 'PE_REGISTERFIRSTACCESS', + '79' => 'PE_REGISTERFORMEMPTY', + '8' => 'PE_APACHESESSIONERROR', + '80' => 'PE_REGISTERALREADYEXISTS', + '81' => 'PE_NOTOKEN', + '82' => 'PE_TOKENEXPIRED', + '83' => 'PE_U2FFAILED', + '84' => 'PE_UNAUTHORIZEDPARTNER', + '85' => 'PE_RENEWSESSION', + '86' => 'PE_WAIT', + '87' => 'PE_MUSTAUTHN', + '88' => 'PE_MUSTHAVEMAIL', + '89' => 'PE_SAML_SERVICE_NOT_ALLOWED', + '9' => 'PE_FIRSTACCESS', + '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED', + '91' => 'PE_OID_SERVICE_NOT_ALLOWED', + '92' => 'PE_GET_SERVICE_NOT_ALLOWED', + '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', + '94' => 'PE_ISSUERMISSINGREQATTR', + '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', + '96' => 'PE_BADOTP', + '97' => 'PE_RESETCERTIFICATE_INVALID', + '98' => 'PE_RESETCERTIFICATE_FORMEMPTY', + '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS' + }; } # EXPORTER PARAMETERS -our @EXPORT_OK = ('portalConsts'); +our @EXPORT_OK = ( 'portalConsts' ); our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], ); 1; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index b380cad505..b1304c8b54 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -4,4669 +4,4644 @@ package Lemonldap::NG::Manager::Attributes; our $VERSION = '2.0.15'; sub perlExpr { - my ( $val, $conf ) = @_; - my $cpt = 'Safe'->new; - $cpt->share_from( 'MIME::Base64', ['&encode_base64'] ); - $cpt->share_from( - 'Lemonldap::NG::Handler::Main::Jail', - [ - '&encrypt', '&token', - @Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions - ] - ); - $cpt->share_from( 'Lemonldap::NG::Common::Safelib', - $Lemonldap::NG::Common::Safelib::functions ); - $cpt->reval("BEGIN { 'warnings'->unimport; } $val"); - my $err = join( - '', - grep( { $_ =~ /(?:Undefined subroutine|Devel::StackTrace)/ ? () : $_; } - split( /\n/, $@, 0 ) ) - ); - return -1, "__badExpression__: $err" if $err and $conf->{'useSafeJail'}; - return $val =~ qr/(?<=[^=\|\?])=(?![>=~])/ - && $conf->{'avoidAssignment'} ? ( 1, '__badExpressionAssignment__' ) : 1; -} + my($val, $conf) = @_; + my $cpt = 'Safe'->new; + $cpt->share_from('MIME::Base64', ['&encode_base64']); + $cpt->share_from('Lemonldap::NG::Handler::Main::Jail', ['&encrypt', '&token', @Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions]); + $cpt->share_from('Lemonldap::NG::Common::Safelib', $Lemonldap::NG::Common::Safelib::functions); + $cpt->reval("BEGIN { 'warnings'->unimport; } $val"); + my $err = join('', grep({$_ =~ /(?:Undefined subroutine|Devel::StackTrace)/ ? () : $_;} split(/\n/, $@, 0))); + return -1, "__badExpression__: $err" if $err and $conf->{'useSafeJail'}; + return $val =~ qr/(?<=[^=\|\?])=(?![>=~])/ && $conf->{'avoidAssignment'} ? (1, '__badExpressionAssignment__') : 1; + }; -sub types { - return { - 'array' => { - 'test' => sub { - 1; - } - }, - 'authParamsText' => { - 'test' => sub { - 1; - } - }, - 'blackWhiteList' => { - 'test' => sub { - 1; - } - }, - 'bool' => { - 'msgFail' => '__notABoolean__', - 'test' => qr/^[01]$/ - }, - 'boolOrExpr' => { - 'msgFail' => '__notAValidPerlExpression__', - 'test' => sub { - return perlExpr(@_); - } - }, - 'catAndAppList' => { - 'test' => sub { - 1; - } - }, - 'file' => { - 'test' => sub { - 1; - } - }, - 'hostname' => { - 'form' => 'text', - 'msgFail' => '__badHostname__', - 'test' => -qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$/ - }, - 'int' => { - 'msgFail' => '__notAnInteger__', - 'test' => qr/^\-?\d+$/ - }, - 'keyText' => { - 'keyTest' => qr/^[a-zA-Z0-9_]+$/, - 'msgFail' => '__badValue__', - 'test' => qr/^.*$/ - }, - 'keyTextContainer' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/^\w[\w\.\-]*$/, - 'msgFail' => '__emptyValueNotAllowed__', - 'test' => qr/./ - }, - 'lmAttrOrMacro' => { - 'form' => 'text', - 'test' => sub { - my ( $val, $conf ) = @_; - return 1 if defined $conf->{'macros'}{$val} or $val =~ /^_/; - foreach $_ ( keys %$conf ) { - return 1 - if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val}; - } - return 1, "__unknownAttrOrMacro__: $val"; - } - }, - 'longtext' => { - 'test' => sub { - 1; - } - }, - 'menuApp' => { - 'test' => sub { - 1; - } - }, - 'menuCat' => { - 'test' => sub { - 1; - } - }, - 'oidcAttribute' => { - 'test' => sub { - 1; - } - }, - 'oidcmetadatajson' => { - 'test' => sub { - 1; - } - }, - 'oidcmetadatajwks' => { - 'test' => sub { - 1; - } - }, - 'oidcOPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'oidcRPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'password' => { - 'msgFail' => '__malformedValue__', - 'test' => sub { - 1; - } - }, - 'pcre' => { - 'form' => 'text', - 'test' => sub { - eval { - do { - qr/$_[0]/; - } - }; - return $@ ? ( 0, "__badRegexp__: $@" ) : 1; - } - }, - 'PerlModule' => { - 'form' => 'text', - 'msgFail' => '__badPerlPackageName__', - 'test' => qr/^(?:[a-zA-Z][a-zA-Z0-9]*)*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/ - }, - 'portalskin' => { - 'test' => sub { - 1; - } - }, - 'portalskinbackground' => { - 'test' => sub { - 1; - } - }, - 'post' => { - 'test' => sub { - 1; - } - }, - 'RSAPrivateKey' => { - 'test' => sub { - return $_[0] =~ -m[^(?:(?:\-+\s*BEGIN\s+(?:(?:RSA|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:(?:RSA|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s - ? 1 - : ( 1, '__badPemEncoding__' ); - } - }, - 'RSAPublicKey' => { - 'test' => sub { - return $_[0] =~ -m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s - ? 1 - : ( 1, '__badPemEncoding__' ); - } - }, - 'RSAPublicKeyOrCertificate' => { - 'test' => sub { - return $_[0] =~ -m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s - ? 1 - : ( 1, '__badPemEncoding__' ); - } - }, - 'rule' => { - 'test' => sub { - 1; - } - }, - 'samlAssertion' => { - 'test' => sub { - 1; - } - }, - 'samlAttribute' => { - 'test' => sub { - 1; - } - }, - 'samlIDPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'samlService' => { - 'test' => sub { - 1; - } - }, - 'samlSPMetaDataNode' => { - 'test' => sub { - 1; - } - }, - 'select' => { - 'test' => sub { - return 0, 'Value is not a scalar' if ref $_[0]; - my $test = grep( { $_ eq $_[0]; } - map( { $_->{'k'}; } @{ $_[2]{'select'}; } ) ); - return $test - ? 1 - : ( 1, "Invalid value '$_[0]' for this select" ); - } - }, - 'subContainer' => { - 'keyTest' => qr/\w/, - 'test' => sub { - 1; - } - }, - 'text' => { - 'msgFail' => '__malformedValue__', - 'test' => sub { - 1; - } - }, - 'trool' => { - 'msgFail' => '__authorizedValues__: -1, 0, 1', - 'test' => qr/^(?:-1|0|1)$/ - }, - 'url' => { - 'form' => 'text', - 'msgFail' => '__badUrl__', - 'test' => -qr/(?:^$|(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/ - } - }; -} -sub attributes { +sub types { return { - 'activeTimer' => { - 'default' => 1, - 'type' => 'bool' - }, - 'adaptativeAuthenticationLevelRules' => { - 'keyMsgFail' => '__badRegexp__', - 'keyTest' => sub { - eval { - do { - qr/$_[0]/; - } - }; - return $@ ? 0 : 1; - }, - 'type' => 'keyTextContainer' - }, - 'ADPwdExpireWarning' => { - 'default' => 0, - 'type' => 'int' - }, - 'ADPwdMaxAge' => { - 'default' => 0, - 'type' => 'int' - }, - 'apacheAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'applicationList' => { - 'default' => { - 'default' => { - 'catname' => 'Default category', - 'type' => 'category' - } - }, - 'keyTest' => qr/\w/, - 'type' => 'catAndAppList' - }, - 'authChoiceAuthBasic' => { - 'type' => 'text' - }, - 'authChoiceFindUser' => { - 'type' => 'text' - }, - 'authChoiceModules' => { - 'keyMsgFail' => '__badChoiceKey__', - 'keyTest' => qr/^(\d*)?[a-zA-Z0-9_]+$/, - 'select' => [ [ { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'GitHub', - 'v' => 'GitHub' - }, - { - 'k' => 'GPG', - 'v' => 'GPG' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'LinkedIn', - 'v' => 'LinkedIn' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' + 'array' => { + 'test' => sub { + 1; + } + }, + 'authParamsText' => { + 'test' => sub { + 1; + } + }, + 'blackWhiteList' => { + 'test' => sub { + 1; + } + }, + 'bool' => { + 'msgFail' => '__notABoolean__', + 'test' => qr/^[01]$/ }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' + 'boolOrExpr' => { + 'msgFail' => '__notAValidPerlExpression__', + 'test' => sub { + return perlExpr(@_); + } + }, + 'catAndAppList' => { + 'test' => sub { + 1; + } + }, + 'file' => { + 'test' => sub { + 1; + } }, - { - 'k' => 'Slave', - 'v' => 'Slave' + 'hostname' => { + 'form' => 'text', + 'msgFail' => '__badHostname__', + 'test' => qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$/ + }, + 'int' => { + 'msgFail' => '__notAnInteger__', + 'test' => qr/^\-?\d+$/ + }, + 'keyText' => { + 'keyTest' => qr/^[a-zA-Z0-9_]+$/, + 'msgFail' => '__badValue__', + 'test' => qr/^.*$/ + }, + 'keyTextContainer' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/^\w[\w\.\-]*$/, + 'msgFail' => '__emptyValueNotAllowed__', + 'test' => qr/./ + }, + 'lmAttrOrMacro' => { + 'form' => 'text', + 'test' => sub { + my($val, $conf) = @_; + return 1 if defined $conf->{'macros'}{$val} or $val =~ /^_/; + foreach $_ (keys %$conf) { + return 1 if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val}; + } + return 1, "__unknownAttrOrMacro__: $val"; + } + }, + 'longtext' => { + 'test' => sub { + 1; + } + }, + 'menuApp' => { + 'test' => sub { + 1; + } + }, + 'menuCat' => { + 'test' => sub { + 1; + } + }, + 'oidcAttribute' => { + 'test' => sub { + 1; + } + }, + 'oidcmetadatajson' => { + 'test' => sub { + 1; + } + }, + 'oidcmetadatajwks' => { + 'test' => sub { + 1; + } + }, + 'oidcOPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'oidcRPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'password' => { + 'msgFail' => '__malformedValue__', + 'test' => sub { + 1; + } + }, + 'pcre' => { + 'form' => 'text', + 'test' => sub { + eval { + do { + qr/$_[0]/ + } + }; + return $@ ? (0, "__badRegexp__: $@") : 1; + } }, - { - 'k' => 'SSL', - 'v' => 'SSL' + 'PerlModule' => { + 'form' => 'text', + 'msgFail' => '__badPerlPackageName__', + 'test' => qr/^(?:[a-zA-Z][a-zA-Z0-9]*)*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/ + }, + 'portalskin' => { + 'test' => sub { + 1; + } + }, + 'portalskinbackground' => { + 'test' => sub { + 1; + } + }, + 'post' => { + 'test' => sub { + 1; + } }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' + 'RSAPrivateKey' => { + 'test' => sub { + return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+(?:(?:RSA|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:(?:RSA|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); + } + }, + 'RSAPublicKey' => { + 'test' => sub { + return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); + } + }, + 'RSAPublicKeyOrCertificate' => { + 'test' => sub { + return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); + } + }, + 'rule' => { + 'test' => sub { + 1; + } }, - { - 'k' => 'WebID', - 'v' => 'WebID' + 'samlAssertion' => { + 'test' => sub { + 1; + } + }, + 'samlAttribute' => { + 'test' => sub { + 1; + } + }, + 'samlIDPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'samlService' => { + 'test' => sub { + 1; + } + }, + 'samlSPMetaDataNode' => { + 'test' => sub { + 1; + } + }, + 'select' => { + 'test' => sub { + return 0, 'Value is not a scalar' if ref $_[0]; + my $test = grep({$_ eq $_[0];} map({$_->{'k'};} @{$_[2]{'select'};})); + return $test ? 1 : (1, "Invalid value '$_[0]' for this select"); + } + }, + 'subContainer' => { + 'keyTest' => qr/\w/, + 'test' => sub { + 1; + } + }, + 'text' => { + 'msgFail' => '__malformedValue__', + 'test' => sub { + 1; + } }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - [ { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - [ { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demo' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' + 'trool' => { + 'msgFail' => '__authorizedValues__: -1, 0, 1', + 'test' => qr/^(?:-1|0|1)$/ + }, + 'url' => { + 'form' => 'text', + 'msgFail' => '__badUrl__', + 'test' => qr/(?:^$|(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/ + } + }; +} + +sub attributes { + return { + 'activeTimer' => { + 'default' => 1, + 'type' => 'bool' + }, + 'adaptativeAuthenticationLevelRules' => { + 'keyMsgFail' => '__badRegexp__', + 'keyTest' => sub { + eval { + do { + qr/$_[0]/ + } + }; + return $@ ? 0 : 1; + }, + 'type' => 'keyTextContainer' + }, + 'ADPwdExpireWarning' => { + 'default' => 0, + 'type' => 'int' + }, + 'ADPwdMaxAge' => { + 'default' => 0, + 'type' => 'int' + }, + 'apacheAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'applicationList' => { + 'default' => { + 'default' => { + 'catname' => 'Default category', + 'type' => 'category' + } + }, + 'keyTest' => qr/\w/, + 'type' => 'catAndAppList' + }, + 'authChoiceAuthBasic' => { + 'type' => 'text' + }, + 'authChoiceFindUser' => { + 'type' => 'text' + }, + 'authChoiceModules' => { + 'keyMsgFail' => '__badChoiceKey__', + 'keyTest' => qr/^(\d*)?[a-zA-Z0-9_]+$/, + 'select' => [ + [ + { + 'k' => 'Apache', + 'v' => 'Apache' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demo' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'GitHub', + 'v' => 'GitHub' + }, + { + 'k' => 'GPG', + 'v' => 'GPG' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'LinkedIn', + 'v' => 'LinkedIn' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + [ + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demo' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + [ + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demo' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ] + ], + 'test' => sub { + 1; + }, + 'type' => 'authChoiceContainer' + }, + 'authChoiceParam' => { + 'default' => 'lmAuth', + 'type' => 'text' + }, + 'authentication' => { + 'default' => 'Demo', + 'select' => [ + { + 'k' => 'Apache', + 'v' => 'Apache' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'GitHub', + 'v' => 'GitHub' + }, + { + 'k' => 'GPG', + 'v' => 'GPG' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'LinkedIn', + 'v' => 'LinkedIn' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'Choice', + 'v' => 'authChoice' + }, + { + 'k' => 'Combination', + 'v' => 'combineMods' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'AuthLDAPFilter' => { + 'type' => 'text' + }, + 'autoSigninRules' => { + 'type' => 'keyTextContainer' + }, + 'available2F' => { + 'default' => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius', + 'type' => 'text' + }, + 'available2FSelfRegistration' => { + 'default' => 'TOTP,U2F,WebAuthn,Yubikey', + 'type' => 'text' + }, + 'avoidAssignment' => { + 'default' => 0, + 'type' => 'bool' + }, + 'browsersDontStorePassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'bruteForceProtection' => { + 'default' => 0, + 'type' => 'bool' + }, + 'bruteForceProtectionIncrementalTempo' => { + 'default' => 0, + 'type' => 'bool' + }, + 'bruteForceProtectionLockTimes' => { + 'default' => '15, 30, 60, 300, 600', + 'type' => 'text' + }, + 'bruteForceProtectionMaxAge' => { + 'default' => 300, + 'type' => 'int' + }, + 'bruteForceProtectionMaxFailed' => { + 'default' => 3, + 'type' => 'int' + }, + 'bruteForceProtectionMaxLockTime' => { + 'default' => 900, + 'type' => 'int' + }, + 'bruteForceProtectionTempo' => { + 'default' => 30, + 'type' => 'int' + }, + 'captcha' => { + 'type' => 'PerlModule' + }, + 'captcha_login_enabled' => { + 'default' => 0, + 'type' => 'bool' + }, + 'captcha_mail_enabled' => { + 'default' => 1, + 'type' => 'bool' + }, + 'captcha_register_enabled' => { + 'default' => 1, + 'type' => 'bool' + }, + 'captcha_size' => { + 'default' => 6, + 'type' => 'int' + }, + 'captchaOptions' => { + 'type' => 'keyTextContainer' + }, + 'casAccessControlPolicy' => { + 'default' => 'none', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'error', + 'v' => 'Display error on portal' + }, + { + 'k' => 'faketicket', + 'v' => 'Send a fake service ticket' + } + ], + 'type' => 'select' + }, + 'casAppMetaDataExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'type' => 'keyTextContainer' + }, + 'casAppMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'casAppMetaDataNodes' => { + 'type' => 'casAppMetaDataNodeContainer' + }, + 'casAppMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'casAppMetaDataOptionsAuthnLevel' => { + 'type' => 'int' + }, + 'casAppMetaDataOptionsRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'casAppMetaDataOptionsService' => { + 'type' => 'text' + }, + 'casAppMetaDataOptionsUserAttribute' => { + 'type' => 'text' + }, + 'casAttr' => { + 'type' => 'text' + }, + 'casAttributes' => { + 'type' => 'keyTextContainer' + }, + 'casAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'casSrvMetaDataExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'type' => 'keyTextContainer' + }, + 'casSrvMetaDataNodes' => { + 'type' => 'casSrvMetaDataNodeContainer' + }, + 'casSrvMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'casSrvMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'casSrvMetaDataOptionsGateway' => { + 'default' => 0, + 'type' => 'bool' + }, + 'casSrvMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'casSrvMetaDataOptionsProxiedServices' => { + 'keyMsgFail' => '__badCasProxyId__', + 'keyTest' => qr/^\w/, + 'type' => 'keyTextContainer' + }, + 'casSrvMetaDataOptionsRenew' => { + 'default' => 0, + 'type' => 'bool' + }, + 'casSrvMetaDataOptionsResolutionRule' => { + 'default' => '', + 'type' => 'longtext' + }, + 'casSrvMetaDataOptionsSortNumber' => { + 'type' => 'int' + }, + 'casSrvMetaDataOptionsUrl' => { + 'msgFail' => '__badUrl__', + 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'text' + }, + 'casStorage' => { + 'type' => 'PerlModule' + }, + 'casStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'casStrictMatching' => { + 'default' => 0, + 'type' => 'bool' + }, + 'casTicketExpiration' => { + 'default' => 0, + 'type' => 'int' + }, + 'cda' => { + 'default' => 0, + 'type' => 'bool' + }, + 'certificateResetByMailCeaAttribute' => { + 'default' => 'description', + 'type' => 'text' + }, + 'certificateResetByMailCertificateAttribute' => { + 'default' => 'userCertificate;binary', + 'type' => 'text' + }, + 'certificateResetByMailStep1Body' => { + 'type' => 'longtext' + }, + 'certificateResetByMailStep1Subject' => { + 'type' => 'text' + }, + 'certificateResetByMailStep2Body' => { + 'type' => 'longtext' + }, + 'certificateResetByMailStep2Subject' => { + 'type' => 'text' + }, + 'certificateResetByMailURL' => { + 'default' => 'http://auth.example.com/certificateReset', + 'type' => 'url' + }, + 'certificateResetByMailValidityDelay' => { + 'default' => 0, + 'type' => 'int' + }, + 'cfgAuthor' => { + 'type' => 'text' + }, + 'cfgAuthorIP' => { + 'type' => 'text' + }, + 'cfgDate' => { + 'type' => 'int' + }, + 'cfgLog' => { + 'type' => 'longtext' + }, + 'cfgNum' => { + 'default' => 0, + 'type' => 'int' + }, + 'cfgVersion' => { + 'type' => 'text' + }, + 'checkDevOps' => { + 'default' => 0, + 'type' => 'bool' + }, + 'checkDevOpsCheckSessionAttributes' => { + 'default' => 1, + 'type' => 'bool' + }, + 'checkDevOpsDisplayNormalizedHeaders' => { + 'default' => 1, + 'type' => 'bool' + }, + 'checkDevOpsDownload' => { + 'default' => 1, + 'type' => 'bool' + }, + 'checkState' => { + 'default' => 0, + 'type' => 'bool' + }, + 'checkStateSecret' => { + 'type' => 'text' + }, + 'checkTime' => { + 'default' => 600, + 'type' => 'int' + }, + 'checkUser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'checkUserDisplayComputedSession' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayEmptyHeaders' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayEmptyValues' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayHiddenAttributes' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayHistory' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayNormalizedHeaders' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserDisplayPersistentInfo' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'checkUserHiddenAttributes' => { + 'default' => '_loginHistory, _session_id, hGroups', + 'type' => 'text' + }, + 'checkUserHiddenHeaders' => { + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^\S+$/, + 'test' => { + 'keyMsgFail' => '__badHeaderName__', + 'keyTest' => qr/^(?=[^\-])[\w\-\s]+(?