Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:2.1:checkuser [2019/03/07 17:27]
cmaudoux [Configuration]
documentation:2.1:checkuser [2020/04/24 16:55] (current)
cmaudoux [Configuration]
Line 9: Line 9:
   * **Parameters**:​   * **Parameters**:​
     * **Activation**:​ Enable / Disable this plugin     * **Activation**:​ Enable / Disable this plugin
 +    * **Identities use rule**: Rule to define which profiles can be displayed (by example: ''​!$anonymous''​)
     * **Hidden attributes**:​ Attributes not displayed     * **Hidden attributes**:​ Attributes not displayed
-    * **Display ​persistent session**: Display ​persistent session attributes +    ​* **Attributes used for searching sessions**: User's attributes used for searching sessions in backend if ''​whatToTrace''​ fails. Useful to look for sessions by mail or givenName. Let it blank to search by ''​whatToTrace''​ only. 
-    * **Display empty value**: Display ALL attributes even empty ones+    ​* **Display ​empty headers rule**: Display ​ALL headers appended by LemonLDAP::​NG including empty ones. 
 +    * **Display empty value rule**: Display ALL attributes even empty ones 
 +    * **Display persistent session rule**: Display persistent session attributes
  
-<​note ​important+<​note ​info
-Be careful to not display secret attributes.+By examples :
  
-checkUser plugin hidden ​attributes ​are concatenation of+* Search ​attributes ​=> ''​mail uid givenName''​
  
-''​checkUserHiddenAttributes'' ​and ''​hiddenAttributes''​.+If ''​whatToTrace'' ​fails, sessions are searched by ''​mail''​, next ''​uid''​ if none session is found and so on...
  
 +* Display empty headers rule => ''​$uid eq "​dwho"''​ -> Only '​dwho'​ will see empty headers
 +</​note>​
 +
 +<note info>
 +Keep in mind that Nginx HTTP proxy module gets rid of empty headers. If the value of a header field is an empty string then this field will not be passed to a proxied server. To avoid misunderstanding,​ it might be useful to not display empty headers.
 +</​note>​
 +
 +<note important>​
 +Be careful to not display secret attributes.
 +
 +checkUser plugin hidden attributes are concatenation of ''​checkUserHiddenAttributes''​ and ''​hiddenAttributes''​.
 You just have to append checkUser specific attributes. You just have to append checkUser specific attributes.
 </​note>​ </​note>​
Line 25: Line 39:
 <note warning> <note warning>
 This plugin displays ALL user session attributes except the hidden ones. This plugin displays ALL user session attributes except the hidden ones.
- 
  
 You have to restrict access to specific users (administrators,​ DevOps, power users and so on...) ​ You have to restrict access to specific users (administrators,​ DevOps, power users and so on...) ​
- 
- 
 by setting an access rule like other VirtualHosts. by setting an access rule like other VirtualHosts.
  
Line 35: Line 46:
  
 </​note>​ </​note>​
 +
 +To modify persistent sessions attributes ('​_loginHistory _2fDevices notification_'​ by default), edit ''​lemonldap-ng.ini''​ in [portal] section:
 +<file ini>
 +[portal]
 +persistentSessionAttributes = _loginHistory _2fDevices notification_
 +</​file>​
 ===== Usage ===== ===== Usage =====
  
 When enabled, ''/​checkuser''​ URL path is handled by this plugin. When enabled, ''/​checkuser''​ URL path is handled by this plugin.
 +
 +<note important>​
 +With federated authentication,​ checkUser plugin works only if a session can be found in backend.
 +</​note>​