documentation:2.1:variables

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:variables [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Variables ======
 +
 +===== Presentation =====
 +
 +Variables can be used in rules and headers. All rules are concerned:
 +  * Access rule in virtual host
 +  * SAML IDP preselection
 +  * Session opening
 +  * ...
 +
 +Variables are stored in the user session. We can distinguish several kind of variables:
 +  * internal variables, managed by LemonLDAP::NG
 +  * [[exportedvars|exported variables]] collected from UserDB backend
 +  * [[performances#macros_and_groups|macro and groups]]
 +
 +
 +When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if  ''uid'' variable match ''coudot'' :
 +<code>
 +$uid eq "coudot"
 +</code>
 +
 +<note tip>You can inspect a user session with the sessions explorer (in Manager)</note>
 +
 +Below are documented internal variables.
 +
 +===== Modules ====
 +
 +Register what module was used for authentication, user data, password, ...
 +
 +^  Key  ^  Description  ^
 +|  _auth  | Authentication module  |
 +|  _userDB  | User module  |
 +|  _passwordDB  | Password module  |
 +|  _issuerDB  | Issuer module (can be multivalued)  |
 +|  _authChoice  | User choice done if [[authchoice|authentication choice]] was used  |
 +|  _authMulti  | Full name of authentication module (with ''#label'') used in Multi   |
 +|  _userDBMulti  | Full name of user module (with ''#label'') used in Multi   |
 +===== Connection =====
 +
 +Datas concerning the first connection to the portal
 +
 +^  Key  ^  Description  ^
 +| ipAddr  | IP of the user (can be the X Forwarded For IP if trusted proxies are configured)  |
 +| _timezone  | Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) |
 +| _url  | URL used before being redirected to the portal (empty if portal was used as entry point)  |
 +
 +===== Authentication =====
 +
 +Datas around the authentication process.
 +
 +^  Key  ^  Description  ^
 +| _session_id  | Session identifier (carried in cookie)  |
 +| _user  | User found from login process  |
 +| _password  | Password found from login process (only if [[passwordstore|password store in session]] is configured)  |
 +| authenticationLevel  | Authentication level  |
 +
 +===== Dates =====
 +
 +^  Key  ^  Description  ^
 +| _utime  | Timestamp of session creation  |
 +| _startTime  | Date of session creation  |
 +| _updateTime  | Date of session last modification  |
 +| _lastAuthnUTime | Timestamp of last authentication time  |
 +
 +===== SAML =====
 +
 +Datas related to SAML protocol
 +
 +^  Key  ^  Description  ^
 +| _idp  | Name of IDP used for authentication  |
 +| _idpConfKey  | Configuration key of IDP used for authentication  |
 +| _samlToken  | SAML token  |
 +| _lassoSessionDump  | Lasso session dump  |
 +| _lassoIdentityDump  | Lasso identity dump  |
 +
 +===== Notifications =====
 +
 +^  Key  ^  Description  ^
 +| _notification_//id//  | Date of validation of the notification //id//  |
 +
 +===== Login history =====
 +
 +^  Key  ^  Description  ^
 +| _loginHistory  | HASH of login success and failures  |
 +
 +===== LDAP =====
 +
 +Only with UserDB LDAP.
 +
 +^  Key  ^  Description  ^
 +| _dn  | Distinguished name |
 +
 +===== OpenID =====
 +
 +^  Key  ^  Description  ^
 +| _openid_//id//  | Consent to share attribute //id// trough OpenID  |
 +
 +===== OpenID Connect =====
 +
 +^  Key  ^  Description  ^
 +| _oidc_id_token  | ID Token  |
 +| _oidc_OP  | Configuration key of OP used for authentication  |
 +| _oidc_access_token  | OAuth2 Access Token used to get UserInfo data  |
 +| _oidc_consent_scope_//rp// | Scope for which consent was given for RP //rp//  |
 +| _oidc_consent_time_//rp// | Time when consent was given for RP //rp//  |
 +
 +===== Other =====
 +
 +^  Key  ^  Description  ^
 +| _appsListOrder  | Order of categories in the menu  |
 +| _session_kind  | Type of session (SSO, Persistent, ...)  |
 +
 +