<=[^-])$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'checkUserIdRule' => { + 'default' => 1, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'checkUserSearchAttributes' => { + 'type' => 'text' + }, + 'checkUserUnrestrictedUsersRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'checkXSS' => { + 'default' => 1, + 'type' => 'bool' + }, + 'combination' => { + 'type' => 'text' + }, + 'combModules' => { + 'keyTest' => qr/^\w+$/, + 'select' => [ + { + 'k' => 'Apache', + 'v' => 'Apache' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Facebook', + 'v' => 'Facebook' + }, + { + 'k' => 'GitHub', + 'v' => 'GitHub' + }, + { + 'k' => 'GPG', + 'v' => 'GPG' + }, + { + 'k' => 'Kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'LinkedIn', + 'v' => 'LinkedIn' + }, + { + 'k' => 'PAM', + 'v' => 'PAM' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'SSL', + 'v' => 'SSL' + }, + { + 'k' => 'Twitter', + 'v' => 'Twitter' + }, + { + 'k' => 'WebID', + 'v' => 'WebID' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'CAS', + 'v' => 'Central Authentication Service (CAS)' + }, + { + 'k' => 'OpenID', + 'v' => 'OpenID' + }, + { + 'k' => 'OpenIDConnect', + 'v' => 'OpenID Connect' + }, + { + 'k' => 'SAML', + 'v' => 'SAML v2' + }, + { + 'k' => 'Proxy', + 'v' => 'Proxy' + }, + { + 'k' => 'Remote', + 'v' => 'Remote' + }, + { + 'k' => 'Slave', + 'v' => 'Slave' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'test' => sub { + 1; + }, + 'type' => 'cmbModuleContainer' + }, + 'compactConf' => { + 'default' => 0, + 'type' => 'bool' + }, + 'configStorage' => { + 'type' => 'text' + }, + 'confirmFormMethod' => { + 'default' => 'post', + 'select' => [ + { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'contextSwitchingAllowed2fModifications' => { + 'default' => 0, + 'type' => 'bool' + }, + 'contextSwitchingIdRule' => { + 'default' => 1, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'contextSwitchingPrefix' => { + 'default' => 'switching', + 'type' => 'text' + }, + 'contextSwitchingRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'contextSwitchingStopWithLogout' => { + 'default' => 1, + 'type' => 'bool' + }, + 'contextSwitchingUnrestrictedUsersRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'cookieExpiration' => { + 'type' => 'int' + }, + 'cookieName' => { + 'default' => 'lemonldap', + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'corsAllow_Credentials' => { + 'default' => 'true', + 'type' => 'text' + }, + 'corsAllow_Headers' => { + 'default' => '*', + 'type' => 'text' + }, + 'corsAllow_Methods' => { + 'default' => 'POST,GET', + 'type' => 'text' + }, + 'corsAllow_Origin' => { + 'default' => '*', + 'type' => 'text' + }, + 'corsEnabled' => { + 'default' => 1, + 'type' => 'bool' + }, + 'corsExpose_Headers' => { + 'default' => '*', + 'type' => 'text' + }, + 'corsMax_Age' => { + 'default' => '86400', + 'type' => 'text' + }, + 'crowdsec' => { + 'type' => 'bool' + }, + 'crowdsecAction' => { + 'default' => 'reject', + 'select' => [ + { + 'k' => 'reject', + 'v' => 'Reject' + }, + { + 'k' => 'warn', + 'v' => 'Warn' + } + ], + 'type' => 'select' + }, + 'crowdsecKey' => { + 'type' => 'text' + }, + 'crowdsecUrl' => { + 'type' => 'url' + }, + 'cspConnect' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspDefault' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspFont' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspFormAction' => { + 'default' => '*', + 'type' => 'text' + }, + 'cspFrameAncestors' => { + 'default' => '', + 'type' => 'text' + }, + 'cspImg' => { + 'default' => '\'self\' data:', + 'type' => 'text' + }, + 'cspScript' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'cspStyle' => { + 'default' => '\'self\'', + 'type' => 'text' + }, + 'customAddParams' => { + 'type' => 'keyTextContainer' + }, + 'customAuth' => { + 'type' => 'text' + }, + 'customFunctions' => { + 'msgFail' => '__badCustomFuncName__', + 'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/, + 'type' => 'text' + }, + 'customPassword' => { + 'type' => 'text' + }, + 'customPlugins' => { + 'type' => 'text' + }, + 'customPluginsParams' => { + 'type' => 'keyTextContainer' + }, + 'customRegister' => { + 'type' => 'text' + }, + 'customResetCertByMail' => { + 'type' => 'text' + }, + 'customToTrace' => { + 'type' => 'lmAttrOrMacro' + }, + 'customUserDB' => { + 'type' => 'text' + }, + 'dbiAuthChain' => { + 'type' => 'text' + }, + 'dbiAuthLoginCol' => { + 'type' => 'text' + }, + 'dbiAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'dbiAuthPassword' => { + 'type' => 'password' + }, + 'dbiAuthPasswordCol' => { + 'type' => 'text' + }, + 'dbiAuthPasswordHash' => { + 'type' => 'text' + }, + 'dbiAuthTable' => { + 'type' => 'text' + }, + 'dbiAuthUser' => { + 'type' => 'text' + }, + 'dbiDynamicHashEnabled' => { + 'type' => 'bool' + }, + 'dbiDynamicHashNewPasswordScheme' => { + 'type' => 'text' + }, + 'dbiDynamicHashValidSaltedSchemes' => { + 'type' => 'text' + }, + 'dbiDynamicHashValidSchemes' => { + 'type' => 'text' + }, + 'dbiExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'dbiPasswordMailCol' => { + 'type' => 'text' + }, + 'dbiUserChain' => { + 'type' => 'text' + }, + 'dbiUserPassword' => { + 'type' => 'password' + }, + 'dbiUserTable' => { + 'type' => 'text' + }, + 'dbiUserUser' => { + 'type' => 'text' + }, + 'decryptValueFunctions' => { + 'msgFail' => '__badCustomFuncName__', + 'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/, + 'type' => 'text' + }, + 'decryptValueRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'demoExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'disablePersistentStorage' => { + 'default' => 0, + 'type' => 'bool' + }, + 'displaySessionId' => { + 'default' => 1, + 'type' => 'bool' + }, + 'domain' => { + 'default' => 'example.com', + 'msgFail' => '__badDomainName__', + 'test' => qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, + 'type' => 'text' + }, + 'exportedAttr' => { + 'type' => 'text' + }, + 'exportedHeaders' => { + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^\S+$/, + 'test' => { + 'keyMsgFail' => '__badHeaderName__', + 'keyTest' => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'exportedVars' => { + 'default' => { + 'UA' => 'HTTP_USER_AGENT' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[_a-zA-Z][a-zA-Z0-9_]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[_a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'ext2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'ext2fAuthnLevel' => { + 'type' => 'int' + }, + 'ext2fCodeActivation' => { + 'default' => '\\d{6}', + 'type' => 'pcre' + }, + 'ext2fLabel' => { + 'type' => 'text' + }, + 'ext2fLogo' => { + 'type' => 'text' + }, + 'ext2fResendInterval' => { + 'type' => 'text' + }, + 'ext2FSendCommand' => { + 'type' => 'text' + }, + 'ext2FValidateCommand' => { + 'type' => 'text' + }, + 'facebookAppId' => { + 'type' => 'text' + }, + 'facebookAppSecret' => { + 'type' => 'text' + }, + 'facebookAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'facebookExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'facebookUserField' => { + 'default' => 'id', + 'type' => 'text' + }, + 'failedLoginNumber' => { + 'default' => 5, + 'type' => 'int' + }, + 'findUser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'findUserControl' => { + 'default' => '^[*\\w]+$', + 'type' => 'pcre' + }, + 'findUserExcludingAttributes' => { + 'keyTest' => qr/^\S+$/, + 'type' => 'keyTextContainer' + }, + 'findUserSearchingAttributes' => { + 'keyTest' => qr/^\S+$/, + 'type' => 'keyTextContainer' + }, + 'findUserWildcard' => { + 'default' => '*', + 'type' => 'text' + }, + 'forceGlobalStorageIssuerOTT' => { + 'type' => 'bool' + }, + 'forceGlobalStorageUpgradeOTT' => { + 'type' => 'bool' + }, + 'formTimeout' => { + 'default' => 120, + 'type' => 'int' + }, + 'githubAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'githubClientID' => { + 'type' => 'text' + }, + 'githubClientSecret' => { + 'type' => 'password' + }, + 'githubScope' => { + 'default' => 'user:email', + 'type' => 'text' + }, + 'githubUserField' => { + 'default' => 'login', + 'type' => 'text' + }, + 'globalLogoutCustomParam' => { + 'type' => 'text' + }, + 'globalLogoutRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'globalLogoutTimer' => { + 'default' => 1, + 'type' => 'bool' + }, + 'globalStorage' => { + 'default' => 'Apache::Session::File', + 'type' => 'PerlModule' + }, + 'globalStorageOptions' => { + 'default' => { + 'Directory' => '/var/lib/lemonldap-ng/sessions/', + 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', + 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' + }, + 'type' => 'keyTextContainer' + }, + 'gpgAuthnLevel' => { + 'default' => 5, + 'type' => 'int' + }, + 'gpgDb' => { + 'default' => '', + 'type' => 'text' + }, + 'grantSessionRules' => { + 'default' => {}, + 'keyTest' => sub { + return perlExpr(@_); + }, + 'test' => sub { + 1; + }, + 'type' => 'grantContainer' + }, + 'groups' => { + 'default' => {}, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'keyTextContainer' + }, + 'groupsBeforeMacros' => { + 'default' => 0, + 'type' => 'bool' + }, + 'handlerInternalCache' => { + 'default' => 15, + 'type' => 'int' + }, + 'handlerServiceTokenTTL' => { + 'default' => 30, + 'type' => 'int' + }, + 'hiddenAttributes' => { + 'default' => '_password, _2fDevices', + 'type' => 'text' + }, + 'hideOldPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'httpOnly' => { + 'default' => 1, + 'type' => 'bool' + }, + 'https' => { + 'default' => -1, + 'type' => 'trool' + }, + 'impersonationHiddenAttributes' => { + 'default' => '_2fDevices, _loginHistory', + 'type' => 'text' + }, + 'impersonationIdRule' => { + 'default' => 1, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'impersonationMergeSSOgroups' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'impersonationPrefix' => { + 'default' => 'real_', + 'type' => 'text' + }, + 'impersonationRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'impersonationSkipEmptyValues' => { + 'default' => 1, + 'type' => 'bool' + }, + 'impersonationUnrestrictedUsersRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'infoFormMethod' => { + 'default' => 'get', + 'select' => [ + { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'issuerDBCASActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBCASPath' => { + 'default' => '^/cas/', + 'type' => 'pcre' + }, + 'issuerDBCASRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBGetActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBGetParameters' => { + 'default' => {}, + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/, + 'test' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/, + 'test' => sub { + my($val, $conf) = @_; + return 1 if defined $conf->{'macros'}{$val} or $val eq '_timezone'; + foreach $_ (keys %$conf) { + return 1 if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val}; + } + return 1, "__unknownAttrOrMacro__: $val"; + } + }, + 'type' => 'doubleHash' + }, + 'issuerDBGetPath' => { + 'default' => '^/get/', + 'type' => 'text' + }, + 'issuerDBGetRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBOpenIDActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBOpenIDConnectActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBOpenIDConnectPath' => { + 'default' => '^/oauth2/', + 'type' => 'text' + }, + 'issuerDBOpenIDConnectRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBOpenIDPath' => { + 'default' => '^/openidserver/', + 'type' => 'pcre' + }, + 'issuerDBOpenIDRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuerDBSAMLActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'issuerDBSAMLPath' => { + 'default' => '^/saml/', + 'type' => 'pcre' + }, + 'issuerDBSAMLRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'issuersTimeout' => { + 'default' => 120, + 'type' => 'int' + }, + 'jsRedirect' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'key' => { + 'type' => 'password' + }, + 'krbAllowedDomains' => { + 'type' => 'text' + }, + 'krbAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'krbByJs' => { + 'default' => 0, + 'type' => 'bool' + }, + 'krbKeytab' => { + 'type' => 'text' + }, + 'krbRemoveDomain' => { + 'default' => 1, + 'type' => 'bool' + }, + 'ldapAllowResetExpiredPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'ldapBase' => { + 'default' => 'dc=example,dc=com', + 'msgFail' => '__badValue__', + 'test' => qr/^(?:\w+=.*|)$/, + 'type' => 'text' + }, + 'ldapCAFile' => { + 'type' => 'text' + }, + 'ldapCAPath' => { + 'type' => 'text' + }, + 'ldapChangePasswordAsUser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapExportedVars' => { + 'default' => { + 'cn' => 'cn', + 'mail' => 'mail', + 'uid' => 'uid' + }, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'LDAPFilter' => { + 'type' => 'text' + }, + 'ldapGetUserBeforePasswordChange' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapGroupAttributeName' => { + 'default' => 'member', + 'type' => 'text' + }, + 'ldapGroupAttributeNameGroup' => { + 'default' => 'dn', + 'type' => 'text' + }, + 'ldapGroupAttributeNameSearch' => { + 'default' => 'cn', + 'type' => 'text' + }, + 'ldapGroupAttributeNameUser' => { + 'default' => 'dn', + 'type' => 'text' + }, + 'ldapGroupBase' => { + 'type' => 'text' + }, + 'ldapGroupDecodeSearchedValue' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapGroupObjectClass' => { + 'default' => 'groupOfNames', + 'type' => 'text' + }, + 'ldapGroupRecursive' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapIOTimeout' => { + 'default' => 10, + 'type' => 'int' + }, + 'ldapITDS' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapPasswordResetAttribute' => { + 'default' => 'pwdReset', + 'type' => 'text' + }, + 'ldapPasswordResetAttributeValue' => { + 'default' => 'TRUE', + 'type' => 'text' + }, + 'ldapPort' => { + 'type' => 'int' + }, + 'ldapPpolicyControl' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapPwdEnc' => { + 'default' => 'utf-8', + 'msgFail' => '__badEncoding__', + 'test' => qr/^[a-zA-Z0-9_][a-zA-Z0-9_\-]*[a-zA-Z0-9_]$/, + 'type' => 'text' + }, + 'ldapRaw' => { + 'type' => 'text' + }, + 'ldapSearchDeref' => { + 'default' => 'find', + 'select' => [ + { + 'k' => 'never', + 'v' => 'never' + }, + { + 'k' => 'search', + 'v' => 'search' + }, + { + 'k' => 'find', + 'v' => 'find' + }, + { + 'k' => 'always', + 'v' => 'always' + } + ], + 'type' => 'select' + }, + 'ldapServer' => { + 'default' => 'ldap://localhost', + 'test' => sub { + my $l = shift(); + my @s = split(/[\s,]+/, $l, 0); + foreach my $s (@s) { + return 0, qq[__badLdapUri__: "$s"] unless $s =~ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$]o; + } + return 1; + }, + 'type' => 'text' + }, + 'ldapSetPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'ldapTimeout' => { + 'default' => 10, + 'type' => 'int' + }, + 'ldapUsePasswordResetAttribute' => { + 'default' => 1, + 'type' => 'bool' + }, + 'ldapVerify' => { + 'default' => 'require', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'optional', + 'v' => 'Optional' + }, + { + 'k' => 'require', + 'v' => 'Require' + } + ], + 'type' => 'select' + }, + 'ldapVersion' => { + 'default' => 3, + 'type' => 'int' + }, + 'linkedInAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'linkedInClientID' => { + 'type' => 'text' + }, + 'linkedInClientSecret' => { + 'type' => 'password' + }, + 'linkedInFields' => { + 'default' => 'id,first-name,last-name,email-address', + 'type' => 'text' + }, + 'linkedInScope' => { + 'default' => 'r_liteprofile r_emailaddress', + 'type' => 'text' + }, + 'linkedInUserField' => { + 'default' => 'emailAddress', + 'type' => 'text' + }, + 'localSessionStorage' => { + 'default' => 'Cache::FileCache', + 'type' => 'PerlModule' + }, + 'localSessionStorageOptions' => { + 'default' => { + 'cache_depth' => 3, + 'cache_root' => '/var/cache/lemonldap-ng', + 'default_expires_in' => 600, + 'directory_umask' => '007', + 'namespace' => 'lemonldap-ng-sessions' + }, + 'type' => 'keyTextContainer' + }, + 'localStorage' => { + 'type' => 'text' + }, + 'localStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'locationRules' => { + 'default' => { + 'default' => 'deny' + }, + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^\S+$/, + 'test' => { + 'keyMsgFail' => '__badRegexp__', + 'keyTest' => sub { + eval { + do { + qr/$_[0]/ + } + }; + return $@ ? 0 : 1; + }, + 'msgFail' => '__badExpression__', + 'test' => sub { + my($val, $conf) = @_; + my $s = $val; + if ($s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*//) { + return $s =~ m[^(?:https?://.*)?$] ? 1 : (0, '__badUrl__'); + } + $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g; + return &perlExpr($s, $conf); + } + }, + 'type' => 'ruleContainer' + }, + 'log4perlConfFile' => { + 'type' => 'text' + }, + 'logger' => { + 'type' => 'text' + }, + 'loginHistoryEnabled' => { + 'default' => 0, + 'type' => 'bool' + }, + 'logLevel' => { + 'type' => 'text' + }, + 'logoutServices' => { + 'default' => {}, + 'type' => 'keyTextContainer' + }, + 'lwpOpts' => { + 'type' => 'keyTextContainer' + }, + 'lwpSslOpts' => { + 'type' => 'keyTextContainer' + }, + 'macros' => { + 'default' => {}, + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'keyTextContainer' + }, + 'mail2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'mail2fAuthnLevel' => { + 'type' => 'int' + }, + 'mail2fBody' => { + 'type' => 'longtext' + }, + 'mail2fCodeRegex' => { + 'default' => '\\d{6}', + 'type' => 'pcre' + }, + 'mail2fLabel' => { + 'type' => 'text' + }, + 'mail2fLogo' => { + 'type' => 'text' + }, + 'mail2fResendInterval' => { + 'type' => 'text' + }, + 'mail2fSessionKey' => { + 'type' => 'text' + }, + 'mail2fSubject' => { + 'type' => 'text' + }, + 'mail2fTimeout' => { + 'type' => 'int' + }, + 'mailBody' => { + 'type' => 'longtext' + }, + 'mailCharset' => { + 'default' => 'utf-8', + 'type' => 'text' + }, + 'mailConfirmBody' => { + 'type' => 'longtext' + }, + 'mailConfirmSubject' => { + 'type' => 'text' + }, + 'mailFrom' => { + 'default' => 'noreply@example.com', + 'type' => 'text' + }, + 'mailLDAPFilter' => { + 'type' => 'text' + }, + 'mailOnPasswordChange' => { + 'default' => 0, + 'type' => 'bool' + }, + 'mailReplyTo' => { + 'type' => 'text' + }, + 'mailSessionKey' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'mailSubject' => { + 'type' => 'text' + }, + 'mailTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'mailUrl' => { + 'default' => 'http://auth.example.com/resetpwd', + 'type' => 'url' + }, + 'maintenance' => { + 'default' => 0, + 'type' => 'bool' + }, + 'managerDn' => { + 'default' => '', + 'msgFail' => '__badValue__', + 'test' => qr/^.*$/, + 'type' => 'text' + }, + 'managerPassword' => { + 'default' => '', + 'msgFail' => '__badValue__', + 'test' => qr/^\S*$/, + 'type' => 'password' + }, + 'max2FDevices' => { + 'default' => 10, + 'type' => 'int' + }, + 'max2FDevicesNameLength' => { + 'default' => 20, + 'type' => 'int' + }, + 'multiValuesSeparator' => { + 'default' => '; ', + 'type' => 'authParamsText' + }, + 'mySessionAuthorizedRWKeys' => { + 'default' => [ + '_appsListOrder', + '_oidcConnectedRP', + '_oidcConsents' + ], + 'type' => 'array' + }, + 'newLocationWarning' => { + 'default' => 0, + 'type' => 'bool' + }, + 'newLocationWarningLocationAttribute' => { + 'default' => 'ipAddr', + 'type' => 'text' + }, + 'newLocationWarningLocationDisplayAttribute' => { + 'default' => '', + 'type' => 'text' + }, + 'newLocationWarningMailAttribute' => { + 'type' => 'text' + }, + 'newLocationWarningMailBody' => { + 'type' => 'longtext' + }, + 'newLocationWarningMailSubject' => { + 'type' => 'text' + }, + 'newLocationWarningMaxValues' => { + 'default' => '0', + 'type' => 'int' + }, + 'nginxCustomHandlers' => { + 'keyTest' => qr/^\w+$/, + 'msgFail' => '__badPerlPackageName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/, + 'type' => 'keyTextContainer' + }, + 'noAjaxHook' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notification' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationDefaultCond' => { + 'default' => '', + 'type' => 'text' + }, + 'notificationServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationServerDELETE' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationServerGET' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationServerPOST' => { + 'default' => 1, + 'type' => 'bool' + }, + 'notificationServerSentAttributes' => { + 'default' => 'uid reference date title subtitle text check', + 'type' => 'text' + }, + 'notificationsExplorer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'notificationsMaxRetrieve' => { + 'default' => 3, + 'type' => 'int' + }, + 'notificationStorage' => { + 'default' => 'File', + 'type' => 'PerlModule' + }, + 'notificationStorageOptions' => { + 'default' => { + 'dirName' => '/var/lib/lemonldap-ng/notifications' + }, + 'type' => 'keyTextContainer' + }, + 'notificationWildcard' => { + 'default' => 'allusers', + 'type' => 'text' + }, + 'notificationXSLTfile' => { + 'type' => 'text' + }, + 'notifyDeleted' => { + 'default' => 1, + 'type' => 'bool' + }, + 'notifyOther' => { + 'default' => 0, + 'type' => 'bool' + }, + 'nullAuthnLevel' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'oidcOPMetaDataExportedVars' => { + 'default' => { + 'cn' => 'name', + 'mail' => 'email', + 'sn' => 'family_name', + 'uid' => 'sub' + }, + 'type' => 'keyTextContainer' + }, + 'oidcOPMetaDataJSON' => { + 'keyTest' => sub { + 1; + }, + 'type' => 'file' + }, + 'oidcOPMetaDataJWKS' => { + 'keyTest' => sub { + 1; + }, + 'type' => 'file' + }, + 'oidcOPMetaDataNodes' => { + 'type' => 'oidcOPMetaDataNodeContainer' + }, + 'oidcOPMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'oidcOPMetaDataOptionsAcrValues' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsCheckJWTSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcOPMetaDataOptionsClientID' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsClientSecret' => { + 'type' => 'password' + }, + 'oidcOPMetaDataOptionsConfigurationURI' => { + 'type' => 'url' + }, + 'oidcOPMetaDataOptionsDisplay' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'page', + 'v' => 'page' + }, + { + 'k' => 'popup', + 'v' => 'popup' + }, + { + 'k' => 'touch', + 'v' => 'touch' + }, + { + 'k' => 'wap', + 'v' => 'wap' + } + ], + 'type' => 'select' + }, + 'oidcOPMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsIDTokenMaxAge' => { + 'default' => 30, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsJWKSTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsMaxAge' => { + 'default' => 0, + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsPrompt' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsResolutionRule' => { + 'default' => '', + 'type' => 'longtext' + }, + 'oidcOPMetaDataOptionsScope' => { + 'default' => 'openid profile', + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsSortNumber' => { + 'type' => 'int' + }, + 'oidcOPMetaDataOptionsStoreIDToken' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => { + 'default' => 'client_secret_post', + 'select' => [ + { + 'k' => 'client_secret_post', + 'v' => 'client_secret_post' + }, + { + 'k' => 'client_secret_basic', + 'v' => 'client_secret_basic' + } + ], + 'type' => 'select' + }, + 'oidcOPMetaDataOptionsUiLocales' => { + 'type' => 'text' + }, + 'oidcOPMetaDataOptionsUseNonce' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcRPCallbackGetParam' => { + 'default' => 'openidconnectcallback', + 'type' => 'text' + }, + 'oidcRPMetaDataExportedVars' => { + 'default' => { + 'email' => 'mail', + 'family_name' => 'sn', + 'name' => 'cn' + }, + 'keyTest' => qr/\w/, + 'test' => qr/\w/, + 'type' => 'oidcAttributeContainer' + }, + 'oidcRPMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'oidcRPMetaDataNodes' => { + 'type' => 'oidcRPMetaDataNodeContainer' + }, + 'oidcRPMetaDataOptions' => { + 'type' => 'subContainer' + }, + 'oidcRPMetaDataOptionsAccessTokenClaims' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAccessTokenExpiration' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsAccessTokenJWT' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAccessTokenSignAlg' => { + 'default' => 'RS256', + 'select' => [ + { + 'k' => 'RS256', + 'v' => 'RS256' + }, + { + 'k' => 'RS384', + 'v' => 'RS384' + }, + { + 'k' => 'RS512', + 'v' => 'RS512' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataOptionsAdditionalAudiences' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsAllowClientCredentialsGrant' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAllowOffline' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAllowPasswordGrant' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsAuthnLevel' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsAuthorizationCodeExpiration' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsBypassConsent' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsClientID' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsClientSecret' => { + 'type' => 'password' + }, + 'oidcRPMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsExtraClaims' => { + 'default' => {}, + 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, + 'type' => 'keyTextContainer' + }, + 'oidcRPMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsIDTokenExpiration' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsIDTokenForceClaims' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsIDTokenSignAlg' => { + 'default' => 'HS512', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'HS256', + 'v' => 'HS256' + }, + { + 'k' => 'HS384', + 'v' => 'HS384' + }, + { + 'k' => 'HS512', + 'v' => 'HS512' + }, + { + 'k' => 'RS256', + 'v' => 'RS256' + }, + { + 'k' => 'RS384', + 'v' => 'RS384' + }, + { + 'k' => 'RS512', + 'v' => 'RS512' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataOptionsLogoutBypassConfirm' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsLogoutSessionRequired' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsLogoutType' => { + 'default' => 'front', + 'select' => [ + { + 'k' => 'front', + 'v' => 'Front Channel' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataOptionsLogoutUrl' => { + 