diff --git a/doc/sources/admin/idpopenidconnect.rst b/doc/sources/admin/idpopenidconnect.rst index 2e83adfb8f3115152e86aa6bdcf7fa5c2a1aa1cd..9e6c0258c0380e011baa170a2ae37615427be7d6 100644 --- a/doc/sources/admin/idpopenidconnect.rst +++ b/doc/sources/admin/idpopenidconnect.rst @@ -24,10 +24,11 @@ As an OP, LL::NG supports many OpenID Connect features: - Nonce - `Dynamic registration `__ - Access Token Hash generation -- ID Token signature (HS256/HS384/HS512/RS256/RS384/RS512) +- ID Token signature (HS256/HS384/HS512 and RS256/RS384/RS512/PS256/PS384/PS512 or ES256/ES256K/ES384/ES512/EdDSA depending on the key type) - UserInfo endpoint, as JSON or as JWT - Request and Request URI - `Back Channel Logout `__ + (Since ``2.17.0``) - `Front Channel Logout `__ - `RP-Initiated Logout `__ - PKCE (Since ``2.0.4``) - See :rfc:`7636` @@ -36,6 +37,7 @@ As an OP, LL::NG supports many OpenID Connect features: - Refresh Tokens (Since ``2.0.7``) - Optional JWT Access Tokens (Since ``2.0.12``) - See :rfc:`9068` - `Form Post Response Mode `__ (Since ``2.0.16``) +- Encrypted JWT (Since ``2.18.0``) - See :rfc:`7516` Configuration ------------- @@ -105,7 +107,10 @@ OIDC metadata example: "HS512", "RS256", "RS384", - "RS512" + "RS512", + "PS256", + "PS384", + "PS512" ], "id_token_signing_alg_values_supported" : [ "none", @@ -114,7 +119,10 @@ OIDC metadata example: "HS512", "RS256", "RS384", - "RS512" + "RS512", + "PS256", + "PS384", + "PS512" ], "userinfo_endpoint" : "http://auth.example.com/oauth2/userinfo", "request_uri_parameter_supported" : "true", diff --git a/doc/sources/admin/openidconnectservice.rst b/doc/sources/admin/openidconnectservice.rst index 31eb258c21aab0d471b83856999cc51da6275891..8de62e7e171d0a221b4d46792901e3a18bf8f2ba 100644 --- a/doc/sources/admin/openidconnectservice.rst +++ b/doc/sources/admin/openidconnectservice.rst @@ -59,13 +59,15 @@ to define attributes and extra claims released when a new relying party is regis Security ~~~~~~~~ -- **Keys**: Define public/private key pairs for asymmetric signature. A JWKS - ``kid`` (Key ID) is automatically derived when new keys are generated: +- **Keys**: Define public/private key pair for asymmetric signature. A JWKS + ``kid`` (Key ID) is automatically derived when new keys are generated. + You have to choose the key type: ``RSA`` or ``EC``. The list of + supported algorithms in OIDC metadata will be automatically updated. - Set signing key if LLNG is an OpenID-Connect server - Set Encryption key if LLNG is an OpenID-Connect Relying-Party and if you want that the OpenID-Connect server encrypt the JWT tokens -- + - **Authorization Code Flow**: Set to 1 to allow Authorization Code flow - **Implicit Flow**: Set to 1 to allow Implicit flow - **Hybrid Flow**: Set to 1 to allow Hybrid flow diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index 256f11487752e1705b39daefae9a1794539c2eea..dd7363d0ad909b56984d2c5d7a15164b094e5a74 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -221,6 +221,8 @@ sub defaultValues { 'oidcServiceEncAlgorithmAlg' => 'RSA-OAEP', 'oidcServiceEncAlgorithmEnc' => 'A256GCM', 'oidcServiceIDTokenExpiration' => 3600, + 'oidcServiceKeyTypeEnc' => 'RSA', + 'oidcServiceKeyTypeSig' => 'RSA', 'oidcServiceMetaDataAuthnContext' => { 'loa-1' => 1, 'loa-2' => 2, @@ -238,7 +240,10 @@ sub defaultValues { 'oidcServiceMetaDataRegistrationURI' => 'register', 'oidcServiceMetaDataTokenURI' => 'token', 'oidcServiceMetaDataUserInfoURI' => 'userinfo', + 'oidcServiceNewKeyTypeSig' => 'RSA', 'oidcServiceOfflineSessionExpiration' => 2592000, + 'oidcServiceOldKeyTypeEnc' => 'RSA', + 'oidcServiceOldKeyTypeSig' => 'RSA', 'openIdAuthnLevel' => 1, 'openIdExportedVars' => {}, 'openIdIDPList' => '0;', diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm index 9c04ff91ffc2367055c04b3638cea24878c25b89..b23aa172a349170a31e894b1152f687bf79a9628 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm @@ -69,6 +69,6 @@ our $issuerParameters = { issuerOptions => [qw(issuersTimeout)], }; our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapKerberos samlAuthnContextMapTLSClient samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlFederationFiles samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)]; -our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServiceAllowDynamicRegistration oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceOldPrivateKeySig oidcServiceOldPublicKeySig oidcServiceOldKeyIdSig oidcServiceNewPrivateKeySig oidcServiceNewPublicKeySig oidcServiceNewKeyIdSig oidcServicePrivateKeyEnc oidcServicePublicKeyEnc oidcServiceKeyIdEnc oidcServiceOldPrivateKeyEnc oidcServiceOldPublicKeyEnc oidcServiceOldKeyIdEnc oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceIgnoreScopeForClaims oidcServiceAllowOnlyDeclaredScopes oidcDropCspHeaders oidcServiceEncAlgorithmAlg oidcServiceEncAlgorithmEnc oidcServiceAuthorizationCodeExpiration oidcServiceIDTokenExpiration oidcServiceAccessTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions)]; +our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServiceAllowDynamicRegistration oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceKeyTypeSig oidcServiceOldPrivateKeySig oidcServiceOldPublicKeySig oidcServiceOldKeyIdSig oidcServiceOldKeyTypeSig oidcServiceNewPrivateKeySig oidcServiceNewPublicKeySig oidcServiceNewKeyIdSig oidcServiceNewKeyTypeSig oidcServicePrivateKeyEnc oidcServicePublicKeyEnc oidcServiceKeyIdEnc oidcServiceKeyTypeEnc oidcServiceOldPrivateKeyEnc oidcServiceOldPublicKeyEnc oidcServiceOldKeyIdEnc oidcServiceOldKeyTypeEnc oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceIgnoreScopeForClaims oidcServiceAllowOnlyDeclaredScopes oidcDropCspHeaders oidcServiceEncAlgorithmAlg oidcServiceEncAlgorithmEnc oidcServiceAuthorizationCodeExpiration oidcServiceIDTokenExpiration oidcServiceAccessTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions)]; 1; diff --git a/lemonldap-ng-common/scripts/rotateOidcKeys b/lemonldap-ng-common/scripts/rotateOidcKeys index e55bd7944bd96561daeef4f00914dd33354e190d..c11aec036eb8eb6e8b01c314a23be1d62187a900 100755 --- a/lemonldap-ng-common/scripts/rotateOidcKeys +++ b/lemonldap-ng-common/scripts/rotateOidcKeys @@ -11,6 +11,7 @@ use strict; use Convert::PEM; use Crypt::OpenSSL::RSA; +use Crypt::PK::ECC; use Lemonldap::NG::Common::Conf; use Lemonldap::NG::Common::Crypto; @@ -25,17 +26,41 @@ my $conf = $lmconf->getConf(); print "Configuration loaded\n" if $debug; +# Verify type +my $type = ( + $conf->{oidcServiceNewPrivateKeySig} + ? $conf->{oidcServiceNewKeyTypeSig} + : $conf->{oidcServiceKeyTypeSig} + ) + || 'RSA'; + +die "Unknown key type $type" unless $type =~ /^(?:RSA|EC)$/; +print "Type is $type\n" if $debug; + #============================================================================= # Generate new key #============================================================================= -my $rsa = Crypt::OpenSSL::RSA->generate_key(2048); +my $keys; + my $key_id = Lemonldap::NG::Common::Crypto::srandom()->randpattern("ssssssssss"); -my $keys = { - 'private' => $rsa->get_private_key_string(), - 'public' => $rsa->get_public_key_x509_string(), - 'id' => $key_id, -}; +if ( $type eq 'EC' ) { + my $ec_key = Crypt::PK::ECC->new(); + $ec_key->generate_key('secp256r1'); + $keys = { + private => $ec_key->export_key_pem('private'), + public => $ec_key->export_key_pem('public'), + id => $key_id, + }; +} +else { + my $rsa = Crypt::OpenSSL::RSA->generate_key(2048); + $keys = { + private => $rsa->get_private_key_string(), + public => $rsa->get_public_key_x509_string(), + id => $key_id, + }; +} print "Private key generated:\n" . $keys->{private} . "\n" if $debug; print "Public key generated:\n" . $keys->{public} . "\n" if $debug; @@ -52,11 +77,13 @@ if ( $conf->{oidcServiceNewKeyIdSig} and $conf->{oidcServiceNewPublicKeySig} ) { $conf->{oidcServiceOldPrivateKeySig} = $conf->{oidcServicePrivateKeySig}; $conf->{oidcServiceOldPublicKeySig} = $conf->{oidcServicePublicKeySig}; $conf->{oidcServiceOldKeyIdSig} = $conf->{oidcServiceKeyIdSig}; + $conf->{oidcServiceOldKeyTypeSig} = $conf->{oidcServiceKeyTypeSig}; # Move next key into current one $conf->{oidcServicePrivateKeySig} = $conf->{oidcServiceNewPrivateKeySig}; $conf->{oidcServicePublicKeySig} = $conf->{oidcServiceNewPublicKeySig}; $conf->{oidcServiceKeyIdSig} = $conf->{oidcServiceNewKeyIdSig}; + $conf->{oidcServiceKeyTypeSig} = $conf->{oidcServiceNewKeyTypeSig}; } else { print STDERR @@ -67,26 +94,41 @@ else { $conf->{oidcServiceNewPrivateKeySig} = $keys->{private}; $conf->{oidcServiceNewPublicKeySig} = $keys->{public}; $conf->{oidcServiceNewKeyIdSig} = $keys->{id}; +$conf->{oidcServiceNewKeyTypeSig} = $type; if ( $conf->{oidcServicePrivateKeyEnc} ) { - $rsa = Crypt::OpenSSL::RSA->generate_key(2048); + $type = $conf->{oidcServiceKeyTypeEnc} || 'RSA'; $key_id = Lemonldap::NG::Common::Crypto::srandom()->randpattern("ssssssssss"); - $keys = { - 'private' => $rsa->get_private_key_string(), - 'public' => $rsa->get_public_key_x509_string(), - 'id' => $key_id, - }; + if ( $type eq 'EC' ) { + my $ec_key = Crypt::PK::ECC->new(); + $ec_key->generate_key('secp256r1'); + $keys = { + private => $ec_key->export_key_pem('private'), + public => $ec_key->export_key_pem('public'), + id => $key_id, + }; + } + else { + my $rsa = Crypt::OpenSSL::RSA->generate_key(2048); + $keys = { + 'private' => $rsa->get_private_key_string(), + 'public' => $rsa->get_public_key_x509_string(), + 'id' => $key_id, + }; + } # Move current key into previous one $conf->{oidcServiceOldPrivateKeyEnc} = $conf->{oidcServicePrivateKeyEnc}; $conf->{oidcServiceOldPublicKeyEnc} = $conf->{oidcServicePublicKeyEnc}; $conf->{oidcServiceOldKeyIdEnc} = $conf->{oidcServiceKeyIdEnc}; + $conf->{oidcServiceOldKeyTypeEnc} = $conf->{oidcServiceKeyTypeEnc}; # Store new key $conf->{oidcServicePrivateKeyEnc} = $keys->{private}; $conf->{oidcServicePublicKeyEnc} = $keys->{public}; $conf->{oidcServiceKeyIdEnc} = $keys->{id}; + $conf->{oidcServiceKeyTypeEnc} = $type; } ( $lmconf->saveConf($conf) > 0 ) or die $Lemonldap::NG::Common::Conf::msg; diff --git a/lemonldap-ng-manager/MANIFEST b/lemonldap-ng-manager/MANIFEST index f437ac6440620f1a9f2cc3d464a41ef669c125f4..4a98363cc3e99cb8320915d2f1061d61738fc372 100644 --- a/lemonldap-ng-manager/MANIFEST +++ b/lemonldap-ng-manager/MANIFEST @@ -137,6 +137,7 @@ site/htdocs/static/forms/menuCat.html site/htdocs/static/forms/mini.html site/htdocs/static/forms/oidcAttribute.html site/htdocs/static/forms/oidcAttributeContainer.html +site/htdocs/static/forms/OidcKey.html site/htdocs/static/forms/oidcOPMetaDataNode.html site/htdocs/static/forms/oidcOPMetaDataNodeContainer.html site/htdocs/static/forms/oidcRPMetaDataNode.html @@ -149,7 +150,6 @@ site/htdocs/static/forms/postContainer.html site/htdocs/static/forms/README.md site/htdocs/static/forms/restore.html site/htdocs/static/forms/RSACertKey.html -site/htdocs/static/forms/RSACertKeyNoPassword.html site/htdocs/static/forms/rule.html site/htdocs/static/forms/ruleContainer.html site/htdocs/static/forms/samlAssertion.html diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index 690ec26a1312f1334869511879ae492496088c26..cad437b8c0c07f1d6bec6be3a7f011cee178a282 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -59,6 +59,22 @@ sub types { 1; } }, + 'EcOrRSAPrivateKey' => { + 'test' => sub { + return $_[0] =~ +m[^(?:(?:\-+\s*BEGIN\s+(?:(?:RSA|EC|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:(?:RSA|EC|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s + ? 1 + : ( 1, '__badPemEncoding__' ); + } + }, + 'EcOrRSAPublicKeyOrCertificate' => { + 'test' => sub { + return $_[0] =~ +m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s + ? 