...
 
Commits (32)
# debian/tests/runner launch pkg-perl-autopkgtest tests for each library
Test-Command: ./debian/tests/runner build-deps
Depends: @, @builddeps@, pkg-perl-autopkgtest, libmouse-perl
Test-Command: ./debian/tests/runner build-deps lemonldap-ng-common
Depends: liblemonldap-ng-common-perl, @builddeps@, pkg-perl-autopkgtest
Test-Command: ./debian/tests/runner runtime-deps
Depends: @, pkg-perl-autopkgtest, libmouse-perl
Test-Command: ./debian/tests/runner build-deps lemonldap-ng-handler
Depends: liblemonldap-ng-handler-perl, @builddeps@, pkg-perl-autopkgtest
Test-Command: ./debian/tests/runner build-deps lemonldap-ng-portal
Depends: liblemonldap-ng-portal-perl, @builddeps@, pkg-perl-autopkgtest
Test-Command: ./debian/tests/runner build-deps lemonldap-ng-manager
Depends: liblemonldap-ng-manager-perl, @builddeps@, pkg-perl-autopkgtest
Test-Command: ./debian/tests/runner runtime-deps lemonldap-ng-common
Depends: liblemonldap-ng-common-perl, pkg-perl-autopkgtest, libmouse-perl
Restrictions: superficial, skippable
# Disable this one: skipped
#Test-Command: ./debian/tests/runner runtime-deps lemonldap-ng-handler
#Depends: liblemonldap-ng-handler-perl, pkg-perl-autopkgtest, libmouse-perl
#Restrictions: superficial, skippable
Test-Command: ./debian/tests/runner runtime-deps lemonldap-ng-portal
Depends: liblemonldap-ng-portal-perl, pkg-perl-autopkgtest, libmouse-perl
Restrictions: superficial, skippable
Test-Command: ./debian/tests/runner runtime-deps lemonldap-ng-manager
Depends: liblemonldap-ng-manager-perl, pkg-perl-autopkgtest, libmouse-perl
Restrictions: superficial, skippable
# Use pkg-perl-autopkgtest test for runtime-deps-and-recommends
# Some portal suggested dependencies are added here
Test-Command: /usr/share/pkg-perl-autopkgtest/runner runtime-deps-and-recommends
Depends: @, @builddeps@, pkg-perl-autopkgtest, libyaml-perl, liblog-log4perl-perl, libauthen-pam-perl, libauthen-radius-perl, libweb-id-perl, libipc-run-perl
Depends: @, @builddeps@, pkg-perl-autopkgtest, libyaml-perl, liblog-log4perl-perl, libauthen-pam-perl, libauthen-radius-perl, libweb-id-perl
Restrictions: superficial
#Test-Command: ./debian/tests/runner heavy-deps
#Depends: @, pkg-perl-autopkgtest, pkg-perl-autopkgtest-heavy, libmouse-perl
......@@ -141,6 +141,10 @@
"namespace": "lemonldap-ng-sessions"
},
"locationRules": {
"auth.example.com" : {
"(?#checkUser)/checkuser" : "$uid eq \"dwho\"",
"default" : "deny"
},
"manager.example.com": {
"(?#Configuration)^/(manager\\.html|conf/)": "$uid eq \"dwho\"",
"(?#Notifications)^/notifications": "$uid eq \"dwho\" or $uid eq \"rtyler\"",
......
......@@ -28,7 +28,7 @@ sub defaultValues {
'casAccessControlPolicy' => 'none',
'casAuthnLevel' => 1,
'checkTime' => 600,
'checkUserHiddenAttributes' => 'UA _2fDevices _loginHistory',
'checkUserHiddenAttributes' => '_2fDevices _loginHistory hGroups',
'checkXSS' => 1,
'confirmFormMethod' => 'post',
'cookieName' => 'lemonldap',
......@@ -64,30 +64,34 @@ sub defaultValues {
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
},
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'idSpoofingHiddenAttributes' => '_2fDevices _loginHistory',
'idSpoofingPrefix' => 'real_',
'idSpoofingRule' => 1,
'idSpoofingSkipEmptyValues' => 1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'cn' => 'cn',
'mail' => 'mail',
'uid' => 'uid'
......@@ -241,6 +245,7 @@ sub defaultValues {
'samlOrganizationDisplayName' => 'Example',
'samlOrganizationName' => 'Example',
'samlOrganizationURL' => 'http://www.example.com',
'samlOverrideIDPEntityID' => '',
'samlRelayStateTimeout' => 600,
'samlServiceSignatureMethod' => 'RSA_SHA1',
'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
......
......@@ -66,7 +66,7 @@ our $issuerParameters = {
issuerDBOpenIDConnect => [qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)],
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
};
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlOverrideIDPEntityID)];
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)];
1;
......@@ -41,11 +41,11 @@ sub serviceToXML {
samlOrganizationURL
);
if ($type eq 'idp') {
if ($type and $type eq 'idp') {
$template->param( 'hideSPMetadata', 1);
}
if ($type eq 'sp') {
if ($type and $type eq 'sp') {
$template->param( 'hideIDPMetadata', 1);
}
......@@ -53,6 +53,11 @@ sub serviceToXML {
$template->param( $_, $self->getValue( $_, $conf ) );
}
# When asked to provide only IDP metadata, take into account EntityID override
if ( $type eq "idp" and $conf->{samlOverrideIDPEntityID} ) {
$template->param( 'samlEntityID', $conf->{samlOverrideIDPEntityID} );
}
# Boolean parameters
my @param_boolean = qw(
samlSPSSODescriptorAuthnRequestsSigned
......
......@@ -780,7 +780,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'type' => 'bool'
},
'checkUserHiddenAttributes' => {
'default' => 'UA _2fDevices _loginHistory',
'default' => '_2fDevices _loginHistory hGroups',
'type' => 'text'
},
'checkXSS' => {
......@@ -1195,6 +1195,26 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
'default' => -1,
'type' => 'trool'
},
'idSpoofing' => {
'default' => 0,
'type' => 'bool'
},
'idSpoofingHiddenAttributes' => {
'default' => '_2fDevices _loginHistory',
'type' => 'text'
},
'idSpoofingPrefix' => {
'default' => 'real_',
'type' => 'text'
},
'idSpoofingRule' => {
'default' => 1,
'type' => 'boolOrExpr'
},
'idSpoofingSkipEmptyValues' => {
'default' => 1,
'type' => 'bool'
},
'infoFormMethod' => {
'default' => 'get',
'select' => [ {
......@@ -2865,6 +2885,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 'http://www.example.com',
'type' => 'text'
},
'samlOverrideIDPEntityID' => {
'default' => '',
'type' => 'text'
},
'samlRelayStateTimeout' => {
'default' => 600,
'type' => 'int'
......
......@@ -416,6 +416,59 @@ sub attributes {
type => 'text',
documentation => 'Secret token for CheckState plugin',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory hGroups',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
idSpoofing => {
default => 0,
type => 'bool',
documentation => 'Enable IdSpoofing plugin',
flags => 'p',
},
idSpoofingPrefix => {
type => 'text',
default => 'real_',
documentation => 'Prefix to rename real session attributes',
flags => 'p',
},
idSpoofingRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'IdSpoofing activation rule',
},
idSpoofingHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory',
documentation => 'Attributes to skip',
flags => 'p',
},
idSpoofingSkipEmptyValues => {
default => 1,
type => 'bool',
documentation => 'Skip session empty values',
flags => 'p',
},
skipRenewConfirmation => {
type => 'bool',
default => 0,
......@@ -578,30 +631,6 @@ sub attributes {
documentation => 'Enable Cross Domain Authentication',
flags => 'hp',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => 'UA _2fDevices _loginHistory',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
checkXSS => {
default => 1,
type => 'bool',
......@@ -1992,6 +2021,11 @@ sub attributes {
default => 600,
documentation => 'SAML timeout of relay state',
},
samlOverrideIDPEntityID => {
type => 'text',
documentation => 'Override SAML EntityID when acting as an IDP',
default => '',
},
samlUseQueryStringSpecific => {
default => 0,
type => 'bool',
......
......@@ -648,6 +648,18 @@ sub tree {
'checkUserDisplayEmptyValues',
]
},
{
title => 'spoofingIds',
help => 'idspoofing.html',
form => 'simpleInputContainer',
nodes => [
'idSpoofing',
'idSpoofingRule',
'idSpoofingPrefix',
'idSpoofingHiddenAttributes',
'idSpoofingSkipEmptyValues',
]
},
]
},
{
......@@ -997,7 +1009,8 @@ sub tree {
'samlDiscoveryProtocolPolicy',
'samlDiscoveryProtocolIsPassive'
]
}
},
'samlOverrideIDPEntityID',
]
}
]
......
......@@ -629,6 +629,18 @@ sub tests {
return 1;
},
# Warn if IdSpoofing plugin is enabled
checkIdSpoofing => sub {
return 1 unless ( $conf->{idSpoofing} );
return ( -1,
'"IdSpoofing" plugin is enabled!!!'
)
if ( $conf->{idSpoofing} );
# Return
return 1;
},
};
}
......