'type' => 'url' + }, + 'oidcRPMetaDataOptionsOfflineSessionExpiration' => { + 'type' => 'int' + }, + 'oidcRPMetaDataOptionsPostLogoutRedirectUris' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsPublic' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsRedirectUris' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsRefreshToken' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsRequirePKCE' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcRPMetaDataOptionsRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsUserIDAttr' => { + 'type' => 'text' + }, + 'oidcRPMetaDataOptionsUserInfoSignAlg' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => 'JSON' + }, + { + 'k' => 'none', + 'v' => 'JWT/None' + }, + { + 'k' => 'HS256', + 'v' => 'JWT/HS256' + }, + { + 'k' => 'HS384', + 'v' => 'JWT/HS384' + }, + { + 'k' => 'HS512', + 'v' => 'JWT/HS512' + }, + { + 'k' => 'RS256', + 'v' => 'JWT/RS256' + }, + { + 'k' => 'RS384', + 'v' => 'JWT/RS384' + }, + { + 'k' => 'RS512', + 'v' => 'JWT/RS512' + } + ], + 'type' => 'select' + }, + 'oidcRPMetaDataScopeRules' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'oidcRPStateTimeout' => { + 'default' => 600, + 'type' => 'int' + }, + 'oidcServiceAccessTokenExpiration' => { + 'default' => 3600, + 'type' => 'int' + }, + 'oidcServiceAllowAuthorizationCodeFlow' => { + 'default' => 1, + 'type' => 'bool' + }, + 'oidcServiceAllowDynamicRegistration' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAllowHybridFlow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAllowImplicitFlow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAllowOnlyDeclaredScopes' => { + 'default' => 0, + 'type' => 'bool' + }, + 'oidcServiceAuthorizationCodeExpiration' => { + 'default' => 60, + 'type' => 'int' + }, + 'oidcServiceDynamicRegistrationExportedVars' => { + 'type' => 'keyTextContainer' + }, + 'oidcServiceDynamicRegistrationExtraClaims' => { + 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, + 'type' => 'keyTextContainer' + }, + 'oidcServiceIDTokenExpiration' => { + 'default' => 3600, + 'type' => 'int' + }, + 'oidcServiceKeyIdSig' => { + 'type' => 'text' + }, + 'oidcServiceMetaDataAuthnContext' => { + 'default' => { + 'loa-1' => 1, + 'loa-2' => 2, + 'loa-3' => 3, + 'loa-4' => 4, + 'loa-5' => 5 + }, + 'keyTest' => qr/\w/, + 'type' => 'keyTextContainer' + }, + 'oidcServiceMetaDataAuthorizeURI' => { + 'default' => 'authorize', + 'type' => 'text' + }, + 'oidcServiceMetaDataBackChannelURI' => { + 'default' => 'blogout', + 'type' => 'text' + }, + 'oidcServiceMetaDataCheckSessionURI' => { + 'default' => 'checksession.html', + 'type' => 'text' + }, + 'oidcServiceMetaDataEndSessionURI' => { + 'default' => 'logout', + 'type' => 'text' + }, + 'oidcServiceMetaDataFrontChannelURI' => { + 'default' => 'flogout', + 'type' => 'text' + }, + 'oidcServiceMetaDataIntrospectionURI' => { + 'default' => 'introspect', + 'type' => 'text' + }, + 'oidcServiceMetaDataIssuer' => { + 'type' => 'text' + }, + 'oidcServiceMetaDataJWKSURI' => { + 'default' => 'jwks', + 'type' => 'text' + }, + 'oidcServiceMetaDataRegistrationURI' => { + 'default' => 'register', + 'type' => 'text' + }, + 'oidcServiceMetaDataTokenURI' => { + 'default' => 'token', + 'type' => 'text' + }, + 'oidcServiceMetaDataUserInfoURI' => { + 'default' => 'userinfo', + 'type' => 'text' + }, + 'oidcServiceOfflineSessionExpiration' => { + 'default' => 2592000, + 'type' => 'int' + }, + 'oidcServicePrivateKeySig' => { + 'type' => 'RSAPrivateKey' + }, + 'oidcServicePublicKeySig' => { + 'type' => 'RSAPublicKey' + }, + 'oidcStorage' => { + 'type' => 'PerlModule' + }, + 'oidcStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'oldNotifFormat' => { + 'default' => 0, + 'type' => 'bool' + }, + 'openIdAttr' => { + 'type' => 'text' + }, + 'openIdAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'openIdExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'openIdIDPList' => { + 'default' => '0;', + 'type' => 'blackWhiteList' + }, + 'openIdIssuerSecret' => { + 'type' => 'text' + }, + 'openIdSecret' => { + 'type' => 'text' + }, + 'openIdSPList' => { + 'default' => '0;', + 'type' => 'blackWhiteList' + }, + 'openIdSreg_country' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_dob' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_email' => { + 'default' => 'mail', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_fullname' => { + 'default' => 'cn', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_gender' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_language' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_nickname' => { + 'default' => 'uid', + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_postcode' => { + 'type' => 'lmAttrOrMacro' + }, + 'openIdSreg_timezone' => { + 'default' => '_timezone', + 'type' => 'lmAttrOrMacro' + }, + 'pamAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'pamService' => { + 'default' => 'login', + 'type' => 'text' + }, + 'passwordDB' => { + 'default' => 'Demo', + 'select' => [ + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'Choice', + 'v' => 'authChoice' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Combination', + 'v' => 'combineMods' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'passwordPolicyActivation' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'passwordPolicyMinDigit' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicyMinLower' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicyMinSize' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicyMinSpeChar' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicyMinUpper' => { + 'default' => 0, + 'type' => 'int' + }, + 'passwordPolicySpecialChar' => { + 'default' => '__ALL__', + 'test' => qr/^(?:__ALL__|[\S\W]*)$/, + 'type' => 'text' + }, + 'passwordResetAllowedRetries' => { + 'default' => 3, + 'type' => 'int' + }, + 'pdataDomain' => { + 'default' => '', + 'msgFail' => '__badDomainName__', + 'test' => qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, + 'type' => 'text' + }, + 'persistentSessionAttributes' => { + 'default' => '_loginHistory _2fDevices notification_', + 'type' => 'text' + }, + 'persistentStorage' => { + 'type' => 'PerlModule' + }, + 'persistentStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'port' => { + 'default' => -1, + 'type' => 'int' }, - { - 'k' => 'Null', - 'v' => 'None' + 'portal' => { + 'default' => 'http://auth.example.com/', + 'msgFail' => '__badUrl__', + 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'url' + }, + 'portalAntiFrame' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalCheckLogins' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalCustomCss' => { + 'type' => 'text' + }, + 'portalDisplayAppslist' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayCertificateResetByMail' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalDisplayChangePassword' => { + 'default' => '$_auth =~ /^(LDAP|DBI|Demo)$/', + 'type' => 'boolOrExpr' + }, + 'portalDisplayGeneratePassword' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalDisplayLoginHistory' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayLogout' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalDisplayOidcConsents' => { + 'default' => '$_oidcConsents && $_oidcConsents =~ /\\w+/', + 'type' => 'boolOrExpr' + }, + 'portalDisplayPasswordPolicy' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalDisplayRefreshMyRights' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalDisplayRegister' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalDisplayResetPassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalEnablePasswordDisplay' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalErrorOnExpiredSession' => { + 'default' => 1, + 'type' => 'bool' + }, + 'portalErrorOnMailNotFound' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalFavicon' => { + 'default' => 'common/favicon.ico', + 'type' => 'text' + }, + 'portalForceAuthn' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalForceAuthnInterval' => { + 'default' => 5, + 'type' => 'int' + }, + 'portalMainLogo' => { + 'default' => 'common/logos/logo_llng_400px.png', + 'type' => 'text' + }, + 'portalOpenLinkInNewWindow' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalPingInterval' => { + 'default' => 60000, + 'type' => 'int' + }, + 'portalRequireOldPassword' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'portalSkin' => { + 'default' => 'bootstrap', + 'select' => [ + { + 'k' => 'bootstrap', + 'v' => 'Bootstrap' + } + ], + 'type' => 'portalskin' + }, + 'portalSkinBackground' => { + 'select' => [ + { + 'k' => '', + 'v' => 'None' + }, + { + 'k' => '1280px-Anse_Source_d\'Argent_2-La_Digue.jpg', + 'v' => 'Anse' + }, + { + 'k' => '1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg', + 'v' => 'Waterfall' + }, + { + 'k' => '1280px-BrockenSnowedTrees.jpg', + 'v' => 'Snowed Trees' + }, + { + 'k' => '1280px-Cedar_Breaks_National_Monument_partially.jpg', + 'v' => 'National Monument' + }, + { + 'k' => '1280px-Parry_Peak_from_Winter_Park.jpg', + 'v' => 'Winter' + }, + { + 'k' => 'Aletschgletscher_mit_Pinus_cembra1.jpg', + 'v' => 'Pinus' + } + ], + 'type' => 'portalskinbackground' + }, + 'portalSkinRules' => { + 'keyMsgFail' => '__badSkinRule__', + 'keyTest' => sub { + return perlExpr(@_); + }, + 'msgFail' => '__badValue__', + 'test' => qr/^\w+$/, + 'type' => 'keyTextContainer' + }, + 'portalStatus' => { + 'default' => 0, + 'type' => 'bool' + }, + 'portalUserAttr' => { + 'default' => '_user', + 'type' => 'text' + }, + 'post' => { + 'keyMsgFail' => '__badHostname__', + 'keyTest' => qr/^\S+$/, + 'test' => sub { + 1; + }, + 'type' => 'postContainer' }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ] - ], - 'test' => sub { - 1; - }, - 'type' => 'authChoiceContainer' - }, - 'authChoiceParam' => { - 'default' => 'lmAuth', - 'type' => 'text' - }, - 'authentication' => { - 'default' => 'Demo', - 'select' => [ { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'GitHub', - 'v' => 'GitHub' - }, - { - 'k' => 'GPG', - 'v' => 'GPG' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'LinkedIn', - 'v' => 'LinkedIn' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'SSL', - 'v' => 'SSL' - }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'Choice', - 'v' => 'authChoice' - }, - { - 'k' => 'Combination', - 'v' => 'combineMods' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'AuthLDAPFilter' => { - 'type' => 'text' - }, - 'autoSigninRules' => { - 'type' => 'keyTextContainer' - }, - 'available2F' => { - 'default' => - 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius', - 'type' => 'text' - }, - 'available2FSelfRegistration' => { - 'default' => 'TOTP,U2F,WebAuthn,Yubikey', - 'type' => 'text' - }, - 'avoidAssignment' => { - 'default' => 0, - 'type' => 'bool' - }, - 'browsersDontStorePassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'bruteForceProtection' => { - 'default' => 0, - 'type' => 'bool' - }, - 'bruteForceProtectionIncrementalTempo' => { - 'default' => 0, - 'type' => 'bool' - }, - 'bruteForceProtectionLockTimes' => { - 'default' => '15, 30, 60, 300, 600', - 'type' => 'text' - }, - 'bruteForceProtectionMaxAge' => { - 'default' => 300, - 'type' => 'int' - }, - 'bruteForceProtectionMaxFailed' => { - 'default' => 3, - 'type' => 'int' - }, - 'bruteForceProtectionMaxLockTime' => { - 'default' => 900, - 'type' => 'int' - }, - 'bruteForceProtectionTempo' => { - 'default' => 30, - 'type' => 'int' - }, - 'captcha' => { - 'type' => 'PerlModule' - }, - 'captcha_login_enabled' => { - 'default' => 0, - 'type' => 'bool' - }, - 'captcha_mail_enabled' => { - 'default' => 1, - 'type' => 'bool' - }, - 'captcha_register_enabled' => { - 'default' => 1, - 'type' => 'bool' - }, - 'captcha_size' => { - 'default' => 6, - 'type' => 'int' - }, - 'captchaOptions' => { - 'type' => 'keyTextContainer' - }, - 'casAccessControlPolicy' => { - 'default' => 'none', - 'select' => [ { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'error', - 'v' => 'Display error on portal' - }, - { - 'k' => 'faketicket', - 'v' => 'Send a fake service ticket' - } - ], - 'type' => 'select' - }, - 'casAppMetaDataExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'type' => 'keyTextContainer' - }, - 'casAppMetaDataMacros' => { - 'default' => {}, - 'test' => { - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'casAppMetaDataNodes' => { - 'type' => 'casAppMetaDataNodeContainer' - }, - 'casAppMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'casAppMetaDataOptionsAuthnLevel' => { - 'type' => 'int' - }, - 'casAppMetaDataOptionsRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'casAppMetaDataOptionsService' => { - 'type' => 'text' - }, - 'casAppMetaDataOptionsUserAttribute' => { - 'type' => 'text' - }, - 'casAttr' => { - 'type' => 'text' - }, - 'casAttributes' => { - 'type' => 'keyTextContainer' - }, - 'casAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'casSrvMetaDataExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'type' => 'keyTextContainer' - }, - 'casSrvMetaDataNodes' => { - 'type' => 'casSrvMetaDataNodeContainer' - }, - 'casSrvMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'casSrvMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'casSrvMetaDataOptionsGateway' => { - 'default' => 0, - 'type' => 'bool' - }, - 'casSrvMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'casSrvMetaDataOptionsProxiedServices' => { - 'keyMsgFail' => '__badCasProxyId__', - 'keyTest' => qr/^\w/, - 'type' => 'keyTextContainer' - }, - 'casSrvMetaDataOptionsRenew' => { - 'default' => 0, - 'type' => 'bool' - }, - 'casSrvMetaDataOptionsResolutionRule' => { - 'default' => '', - 'type' => 'longtext' - }, - 'casSrvMetaDataOptionsSortNumber' => { - 'type' => 'int' - }, - 'casSrvMetaDataOptionsUrl' => { - 'msgFail' => '__badUrl__', - 'test' => -qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'text' - }, - 'casStorage' => { - 'type' => 'PerlModule' - }, - 'casStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'casStrictMatching' => { - 'default' => 0, - 'type' => 'bool' - }, - 'casTicketExpiration' => { - 'default' => 0, - 'type' => 'int' - }, - 'cda' => { - 'default' => 0, - 'type' => 'bool' - }, - 'certificateResetByMailCeaAttribute' => { - 'default' => 'description', - 'type' => 'text' - }, - 'certificateResetByMailCertificateAttribute' => { - 'default' => 'userCertificate;binary', - 'type' => 'text' - }, - 'certificateResetByMailStep1Body' => { - 'type' => 'longtext' - }, - 'certificateResetByMailStep1Subject' => { - 'type' => 'text' - }, - 'certificateResetByMailStep2Body' => { - 'type' => 'longtext' - }, - 'certificateResetByMailStep2Subject' => { - 'type' => 'text' - }, - 'certificateResetByMailURL' => { - 'default' => 'http://auth.example.com/certificateReset', - 'type' => 'url' - }, - 'certificateResetByMailValidityDelay' => { - 'default' => 0, - 'type' => 'int' - }, - 'cfgAuthor' => { - 'type' => 'text' - }, - 'cfgAuthorIP' => { - 'type' => 'text' - }, - 'cfgDate' => { - 'type' => 'int' - }, - 'cfgLog' => { - 'type' => 'longtext' - }, - 'cfgNum' => { - 'default' => 0, - 'type' => 'int' - }, - 'cfgVersion' => { - 'type' => 'text' - }, - 'checkDevOps' => { - 'default' => 0, - 'type' => 'bool' - }, - 'checkDevOpsCheckSessionAttributes' => { - 'default' => 1, - 'type' => 'bool' - }, - 'checkDevOpsDisplayNormalizedHeaders' => { - 'default' => 1, - 'type' => 'bool' - }, - 'checkDevOpsDownload' => { - 'default' => 1, - 'type' => 'bool' - }, - 'checkState' => { - 'default' => 0, - 'type' => 'bool' - }, - 'checkStateSecret' => { - 'type' => 'text' - }, - 'checkTime' => { - 'default' => 600, - 'type' => 'int' - }, - 'checkUser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'checkUserDisplayComputedSession' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayEmptyHeaders' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayEmptyValues' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayHiddenAttributes' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayHistory' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayNormalizedHeaders' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserDisplayPersistentInfo' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'checkUserHiddenAttributes' => { - 'default' => '_loginHistory, _session_id, hGroups', - 'type' => 'text' - }, - 'checkUserHiddenHeaders' => { - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^\S+$/, - 'test' => { - 'keyMsgFail' => '__badHeaderName__', - 'keyTest' => qr/^(?=[^\-])[\w\-\s]+(?<=[^-])$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'checkUserIdRule' => { - 'default' => 1, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'checkUserSearchAttributes' => { - 'type' => 'text' - }, - 'checkUserUnrestrictedUsersRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'checkXSS' => { - 'default' => 1, - 'type' => 'bool' - }, - 'combination' => { - 'type' => 'text' - }, - 'combModules' => { - 'keyTest' => qr/^\w+$/, - 'select' => [ { - 'k' => 'Apache', - 'v' => 'Apache' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Facebook', - 'v' => 'Facebook' - }, - { - 'k' => 'GitHub', - 'v' => 'GitHub' - }, - { - 'k' => 'GPG', - 'v' => 'GPG' - }, - { - 'k' => 'Kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'LinkedIn', - 'v' => 'LinkedIn' - }, - { - 'k' => 'PAM', - 'v' => 'PAM' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'SSL', - 'v' => 'SSL' - }, - { - 'k' => 'Twitter', - 'v' => 'Twitter' - }, - { - 'k' => 'WebID', - 'v' => 'WebID' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'CAS', - 'v' => 'Central Authentication Service (CAS)' - }, - { - 'k' => 'OpenID', - 'v' => 'OpenID' - }, - { - 'k' => 'OpenIDConnect', - 'v' => 'OpenID Connect' - }, - { - 'k' => 'SAML', - 'v' => 'SAML v2' - }, - { - 'k' => 'Proxy', - 'v' => 'Proxy' - }, - { - 'k' => 'Remote', - 'v' => 'Remote' - }, - { - 'k' => 'Slave', - 'v' => 'Slave' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'test' => sub { - 1; - }, - 'type' => 'cmbModuleContainer' - }, - 'compactConf' => { - 'default' => 0, - 'type' => 'bool' - }, - 'configStorage' => { - 'type' => 'text' - }, - 'confirmFormMethod' => { - 'default' => 'post', - 'select' => [ { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'contextSwitchingAllowed2fModifications' => { - 'default' => 0, - 'type' => 'bool' - }, - 'contextSwitchingIdRule' => { - 'default' => 1, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'contextSwitchingPrefix' => { - 'default' => 'switching', - 'type' => 'text' - }, - 'contextSwitchingRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'contextSwitchingStopWithLogout' => { - 'default' => 1, - 'type' => 'bool' - }, - 'contextSwitchingUnrestrictedUsersRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'cookieExpiration' => { - 'type' => 'int' - }, - 'cookieName' => { - 'default' => 'lemonldap', - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'corsAllow_Credentials' => { - 'default' => 'true', - 'type' => 'text' - }, - 'corsAllow_Headers' => { - 'default' => '*', - 'type' => 'text' - }, - 'corsAllow_Methods' => { - 'default' => 'POST,GET', - 'type' => 'text' - }, - 'corsAllow_Origin' => { - 'default' => '*', - 'type' => 'text' - }, - 'corsEnabled' => { - 'default' => 1, - 'type' => 'bool' - }, - 'corsExpose_Headers' => { - 'default' => '*', - 'type' => 'text' - }, - 'corsMax_Age' => { - 'default' => '86400', - 'type' => 'text' - }, - 'crowdsec' => { - 'type' => 'bool' - }, - 'crowdsecAction' => { - 'default' => 'reject', - 'select' => [ { - 'k' => 'reject', - 'v' => 'Reject' - }, - { - 'k' => 'warn', - 'v' => 'Warn' - } - ], - 'type' => 'select' - }, - 'crowdsecKey' => { - 'type' => 'text' - }, - 'crowdsecUrl' => { - 'type' => 'url' - }, - 'cspConnect' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspDefault' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspFont' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspFormAction' => { - 'default' => '*', - 'type' => 'text' - }, - 'cspFrameAncestors' => { - 'default' => '', - 'type' => 'text' - }, - 'cspImg' => { - 'default' => '\'self\' data:', - 'type' => 'text' - }, - 'cspScript' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'cspStyle' => { - 'default' => '\'self\'', - 'type' => 'text' - }, - 'customAddParams' => { - 'type' => 'keyTextContainer' - }, - 'customAuth' => { - 'type' => 'text' - }, - 'customFunctions' => { - 'msgFail' => '__badCustomFuncName__', - 'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/, - 'type' => 'text' - }, - 'customPassword' => { - 'type' => 'text' - }, - 'customPlugins' => { - 'type' => 'text' - }, - 'customPluginsParams' => { - 'type' => 'keyTextContainer' - }, - 'customRegister' => { - 'type' => 'text' - }, - 'customResetCertByMail' => { - 'type' => 'text' - }, - 'customToTrace' => { - 'type' => 'lmAttrOrMacro' - }, - 'customUserDB' => { - 'type' => 'text' - }, - 'dbiAuthChain' => { - 'type' => 'text' - }, - 'dbiAuthLoginCol' => { - 'type' => 'text' - }, - 'dbiAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'dbiAuthPassword' => { - 'type' => 'password' - }, - 'dbiAuthPasswordCol' => { - 'type' => 'text' - }, - 'dbiAuthPasswordHash' => { - 'type' => 'text' - }, - 'dbiAuthTable' => { - 'type' => 'text' - }, - 'dbiAuthUser' => { - 'type' => 'text' - }, - 'dbiDynamicHashEnabled' => { - 'type' => 'bool' - }, - 'dbiDynamicHashNewPasswordScheme' => { - 'type' => 'text' - }, - 'dbiDynamicHashValidSaltedSchemes' => { - 'type' => 'text' - }, - 'dbiDynamicHashValidSchemes' => { - 'type' => 'text' - }, - 'dbiExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'dbiPasswordMailCol' => { - 'type' => 'text' - }, - 'dbiUserChain' => { - 'type' => 'text' - }, - 'dbiUserPassword' => { - 'type' => 'password' - }, - 'dbiUserTable' => { - 'type' => 'text' - }, - 'dbiUserUser' => { - 'type' => 'text' - }, - 'decryptValueFunctions' => { - 'msgFail' => '__badCustomFuncName__', - 'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/, - 'type' => 'text' - }, - 'decryptValueRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'demoExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'disablePersistentStorage' => { - 'default' => 0, - 'type' => 'bool' - }, - 'displaySessionId' => { - 'default' => 1, - 'type' => 'bool' - }, - 'domain' => { - 'default' => 'example.com', - 'msgFail' => '__badDomainName__', - 'test' => -qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, - 'type' => 'text' - }, - 'exportedAttr' => { - 'type' => 'text' - }, - 'exportedHeaders' => { - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^\S+$/, - 'test' => { - 'keyMsgFail' => '__badHeaderName__', - 'keyTest' => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'exportedVars' => { - 'default' => { - 'UA' => 'HTTP_USER_AGENT' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[_a-zA-Z][a-zA-Z0-9_]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[_a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'ext2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'ext2fAuthnLevel' => { - 'type' => 'int' - }, - 'ext2fCodeActivation' => { - 'default' => '\\d{6}', - 'type' => 