1 + : ( 1, '__badPemEncoding__' ); + } + }, 'file' => { 'test' => sub { 1; @@ -2516,6 +2532,18 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: 'oidcRPMetaDataOptionsAccessTokenSignAlg' => { 'default' => 'RS256', 'select' => [ { + 'k' => 'HS256', + 'v' => 'HS256' + }, + { + 'k' => 'HS384', + 'v' => 'HS384' + }, + { + 'k' => 'HS512', + 'v' => 'HS512' + }, + { 'k' => 'RS256', 'v' => 'RS256' }, @@ -2526,6 +2554,34 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: { 'k' => 'RS512', 'v' => 'RS512' + }, + { + 'k' => 'PS256', + 'v' => 'PS256' + }, + { + 'k' => 'PS384', + 'v' => 'PS384' + }, + { + 'k' => 'PS512', + 'v' => 'PS512' + }, + { + 'k' => 'ES256', + 'v' => 'ES256' + }, + { + 'k' => 'ES384', + 'v' => 'ES384' + }, + { + 'k' => 'ES512', + 'v' => 'ES512' + }, + { + 'k' => 'EdDSA', + 'v' => 'EdDSA' } ], 'type' => 'select' @@ -2676,6 +2732,34 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: { 'k' => 'RS512', 'v' => 'RS512' + }, + { + 'k' => 'PS256', + 'v' => 'PS256' + }, + { + 'k' => 'PS384', + 'v' => 'PS384' + }, + { + 'k' => 'PS512', + 'v' => 'PS512' + }, + { + 'k' => 'ES256', + 'v' => 'ES256' + }, + { + 'k' => 'ES384', + 'v' => 'ES384' + }, + { + 'k' => 'ES512', + 'v' => 'ES512' + }, + { + 'k' => 'EdDSA', + 'v' => 'EdDSA' } ], 'type' => 'select' @@ -2909,6 +2993,34 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: { 'k' => 'RS512', 'v' => 'JWT/RS512' + }, + { + 'k' => 'PS256', + 'v' => 'JWT/PS256' + }, + { + 'k' => 'PS384', + 'v' => 'JWT/PS384' + }, + { + 'k' => 'PS512', + 'v' => 'JWT/PS512' + }, + { + 'k' => 'ES256', + 'v' => 'JWT/ES256' + }, + { + 'k' => 'ES384', + 'v' => 'JWT/ES384' + }, + { + 'k' => 'ES512', + 'v' => 'JWT/ES512' + }, + { + 'k' => 'EdDSA', + 'v' => 'JWT/EdDSA' } ], 'type' => 'select' @@ -3039,6 +3151,32 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: 'oidcServiceKeyIdSig' => { 'type' => 'text' }, + 'oidcServiceKeyTypeEnc' => { + 'default' => 'RSA', + 'select' => [ { + 'k' => 'RSA', + 'v' => 'RSA' + }, + { + 'k' => 'EC', + 'v' => 'EC' + } + ], + 'type' => 'select' + }, + 'oidcServiceKeyTypeSig' => { + 'default' => 'RSA', + 'select' => [ { + 'k' => 'RSA', + 'v' => 'RSA' + }, + { + 'k' => 'EC', + 'v' => 'EC' + } + ], + 'type' => 'select' + }, 'oidcServiceMetaDataAuthnContext' => { 'default' => { 'loa-1' => 1, @@ -3096,11 +3234,24 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: 'oidcServiceNewKeyIdSig' => { 'type' => 'text' }, + 'oidcServiceNewKeyTypeSig' => { + 'default' => 'RSA', + 'select' => [ { + 'k' => 'RSA', + 'v' => 'RSA' + }, + { + 'k' => 'EC', + 'v' => 'EC' + } + ], + 'type' => 'select' + }, 'oidcServiceNewPrivateKeySig' => { - 'type' => 'RSAPrivateKey' + 'type' => 'EcOrRSAPrivateKey' }, 'oidcServiceNewPublicKeySig' => { - 'type' => 'RSAPublicKeyOrCertificate' + 'type' => 'EcOrRSAPublicKeyOrCertificate' }, 'oidcServiceOfflineSessionExpiration' => { 'default' => 2592000, @@ -3112,29 +3263,55 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: 'oidcServiceOldKeyIdSig' => { 'type' => 'text' }, + 'oidcServiceOldKeyTypeEnc' => { + 'default' => 'RSA', + 'select' => [ { + 'k' => 'RSA', + 'v' => 'RSA' + }, + { + 'k' => 'EC', + 'v' => 'EC' + } + ], + 'type' => 'select' + }, + 'oidcServiceOldKeyTypeSig' => { + 'default' => 'RSA', + 'select' => [ { + 'k' => 'RSA', + 'v' => 'RSA' + }, + { + 'k' => 'EC', + 'v' => 'EC' + } + ], + 'type' => 'select' + }, 'oidcServiceOldPrivateKeyEnc' => { 'type' => 'RSAPrivateKey' }, 'oidcServiceOldPrivateKeySig' => { - 'type' => 'RSAPrivateKey' + 'type' => 'EcOrRSAPrivateKey' }, 'oidcServiceOldPublicKeyEnc' => { 'type' => 'RSAPublicKeyOrCertificate' }, 'oidcServiceOldPublicKeySig' => { - 'type' => 'RSAPublicKeyOrCertificate' + 'type' => 'EcOrRSAPublicKeyOrCertificate' }, 'oidcServicePrivateKeyEnc' => { 'type' => 'RSAPrivateKey' }, 'oidcServicePrivateKeySig' => { - 'type' => 'RSAPrivateKey' + 'type' => 'EcOrRSAPrivateKey' }, 'oidcServicePublicKeyEnc' => { 'type' => 'RSAPublicKeyOrCertificate' }, 'oidcServicePublicKeySig' => { - 'type' => 'RSAPublicKeyOrCertificate' + 'type' => 'EcOrRSAPublicKeyOrCertificate' }, 'oidcStorage' => { 'type' => 'PerlModule' diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 3b24fb2544f40d4a48934b4a42f0f42f228f2d0b..9c9f10fa680e4a48865bd1c950bb315ef6d030d6 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -169,6 +169,26 @@ sub types { ); }, }, + 'EcOrRSAPublicKeyOrCertificate' => { + 'test' => sub { + return ( + $_[0] =~ +/^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$/s + ? (1) + : ( 1, '__badPemEncoding__' ) + ); + }, + }, + EcOrRSAPrivateKey => { + test => sub { + return ( + $_[0] =~ +/^(?:(?:\-+\s*BEGIN\s+(?:(?:RSA|EC|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:(?:RSA|EC|ENCRYPTED)\s+)?PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$/s + ? (1) + : ( 1, '__badPemEncoding__' ) + ); + }, + }, authParamsText => { test => sub { 1 } @@ -4535,24 +4555,46 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: }, documentation => 'OpenID Connect Authentication Context Class Ref', }, - oidcServiceOldPrivateKeySig => { type => 'RSAPrivateKey', }, - oidcServiceOldPublicKeySig => { type => 'RSAPublicKeyOrCertificate', }, - oidcServiceOldKeyIdSig => { + + # OIDC Keys + oidcServiceOldPrivateKeySig => { type => 'EcOrRSAPrivateKey', }, + oidcServiceOldPublicKeySig => + { type => 'EcOrRSAPublicKeyOrCertificate', }, + oidcServiceOldKeyIdSig => { type => 'text', documentation => 'Previous OpenID Connect Signature Key ID', }, - oidcServicePrivateKeySig => { type => 'RSAPrivateKey', }, - oidcServicePublicKeySig => { type => 'RSAPublicKeyOrCertificate', }, - oidcServiceKeyIdSig => { + oidcServiceOldKeyTypeSig => { + type => 'select', + select => [ { k => 'RSA', v => 'RSA' }, { k => 'EC', v => 'EC' } ], + default => 'RSA', + }, + + oidcServicePrivateKeySig => { type => 'EcOrRSAPrivateKey', }, + oidcServicePublicKeySig => { type => 'EcOrRSAPublicKeyOrCertificate', }, + oidcServiceKeyIdSig => { type => 'text', documentation => 'OpenID Connect Signature Key ID', }, - oidcServiceNewPrivateKeySig => { type => 'RSAPrivateKey', }, - oidcServiceNewPublicKeySig => { type => 'RSAPublicKeyOrCertificate', }, - oidcServiceNewKeyIdSig => { + oidcServiceKeyTypeSig => { + type => 'select', + select => [ { k => 'RSA', v => 'RSA' }, { k => 'EC', v => 'EC' } ], + default => 'RSA', + }, + + oidcServiceNewPrivateKeySig => { type => 'EcOrRSAPrivateKey', }, + oidcServiceNewPublicKeySig => + { type => 'EcOrRSAPublicKeyOrCertificate', }, + oidcServiceNewKeyIdSig => { type => 'text', documentation => 'Future OpenID Connect Signature Key ID', }, + oidcServiceNewKeyTypeSig => { + type => 'select', + select => [ { k => 'RSA', v => 'RSA' }, { k => 'EC', v => 'EC' } ], + default => 'RSA', + }, + oidcServiceEncAlgorithmAlg => { type => 'select', select => [ @@ -4591,18 +4633,31 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: default => 'A256GCM', documentation => 'JWT encryption algorithme', }, + oidcServiceOldPrivateKeyEnc => { type => 'RSAPrivateKey', }, oidcServiceOldPublicKeyEnc => { type => 'RSAPublicKeyOrCertificate', }, oidcServiceOldKeyIdEnc => { type => 'text', documentation => 'Previous OpenID Connect Encryption Key ID', }, + oidcServiceOldKeyTypeEnc => { + type => 'select', + select => [ { k => 'RSA', v => 'RSA' }, { k => 'EC', v => 'EC' } ], + default => 'RSA', + }, + oidcServicePrivateKeyEnc => { type => 'RSAPrivateKey', }, oidcServicePublicKeyEnc => { type => 'RSAPublicKeyOrCertificate', }, oidcServiceKeyIdEnc => { type => 'text', documentation => 'OpenID Connect Encryption Key ID', }, + oidcServiceKeyTypeEnc => { + type => 'select', + select => [ { k => 'RSA', v => 'RSA' }, { k => 'EC', v => 'EC' } ], + default => 'RSA', + }, + oidcServiceAllowDynamicRegistration => { type => 'bool', default => 0, @@ -4782,6 +4837,13 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: { k => 'RS256', v => 'RS256' }, { k => 'RS384', v => 'RS384' }, { k => 'RS512', v => 'RS512' }, + { k => 'PS256', v => 'PS256' }, + { k => 'PS384', v => 'PS384' }, + { k => 'PS512', v => 'PS512' }, + { k => 'ES256', v => 'ES256' }, + { k => 'ES384', v => 'ES384' }, + { k => 'ES512', v => 'ES512' }, + { k => 'EdDSA', v => 'EdDSA' }, ], default => 'RS256', }, @@ -4791,9 +4853,19 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: oidcRPMetaDataOptionsAccessTokenSignAlg => { type => 'select', select => [ + { k => 'HS256', v => 'HS256' }, + { k => 'HS384', v => 'HS384' }, + { k => 'HS512', v => 'HS512' }, { k => 'RS256', v => 'RS256' }, { k => 'RS384', v => 'RS384' }, { k => 'RS512', v => 'RS512' }, + { k => 'PS256', v => 'PS256' }, + { k => 'PS384', v => 'PS384' }, + { k => 'PS512', v => 'PS512' }, + { k => 'ES256', v => 'ES256' }, + { k => 'ES384', v => 'ES384' }, + { k => 'ES512', v => 'ES512' }, + { k => 'EdDSA', v => 'EdDSA' }, ], default => 'RS256', }, @@ -4808,6 +4880,13 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: { k => 'RS256', v => 'JWT/RS256' }, { k => 'RS384', v => 'JWT/RS384' }, { k => 'RS512', v => 'JWT/RS512' }, + { k => 'PS256', v => 'JWT/PS256' }, + { k => 'PS384', v => 'JWT/PS384' }, + { k => 'PS512', v => 'JWT/PS512' }, + { k => 'ES256', v => 'JWT/ES256' }, + { k => 'ES384', v => 'JWT/ES384' }, + { k => 'ES512', v => 'JWT/ES512' }, + { k => 'EdDSA', v => 'JWT/EdDSA' }, ], default => '', }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm index 6d6a009ce0b0a71a68b5c1f78d464f3ae2a93904..dd906b181aa90c5aad2d5c33149e370ec293d465 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm @@ -1463,29 +1463,34 @@ sub tree { title => 'oidcServiceMetaDataKeys', nodes => [ { title => 'oidcServiceMetaDataSigKeys', - form => 'RSACertKeyNoPassword', + form => 'OidcKey', group => [ 'oidcServicePrivateKeySig', 'oidcServicePublicKeySig', 'oidcServiceKeyIdSig', + 'oidcServiceKeyTypeSig', 'oidcServiceOldPrivateKeySig', 'oidcServiceOldPublicKeySig', 'oidcServiceOldKeyIdSig', + 'oidcServiceOldKeyTypeSig', 'oidcServiceNewPrivateKeySig', 'oidcServiceNewPublicKeySig', 'oidcServiceNewKeyIdSig', + 'oidcServiceNewKeyTypeSig', ], }, { title => 'oidcServiceMetaDataEncKeys', - form => 'RSACertKeyNoPassword', + form => 'OidcKey', group => [ 'oidcServicePrivateKeyEnc', 'oidcServicePublicKeyEnc', 'oidcServiceKeyIdEnc', + 'oidcServiceKeyTypeEnc', 'oidcServiceOldPrivateKeyEnc', 'oidcServiceOldPublicKeyEnc', 'oidcServiceOldKeyIdEnc', + 'oidcServiceOldKeyTypeEnc', ], }, ], diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm index 1342535ae675b14881abbd9789b386bb65232b59..69ab351d2befae19024f4ce1c9d2ae3210215965 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm @@ -69,6 +69,7 @@ sub init { confs => { newRSAKey => 'newRSAKey', newCertificate => 'newCertificate', + newEcKeys => 'newEcKeys', sendTestMail => 'sendTestMail', raw => 'newRawConf', '*' => 'newConf' @@ -158,6 +159,30 @@ sub newRSAKey { return $self->sendJSONresponse( $req, $keys ); } +# 35 - New EC key pair on demand +# -------------------------- + +##@method public PSGI-JSON-response newEcKeys($req) +# Return a hashref containing private and public keys +# +#@param $req Lemonldap::NG::Common::PSGI::Request object +#@return PSGI JSON response +sub newEcKeys { + my ( $self, $req, @others ) = @_; + require Crypt::PK::ECC; + my $ec_key = Crypt::PK::ECC->new(); + $ec_key->generate_key('secp256r1'); + + my $pubKey = $ec_key->export_key_pem('public'); + my $privKey = $ec_key->export_key_pem('private'); + my $keys = { + private => $privKey, + public => $pubKey, + hash => md5_base64($pubKey), + }; + return $self->sendJSONresponse( $req, $keys ); +} + # This function does the dirty X509 work, # mostly copied from IO::Socket::SSL::Utils # and adapter to work on old platforms (CentOS7) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index af9a0ad00a8c39fb13a036bf8286a785dba4e9e4..843ef8e889c5de9dccb1d26ee7de03e1b902dd06 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -1145,6 +1145,30 @@ sub tests { return 1; }, + # OIDC Signature and Encryption tests + oidcSigAlgShouldMatchKeyType => sub { + for my $key ( + qw(oidcRPMetaDataOptionsIDTokenSignAlg oidcRPMetaDataOptionsAccessTokenSignAlg oidcRPMetaDataOptionsUserInfoSignAlg) + ) + { + foreach my $rp ( keys %{ $conf->{oidcRPMetaDataOptions} } ) { + return ( 0, +"Signature algorithm shouldn't be ES* if key type is RSA ($rp/$key)" + ) + if $conf->{oidcRPMetaDataOptions}->{$rp}->{$key} + and $conf->{oidcRPMetaDataOptions}->{$rp}->{$key} =~ /^E/ + and $conf->{oidcServiceKeyType} ne 'EC'; + return ( 0, +"Signature algorithm shouldn't be RS* or PS* if key type is EC ($rp/$key)" + ) + if $conf->{oidcRPMetaDataOptions}->{$rp}->{$key} + and $conf->{oidcRPMetaDataOptions}->{$rp}->{$key} !~ /^E/ + and $conf->{oidcServiceKeyType} eq 'EC'; + } + } + return 1; + }, + # Warn if both oidcRPMetaDataOptionsJwks and oidcRPMetaDataOptionsJwksUri is set noJwksDuplication => sub { return 1 diff --git a/lemonldap-ng-manager/site/coffee/manager.coffee b/lemonldap-ng-manager/site/coffee/manager.coffee index a1f424e8ba01756bb8b8bb663e9d55836a185dc1..e7a5e73cd0ab54891adb771cf24e6a326b86aa20 100644 --- a/lemonldap-ng-manager/site/coffee/manager.coffee +++ b/lemonldap-ng-manager/site/coffee/manager.coffee @@ -717,15 +717,29 @@ llapp.controller 'TreeCtrl', [ , -> console.log('New key cancelled') + $scope.newEcKeys = -> + $scope.waiting = true + currentNode = $scope.currentNode + $http.post("#{window.confPrefix}/newEcKeys", {"password": ''}).then (response) -> + for i in [0..3] + currentNode.data[i+4].data = currentNode.data[i].data + currentNode.data[0].data = response.data.private + currentNode.data[1].data = response.data.public + currentNode.data[2].data = response.data.hash + currentNode.data[3].data = 'EC' + $scope.waiting = false + , readError + $scope.newCertificateNoPassword = -> $scope.waiting = true currentNode = $scope.currentNode $http.post("#{window.confPrefix}/newCertificate", {"password": ''}).then (response) -> - for i in [0..2] - currentNode.data[i+3].data = currentNode.data[i].data + for i in [0..3] + currentNode.data[i+4].data = currentNode.data[i].data currentNode.data[0].data = response.data.private currentNode.data[1].data = response.data.public currentNode.data[2].data = response.data.hash + currentNode.data[3].data = 'RSA' $scope.waiting = false , readError diff --git a/lemonldap-ng-manager/site/htdocs/static/forms/RSACertKeyNoPassword.html b/lemonldap-ng-manager/site/htdocs/static/forms/OidcKey.html similarity index 89% rename from lemonldap-ng-manager/site/htdocs/static/forms/RSACertKeyNoPassword.html rename to lemonldap-ng-manager/site/htdocs/static/forms/OidcKey.html index 8b149b27d329608cd156bd3e64bc0002136586e4..1ce357d85b531b39be90132cdb7bf8b2882ebbbf 100644 --- a/lemonldap-ng-manager/site/htdocs/static/forms/RSACertKeyNoPassword.html +++ b/lemonldap-ng-manager/site/htdocs/static/forms/OidcKey.html @@ -5,6 +5,10 @@
