Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:variables [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Variables ======
 +
 +===== Presentation =====
 +
 +Variables can be used in rules and headers. All rules are concerned:
 +  * Access rule in virtual host
 +  * SAML IDP preselection
 +  * Session opening
 +  * ...
 +
 +Variables are stored in the user session. We can distinguish several kind of variables:
 +  * internal variables, managed by LemonLDAP::​NG
 +  * [[exportedvars|exported variables]] collected from UserDB backend
 +  * [[performances#​macros_and_groups|macro and groups]]
 +
 +
 +When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if  ''​uid''​ variable match ''​coudot''​ :
 +<​code>​
 +$uid eq "​coudot"​
 +</​code>​
 +
 +<note tip>You can inspect a user session with the sessions explorer (in Manager)</​note>​
 +
 +Below are documented internal variables.
 +
 +===== Modules ====
 +
 +Register what module was used for authentication,​ user data, password, ...
 +
 +^  Key  ^  Description ​ ^
 +|  _auth  | Authentication module ​ |
 +|  _userDB ​ | User module ​ |
 +|  _passwordDB ​ | Password module ​ |
 +|  _issuerDB ​ | Issuer module (can be multivalued) ​ |
 +|  _authChoice ​ | User choice done if [[authchoice|authentication choice]] was used  |
 +|  _authMulti ​ | Full name of authentication module (with ''#​label''​) used in Multi   |
 +|  _userDBMulti ​ | Full name of user module (with ''#​label''​) used in Multi   |
 +===== Connection =====
 +
 +Datas concerning the first connection to the portal
 +
 +^  Key  ^  Description ​ ^
 +| ipAddr ​ | IP of the user (can be the X Forwarded For IP if trusted proxies are configured) ​ |
 +| _timezone ​ | Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) |
 +| _url  | URL used before being redirected to the portal (empty if portal was used as entry point) ​ |
 +
 +===== Authentication =====
 +
 +Datas around the authentication process.
 +
 +^  Key  ^  Description ​ ^
 +| _session_id ​ | Session identifier (carried in cookie) ​ |
 +| _user  | User found from login process ​ |
 +| _password ​ | Password found from login process (only if [[passwordstore|password store in session]] is configured) ​ |
 +| authenticationLevel ​ | Authentication level  |
 +
 +===== Dates =====
 +
 +^  Key  ^  Description ​ ^
 +| _utime ​ | Timestamp of session creation ​ |
 +| _startTime ​ | Date of session creation ​ |
 +| _updateTime ​ | Date of session last modification ​ |
 +| _lastAuthnUTime | Timestamp of last authentication time  |
 +
 +===== SAML =====
 +
 +Datas related to SAML protocol
 +
 +^  Key  ^  Description ​ ^
 +| _idp  | Name of IDP used for authentication ​ |
 +| _idpConfKey ​ | Configuration key of IDP used for authentication ​ |
 +| _samlToken ​ | SAML token  |
 +| _lassoSessionDump ​ | Lasso session dump  |
 +| _lassoIdentityDump ​ | Lasso identity dump  |
 +
 +===== Notifications =====
 +
 +^  Key  ^  Description ​ ^
 +| _notification_//​id// ​ | Date of validation of the notification //​id// ​ |
 +
 +===== Login history =====
 +
 +^  Key  ^  Description ​ ^
 +| _loginHistory ​ | HASH of login success and failures ​ |
 +
 +===== LDAP =====
 +
 +Only with UserDB LDAP.
 +
 +^  Key  ^  Description ​ ^
 +| _dn  | Distinguished name |
 +
 +===== OpenID =====
 +
 +^  Key  ^  Description ​ ^
 +| _openid_//​id// ​ | Consent to share attribute //id// trough OpenID ​ |
 +
 +===== OpenID Connect =====
 +
 +^  Key  ^  Description ​ ^
 +| _oidc_id_token ​ | ID Token  |
 +| _oidc_OP ​ | Configuration key of OP used for authentication ​ |
 +| _oidc_access_token ​ | OAuth2 Access Token used to get UserInfo data  |
 +| _oidc_consent_scope_//​rp//​ | Scope for which consent was given for RP //​rp// ​ |
 +| _oidc_consent_time_//​rp//​ | Time when consent was given for RP //​rp// ​ |
 +
 +===== Other =====
 +
 +^  Key  ^  Description ​ ^
 +| _appsListOrder ​ | Order of categories in the menu  |
 +| _session_kind ​ | Type of session (SSO, Persistent, ...)  |
 +
 +