'pcre' - }, - 'ext2fLabel' => { - 'type' => 'text' - }, - 'ext2fLogo' => { - 'type' => 'text' - }, - 'ext2fResendInterval' => { - 'type' => 'text' - }, - 'ext2FSendCommand' => { - 'type' => 'text' - }, - 'ext2FValidateCommand' => { - 'type' => 'text' - }, - 'facebookAppId' => { - 'type' => 'text' - }, - 'facebookAppSecret' => { - 'type' => 'text' - }, - 'facebookAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'facebookExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'facebookUserField' => { - 'default' => 'id', - 'type' => 'text' - }, - 'failedLoginNumber' => { - 'default' => 5, - 'type' => 'int' - }, - 'findUser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'findUserControl' => { - 'default' => '^[*\\w]+$', - 'type' => 'pcre' - }, - 'findUserExcludingAttributes' => { - 'keyTest' => qr/^\S+$/, - 'type' => 'keyTextContainer' - }, - 'findUserSearchingAttributes' => { - 'keyTest' => qr/^\S+$/, - 'type' => 'keyTextContainer' - }, - 'findUserWildcard' => { - 'default' => '*', - 'type' => 'text' - }, - 'forceGlobalStorageIssuerOTT' => { - 'type' => 'bool' - }, - 'forceGlobalStorageUpgradeOTT' => { - 'type' => 'bool' - }, - 'formTimeout' => { - 'default' => 120, - 'type' => 'int' - }, - 'githubAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'githubClientID' => { - 'type' => 'text' - }, - 'githubClientSecret' => { - 'type' => 'password' - }, - 'githubScope' => { - 'default' => 'user:email', - 'type' => 'text' - }, - 'githubUserField' => { - 'default' => 'login', - 'type' => 'text' - }, - 'globalLogoutCustomParam' => { - 'type' => 'text' - }, - 'globalLogoutRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'globalLogoutTimer' => { - 'default' => 1, - 'type' => 'bool' - }, - 'globalStorage' => { - 'default' => 'Apache::Session::File', - 'type' => 'PerlModule' - }, - 'globalStorageOptions' => { - 'default' => { - 'Directory' => '/var/lib/lemonldap-ng/sessions/', - 'generateModule' => - 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', - 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' - }, - 'type' => 'keyTextContainer' - }, - 'gpgAuthnLevel' => { - 'default' => 5, - 'type' => 'int' - }, - 'gpgDb' => { - 'default' => '', - 'type' => 'text' - }, - 'grantSessionRules' => { - 'default' => {}, - 'keyTest' => sub { - return perlExpr(@_); - }, - 'test' => sub { - 1; - }, - 'type' => 'grantContainer' - }, - 'groups' => { - 'default' => {}, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'keyTextContainer' - }, - 'groupsBeforeMacros' => { - 'default' => 0, - 'type' => 'bool' - }, - 'handlerInternalCache' => { - 'default' => 15, - 'type' => 'int' - }, - 'handlerServiceTokenTTL' => { - 'default' => 30, - 'type' => 'int' - }, - 'hiddenAttributes' => { - 'default' => '_password, _2fDevices', - 'type' => 'text' - }, - 'hideOldPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'httpOnly' => { - 'default' => 1, - 'type' => 'bool' - }, - 'https' => { - 'default' => -1, - 'type' => 'trool' - }, - 'impersonationHiddenAttributes' => { - 'default' => '_2fDevices, _loginHistory', - 'type' => 'text' - }, - 'impersonationIdRule' => { - 'default' => 1, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'impersonationMergeSSOgroups' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'impersonationPrefix' => { - 'default' => 'real_', - 'type' => 'text' - }, - 'impersonationRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'impersonationSkipEmptyValues' => { - 'default' => 1, - 'type' => 'bool' - }, - 'impersonationUnrestrictedUsersRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'infoFormMethod' => { - 'default' => 'get', - 'select' => [ { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'issuerDBCASActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBCASPath' => { - 'default' => '^/cas/', - 'type' => 'pcre' - }, - 'issuerDBCASRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBGetActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBGetParameters' => { - 'default' => {}, - 'keyMsgFail' => '__badHostname__', - 'keyTest' => -qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/, - 'test' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/, - 'test' => sub { - my ( $val, $conf ) = @_; - return 1 - if defined $conf->{'macros'}{$val} or $val eq '_timezone'; - foreach $_ ( keys %$conf ) { - return 1 - if $_ =~ /exportedvars$/i - and defined $conf->{$_}{$val}; - } - return 1, "__unknownAttrOrMacro__: $val"; - } - }, - 'type' => 'doubleHash' - }, - 'issuerDBGetPath' => { - 'default' => '^/get/', - 'type' => 'text' - }, - 'issuerDBGetRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBOpenIDActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBOpenIDConnectActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBOpenIDConnectPath' => { - 'default' => '^/oauth2/', - 'type' => 'text' - }, - 'issuerDBOpenIDConnectRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBOpenIDPath' => { - 'default' => '^/openidserver/', - 'type' => 'pcre' - }, - 'issuerDBOpenIDRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuerDBSAMLActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'issuerDBSAMLPath' => { - 'default' => '^/saml/', - 'type' => 'pcre' - }, - 'issuerDBSAMLRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'issuersTimeout' => { - 'default' => 120, - 'type' => 'int' - }, - 'jsRedirect' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'key' => { - 'type' => 'password' - }, - 'krbAllowedDomains' => { - 'type' => 'text' - }, - 'krbAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'krbByJs' => { - 'default' => 0, - 'type' => 'bool' - }, - 'krbKeytab' => { - 'type' => 'text' - }, - 'krbRemoveDomain' => { - 'default' => 1, - 'type' => 'bool' - }, - 'ldapAllowResetExpiredPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'ldapBase' => { - 'default' => 'dc=example,dc=com', - 'msgFail' => '__badValue__', - 'test' => qr/^(?:\w+=.*|)$/, - 'type' => 'text' - }, - 'ldapCAFile' => { - 'type' => 'text' - }, - 'ldapCAPath' => { - 'type' => 'text' - }, - 'ldapChangePasswordAsUser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapExportedVars' => { - 'default' => { - 'cn' => 'cn', - 'mail' => 'mail', - 'uid' => 'uid' - }, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'LDAPFilter' => { - 'type' => 'text' - }, - 'ldapGetUserBeforePasswordChange' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapGroupAttributeName' => { - 'default' => 'member', - 'type' => 'text' - }, - 'ldapGroupAttributeNameGroup' => { - 'default' => 'dn', - 'type' => 'text' - }, - 'ldapGroupAttributeNameSearch' => { - 'default' => 'cn', - 'type' => 'text' - }, - 'ldapGroupAttributeNameUser' => { - 'default' => 'dn', - 'type' => 'text' - }, - 'ldapGroupBase' => { - 'type' => 'text' - }, - 'ldapGroupDecodeSearchedValue' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapGroupObjectClass' => { - 'default' => 'groupOfNames', - 'type' => 'text' - }, - 'ldapGroupRecursive' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapIOTimeout' => { - 'default' => 10, - 'type' => 'int' - }, - 'ldapITDS' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapPasswordResetAttribute' => { - 'default' => 'pwdReset', - 'type' => 'text' - }, - 'ldapPasswordResetAttributeValue' => { - 'default' => 'TRUE', - 'type' => 'text' - }, - 'ldapPort' => { - 'type' => 'int' - }, - 'ldapPpolicyControl' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapPwdEnc' => { - 'default' => 'utf-8', - 'msgFail' => '__badEncoding__', - 'test' => qr/^[a-zA-Z0-9_][a-zA-Z0-9_\-]*[a-zA-Z0-9_]$/, - 'type' => 'text' - }, - 'ldapRaw' => { - 'type' => 'text' - }, - 'ldapSearchDeref' => { - 'default' => 'find', - 'select' => [ { - 'k' => 'never', - 'v' => 'never' - }, - { - 'k' => 'search', - 'v' => 'search' - }, - { - 'k' => 'find', - 'v' => 'find' - }, - { - 'k' => 'always', - 'v' => 'always' - } - ], - 'type' => 'select' - }, - 'ldapServer' => { - 'default' => 'ldap://localhost', - 'test' => sub { - my $l = shift(); - my @s = split( /[\s,]+/, $l, 0 ); - foreach my $s (@s) { - return 0, qq[__badLdapUri__: "$s"] - unless $s =~ -m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$]o; - } - return 1; - }, - 'type' => 'text' - }, - 'ldapSetPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'ldapTimeout' => { - 'default' => 10, - 'type' => 'int' - }, - 'ldapUsePasswordResetAttribute' => { - 'default' => 1, - 'type' => 'bool' - }, - 'ldapVerify' => { - 'default' => 'require', - 'select' => [ { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'optional', - 'v' => 'Optional' - }, - { - 'k' => 'require', - 'v' => 'Require' - } - ], - 'type' => 'select' - }, - 'ldapVersion' => { - 'default' => 3, - 'type' => 'int' - }, - 'linkedInAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'linkedInClientID' => { - 'type' => 'text' - }, - 'linkedInClientSecret' => { - 'type' => 'password' - }, - 'linkedInFields' => { - 'default' => 'id,first-name,last-name,email-address', - 'type' => 'text' - }, - 'linkedInScope' => { - 'default' => 'r_liteprofile r_emailaddress', - 'type' => 'text' - }, - 'linkedInUserField' => { - 'default' => 'emailAddress', - 'type' => 'text' - }, - 'localSessionStorage' => { - 'default' => 'Cache::FileCache', - 'type' => 'PerlModule' - }, - 'localSessionStorageOptions' => { - 'default' => { - 'cache_depth' => 3, - 'cache_root' => '/var/cache/lemonldap-ng', - 'default_expires_in' => 600, - 'directory_umask' => '007', - 'namespace' => 'lemonldap-ng-sessions' - }, - 'type' => 'keyTextContainer' - }, - 'localStorage' => { - 'type' => 'text' - }, - 'localStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'locationRules' => { - 'default' => { - 'default' => 'deny' - }, - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^\S+$/, - 'test' => { - 'keyMsgFail' => '__badRegexp__', - 'keyTest' => sub { - eval { - do { - qr/$_[0]/; - } - }; - return $@ ? 0 : 1; - }, - 'msgFail' => '__badExpression__', - 'test' => sub { - my ( $val, $conf ) = @_; - my $s = $val; - if ( $s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*// ) { - return $s =~ m[^(?:https?://.*)?$] - ? 1 - : ( 0, '__badUrl__' ); - } - $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g; - return &perlExpr( $s, $conf ); - } - }, - 'type' => 'ruleContainer' - }, - 'log4perlConfFile' => { - 'type' => 'text' - }, - 'logger' => { - 'type' => 'text' - }, - 'loginHistoryEnabled' => { - 'default' => 0, - 'type' => 'bool' - }, - 'logLevel' => { - 'type' => 'text' - }, - 'logoutServices' => { - 'default' => {}, - 'type' => 'keyTextContainer' - }, - 'lwpOpts' => { - 'type' => 'keyTextContainer' - }, - 'lwpSslOpts' => { - 'type' => 'keyTextContainer' - }, - 'macros' => { - 'default' => {}, - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'keyTextContainer' - }, - 'mail2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'mail2fAuthnLevel' => { - 'type' => 'int' - }, - 'mail2fBody' => { - 'type' => 'longtext' - }, - 'mail2fCodeRegex' => { - 'default' => '\\d{6}', - 'type' => 'pcre' - }, - 'mail2fLabel' => { - 'type' => 'text' - }, - 'mail2fLogo' => { - 'type' => 'text' - }, - 'mail2fResendInterval' => { - 'type' => 'text' - }, - 'mail2fSessionKey' => { - 'type' => 'text' - }, - 'mail2fSubject' => { - 'type' => 'text' - }, - 'mail2fTimeout' => { - 'type' => 'int' - }, - 'mailBody' => { - 'type' => 'longtext' - }, - 'mailCharset' => { - 'default' => 'utf-8', - 'type' => 'text' - }, - 'mailConfirmBody' => { - 'type' => 'longtext' - }, - 'mailConfirmSubject' => { - 'type' => 'text' - }, - 'mailFrom' => { - 'default' => 'noreply@example.com', - 'type' => 'text' - }, - 'mailLDAPFilter' => { - 'type' => 'text' - }, - 'mailOnPasswordChange' => { - 'default' => 0, - 'type' => 'bool' - }, - 'mailReplyTo' => { - 'type' => 'text' - }, - 'mailSessionKey' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'mailSubject' => { - 'type' => 'text' - }, - 'mailTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'mailUrl' => { - 'default' => 'http://auth.example.com/resetpwd', - 'type' => 'url' - }, - 'maintenance' => { - 'default' => 0, - 'type' => 'bool' - }, - 'managerDn' => { - 'default' => '', - 'msgFail' => '__badValue__', - 'test' => qr/^.*$/, - 'type' => 'text' - }, - 'managerPassword' => { - 'default' => '', - 'msgFail' => '__badValue__', - 'test' => qr/^\S*$/, - 'type' => 'password' - }, - 'max2FDevices' => { - 'default' => 10, - 'type' => 'int' - }, - 'max2FDevicesNameLength' => { - 'default' => 20, - 'type' => 'int' - }, - 'multiValuesSeparator' => { - 'default' => '; ', - 'type' => 'authParamsText' - }, - 'mySessionAuthorizedRWKeys' => { - 'default' => - [ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ], - 'type' => 'array' - }, - 'newLocationWarning' => { - 'default' => 0, - 'type' => 'bool' - }, - 'newLocationWarningLocationAttribute' => { - 'default' => 'ipAddr', - 'type' => 'text' - }, - 'newLocationWarningLocationDisplayAttribute' => { - 'default' => '', - 'type' => 'text' - }, - 'newLocationWarningMailAttribute' => { - 'type' => 'text' - }, - 'newLocationWarningMailBody' => { - 'type' => 'longtext' - }, - 'newLocationWarningMailSubject' => { - 'type' => 'text' - }, - 'newLocationWarningMaxValues' => { - 'default' => '0', - 'type' => 'int' - }, - 'nginxCustomHandlers' => { - 'keyTest' => qr/^\w+$/, - 'msgFail' => '__badPerlPackageName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/, - 'type' => 'keyTextContainer' - }, - 'noAjaxHook' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notification' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationDefaultCond' => { - 'default' => '', - 'type' => 'text' - }, - 'notificationServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationServerDELETE' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationServerGET' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationServerPOST' => { - 'default' => 1, - 'type' => 'bool' - }, - 'notificationServerSentAttributes' => { - 'default' => 'uid reference date title subtitle text check', - 'type' => 'text' - }, - 'notificationsExplorer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'notificationsMaxRetrieve' => { - 'default' => 3, - 'type' => 'int' - }, - 'notificationStorage' => { - 'default' => 'File', - 'type' => 'PerlModule' - }, - 'notificationStorageOptions' => { - 'default' => { - 'dirName' => '/var/lib/lemonldap-ng/notifications' - }, - 'type' => 'keyTextContainer' - }, - 'notificationWildcard' => { - 'default' => 'allusers', - 'type' => 'text' - }, - 'notificationXSLTfile' => { - 'type' => 'text' - }, - 'notifyDeleted' => { - 'default' => 1, - 'type' => 'bool' - }, - 'notifyOther' => { - 'default' => 0, - 'type' => 'bool' - }, - 'nullAuthnLevel' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'oidcOPMetaDataExportedVars' => { - 'default' => { - 'cn' => 'name', - 'mail' => 'email', - 'sn' => 'family_name', - 'uid' => 'sub' - }, - 'type' => 'keyTextContainer' - }, - 'oidcOPMetaDataJSON' => { - 'keyTest' => sub { - 1; - }, - 'type' => 'file' - }, - 'oidcOPMetaDataJWKS' => { - 'keyTest' => sub { - 1; - }, - 'type' => 'file' - }, - 'oidcOPMetaDataNodes' => { - 'type' => 'oidcOPMetaDataNodeContainer' - }, - 'oidcOPMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'oidcOPMetaDataOptionsAcrValues' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsCheckJWTSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcOPMetaDataOptionsClientID' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsClientSecret' => { - 'type' => 'password' - }, - 'oidcOPMetaDataOptionsConfigurationURI' => { - 'type' => 'url' - }, - 'oidcOPMetaDataOptionsDisplay' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'page', - 'v' => 'page' - }, - { - 'k' => 'popup', - 'v' => 'popup' - }, - { - 'k' => 'touch', - 'v' => 'touch' - }, - { - 'k' => 'wap', - 'v' => 'wap' - } - ], - 'type' => 'select' - }, - 'oidcOPMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsIDTokenMaxAge' => { - 'default' => 30, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsJWKSTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsMaxAge' => { - 'default' => 0, - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsPrompt' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsResolutionRule' => { - 'default' => '', - 'type' => 'longtext' - }, - 'oidcOPMetaDataOptionsScope' => { - 'default' => 'openid profile', - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsSortNumber' => { - 'type' => 'int' - }, - 'oidcOPMetaDataOptionsStoreIDToken' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => { - 'default' => 'client_secret_post', - 'select' => [ { - 'k' => 'client_secret_post', - 'v' => 'client_secret_post' - }, - { - 'k' => 'client_secret_basic', - 'v' => 'client_secret_basic' - } - ], - 'type' => 'select' - }, - 'oidcOPMetaDataOptionsUiLocales' => { - 'type' => 'text' - }, - 'oidcOPMetaDataOptionsUseNonce' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcRPCallbackGetParam' => { - 'default' => 'openidconnectcallback', - 'type' => 'text' - }, - 'oidcRPMetaDataExportedVars' => { - 'default' => { - 'email' => 'mail', - 'family_name' => 'sn', - 'name' => 'cn' - }, - 'keyTest' => qr/\w/, - 'test' => qr/\w/, - 'type' => 'oidcAttributeContainer' - }, - 'oidcRPMetaDataMacros' => { - 'default' => {}, - 'test' => { - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'oidcRPMetaDataNodes' => { - 'type' => 'oidcRPMetaDataNodeContainer' - }, - 'oidcRPMetaDataOptions' => { - 'type' => 'subContainer' - }, - 'oidcRPMetaDataOptionsAccessTokenClaims' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAccessTokenExpiration' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsAccessTokenJWT' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAccessTokenSignAlg' => { - 'default' => 'RS256', - 'select' => [ { - 'k' => 'RS256', - 'v' => 'RS256' - }, - { - 'k' => 'RS384', - 'v' => 'RS384' - }, - { - 'k' => 'RS512', - 'v' => 'RS512' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataOptionsAdditionalAudiences' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsAllowClientCredentialsGrant' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAllowOffline' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAllowPasswordGrant' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsAuthnLevel' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsAuthorizationCodeExpiration' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsBypassConsent' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsClientID' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsClientSecret' => { - 'type' => 'password' - }, - 'oidcRPMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsExtraClaims' => { - 'default' => {}, - 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, - 'type' => 'keyTextContainer' - }, - 'oidcRPMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsIDTokenExpiration' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsIDTokenForceClaims' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsIDTokenSignAlg' => { - 'default' => 'HS512', - 'select' => [ { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'HS256', - 'v' => 'HS256' - }, - { - 'k' => 'HS384', - 'v' => 'HS384' - }, - { - 'k' => 'HS512', - 'v' => 'HS512' - }, - { - 'k' => 'RS256', - 'v' => 'RS256' - }, - { - 'k' => 'RS384', - 'v' => 'RS384' - }, - { - 'k' => 'RS512', - 'v' => 'RS512' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataOptionsLogoutBypassConfirm' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsLogoutSessionRequired' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsLogoutType' => { - 'default' => 'front', - 'select' => [ { - 'k' => 'front', - 'v' => 'Front Channel' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataOptionsLogoutUrl' => { - 'type' => 'url' - }, - 'oidcRPMetaDataOptionsOfflineSessionExpiration' => { - 'type' => 'int' - }, - 'oidcRPMetaDataOptionsPostLogoutRedirectUris' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsPublic' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsRedirectUris' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsRefreshToken' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsRequirePKCE' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcRPMetaDataOptionsRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsUserIDAttr' => { - 'type' => 'text' - }, - 'oidcRPMetaDataOptionsUserInfoSignAlg' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => 'JSON' - }, - { - 'k' => 'none', - 'v' => 'JWT/None' - }, - { - 'k' => 'HS256', - 'v' => 'JWT/HS256' - }, - { - 'k' => 'HS384', - 'v' => 'JWT/HS384' - }, - { - 'k' => 'HS512', - 'v' => 'JWT/HS512' - }, - { - 'k' => 'RS256', - 'v' => 'JWT/RS256' - }, - { - 'k' => 'RS384', - 'v' => 'JWT/RS384' - }, - { - 'k' => 'RS512', - 'v' => 'JWT/RS512' - } - ], - 'type' => 'select' - }, - 'oidcRPMetaDataScopeRules' => { - 'default' => {}, - 'test' => { - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'oidcRPStateTimeout' => { - 'default' => 600, - 'type' => 'int' - }, - 'oidcServiceAccessTokenExpiration' => { - 'default' => 3600, - 'type' => 'int' - }, - 'oidcServiceAllowAuthorizationCodeFlow' => { - 'default' => 1, - 'type' => 'bool' - }, - 'oidcServiceAllowDynamicRegistration' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAllowHybridFlow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAllowImplicitFlow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAllowOnlyDeclaredScopes' => { - 'default' => 0, - 'type' => 'bool' - }, - 'oidcServiceAuthorizationCodeExpiration' => { - 'default' => 60, - 'type' => 'int' - }, - 'oidcServiceDynamicRegistrationExportedVars' => { - 'type' => 'keyTextContainer' - }, - 'oidcServiceDynamicRegistrationExtraClaims' => { - 'keyTest' => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/, - 'type' => 'keyTextContainer' - }, - 'oidcServiceIDTokenExpiration' => { - 'default' => 3600, - 'type' => 'int' - }, - 'oidcServiceKeyIdSig' => { - 'type' => 'text' - }, - 'oidcServiceMetaDataAuthnContext' => { - 'default' => { - 'loa-1' => 1, - 'loa-2' => 2, - 'loa-3' => 3, - 'loa-4' => 4, - 'loa-5' => 5 - }, - 'keyTest' => qr/\w/, - 'type' => 'keyTextContainer' - }, - 'oidcServiceMetaDataAuthorizeURI' => { - 'default' => 'authorize', - 'type' => 'text' - }, - 'oidcServiceMetaDataBackChannelURI' => { - 'default' => 'blogout', - 'type' => 'text' - }, - 'oidcServiceMetaDataCheckSessionURI' => { - 'default' => 'checksession.html', - 'type' => 'text' - }, - 'oidcServiceMetaDataEndSessionURI' => { - 'default' => 'logout', - 'type' => 'text' - }, - 'oidcServiceMetaDataFrontChannelURI' => { - 'default' => 'flogout', - 'type' => 'text' - }, - 'oidcServiceMetaDataIntrospectionURI' => { - 'default' => 'introspect', - 'type' => 'text' - }, - 'oidcServiceMetaDataIssuer' => { - 'type' => 'text' - }, - 'oidcServiceMetaDataJWKSURI' => { - 'default' => 'jwks', - 'type' => 'text' - }, - 'oidcServiceMetaDataRegistrationURI' => { - 'default' => 'register', - 'type' => 'text' - }, - 'oidcServiceMetaDataTokenURI' => { - 'default' => 'token', - 'type' => 'text' - }, - 'oidcServiceMetaDataUserInfoURI' => { - 'default' => 'userinfo', - 'type' => 'text' - }, - 'oidcServiceOfflineSessionExpiration' => { - 