......@@ -151,7 +151,7 @@
"clickHereToForce":"انقر هنا لإجبار",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUsers":"Session Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"إخفاء الشجرة",
"httpOnly":"الحماية بواسطة جافا سكريبت",
"https":"إتش تي تي بي س",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"الحقول المطلوبة مفقودة",
"index":"فهرس",
"infoFormMethod":"طريقة للحصول على معلومات الإستمارة",
......@@ -969,5 +975,6 @@
"samlCommonDomainCookieReader":"يو آر إل القارئ",
"samlCommonDomainCookieWriter":"يو آر إل الكاتب",
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -151,8 +151,8 @@
"clickHereToForce":"Click here to force",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session Check",
"choiceParams":"Choice parameters",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......@@ -969,5 +975,6 @@
"samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -151,7 +151,7 @@
"clickHereToForce":"Click here to force",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUsers":"Session Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......@@ -969,5 +975,6 @@
"samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method"
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -151,12 +151,12 @@
"clickHereToForce":"Cliquer ici pour forcer",
"checkState":"Activation",
"checkStateSecret":"Secret partagé",
"choiceParams":"Paramètres des choix",
"checkUsers":"Vérification de session",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Attributs masqués",
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
"choiceParams":"Paramètres des choix",
"chooseLogo":"Choisir le logo",
"chooseSkin":"Choisir le thème",
"combination":"Combinaison",
......@@ -286,6 +286,12 @@
"hideTree":"Masquer l'arbre",
"httpOnly":"Protection contre javascript",
"https":"HTTPS",
"spoofingIds":"Usurpation d'identité",
"idSpoofing":"Activation",
"idSpoofingRule":"Règle d'utilisation",
"idSpoofingHiddenAttributes":"Attributs masqués",
"idSpoofingPrefix":"Préfix des vrais attributs",
"idSpoofingSkipEmptyValues":"Ignorer les valeurs nulles",
"incompleteForm":"Des champs requis manquent",
"index":"Index",
"infoFormMethod":"Méthode du formulaire d'information",
......@@ -969,5 +975,6 @@
"samlCommonDomainCookieReader":"URL de lecture",
"samlCommonDomainCookieWriter":"URL d'écriture",
"samlRelayStateTimeout":"Durée de vie d'une session RelayState",
"samlUseQueryStringSpecific":"Utilisation d'une fonction spécifique pour query_string"
"samlUseQueryStringSpecific":"Utilisation d'une fonction spécifique pour query_string",
"samlOverrideIDPEntityID": "Valeur de l'Entity ID en mode IDP"
}
......@@ -151,7 +151,7 @@
"clickHereToForce":"Clicca qui per forzare",
"checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso",
"checkUsers":"Session check",
"checkUsers":"Session Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"Nascondi l'albero",
"httpOnly":"Protezione Javascript",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Mancano campi obbligatori",
"index":"Indice",
"infoFormMethod":"Metodo per il modulo informazioni",
......@@ -969,5 +975,6 @@
"samlCommonDomainCookieReader":"URL del lettore",
"samlCommonDomainCookieWriter":"URL dell'autore",
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -151,7 +151,7 @@
"clickHereToForce":"Nhấp vào đây để bắt buộc",
"checkState":"Kích hoạt",
"checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUsers":"Session Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"Ẩn cây",
"httpOnly":"Bảo vệ Javascript",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Các trường bắt buộc bị thiếu",
"index":"Chỉ mục",
"infoFormMethod":"Phương pháp cho mẫu thông tin",
......@@ -969,5 +975,6 @@
"samlCommonDomainCookieReader":"Trình đọc URL",
"samlCommonDomainCookieWriter":"Trình viết URL",
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -151,7 +151,7 @@
"clickHereToForce":"Click here to force",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUsers":"Session Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......@@ -969,5 +975,6 @@
"samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
{"ADPwdExpireWarning":"generalParameters/authParams/adParams","ADPwdMaxAge":"generalParameters/authParams/adParams","AuthLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","LDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","SMTPAuthPass":"generalParameters/advancedParams/SMTP","SMTPAuthUser":"generalParameters/advancedParams/SMTP","SMTPPort":"generalParameters/advancedParams/SMTP","SMTPServer":"generalParameters/advancedParams/SMTP","SMTPTLS":"generalParameters/advancedParams/SMTP","SMTPTLSOpts":"generalParameters/advancedParams/SMTP","SSLAuthnLevel":"generalParameters/authParams/sslParams","SSLVar":"generalParameters/authParams/sslParams","SSLVarIf":"generalParameters/authParams/sslParams","activeTimer":"generalParameters/advancedParams/forms","apacheAuthnLevel":"generalParameters/authParams/apacheParams","applicationList":"generalParameters/portalParams/portalMenu","authChoiceModules":"generalParameters/authParams/choiceParams","authChoiceParam":"generalParameters/authParams/choiceParams","authentication":"generalParameters/authParams","autoSigninRules":"generalParameters/plugins/autoSignin","bruteForceProtection":"generalParameters/advancedParams/security","captcha_login_enabled":"generalParameters/portalParams/portalCaptcha","captcha_mail_enabled":"generalParameters/portalParams/portalCaptcha","captcha_register_enabled":"generalParameters/portalParams/portalCaptcha","captcha_size":"generalParameters/portalParams/portalCaptcha","casAccessControlPolicy":"casServiceMetadata","casAppMetaDataNodes":"","casAttr":"casServiceMetadata","casAttributes":"casServiceMetadata","casAuthnLevel":"generalParameters/authParams/casParams","casSrvMetaDataNodes":"","casStorage":"casServiceMetadata","casStorageOptions":"casServiceMetadata","cda":"generalParameters/cookieParams","checkState":"generalParameters/plugins/stateCheck","checkStateSecret":"generalParameters/plugins/stateCheck","checkUser":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyValues":"generalParameters/plugins/checkUsers","checkUserDisplayPersistentInfo":"generalParameters/plugins/checkUsers","checkUserHiddenAttributes":"generalParameters/plugins/checkUsers","checkXSS":"generalParameters/advancedParams/security","combModules":"generalParameters/authParams/combinationParams","combination":"generalParameters/authParams/combinationParams","confirmFormMethod":"generalParameters/advancedParams/forms","cookieExpiration":"generalParameters/cookieParams","cookieName":"generalParameters/cookieParams","cspConnect":"generalParameters/advancedParams/security/contentSecurityPolicy","cspDefault":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFont":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFormAction":"generalParameters/advancedParams/security/contentSecurityPolicy","cspImg":"generalParameters/advancedParams/security/contentSecurityPolicy","cspScript":"generalParameters/advancedParams/security/contentSecurityPolicy","cspStyle":"generalParameters/advancedParams/security/contentSecurityPolicy","customAddParams":"generalParameters/authParams/customParams","customAuth":"generalParameters/authParams/customParams","customFunctions":"generalParameters/advancedParams","customPassword":"generalParameters/authParams/customParams","customRegister":"generalParameters/authParams/customParams","customUserDB":"generalParameters/authParams/customParams","dbiAuthChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthLoginCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthPasswordCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPasswordHash":"generalParameters/authParams/dbiParams/dbiPassword","dbiAuthTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthnLevel":"generalParameters/authParams/dbiParams","dbiDynamicHashEnabled":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashNewPasswordScheme":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSaltedSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiExportedVars":"generalParameters/authParams/dbiParams","dbiPasswordMailCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","demoExportedVars":"generalParameters/authParams/demoParams","domain":"generalParameters/cookieParams","exportedAttr":"generalParameters/plugins/portalServers","exportedVars":"variables","ext2FSendCommand":"generalParameters/secondFactors/external2f","ext2FValidateCommand":"generalParameters/secondFactors/external2f","ext2fActivation":"generalParameters/secondFactors/external2f","ext2fAuthnLevel":"generalParameters/secondFactors/external2f","ext2fCodeActivation":"generalParameters/secondFactors/external2f","ext2fLogo":"generalParameters/secondFactors/external2f","facebookAppId":"generalParameters/authParams/facebookParams","facebookAppSecret":"generalParameters/authParams/facebookParams","facebookAuthnLevel":"generalParameters/authParams/facebookParams","facebookExportedVars":"generalParameters/authParams/facebookParams","facebookUserField":"generalParameters/authParams/facebookParams","failedLoginNumber":"generalParameters/plugins/loginHistory","formTimeout":"generalParameters/advancedParams/security","globalStorage":"generalParameters/sessionParams/sessionStorage","globalStorageOptions":"generalParameters/sessionParams/sessionStorage","gpgDb":"generalParameters/authParams/gpgParams","grantSessionRules":"generalParameters/sessionParams","groups":"variables","hiddenAttributes":"generalParameters/logParams","hideOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","httpOnly":"generalParameters/cookieParams","https":"generalParameters/advancedParams/redirection","infoFormMethod":"generalParameters/advancedParams/forms","issuerDBCASActivation":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASPath":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASRule":"generalParameters/issuerParams/issuerDBCAS","issuerDBGetActivation":"generalParameters/issuerParams/issuerDBGet","issuerDBGetParameters":"generalParameters/issuerParams/issuerDBGet","issuerDBGetPath":"generalParameters/issuerParams/issuerDBGet","issuerDBGetRule":"generalParameters/issuerParams/issuerDBGet","issuerDBOpenIDActivation":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDConnectActivation":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectPath":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectRule":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDPath":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDRule":"generalParameters/issuerParams/issuerDBOpenID","issuerDBSAMLActivation":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLPath":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLRule":"generalParameters/issuerParams/issuerDBSAML","jsRedirect":"generalParameters/advancedParams/portalRedirection","key":"generalParameters/advancedParams/security","krbAuthnLevel":"generalParameters/authParams/kerberosParams","krbByJs":"generalParameters/authParams/kerberosParams","krbKeytab":"generalParameters/authParams/kerberosParams","krbRemoveDomain":"generalParameters/authParams/kerberosParams","ldapAllowResetExpiredPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapAuthnLevel":"generalParameters/authParams/ldapParams","ldapBase":"generalParameters/authParams/ldapParams/ldapConnection","ldapChangePasswordAsUser":"generalParameters/authParams/ldapParams/ldapPassword","ldapExportedVars":"generalParameters/authParams/ldapParams","ldapGroupAttributeName":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameGroup":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameSearch":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameUser":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupBase":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupDecodeSearchedValue":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupObjectClass":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupRecursive":"generalParameters/authParams/ldapParams/ldapGroups","ldapPasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttributeValue":"generalParameters/authParams/ldapParams/ldapPassword","ldapPort":"generalParameters/authParams/ldapParams/ldapConnection","ldapPpolicyControl":"generalParameters/authParams/ldapParams/ldapPassword","ldapPwdEnc":"generalParameters/authParams/ldapParams/ldapPassword","ldapRaw":"generalParameters/authParams/ldapParams/ldapConnection","ldapSearchDeref":"generalParameters/authParams/ldapParams/ldapFilters","ldapServer":"generalParameters/authParams/ldapParams/ldapConnection","ldapSetPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapUsePasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapVersion":"generalParameters/authParams/ldapParams/ldapConnection","linkedInAuthnLevel":"generalParameters/authParams/linkedinParams","linkedInClientID":"generalParameters/authParams/linkedinParams","linkedInClientSecret":"generalParameters/authParams/linkedinParams","linkedInFields":"generalParameters/authParams/linkedinParams","linkedInScope":"generalParameters/authParams/linkedinParams","linkedInUserField":"generalParameters/authParams/linkedinParams","localSessionStorage":"generalParameters/sessionParams/sessionStorage","localSessionStorageOptions":"generalParameters/sessionParams/sessionStorage","loginHistoryEnabled":"generalParameters/plugins/loginHistory","logoutServices":"generalParameters/advancedParams","lwpOpts":"generalParameters/advancedParams/security","lwpSslOpts":"generalParameters/advancedParams/security","macros":"variables","mail2fActivation":"generalParameters/secondFactors/mail2f","mail2fAuthnLevel":"generalParameters/secondFactors/mail2f","mail2fBody":"generalParameters/secondFactors/mail2f","mail2fCodeRegex":"generalParameters/secondFactors/mail2f","mail2fLogo":"generalParameters/secondFactors/mail2f","mail2fSubject":"generalParameters/secondFactors/mail2f","mail2fTimeout":"generalParameters/secondFactors/mail2f","mailBody":"generalParameters/plugins/passwordManagement/mailContent","mailCharset":"generalParameters/advancedParams/SMTP/mailHeaders","mailConfirmBody":"generalParameters/plugins/passwordManagement/mailContent","mailConfirmSubject":"generalParameters/plugins/passwordManagement/mailContent","mailFrom":"generalParameters/advancedParams/SMTP/mailHeaders","mailLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","mailOnPasswordChange":"generalParameters/portalParams/portalCustomization/passwordManagement","mailReplyTo":"generalParameters/advancedParams/SMTP/mailHeaders","mailSessionKey":"generalParameters/advancedParams/SMTP","mailSubject":"generalParameters/plugins/passwordManagement/mailContent","mailTimeout":"generalParameters/plugins/passwordManagement/mailOther","mailUrl":"generalParameters/plugins/passwordManagement/mailOther","maintenance":"generalParameters/advancedParams/redirection","managerDn":"generalParameters/authParams/ldapParams/ldapConnection","managerPassword":"generalParameters/authParams/ldapParams/ldapConnection","multiValuesSeparator":"generalParameters/advancedParams","nginxCustomHandlers":"generalParameters/advancedParams","noAjaxHook":"generalParameters/advancedParams/portalRedirection","notification":"generalParameters/plugins/notifications","notificationServer":"generalParameters/plugins/notifications","notificationStorage":"generalParameters/plugins/notifications","notificationStorageOptions":"generalParameters/plugins/notifications","notificationWildcard":"generalParameters/plugins/notifications","notificationXSLTfile":"generalParameters/plugins/notifications","notifyDeleted":"generalParameters/sessionParams/multipleSessions","notifyOther":"generalParameters/sessionParams/multipleSessions","nullAuthnLevel":"generalParameters/authParams/nullParams","oidcAuthnLevel":"generalParameters/authParams/oidcParams","oidcOPMetaDataNodes":"","oidcRPCallbackGetParam":"generalParameters/authParams/oidcParams","oidcRPMetaDataNodes":"","oidcRPStateTimeout":"generalParameters/authParams/oidcParams","oidcServiceAllowAuthorizationCodeFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowDynamicRegistration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowHybridFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowImplicitFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceKeyIdSig":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceMetaDataAuthnContext":"oidcServiceMetaData","oidcServiceMetaDataAuthorizeURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataBackChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataCheckSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataEndSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataFrontChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIssuer":"oidcServiceMetaData","oidcServiceMetaDataJWKSURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataRegistrationURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataTokenURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataUserInfoURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServicePrivateKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServicePublicKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcStorage":"oidcServiceMetaData/oidcServiceMetaDataSessions","oidcStorageOptions":"oidcServiceMetaData/oidcServiceMetaDataSessions","oldNotifFormat":"generalParameters/plugins/notifications","openIdAttr":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdAuthnLevel":"generalParameters/authParams/openidParams","openIdExportedVars":"generalParameters/authParams/openidParams","openIdIDPList":"generalParameters/authParams/openidParams","openIdIssuerSecret":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSPList":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSecret":"generalParameters/authParams/openidParams","openIdSreg_country":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_dob":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_email":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_fullname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_gender":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_language":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_nickname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_postcode":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_timezone":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","pamAuthnLevel":"generalParameters/authParams/pamParams","pamService":"generalParameters/authParams/pamParams","passwordDB":"generalParameters/authParams","passwordResetAllowedRetries":"generalParameters/portalParams/portalCustomization/portalButtons","persistentStorage":"generalParameters/sessionParams/persistentSessions","persistentStorageOptions":"generalParameters/sessionParams/persistentSessions","port":"generalParameters/advancedParams/redirection","portal":"generalParameters/portalParams","portalAntiFrame":"generalParameters/portalParams/portalCustomization/portalOther","portalCheckLogins":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayAppslist":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayChangePassword":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLoginHistory":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLogout":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayOidcConsents":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayRegister":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayResetPassword":"generalParameters/portalParams/portalCustomization/portalButtons","portalErrorOnExpiredSession":"generalParameters/portalParams/portalCustomization/portalOther","portalErrorOnMailNotFound":"generalParameters/portalParams/portalCustomization/portalOther","portalForceAuthn":"generalParameters/advancedParams/security","portalForceAuthnInterval":"generalParameters/advancedParams/security","portalMainLogo":"generalParameters/portalParams/portalCustomization","portalOpenLinkInNewWindow":"generalParameters/portalParams/portalCustomization/portalOther","portalPingInterval":"generalParameters/portalParams/portalCustomization/portalOther","portalRequireOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","portalSkin":"generalParameters/portalParams/portalCustomization","portalSkinBackground":"generalParameters/portalParams/portalCustomization","portalSkinRules":"generalParameters/portalParams/portalCustomization","portalStatus":"generalParameters/plugins","portalUserAttr":"generalParameters/portalParams/portalCustomization/portalOther","proxyAuthService":"generalParameters/authParams/proxyParams","proxyAuthnLevel":"generalParameters/authParams/proxyParams","proxySessionService":"generalParameters/authParams/proxyParams","proxyUseSoap":"generalParameters/authParams/proxyParams","radiusAuthnLevel":"generalParameters/authParams/radiusParams","radiusSecret":"generalParameters/authParams/radiusParams","radiusServer":"generalParameters/authParams/radiusParams","randomPasswordRegexp":"generalParameters/plugins/passwordManagement/mailOther","redirectFormMethod":"generalParameters/advancedParams/forms","registerConfirmSubject":"generalParameters/plugins/register","registerDB":"generalParameters/authParams","registerDoneSubject":"generalParameters/plugins/register","registerTimeout":"generalParameters/plugins/register","registerUrl":"generalParameters/plugins/register","reloadTimeout":"generalParameters/reloadParams","reloadUrls":"generalParameters/reloadParams","remoteCookieName":"generalParameters/authParams/remoteParams","remoteGlobalStorage":"generalParameters/authParams/remoteParams","remoteGlobalStorageOptions":"generalParameters/authParams/remoteParams","remotePortal":"generalParameters/authParams/remoteParams","requireToken":"generalParameters/advancedParams/security","rest2fActivation":"generalParameters/secondFactors/rest2f","rest2fAuthnLevel":"generalParameters/secondFactors/rest2f","rest2fInitArgs":"generalParameters/secondFactors/rest2f","rest2fInitUrl":"generalParameters/secondFactors/rest2f","rest2fLogo":"generalParameters/secondFactors/rest2f","rest2fVerifyArgs":"generalParameters/secondFactors/rest2f","rest2fVerifyUrl":"generalParameters/secondFactors/rest2f","restAuthUrl":"generalParameters/authParams/restParams","restConfigServer":"generalParameters/plugins/portalServers","restPwdConfirmUrl":"generalParameters/authParams/restParams","restPwdModifyUrl":"generalParameters/authParams/restParams","restSessionServer":"generalParameters/plugins/portalServers","restUserDBUrl":"generalParameters/authParams/restParams","samlAttributeAuthorityDescriptorAttributeServiceSOAP":"samlServiceMetaData/samlAttributeAuthorityDescriptor/samlAttributeAuthorityDescriptorAttributeService","samlAuthnContextMapKerberos":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPassword":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPasswordProtectedTransport":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapTLSClient":"samlServiceMetaData/samlAuthnContextMap","samlCommonDomainCookieActivation":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieDomain":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieReader":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieWriter":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlDiscoveryProtocolActivation":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolIsPassive":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolPolicy":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolURL":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlEntityID":"samlServiceMetaData","samlIDPMetaDataNodes":"","samlIDPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorArtifactResolutionService","samlIDPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorWantAuthnRequestsSigned":"samlServiceMetaData/samlIDPSSODescriptor","samlIdPResolveCookie":"samlServiceMetaData/samlAdvanced","samlMetadataForceUTF8":"samlServiceMetaData/samlAdvanced","samlNameIDFormatMapEmail":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapKerberos":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapWindows":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapX509":"samlServiceMetaData/samlNameIDFormatMap","samlOrganizationDisplayName":"samlServiceMetaData/samlOrganization","samlOrganizationName":"samlServiceMetaData/samlOrganization","samlOrganizationURL":"samlServiceMetaData/samlOrganization","samlRelayStateTimeout":"samlServiceMetaData/samlAdvanced","samlSPMetaDataNodes":"","samlSPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorArtifactResolutionService","samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAssertionConsumerServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAuthnRequestsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlSPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorWantAssertionsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlServicePrivateKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeyEncPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePrivateKeySigPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePublicKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePublicKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServiceSignatureMethod":"samlServiceMetaData/samlServiceSecurity","samlServiceUseCertificateInResponse":"samlServiceMetaData/samlServiceSecurity","samlStorage":"samlServiceMetaData/samlAdvanced","samlStorageOptions":"samlServiceMetaData/samlAdvanced","samlUseQueryStringSpecific":"samlServiceMetaData/samlAdvanced","securedCookie":"generalParameters/cookieParams","sessionDataToRemember":"generalParameters/plugins/loginHistory","sfRequired":"generalParameters/secondFactors","showLanguages":"generalParameters/portalParams/portalCustomization","singleIP":"generalParameters/sessionParams/multipleSessions","singleSession":"generalParameters/sessionParams/multipleSessions","singleSessionUserByIP":"generalParameters/sessionParams/multipleSessions","singleUserByIP":"generalParameters/sessionParams/multipleSessions","skipRenewConfirmation":"generalParameters/advancedParams/portalRedirection","slaveAuthnLevel":"generalParameters/authParams/slaveParams","slaveExportedVars":"generalParameters/authParams/slaveParams","slaveHeaderContent":"generalParameters/authParams/slaveParams","slaveHeaderName":"generalParameters/authParams/slaveParams","slaveMasterIP":"generalParameters/authParams/slaveParams","slaveUserHeader":"generalParameters/authParams/slaveParams","soapConfigServer":"generalParameters/plugins/portalServers","soapSessionServer":"generalParameters/plugins/portalServers","sslByAjax":"generalParameters/authParams/sslParams","sslHost":"generalParameters/authParams/sslParams","stayConnected":"generalParameters/plugins","storePassword":"generalParameters/sessionParams","successLoginNumber":"generalParameters/plugins/loginHistory","timeout":"generalParameters/sessionParams","timeoutActivity":"generalParameters/sessionParams","timeoutActivityInterval":"generalParameters/sessionParams","tokenUseGlobalStorage":"generalParameters/advancedParams/security","totp2fActivation":"generalParameters/secondFactors/totp","totp2fAuthnLevel":"generalParameters/secondFactors/totp","totp2fDigits":"generalParameters/secondFactors/totp","totp2fDisplayExistingSecret":"generalParameters/secondFactors/totp","totp2fInterval":"generalParameters/secondFactors/totp","totp2fIssuer":"generalParameters/secondFactors/totp","totp2fRange":"generalParameters/secondFactors/totp","totp2fSelfRegistration":"generalParameters/secondFactors/totp","totp2fUserCanChangeKey":"generalParameters/secondFactors/totp","totp2fUserCanRemoveKey":"generalParameters/secondFactors/totp","trustedDomains":"generalParameters/advancedParams/security","twitterAppName":"generalParameters/authParams/twitterParams","twitterAuthnLevel":"generalParameters/authParams/twitterParams","twitterKey":"generalParameters/authParams/twitterParams","twitterSecret":"generalParameters/authParams/twitterParams","twitterUserField":"generalParameters/authParams/twitterParams","u2fActivation":"generalParameters/secondFactors/u2f","u2fAuthnLevel":"generalParameters/secondFactors/u2f","u2fSelfRegistration":"generalParameters/secondFactors/u2f","u2fUserCanRemoveKey":"generalParameters/secondFactors/u2f","upgradeSession":"generalParameters/plugins","useRedirectOnError":"generalParameters/advancedParams/redirection","useRedirectOnForbidden":"generalParameters/advancedParams/redirection","useSafeJail":"generalParameters/advancedParams/security","userControl":"generalParameters/advancedParams/security","userDB":"generalParameters/authParams","userPivot":"generalParameters/authParams/dbiParams/dbiSchema","utotp2fActivation":"generalParameters/secondFactors/utotp2f","utotp2fAuthnLevel":"generalParameters/secondFactors/utotp2f","virtualHosts":"","webIDAuthnLevel":"generalParameters/authParams/webidParams","webIDExportedVars":"generalParameters/authParams/webidParams","webIDWhitelist":"generalParameters/authParams/webidParams","whatToTrace":"generalParameters/logParams","wsdlServer":"generalParameters/plugins/portalServers","yubikey2fActivation":"generalParameters/secondFactors/yubikey2f","yubikey2fAuthnLevel":"generalParameters/secondFactors/yubikey2f","yubikey2fClientID":"generalParameters/secondFactors/yubikey2f","yubikey2fNonce":"generalParameters/secondFactors/yubikey2f","yubikey2fPublicIDSize":"generalParameters/secondFactors/yubikey2f","yubikey2fSecretKey":"generalParameters/secondFactors/yubikey2f","yubikey2fSelfRegistration":"generalParameters/secondFactors/yubikey2f","yubikey2fUrl":"generalParameters/secondFactors/yubikey2f","yubikey2fUserCanRemoveKey":"generalParameters/secondFactors/yubikey2f"}
\ No newline at end of file
{"ADPwdExpireWarning":"generalParameters/authParams/adParams","ADPwdMaxAge":"generalParameters/authParams/adParams","AuthLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","LDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","SMTPAuthPass":"generalParameters/advancedParams/SMTP","SMTPAuthUser":"generalParameters/advancedParams/SMTP","SMTPPort":"generalParameters/advancedParams/SMTP","SMTPServer":"generalParameters/advancedParams/SMTP","SMTPTLS":"generalParameters/advancedParams/SMTP","SMTPTLSOpts":"generalParameters/advancedParams/SMTP","SSLAuthnLevel":"generalParameters/authParams/sslParams","SSLVar":"generalParameters/authParams/sslParams","SSLVarIf":"generalParameters/authParams/sslParams","activeTimer":"generalParameters/advancedParams/forms","apacheAuthnLevel":"generalParameters/authParams/apacheParams","applicationList":"generalParameters/portalParams/portalMenu","authChoiceModules":"generalParameters/authParams/choiceParams","authChoiceParam":"generalParameters/authParams/choiceParams","authentication":"generalParameters/authParams","autoSigninRules":"generalParameters/plugins/autoSignin","bruteForceProtection":"generalParameters/advancedParams/security","captcha_login_enabled":"generalParameters/portalParams/portalCaptcha","captcha_mail_enabled":"generalParameters/portalParams/portalCaptcha","captcha_register_enabled":"generalParameters/portalParams/portalCaptcha","captcha_size":"generalParameters/portalParams/portalCaptcha","casAccessControlPolicy":"casServiceMetadata","casAppMetaDataNodes":"","casAttr":"casServiceMetadata","casAttributes":"casServiceMetadata","casAuthnLevel":"generalParameters/authParams/casParams","casSrvMetaDataNodes":"","casStorage":"casServiceMetadata","casStorageOptions":"casServiceMetadata","cda":"generalParameters/cookieParams","checkState":"generalParameters/plugins/stateCheck","checkStateSecret":"generalParameters/plugins/stateCheck","checkUser":"generalParameters/plugins/checkUsers","checkUserDisplayEmptyValues":"generalParameters/plugins/checkUsers","checkUserDisplayPersistentInfo":"generalParameters/plugins/checkUsers","checkUserHiddenAttributes":"generalParameters/plugins/checkUsers","checkXSS":"generalParameters/advancedParams/security","combModules":"generalParameters/authParams/combinationParams","combination":"generalParameters/authParams/combinationParams","confirmFormMethod":"generalParameters/advancedParams/forms","cookieExpiration":"generalParameters/cookieParams","cookieName":"generalParameters/cookieParams","cspConnect":"generalParameters/advancedParams/security/contentSecurityPolicy","cspDefault":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFont":"generalParameters/advancedParams/security/contentSecurityPolicy","cspFormAction":"generalParameters/advancedParams/security/contentSecurityPolicy","cspImg":"generalParameters/advancedParams/security/contentSecurityPolicy","cspScript":"generalParameters/advancedParams/security/contentSecurityPolicy","cspStyle":"generalParameters/advancedParams/security/contentSecurityPolicy","customAddParams":"generalParameters/authParams/customParams","customAuth":"generalParameters/authParams/customParams","customFunctions":"generalParameters/advancedParams","customPassword":"generalParameters/authParams/customParams","customRegister":"generalParameters/authParams/customParams","customUserDB":"generalParameters/authParams/customParams","dbiAuthChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthLoginCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthPasswordCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthPasswordHash":"generalParameters/authParams/dbiParams/dbiPassword","dbiAuthTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiAuthUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionAuth","dbiAuthnLevel":"generalParameters/authParams/dbiParams","dbiDynamicHashEnabled":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashNewPasswordScheme":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSaltedSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiDynamicHashValidSchemes":"generalParameters/authParams/dbiParams/dbiPassword/dbiDynamicHash","dbiExportedVars":"generalParameters/authParams/dbiParams","dbiPasswordMailCol":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserChain":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserPassword":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","dbiUserTable":"generalParameters/authParams/dbiParams/dbiSchema","dbiUserUser":"generalParameters/authParams/dbiParams/dbiConnection/dbiConnectionUser","demoExportedVars":"generalParameters/authParams/demoParams","domain":"generalParameters/cookieParams","exportedAttr":"generalParameters/plugins/portalServers","exportedVars":"variables","ext2FSendCommand":"generalParameters/secondFactors/external2f","ext2FValidateCommand":"generalParameters/secondFactors/external2f","ext2fActivation":"generalParameters/secondFactors/external2f","ext2fAuthnLevel":"generalParameters/secondFactors/external2f","ext2fCodeActivation":"generalParameters/secondFactors/external2f","ext2fLogo":"generalParameters/secondFactors/external2f","facebookAppId":"generalParameters/authParams/facebookParams","facebookAppSecret":"generalParameters/authParams/facebookParams","facebookAuthnLevel":"generalParameters/authParams/facebookParams","facebookExportedVars":"generalParameters/authParams/facebookParams","facebookUserField":"generalParameters/authParams/facebookParams","failedLoginNumber":"generalParameters/plugins/loginHistory","formTimeout":"generalParameters/advancedParams/security","globalStorage":"generalParameters/sessionParams/sessionStorage","globalStorageOptions":"generalParameters/sessionParams/sessionStorage","gpgDb":"generalParameters/authParams/gpgParams","grantSessionRules":"generalParameters/sessionParams","groups":"variables","hiddenAttributes":"generalParameters/logParams","hideOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","httpOnly":"generalParameters/cookieParams","https":"generalParameters/advancedParams/redirection","idSpoofing":"generalParameters/plugins/spoofingIds","idSpoofingHiddenAttributes":"generalParameters/plugins/spoofingIds","idSpoofingPrefix":"generalParameters/plugins/spoofingIds","idSpoofingRule":"generalParameters/plugins/spoofingIds","idSpoofingSkipEmptyValues":"generalParameters/plugins/spoofingIds","infoFormMethod":"generalParameters/advancedParams/forms","issuerDBCASActivation":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASPath":"generalParameters/issuerParams/issuerDBCAS","issuerDBCASRule":"generalParameters/issuerParams/issuerDBCAS","issuerDBGetActivation":"generalParameters/issuerParams/issuerDBGet","issuerDBGetParameters":"generalParameters/issuerParams/issuerDBGet","issuerDBGetPath":"generalParameters/issuerParams/issuerDBGet","issuerDBGetRule":"generalParameters/issuerParams/issuerDBGet","issuerDBOpenIDActivation":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDConnectActivation":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectPath":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDConnectRule":"generalParameters/issuerParams/issuerDBOpenIDConnect","issuerDBOpenIDPath":"generalParameters/issuerParams/issuerDBOpenID","issuerDBOpenIDRule":"generalParameters/issuerParams/issuerDBOpenID","issuerDBSAMLActivation":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLPath":"generalParameters/issuerParams/issuerDBSAML","issuerDBSAMLRule":"generalParameters/issuerParams/issuerDBSAML","jsRedirect":"generalParameters/advancedParams/portalRedirection","key":"generalParameters/advancedParams/security","krbAuthnLevel":"generalParameters/authParams/kerberosParams","krbByJs":"generalParameters/authParams/kerberosParams","krbKeytab":"generalParameters/authParams/kerberosParams","krbRemoveDomain":"generalParameters/authParams/kerberosParams","ldapAllowResetExpiredPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapAuthnLevel":"generalParameters/authParams/ldapParams","ldapBase":"generalParameters/authParams/ldapParams/ldapConnection","ldapChangePasswordAsUser":"generalParameters/authParams/ldapParams/ldapPassword","ldapExportedVars":"generalParameters/authParams/ldapParams","ldapGroupAttributeName":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameGroup":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameSearch":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupAttributeNameUser":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupBase":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupDecodeSearchedValue":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupObjectClass":"generalParameters/authParams/ldapParams/ldapGroups","ldapGroupRecursive":"generalParameters/authParams/ldapParams/ldapGroups","ldapPasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapPasswordResetAttributeValue":"generalParameters/authParams/ldapParams/ldapPassword","ldapPort":"generalParameters/authParams/ldapParams/ldapConnection","ldapPpolicyControl":"generalParameters/authParams/ldapParams/ldapPassword","ldapPwdEnc":"generalParameters/authParams/ldapParams/ldapPassword","ldapRaw":"generalParameters/authParams/ldapParams/ldapConnection","ldapSearchDeref":"generalParameters/authParams/ldapParams/ldapFilters","ldapServer":"generalParameters/authParams/ldapParams/ldapConnection","ldapSetPassword":"generalParameters/authParams/ldapParams/ldapPassword","ldapTimeout":"generalParameters/authParams/ldapParams/ldapConnection","ldapUsePasswordResetAttribute":"generalParameters/authParams/ldapParams/ldapPassword","ldapVersion":"generalParameters/authParams/ldapParams/ldapConnection","linkedInAuthnLevel":"generalParameters/authParams/linkedinParams","linkedInClientID":"generalParameters/authParams/linkedinParams","linkedInClientSecret":"generalParameters/authParams/linkedinParams","linkedInFields":"generalParameters/authParams/linkedinParams","linkedInScope":"generalParameters/authParams/linkedinParams","linkedInUserField":"generalParameters/authParams/linkedinParams","localSessionStorage":"generalParameters/sessionParams/sessionStorage","localSessionStorageOptions":"generalParameters/sessionParams/sessionStorage","loginHistoryEnabled":"generalParameters/plugins/loginHistory","logoutServices":"generalParameters/advancedParams","lwpOpts":"generalParameters/advancedParams/security","lwpSslOpts":"generalParameters/advancedParams/security","macros":"variables","mail2fActivation":"generalParameters/secondFactors/mail2f","mail2fAuthnLevel":"generalParameters/secondFactors/mail2f","mail2fBody":"generalParameters/secondFactors/mail2f","mail2fCodeRegex":"generalParameters/secondFactors/mail2f","mail2fLogo":"generalParameters/secondFactors/mail2f","mail2fSubject":"generalParameters/secondFactors/mail2f","mail2fTimeout":"generalParameters/secondFactors/mail2f","mailBody":"generalParameters/plugins/passwordManagement/mailContent","mailCharset":"generalParameters/advancedParams/SMTP/mailHeaders","mailConfirmBody":"generalParameters/plugins/passwordManagement/mailContent","mailConfirmSubject":"generalParameters/plugins/passwordManagement/mailContent","mailFrom":"generalParameters/advancedParams/SMTP/mailHeaders","mailLDAPFilter":"generalParameters/authParams/ldapParams/ldapFilters","mailOnPasswordChange":"generalParameters/portalParams/portalCustomization/passwordManagement","mailReplyTo":"generalParameters/advancedParams/SMTP/mailHeaders","mailSessionKey":"generalParameters/advancedParams/SMTP","mailSubject":"generalParameters/plugins/passwordManagement/mailContent","mailTimeout":"generalParameters/plugins/passwordManagement/mailOther","mailUrl":"generalParameters/plugins/passwordManagement/mailOther","maintenance":"generalParameters/advancedParams/redirection","managerDn":"generalParameters/authParams/ldapParams/ldapConnection","managerPassword":"generalParameters/authParams/ldapParams/ldapConnection","multiValuesSeparator":"generalParameters/advancedParams","nginxCustomHandlers":"generalParameters/advancedParams","noAjaxHook":"generalParameters/advancedParams/portalRedirection","notification":"generalParameters/plugins/notifications","notificationServer":"generalParameters/plugins/notifications","notificationStorage":"generalParameters/plugins/notifications","notificationStorageOptions":"generalParameters/plugins/notifications","notificationWildcard":"generalParameters/plugins/notifications","notificationXSLTfile":"generalParameters/plugins/notifications","notifyDeleted":"generalParameters/sessionParams/multipleSessions","notifyOther":"generalParameters/sessionParams/multipleSessions","nullAuthnLevel":"generalParameters/authParams/nullParams","oidcAuthnLevel":"generalParameters/authParams/oidcParams","oidcOPMetaDataNodes":"","oidcRPCallbackGetParam":"generalParameters/authParams/oidcParams","oidcRPMetaDataNodes":"","oidcRPStateTimeout":"generalParameters/authParams/oidcParams","oidcServiceAllowAuthorizationCodeFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowDynamicRegistration":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowHybridFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceAllowImplicitFlow":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceKeyIdSig":"oidcServiceMetaData/oidcServiceMetaDataSecurity","oidcServiceMetaDataAuthnContext":"oidcServiceMetaData","oidcServiceMetaDataAuthorizeURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataBackChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataCheckSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataEndSessionURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataFrontChannelURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataIssuer":"oidcServiceMetaData","oidcServiceMetaDataJWKSURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataRegistrationURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataTokenURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServiceMetaDataUserInfoURI":"oidcServiceMetaData/oidcServiceMetaDataEndPoints","oidcServicePrivateKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcServicePublicKeySig":"oidcServiceMetaData/oidcServiceMetaDataSecurity/oidcServiceMetaDataKeys","oidcStorage":"oidcServiceMetaData/oidcServiceMetaDataSessions","oidcStorageOptions":"oidcServiceMetaData/oidcServiceMetaDataSessions","oldNotifFormat":"generalParameters/plugins/notifications","openIdAttr":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdAuthnLevel":"generalParameters/authParams/openidParams","openIdExportedVars":"generalParameters/authParams/openidParams","openIdIDPList":"generalParameters/authParams/openidParams","openIdIssuerSecret":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSPList":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions","openIdSecret":"generalParameters/authParams/openidParams","openIdSreg_country":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_dob":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_email":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_fullname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_gender":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_language":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_nickname":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_postcode":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","openIdSreg_timezone":"generalParameters/issuerParams/issuerDBOpenID/issuerDBOpenIDOptions/openIdSreg","pamAuthnLevel":"generalParameters/authParams/pamParams","pamService":"generalParameters/authParams/pamParams","passwordDB":"generalParameters/authParams","passwordResetAllowedRetries":"generalParameters/portalParams/portalCustomization/portalButtons","persistentStorage":"generalParameters/sessionParams/persistentSessions","persistentStorageOptions":"generalParameters/sessionParams/persistentSessions","port":"generalParameters/advancedParams/redirection","portal":"generalParameters/portalParams","portalAntiFrame":"generalParameters/portalParams/portalCustomization/portalOther","portalCheckLogins":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayAppslist":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayChangePassword":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLoginHistory":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayLogout":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayOidcConsents":"generalParameters/portalParams/portalMenu/portalModules","portalDisplayRegister":"generalParameters/portalParams/portalCustomization/portalButtons","portalDisplayResetPassword":"generalParameters/portalParams/portalCustomization/portalButtons","portalErrorOnExpiredSession":"generalParameters/portalParams/portalCustomization/portalOther","portalErrorOnMailNotFound":"generalParameters/portalParams/portalCustomization/portalOther","portalForceAuthn":"generalParameters/advancedParams/security","portalForceAuthnInterval":"generalParameters/advancedParams/security","portalMainLogo":"generalParameters/portalParams/portalCustomization","portalOpenLinkInNewWindow":"generalParameters/portalParams/portalCustomization/portalOther","portalPingInterval":"generalParameters/portalParams/portalCustomization/portalOther","portalRequireOldPassword":"generalParameters/portalParams/portalCustomization/passwordManagement","portalSkin":"generalParameters/portalParams/portalCustomization","portalSkinBackground":"generalParameters/portalParams/portalCustomization","portalSkinRules":"generalParameters/portalParams/portalCustomization","portalStatus":"generalParameters/plugins","portalUserAttr":"generalParameters/portalParams/portalCustomization/portalOther","proxyAuthService":"generalParameters/authParams/proxyParams","proxyAuthnLevel":"generalParameters/authParams/proxyParams","proxySessionService":"generalParameters/authParams/proxyParams","proxyUseSoap":"generalParameters/authParams/proxyParams","radiusAuthnLevel":"generalParameters/authParams/radiusParams","radiusSecret":"generalParameters/authParams/radiusParams","radiusServer":"generalParameters/authParams/radiusParams","randomPasswordRegexp":"generalParameters/plugins/passwordManagement/mailOther","redirectFormMethod":"generalParameters/advancedParams/forms","registerConfirmSubject":"generalParameters/plugins/register","registerDB":"generalParameters/authParams","registerDoneSubject":"generalParameters/plugins/register","registerTimeout":"generalParameters/plugins/register","registerUrl":"generalParameters/plugins/register","reloadTimeout":"generalParameters/reloadParams","reloadUrls":"generalParameters/reloadParams","remoteCookieName":"generalParameters/authParams/remoteParams","remoteGlobalStorage":"generalParameters/authParams/remoteParams","remoteGlobalStorageOptions":"generalParameters/authParams/remoteParams","remotePortal":"generalParameters/authParams/remoteParams","requireToken":"generalParameters/advancedParams/security","rest2fActivation":"generalParameters/secondFactors/rest2f","rest2fAuthnLevel":"generalParameters/secondFactors/rest2f","rest2fInitArgs":"generalParameters/secondFactors/rest2f","rest2fInitUrl":"generalParameters/secondFactors/rest2f","rest2fLogo":"generalParameters/secondFactors/rest2f","rest2fVerifyArgs":"generalParameters/secondFactors/rest2f","rest2fVerifyUrl":"generalParameters/secondFactors/rest2f","restAuthUrl":"generalParameters/authParams/restParams","restConfigServer":"generalParameters/plugins/portalServers","restPwdConfirmUrl":"generalParameters/authParams/restParams","restPwdModifyUrl":"generalParameters/authParams/restParams","restSessionServer":"generalParameters/plugins/portalServers","restUserDBUrl":"generalParameters/authParams/restParams","samlAttributeAuthorityDescriptorAttributeServiceSOAP":"samlServiceMetaData/samlAttributeAuthorityDescriptor/samlAttributeAuthorityDescriptorAttributeService","samlAuthnContextMapKerberos":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPassword":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapPasswordProtectedTransport":"samlServiceMetaData/samlAuthnContextMap","samlAuthnContextMapTLSClient":"samlServiceMetaData/samlAuthnContextMap","samlCommonDomainCookieActivation":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieDomain":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieReader":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlCommonDomainCookieWriter":"samlServiceMetaData/samlAdvanced/samlCommonDomainCookie","samlDiscoveryProtocolActivation":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolIsPassive":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolPolicy":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlDiscoveryProtocolURL":"samlServiceMetaData/samlAdvanced/samlDiscoveryProtocol","samlEntityID":"samlServiceMetaData","samlIDPMetaDataNodes":"","samlIDPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorArtifactResolutionService","samlIDPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleLogoutService","samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPPost":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect":"samlServiceMetaData/samlIDPSSODescriptor/samlIDPSSODescriptorSingleSignOnService","samlIDPSSODescriptorWantAuthnRequestsSigned":"samlServiceMetaData/samlIDPSSODescriptor","samlIdPResolveCookie":"samlServiceMetaData/samlAdvanced","samlMetadataForceUTF8":"samlServiceMetaData/samlAdvanced","samlNameIDFormatMapEmail":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapKerberos":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapWindows":"samlServiceMetaData/samlNameIDFormatMap","samlNameIDFormatMapX509":"samlServiceMetaData/samlNameIDFormatMap","samlOrganizationDisplayName":"samlServiceMetaData/samlOrganization","samlOrganizationName":"samlServiceMetaData/samlOrganization","samlOrganizationURL":"samlServiceMetaData/samlOrganization","samlOverrideIDPEntityID":"samlServiceMetaData/samlAdvanced","samlRelayStateTimeout":"samlServiceMetaData/samlAdvanced","samlSPMetaDataNodes":"","samlSPSSODescriptorArtifactResolutionServiceArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorArtifactResolutionService","samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAssertionConsumerServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorAssertionConsumerService","samlSPSSODescriptorAuthnRequestsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlSPSSODescriptorSingleLogoutServiceHTTPPost":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorSingleLogoutServiceSOAP":"samlServiceMetaData/samlSPSSODescriptor/samlSPSSODescriptorSingleLogoutService","samlSPSSODescriptorWantAssertionsSigned":"samlServiceMetaData/samlSPSSODescriptor","samlServicePrivateKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeyEncPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePrivateKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePrivateKeySigPwd":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServicePublicKeyEnc":"samlServiceMetaData/samlServiceSecurity/samlServiceSecurityEnc","samlServicePublicKeySig":"samlServiceMetaData/samlServiceSecurity/samlServiceSecuritySig","samlServiceSignatureMethod":"samlServiceMetaData/samlServiceSecurity","samlServiceUseCertificateInResponse":"samlServiceMetaData/samlServiceSecurity","samlStorage":"samlServiceMetaData/samlAdvanced","samlStorageOptions":"samlServiceMetaData/samlAdvanced","samlUseQueryStringSpecific":"samlServiceMetaData/samlAdvanced","securedCookie":"generalParameters/cookieParams","sessionDataToRemember":"generalParameters/plugins/loginHistory","sfRequired":"generalParameters/secondFactors","showLanguages":"generalParameters/portalParams/portalCustomization","singleIP":"generalParameters/sessionParams/multipleSessions","singleSession":"generalParameters/sessionParams/multipleSessions","singleSessionUserByIP":"generalParameters/sessionParams/multipleSessions","singleUserByIP":"generalParameters/sessionParams/multipleSessions","skipRenewConfirmation":"generalParameters/advancedParams/portalRedirection","slaveAuthnLevel":"generalParameters/authParams/slaveParams","slaveExportedVars":"generalParameters/authParams/slaveParams","slaveHeaderContent":"generalParameters/authParams/slaveParams","slaveHeaderName":"generalParameters/authParams/slaveParams","slaveMasterIP":"generalParameters/authParams/slaveParams","slaveUserHeader":"generalParameters/authParams/slaveParams","soapConfigServer":"generalParameters/plugins/portalServers","soapSessionServer":"generalParameters/plugins/portalServers","sslByAjax":"generalParameters/authParams/sslParams","sslHost":"generalParameters/authParams/sslParams","stayConnected":"generalParameters/plugins","storePassword":"generalParameters/sessionParams","successLoginNumber":"generalParameters/plugins/loginHistory","timeout":"generalParameters/sessionParams","timeoutActivity":"generalParameters/sessionParams","timeoutActivityInterval":"generalParameters/sessionParams","tokenUseGlobalStorage":"generalParameters/advancedParams/security","totp2fActivation":"generalParameters/secondFactors/totp","totp2fAuthnLevel":"generalParameters/secondFactors/totp","totp2fDigits":"generalParameters/secondFactors/totp","totp2fDisplayExistingSecret":"generalParameters/secondFactors/totp","totp2fInterval":"generalParameters/secondFactors/totp","totp2fIssuer":"generalParameters/secondFactors/totp","totp2fRange":"generalParameters/secondFactors/totp","totp2fSelfRegistration":"generalParameters/secondFactors/totp","totp2fUserCanChangeKey":"generalParameters/secondFactors/totp","totp2fUserCanRemoveKey":"generalParameters/secondFactors/totp","trustedDomains":"generalParameters/advancedParams/security","twitterAppName":"generalParameters/authParams/twitterParams","twitterAuthnLevel":"generalParameters/authParams/twitterParams","twitterKey":"generalParameters/authParams/twitterParams","twitterSecret":"generalParameters/authParams/twitterParams","twitterUserField":"generalParameters/authParams/twitterParams","u2fActivation":"generalParameters/secondFactors/u2f","u2fAuthnLevel":"generalParameters/secondFactors/u2f","u2fSelfRegistration":"generalParameters/secondFactors/u2f","u2fUserCanRemoveKey":"generalParameters/secondFactors/u2f","upgradeSession":"generalParameters/plugins","useRedirectOnError":"generalParameters/advancedParams/redirection","useRedirectOnForbidden":"generalParameters/advancedParams/redirection","useSafeJail":"generalParameters/advancedParams/security","userControl":"generalParameters/advancedParams/security","userDB":"generalParameters/authParams","userPivot":"generalParameters/authParams/dbiParams/dbiSchema","utotp2fActivation":"generalParameters/secondFactors/utotp2f","utotp2fAuthnLevel":"generalParameters/secondFactors/utotp2f","virtualHosts":"","webIDAuthnLevel":"generalParameters/authParams/webidParams","webIDExportedVars":"generalParameters/authParams/webidParams","webIDWhitelist":"generalParameters/authParams/webidParams","whatToTrace":"generalParameters/logParams","wsdlServer":"generalParameters/plugins/portalServers","yubikey2fActivation":"generalParameters/secondFactors/yubikey2f","yubikey2fAuthnLevel":"generalParameters/secondFactors/yubikey2f","yubikey2fClientID":"generalParameters/secondFactors/yubikey2f","yubikey2fNonce":"generalParameters/secondFactors/yubikey2f","yubikey2fPublicIDSize":"generalParameters/secondFactors/yubikey2f","yubikey2fSecretKey":"generalParameters/secondFactors/yubikey2f","yubikey2fSelfRegistration":"generalParameters/secondFactors/yubikey2f","yubikey2fUrl":"generalParameters/secondFactors/yubikey2f","yubikey2fUserCanRemoveKey":"generalParameters/secondFactors/yubikey2f"}
\ No newline at end of file
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -100,9 +100,11 @@ lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm
lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
lib/Lemonldap/NG/Portal/Plugins/CDA.pm
lib/Lemonldap/NG/Portal/Plugins/CheckState.pm
lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
lib/Lemonldap/NG/Portal/Plugins/ForceAuthn.pm
lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm
lib/Lemonldap/NG/Portal/Plugins/History.pm
lib/Lemonldap/NG/Portal/Plugins/IdSpoofing.pm
lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
lib/Lemonldap/NG/Portal/Plugins/Notifications.pm
lib/Lemonldap/NG/Portal/Plugins/PublicPages.pm
......@@ -323,6 +325,7 @@ site/templates/bootstrap/2fchoice.tpl
site/templates/bootstrap/2fregisters.tpl
site/templates/bootstrap/casBack2Url.tpl
site/templates/bootstrap/checklogins.tpl
site/templates/bootstrap/checkuser.tpl
site/templates/bootstrap/confirm.tpl
site/templates/bootstrap/customfooter.tpl
site/templates/bootstrap/customhead.tpl
......@@ -499,6 +502,8 @@ t/66-CDA-already-auth.t
t/66-CDA-with-REST.t
t/66-CDA-with-SOAP.t
t/66-CDA.t
t/67-CheckUser-with-token.t
t/67-CheckUser.t
t/70-2F-TOTP-with-History.t
t/70-2F-TOTP.t
t/70-2F-TOTP_8.t
......