+
+ + +
@@ -13,12 +17,15 @@
-
- - -
+
+ + +
@@ -74,6 +81,10 @@ "title": "newCertificate", "action": "newCertificateNoPassword", "icon": "plus-sign" +},{ + "title": "newEcKeys", + "action": "newEcKeys", + "icon": "plus-sign" },{ "title": "download", "icon": "save-file", diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js index beeea8c187348ad903535e9eadcb2c6ee5b39913..edcf93a42f3ded9c8f974384d9b6ecccbf073f5f 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js @@ -625,6 +625,34 @@ function templates(tpl,key) { { "k" : "RS512", "v" : "RS512" + }, + { + "k" : "PS256", + "v" : "PS256" + }, + { + "k" : "PS384", + "v" : "PS384" + }, + { + "k" : "PS512", + "v" : "PS512" + }, + { + "k" : "ES256", + "v" : "ES256" + }, + { + "k" : "ES384", + "v" : "ES384" + }, + { + "k" : "ES512", + "v" : "ES512" + }, + { + "k" : "EdDSA", + "v" : "EdDSA" } ], "title" : "oidcRPMetaDataOptionsIDTokenSignAlg", @@ -635,6 +663,18 @@ function templates(tpl,key) { "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAccessTokenSignAlg", "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAccessTokenSignAlg", "select" : [ + { + "k" : "HS256", + "v" : "HS256" + }, + { + "k" : "HS384", + "v" : "HS384" + }, + { + "k" : "HS512", + "v" : "HS512" + }, { "k" : "RS256", "v" : "RS256" @@ -646,6 +686,34 @@ function templates(tpl,key) { { "k" : "RS512", "v" : "RS512" + }, + { + "k" : "PS256", + "v" : "PS256" + }, + { + "k" : "PS384", + "v" : "PS384" + }, + { + "k" : "PS512", + "v" : "PS512" + }, + { + "k" : "ES256", + "v" : "ES256" + }, + { + "k" : "ES384", + "v" : "ES384" + }, + { + "k" : "ES512", + "v" : "ES512" + }, + { + "k" : "EdDSA", + "v" : "EdDSA" } ], "title" : "oidcRPMetaDataOptionsAccessTokenSignAlg", @@ -687,6 +755,34 @@ function templates(tpl,key) { { "k" : "RS512", "v" : "JWT/RS512" + }, + { + "k" : "PS256", + "v" : "JWT/PS256" + }, + { + "k" : "PS384", + "v" : "JWT/PS384" + }, + { + "k" : "PS512", + "v" : "JWT/PS512" + }, + { + "k" : "ES256", + "v" : "JWT/ES256" + }, + { + "k" : "ES384", + "v" : "JWT/ES384" + }, + { + "k" : "ES512", + "v" : "JWT/ES512" + }, + { + "k" : "EdDSA", + "v" : "JWT/EdDSA" } ], "title" : "oidcRPMetaDataOptionsUserInfoSignAlg", diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js index df260ea91b657bf021e35fa35b0d0f6fb86e5fa2..3b99985a4d0b1d796b1e85f64fc0cad68e44be79 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js @@ -1 +1 @@ -function templates(t,e){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+e+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+e+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+e+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+e+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/casAppMetaDataOptionsService",id:t+"s/"+e+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+e+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+e+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{default:-1,get:t+"s/"+e+"/casAppMetaDataOptionsLogout",id:t+"s/"+e+"/casAppMetaDataOptionsLogout",title:"casAppMetaDataOptionsLogout",type:"trool"},{get:t+"s/"+e+"/casAppMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/casAppMetaDataOptionsAuthnLevel",title:"casAppMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/casAppMetaDataOptionsRule",id:t+"s/"+e+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"},{get:t+"s/"+e+"/casAppMetaDataOptionsComment",id:t+"s/"+e+"/casAppMetaDataOptionsComment",title:"casAppMetaDataOptionsComment",type:"longtext"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/casAppMetaDataOptionsDisplayName",id:t+"s/"+e+"/casAppMetaDataOptionsDisplayName",title:"casAppMetaDataOptionsDisplayName"}],id:"casAppMetaDataOptionsDisplay",title:"casAppMetaDataOptionsDisplay",type:"simpleInputContainer"},{cnodes:t+"s/"+e+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+e+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+e+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+e+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+e+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+e+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/casSrvMetaDataOptionsUrl",id:t+"s/"+e+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+e+"/casSrvMetaDataOptionsRenew",id:t+"s/"+e+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+e+"/casSrvMetaDataOptionsGateway",id:t+"s/"+e+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"},{get:t+"s/"+e+"/casSrvMetaDataOptionsComment",id:t+"s/"+e+"/casSrvMetaDataOptionsComment",title:"casSrvMetaDataOptionsComment",type:"longtext"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+e+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/casSrvMetaDataOptionsIcon",id:t+"s/"+e+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+e+"/casSrvMetaDataOptionsTooltip",id:t+"s/"+e+"/casSrvMetaDataOptionsTooltip",title:"casSrvMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/casSrvMetaDataOptionsResolutionRule",id:t+"s/"+e+"/casSrvMetaDataOptionsResolutionRule",title:"casSrvMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+e+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"intOrNull"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+e+"/oidcOPMetaDataJSON",id:t+"s/"+e+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+e+"/oidcOPMetaDataJWKS",id:t+"s/"+e+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+e+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+e+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+e+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+e+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+e+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+e+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+e+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsUserAttribute",id:t+"s/"+e+"/oidcOPMetaDataOptionsUserAttribute",title:"oidcOPMetaDataOptionsUserAttribute"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+e+"/oidcOPMetaDataOptionsScope",id:t+"s/"+e+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+e+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+e+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+e+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+e+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+e+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+e+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"client_secret_post",get:t+"s/"+e+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+e+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+e+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+e+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+e+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+e+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+e+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+e+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsComment",id:t+"s/"+e+"/oidcOPMetaDataOptionsComment",title:"oidcOPMetaDataOptionsComment",type:"longtext"}],help:"authopenidconnect.html#options",id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+e+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+e+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+e+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsTooltip",id:t+"s/"+e+"/oidcOPMetaDataOptionsTooltip",title:"oidcOPMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/oidcOPMetaDataOptionsResolutionRule",id:t+"s/"+e+"/oidcOPMetaDataOptionsResolutionRule",title:"oidcOPMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+e+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"intOrNull"}],help:"authopenidconnect.html#display",id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+e+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+e+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+e+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"}],help:"idpopenidconnect.html#basic-options",id:"oidcRPMetaDataOptionsBasic",title:"oidcRPMetaDataOptionsBasic",type:"simpleInputContainer"},{cnodes:t+"s/"+e+"/oidcRPMetaDataExportedVars",default:[{data:["mail","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/email",title:"email",type:"oidcAttribute"},{data:["cn","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/name",title:"name",type:"oidcAttribute"},{data:["uid","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/preferred_username",title:"preferred_username",type:"oidcAttribute"}],help:"idpopenidconnect.html#exported-attributes",id:t+"s/"+e+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"oidcAttributeContainer"},{_nodes:[{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsBypassConsent",id:t+"s/"+e+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenJWT",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenJWT",title:"oidcRPMetaDataOptionsAccessTokenJWT",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenClaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenClaims",title:"oidcRPMetaDataOptionsAccessTokenClaims",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+e+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAdditionalAudiences",id:t+"s/"+e+"/oidcRPMetaDataOptionsAdditionalAudiences",title:"oidcRPMetaDataOptionsAdditionalAudiences"}],id:"oidcRPMetaDataOptionsAdvanced",title:"oidcRPMetaDataOptionsAdvanced",type:"simpleInputContainer"},{_nodes:[{cnodes:t+"s/"+e+"/oidcRPMetaDataOptionsExtraClaims",default:[],help:"idpopenidconnect.html#oidcextraclaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/oidcRPMetaDataScopeRules",default:[],help:"idpopenidconnect.html#scope-rules",id:t+"s/"+e+"/oidcRPMetaDataScopeRules",title:"oidcRPMetaDataScopeRules",type:"keyTextContainer"}],id:"oidcRPMetaDataOptionsScopes",title:"oidcRPMetaDataOptionsScopes"},{_nodes:[{default:"RS256",get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{default:"RS256",get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenSignAlg",select:[{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsAccessTokenSignAlg",type:"select"},{default:"",get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoSignAlg",select:[{k:"",v:"JSON"},{k:"none",v:"JWT/None"},{k:"HS256",v:"JWT/HS256"},{k:"HS384",v:"JWT/HS384"},{k:"HS512",v:"JWT/HS512"},{k:"RS256",v:"JWT/RS256"},{k:"RS384",v:"JWT/RS384"},{k:"RS512",v:"JWT/RS512"}],title:"oidcRPMetaDataOptionsUserInfoSignAlg",type:"select"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+e+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowPasswordGrant",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowPasswordGrant",title:"oidcRPMetaDataOptionsAllowPasswordGrant",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",title:"oidcRPMetaDataOptionsAllowClientCredentialsGrant",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRequestUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsRequestUris",title:"oidcRPMetaDataOptionsRequestUris"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnLevel",title:"oidcRPMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRule",id:t+"s/"+e+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsJwksUri",help:"idpopenidconnect.html",id:t+"s/"+e+"/oidcRPMetaDataOptionsJwksUri",title:"oidcRPMetaDataOptionsJwksUri"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsIdTokenEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsUserInfoEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsLogoutEncContentEncAlg",type:"select"}],id:"security",title:"security",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"intOrNull"}],id:"oidcRPMetaDataOptionsTimeouts",title:"oidcRPMetaDataOptionsTimeouts",type:"simpleInputContainer"},{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutBypassConfirm",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutBypassConfirm",title:"oidcRPMetaDataOptionsLogoutBypassConfirm",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"},{default:"front",get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"},{k:"back",v:"Back Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"}],id:"logout",title:"logout",type:"simpleInputContainer"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsComment",id:t+"s/"+e+"/oidcRPMetaDataOptionsComment",title:"oidcRPMetaDataOptionsComment",type:"longtext"}],help:"idpopenidconnect.html#options",id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+e+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+e+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+e+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],help:"idpopenidconnect.html#display",id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+e+"/samlIDPMetaDataXML",id:t+"s/"+e+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+e+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported-attributes",id:t+"s/"+e+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+e+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+e+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+e+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+e+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],help:"authsaml.html#session",id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSignatureMethod",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlIDPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