'default' => 2592000, - 'type' => 'int' - }, - 'oidcServicePrivateKeySig' => { - 'type' => 'RSAPrivateKey' - }, - 'oidcServicePublicKeySig' => { - 'type' => 'RSAPublicKey' - }, - 'oidcStorage' => { - 'type' => 'PerlModule' - }, - 'oidcStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'oldNotifFormat' => { - 'default' => 0, - 'type' => 'bool' - }, - 'openIdAttr' => { - 'type' => 'text' - }, - 'openIdAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'openIdExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'openIdIDPList' => { - 'default' => '0;', - 'type' => 'blackWhiteList' - }, - 'openIdIssuerSecret' => { - 'type' => 'text' - }, - 'openIdSecret' => { - 'type' => 'text' - }, - 'openIdSPList' => { - 'default' => '0;', - 'type' => 'blackWhiteList' - }, - 'openIdSreg_country' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_dob' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_email' => { - 'default' => 'mail', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_fullname' => { - 'default' => 'cn', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_gender' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_language' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_nickname' => { - 'default' => 'uid', - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_postcode' => { - 'type' => 'lmAttrOrMacro' - }, - 'openIdSreg_timezone' => { - 'default' => '_timezone', - 'type' => 'lmAttrOrMacro' - }, - 'pamAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'pamService' => { - 'default' => 'login', - 'type' => 'text' - }, - 'passwordDB' => { - 'default' => 'Demo', - 'select' => [ { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'Choice', - 'v' => 'authChoice' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Combination', - 'v' => 'combineMods' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'passwordPolicyActivation' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'passwordPolicyMinDigit' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicyMinLower' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicyMinSize' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicyMinSpeChar' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicyMinUpper' => { - 'default' => 0, - 'type' => 'int' - }, - 'passwordPolicySpecialChar' => { - 'default' => '__ALL__', - 'test' => qr/^(?:__ALL__|[\S\W]*)$/, - 'type' => 'text' - }, - 'passwordResetAllowedRetries' => { - 'default' => 3, - 'type' => 'int' - }, - 'pdataDomain' => { - 'default' => '', - 'msgFail' => '__badDomainName__', - 'test' => -qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, - 'type' => 'text' - }, - 'persistentSessionAttributes' => { - 'default' => '_loginHistory _2fDevices notification_', - 'type' => 'text' - }, - 'persistentStorage' => { - 'type' => 'PerlModule' - }, - 'persistentStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'port' => { - 'default' => -1, - 'type' => 'int' - }, - 'portal' => { - 'default' => 'http://auth.example.com/', - 'msgFail' => '__badUrl__', - 'test' => -qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'url' - }, - 'portalAntiFrame' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalCheckLogins' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalCustomCss' => { - 'type' => 'text' - }, - 'portalDisplayAppslist' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayCertificateResetByMail' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalDisplayChangePassword' => { - 'default' => '$_auth =~ /^(LDAP|DBI|Demo)$/', - 'type' => 'boolOrExpr' - }, - 'portalDisplayGeneratePassword' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalDisplayLoginHistory' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayLogout' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalDisplayOidcConsents' => { - 'default' => '$_oidcConsents && $_oidcConsents =~ /\\w+/', - 'type' => 'boolOrExpr' - }, - 'portalDisplayPasswordPolicy' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalDisplayRefreshMyRights' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalDisplayRegister' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalDisplayResetPassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalEnablePasswordDisplay' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalErrorOnExpiredSession' => { - 'default' => 1, - 'type' => 'bool' - }, - 'portalErrorOnMailNotFound' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalFavicon' => { - 'default' => 'common/favicon.ico', - 'type' => 'text' - }, - 'portalForceAuthn' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalForceAuthnInterval' => { - 'default' => 5, - 'type' => 'int' - }, - 'portalMainLogo' => { - 'default' => 'common/logos/logo_llng_400px.png', - 'type' => 'text' - }, - 'portalOpenLinkInNewWindow' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalPingInterval' => { - 'default' => 60000, - 'type' => 'int' - }, - 'portalRequireOldPassword' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'portalSkin' => { - 'default' => 'bootstrap', - 'select' => [ { - 'k' => 'bootstrap', - 'v' => 'Bootstrap' - } - ], - 'type' => 'portalskin' - }, - 'portalSkinBackground' => { - 'select' => [ { - 'k' => '', - 'v' => 'None' - }, - { - 'k' => '1280px-Anse_Source_d\'Argent_2-La_Digue.jpg', - 'v' => 'Anse' - }, - { - 'k' => -'1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg', - 'v' => 'Waterfall' - }, - { - 'k' => '1280px-BrockenSnowedTrees.jpg', - 'v' => 'Snowed Trees' - }, - { - 'k' => - '1280px-Cedar_Breaks_National_Monument_partially.jpg', - 'v' => 'National Monument' - }, - { - 'k' => '1280px-Parry_Peak_from_Winter_Park.jpg', - 'v' => 'Winter' - }, - { - 'k' => 'Aletschgletscher_mit_Pinus_cembra1.jpg', - 'v' => 'Pinus' - } - ], - 'type' => 'portalskinbackground' - }, - 'portalSkinRules' => { - 'keyMsgFail' => '__badSkinRule__', - 'keyTest' => sub { - return perlExpr(@_); - }, - 'msgFail' => '__badValue__', - 'test' => qr/^\w+$/, - 'type' => 'keyTextContainer' - }, - 'portalStatus' => { - 'default' => 0, - 'type' => 'bool' - }, - 'portalUserAttr' => { - 'default' => '_user', - 'type' => 'text' - }, - 'post' => { - 'keyMsgFail' => '__badHostname__', - 'keyTest' => qr/^\S+$/, - 'test' => sub { - 1; - }, - 'type' => 'postContainer' - }, - 'protection' => { - 'msgFail' => '__authorizedValues__: none authenticate manager', - 'test' => qr/^(?:none|authenticate|manager|)$/, - 'type' => 'text' - }, - 'proxyAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'proxyAuthService' => { - 'type' => 'text' - }, - 'proxyAuthServiceChoiceParam' => { - 'default' => 'lmAuth', - 'type' => 'text' - }, - 'proxyAuthServiceChoiceValue' => { - 'type' => 'text' - }, - 'proxyAuthServiceImpersonation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'proxyCookieName' => { - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'proxySessionService' => { - 'type' => 'text' - }, - 'proxyUseSoap' => { - 'default' => 0, - 'type' => 'bool' - }, - 'radius2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'radius2fAuthnLevel' => { - 'type' => 'int' - }, - 'radius2fLabel' => { - 'type' => 'text' - }, - 'radius2fLogo' => { - 'type' => 'text' - }, - 'radius2fSecret' => { - 'type' => 'text' - }, - 'radius2fServer' => { - 'type' => 'text' - }, - 'radius2fTimeout' => { - 'default' => 20, - 'type' => 'int' - }, - 'radius2fUsernameSessionKey' => { - 'type' => 'text' - }, - 'radiusAuthnLevel' => { - 'default' => 3, - 'type' => 'int' - }, - 'radiusSecret' => { - 'type' => 'text' - }, - 'radiusServer' => { - 'type' => 'text' - }, - 'randomPasswordRegexp' => { - 'default' => '[A-Z]{3}[a-z]{5}.\\d{2}', - 'type' => 'pcre' - }, - 'redirectFormMethod' => { - 'default' => 'get', - 'select' => [ { - 'k' => 'get', - 'v' => 'GET' - }, - { - 'k' => 'post', - 'v' => 'POST' - } - ], - 'type' => 'select' - }, - 'refreshSessions' => { - 'type' => 'bool' - }, - 'registerConfirmBody' => { - 'type' => 'longtext' - }, - 'registerConfirmSubject' => { - 'type' => 'text' - }, - 'registerDB' => { - 'default' => 'Null', - 'select' => [ { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'Demo', - 'v' => 'Demonstration' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'registerDoneBody' => { - 'type' => 'longtext' - }, - 'registerDoneSubject' => { - 'type' => 'text' - }, - 'registerTimeout' => { - 'default' => 0, - 'type' => 'int' - }, - 'registerUrl' => { - 'default' => 'http://auth.example.com/register', - 'type' => 'text' - }, - 'reloadTimeout' => { - 'default' => 5, - 'type' => 'int' - }, - 'reloadUrls' => { - 'keyTest' => -qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$/, - 'msgFail' => '__badUrl__', - 'test' => -qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'keyTextContainer' - }, - 'rememberAuthChoiceRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'rememberCookieName' => { - 'default' => 'llngrememberauthchoice', - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'rememberCookieTimeout' => { - 'default' => 31536000, - 'type' => 'int' - }, - 'rememberDefaultChecked' => { - 'default' => 0, - 'type' => 'bool' - }, - 'rememberTimer' => { - 'default' => 5, - 'type' => 'int' - }, - 'remoteCookieName' => { - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'remoteGlobalStorage' => { - 'default' => 'Lemonldap::NG::Common::Apache::Session::SOAP', - 'type' => 'PerlModule' - }, - 'remoteGlobalStorageOptions' => { - 'default' => { - 'ns' => -'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', - 'proxy' => 'http://auth.example.com/sessions' - }, - 'type' => 'keyTextContainer' - }, - 'remotePortal' => { - 'type' => 'text' - }, - 'requireToken' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'rest2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'rest2fAuthnLevel' => { - 'type' => 'int' - }, - 'rest2fCodeActivation' => { - 'type' => 'pcre' - }, - 'rest2fInitArgs' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/^\w+$/, - 'msgFail' => '__badValue__', - 'test' => qr/^\w+$/, - 'type' => 'keyTextContainer' - }, - 'rest2fInitUrl' => { - 'type' => 'url' - }, - 'rest2fLabel' => { - 'type' => 'text' - }, - 'rest2fLogo' => { - 'type' => 'text' - }, - 'rest2fResendInterval' => { - 'type' => 'text' - }, - 'rest2fVerifyArgs' => { - 'type' => 'keyTextContainer' - }, - 'rest2fVerifyUrl' => { - 'keyMsgFail' => '__badKeyName__', - 'keyTest' => qr/^\w+$/, - 'msgFail' => '__badValue__', - 'test' => qr/^\w+$/, - 'type' => 'url' - }, - 'restAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'restAuthServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restAuthUrl' => { - 'type' => 'url' - }, - 'restClockTolerance' => { - 'default' => 15, - 'type' => 'int' - }, - 'restConfigServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restExportSecretKeys' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restFindUserDBUrl' => { - 'type' => 'url' - }, - 'restPasswordServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restPwdConfirmUrl' => { - 'type' => 'url' - }, - 'restPwdModifyUrl' => { - 'type' => 'url' - }, - 'restSessionServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'restUserDBUrl' => { - 'type' => 'url' - }, - 'sameSite' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'Strict', - 'v' => 'Strict' - }, - { - 'k' => 'Lax', - 'v' => 'Lax' - }, - { - 'k' => 'None', - 'v' => 'None' - } - ], - 'type' => 'select' - }, - 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', - 'type' => 'samlService' - }, - 'samlAuthnContextMapKerberos' => { - 'default' => 4, - 'type' => 'int' - }, - 'samlAuthnContextMapPassword' => { - 'default' => 2, - 'type' => 'int' - }, - 'samlAuthnContextMapPasswordProtectedTransport' => { - 'default' => 3, - 'type' => 'int' - }, - 'samlAuthnContextMapTLSClient' => { - 'default' => 5, - 'type' => 'int' - }, - 'samlCommonDomainCookieActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlCommonDomainCookieDomain' => { - 'msgFail' => '__badDomainName__', - 'test' => -qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/, - 'type' => 'text' - }, - 'samlCommonDomainCookieReader' => { - 'msgFail' => '__badUrl__', - 'test' => -qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'text' - }, - 'samlCommonDomainCookieWriter' => { - 'msgFail' => '__badUrl__', - 'test' => -qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'text' - }, - 'samlDiscoveryProtocolActivation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlDiscoveryProtocolIsPassive' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlDiscoveryProtocolPolicy' => { - 'type' => 'text' - }, - 'samlDiscoveryProtocolURL' => { - 'msgFail' => '__badUrl__', - 'test' => -qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, - 'type' => 'text' - }, - 'samlEntityID' => { - 'default' => '#PORTAL#/saml/metadata', - 'type' => 'text' - }, - 'samlIDPMetaDataExportedAttributes' => { - 'default' => {}, - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, - 'msgFail' => '__badValue__', - 'test' => qr/\w/, - 'type' => 'samlAttributeContainer' - }, - 'samlIDPMetaDataNodes' => { - 'type' => 'samlIDPMetaDataNodeContainer' - }, - 'samlIDPMetaDataOptions' => { - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, - 'type' => 'keyTextContainer' - }, - 'samlIDPMetaDataOptionsAdaptSessionUtime' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsAllowLoginFromIDP' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsAllowProxiedAuthn' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckAudience' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsCheckTime' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsDisplayName' => { - 'type' => 'text' - }, - 'samlIDPMetaDataOptionsEncryptionMode' => { - 'default' => 'none', - 'select' => [ { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'nameid', - 'v' => 'Name ID' - }, - { - 'k' => 'assertion', - 'v' => 'Assertion' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsForceAuthn' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsForceUTF8' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsIcon' => { - 'type' => 'text' - }, - 'samlIDPMetaDataOptionsIsPassive' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsNameIDFormat' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'unspecified', - 'v' => 'Unspecified' - }, - { - 'k' => 'email', - 'v' => 'Email' - }, - { - 'k' => 'x509', - 'v' => 'X509 certificate' - }, - { - 'k' => 'windows', - 'v' => 'Windows' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'entity', - 'v' => 'Entity' - }, - { - 'k' => 'persistent', - 'v' => 'Persistent' - }, - { - 'k' => 'transient', - 'v' => 'Transient' - }, - { - 'k' => 'encrypted', - 'v' => 'Encrypted' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsRelayStateURL' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsRequestedAuthnContext' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'password-protected-transport', - 'v' => 'Password protected transport' - }, - { - 'k' => 'password', - 'v' => 'Password' - }, - { - 'k' => 'tls-client', - 'v' => 'TLS client certificate' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsResolutionRule' => { - 'default' => '', - 'type' => 'longtext' - }, - 'samlIDPMetaDataOptionsSignatureMethod' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => 'default' - }, - { - 'k' => 'RSA_SHA1', - 'v' => 'RSA SHA1' - }, - { - 'k' => 'RSA_SHA256', - 'v' => 'RSA SHA256' - }, - { - 'k' => 'RSA_SHA384', - 'v' => 'RSA SHA384' - }, - { - 'k' => 'RSA_SHA512', - 'v' => 'RSA SHA512' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsSignSLOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlIDPMetaDataOptionsSignSSOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlIDPMetaDataOptionsSLOBinding' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'http-post', - 'v' => 'POST' - }, - { - 'k' => 'http-redirect', - 'v' => 'Redirect' - }, - { - 'k' => 'http-soap', - 'v' => 'SOAP' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsSortNumber' => { - 'type' => 'int' - }, - 'samlIDPMetaDataOptionsSSOBinding' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'http-post', - 'v' => 'POST' - }, - { - 'k' => 'http-redirect', - 'v' => 'Redirect' - }, - { - 'k' => 'artifact-get', - 'v' => 'Artifact GET' - } - ], - 'type' => 'select' - }, - 'samlIDPMetaDataOptionsStoreSAMLToken' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlIDPMetaDataOptionsUserAttribute' => { - 'type' => 'text' - }, - 'samlIDPMetaDataXML' => { - 'test' => sub { - my $v = shift(); - return 1 unless $v and %$v; - my @msg; - my $res = 1; - my %entityIds; - foreach my $idpId ( keys %$v ) { - unless ( $v->{$idpId}{'samlIDPMetaDataXML'} =~ - /entityID="(.+?)"/is ) - { - push @msg, "$idpId SAML metadata has no EntityID"; - $res = 0; - next; - } - my $eid = $1; - if ( defined $entityIds{$eid} ) { - push @msg, -"$idpId and $entityIds{$eid} have the same SAML EntityID"; - $res = 0; - next; - } - $entityIds{$eid} = $idpId; - } - return $res, join( ', ', @msg ); - }, - 'type' => 'file' - }, - 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => { - 'default' => -'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'type' => 'samlAssertion' - }, - 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', - 'type' => 'samlService' - }, - 'samlIDPSSODescriptorWantAuthnRequestsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlMetadataForceUTF8' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlNameIDFormatMapEmail' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'samlNameIDFormatMapKerberos' => { - 'default' => 'uid', - 'type' => 'text' - }, - 'samlNameIDFormatMapWindows' => { - 'default' => 'uid', - 'type' => 'text' - }, - 'samlNameIDFormatMapX509' => { - 'default' => 'mail', - 'type' => 'text' - }, - 'samlOrganizationDisplayName' => { - 'default' => 'Example', - 'type' => 'text' - }, - 'samlOrganizationName' => { - 'default' => 'Example', - 'type' => 'text' - }, - 'samlOrganizationURL' => { - 'default' => 'http://www.example.com', - 'type' => 'text' - }, - 'samlOverrideIDPEntityID' => { - 'default' => '', - 'type' => 'text' - }, - 'samlRelayStateTimeout' => { - 'default' => 600, - 'type' => 'int' - }, - 'samlServicePrivateKeyEnc' => { - 'default' => '', - 'type' => 'RSAPrivateKey' - }, - 'samlServicePrivateKeyEncPwd' => { - 'type' => 'password' - }, - 'samlServicePrivateKeySig' => { - 'default' => '', - 'type' => 'RSAPrivateKey' - }, - 'samlServicePrivateKeySigPwd' => { - 'default' => '', - 'type' => 'password' - }, - 'samlServicePublicKeyEnc' => { - 'default' => '', - 'type' => 'RSAPublicKeyOrCertificate' - }, - 'samlServicePublicKeySig' => { - 'default' => '', - 'type' => 'RSAPublicKeyOrCertificate' - }, - 'samlServiceSignatureMethod' => { - 'default' => 'RSA_SHA256', - 'select' => [ { - 'k' => 'RSA_SHA1', - 'v' => 'RSA SHA1' - }, - { - 'k' => 'RSA_SHA256', - 'v' => 'RSA SHA256' - }, - { - 'k' => 'RSA_SHA384', - 'v' => 'RSA SHA384' - }, - { - 'k' => 'RSA_SHA512', - 'v' => 'RSA SHA512' - } - ], - 'type' => 'select' - }, - 'samlServiceUseCertificateInResponse' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataExportedAttributes' => { - 'default' => {}, - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, - 'msgFail' => '__badValue__', - 'test' => qr/\w/, - 'type' => 'samlAttributeContainer' - }, - 'samlSPMetaDataMacros' => { - 'default' => {}, - 'test' => { - 'keyMsgFail' => '__badMacroName__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'test' => sub { - return perlExpr(@_); - } - }, - 'type' => 'keyTextContainer' - }, - 'samlSPMetaDataNodes' => { - 'type' => 'samlSPMetaDataNodeContainer' - }, - 'samlSPMetaDataOptions' => { - 'keyMsgFail' => '__badMetadataName__', - 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, - 'type' => 'keyTextContainer' - }, - 'samlSPMetaDataOptionsAuthnLevel' => { - 'type' => 'int' - }, - 'samlSPMetaDataOptionsCheckSLOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsCheckSSOMessageSignature' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsEncryptionMode' => { - 'default' => 'none', - 'select' => [ { - 'k' => 'none', - 'v' => 'None' - }, - { - 'k' => 'nameid', - 'v' => 'Name ID' - }, - { - 'k' => 'assertion', - 'v' => 'Assertion' - } - ], - 'type' => 'select' - }, - 'samlSPMetaDataOptionsForceUTF8' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsNameIDFormat' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => '' - }, - { - 'k' => 'unspecified', - 'v' => 'Unspecified' - }, - { - 'k' => 'email', - 'v' => 'Email' - }, - { - 'k' => 'x509', - 'v' => 'X509 certificate' - }, - { - 'k' => 'windows', - 'v' => 'Windows' - }, - { - 'k' => 'kerberos', - 'v' => 'Kerberos' - }, - { - 'k' => 'entity', - 'v' => 'Entity' - }, - { - 'k' => 'persistent', - 'v' => 'Persistent' - }, - { - 'k' => 'transient', - 'v' => 'Transient' - }, - { - 'k' => 'encrypted', - 'v' => 'Encrypted' - } - ], - 'type' => 'select' - }, - 'samlSPMetaDataOptionsNameIDSessionKey' => { - 'type' => 'text' - }, - 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => { - 'default' => 72000, - 'type' => 'int' - }, - 'samlSPMetaDataOptionsOneTimeUse' => { - 'default' => 0, - 'type' => 'bool' - }, - 'samlSPMetaDataOptionsRule' => { - 'test' => sub { - return perlExpr(@_); - }, - 'type' => 'text' - }, - 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => { - 'default' => 72000, - 'type' => 'int' - }, - 'samlSPMetaDataOptionsSignatureMethod' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => 'default' - }, - { - 'k' => 'RSA_SHA1', - 'v' => 'RSA SHA1' - }, - { - 'k' => 'RSA_SHA256', - 'v' => 'RSA SHA256' - }, - { - 'k' => 'RSA_SHA384', - 'v' => 'RSA SHA384' - }, - { - 'k' => 'RSA_SHA512', - 'v' => 'RSA SHA512' - } - ], - 'type' => 'select' - }, - 'samlSPMetaDataOptionsSignSLOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlSPMetaDataOptionsSignSSOMessage' => { - 'default' => -1, - 'type' => 'trool' - }, - 'samlSPMetaDataXML' => { - 'type' => 'file' - }, - 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => { - 'default' => -'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => { - 'default' => -'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => { - 'default' => -'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', - 'type' => 'samlAssertion' - }, - 'samlSPSSODescriptorAuthnRequestsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorSingleLogoutServiceSOAP' => { - 'default' => -'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', - 'type' => 'samlService' - }, - 'samlSPSSODescriptorWantAssertionsSigned' => { - 'default' => 1, - 'type' => 'bool' - }, - 'samlStorage' => { - 'type' => 'PerlModule' - }, - 'samlStorageOptions' => { - 'type' => 'keyTextContainer' - }, - 'samlUseQueryStringSpecific' => { - 'default' => 0, - 'type' => 'bool' - }, - 'scrollTop' => { - 'default' => 400, - 'type' => 'int' - }, - 'securedCookie' => { - 'default' => 0, - 'select' => [ { - 'k' => '0', - 'v' => 'unsecuredCookie' - }, - { - 'k' => '1', - 'v' => 'securedCookie' - }, - { - 'k' => '2', - 'v' => 'doubleCookie' - }, - { - 'k' => '3', - 'v' => 'doubleCookieForSingleSession' - } - ], - 'type' => 'select' - }, - 'secureTokenAllowOnError' => { - 'type' => 'text' - }, - 'secureTokenAttribute' => { - 'type' => 'text' - }, - 'secureTokenExpiration' => { - 'type' => 'text' - }, - 'secureTokenHeader' => { - 'type' => 'text' - }, - 'secureTokenMemcachedServers' => { - 'type' => 'text' - }, - 'secureTokenUrls' => { - 'type' => 'text' - }, - 'sentryDsn' => { - 'type' => 'text' - }, - 'sessionDataToRemember' => { - 'keyMsgFail' => '__invalidSessionData__', - 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, - 'type' => 'keyTextContainer' - }, - 'sfEngine' => { - 'default' => '::2F::Engines::Default', - 'type' => 'text' - }, - 'sfExtra' => { - 'keyTest' => qr/^\w+$/, - 'select' => [ { - 'k' => 'Mail2F', - 'v' => 'E-Mail' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Ext2F', - 'v' => 'External' - }, - { - 'k' => 'Radius', - 'v' => 'Radius' - } - ], - 'test' => sub { - 1; - }, - 'type' => 'sfExtraContainer' - }, - 'sfLoginTimeout' => { - 'type' => 'int' - }, - 'sfManagerRule' => { - 'default' => 1, - 'type' => 'boolOrExpr' - }, - 'sfOnlyUpgrade' => { - 'type' => 'bool' - }, - 'sfRegisterTimeout' => { - 'type' => 'int' - }, - 'sfRemovedMsgRule' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'sfRemovedNotifMsg' => { - 'default' => -'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', - 'type' => 'text' - }, - 'sfRemovedNotifRef' => { - 'default' => 'RemoveSF', - 'type' => 'text' - }, - 'sfRemovedNotifTitle' => { - 'default' => 'Second factor notification', - 'type' => 'text' - }, - 'sfRemovedUseNotif' => { - 'default' => 0, - 'type' => 'bool' - }, - 'sfRequired' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'showLanguages' => { - 'default' => 1, - 'type' => 'bool' - }, - 'singleIP' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'singleSession' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'singleUserByIP' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'skipRenewConfirmation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'skipUpgradeConfirmation' => { - 'default' => 0, - 'type' => 'bool' - }, - 'slaveAuthnLevel' => { - 'default' => 2, - 'type' => 'int' - }, - 'slaveDisplayLogo' => { - 'default' => 0, - 'type' => 'bool' - }, - 'slaveExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'slaveHeaderContent' => { - 'type' => 'text' - }, - 'slaveHeaderName' => { - 'type' => 'text' - }, - 'slaveMasterIP' => { - 'msgFail' => '__badIPv4Address__', - 'test' => qr/^((?