......@@ -91,6 +91,11 @@ qr/^($saml_sso_get_url|$saml_sso_get_url_ret|$saml_sso_post_url|$saml_sso_post_u
);
return 0 unless ($res);
if ( $self->conf->{samlOverrideIDPEntityID} ) {
$self->lassoServer->ProviderID(
$self->conf->{samlOverrideIDPEntityID} );
}
# Single logout routes
$self->addUnauthRouteFromMetaDataURL(
"samlIDPSSODescriptorSingleLogoutServiceSOAP",
......
......@@ -564,7 +564,7 @@ sub checkIDTokenValidity {
$self->logger->error("Auth time was not returned by OP $op");
return 0;
}
if ( $auth_time + $max_age > time ) {
if ( time > $auth_time + $max_age ) {
$self->userLogger->error(
"Authentication time ($auth_time) is too old (Max age: $max_age)"
);
......
......@@ -184,7 +184,7 @@ sub loadService {
# Create Lasso server with service metadata
my $server = $self->createServer(
$service_metadata->serviceToXML( $self->conf ),
$service_metadata->serviceToXML( $self->conf, ''),
$self->conf->{samlServicePrivateKeySig},
$self->conf->{samlServicePrivateKeySigPwd},
......@@ -3072,7 +3072,7 @@ sub importRealSession {
sub metadata {
my ( $self, $req ) = @_;
my $type = $req->param('type');
my $type = $req->param('type') || 'all';
require Lemonldap::NG::Common::Conf::SAML::Metadata;
if ( my $metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new() ) {
my $s = $metadata->serviceToXML( $self->conf, $type);
......
......@@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Main::Constants;
use strict;
use Exporter 'import';
our $VERSION = '2.0.2';
our $VERSION = '2.0.3';
use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main';
use constant {
......@@ -98,7 +98,7 @@ use constant {
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
PE_OID_SERVICE_NOT_ALLOWED => 91,
PE_GET_SERVICE_NOT_ALLOWED => 92,
PE_IDSPOOFING_SERVICE_NOT_ALLOWED => 93,
};
# EXPORTER PARAMETERS
......@@ -126,7 +126,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTAUTHN
PE_MUSTHAVEMAIL PE_SAML_SERVICE_NOT_ALLOWED PE_OIDC_SERVICE_NOT_ALLOWED
PE_OID_SERVICE_NOT_ALLOWED PE_GET_SERVICE_NOT_ALLOWED
PE_OID_SERVICE_NOT_ALLOWED PE_GET_SERVICE_NOT_ALLOWED PE_IDSPOOFING_SERVICE_NOT_ALLOWED
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
......
......@@ -291,6 +291,7 @@ sub display {
REGISTER_URL => $self->conf->{registerUrl},
HIDDEN_INPUTS => $self->buildHiddenForm($req),
STAYCONNECTED => $self->conf->{stayConnected},
SPOOFID => $self->conf->{idSpoofing},
(
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
......
......@@ -5,8 +5,9 @@ package Lemonldap::NG::Portal::Main::Plugin;
use strict;
use Mouse;
use HTML::Template;
use Data::Dumper;
our $VERSION = '2.0.2';
our $VERSION = '2.0.3';
extends 'Lemonldap::NG::Common::Module';
......@@ -38,13 +39,13 @@ sub _addRoute {
return sub {
shift;
return $sub->( $self, @_ );
}
}
}
else {
return sub {
shift;
return $self->$sub(@_);
}
}
}
};
$self->p->$type( $word, $subName, $methods, $transform );
......@@ -56,6 +57,21 @@ sub loadTemplate {
return $self->p->loadTemplate(@_);
}
sub accessCtrl {
my ( $self, $req, $uri ) = @_;
my $url = $self->conf->{portal} . $uri;
$self->logger->debug("Plugin calls accessCtrl for URL: $url");
# Check access rule
my ( $vhost, $appuri ) = $url =~ m#^https?://([^/]*)(.*)#;
$vhost =~ s/:\d+$//;
$appuri ||= '/';
$self->logger->debug(
"grant function call with VH: $vhost and URI: $appuri");
return $self->p->HANDLER->grant( $req, $req->{userData}, $appuri,
undef, $vhost );
}
1;
__END__
......
......@@ -26,6 +26,7 @@ our @pList = (
checkState => '::Plugins::CheckState',
portalForceAuthn => '::Plugins::ForceAuthn',
checkUser => '::Plugins::CheckUser',
idSpoofing => '::Plugins::IdSpoofing',
);
##@method list enabledPlugins
......
......@@ -18,11 +18,11 @@ use URI::Escape;
use JSON;
# List constants
sub authProcess {qw(extractFormInfo getUser authenticate)}
sub authProcess { qw(extractFormInfo getUser authenticate) }
sub sessionData {
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
setLocalGroups store secondFactor);
setLocalGroups store secondFactor);
}
sub validSession {
......@@ -57,9 +57,11 @@ sub handler {
if ( $sp or %{ $req->pdata } ) {
my %v = (
name => $self->conf->{cookieName} . 'pdata',
( %{ $req->pdata }
(
%{ $req->pdata }
? ( value => uri_escape( JSON::to_json( $req->pdata ) ) )
: ( value => '',
: (
value => '',
expires => 'Wed, 21 Oct 2015 00:00:00 GMT'
)
)
......@@ -93,7 +95,8 @@ sub login {
my ( $self, $req ) = @_;
return $self->do(
$req,
[ 'controlUrl', @{ $self->beforeAuth },
[
'controlUrl', @{ $self->beforeAuth },
$self->authProcess, @{ $self->betweenAuthAndData },
$self->sessionData, @{ $self->afterData },
$self->validSession, @{ $self->endAuth },
......@@ -105,7 +108,8 @@ sub postLogin {
my ( $self, $req ) = @_;
return $self->do(
$req,
[ 'restoreArgs', 'controlUrl',
[
'restoreArgs', 'controlUrl',
@{ $self->beforeAuth }, $self->authProcess,
@{ $self->betweenAuthAndData }, $self->sessionData,
@{ $self->afterData }, $self->validSession,
......@@ -118,7 +122,8 @@ sub authenticatedRequest {
my ( $self, $req ) = @_;
return $self->do(
$req,
[ 'importHandlerData', 'controlUrl',
[
'importHandlerData', 'controlUrl',
'checkLogout', @{ $self->forAuthUser }
]
);
......@@ -128,7 +133,8 @@ sub postAuthenticatedRequest {
my ( $self, $req ) = @_;
return $self->do(
$req,
[ 'importHandlerData', 'restoreArgs',
[
'importHandlerData', 'restoreArgs',
'controlUrl', 'checkLogout',
@{ $self->forAuthUser }
]
......@@ -145,8 +151,8 @@ sub refresh {
foreach ( keys %data ) {
delete $data{$_} unless ( /^_/ or /^(?:startTime)$/ );
}
$req->steps(
[ 'getUser',
$req->steps( [
'getUser',
@{ $self->betweenAuthAndData },
'setAuthSessionInfo',
'setSessionInfo',
......@@ -164,21 +170,21 @@ sub refresh {
if ($res) {
$req->info(
$self->loadTemplate(
'simpleInfo',
params => { trspan => 'rightsReloadNeedsLogout' }
'simpleInfo', params => { trspan => 'rightsReloadNeedsLogout' }
)
);
$req->urldc( $self->conf->{portal} );
return $self->do( $req, [ sub {PE_INFO} ] );
return $self->do( $req, [ sub { PE_INFO } ] );
}
return $self->do( $req, [ sub {PE_OK} ] );
return $self->do( $req, [ sub { PE_OK } ] );
}
sub logout {
my ( $self, $req ) = @_;
return $self->do(
$req,
[ 'controlUrl', @{ $self->beforeLogout },
[
'controlUrl', @{ $self->beforeLogout },
'authLogout', 'deleteSession'
]
);
......@@ -195,9 +201,9 @@ sub do {
# Update status
if ( my $p = $self->HANDLER->tsv->{statusPipe} ) {
$p->print(( $req->user ? $req->user : $req->address ) . ' => '
. $req->uri
. " $err\n" );
$p->print( ( $req->user ? $req->user : $req->address ) . ' => '
. $req->uri
. " $err\n" );
}
# Update history
......@@ -223,14 +229,16 @@ sub do {
else {
return $self->sendJSONresponse(
$req,
{ result => 1,
{
result => 1,
code => $err
}
);
}
}
else {
if ( $err
if (
$err
and $err != PE_LOGOUT_OK
and (
$err != PE_REDIRECT
......@@ -239,7 +247,7 @@ sub do {
and $req->data->{redirectFormMethod} eq 'post' )
or $req->info
)
)
)
{
my ( $tpl, $prms ) = $self->display($req);
$self->logger->debug("Calling sendHtml with template $tpl");
......@@ -257,20 +265,21 @@ sub do {
sub getModule {
my ( $self, $req, $type ) = @_;
if (my $mod = {
if (
my $mod = {
auth => '_authentication',
user => '_userDB',
password => '_passwordDB'
}->{$type}
)
)
{
if ( my $sub = $self->$mod->can('name') ) {
return $sub->( $self->$mod, $req, $type );
}
else {
my $s = ref( $self->$mod );
$s
=~ s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//;
$s =~
s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//;
