Variables can be used in rules and headers. All rules are concerned:
Variables are stored in the user session. We can distinguish several kind of variables:
When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if uid variable match coudot :
$uid eq "coudot"
Below are documented internal variables.
Register what module was used for authentication, user data, password, ...
| Key | Description |
|---|---|
| _auth | Authentication module |
| _userDB | User module |
| _passwordDB | Password module |
| _issuerDB | Issuer module (can be multivalued) |
| _authChoice | User choice done if authentication choice was used |
| _authMulti | Full name of authentication module (with #label) used in Multi |
| _userDBMulti | Full name of user module (with #label) used in Multi |
Datas concerning the first connection to the portal
| Key | Description |
|---|---|
| ipAddr | IP of the user (can be the X Forwarded For IP if trusted proxies are configured) |
| _timezone | Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) |
| _url | URL used before being redirected to the portal (empty if portal was used as entry point) |
Datas around the authentication process.
| Key | Description |
|---|---|
| _session_id | Session identifier (carried in cookie) |
| _user | User found from login process |
| _password | Password found from login process (only if password store in session is configured) |
| authenticationLevel | Authentication level |
| Key | Description |
|---|---|
| _utime | Timestamp of session creation |
| startTime | Date of session creation |
| updateTime | Date of session last modification |
| _lastAuthnUTime | Timestamp of last authentication time |
Datas related to SAML protocol
| Key | Description |
|---|---|
| _idp | Name of IDP used for authentication |
| _idpConfKey | Configuration key of IDP used for authentication |
| _samlToken | SAML token |
| _lassoSessionDump | Lasso session dump |
| _lassoIdentityDump | Lasso identity dump |
| Key | Description |
|---|---|
| _notification_id | Date of validation of the notification id |
| Key | Description |
|---|---|
| loginHistory | HASH of login success and failures |
Only with UserDB LDAP.
| Key | Description |
|---|---|
| dn | Distinguished name |
| Key | Description |
|---|---|
| _openid_id | Consent to share attribute id trough OpenID |
| Key | Description |
|---|---|
| OpenIDConnect_IDToken | ID Token |
| OpenIDConnect_OP | Configuration key of OP used for authentication |
| OpenIDConnect_access_token | OAuth2 Access Token used to get UserInfo data |
| _oidc_consent_scope_rp | Scope for which consent was given for RP rp |
| _oidc_consent_time_rp | Time when consent was given for RP rp |
| Key | Description |
|---|---|
| appsListOrder | Order of categories in the menu |
| _session_kind | Type of session (SSO, Persistent, ...) |