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)\s*)*$/, - 'type' => 'text' - }, - 'slaveUserHeader' => { - 'type' => 'text' - }, - 'SMTPAuthPass' => { - 'type' => 'password' - }, - 'SMTPAuthUser' => { - 'type' => 'text' - }, - 'SMTPPort' => { - 'type' => 'int' - }, - 'SMTPServer' => { - 'default' => '', - 'test' => -qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/, - 'type' => 'text' - }, - 'SMTPTLS' => { - 'default' => '', - 'select' => [ { - 'k' => '', - 'v' => 'none' - }, - { - 'k' => 'starttls', - 'v' => 'SMTP + STARTTLS' - }, - { - 'k' => 'ssl', - 'v' => 'SMTPS' - } - ], - 'type' => 'select' - }, - 'SMTPTLSOpts' => { - 'type' => 'keyTextContainer' - }, - 'soapConfigServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'soapProxyUrn' => { - 'default' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService', - 'type' => 'text' - }, - 'soapSessionServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'SSLAuthnLevel' => { - 'default' => 5, - 'type' => 'int' - }, - 'sslByAjax' => { - 'default' => 0, - 'type' => 'bool' - }, - 'sslHost' => { - 'type' => 'url' - }, - 'SSLVar' => { - 'default' => 'SSL_CLIENT_S_DN_Email', - 'type' => 'text' - }, - 'SSLVarIf' => { - 'default' => {}, - 'keyTest' => sub { - 1; - }, - 'type' => 'keyTextContainer' - }, - 'staticPrefix' => { - 'type' => 'text' - }, - 'status' => { - 'type' => 'bool' - }, - 'stayConnected' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'stayConnectedBypassFG' => { - 'default' => 0, - 'type' => 'bool' - }, - 'stayConnectedCookieName' => { - 'default' => 'llngconnection', - 'msgFail' => '__badCookieName__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, - 'type' => 'text' - }, - 'stayConnectedTimeout' => { - 'default' => 2592000, - 'type' => 'int' - }, - 'storePassword' => { - 'default' => 0, - 'type' => 'bool' - }, - 'successLoginNumber' => { - 'default' => 5, - 'type' => 'int' - }, - 'syslogFacility' => { - 'type' => 'text' - }, - 'timeout' => { - 'default' => 72000, - 'test' => sub { - $_[0] > 0; - }, - 'type' => 'int' - }, - 'timeoutActivity' => { - 'default' => 0, - 'test' => sub { - $_[0] >= 0; - }, - 'type' => 'int' - }, - 'timeoutActivityInterval' => { - 'default' => 60, - 'test' => sub { - $_[0] >= 0; - }, - 'type' => 'int' - }, - 'tokenUseGlobalStorage' => { - 'default' => 0, - 'type' => 'bool' - }, - 'totp2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'totp2fAuthnLevel' => { - 'type' => 'int' - }, - 'totp2fDigits' => { - 'default' => 6, - 'type' => 'int' - }, - 'totp2fEncryptSecret' => { - 'default' => 0, - 'type' => 'bool' - }, - 'totp2fInterval' => { - 'default' => 30, - 'type' => 'int' - }, - 'totp2fIssuer' => { - 'type' => 'text' - }, - 'totp2fLabel' => { - 'type' => 'text' - }, - 'totp2fLogo' => { - 'type' => 'text' - }, - 'totp2fRange' => { - 'default' => 1, - 'type' => 'int' - }, - 'totp2fSelfRegistration' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'totp2fTTL' => { - 'type' => 'int' - }, - 'totp2fUserCanRemoveKey' => { - 'default' => 1, - 'type' => 'bool' - }, - 'trustedDomains' => { - 'type' => 'text' - }, - 'twitterAppName' => { - 'type' => 'text' - }, - 'twitterAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'twitterKey' => { - 'type' => 'text' - }, - 'twitterSecret' => { - 'type' => 'text' - }, - 'twitterUserField' => { - 'default' => 'screen_name', - 'type' => 'text' - }, - 'u2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'u2fAuthnLevel' => { - 'type' => 'int' - }, - 'u2fLabel' => { - 'type' => 'text' - }, - 'u2fLogo' => { - 'type' => 'text' - }, - 'u2fSelfRegistration' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'u2fTTL' => { - 'type' => 'int' - }, - 'u2fUserCanRemoveKey' => { - 'default' => 1, - 'type' => 'bool' - }, - 'upgradeSession' => { - 'default' => 1, - 'type' => 'bool' - }, - 'userControl' => { - 'default' => '^[\\w\\.\\-@]+$', - 'type' => 'pcre' - }, - 'userDB' => { - 'default' => 'Same', - 'select' => [ { - 'k' => 'Same', - 'v' => 'Same' - }, - { - 'k' => 'AD', - 'v' => 'Active Directory' - }, - { - 'k' => 'DBI', - 'v' => 'Database (DBI)' - }, - { - 'k' => 'LDAP', - 'v' => 'LDAP' - }, - { - 'k' => 'REST', - 'v' => 'REST' - }, - { - 'k' => 'Null', - 'v' => 'None' - }, - { - 'k' => 'Custom', - 'v' => 'customModule' - } - ], - 'type' => 'select' - }, - 'useRedirectOnError' => { - 'default' => 1, - 'type' => 'bool' - }, - 'useRedirectOnForbidden' => { - 'default' => 0, - 'type' => 'bool' - }, - 'userLogger' => { - 'type' => 'text' - }, - 'userPivot' => { - 'type' => 'text' - }, - 'userSyslogFacility' => { - 'type' => 'text' - }, - 'useSafeJail' => { - 'default' => 1, - 'type' => 'bool' - }, - 'utotp2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'utotp2fAuthnLevel' => { - 'type' => 'int' - }, - 'utotp2fLabel' => { - 'type' => 'text' - }, - 'utotp2fLogo' => { - 'type' => 'text' - }, - 'vhostAccessToTrace' => { - 'default' => '', - 'type' => 'text' - }, - 'vhostAliases' => { - 'default' => '', - 'type' => 'text' - }, - 'vhostAuthnLevel' => { - 'type' => 'int' - }, - 'vhostDevOpsRulesUrl' => { - 'type' => 'url' - }, - 'vhostHttps' => { - 'default' => -1, - 'type' => 'trool' - }, - 'vhostMaintenance' => { - 'default' => 0, - 'type' => 'bool' - }, - 'vhostOptions' => { - 'type' => 'subContainer' - }, - 'vhostPort' => { - 'default' => -1, - 'type' => 'int' - }, - 'vhostServiceTokenTTL' => { - 'default' => -1, - 'type' => 'int' - }, - 'vhostType' => { - 'default' => 'Main', - 'select' => [ { - 'k' => 'AuthBasic', - 'v' => 'AuthBasic' - }, - { - 'k' => 'CDA', - 'v' => 'CDA' - }, - { - 'k' => 'DevOps', - 'v' => 'DevOps' - }, - { - 'k' => 'DevOpsST', - 'v' => 'DevOpsST' - }, - { - 'k' => 'Main', - 'v' => 'Main' - }, - { - 'k' => 'OAuth2', - 'v' => 'OAuth2' - }, - { - 'k' => 'SecureToken', - 'v' => 'SecureToken' - }, - { - 'k' => 'ServiceToken', - 'v' => 'ServiceToken' - }, - { - 'k' => 'ZimbraPreAuth', - 'v' => 'ZimbraPreAuth' - } - ], - 'type' => 'select' - }, - 'viewerAllowBrowser' => { - 'default' => 0, - 'type' => 'bool' - }, - 'viewerAllowDiff' => { - 'default' => 0, - 'type' => 'bool' - }, - 'viewerHiddenKeys' => { - 'default' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes', - 'type' => 'text' - }, - 'virtualHosts' => { - 'type' => 'virtualHostContainer' - }, - 'webauthn2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'webauthn2fAuthnLevel' => { - 'type' => 'int' - }, - 'webauthn2fLabel' => { - 'type' => 'text' - }, - 'webauthn2fLogo' => { - 'type' => 'text' - }, - 'webauthn2fSelfRegistration' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'webauthn2fUserCanRemoveKey' => { - 'default' => 1, - 'type' => 'bool' - }, - 'webauthn2fUserVerification' => { - 'default' => 'preferred', - 'select' => [ { - 'k' => 'discouraged', - 'v' => 'Discouraged' - }, - { - 'k' => 'preferred', - 'v' => 'Preferred' - }, - { - 'k' => 'required', - 'v' => 'Required' - } - ], - 'type' => 'select' - }, - 'webauthnDisplayNameAttr' => { - 'type' => 'text' - }, - 'webauthnRpName' => { - 'type' => 'text' - }, - 'webIDAuthnLevel' => { - 'default' => 1, - 'type' => 'int' - }, - 'webIDExportedVars' => { - 'default' => {}, - 'keyMsgFail' => '__badVariableName__', - 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, - 'msgFail' => '__badValue__', - 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, - 'type' => 'keyTextContainer' - }, - 'webIDWhitelist' => { - 'type' => 'text' - }, - 'whatToTrace' => { - 'default' => 'uid', - 'type' => 'lmAttrOrMacro' - }, - 'wsdlServer' => { - 'default' => 0, - 'type' => 'bool' - }, - 'yubikey2fActivation' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'yubikey2fAuthnLevel' => { - 'type' => 'int' - }, - 'yubikey2fClientID' => { - 'type' => 'text' - }, - 'yubikey2fFromSessionAttribute' => { - 'type' => 'text' - }, - 'yubikey2fLabel' => { - 'type' => 'text' - }, - 'yubikey2fLogo' => { - 'type' => 'text' - }, - 'yubikey2fNonce' => { - 'type' => 'text' - }, - 'yubikey2fPublicIDSize' => { - 'default' => 12, - 'type' => 'int' - }, - 'yubikey2fSecretKey' => { - 'type' => 'text' - }, - 'yubikey2fSelfRegistration' => { - 'default' => 0, - 'type' => 'boolOrExpr' - }, - 'yubikey2fTTL' => { - 'type' => 'int' - }, - 'yubikey2fUrl' => { - 'type' => 'text' - }, - 'yubikey2fUserCanRemoveKey' => { - 'default' => 1, - 'type' => 'bool' - }, - 'zimbraAccountKey' => { - 'type' => 'text' - }, - 'zimbraBy' => { - 'type' => 'text' - }, - 'zimbraPreAuthKey' => { - 'type' => 'text' - }, - 'zimbraSsoUrl' => { - 'type' => 'text' - }, - 'zimbraUrl' => { - 'type' => 'text' - } - }; + 'protection' => { + 'msgFail' => '__authorizedValues__: none authenticate manager', + 'test' => qr/^(?:none|authenticate|manager|)$/, + 'type' => 'text' + }, + 'proxyAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'proxyAuthService' => { + 'type' => 'text' + }, + 'proxyAuthServiceChoiceParam' => { + 'default' => 'lmAuth', + 'type' => 'text' + }, + 'proxyAuthServiceChoiceValue' => { + 'type' => 'text' + }, + 'proxyAuthServiceImpersonation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'proxyCookieName' => { + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'proxySessionService' => { + 'type' => 'text' + }, + 'proxyUseSoap' => { + 'default' => 0, + 'type' => 'bool' + }, + 'radius2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'radius2fAuthnLevel' => { + 'type' => 'int' + }, + 'radius2fLabel' => { + 'type' => 'text' + }, + 'radius2fLogo' => { + 'type' => 'text' + }, + 'radius2fSecret' => { + 'type' => 'text' + }, + 'radius2fServer' => { + 'type' => 'text' + }, + 'radius2fTimeout' => { + 'default' => 20, + 'type' => 'int' + }, + 'radius2fUsernameSessionKey' => { + 'type' => 'text' + }, + 'radiusAuthnLevel' => { + 'default' => 3, + 'type' => 'int' + }, + 'radiusSecret' => { + 'type' => 'text' + }, + 'radiusServer' => { + 'type' => 'text' + }, + 'randomPasswordRegexp' => { + 'default' => '[A-Z]{3}[a-z]{5}.\\d{2}', + 'type' => 'pcre' + }, + 'redirectFormMethod' => { + 'default' => 'get', + 'select' => [ + { + 'k' => 'get', + 'v' => 'GET' + }, + { + 'k' => 'post', + 'v' => 'POST' + } + ], + 'type' => 'select' + }, + 'refreshSessions' => { + 'type' => 'bool' + }, + 'registerConfirmBody' => { + 'type' => 'longtext' + }, + 'registerConfirmSubject' => { + 'type' => 'text' + }, + 'registerDB' => { + 'default' => 'Null', + 'select' => [ + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'Demo', + 'v' => 'Demonstration' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'registerDoneBody' => { + 'type' => 'longtext' + }, + 'registerDoneSubject' => { + 'type' => 'text' + }, + 'registerTimeout' => { + 'default' => 0, + 'type' => 'int' + }, + 'registerUrl' => { + 'default' => 'http://auth.example.com/register', + 'type' => 'text' + }, + 'reloadTimeout' => { + 'default' => 5, + 'type' => 'int' + }, + 'reloadUrls' => { + 'keyTest' => qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$/, + 'msgFail' => '__badUrl__', + 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'keyTextContainer' + }, + 'rememberAuthChoiceRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'rememberCookieName' => { + 'default' => 'llngrememberauthchoice', + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'rememberCookieTimeout' => { + 'default' => 31536000, + 'type' => 'int' + }, + 'rememberDefaultChecked' => { + 'default' => 0, + 'type' => 'bool' + }, + 'rememberTimer' => { + 'default' => 5, + 'type' => 'int' + }, + 'remoteCookieName' => { + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'remoteGlobalStorage' => { + 'default' => 'Lemonldap::NG::Common::Apache::Session::SOAP', + 'type' => 'PerlModule' + }, + 'remoteGlobalStorageOptions' => { + 'default' => { + 'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', + 'proxy' => 'http://auth.example.com/sessions' + }, + 'type' => 'keyTextContainer' + }, + 'remotePortal' => { + 'type' => 'text' + }, + 'requireToken' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'rest2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'rest2fAuthnLevel' => { + 'type' => 'int' + }, + 'rest2fCodeActivation' => { + 'type' => 'pcre' + }, + 'rest2fInitArgs' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/^\w+$/, + 'msgFail' => '__badValue__', + 'test' => qr/^\w+$/, + 'type' => 'keyTextContainer' + }, + 'rest2fInitUrl' => { + 'type' => 'url' + }, + 'rest2fLabel' => { + 'type' => 'text' + }, + 'rest2fLogo' => { + 'type' => 'text' + }, + 'rest2fResendInterval' => { + 'type' => 'text' + }, + 'rest2fVerifyArgs' => { + 'type' => 'keyTextContainer' + }, + 'rest2fVerifyUrl' => { + 'keyMsgFail' => '__badKeyName__', + 'keyTest' => qr/^\w+$/, + 'msgFail' => '__badValue__', + 'test' => qr/^\w+$/, + 'type' => 'url' + }, + 'restAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'restAuthServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restAuthUrl' => { + 'type' => 'url' + }, + 'restClockTolerance' => { + 'default' => 15, + 'type' => 'int' + }, + 'restConfigServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restExportSecretKeys' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restFindUserDBUrl' => { + 'type' => 'url' + }, + 'restPasswordServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restPwdConfirmUrl' => { + 'type' => 'url' + }, + 'restPwdModifyUrl' => { + 'type' => 'url' + }, + 'restSessionServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'restUserDBUrl' => { + 'type' => 'url' + }, + 'sameSite' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'Strict', + 'v' => 'Strict' + }, + { + 'k' => 'Lax', + 'v' => 'Lax' + }, + { + 'k' => 'None', + 'v' => 'None' + } + ], + 'type' => 'select' + }, + 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', + 'type' => 'samlService' + }, + 'samlAuthnContextMapKerberos' => { + 'default' => 4, + 'type' => 'int' + }, + 'samlAuthnContextMapPassword' => { + 'default' => 2, + 'type' => 'int' + }, + 'samlAuthnContextMapPasswordProtectedTransport' => { + 'default' => 3, + 'type' => 'int' + }, + 'samlAuthnContextMapTLSClient' => { + 'default' => 5, + 'type' => 'int' + }, + 'samlCommonDomainCookieActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlCommonDomainCookieDomain' => { + 'msgFail' => '__badDomainName__', + 'test' => qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/, + 'type' => 'text' + }, + 'samlCommonDomainCookieReader' => { + 'msgFail' => '__badUrl__', + 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'text' + }, + 'samlCommonDomainCookieWriter' => { + 'msgFail' => '__badUrl__', + 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'text' + }, + 'samlDiscoveryProtocolActivation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlDiscoveryProtocolIsPassive' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlDiscoveryProtocolPolicy' => { + 'type' => 'text' + }, + 'samlDiscoveryProtocolURL' => { + 'msgFail' => '__badUrl__', + 'test' => qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/, + 'type' => 'text' + }, + 'samlEntityID' => { + 'default' => '#PORTAL#/saml/metadata', + 'type' => 'text' + }, + 'samlIDPMetaDataExportedAttributes' => { + 'default' => {}, + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, + 'msgFail' => '__badValue__', + 'test' => qr/\w/, + 'type' => 'samlAttributeContainer' + }, + 'samlIDPMetaDataNodes' => { + 'type' => 'samlIDPMetaDataNodeContainer' + }, + 'samlIDPMetaDataOptions' => { + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, + 'type' => 'keyTextContainer' + }, + 'samlIDPMetaDataOptionsAdaptSessionUtime' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsAllowLoginFromIDP' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsAllowProxiedAuthn' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckAudience' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckSLOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckSSOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsCheckTime' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsDisplayName' => { + 'type' => 'text' + }, + 'samlIDPMetaDataOptionsEncryptionMode' => { + 'default' => 'none', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'nameid', + 'v' => 'Name ID' + }, + { + 'k' => 'assertion', + 'v' => 'Assertion' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsForceAuthn' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsForceUTF8' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsIcon' => { + 'type' => 'text' + }, + 'samlIDPMetaDataOptionsIsPassive' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsNameIDFormat' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'unspecified', + 'v' => 'Unspecified' + }, + { + 'k' => 'email', + 'v' => 'Email' + }, + { + 'k' => 'x509', + 'v' => 'X509 certificate' + }, + { + 'k' => 'windows', + 'v' => 'Windows' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'entity', + 'v' => 'Entity' + }, + { + 'k' => 'persistent', + 'v' => 'Persistent' + }, + { + 'k' => 'transient', + 'v' => 'Transient' + }, + { + 'k' => 'encrypted', + 'v' => 'Encrypted' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsRelayStateURL' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsRequestedAuthnContext' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'password-protected-transport', + 'v' => 'Password protected transport' + }, + { + 'k' => 'password', + 'v' => 'Password' + }, + { + 'k' => 'tls-client', + 'v' => 'TLS client certificate' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsResolutionRule' => { + 'default' => '', + 'type' => 'longtext' + }, + 'samlIDPMetaDataOptionsSignatureMethod' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => 'default' + }, + { + 'k' => 'RSA_SHA1', + 'v' => 'RSA SHA1' + }, + { + 'k' => 'RSA_SHA256', + 'v' => 'RSA SHA256' + }, + { + 'k' => 'RSA_SHA384', + 'v' => 'RSA SHA384' + }, + { + 'k' => 'RSA_SHA512', + 'v' => 'RSA SHA512' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsSignSLOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlIDPMetaDataOptionsSignSSOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlIDPMetaDataOptionsSLOBinding' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'http-post', + 'v' => 'POST' + }, + { + 'k' => 'http-redirect', + 'v' => 'Redirect' + }, + { + 'k' => 'http-soap', + 'v' => 'SOAP' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsSortNumber' => { + 'type' => 'int' + }, + 'samlIDPMetaDataOptionsSSOBinding' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'http-post', + 'v' => 'POST' + }, + { + 'k' => 'http-redirect', + 'v' => 'Redirect' + }, + { + 'k' => 'artifact-get', + 'v' => 'Artifact GET' + } + ], + 'type' => 'select' + }, + 'samlIDPMetaDataOptionsStoreSAMLToken' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlIDPMetaDataOptionsUserAttribute' => { + 'type' => 'text' + }, + 'samlIDPMetaDataXML' => { + 'test' => sub { + my $v = shift(); + return 1 unless $v and %$v; + my @msg; + my $res = 1; + my %entityIds; + foreach my $idpId (keys %$v) { + unless ($v->{$idpId}{'samlIDPMetaDataXML'} =~ /entityID="(.+?)"/is) { + push @msg, "$idpId SAML metadata has no EntityID"; + $res = 0; + next; + } + my $eid = $1; + if (defined $entityIds{$eid}) { + push @msg, "$idpId and $entityIds{$eid} have the same SAML EntityID"; + $res = 0; + next; + } + $entityIds{$eid} = $idpId; + } + return $res, join(', ', @msg); + }, + 'type' => 'file' + }, + 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => { + 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'type' => 'samlAssertion' + }, + 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', + 'type' => 'samlService' + }, + 'samlIDPSSODescriptorWantAuthnRequestsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlMetadataForceUTF8' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlNameIDFormatMapEmail' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'samlNameIDFormatMapKerberos' => { + 'default' => 'uid', + 'type' => 'text' + }, + 'samlNameIDFormatMapWindows' => { + 'default' => 'uid', + 'type' => 'text' + }, + 'samlNameIDFormatMapX509' => { + 'default' => 'mail', + 'type' => 'text' + }, + 'samlOrganizationDisplayName' => { + 'default' => 'Example', + 'type' => 'text' + }, + 'samlOrganizationName' => { + 'default' => 'Example', + 'type' => 'text' + }, + 'samlOrganizationURL' => { + 'default' => 'http://www.example.com', + 'type' => 'text' + }, + 'samlOverrideIDPEntityID' => { + 'default' => '', + 'type' => 'text' + }, + 'samlRelayStateTimeout' => { + 'default' => 600, + 'type' => 'int' + }, + 'samlServicePrivateKeyEnc' => { + 'default' => '', + 'type' => 'RSAPrivateKey' + }, + 'samlServicePrivateKeyEncPwd' => { + 'type' => 'password' + }, + 'samlServicePrivateKeySig' => { + 'default' => '', + 'type' => 'RSAPrivateKey' + }, + 'samlServicePrivateKeySigPwd' => { + 'default' => '', + 'type' => 'password' + }, + 'samlServicePublicKeyEnc' => { + 'default' => '', + 'type' => 'RSAPublicKeyOrCertificate' + }, + 'samlServicePublicKeySig' => { + 'default' => '', + 'type' => 'RSAPublicKeyOrCertificate' + }, + 'samlServiceSignatureMethod' => { + 'default' => 'RSA_SHA256', + 'select' => [ + { + 'k' => 'RSA_SHA1', + 'v' => 'RSA SHA1' + }, + { + 'k' => 'RSA_SHA256', + 'v' => 'RSA SHA256' + }, + { + 'k' => 'RSA_SHA384', + 'v' => 'RSA SHA384' + }, + { + 'k' => 'RSA_SHA512', + 'v' => 'RSA SHA512' + } + ], + 'type' => 'select' + }, + 'samlServiceUseCertificateInResponse' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataExportedAttributes' => { + 'default' => {}, + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, + 'msgFail' => '__badValue__', + 'test' => qr/\w/, + 'type' => 'samlAttributeContainer' + }, + 'samlSPMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, + 'samlSPMetaDataNodes' => { + 'type' => 'samlSPMetaDataNodeContainer' + }, + 'samlSPMetaDataOptions' => { + 'keyMsgFail' => '__badMetadataName__', + 'keyTest' => qr/^[a-zA-Z](?:[a-zA-Z0-9_\-\.]