return $s;
}
}
......@@ -287,7 +296,7 @@ sub autoRedirect {
# Set redirection URL if needed
$req->{urldc} ||= $self->conf->{portal}
if ( $req->mustRedirect and not( $req->info ) );
if ( $req->mustRedirect and not( $req->info ) );
# Redirection should be made if urldc defined
if ( $req->{urldc} ) {
......@@ -297,9 +306,8 @@ sub autoRedirect {
$req->data->{redirectFormMethod} = "get";
}
else {
return [
302, [ Location => $req->{urldc}, @{ $req->respHeaders } ], []
];
return [ 302,
[ Location => $req->{urldc}, @{ $req->respHeaders } ], [] ];
}
}
my ( $tpl, $prms ) = $self->display($req);
......@@ -319,8 +327,8 @@ sub getApacheSession {
$self->logger->debug("Try to get a new $args{kind} session");
}
my $as = Lemonldap::NG::Common::Session->new(
{ storageModule => $self->conf->{globalStorage},
my $as = Lemonldap::NG::Common::Session->new( {
storageModule => $self->conf->{globalStorage},
storageModuleOptions => $self->conf->{globalStorageOptions},
cacheModule => $self->conf->{localSessionStorage},
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
......@@ -334,7 +342,8 @@ sub getApacheSession {
if ( my $err = $as->error ) {
$self->lmLog(
$err,
( $err =~ /(?:Object does not exist|Invalid session ID)/
(
$err =~ /(?:Object does not exist|Invalid session ID)/
? 'notice'
: 'error'
)
......@@ -349,19 +358,21 @@ sub getApacheSession {
$self->logger->debug("Get session $id from Portal::Main::Run") if ($id);
$self->logger->debug(
"Check session validity -> " . $self->conf->{timeoutActivity} . "s" )
if ( $self->conf->{timeoutActivity} );
if ( $self->conf->{timeoutActivity} );
my $now = time;
if ( $id
if (
$id
and defined $as->data->{_utime}
and (
( ( $now - $as->data->{_utime} ) > $self->conf->{timeout} )
or ( $self->conf->{timeoutActivity}
or (
$self->conf->{timeoutActivity}
and $as->data->{_lastSeen}
and ( ( $now - $as->data->{_lastSeen} )
> $self->conf->{timeoutActivity} )
and ( ( $now - $as->data->{_lastSeen} ) >
$self->conf->{timeoutActivity} )
)
)
)
)
{
$self->logger->debug("Session $args{kind} $id expired");
return;
......@@ -383,8 +394,8 @@ sub getPersistentSession {
$info->{_session_uid} = $uid;
my $ps = Lemonldap::NG::Common::Session->new(
{ storageModule => $self->conf->{persistentStorage},
my $ps = Lemonldap::NG::Common::Session->new( {
storageModule => $self->conf->{persistentStorage},
storageModuleOptions => $self->conf->{persistentStorageOptions},
id => $pid,
force => 1,
......@@ -425,11 +436,10 @@ sub updatePersistentSession {
# Return if no infos to update
return () unless ( ref $infos eq 'HASH' and %$infos );
$uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} }
|| $req->userData->{ $self->conf->{whatToTrace} };
|| $req->userData->{ $self->conf->{whatToTrace} };
$self->logger->debug("Found 'whatToTrace' -> $uid");
unless ($uid) {
$self->logger->debug(
'No uid found, skipping updatePersistentSession');
$self->logger->debug('No uid found, skipping updatePersistentSession');
return ();
}
$self->logger->debug("Update $uid persistent session");
......@@ -469,16 +479,16 @@ sub updateSession {
## sessionInfo updated if $id defined : quite strange !!
## See https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/430
foreach ( keys %$infos ) {
$self->logger->debug(
"Update sessionInfo $_ with " . $infos->{$_} );
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_}
= $infos->{$_};
$self->logger->debug("Update sessionInfo $_");
$self->_dump( $infos->{$_} );
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} =
$infos->{$_};
}
# Update session in global storage with _updateTime
$infos->{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
if ( my $apacheSession
= $self->getApacheSession( $id, info => $infos ) )
if ( my $apacheSession =
$self->getApacheSession( $id, info => $infos ) )
{
if ( $apacheSession->error ) {
$self->logger->error("Cannot update session $id");
......@@ -561,10 +571,10 @@ sub isTrustedUrl {
sub stamp {
my $self = shift;
my $res
= $self->conf->{cipher}
? $self->conf->{cipher}->encrypt( time() )
: 1;
my $res =
$self->conf->{cipher}
? $self->conf->{cipher}->encrypt( time() )
: 1;
$res =~ s/\+/%2B/g;
return $res;
}
......@@ -696,7 +706,7 @@ sub cookie {
$h{path} ||= '/';
$h{HttpOnly} //= $self->conf->{httpOnly};
$h{max_age} //= $self->conf->{cookieExpiration}
if ( $self->conf->{cookieExpiration} );
if ( $self->conf->{cookieExpiration} );
foreach (qw(domain path expires max_age HttpOnly)) {
my $f = $_;
$f =~ s/_/-/g;
......@@ -719,8 +729,8 @@ sub sendHtml {
my ( $self, $req, $template, %args ) = @_;
$args{params}->{TROVER} = $self->trOver;
$args{templateDir}
= $self->conf->{templateDir} . '/' . $self->getSkin($req);
$args{templateDir} =
$self->conf->{templateDir} . '/' . $self->getSkin($req);
my $tmpl = $args{templateDir} . "/$template.tpl";
my $troverJson = $args{templateDir} . "/$template.json";
unless ( -f $tmpl ) {
......@@ -733,7 +743,7 @@ sub sendHtml {
if ( -r $troverJson ) {
open my $tr_file, '<', $troverJson
or die "Can't open" . $troverJson . " : $!";
or die "Can't open" . $troverJson . " : $!";
while (<$tr_file>) {
chomp;
$args{params}->{TROVERbyJSON} .= $_;
......@@ -752,11 +762,11 @@ sub sendHtml {
}
my $res = $self->SUPER::sendHtml( $req, $template, %args );
push @{ $res->[1] },
'X-XSS-Protection' => '1; mode=block',
'X-Content-Type-Options' => 'nosniff',
'Cache-Control' => 'no-cache, no-store, must-revalidate', # HTTP 1.1
'Pragma' => 'no-cache', # HTTP 1.0
'Expires' => '0'; # Proxies
'X-XSS-Protection' => '1; mode=block',
'X-Content-Type-Options' => 'nosniff',
'Cache-Control' => 'no-cache, no-store, must-revalidate', # HTTP 1.1
'Pragma' => 'no-cache', # HTTP 1.0
'Expires' => '0'; # Proxies
# Set authorized URL for POST
my $csp = $self->csp . "form-action " . $self->conf->{cspFormAction};
......@@ -770,14 +780,13 @@ sub sendHtml {
if ( defined $url ) {
$self->logger->debug("Required Params URL : $url");
if ( $url =~ s#(https?://[^/]+).*#$1# ) {
$self->logger->debug(
"Set CSP form-action with Params URL : $url");
$self->logger->debug("Set CSP form-action with Params URL : $url");
$csp .= " $url";
}
}
if ( defined $req->{cspFormAction} ) {
$self->logger->debug( "Set CSP form-action with request URL: "
. $req->{cspFormAction} );
$self->logger->debug(
"Set CSP form-action with request URL: " . $req->{cspFormAction} );
$csp .= " " . $req->{cspFormAction};
}
......@@ -803,7 +812,7 @@ sub sendHtml {
my @url;
if ( $req->info ) {
@url = map { s#https?://([^/]+).*#$1#; $_ }
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
}
if (@url) {
$csp .= join( ' ', 'child-src', @url ) . ';';
......@@ -819,17 +828,18 @@ sub sendCss {
my ( $self, $req ) = @_;
my $s = '/* LL::NG Portal CSS */';
if ( $self->conf->{portalSkinBackground} ) {
$s
.= 'html,body{background:url("'
. $self->staticPrefix
. '/common/backgrounds/'
. $self->conf->{portalSkinBackground}
. '") no-repeat center fixed;'
. 'background-size:cover;}';
$s .=
'html,body{background:url("'
. $self->staticPrefix
. '/common/backgrounds/'
. $self->conf->{portalSkinBackground}
. '") no-repeat center fixed;'
. 'background-size:cover;}';
}
return [
200,
[ 'Content-Type' => 'text/css',
[
'Content-Type' => 'text/css',
'Content-Length' => length($s),
'Cache-Control' => 'public,max-age=3600',
],
......@@ -838,8 +848,8 @@ sub sendCss {
}
sub lmError {
my ( $self, $req ) = @_;
my $httpError = $req->param('code');
my ( $self, $req, $error ) = @_;
my $httpError = $req->param('code') || $error;