+e+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+e+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],help:"authsaml.html#signature",id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+e+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+e+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],help:"authsaml.html#binding",id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+e+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+e+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],help:"authsaml.html#security",id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+e+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+e+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+e+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+e+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+e+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+e+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"},{_nodes:[{get:t+"s/"+e+"/samlIDPMetaDataOptionsFederationEntityID",id:t+"s/"+e+"/samlIDPMetaDataOptionsFederationEntityID",title:"samlIDPMetaDataOptionsFederationEntityID"}],id:"samlIDPMetaDataOptionsFederation",title:"samlIDPMetaDataOptionsFederation",type:"simpleInputContainer"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsComment",id:t+"s/"+e+"/samlIDPMetaDataOptionsComment",title:"samlIDPMetaDataOptionsComment",type:"longtext"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+e+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+e+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsTooltip",id:t+"s/"+e+"/samlIDPMetaDataOptionsTooltip",title:"samlIDPMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+e+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+e+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"intOrNull"}],help:"authsaml.html#display",id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+e+"/samlSPMetaDataXML",id:t+"s/"+e+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+e+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported-attributes",id:t+"s/"+e+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+e+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+e+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+e+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+e+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+e+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+e+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+e+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+e+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+e+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+e+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsSignatureMethod",id:t+"s/"+e+"/samlSPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlSPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+e+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+e+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+e+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+e+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+e+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+e+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+e+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+e+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+e+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+e+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+e+"/samlSPMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/samlSPMetaDataOptionsAuthnLevel",title:"samlSPMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/samlSPMetaDataOptionsRule",id:t+"s/"+e+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/samlSPMetaDataOptionsFederationEntityID",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationEntityID",title:"samlSPMetaDataOptionsFederationEntityID"},{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsFederationOptionalAttributes",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationOptionalAttributes",select:[{k:"",v:"keep"},{k:"ignore",v:"ignore"}],title:"samlSPMetaDataOptionsFederationOptionalAttributes",type:"select"},{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsFederationRequiredAttributes",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationRequiredAttributes",select:[{k:"",v:"keep"},{k:"optional",v:"makeoptional"},{k:"ignore",v:"ignore"}],title:"samlSPMetaDataOptionsFederationRequiredAttributes",type:"select"}],id:"samlSPMetaDataOptionsFederation",title:"samlSPMetaDataOptionsFederation",type:"simpleInputContainer"},{get:t+"s/"+e+"/samlSPMetaDataOptionsComment",id:t+"s/"+e+"/samlSPMetaDataOptionsComment",title:"samlSPMetaDataOptionsComment",type:"longtext"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+e+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+e+"/locationRules",default:[{data:"deny",id:t+"s/"+e+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+e+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+e+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+e+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/post",help:"formreplay.html",id:t+"s/"+e+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+e+"/vhostPort",id:t+"s/"+e+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+e+"/vhostHttps",id:t+"s/"+e+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+e+"/vhostMaintenance",id:t+"s/"+e+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+e+"/vhostAliases",id:t+"s/"+e+"/vhostAliases",title:"vhostAliases"},{default:"",get:t+"s/"+e+"/vhostAccessToTrace",id:t+"s/"+e+"/vhostAccessToTrace",title:"vhostAccessToTrace"},{get:t+"s/"+e+"/vhostAuthnLevel",id:t+"s/"+e+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"intOrNull"},{default:"Main",get:t+"s/"+e+"/vhostType",id:t+"s/"+e+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"DevOpsCDA",v:"DevOpsCDA"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+e+"/vhostDevOpsRulesUrl",id:t+"s/"+e+"/vhostDevOpsRulesUrl",title:"vhostDevOpsRulesUrl"},{default:-1,get:t+"s/"+e+"/vhostServiceTokenTTL",id:t+"s/"+e+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"},{default:"",get:t+"s/"+e+"/vhostComment",id:t+"s/"+e+"/vhostComment",title:"vhostComment",type:"longtext"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file +function templates(t,e){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+e+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+e+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+e+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+e+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/casAppMetaDataOptionsService",id:t+"s/"+e+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+e+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+e+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{default:-1,get:t+"s/"+e+"/casAppMetaDataOptionsLogout",id:t+"s/"+e+"/casAppMetaDataOptionsLogout",title:"casAppMetaDataOptionsLogout",type:"trool"},{get:t+"s/"+e+"/casAppMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/casAppMetaDataOptionsAuthnLevel",title:"casAppMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/casAppMetaDataOptionsRule",id:t+"s/"+e+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"},{get:t+"s/"+e+"/casAppMetaDataOptionsComment",id:t+"s/"+e+"/casAppMetaDataOptionsComment",title:"casAppMetaDataOptionsComment",type:"longtext"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/casAppMetaDataOptionsDisplayName",id:t+"s/"+e+"/casAppMetaDataOptionsDisplayName",title:"casAppMetaDataOptionsDisplayName"}],id:"casAppMetaDataOptionsDisplay",title:"casAppMetaDataOptionsDisplay",type:"simpleInputContainer"},{cnodes:t+"s/"+e+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+e+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+e+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+e+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+e+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+e+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/casSrvMetaDataOptionsUrl",id:t+"s/"+e+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+e+"/casSrvMetaDataOptionsRenew",id:t+"s/"+e+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+e+"/casSrvMetaDataOptionsGateway",id:t+"s/"+e+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"},{get:t+"s/"+e+"/casSrvMetaDataOptionsComment",id:t+"s/"+e+"/casSrvMetaDataOptionsComment",title:"casSrvMetaDataOptionsComment",type:"longtext"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+e+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/casSrvMetaDataOptionsIcon",id:t+"s/"+e+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+e+"/casSrvMetaDataOptionsTooltip",id:t+"s/"+e+"/casSrvMetaDataOptionsTooltip",title:"casSrvMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/casSrvMetaDataOptionsResolutionRule",id:t+"s/"+e+"/casSrvMetaDataOptionsResolutionRule",title:"casSrvMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+e+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"intOrNull"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+e+"/oidcOPMetaDataJSON",id:t+"s/"+e+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+e+"/oidcOPMetaDataJWKS",id:t+"s/"+e+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+e+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+e+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+e+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+e+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+e+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+e+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+e+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsUserAttribute",id:t+"s/"+e+"/oidcOPMetaDataOptionsUserAttribute",title:"oidcOPMetaDataOptionsUserAttribute"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+e+"/oidcOPMetaDataOptionsScope",id:t+"s/"+e+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+e+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+e+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+e+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+e+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+e+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+e+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"client_secret_post",get:t+"s/"+e+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+e+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+e+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+e+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+e+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+e+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+e+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+e+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsComment",id:t+"s/"+e+"/oidcOPMetaDataOptionsComment",title:"oidcOPMetaDataOptionsComment",type:"longtext"}],help:"authopenidconnect.html#options",id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+e+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+e+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+e+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsTooltip",id:t+"s/"+e+"/oidcOPMetaDataOptionsTooltip",title:"oidcOPMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/oidcOPMetaDataOptionsResolutionRule",id:t+"s/"+e+"/oidcOPMetaDataOptionsResolutionRule",title:"oidcOPMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+e+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"intOrNull"}],help:"authopenidconnect.html#display",id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+e+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+e+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+e+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"}],help:"idpopenidconnect.html#basic-options",id:"oidcRPMetaDataOptionsBasic",title:"oidcRPMetaDataOptionsBasic",type:"simpleInputContainer"},{cnodes:t+"s/"+e+"/oidcRPMetaDataExportedVars",default:[{data:["mail","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/email",title:"email",type:"oidcAttribute"},{data:["cn","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/name",title:"name",type:"oidcAttribute"},{data:["uid","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/preferred_username",title:"preferred_username",type:"oidcAttribute"}],help:"idpopenidconnect.html#exported-attributes",id:t+"s/"+e+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"oidcAttributeContainer"},{_nodes:[{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsBypassConsent",id:t+"s/"+e+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenJWT",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenJWT",title:"oidcRPMetaDataOptionsAccessTokenJWT",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenClaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenClaims",title:"oidcRPMetaDataOptionsAccessTokenClaims",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+e+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAdditionalAudiences",id:t+"s/"+e+"/oidcRPMetaDataOptionsAdditionalAudiences",title:"oidcRPMetaDataOptionsAdditionalAudiences"}],id:"oidcRPMetaDataOptionsAdvanced",title:"oidcRPMetaDataOptionsAdvanced",type:"simpleInputContainer"},{_nodes:[{cnodes:t+"s/"+e+"/oidcRPMetaDataOptionsExtraClaims",default:[],help:"idpopenidconnect.html#oidcextraclaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/oidcRPMetaDataScopeRules",default:[],help:"idpopenidconnect.html#scope-rules",id:t+"s/"+e+"/oidcRPMetaDataScopeRules",title:"oidcRPMetaDataScopeRules",type:"keyTextContainer"}],id:"oidcRPMetaDataOptionsScopes",title:"oidcRPMetaDataOptionsScopes"},{_nodes:[{default:"RS256",get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"},{k:"PS256",v:"PS256"},{k:"PS384",v:"PS384"},{k:"PS512",v:"PS512"},{k:"ES256",v:"ES256"},{k:"ES384",v:"ES384"},{k:"ES512",v:"ES512"},{k:"EdDSA",v:"EdDSA"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{default:"RS256",get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenSignAlg",select:[{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"},{k:"PS256",v:"PS256"},{k:"PS384",v:"PS384"},{k:"PS512",v:"PS512"},{k:"ES256",v:"ES256"},{k:"ES384",v:"ES384"},{k:"ES512",v:"ES512"},{k:"EdDSA",v:"EdDSA"}],title:"oidcRPMetaDataOptionsAccessTokenSignAlg",type:"select"},{default:"",get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoSignAlg",select:[{k:"",v:"JSON"},{k:"none",v:"JWT/None"},{k:"HS256",v:"JWT/HS256"},{k:"HS384",v:"JWT/HS384"},{k:"HS512",v:"JWT/HS512"},{k:"RS256",v:"JWT/RS256"},{k:"RS384",v:"JWT/RS384"},{k:"RS512",v:"JWT/RS512"},{k:"PS256",v:"JWT/PS256"},{k:"PS384",v:"JWT/PS384"},{k:"PS512",v:"JWT/PS512"},{k:"ES256",v:"JWT/ES256"},{k:"ES384",v:"JWT/ES384"},{k:"ES512",v:"JWT/ES512"},{k:"EdDSA",v:"JWT/EdDSA"}],title:"oidcRPMetaDataOptionsUserInfoSignAlg",type:"select"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+e+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowPasswordGrant",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowPasswordGrant",title:"oidcRPMetaDataOptionsAllowPasswordGrant",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",title:"oidcRPMetaDataOptionsAllowClientCredentialsGrant",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRequestUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsRequestUris",title:"oidcRPMetaDataOptionsRequestUris"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnLevel",title:"oidcRPMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRule",id:t+"s/"+e+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsIdTokenEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsUserInfoEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsLogoutEncContentEncAlg",type:"select"}],id:"security",title:"security",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsJwksUri",help:"idpopenidconnect.html",id:t+"s/"+e+"/oidcRPMetaDataOptionsJwksUri",title:"oidcRPMetaDataOptionsJwksUri"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsJwks",id:t+"s/"+e+"/oidcRPMetaDataOptionsJwks",title:"oidcRPMetaDataOptionsJwks",type:"file"}],id:"keys",title:"keys"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"intOrNull"}],id:"oidcRPMetaDataOptionsTimeouts",title:"oidcRPMetaDataOptionsTimeouts",type:"simpleInputContainer"},{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutBypassConfirm",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutBypassConfirm",title:"oidcRPMetaDataOptionsLogoutBypassConfirm",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"},{default:"front",get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"},{k:"back",v:"Back Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"}],id:"logout",title:"logout",type:"simpleInputContainer"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsComment",id:t+"s/"+e+"/oidcRPMetaDataOptionsComment",title:"oidcRPMetaDataOptionsComment",type:"longtext"}],help:"idpopenidconnect.html#options",id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+e+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+e+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+e+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],help:"idpopenidconnect.html#display",id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+e+"/samlIDPMetaDataXML",id:t+"s/"+e+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+e+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported-attributes",id:t+"s/"+e+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+e+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+e+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+e+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+e+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],help:"authsaml.html#session",id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSignatureMethod",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlIDPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+e+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+e+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],help:"authsaml.html#signature",id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+e+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+e+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],help:"authsaml.html#binding",id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+e+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+e+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],help:"authsaml.html#security",id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+e+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+e+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+e+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+e+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+e+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+e+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"},{_nodes:[{get:t+"s/"+e+"/samlIDPMetaDataOptionsFederationEntityID",id:t+"s/"+e+"/samlIDPMetaDataOptionsFederationEntityID",title:"samlIDPMetaDataOptionsFederationEntityID"}],id:"samlIDPMetaDataOptionsFederation",title:"samlIDPMetaDataOptionsFederation",type:"simpleInputContainer"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsComment",id:t+"s/"+e+"/samlIDPMetaDataOptionsComment",title:"samlIDPMetaDataOptionsComment",type:"longtext"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+e+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+e+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsTooltip",id:t+"s/"+e+"/samlIDPMetaDataOptionsTooltip",title:"samlIDPMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+e+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+e+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"intOrNull"}],help:"authsaml.html#display",id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+e+"/samlSPMetaDataXML",id:t+"s/"+e+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+e+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported-attributes",id:t+"s/"+e+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+e+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+e+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+e+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+e+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+e+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+e+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+e+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+e+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+e+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+e+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsSignatureMethod",id:t+"s/"+e+"/samlSPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlSPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+e+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+e+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+e+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+e+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+e+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+e+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+e+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+e+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+e+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+e+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+e+"/samlSPMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/samlSPMetaDataOptionsAuthnLevel",title:"samlSPMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/samlSPMetaDataOptionsRule",id:t+"s/"+e+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/samlSPMetaDataOptionsFederationEntityID",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationEntityID",title:"samlSPMetaDataOptionsFederationEntityID"},{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsFederationOptionalAttributes",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationOptionalAttributes",select:[{k:"",v:"keep"},{k:"ignore",v:"ignore"}],title:"samlSPMetaDataOptionsFederationOptionalAttributes",type:"select"},{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsFederationRequiredAttributes",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationRequiredAttributes",select:[{k:"",v:"keep"},{k:"optional",v:"makeoptional"},{k:"ignore",v:"ignore"}],title:"samlSPMetaDataOptionsFederationRequiredAttributes",type:"select"}],id:"samlSPMetaDataOptionsFederation",title:"samlSPMetaDataOptionsFederation",type:"simpleInputContainer"},{get:t+"s/"+e+"/samlSPMetaDataOptionsComment",id:t+"s/"+e+"/samlSPMetaDataOptionsComment",title:"samlSPMetaDataOptionsComment",type:"longtext"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+e+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+e+"/locationRules",default:[{data:"deny",id:t+"s/"+e+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+e+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+e+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+e+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/post",help:"formreplay.html",id:t+"s/"+e+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+e+"/vhostPort",id:t+"s/"+e+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+e+"/vhostHttps",id:t+"s/"+e+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+e+"/vhostMaintenance",id:t+"s/"+e+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+e+"/vhostAliases",id:t+"s/"+e+"/vhostAliases",title:"vhostAliases"},{default:"",get:t+"s/"+e+"/vhostAccessToTrace",id:t+"s/"+e+"/vhostAccessToTrace",title:"vhostAccessToTrace"},{get:t+"s/"+e+"/vhostAuthnLevel",id:t+"s/"+e+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"intOrNull"},{default:"Main",get:t+"s/"+e+"/vhostType",id:t+"s/"+e+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"DevOpsCDA",v:"DevOpsCDA"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+e+"/vhostDevOpsRulesUrl",id:t+"s/"+e+"/vhostDevOpsRulesUrl",title:"vhostDevOpsRulesUrl"},{default:-1,get:t+"s/"+e+"/vhostServiceTokenTTL",id:t+"s/"+e+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"},{default:"",get:t+"s/"+e+"/vhostComment",id:t+"s/"+e+"/vhostComment",title:"vhostComment",type:"longtext"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map index feb7d503f4a411953e583a0cba485f8fb5b090a7..537ebb343ee48a9617a845c60b33ae97dc877e86 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,oCACb,EACA,CACGH,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,OACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHF,GAAO,wBACPC,MAAU,wBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,GAEHD,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,wCAC5BI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,4BACzBI,GAAOL,EAAI,KAAKC,EAAQ,4BACxBK,MAAU,0BACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHF,GAAO,wBACPC,MAAU,wBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,GAEHF,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBK,MAAU,uCACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,KACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,UACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,oCACb,GAEHD,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,4BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,MACNC,EAAM,KACT,GAEHP,MAAU,+BACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,6BACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,KACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGH,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,oBACT,EACA,CACGD,EAAM,sBACNC,EAAM,qBACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,qCACVC,KAAS,KACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,gCACVC,KAAS,MACZ,GAEHF,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,iCACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,GAEHG,KAAS,iCACTL,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,mCACb,GAEHI,KAAS,sCACTL,GAAO,6BACPC,MAAU,6BACVC,KAAS,sBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,CACN,OACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,QACVC,KAAS,eACZ,EACA,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,eACZ,EACA,CACGH,KAAS,CACN,MACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,qBACVC,KAAS,eACZ,GAEHG,KAAS,4CACTL,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,qCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,iCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,0CACb,GAEHD,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGN,OAAWF,EAAI,KAAKC,EAAQ,oCAC5BE,QAAY,GACZO,KAAS,wCACTL,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,4BAC5BE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAQ,4BACxBK,MAAU,2BACVC,KAAS,kBACZ,GAEHF,GAAO,8BACPC,MAAU,6BACb,EACA,CACGE,OAAW,CACR,CACGL,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,sCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,0CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,OACNC,EAAM,UACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBK,MAAU,mDACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBS,KAAS,wBACTL,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,mDACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,2CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6CACzBI,GAAOL,EAAI,KAAKC,EAAQ,6CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,4CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,gDACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,0CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,8CACVC,KAAS,QACZ,GAEHF,GAAO,WACPC,MAAU,WACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBK,MAAU,mDACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,WACZ,GAEHF,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,2CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,eACT,EACA,CACGD,EAAM,OACNC,EAAM,cACT,GAEHP,MAAU,kCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBK,MAAU,6CACb,GAEHD,GAAO,SACPC,MAAU,SACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,gCACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGJ,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,GAEHI,KAAS,gCACTL,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,GAGD,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,qCAC5BE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,qCACb,GAEHI,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,GAEHP,MAAU,wCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kDACzBI,GAAOL,EAAI,KAAKC,EAAQ,kDACxBK,MAAU,iDACVC,KAAS,MACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kDACzBI,GAAOL,EAAI,KAAKC,EAAQ,kDACxBK,MAAU,iDACVC,KAAS,MACZ,GAEHG,KAAS,0BACTL,GAAO,kCACPC,MAAU,kCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,EACA,CACGD,EAAM,gBACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,GAEHP,MAAU,mCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,EACA,CACGD,EAAM,gBACNC,EAAM,UACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,GAEHP,MAAU,mCACVC,KAAS,QACZ,GAEHG,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,SACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,GAEHG,KAAS,yBACTL,GAAO,iCACPC,MAAU,iCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,OACNC,EAAM,kBACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,qCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,+BACNC,EAAM,8BACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,wBACT,GAEHP,MAAU,8CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,0CACb,GAEHD,GAAO,mCACPC,MAAU,mCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,gCACVC,KAAS,UACZ,GAEHG,KAAS,wBACTL,GAAO,yBACPC,MAAU,yBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,mCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,4BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,WACZ,GAEHG,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,qBACzBI,GAAOL,EAAI,KAAKC,EAAQ,qBACxBK,MAAU,oBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,oCAC5BE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,OACNC,EAAM,kBACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,oCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBK,MAAU,uCACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAQ,mDACzBI,GAAOL,EAAI,KAAKC,EAAQ,mDACxBK,MAAU,kDACVC,KAAS,KACZ,EACA,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,2CACVC,KAAS,KACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,iCACVC,KAAS,MACZ,GAEHF,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,GAEHF,GAAO,iCACPC,MAAU,iCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,SACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,sCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,GAEHD,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,yCACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qDACzBI,GAAOL,EAAI,KAAKC,EAAQ,qDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,GAEHP,MAAU,oDACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qDACzBI,GAAOL,EAAI,KAAKC,EAAQ,qDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,GAEHP,MAAU,oDACVC,KAAS,QACZ,GAEHF,GAAO,kCACPC,MAAU,kCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,uBACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGJ,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,GAGD,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAQ,iBAC5BE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,yBACxBa,GAAO,UACPR,MAAU,UACVC,KAAS,MACZ,GAEHG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAQ,iBACxBK,MAAU,gBACVC,KAAS,eACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,mBAC5BS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAQ,mBACxBK,MAAU,kBACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,QAC5BS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAQ,QACxBK,MAAU,OACVC,KAAS,eACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,aACzBI,GAAOL,EAAI,KAAKC,EAAQ,aACxBK,MAAU,YACVC,KAAS,KACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,cACzBI,GAAOL,EAAI,KAAKC,EAAQ,cACxBK,MAAU,aACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oBACzBI,GAAOL,EAAI,KAAKC,EAAQ,oBACxBK,MAAU,mBACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gBACzBI,GAAOL,EAAI,KAAKC,EAAQ,gBACxBK,MAAU,cACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,oBACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mBACzBI,GAAOL,EAAI,KAAKC,EAAQ,mBACxBK,MAAU,kBACVC,KAAS,WACZ,EACA,CACGJ,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,aACzBI,GAAOL,EAAI,KAAKC,EAAQ,aACxBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,MACNC,EAAM,KACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,GAEHP,MAAU,YACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,uBACzBI,GAAOL,EAAI,KAAKC,EAAQ,uBACxBK,MAAU,qBACb,EACA,CACGH,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wBACzBI,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,KACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gBACzBI,GAAOL,EAAI,KAAKC,EAAQ,gBACxBK,MAAU,eACVC,KAAS,UACZ,GAEHG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,sBACZ,GAGD,QACE,MAAO,EACT,CACF,CAEA,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,MAAM,EACzBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG,MAAM,CAC3B"} \ No newline at end of file +{"version":3,"sources":["conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,oCACb,EACA,CACGH,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,OACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHF,GAAO,wBACPC,MAAU,wBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,GAEHD,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,wCAC5BI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,4BACzBI,GAAOL,EAAI,KAAKC,EAAQ,4BACxBK,MAAU,0BACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHF,GAAO,wBACPC,MAAU,wBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,GAEHF,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBK,MAAU,uCACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,KACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,UACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,oCACb,GAEHD,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,4BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,MACNC,EAAM,KACT,GAEHP,MAAU,+BACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,6BACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,KACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGH,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,oBACT,EACA,CACGD,EAAM,sBACNC,EAAM,qBACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,qCACVC,KAAS,KACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,gCACVC,KAAS,MACZ,GAEHF,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,iCACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,GAEHG,KAAS,iCACTL,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,mCACb,GAEHI,KAAS,sCACTL,GAAO,6BACPC,MAAU,6BACVC,KAAS,sBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,CACN,OACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,QACVC,KAAS,eACZ,EACA,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,eACZ,EACA,CACGH,KAAS,CACN,MACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,qBACVC,KAAS,eACZ,GAEHG,KAAS,4CACTL,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,qCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,iCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,0CACb,GAEHD,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGN,OAAWF,EAAI,KAAKC,EAAQ,oCAC5BE,QAAY,GACZO,KAAS,wCACTL,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,4BAC5BE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAQ,4BACxBK,MAAU,2BACVC,KAAS,kBACZ,GAEHF,GAAO,8BACPC,MAAU,6BACb,EACA,CACGE,OAAW,CACR,CACGL,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,sCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,0CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,OACNC,EAAM,UACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBK,MAAU,mDACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,mDACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,2CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6CACzBI,GAAOL,EAAI,KAAKC,EAAQ,6CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,4CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,gDACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,0CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,8CACVC,KAAS,QACZ,GAEHF,GAAO,WACPC,MAAU,WACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,gCACzBS,KAAS,wBACTL,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,4BACVC,KAAS,MACZ,GAEHF,GAAO,OACPC,MAAU,MACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBK,MAAU,mDACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,WACZ,GAEHF,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,2CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,eACT,EACA,CACGD,EAAM,OACNC,EAAM,cACT,GAEHP,MAAU,kCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBK,MAAU,6CACb,GAEHD,GAAO,SACPC,MAAU,SACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,gCACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGJ,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,GAEHI,KAAS,gCACTL,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,GAGD,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,qCAC5BE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,qCACb,GAEHI,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,GAEHP,MAAU,wCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kDACzBI,GAAOL,EAAI,KAAKC,EAAQ,kDACxBK,MAAU,iDACVC,KAAS,MACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kDACzBI,GAAOL,EAAI,KAAKC,EAAQ,kDACxBK,MAAU,iDACVC,KAAS,MACZ,GAEHG,KAAS,0BACTL,GAAO,kCACPC,MAAU,kCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,EACA,CACGD,EAAM,gBACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,GAEHP,MAAU,mCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,EACA,CACGD,EAAM,gBACNC,EAAM,UACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,GAEHP,MAAU,mCACVC,KAAS,QACZ,GAEHG,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,SACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,GAEHG,KAAS,yBACTL,GAAO,iCACPC,MAAU,iCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,OACNC,EAAM,kBACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,qCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,+BACNC,EAAM,8BACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,wBACT,GAEHP,MAAU,8CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,0CACb,GAEHD,GAAO,mCACPC,MAAU,mCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,gCACVC,KAAS,UACZ,GAEHG,KAAS,wBACTL,GAAO,yBACPC,MAAU,yBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,mCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,4BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,WACZ,GAEHG,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,qBACzBI,GAAOL,EAAI,KAAKC,EAAQ,qBACxBK,MAAU,oBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,oCAC5BE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,OACNC,EAAM,kBACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,oCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBK,MAAU,uCACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAQ,mDACzBI,GAAOL,EAAI,KAAKC,EAAQ,mDACxBK,MAAU,kDACVC,KAAS,KACZ,EACA,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,2CACVC,KAAS,KACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,iCACVC,KAAS,MACZ,GAEHF,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,GAEHF,GAAO,iCACPC,MAAU,iCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,SACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,sCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,GAEHD,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,yCACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qDACzBI,GAAOL,EAAI,KAAKC,EAAQ,qDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,GAEHP,MAAU,oDACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qDACzBI,GAAOL,EAAI,KAAKC,EAAQ,qDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,GAEHP,MAAU,oDACVC,KAAS,QACZ,GAEHF,GAAO,kCACPC,MAAU,kCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,uBACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGJ,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,GAGD,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAQ,iBAC5BE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,yBACxBa,GAAO,UACPR,MAAU,UACVC,KAAS,MACZ,GAEHG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAQ,iBACxBK,MAAU,gBACVC,KAAS,eACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,mBAC5BS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAQ,mBACxBK,MAAU,kBACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,QAC5BS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAQ,QACxBK,MAAU,OACVC,KAAS,eACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,aACzBI,GAAOL,EAAI,KAAKC,EAAQ,aACxBK,MAAU,YACVC,KAAS,KACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,cACzBI,GAAOL,EAAI,KAAKC,EAAQ,cACxBK,MAAU,aACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oBACzBI,GAAOL,EAAI,KAAKC,EAAQ,oBACxBK,MAAU,mBACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gBACzBI,GAAOL,EAAI,KAAKC,EAAQ,gBACxBK,MAAU,cACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,oBACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mBACzBI,GAAOL,EAAI,KAAKC,EAAQ,mBACxBK,MAAU,kBACVC,KAAS,WACZ,EACA,CACGJ,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,aACzBI,GAAOL,EAAI,KAAKC,EAAQ,aACxBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,MACNC,EAAM,KACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,GAEHP,MAAU,YACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,uBACzBI,GAAOL,EAAI,KAAKC,EAAQ,uBACxBK,MAAU,qBACb,EACA,CACGH,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wBACzBI,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,KACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gBACzBI,GAAOL,EAAI,KAAKC,EAAQ,gBACxBK,MAAU,eACVC,KAAS,UACZ,GAEHG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,sBACZ,GAGD,QACE,MAAO,EACT,CACF,CAEA,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,MAAM,EACzBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG,MAAM,CAC3B"} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/js/manager.js b/lemonldap-ng-manager/site/htdocs/static/js/manager.js index cc5eafb611a10c4bc72292582d5aa9651f0ca757..6cf42067309c4753e61c79c8f713f24485464533 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/manager.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/manager.js @@ -1088,6 +1088,27 @@ return console.log('New key cancelled'); }); }; + $scope.newEcKeys = function() { + var currentNode; + $scope.waiting = true; + currentNode = $scope.currentNode; + return $http.post(`${window.confPrefix}/newEcKeys`, + { + "password": '' + }).then(function(response) { + var i, + o; + for (i = o = 0; o <= 3; i = ++o) { + currentNode.data[i + 4].data = currentNode.data[i].data; + } + currentNode.data[0].data = response.data.private; + currentNode.data[1].data = response.data.public; + currentNode.data[2].data = response.data.hash; + currentNode.data[3].data = 'EC'; + return $scope.waiting = false; + }, + readError); + }; $scope.newCertificateNoPassword = function() { var currentNode; $scope.waiting = true; @@ -1098,12 +1119,13 @@ }).then(function(response) { var i, o; - for (i = o = 0; o <= 2; i = ++o) { - currentNode.data[i + 3].data = currentNode.data[i].data; + for (i = o = 0; o <= 3; i = ++o) { + currentNode.data[i + 4].data = currentNode.data[i].data; } currentNode.data[0].data = response.data.private; currentNode.data[1].data = response.data.public; currentNode.data[2].data = response.data.hash; + currentNode.data[3].data = 'RSA'; return $scope.waiting = false; }, readError); diff --git a/lemonldap-ng-manager/site/htdocs/static/js/manager.min.js b/lemonldap-ng-manager/site/htdocs/static/js/manager.min.js index b6a000c87fdf47cdddab15e0455e6c9b8b53b1f0..8dd6909a7cd2d594da112f4383e11b6a15579e8c 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/manager.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/manager.min.js @@ -1,2 +1,2 @@ -!function(){angular.module("llngManager",["ui.tree","ui.bootstrap","llApp","ngCookies"]).controller("TreeCtrl",["$scope","$http","$location","$q","$uibModal","$translator","$cookies","$htmlParams",function(f,l,a,d,r,n,o,e){var t,s,u,c,i,p,m,g;return f.links=window.links,f.menu=e.menu,f.menulinks=window.menulinks,f.staticPrefix=window.staticPrefix,f.formPrefix=window.formPrefix,f.availableLanguages=window.availableLanguages,f.waiting=!0,f.showM=!1,f.showT=!1,f.form="home",f.currentCfg={},f.confPrefix=window.confPrefix,f.message={},f.result="",f.translateTitle=function(e){return n.translateField(e,"title")},f.translateP=n.translateP,f.translate=n.translate,f.helpUrl="start.html#configuration",f.setShowHelp=function(e){var t;return null==e&&(e=!f.showH),f.showH=e,(t=new Date(Date.now())).setFullYear(t.getFullYear()+1),o.put("showhelp",e?"true":"false",{expires:t})},f.showH="false"!==o.get("showhelp"),null==f.showH&&f.setShowHelp(!0),p=function(e){var t=e.status,e=e.statusLine;return f.waiting=!1,403===t?f.message={title:"forbidden",message:"",items:[]}:401===t?(console.log("Authentication needed"),f.message={title:"authenticationNeeded",message:"__waitOrF5__",items:[]}):f.message=400===t||0{client_name} || "Self registered client"; my $logo_uri = $client_metadata->{logo_uri}; my $id_token_signed_response_alg = - $client_metadata->{id_token_signed_response_alg} || "RS256"; + $client_metadata->{id_token_signed_response_alg} + || ( $self->conf->{oidcServiceKeyTypeSig} eq 'EC' ? 'ES256' : 'RS256' ); my $userinfo_signed_response_alg = $client_metadata->{userinfo_signed_response_alg}; my $redirect_uris = $client_metadata->{redirect_uris}; @@ -2421,8 +2422,14 @@ sub logout { # logout_token= # # RP response should be 200 (204 accepted) or 400 for errors - my $alg = $self->rpOptions->{$rp} - ->{oidcRPMetaDataOptionsAccessTokenSignAlg} || "RS256"; + my $alg = + $self->rpOptions->{$rp} + ->{oidcRPMetaDataOptionsAccessTokenSignAlg} + || ( + $self->conf->{oidcServiceKeyTypeSig} eq 'EC' + ? 'ES256' + : 'RS256' + ); $self->logger->debug( "Access Token signature algorithm: $alg"); my $userId = @@ -2554,6 +2561,14 @@ sub metadata { push( @$grant_types, "hybrid" ); } + my @supportedSigAlg = qw/none HS256 HS384 HS512/; + if ( $self->conf->{oidcServiceKeyTypeSig} eq 'EC' ) { + push @supportedSigAlg, qw/ES256 ES256K ES384 ES512 EdDSA/; + } + else { + push @supportedSigAlg, qw/RS256 RS384 RS512 PS256 PS384 PS512/; + } + # Create OpenID configuration hash; return $self->p->sendJSONresponse( $req, @@ -2592,15 +2607,13 @@ sub metadata { require_request_uri_registration => JSON::true, # Algorithms - id_token_signing_alg_values_supported => - [qw/none HS256 HS384 HS512 RS256 RS384 RS512/], + id_token_signing_alg_values_supported => \@supportedSigAlg, id_token_encryption_alg_values_supported => &Lemonldap::NG::Portal::Lib::OpenIDConnect::ENC_ALG_SUPPORTED, id_token_encryption_enc_values_supported => &Lemonldap::NG::Portal::Lib::OpenIDConnect::ENC_SUPPORTED, - userinfo_signing_alg_values_supported => - [qw/none HS256 HS384 HS512 RS256 RS384 RS512/], + userinfo_signing_alg_values_supported => \@supportedSigAlg, userinfo_encryption_alg_values_supported => &Lemonldap::NG::Portal::Lib::OpenIDConnect::ENC_ALG_SUPPORTED, diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm index b140bb7a59108e3a4eb4ad8bd02af64eab0954c9..48abd6811e8d5a21177a230ec9614d321f87fa76 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm @@ -8,8 +8,9 @@ package Lemonldap::NG::Portal::Lib::OpenIDConnect; use strict; use Crypt::OpenSSL::RSA; use Crypt::OpenSSL::X509; -use Crypt::JWT qw(encode_jwt decode_jwt); -use Digest::SHA qw/sha1 hmac_sha256_base64 sha256 sha384 sha512 sha256_base64/; +use Crypt::JWT qw(encode_jwt decode_jwt); +use Digest::SHA + qw/sha1 hmac_sha256_base64 sha256 sha384 sha512 sha256_base64/; use JSON; use Lemonldap::NG::Common::FormEncode; use Lemonldap::NG::Common::UserAgent; @@ -1229,7 +1230,7 @@ sub makeJWT { # Get signature algorithm my $alg = $self->rpOptions->{$rp}->{oidcRPMetaDataOptionsAccessTokenSignAlg} - || "RS256"; + || ( $self->conf->{oidcServiceKeyTypeSig} eq 'EC' ? 'ES256' : 'RS256' ); $self->logger->debug("Access Token signature algorithm: $alg"); my $jwt = $self->createJWT( $access_token_payload, $alg, $rp, "at+JWT" ); @@ -2176,15 +2177,24 @@ sub getIDTokenSub { # @param key Raw key # @return HashRef JWKS key sub key2jwks { - my ( $self, $key ) = @_; + my ( $self, $key, $type ) = @_; - my $rsa_pub = Crypt::OpenSSL::RSA->new_private_key($key); - my @params = $rsa_pub->get_key_parameters(); + if ( $type and $type eq 'EC' ) { + require Crypt::PK::ECC; + my $eck = Crypt::PK::ECC->new(); + $eck->import_key( \$key ); + return $eck->export_key_jwk( 'public', 1 ); + } + else { + my $rsa_pub = Crypt::OpenSSL::RSA->new_private_key($key); + my @params = $rsa_pub->get_key_parameters(); - return { - n => encode_base64url( $params[0]->to_bin(), "" ), - e => encode_base64url( $params[1]->to_bin(), "" ), - }; + return { + n => encode_base64url( $params[0]->to_bin(), "" ), + e => encode_base64url( $params[1]->to_bin(), "" ), + kty => 'RSA', + }; + } } # Return X.509 data if public key is a certificate @@ -2232,9 +2242,10 @@ sub _buildJwk { my $publicKeyOrCert = $self->conf->{"oidcService${prefix}PublicKey$type"}; my $privateKey = $self->conf->{"oidcService${prefix}PrivateKey$type"}; my $keyId = $self->conf->{"oidcService${prefix}KeyId$type"}; + my $keytype = $self->conf->{"oidcService${prefix}KeyType$type"}; return $privateKey ? { - kty => 'RSA', + kty => $keytype, use => lc($type), ( $type eq 'Enc' @@ -2242,7 +2253,7 @@ sub _buildJwk { : () ), ( $keyId ? ( kid => $keyId ) : () ), - %{ $self->key2jwks($privateKey) }, + %{ $self->key2jwks( $privateKey, $keytype ) }, %{ $self->getCertInfo($publicKeyOrCert) }, } : (); diff --git a/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid-EC-keys.t b/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid-EC-keys.t new file mode 100644 index 0000000000000000000000000000000000000000..37abcaa988d30dd971c3db49988ee2c905be3f77 --- /dev/null +++ b/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid-EC-keys.t @@ -0,0 +1,285 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; +} + +my $debug = 'error'; +my ( $op, $rp, $res ); + +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + ok( $req->uri =~ m#http://auth.((?:o|r)p).com(.*)#, ' REST request' ); + my $host = $1; + my $url = $2; + my ( $res, $client ); + count(1); + if ( $host eq 'op' ) { + pass(" Request from RP to OP, endpoint $url"); + $client = $op; + } + elsif ( $host eq 'rp' ) { + pass(' Request from OP to RP'); + $client = $rp; + } + else { + fail(' Aborting REST request (external)'); + return [ 500, [], [] ]; + } + switch ($host); + if ( $req->method =~ /^post$/i ) { + my $s = $req->content; + ok( + $res = $client->_post( + $url, IO::String->new($s), + length => length($s), + type => $req->header('Content-Type'), + ), + ' Execute request' + ); + } + else { + ok( + $res = $client->_get( + $url, + custom => { + HTTP_AUTHORIZATION => $req->header('Authorization'), + } + ), + ' Execute request' + ); + } + ok( $res->[0] == 200, ' Response is 200' ); + count(3); + if ( $url !~ /blogout/ ) { + ok( getHeader( $res, 'Content-Type' ) =~ m#^application/json#, + ' Content is JSON' ) + or explain( $res->[1], 'Content-Type => application/json' ); + count(1); + } + switch ( $host eq 'rp' ? 'op' : 'rp' ); + return $res; + } +); + +# Initialization +ok( $op = op(), 'OP portal' ); + +ok( $res = $op->_get('/oauth2/jwks'), 'Get JWKS, endpoint /oauth2/jwks' ); +expectOK($res); +my $jwks = $res->[2]->[0]; + +ok( + $res = $op->_get('/.well-known/openid-configuration'), + 'Get metadata, endpoint /.well-known/openid-configuration' +); +expectOK($res); +my $metadata = $res->[2]->[0]; +count(3); + +switch ('rp'); +&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 ); +ok( $rp = rp( $jwks, $metadata ), 'RP portal' ); +count(1); + +# Query RP for auth +ok( $res = $rp->_get( '/', accept => 'text/html' ), 'Unauth RP request' ); +count(1); +my ( $url, $query ) = + expectRedirection( $res, qr#http://auth.op.com(/oauth2/authorize)\?(.*)$# ); + +# Push request to OP +switch ('op'); +ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ), + "Push request to OP, endpoint $url" ); +count(1); +expectOK($res); + +# Try to authenticate to OP +$query = "user=french&password=french&$query"; +ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + length => length($query), + ), + "Post authentication, endpoint $url" +); +count(1); +my $idpId = expectCookie($res); +my ( $host, $tmp ); +( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' ); + +ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + cookie => "lemonldap=$idpId", + length => length($query), + ), + "Post confirmation, endpoint $url" +); +count(1); + +($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# ); + +# Push OP response to RP +switch ('rp'); + +ok( $res = $rp->_get( '/', query => $query, accept => 'text/html' ), + 'Call openidconnectcallback on RP' ); +count(1); +my $spId = expectCookie($res); + +# Logout initiated by OP +switch ('op'); + +# Reset conf to make sure to make sure lazy loading works during logout (#3014) +$op->p->HANDLER->checkConf(1); + +ok( + $res = $op->_get( + '/', + query => 'logout', + cookie => "lemonldap=$idpId", + accept => 'text/html' + ), + 'Query OP for logout' +); +count(1); +expectOK($res); + +# Test if logout is done +ok( + $res = $op->_get( + '/', cookie => "lemonldap=$idpId", + ), + 'Test if user is reject on OP' +); +count(1); +expectReject($res); + +switch ('rp'); +ok( + $res = $rp->_get( + '/', + cookie => "lemonldap=$spId", + accept => 'text/html' + ), + 'Test if user is reject on RP' +); +count(1); +expectRedirection( $res, qr#http://auth.op.com(/oauth2/authorize)\?