*\w)?$/, + 'type' => 'keyTextContainer' + }, + 'samlSPMetaDataOptionsAuthnLevel' => { + 'type' => 'int' + }, + 'samlSPMetaDataOptionsCheckSLOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsCheckSSOMessageSignature' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsEnableIDPInitiatedURL' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsEncryptionMode' => { + 'default' => 'none', + 'select' => [ + { + 'k' => 'none', + 'v' => 'None' + }, + { + 'k' => 'nameid', + 'v' => 'Name ID' + }, + { + 'k' => 'assertion', + 'v' => 'Assertion' + } + ], + 'type' => 'select' + }, + 'samlSPMetaDataOptionsForceUTF8' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsNameIDFormat' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => '' + }, + { + 'k' => 'unspecified', + 'v' => 'Unspecified' + }, + { + 'k' => 'email', + 'v' => 'Email' + }, + { + 'k' => 'x509', + 'v' => 'X509 certificate' + }, + { + 'k' => 'windows', + 'v' => 'Windows' + }, + { + 'k' => 'kerberos', + 'v' => 'Kerberos' + }, + { + 'k' => 'entity', + 'v' => 'Entity' + }, + { + 'k' => 'persistent', + 'v' => 'Persistent' + }, + { + 'k' => 'transient', + 'v' => 'Transient' + }, + { + 'k' => 'encrypted', + 'v' => 'Encrypted' + } + ], + 'type' => 'select' + }, + 'samlSPMetaDataOptionsNameIDSessionKey' => { + 'type' => 'text' + }, + 'samlSPMetaDataOptionsNotOnOrAfterTimeout' => { + 'default' => 72000, + 'type' => 'int' + }, + 'samlSPMetaDataOptionsOneTimeUse' => { + 'default' => 0, + 'type' => 'bool' + }, + 'samlSPMetaDataOptionsRule' => { + 'test' => sub { + return perlExpr(@_); + }, + 'type' => 'text' + }, + 'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => { + 'default' => 72000, + 'type' => 'int' + }, + 'samlSPMetaDataOptionsSignatureMethod' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => 'default' + }, + { + 'k' => 'RSA_SHA1', + 'v' => 'RSA SHA1' + }, + { + 'k' => 'RSA_SHA256', + 'v' => 'RSA SHA256' + }, + { + 'k' => 'RSA_SHA384', + 'v' => 'RSA SHA384' + }, + { + 'k' => 'RSA_SHA512', + 'v' => 'RSA SHA512' + } + ], + 'type' => 'select' + }, + 'samlSPMetaDataOptionsSignSLOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlSPMetaDataOptionsSignSSOMessage' => { + 'default' => -1, + 'type' => 'trool' + }, + 'samlSPMetaDataXML' => { + 'type' => 'file' + }, + 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => { + 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => { + 'default' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => { + 'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', + 'type' => 'samlAssertion' + }, + 'samlSPSSODescriptorAuthnRequestsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorSingleLogoutServiceSOAP' => { + 'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', + 'type' => 'samlService' + }, + 'samlSPSSODescriptorWantAssertionsSigned' => { + 'default' => 1, + 'type' => 'bool' + }, + 'samlStorage' => { + 'type' => 'PerlModule' + }, + 'samlStorageOptions' => { + 'type' => 'keyTextContainer' + }, + 'samlUseQueryStringSpecific' => { + 'default' => 0, + 'type' => 'bool' + }, + 'scrollTop' => { + 'default' => 400, + 'type' => 'int' + }, + 'securedCookie' => { + 'default' => 0, + 'select' => [ + { + 'k' => '0', + 'v' => 'unsecuredCookie' + }, + { + 'k' => '1', + 'v' => 'securedCookie' + }, + { + 'k' => '2', + 'v' => 'doubleCookie' + }, + { + 'k' => '3', + 'v' => 'doubleCookieForSingleSession' + } + ], + 'type' => 'select' + }, + 'secureTokenAllowOnError' => { + 'type' => 'text' + }, + 'secureTokenAttribute' => { + 'type' => 'text' + }, + 'secureTokenExpiration' => { + 'type' => 'text' + }, + 'secureTokenHeader' => { + 'type' => 'text' + }, + 'secureTokenMemcachedServers' => { + 'type' => 'text' + }, + 'secureTokenUrls' => { + 'type' => 'text' + }, + 'sentryDsn' => { + 'type' => 'text' + }, + 'sessionDataToRemember' => { + 'keyMsgFail' => '__invalidSessionData__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'type' => 'keyTextContainer' + }, + 'sfEngine' => { + 'default' => '::2F::Engines::Default', + 'type' => 'text' + }, + 'sfExtra' => { + 'keyTest' => qr/^\w+$/, + 'select' => [ + { + 'k' => 'Mail2F', + 'v' => 'E-Mail' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Ext2F', + 'v' => 'External' + }, + { + 'k' => 'Radius', + 'v' => 'Radius' + } + ], + 'test' => sub { + 1; + }, + 'type' => 'sfExtraContainer' + }, + 'sfLoginTimeout' => { + 'type' => 'int' + }, + 'sfManagerRule' => { + 'default' => 1, + 'type' => 'boolOrExpr' + }, + 'sfOnlyUpgrade' => { + 'type' => 'bool' + }, + 'sfRegisterTimeout' => { + 'type' => 'int' + }, + 'sfRemovedMsgRule' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'sfRemovedNotifMsg' => { + 'default' => '_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!', + 'type' => 'text' + }, + 'sfRemovedNotifRef' => { + 'default' => 'RemoveSF', + 'type' => 'text' + }, + 'sfRemovedNotifTitle' => { + 'default' => 'Second factor notification', + 'type' => 'text' + }, + 'sfRemovedUseNotif' => { + 'default' => 0, + 'type' => 'bool' + }, + 'sfRequired' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'showLanguages' => { + 'default' => 1, + 'type' => 'bool' + }, + 'singleIP' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'singleSession' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'singleUserByIP' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'skipRenewConfirmation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'skipUpgradeConfirmation' => { + 'default' => 0, + 'type' => 'bool' + }, + 'slaveAuthnLevel' => { + 'default' => 2, + 'type' => 'int' + }, + 'slaveDisplayLogo' => { + 'default' => 0, + 'type' => 'bool' + }, + 'slaveExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'slaveHeaderContent' => { + 'type' => 'text' + }, + 'slaveHeaderName' => { + 'type' => 'text' + }, + 'slaveMasterIP' => { + 'msgFail' => '__badIPv4Address__', + 'test' => qr/^((?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)\s*)*$/, + 'type' => 'text' + }, + 'slaveUserHeader' => { + 'type' => 'text' + }, + 'SMTPAuthPass' => { + 'type' => 'password' + }, + 'SMTPAuthUser' => { + 'type' => 'text' + }, + 'SMTPPort' => { + 'type' => 'int' + }, + 'SMTPServer' => { + 'default' => '', + 'test' => qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/, + 'type' => 'text' + }, + 'SMTPTLS' => { + 'default' => '', + 'select' => [ + { + 'k' => '', + 'v' => 'none' + }, + { + 'k' => 'starttls', + 'v' => 'SMTP + STARTTLS' + }, + { + 'k' => 'ssl', + 'v' => 'SMTPS' + } + ], + 'type' => 'select' + }, + 'SMTPTLSOpts' => { + 'type' => 'keyTextContainer' + }, + 'soapConfigServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'soapProxyUrn' => { + 'default' => 'urn:Lemonldap/NG/Common/PSGI/SOAPService', + 'type' => 'text' + }, + 'soapSessionServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'SSLAuthnLevel' => { + 'default' => 5, + 'type' => 'int' + }, + 'sslByAjax' => { + 'default' => 0, + 'type' => 'bool' + }, + 'sslHost' => { + 'type' => 'url' + }, + 'SSLVar' => { + 'default' => 'SSL_CLIENT_S_DN_Email', + 'type' => 'text' + }, + 'SSLVarIf' => { + 'default' => {}, + 'keyTest' => sub { + 1; + }, + 'type' => 'keyTextContainer' + }, + 'staticPrefix' => { + 'type' => 'text' + }, + 'status' => { + 'type' => 'bool' + }, + 'stayConnected' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'stayConnectedBypassFG' => { + 'default' => 0, + 'type' => 'bool' + }, + 'stayConnectedCookieName' => { + 'default' => 'llngconnection', + 'msgFail' => '__badCookieName__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/, + 'type' => 'text' + }, + 'stayConnectedTimeout' => { + 'default' => 2592000, + 'type' => 'int' + }, + 'storePassword' => { + 'default' => 0, + 'type' => 'bool' + }, + 'successLoginNumber' => { + 'default' => 5, + 'type' => 'int' + }, + 'syslogFacility' => { + 'type' => 'text' + }, + 'timeout' => { + 'default' => 72000, + 'test' => sub { + $_[0] > 0; + }, + 'type' => 'int' + }, + 'timeoutActivity' => { + 'default' => 0, + 'test' => sub { + $_[0] >= 0; + }, + 'type' => 'int' + }, + 'timeoutActivityInterval' => { + 'default' => 60, + 'test' => sub { + $_[0] >= 0; + }, + 'type' => 'int' + }, + 'tokenUseGlobalStorage' => { + 'default' => 0, + 'type' => 'bool' + }, + 'totp2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'totp2fAuthnLevel' => { + 'type' => 'int' + }, + 'totp2fDigits' => { + 'default' => 6, + 'type' => 'int' + }, + 'totp2fEncryptSecret' => { + 'default' => 0, + 'type' => 'bool' + }, + 'totp2fInterval' => { + 'default' => 30, + 'type' => 'int' + }, + 'totp2fIssuer' => { + 'type' => 'text' + }, + 'totp2fLabel' => { + 'type' => 'text' + }, + 'totp2fLogo' => { + 'type' => 'text' + }, + 'totp2fRange' => { + 'default' => 1, + 'type' => 'int' + }, + 'totp2fSelfRegistration' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'totp2fTTL' => { + 'type' => 'int' + }, + 'totp2fUserCanRemoveKey' => { + 'default' => 1, + 'type' => 'bool' + }, + 'trustedDomains' => { + 'type' => 'text' + }, + 'twitterAppName' => { + 'type' => 'text' + }, + 'twitterAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'twitterKey' => { + 'type' => 'text' + }, + 'twitterSecret' => { + 'type' => 'text' + }, + 'twitterUserField' => { + 'default' => 'screen_name', + 'type' => 'text' + }, + 'u2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'u2fAuthnLevel' => { + 'type' => 'int' + }, + 'u2fLabel' => { + 'type' => 'text' + }, + 'u2fLogo' => { + 'type' => 'text' + }, + 'u2fSelfRegistration' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'u2fTTL' => { + 'type' => 'int' + }, + 'u2fUserCanRemoveKey' => { + 'default' => 1, + 'type' => 'bool' + }, + 'upgradeSession' => { + 'default' => 1, + 'type' => 'bool' + }, + 'userControl' => { + 'default' => '^[\\w\\.\\-@]+$', + 'type' => 'pcre' + }, + 'userDB' => { + 'default' => 'Same', + 'select' => [ + { + 'k' => 'Same', + 'v' => 'Same' + }, + { + 'k' => 'AD', + 'v' => 'Active Directory' + }, + { + 'k' => 'DBI', + 'v' => 'Database (DBI)' + }, + { + 'k' => 'LDAP', + 'v' => 'LDAP' + }, + { + 'k' => 'REST', + 'v' => 'REST' + }, + { + 'k' => 'Null', + 'v' => 'None' + }, + { + 'k' => 'Custom', + 'v' => 'customModule' + } + ], + 'type' => 'select' + }, + 'useRedirectOnError' => { + 'default' => 1, + 'type' => 'bool' + }, + 'useRedirectOnForbidden' => { + 'default' => 0, + 'type' => 'bool' + }, + 'userLogger' => { + 'type' => 'text' + }, + 'userPivot' => { + 'type' => 'text' + }, + 'userSyslogFacility' => { + 'type' => 'text' + }, + 'useSafeJail' => { + 'default' => 1, + 'type' => 'bool' + }, + 'utotp2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'utotp2fAuthnLevel' => { + 'type' => 'int' + }, + 'utotp2fLabel' => { + 'type' => 'text' + }, + 'utotp2fLogo' => { + 'type' => 'text' + }, + 'vhostAccessToTrace' => { + 'default' => '', + 'type' => 'text' + }, + 'vhostAliases' => { + 'default' => '', + 'type' => 'text' + }, + 'vhostAuthnLevel' => { + 'type' => 'int' + }, + 'vhostDevOpsRulesUrl' => { + 'type' => 'url' + }, + 'vhostHttps' => { + 'default' => -1, + 'type' => 'trool' + }, + 'vhostMaintenance' => { + 'default' => 0, + 'type' => 'bool' + }, + 'vhostOptions' => { + 'type' => 'subContainer' + }, + 'vhostPort' => { + 'default' => -1, + 'type' => 'int' + }, + 'vhostServiceTokenTTL' => { + 'default' => -1, + 'type' => 'int' + }, + 'vhostType' => { + 'default' => 'Main', + 'select' => [ + { + 'k' => 'AuthBasic', + 'v' => 'AuthBasic' + }, + { + 'k' => 'CDA', + 'v' => 'CDA' + }, + { + 'k' => 'DevOps', + 'v' => 'DevOps' + }, + { + 'k' => 'DevOpsST', + 'v' => 'DevOpsST' + }, + { + 'k' => 'Main', + 'v' => 'Main' + }, + { + 'k' => 'OAuth2', + 'v' => 'OAuth2' + }, + { + 'k' => 'SecureToken', + 'v' => 'SecureToken' + }, + { + 'k' => 'ServiceToken', + 'v' => 'ServiceToken' + }, + { + 'k' => 'ZimbraPreAuth', + 'v' => 'ZimbraPreAuth' + } + ], + 'type' => 'select' + }, + 'viewerAllowBrowser' => { + 'default' => 0, + 'type' => 'bool' + }, + 'viewerAllowDiff' => { + 'default' => 0, + 'type' => 'bool' + }, + 'viewerHiddenKeys' => { + 'default' => 'samlIDPMetaDataNodes, samlSPMetaDataNodes', + 'type' => 'text' + }, + 'virtualHosts' => { + 'type' => 'virtualHostContainer' + }, + 'webauthn2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'webauthn2fAuthnLevel' => { + 'type' => 'int' + }, + 'webauthn2fLabel' => { + 'type' => 'text' + }, + 'webauthn2fLogo' => { + 'type' => 'text' + }, + 'webauthn2fSelfRegistration' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'webauthn2fUserCanRemoveKey' => { + 'default' => 1, + 'type' => 'bool' + }, + 'webauthn2fUserVerification' => { + 'default' => 'preferred', + 'select' => [ + { + 'k' => 'discouraged', + 'v' => 'Discouraged' + }, + { + 'k' => 'preferred', + 'v' => 'Preferred' + }, + { + 'k' => 'required', + 'v' => 'Required' + } + ], + 'type' => 'select' + }, + 'webauthnDisplayNameAttr' => { + 'type' => 'text' + }, + 'webauthnRpName' => { + 'type' => 'text' + }, + 'webIDAuthnLevel' => { + 'default' => 1, + 'type' => 'int' + }, + 'webIDExportedVars' => { + 'default' => {}, + 'keyMsgFail' => '__badVariableName__', + 'keyTest' => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/, + 'msgFail' => '__badValue__', + 'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/, + 'type' => 'keyTextContainer' + }, + 'webIDWhitelist' => { + 'type' => 'text' + }, + 'whatToTrace' => { + 'default' => 'uid', + 'type' => 'lmAttrOrMacro' + }, + 'wsdlServer' => { + 'default' => 0, + 'type' => 'bool' + }, + 'yubikey2fActivation' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'yubikey2fAuthnLevel' => { + 'type' => 'int' + }, + 'yubikey2fClientID' => { + 'type' => 'text' + }, + 'yubikey2fFromSessionAttribute' => { + 'type' => 'text' + }, + 'yubikey2fLabel' => { + 'type' => 'text' + }, + 'yubikey2fLogo' => { + 'type' => 'text' + }, + 'yubikey2fNonce' => { + 'type' => 'text' + }, + 'yubikey2fPublicIDSize' => { + 'default' => 12, + 'type' => 'int' + }, + 'yubikey2fSecretKey' => { + 'type' => 'text' + }, + 'yubikey2fSelfRegistration' => { + 'default' => 0, + 'type' => 'boolOrExpr' + }, + 'yubikey2fTTL' => { + 'type' => 'int' + }, + 'yubikey2fUrl' => { + 'type' => 'text' + }, + 'yubikey2fUserCanRemoveKey' => { + 'default' => 1, + 'type' => 'bool' + }, + 'zimbraAccountKey' => { + 'type' => 'text' + }, + 'zimbraBy' => { + 'type' => 'text' + }, + 'zimbraPreAuthKey' => { + 'type' => 'text' + }, + 'zimbraSsoUrl' => { + 'type' => 'text' + }, + 'zimbraUrl' => { + 'type' => 'text' + } + }; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm index ef4851aea7..2fb7371d0a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm @@ -7,332 +7,224 @@ use Exporter 'import'; our $VERSION = '2.0.15'; use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main'; -use constant URIRE => -qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:\@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)}; +use constant URIRE => qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:\@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)}; use constant { - PE_IDPCHOICE => -5, - PE_SENDRESPONSE => -4, - PE_INFO => -3, - PE_REDIRECT => -2, - PE_DONE => -1, - PE_OK => 0, - PE_SESSIONEXPIRED => 1, - PE_FORMEMPTY => 2, - PE_WRONGMANAGERACCOUNT => 3, - PE_USERNOTFOUND => 4, - PE_BADCREDENTIALS => 5, - PE_LDAPCONNECTFAILED => 6, - PE_LDAPERROR => 7, - PE_APACHESESSIONERROR => 8, - PE_FIRSTACCESS => 9, - PE_BADCERTIFICATE => 10, - PE_NO_PASSWORD_BE => 20, - PE_PP_ACCOUNT_LOCKED => 21, - PE_PP_PASSWORD_EXPIRED => 22, - PE_CERTIFICATEREQUIRED => 23, - PE_ERROR => 24, - PE_PP_CHANGE_AFTER_RESET => 25, - PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26, - PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27, - PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28, - PE_PP_PASSWORD_TOO_SHORT => 29, - PE_PP_PASSWORD_TOO_YOUNG => 30, - PE_PP_PASSWORD_IN_HISTORY => 31, - PE_PP_GRACE => 32, - PE_PP_EXP_WARNING => 33, - PE_PASSWORD_MISMATCH => 34, - PE_PASSWORD_OK => 35, - PE_NOTIFICATION => 36, - PE_BADURL => 37, - PE_NOSCHEME => 38, - PE_BADOLDPASSWORD => 39, - PE_MALFORMEDUSER => 40, - PE_SESSIONNOTGRANTED => 41, - PE_CONFIRM => 42, - PE_MAILFORMEMPTY => 43, - PE_BADMAILTOKEN => 44, - PE_MAILERROR => 45, - PE_MAILOK => 46, - PE_LOGOUT_OK => 47, - PE_SAML_ERROR => 48, - PE_SAML_LOAD_SERVICE_ERROR => 49, - PE_SAML_LOAD_IDP_ERROR => 50, - PE_SAML_SSO_ERROR => 51, - PE_SAML_UNKNOWN_ENTITY => 52, - PE_SAML_DESTINATION_ERROR => 53, - PE_SAML_CONDITIONS_ERROR => 54, - PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55, - PE_SAML_SLO_ERROR => 56, - PE_SAML_SIGNATURE_ERROR => 57, - PE_SAML_ART_ERROR => 58, - PE_SAML_SESSION_ERROR => 59, - PE_SAML_LOAD_SP_ERROR => 60, - PE_SAML_ATTR_ERROR => 61, - PE_OPENID_EMPTY => 62, - PE_OPENID_BADID => 63, - PE_MISSINGREQATTR => 64, - PE_BADPARTNER => 65, - PE_MAILCONFIRMATION_ALREADY_SENT => 66, - PE_PASSWORDFORMEMPTY => 67, - PE_CAS_SERVICE_NOT_ALLOWED => 68, - PE_MAILFIRSTACCESS => 69, - PE_MAILNOTFOUND => 70, - PE_PASSWORDFIRSTACCESS => 71, - PE_MAILCONFIRMOK => 72, - PE_RADIUSCONNECTFAILED => 73, - PE_MUST_SUPPLY_OLD_PASSWORD => 74, - PE_FORBIDDENIP => 75, - PE_CAPTCHAERROR => 76, - PE_CAPTCHAEMPTY => 77, - PE_REGISTERFIRSTACCESS => 78, - PE_REGISTERFORMEMPTY => 79, - PE_REGISTERALREADYEXISTS => 80, - PE_NOTOKEN => 81, - PE_TOKENEXPIRED => 82, - PE_U2FFAILED => 83, - PE_UNAUTHORIZEDPARTNER => 84, - PE_RENEWSESSION => 85, - PE_WAIT => 86, - PE_MUSTAUTHN => 87, - PE_MUSTHAVEMAIL => 88, - PE_SAML_SERVICE_NOT_ALLOWED => 89, - PE_OIDC_SERVICE_NOT_ALLOWED => 90, - PE_OID_SERVICE_NOT_ALLOWED => 91, - PE_GET_SERVICE_NOT_ALLOWED => 92, + PE_IDPCHOICE => -5, + PE_SENDRESPONSE => -4, + PE_INFO => -3, + PE_REDIRECT => -2, + PE_DONE => -1, + PE_OK => 0, + PE_SESSIONEXPIRED => 1, + PE_FORMEMPTY => 2, + PE_WRONGMANAGERACCOUNT => 3, + PE_USERNOTFOUND => 4, + PE_BADCREDENTIALS => 5, + PE_LDAPCONNECTFAILED => 6, + PE_LDAPERROR => 7, + PE_APACHESESSIONERROR => 8, + PE_FIRSTACCESS => 9, + PE_BADCERTIFICATE => 10, + PE_NO_PASSWORD_BE => 20, + PE_PP_ACCOUNT_LOCKED => 21, + PE_PP_PASSWORD_EXPIRED => 22, + PE_CERTIFICATEREQUIRED => 23, + PE_ERROR => 24, + PE_PP_CHANGE_AFTER_RESET => 25, + PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26, + PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27, + PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28, + PE_PP_PASSWORD_TOO_SHORT => 29, + PE_PP_PASSWORD_TOO_YOUNG => 30, + PE_PP_PASSWORD_IN_HISTORY => 31, + PE_PP_GRACE => 32, + PE_PP_EXP_WARNING => 33, + PE_PASSWORD_MISMATCH => 34, + PE_PASSWORD_OK => 35, + PE_NOTIFICATION => 36, + PE_BADURL => 37, + PE_NOSCHEME => 38, + PE_BADOLDPASSWORD => 39, + PE_MALFORMEDUSER => 40, + PE_SESSIONNOTGRANTED => 41, + PE_CONFIRM => 42, + PE_MAILFORMEMPTY => 43, + PE_BADMAILTOKEN => 44, + PE_MAILERROR => 45, + PE_MAILOK => 46, + PE_LOGOUT_OK => 47, + PE_SAML_ERROR => 48, + PE_SAML_LOAD_SERVICE_ERROR => 49, + PE_SAML_LOAD_IDP_ERROR => 50, + PE_SAML_SSO_ERROR => 51, + PE_SAML_UNKNOWN_ENTITY => 52, + PE_SAML_DESTINATION_ERROR => 53, + PE_SAML_CONDITIONS_ERROR => 54, + PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55, + PE_SAML_SLO_ERROR => 56, + PE_SAML_SIGNATURE_ERROR => 57, + PE_SAML_ART_ERROR => 58, + PE_SAML_SESSION_ERROR => 59, + PE_SAML_LOAD_SP_ERROR => 60, + PE_SAML_ATTR_ERROR => 61, + PE_OPENID_EMPTY => 62, + PE_OPENID_BADID => 63, + PE_MISSINGREQATTR => 64, + PE_BADPARTNER => 65, + PE_MAILCONFIRMATION_ALREADY_SENT => 66, + PE_PASSWORDFORMEMPTY => 67, + PE_CAS_SERVICE_NOT_ALLOWED => 68, + PE_MAILFIRSTACCESS => 69, + PE_MAILNOTFOUND => 70, + PE_PASSWORDFIRSTACCESS => 71, + PE_MAILCONFIRMOK => 72, + PE_RADIUSCONNECTFAILED => 73, + PE_MUST_SUPPLY_OLD_PASSWORD => 74, + PE_FORBIDDENIP => 75, + PE_CAPTCHAERROR => 76, + PE_CAPTCHAEMPTY => 77, + PE_REGISTERFIRSTACCESS => 78, + PE_REGISTERFORMEMPTY => 79, + PE_REGISTERALREADYEXISTS => 80, + PE_NOTOKEN => 81, + PE_TOKENEXPIRED => 82, + PE_U2FFAILED => 83, + PE_UNAUTHORIZEDPARTNER => 84, + PE_RENEWSESSION => 85, + PE_WAIT => 86, + PE_MUSTAUTHN => 87, + PE_MUSTHAVEMAIL => 88, + PE_SAML_SERVICE_NOT_ALLOWED => 89, + PE_OIDC_SERVICE_NOT_ALLOWED => 90, + PE_OID_SERVICE_NOT_ALLOWED => 91, + PE_GET_SERVICE_NOT_ALLOWED => 92, PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93, - PE_ISSUERMISSINGREQATTR => 94, - PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95, - PE_BADOTP => 96, - PE_RESETCERTIFICATE_INVALID => 97, - PE_RESETCERTIFICATE_FORMEMPTY => 98, - PE_RESETCERTIFICATE_FIRSTACCESS => 99, - PE_PP_NOT_ALLOWED_CHARACTER => 100, - PE_PP_NOT_ALLOWED_CHARACTERS => 101, - PE_UPGRADESESSION => 102, - PE_NO_SECOND_FACTORS => 103, - PE_BAD_DEVOPS_FILE => 104, - PE_FILENOTFOUND => 105, - PE_OIDC_AUTH_ERROR => 106, + PE_ISSUERMISSINGREQATTR => 94, + PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95, + PE_BADOTP => 96, + PE_RESETCERTIFICATE_INVALID => 97, + PE_RESETCERTIFICATE_FORMEMPTY => 98, + PE_RESETCERTIFICATE_FIRSTACCESS => 99, + PE_PP_NOT_ALLOWED_CHARACTER => 100, + PE_PP_NOT_ALLOWED_CHARACTERS => 101, + PE_UPGRADESESSION => 102, + PE_NO_SECOND_FACTORS => 103, + PE_BAD_DEVOPS_FILE => 104, + PE_FILENOTFOUND => 105, + PE_OIDC_AUTH_ERROR => 106, }; sub portalConsts { return { - '-1' => 'PE_DONE', - '-2' => 'PE_REDIRECT', - '-3' => 'PE_INFO', - '-4' => 'PE_SENDRESPONSE', - '-5' => 'PE_IDPCHOICE', - '0' => 'PE_OK', - '1' => 'PE_SESSIONEXPIRED', - '10' => 'PE_BADCERTIFICATE', - '100' => 'PE_PP_NOT_ALLOWED_CHARACTER', - '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS', - '102' => 'PE_UPGRADESESSION', - '103' => 'PE_NO_SECOND_FACTORS', - '104' => 'PE_BAD_DEVOPS_FILE', - '105' => 'PE_FILENOTFOUND', - '106' => 'PE_OIDC_AUTH_ERROR', - '2' => 'PE_FORMEMPTY', - '20' => 'PE_NO_PASSWORD_BE', - '21' => 'PE_PP_ACCOUNT_LOCKED', - '22' => 'PE_PP_PASSWORD_EXPIRED', - '23' => 'PE_CERTIFICATEREQUIRED', - '24' => 'PE_ERROR', - '25' => 'PE_PP_CHANGE_AFTER_RESET', - '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', - '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', - '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', - '29' => 'PE_PP_PASSWORD_TOO_SHORT', - '3' => 'PE_WRONGMANAGERACCOUNT', - '30' => 'PE_PP_PASSWORD_TOO_YOUNG', - '31' => 'PE_PP_PASSWORD_IN_HISTORY', - '32' => 'PE_PP_GRACE', - '33' => 'PE_PP_EXP_WARNING', - '34' => 'PE_PASSWORD_MISMATCH', - '35' => 'PE_PASSWORD_OK', - '36' => 'PE_NOTIFICATION', - '37' => 'PE_BADURL', - '38' => 'PE_NOSCHEME', - '39' => 'PE_BADOLDPASSWORD', - '4' => 'PE_USERNOTFOUND', - '40' => 'PE_MALFORMEDUSER', - '41' => 'PE_SESSIONNOTGRANTED', - '42' => 'PE_CONFIRM', - '43' => 'PE_MAILFORMEMPTY', - '44' => 'PE_BADMAILTOKEN', - '45' => 'PE_MAILERROR', - '46' => 'PE_MAILOK', - '47' => 'PE_LOGOUT_OK', - '48' => 'PE_SAML_ERROR', - '49' => 'PE_SAML_LOAD_SERVICE_ERROR', - '5' => 'PE_BADCREDENTIALS', - '50' => 'PE_SAML_LOAD_IDP_ERROR', - '51' => 'PE_SAML_SSO_ERROR', - '52' => 'PE_SAML_UNKNOWN_ENTITY', - '53' => 'PE_SAML_DESTINATION_ERROR', - '54' => 'PE_SAML_CONDITIONS_ERROR', - '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', - '56' => 'PE_SAML_SLO_ERROR', - '57' => 'PE_SAML_SIGNATURE_ERROR', - '58' => 'PE_SAML_ART_ERROR', - '59' => 'PE_SAML_SESSION_ERROR', - '6' => 'PE_LDAPCONNECTFAILED', - '60' => 'PE_SAML_LOAD_SP_ERROR', - '61' => 'PE_SAML_ATTR_ERROR', - '62' => 'PE_OPENID_EMPTY', - '63' => 'PE_OPENID_BADID', - '64' => 'PE_MISSINGREQATTR', - '65' => 'PE_BADPARTNER', - '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT', - '67' => 'PE_PASSWORDFORMEMPTY', - '68' => 'PE_CAS_SERVICE_NOT_ALLOWED', - '69' => 'PE_MAILFIRSTACCESS', - '7' => 'PE_LDAPERROR', - '70' => 'PE_MAILNOTFOUND', - '71' => 'PE_PASSWORDFIRSTACCESS', - '72' => 'PE_MAILCONFIRMOK', - '73' => 'PE_RADIUSCONNECTFAILED', - '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD', - '75' => 'PE_FORBIDDENIP', - '76' => 'PE_CAPTCHAERROR', - '77' => 'PE_CAPTCHAEMPTY', - '78' => 'PE_REGISTERFIRSTACCESS', - '79' => 'PE_REGISTERFORMEMPTY', - '8' => 'PE_APACHESESSIONERROR', - '80' => 'PE_REGISTERALREADYEXISTS', - '81' => 'PE_NOTOKEN', - '82' => 'PE_TOKENEXPIRED', - '83' => 'PE_U2FFAILED', - '84' => 'PE_UNAUTHORIZEDPARTNER', - '85' => 'PE_RENEWSESSION', - '86' => 'PE_WAIT', - '87' => 'PE_MUSTAUTHN', - '88' => 'PE_MUSTHAVEMAIL', - '89' => 'PE_SAML_SERVICE_NOT_ALLOWED', - '9' => 'PE_FIRSTACCESS', - '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED', - '91' => 'PE_OID_SERVICE_NOT_ALLOWED', - '92' => 'PE_GET_SERVICE_NOT_ALLOWED', - '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', - '94' => 'PE_ISSUERMISSINGREQATTR', - '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', - '96' => 'PE_BADOTP', - '97' => 'PE_RESETCERTIFICATE_INVALID', - '98' => 'PE_RESETCERTIFICATE_FORMEMPTY', - '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS' - }; + '-1' => 'PE_DONE', + '-2' => 'PE_REDIRECT', + '-3' => 'PE_INFO', + '-4' => 'PE_SENDRESPONSE', + '-5' => 'PE_IDPCHOICE', + '0' => 'PE_OK', + '1' => 'PE_SESSIONEXPIRED', + '10' => 'PE_BADCERTIFICATE', + '100' => 'PE_PP_NOT_ALLOWED_CHARACTER', + '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS', + '102' => 'PE_UPGRADESESSION', + '103' => 'PE_NO_SECOND_FACTORS', + '104' => 'PE_BAD_DEVOPS_FILE', + '105' => 'PE_FILENOTFOUND', + '106' => 'PE_OIDC_AUTH_ERROR', + '2' => 'PE_FORMEMPTY', + '20' => 'PE_NO_PASSWORD_BE', + '21' => 'PE_PP_ACCOUNT_LOCKED', + '22' => 'PE_PP_PASSWORD_EXPIRED', + '23' => 'PE_CERTIFICATEREQUIRED', + '24' => 'PE_ERROR', + '25' => 'PE_PP_CHANGE_AFTER_RESET', + '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', + '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', + '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', + '29' => 'PE_PP_PASSWORD_TOO_SHORT', + '3' => 'PE_WRONGMANAGERACCOUNT', + '30' => 'PE_PP_PASSWORD_TOO_YOUNG', + '31' => 'PE_PP_PASSWORD_IN_HISTORY', + '32' => 'PE_PP_GRACE', + '33' => 'PE_PP_EXP_WARNING', + '34' => 'PE_PASSWORD_MISMATCH', + '35' => 'PE_PASSWORD_OK', + '36' => 'PE_NOTIFICATION', + '37' => 'PE_BADURL', + '38' => 'PE_NOSCHEME', + '39' => 'PE_BADOLDPASSWORD', + '4' => 'PE_USERNOTFOUND', + '40' => 'PE_MALFORMEDUSER', + '41' => 'PE_SESSIONNOTGRANTED', + '42' => 'PE_CONFIRM', + '43' => 'PE_MAILFORMEMPTY', + '44' => 'PE_BADMAILTOKEN', + '45' => 'PE_MAILERROR', + '46' => 'PE_MAILOK', + '47' => 'PE_LOGOUT_OK', + '48' => 'PE_SAML_ERROR', + '49' => 'PE_SAML_LOAD_SERVICE_ERROR', + '5' => 'PE_BADCREDENTIALS', + '50' => 'PE_SAML_LOAD_IDP_ERROR', + '51' => 'PE_SAML_SSO_ERROR', + '52' => 'PE_SAML_UNKNOWN_ENTITY', + '53' => 'PE_SAML_DESTINATION_ERROR', + '54' => 'PE_SAML_CONDITIONS_ERROR', + '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', + '56' => 'PE_SAML_SLO_ERROR', + '57' => 'PE_SAML_SIGNATURE_ERROR', + '58' => 'PE_SAML_ART_ERROR', + '59' => 'PE_SAML_SESSION_ERROR', + '6' => 'PE_LDAPCONNECTFAILED', + '60' => 'PE_SAML_LOAD_SP_ERROR', + '61' => 'PE_SAML_ATTR_ERROR', + '62' => 'PE_OPENID_EMPTY', + '63' => 'PE_OPENID_BADID', + '64' => 'PE_MISSINGREQATTR', + '65' => 'PE_BADPARTNER', + '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT', + '67' => 'PE_PASSWORDFORMEMPTY', + '68' => 'PE_CAS_SERVICE_NOT_ALLOWED', + '69' => 'PE_MAILFIRSTACCESS', + '7' => 'PE_LDAPERROR', + '70' => 'PE_MAILNOTFOUND', + '71' => 'PE_PASSWORDFIRSTACCESS', + '72' => 'PE_MAILCONFIRMOK', + '73' => 'PE_RADIUSCONNECTFAILED', + '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD', + '75' => 'PE_FORBIDDENIP', + '76' => 'PE_CAPTCHAERROR', + '77' => 'PE_CAPTCHAEMPTY', + '78' => 'PE_REGISTERFIRSTACCESS', + '79' => 'PE_REGISTERFORMEMPTY', + '8' => 'PE_APACHESESSIONERROR', + '80' => 'PE_REGISTERALREADYEXISTS', + '81' => 'PE_NOTOKEN', + '82' => 'PE_TOKENEXPIRED', + '83' => 'PE_U2FFAILED', + '84' => 'PE_UNAUTHORIZEDPARTNER', + '85' => 'PE_RENEWSESSION', + '86' => 'PE_WAIT', + '87' => 'PE_MUSTAUTHN', + '88' => 'PE_MUSTHAVEMAIL', + '89' => 'PE_SAML_SERVICE_NOT_ALLOWED', + '9' => 'PE_FIRSTACCESS', + '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED', + '91' => 'PE_OID_SERVICE_NOT_ALLOWED', + '92' => 'PE_GET_SERVICE_NOT_ALLOWED', + '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', + '94' => 'PE_ISSUERMISSINGREQATTR', + '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', + '96' => 'PE_BADOTP', + '97' => 'PE_RESETCERTIFICATE_INVALID', + '98' => 'PE_RESETCERTIFICATE_FORMEMPTY', + '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS' + }; } # EXPORTER PARAMETERS -our @EXPORT_OK = ( - 'portalConsts', - 'HANDLER', - 'URIRE', - 'PE_IDPCHOICE', - 'PE_SENDRESPONSE', - 'PE_INFO', - 'PE_REDIRECT', - 'PE_DONE', - 'PE_OK', - 'PE_SESSIONEXPIRED', - 'PE_FORMEMPTY', - 'PE_WRONGMANAGERACCOUNT', - 'PE_USERNOTFOUND', - 'PE_BADCREDENTIALS', - 'PE_LDAPCONNECTFAILED', - 'PE_LDAPERROR', - 'PE_APACHESESSIONERROR', - 'PE_FIRSTACCESS', - 'PE_BADCERTIFICATE', - 'PE_NO_PASSWORD_BE', - 'PE_PP_ACCOUNT_LOCKED', - 'PE_PP_PASSWORD_EXPIRED', - 'PE_CERTIFICATEREQUIRED', - 'PE_ERROR', - 'PE_PP_CHANGE_AFTER_RESET', - 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', - 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', - 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', - 'PE_PP_PASSWORD_TOO_SHORT', - 'PE_PP_PASSWORD_TOO_YOUNG', - 'PE_PP_PASSWORD_IN_HISTORY', - 'PE_PP_GRACE', - 'PE_PP_EXP_WARNING', - 'PE_PASSWORD_MISMATCH', - 'PE_PASSWORD_OK', - 'PE_NOTIFICATION', - 'PE_BADURL', - 'PE_NOSCHEME', - 'PE_BADOLDPASSWORD', - 'PE_MALFORMEDUSER', - 'PE_SESSIONNOTGRANTED', - 'PE_CONFIRM', - 'PE_MAILFORMEMPTY', - 'PE_BADMAILTOKEN', - 'PE_MAILERROR', - 'PE_MAILOK', - 'PE_LOGOUT_OK', - 'PE_SAML_ERROR', - 'PE_SAML_LOAD_SERVICE_ERROR', - 'PE_SAML_LOAD_IDP_ERROR', - 'PE_SAML_SSO_ERROR', - 'PE_SAML_UNKNOWN_ENTITY', - 'PE_SAML_DESTINATION_ERROR', - 'PE_SAML_CONDITIONS_ERROR', - 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', - 'PE_SAML_SLO_ERROR', - 'PE_SAML_SIGNATURE_ERROR', - 'PE_SAML_ART_ERROR', - 'PE_SAML_SESSION_ERROR', - 'PE_SAML_LOAD_SP_ERROR', - 'PE_SAML_ATTR_ERROR', - 'PE_OPENID_EMPTY', - 'PE_OPENID_BADID', - 'PE_MISSINGREQATTR', - 'PE_BADPARTNER', - 'PE_MAILCONFIRMATION_ALREADY_SENT', - 'PE_PASSWORDFORMEMPTY', - 'PE_CAS_SERVICE_NOT_ALLOWED', - 'PE_MAILFIRSTACCESS', - 'PE_MAILNOTFOUND', - 'PE_PASSWORDFIRSTACCESS', - 'PE_MAILCONFIRMOK', - 'PE_RADIUSCONNECTFAILED', - 'PE_MUST_SUPPLY_OLD_PASSWORD', - 'PE_FORBIDDENIP', - 'PE_CAPTCHAERROR', - 'PE_CAPTCHAEMPTY', - 'PE_REGISTERFIRSTACCESS', - 'PE_REGISTERFORMEMPTY', - 'PE_REGISTERALREADYEXISTS', - 'PE_NOTOKEN', - 'PE_TOKENEXPIRED', - 'PE_U2FFAILED', - 'PE_UNAUTHORIZEDPARTNER', - 'PE_RENEWSESSION', - 'PE_WAIT', - 'PE_MUSTAUTHN', - 'PE_MUSTHAVEMAIL', - 'PE_SAML_SERVICE_NOT_ALLOWED', - 'PE_OIDC_SERVICE_NOT_ALLOWED', - 'PE_OID_SERVICE_NOT_ALLOWED', - 'PE_GET_SERVICE_NOT_ALLOWED', - 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', - 'PE_ISSUERMISSINGREQATTR', - 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', - 'PE_BADOTP', - 'PE_RESETCERTIFICATE_INVALID', - 'PE_RESETCERTIFICATE_FORMEMPTY', - 'PE_RESETCERTIFICATE_FIRSTACCESS', - 'PE_PP_NOT_ALLOWED_CHARACTER', - 'PE_PP_NOT_ALLOWED_CHARACTERS', - 'PE_UPGRADESESSION', - 'PE_NO_SECOND_FACTORS', - 'PE_BAD_DEVOPS_FILE', - 'PE_FILENOTFOUND', - 'PE_OIDC_AUTH_ERROR' -); +our @EXPORT_OK = ( 'portalConsts', 'HANDLER', 'URIRE', 'PE_IDPCHOICE', 'PE_SENDRESPONSE', 'PE_INFO', 'PE_REDIRECT', 'PE_DONE', 'PE_OK', 'PE_SESSIONEXPIRED', 'PE_FORMEMPTY', 'PE_WRONGMANAGERACCOUNT', 'PE_USERNOTFOUND', 'PE_BADCREDENTIALS', 'PE_LDAPCONNECTFAILED', 'PE_LDAPERROR', 'PE_APACHESESSIONERROR', 'PE_FIRSTACCESS', 'PE_BADCERTIFICATE', 'PE_NO_PASSWORD_BE', 'PE_PP_ACCOUNT_LOCKED', 'PE_PP_PASSWORD_EXPIRED', 'PE_CERTIFICATEREQUIRED', 'PE_ERROR', 'PE_PP_CHANGE_AFTER_RESET', 'PE_PP_PASSWORD_MOD_NOT_ALLOWED', 'PE_PP_MUST_SUPPLY_OLD_PASSWORD', 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY', 'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_PASSWORD_TOO_YOUNG', 'PE_PP_PASSWORD_IN_HISTORY', 'PE_PP_GRACE', 'PE_PP_EXP_WARNING', 'PE_PASSWORD_MISMATCH', 'PE_PASSWORD_OK', 'PE_NOTIFICATION', 'PE_BADURL', 'PE_NOSCHEME', 'PE_BADOLDPASSWORD', 'PE_MALFORMEDUSER', 'PE_SESSIONNOTGRANTED', 'PE_CONFIRM', 'PE_MAILFORMEMPTY', 'PE_BADMAILTOKEN', 'PE_MAILERROR', 'PE_MAILOK', 'PE_LOGOUT_OK', 'PE_SAML_ERROR', 'PE_SAML_LOAD_SERVICE_ERROR', 'PE_SAML_LOAD_IDP_ERROR', 'PE_SAML_SSO_ERROR', 'PE_SAML_UNKNOWN_ENTITY', 'PE_SAML_DESTINATION_ERROR', 'PE_SAML_CONDITIONS_ERROR', 'PE_SAML_IDPSSOINITIATED_NOTALLOWED', 'PE_SAML_SLO_ERROR', 'PE_SAML_SIGNATURE_ERROR', 'PE_SAML_ART_ERROR', 'PE_SAML_SESSION_ERROR', 'PE_SAML_LOAD_SP_ERROR', 'PE_SAML_ATTR_ERROR', 'PE_OPENID_EMPTY', 'PE_OPENID_BADID', 'PE_MISSINGREQATTR', 'PE_BADPARTNER', 'PE_MAILCONFIRMATION_ALREADY_SENT', 'PE_PASSWORDFORMEMPTY', 'PE_CAS_SERVICE_NOT_ALLOWED', 'PE_MAILFIRSTACCESS', 'PE_MAILNOTFOUND', 'PE_PASSWORDFIRSTACCESS', 'PE_MAILCONFIRMOK', 'PE_RADIUSCONNECTFAILED', 'PE_MUST_SUPPLY_OLD_PASSWORD', 'PE_FORBIDDENIP', 'PE_CAPTCHAERROR', 'PE_CAPTCHAEMPTY', 'PE_REGISTERFIRSTACCESS', 'PE_REGISTERFORMEMPTY', 'PE_REGISTERALREADYEXISTS', 'PE_NOTOKEN', 'PE_TOKENEXPIRED', 'PE_U2FFAILED', 'PE_UNAUTHORIZEDPARTNER', 'PE_RENEWSESSION', 'PE_WAIT', 'PE_MUSTAUTHN', 'PE_MUSTHAVEMAIL', 'PE_SAML_SERVICE_NOT_ALLOWED', 'PE_OIDC_SERVICE_NOT_ALLOWED', 'PE_OID_SERVICE_NOT_ALLOWED', 'PE_GET_SERVICE_NOT_ALLOWED', 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', 'PE_ISSUERMISSINGREQATTR', 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED', 'PE_BADOTP', 'PE_RESETCERTIFICATE_INVALID', 'PE_RESETCERTIFICATE_FORMEMPTY', 'PE_RESETCERTIFICATE_FIRSTACCESS', 'PE_PP_NOT_ALLOWED_CHARACTER', 'PE_PP_NOT_ALLOWED_CHARACTERS', 'PE_UPGRADESESSION', 'PE_NO_SECOND_FACTORS', 'PE_BAD_DEVOPS_FILE', 'PE_FILENOTFOUND', 'PE_OIDC_AUTH_ERROR' ); our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], ); our @EXPORT = qw(import PE_OK); -- GitLab From 108a555f381a370d19874bc7c5d0619e25884f35 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 24 Aug 2022 11:46:11 +0200 Subject: [PATCH 6/6] Revert "Typos" This reverts commit c9eadda66990264f92a33673ecba814a4f51a1d2. --- doc/sources/admin/applications/awx.rst | 2 +- doc/sources/admin/applications/bugzilla.rst | 2 +- doc/sources/admin/applications/dokuwiki.rst | 2 +- doc/sources/admin/applications/drupal.rst | 2 +- doc/sources/admin/applications/liferay.rst | 2 +- doc/sources/admin/applications/mediawiki.rst | 2 +- doc/sources/admin/applications/obm.rst | 2 +- doc/sources/admin/applications/phpldapadmin.rst | 2 +- doc/sources/admin/applications/sympa.rst | 2 +- doc/sources/admin/authfacebook.rst | 3 ++- doc/sources/admin/configvhost.rst | 6 +++--- doc/sources/admin/error.rst | 2 +- doc/sources/admin/formreplay.rst | 2 +- doc/sources/admin/nodehandler.rst | 2 +- doc/sources/admin/performances.rst | 3 ++- doc/sources/admin/restsessionbackend.rst | 4 ++-- doc/sources/admin/samlservice.rst | 2 +- doc/sources/admin/ssoaas.rst | 4 ++-- doc/sources/admin/variables.rst | 6 +++--- doc/sources/admin/writingrulesand_headers.rst | 2 +- 20 files changed, 28 insertions(+), 26 deletions(-) diff --git a/doc/sources/admin/applications/awx.rst b/doc/sources/admin/applications/awx.rst index d91b7c236b..926bc8cf5b 100644 --- a/doc/sources/admin/applications/awx.rst +++ b/doc/sources/admin/applications/awx.rst @@ -184,7 +184,7 @@ Go to "SAML service providers", click on "Add SAML SP" and name it as you want (example : 'AWX') In the new subtree 'AWX', open 'Metadata' and paste the content of the -AWX Metadata, wich can be found at the +AWX Metadatas, wich can be found at the ``SAML Service Provider Metadata URL`` in AWX : https://awx.example.com/sso/metadata/saml/ diff --git a/doc/sources/admin/applications/bugzilla.rst b/doc/sources/admin/applications/bugzilla.rst index 385292464c..59791a1764 100644 --- a/doc/sources/admin/applications/bugzilla.rst +++ b/doc/sources/admin/applications/bugzilla.rst @@ -64,7 +64,7 @@ Configure Bugzilla virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/dokuwiki.rst b/doc/sources/admin/applications/dokuwiki.rst index d22d24c1c2..8cb424ad69 100644 --- a/doc/sources/admin/applications/dokuwiki.rst +++ b/doc/sources/admin/applications/dokuwiki.rst @@ -69,7 +69,7 @@ Configure Dokuwiki virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/drupal.rst b/doc/sources/admin/applications/drupal.rst index 970078dfb4..f4dc202068 100644 --- a/doc/sources/admin/applications/drupal.rst +++ b/doc/sources/admin/applications/drupal.rst @@ -66,7 +66,7 @@ Configure Drupal virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/liferay.rst b/doc/sources/admin/applications/liferay.rst index 127bc6f64a..0e98de3f69 100644 --- a/doc/sources/admin/applications/liferay.rst +++ b/doc/sources/admin/applications/liferay.rst @@ -124,7 +124,7 @@ Configure Liferay virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/mediawiki.rst b/doc/sources/admin/applications/mediawiki.rst index 2faa0fcf30..b2460bd983 100644 --- a/doc/sources/admin/applications/mediawiki.rst +++ b/doc/sources/admin/applications/mediawiki.rst @@ -153,7 +153,7 @@ Configure MediaWiki virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/obm.rst b/doc/sources/admin/applications/obm.rst index 4c33d22324..b67457a884 100644 --- a/doc/sources/admin/applications/obm.rst +++ b/doc/sources/admin/applications/obm.rst @@ -146,7 +146,7 @@ Edit also OBM configuration to enable LL::NG Handler: internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/phpldapadmin.rst b/doc/sources/admin/applications/phpldapadmin.rst index c8baab5ff2..a4a538294c 100644 --- a/doc/sources/admin/applications/phpldapadmin.rst +++ b/doc/sources/admin/applications/phpldapadmin.rst @@ -68,7 +68,7 @@ Configure phpLDAPadmin virtual host like other internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/applications/sympa.rst b/doc/sources/admin/applications/sympa.rst index d488915623..5e28cf7545 100644 --- a/doc/sources/admin/applications/sympa.rst +++ b/doc/sources/admin/applications/sympa.rst @@ -143,7 +143,7 @@ authentication URL. internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/authfacebook.rst b/doc/sources/admin/authfacebook.rst index 65ddf61242..1067ec6948 100644 --- a/doc/sources/admin/authfacebook.rst +++ b/doc/sources/admin/authfacebook.rst @@ -78,4 +78,5 @@ variables: .. tip:: You can use the same Facebook access token in your - applications. It is stored in session data under the name ``$_facebookToken``\ + applications. It is stored in session datas under the name + ``$_facebookToken``\ diff --git a/doc/sources/admin/configvhost.rst b/doc/sources/admin/configvhost.rst index 4bc02a4208..abcb0b9eb2 100644 --- a/doc/sources/admin/configvhost.rst +++ b/doc/sources/admin/configvhost.rst @@ -139,7 +139,7 @@ Then you can take any virtual host and modify it: include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; @@ -215,7 +215,7 @@ Example of a protected virtual host for a local application: internal; include /etc/nginx/fastcgi_params; fastcgi_pass /path/to/llng-fastcgi-server.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname @@ -276,7 +276,7 @@ Reverse-Proxy internal; include /etc/nginx/fastcgi_params; fastcgi_pass /path/to/llng-fastcgi-server.sock; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname diff --git a/doc/sources/admin/error.rst b/doc/sources/admin/error.rst index 16ef10e4de..8d32542d9b 100644 --- a/doc/sources/admin/error.rst +++ b/doc/sources/admin/error.rst @@ -14,7 +14,7 @@ Lemonldap::NG::Common Warning: key is not defined, set it in the manager ! -→ LemonLDAP::NG uses a key to crypt/decrypt some data. You have to set +→ LemonLDAP::NG uses a key to crypt/decrypt some datas. You have to set its value in Manager. This message is displayed only when you upgrade from a version older than 1.0 diff --git a/doc/sources/admin/formreplay.rst b/doc/sources/admin/formreplay.rst index 711f0a6aa7..145c9aa09b 100644 --- a/doc/sources/admin/formreplay.rst +++ b/doc/sources/admin/formreplay.rst @@ -22,7 +22,7 @@ anything to the user. If you configure form replay with LL::NG, the Handler will detect forms to fill, add a javascript in the html page to fill form fields with -dummy data and submit it, then intercept the POST request and add POST +dummy datas and submit it, then intercept the POST request and add POST data in the request body. POST data can be static values or computed from user's session. diff --git a/doc/sources/admin/nodehandler.rst b/doc/sources/admin/nodehandler.rst index f40ae31c17..fbf104600b 100644 --- a/doc/sources/admin/nodehandler.rst +++ b/doc/sources/admin/nodehandler.rst @@ -63,7 +63,7 @@ Nginx configuration include /etc/nginx/fastcgi_params; fastcgi_pass localhost:9090; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; diff --git a/doc/sources/admin/performances.rst b/doc/sources/admin/performances.rst index 7ade4ae5e4..5084b42d8b 100644 --- a/doc/sources/admin/performances.rst +++ b/doc/sources/admin/performances.rst @@ -79,7 +79,8 @@ Macros and groups are stored in session database. Local macros is a special feature of handler that permit one to have macros useable localy only. Those macros are calculated only at the first usage and stored in the local session cache (only for this server) and only if the user -access to the related applications. This avoid to have to many data stored. +access to the related applications. This avoid to have to many datas +stored. .. code-block:: perl diff --git a/doc/sources/admin/restsessionbackend.rst b/doc/sources/admin/restsessionbackend.rst index b2fc7939f1..0eb14bd594 100644 --- a/doc/sources/admin/restsessionbackend.rst +++ b/doc/sources/admin/restsessionbackend.rst @@ -6,7 +6,7 @@ persistent sessions. LL::NG Portal provides REST end points for sessions management: -- GET /sessions// : get session data +- GET /sessions// : get session datas - GET /sessions/// : get a session key value - GET /sessions///[k1,k2] : get some keys value - POST /sessions/ : create a session @@ -15,7 +15,7 @@ LL::NG Portal provides REST end points for sessions management: Sessions for connected users (used by :doc:`LLNG Proxy`): -- GET /session/my/ : get session data +- GET /session/my/ : get session datas - GET /session/my//key : get session key - DELETE /session/my : ask for logout - DELETE /sessions/my : ask for global logout (if GlobalLogout plugin is on) diff --git a/doc/sources/admin/samlservice.rst b/doc/sources/admin/samlservice.rst index 2878971747..82135ac761 100644 --- a/doc/sources/admin/samlservice.rst +++ b/doc/sources/admin/samlservice.rst @@ -159,7 +159,7 @@ To define keys, you can: Converting a RSA public key to a certificate ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -If your application complains about the lack of certificate in SAML Metadata, and you generated a public RSA key instead of a certificate in a previous version of LemonLDAP::NG, you can convert the public key into a certificate without changing the private key. +If your application complains about the lack of certificate in SAML Metadatas, and you generated a public RSA key instead of a certificate in a previous version of LemonLDAP::NG, you can convert the public key into a certificate without changing the private key. Save the private key in a file, and use the ``openssl`` commands to issue a self-signed certificate: diff --git a/doc/sources/admin/ssoaas.rst b/doc/sources/admin/ssoaas.rst index 40866e0f89..bac5d1414f 100644 --- a/doc/sources/admin/ssoaas.rst +++ b/doc/sources/admin/ssoaas.rst @@ -90,7 +90,7 @@ requesting a Central uWSGI server (Nginx only): fastcgi_pass 10.1.2.3:9090; fastcgi_param VHOSTTYPE DevOps; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; @@ -300,7 +300,7 @@ directory. # Force handler type: fastcgi_param VHOSTTYPE DevOps; - # Drop post data + # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; diff --git a/doc/sources/admin/variables.rst b/doc/sources/admin/variables.rst index cafa67e643..fbc51a3690 100644 --- a/doc/sources/admin/variables.rst +++ b/doc/sources/admin/variables.rst @@ -56,7 +56,7 @@ Key Description Connection ---------- -Data concerning the first connection to the portal +Datas concerning the first connection to the portal ========== ======================================================================================================================================== Key Description @@ -69,7 +69,7 @@ ipAddr IP of the user (special care must be taken is you run the portal :doc Authentication -------------- -Data around the authentication process. +Datas around the authentication process. =================== ========================================================================================================= Key Description @@ -95,7 +95,7 @@ Key Description SAML ---- -Data related to SAML protocol +Datas related to SAML protocol =================== ================================================ Key Description diff --git a/doc/sources/admin/writingrulesand_headers.rst b/doc/sources/admin/writingrulesand_headers.rst index 63db047980..39175cb8fa 100644 --- a/doc/sources/admin/writingrulesand_headers.rst +++ b/doc/sources/admin/writingrulesand_headers.rst @@ -3,7 +3,7 @@ Writing rules and headers LL::NG manages applications by their hostname (Apache Virtual Hosts or Nginx Block Servers). Rules are used for protecting applications, -and HTTP headers are appended to each request for sending data to protected +and HTTP headers are appended to each request for sending datas to protected applications (for logs, profiles,...). -- GitLab