(.*)$# ); + +clean_sessions(); +done_testing( count() ); + +sub op { + return LLNG::Manager::Test->new( + { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.op.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBOpenIDConnectActivation => "1", + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + } + }, + oidcServiceAllowHybridFlow => 1, + oidcServiceAllowImplicitFlow => 1, + oidcServiceAllowAuthorizationCodeFlow => 1, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsIDTokenSignAlg => "ES256", + oidcRPMetaDataOptionsBypassConsent => 0, + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + oidcRPMetaDataOptionsLogoutUrl => + 'http://auth.rp.com/oauth2/blogout', + oidcRPMetaDataOptionsLogoutType => 'back', + oidcRPMetaDataOptionsLogoutSessionRequired => 1, + oidcRPMetaDataOptionsRedirectUris => + 'http://auth.rp.com?openidconnectcallback=1', + } + }, + oidcOPMetaDataOptions => {}, + oidcOPMetaDataJSON => {}, + oidcOPMetaDataJWKS => {}, + oidcServiceMetaDataAuthnContext => { + 'loa-4' => 4, + 'loa-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 + }, + oidcServiceKeyTypeSig => 'EC', + oidcServicePrivateKeySig => &oidc_key_op_private_ec_sig, + oidcServicePublicKeySig => &oidc_key_op_public_ec_sig, + } + } + ); +} + +sub rp { + my ( $jwks, $metadata ) = @_; + return LLNG::Manager::Test->new( + { + ini => { + logLevel => $debug, + domain => 'rp.com', + portal => 'http://auth.rp.com', + authentication => 'OpenIDConnect', + userDB => 'Same', + restSessionServer => 1, + oidcOPMetaDataExportedVars => { + op => { + cn => "name", + uid => "sub", + sn => "family_name", + mail => "email" + } + }, + oidcServiceMetaDataBackChannelURI => 'blogout', + oidcOPMetaDataOptions => { + op => { + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsScope => "openid profile", + oidcOPMetaDataOptionsStoreIDToken => 0, + oidcOPMetaDataOptionsDisplay => "", + oidcOPMetaDataOptionsClientID => "rpid", + oidcOPMetaDataOptionsConfigurationURI => + "https://auth.op.com/.well-known/openid-configuration" + } + }, + oidcOPMetaDataJWKS => { + op => $jwks, + }, + oidcOPMetaDataJSON => { + op => $metadata, + } + } + } + ); +} diff --git a/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid-with-JWE-and-EC-keys.t b/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid-with-JWE-and-EC-keys.t new file mode 100644 index 0000000000000000000000000000000000000000..f9e0e59ac0b10e39b35434c7151aaf1cbee6736c --- /dev/null +++ b/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid-with-JWE-and-EC-keys.t @@ -0,0 +1,304 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; +} + +my $debug = 'error'; +my ( $op, $rp, $res ); + +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + ok( $req->uri =~ m#http://auth.((?:o|r)p).com(.*)#, ' REST request' ); + my $host = $1; + my $url = $2; + my ( $res, $client ); + count(1); + if ( $host eq 'op' ) { + pass(" Request from RP to OP, endpoint $url"); + $client = $op; + } + elsif ( $host eq 'rp' ) { + pass(' Request from OP to RP'); + $client = $rp; + } + else { + fail(' Aborting REST request (external)'); + return [ 500, [], [] ]; + } + switch ($host); + if ( $req->method =~ /^post$/i ) { + my $s = $req->content; + ok( + $res = $client->_post( + $url, IO::String->new($s), + length => length($s), + type => $req->header('Content-Type'), + ), + ' Execute request' + ); + } + else { + ok( + $res = $client->_get( + $url, + ( + $req->header('Authorization') + ? ( + custom => { + HTTP_AUTHORIZATION => + $req->header('Authorization'), + } + ) + : () + ), + ), + ' Execute request' + ); + } + ok( $res->[0] == 200, ' Response is 200' ); + count(3); + if ( $url !~ /blogout/ ) { + ok( + getHeader( $res, 'Content-Type' ) =~ + m#^application/(?:json|jwt)#, + ' Content is JSON' + ) or explain( $res->[1], 'Content-Type => application/json' ); + count(1); + } + switch ( $host eq 'rp' ? 'op' : 'rp' ); + return $res; + } +); + +# Initialization +ok( $op = op(), 'OP portal' ); + +ok( $res = $op->_get('/oauth2/jwks'), 'Get JWKS, endpoint /oauth2/jwks' ); +expectOK($res); +my $jwks = $res->[2]->[0]; + +ok( + $res = $op->_get('/.well-known/openid-configuration'), + 'Get metadata, endpoint /.well-known/openid-configuration' +); +expectOK($res); +my $metadata = $res->[2]->[0]; +count(3); + +switch ('rp'); +&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 ); +ok( $rp = rp( $jwks, $metadata ), 'RP portal' ); +count(1); + +# Query RP for auth +ok( $res = $rp->_get( '/', accept => 'text/html' ), 'Unauth RP request' ); +count(1); +my ( $url, $query ) = + expectRedirection( $res, qr#http://auth.op.com(/oauth2/authorize)\?(.*)$# ); + +# Push request to OP +switch ('op'); +ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ), + "Push request to OP, endpoint $url" ); +count(1); +expectOK($res); + +# Try to authenticate to OP +$query = "user=french&password=french&$query"; +ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + length => length($query), + ), + "Post authentication, endpoint $url" +); +count(1); +my $idpId = expectCookie($res); +my ( $host, $tmp ); +( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' ); + +ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + cookie => "lemonldap=$idpId", + length => length($query), + ), + "Post confirmation, endpoint $url" +); +count(1); + +($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# ); + +# Push OP response to RP +switch ('rp'); + +ok( $res = $rp->_get( '/', query => $query, accept => 'text/html' ), + 'Call openidconnectcallback on RP' ); +count(1); +my $spId = expectCookie($res); + +# Logout initiated by OP +switch ('op'); + +# Reset conf to make sure to make sure lazy loading works during logout (#3014) +$op->p->HANDLER->checkConf(1); + +ok( + $res = $op->_get( + '/', + query => 'logout', + cookie => "lemonldap=$idpId", + accept => 'text/html' + ), + 'Query OP for logout' +); +count(1); +expectOK($res); + +# Test if logout is done +ok( + $res = $op->_get( + '/', cookie => "lemonldap=$idpId", + ), + 'Test if user is reject on OP' +); +count(1); +expectReject($res); + +switch ('rp'); +ok( + $res = $rp->_get( + '/', + cookie => "lemonldap=$spId", + accept => 'text/html' + ), + 'Test if user is reject on RP' +); +count(1); +expectRedirection( $res, qr#http://auth.op.com(/oauth2/authorize)\?(.*)$# ); + +clean_sessions(); +done_testing( count() ); + +sub op { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.op.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBOpenIDConnectActivation => "1", + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + } + }, + oidcServiceAllowHybridFlow => 1, + oidcServiceAllowImplicitFlow => 1, + oidcServiceAllowAuthorizationCodeFlow => 1, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg => + 'ECDH-ES', + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsIDTokenSignAlg => "ES256", + oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg => 'ECDH-ES', + oidcRPMetaDataOptionsBypassConsent => 0, + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsUserInfoSignAlg => 'ES256', + oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg => 'ECDH-ES', + oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + oidcRPMetaDataOptionsLogoutUrl => + 'http://auth.rp.com/oauth2/blogout', + oidcRPMetaDataOptionsLogoutType => 'back', + oidcRPMetaDataOptionsLogoutSessionRequired => 1, + oidcRPMetaDataOptionsLogoutEncKeyMgtAlg => 'ECDH-ES', + oidcRPMetaDataOptionsRedirectUris => + 'http://auth.rp.com?openidconnectcallback=1', + oidcRPMetaDataOptionsJwksUri => + 'http://auth.rp.com/oauth2/jwks', + } + }, + oidcOPMetaDataOptions => {}, + oidcOPMetaDataJSON => {}, + oidcOPMetaDataJWKS => {}, + oidcServiceMetaDataAuthnContext => { + 'loa-4' => 4, + 'loa-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 + }, + oidcServiceKeyTypeSig => 'EC', + oidcServicePrivateKeySig => &oidc_key_op_private_ec_sig, + oidcServicePublicKeySig => &oidc_key_op_public_ec_sig, + } + } + ); +} + +sub rp { + my ( $jwks, $metadata ) = @_; + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'rp.com', + portal => 'http://auth.rp.com', + authentication => 'OpenIDConnect', + userDB => 'Same', + restSessionServer => 1, + oidcOPMetaDataExportedVars => { + op => { + cn => "name", + uid => "sub", + sn => "family_name", + mail => "email" + } + }, + oidcServiceMetaDataBackChannelURI => 'blogout', + oidcOPMetaDataOptions => { + op => { + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsScope => "openid profile", + oidcOPMetaDataOptionsStoreIDToken => 0, + oidcOPMetaDataOptionsDisplay => "", + oidcOPMetaDataOptionsClientID => "rpid", + oidcOPMetaDataOptionsConfigurationURI => + "https://auth.op.com/.well-known/openid-configuration" + } + }, + oidcServicePrivateKeyEnc => &oidc_key_op_private_ec_sig, + oidcServicePublicKeyEnc => &oidc_key_op_public_ec_sig, + oidcServiceKeyIdEnc => 'aabbcc', + oidcServiceKeyTypeEnc => 'EC', + oidcOPMetaDataJWKS => { + op => $jwks, + }, + oidcOPMetaDataJSON => { + op => $metadata, + }, + } + } + ); +} diff --git a/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid.t b/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid.t index 6d2d2c79728874dfedb4f20887d9e7be4381ef62..80545f8ad035efef54d7998dd2eb0089d6890563 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid.t +++ b/lemonldap-ng-portal/t/32-OIDC-Back-Channel-Logout-sid.t @@ -141,7 +141,6 @@ ok( $res = $rp->_get( '/', query => $query, accept => 'text/html' ), count(1); my $spId = expectCookie($res); - # Logout initiated by OP switch ('op'); diff --git a/lemonldap-ng-portal/t/32-OIDC-JWE.t b/lemonldap-ng-portal/t/32-OIDC-JWE.t index 3b1e305434cf478680d11ac78bb4c7670091899b..a311a03b4f33bc09e450aa5281331b095051be6a 100644 --- a/lemonldap-ng-portal/t/32-OIDC-JWE.t +++ b/lemonldap-ng-portal/t/32-OIDC-JWE.t @@ -312,7 +312,6 @@ sub rp { oidcOPMetaDataOptionsClientID => "rpid", oidcOPMetaDataOptionsConfigurationURI => "https://auth.op.com/.well-known/openid-configuration", - oidcServiceKeyIdEnc => 'aabbcc', } }, oidcServicePrivateKeyEnc => oidc_key_op_private_sig, diff --git a/lemonldap-ng-portal/t/oidc-lib.pm b/lemonldap-ng-portal/t/oidc-lib.pm index 108ca7d9a1a5efa70ed2baceb51d40b2624e709b..a33c6b0f6d8f720e5ec6282710523417953601c2 100644 --- a/lemonldap-ng-portal/t/oidc-lib.pm +++ b/lemonldap-ng-portal/t/oidc-lib.pm @@ -1,5 +1,30 @@ use Lemonldap::NG::Common::JWT qw/getJWTPayload getJWTHeader/; +sub oidc_key_op_private_ec_sig { + '-----BEGIN EC PRIVATE KEY----- +MIIBUQIBAQQggmWd5U3Stm54SoTlH18+b7n1/T5agIin9BqwpGnCwMuggeMwgeAC +AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA//////////////// +MEQEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr +vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwRBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLesz +oPShOUXYmMKWT+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD///// +AAAAAP//////////vOb6racXnoTzucrC/GMlUQIBAaFEA0IABG+Hq4JussV3gHNt +KADLOTyfvvEbZSX/izaftpK05tVU39YTYz54PKOOcgXPvmoPPreVaQLhL2YjxFPD +p2qalrs= +-----END EC PRIVATE KEY-----'; +} + +sub oidc_key_op_public_ec_sig { + '-----BEGIN PUBLIC KEY----- +MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAA +AAAAAAAAAAD///////////////8wRAQg/////wAAAAEAAAAAAAAAAAAAAAD///// +//////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLBEEEaxfR +8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84z +V2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8YyVR +AgEBA0IABG+Hq4JussV3gHNtKADLOTyfvvEbZSX/izaftpK05tVU39YTYz54PKOO +cgXPvmoPPreVaQLhL2YjxFPDp2qalrs= +-----END PUBLIC KEY-----'; +} + sub oidc_key_op_private_sig { "-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt @@ -78,8 +103,7 @@ sub login { local $Test::Builder::Level = $Test::Builder::Level + 1; my ( $op, $uid ) = @_; my $res; - my $query = buildForm( - { + my $query = buildForm( { user => $uid, password => $uid, } @@ -116,8 +140,7 @@ sub codeAuthorize { sub tokenExchange { my ( $op, $clientid, %params ) = @_; - my $query = buildForm( - { + my $query = buildForm( { grant_type => 'urn:ietf:params:oauth:grant-type:token-exchange', %params } @@ -138,8 +161,7 @@ sub tokenExchange { sub codeGrant { my ( $op, $clientid, $code, $redirect_uri ) = @_; - my $query = buildForm( - { + my $query = buildForm( { grant_type => "authorization_code", code => $code, redirect_uri => $redirect_uri, @@ -176,8 +198,7 @@ sub getUserinfo { sub refreshGrant { my ( $op, $client_id, $refresh_token ) = @_; - $query = buildForm( - { + $query = buildForm( { grant_type => 'refresh_token', refresh_token => $refresh_token, } @@ -198,8 +219,7 @@ sub refreshGrant { sub introspect { my ( $op, $client_id, $token ) = @_; - my $query = buildForm( - { + my $query = buildForm( { client_id => $client_id, client_secret => $client_id, token => $token,