Variables¶
Presentation¶
Variables can be used in rules and headers. All rules are concerned:
Access rule in virtual host
SAML IDP preselection
Session opening
…
Variables are stored in the user session. We can distinguish several kind of variables:
internal variables, managed by LemonLDAP::NG
exported variables collected from UserDB backend
When you know the key of the variable, you just have to prefix it with
the dollar sign to use it, for example to test if uid
variable match
coudot
:
$uid eq "coudot"
Tip
You can inspect a user session with the sessions explorer (in Manager)
Below are documented internal variables.
Modules¶
Register what module was used for authentication, user data, password, …
Key |
Description |
---|---|
_auth |
Authentication module |
_userDB |
User module |
_passwordDB |
Password module |
_issuerDB |
Issuer module (can be multivalued) |
_authChoice |
User choice done if authentication choice was used |
_authMulti |
Full name of authentication module (with |
_userDBMulti |
Full name of user module (with |
Connection¶
Datas concerning the first connection to the portal
Key |
Description |
---|---|
ipAddr |
IP of the user (special care must be taken is you run the portal behind a reverse proxy) |
_timezone |
Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) |
_url |
URL used before being redirected to the portal (empty if portal was used as entry point) |
Authentication¶
Datas around the authentication process.
Key |
Description |
---|---|
_session_id |
Session identifier (carried in cookie) |
_user |
User found from login process |
_password |
Password found from login process (only if password store in session is configured) |
authenticationLevel |
Authentication level |
Dates¶
Key |
Description |
---|---|
_utime |
Timestamp of session creation |
_startTime |
Date of session creation |
_updateTime |
Date of session last modification |
_lastAuthnUTime |
Timestamp of last authentication time |
SAML¶
Datas related to SAML protocol
Key |
Description |
---|---|
_idp |
Name of IDP used for authentication |
_idpConfKey |
Configuration key of IDP used for authentication |
_samlToken |
SAML token |
_lassoSessionDump |
Lasso session dump |
_lassoIdentityDump |
Lasso identity dump |
Notifications¶
Key |
Description |
---|---|
_notification_id |
Date of validation of the notification id |
Login history¶
Key |
Description |
---|---|
_loginHistory |
HASH of login success and failures |
OpenID¶
Key |
Description |
---|---|
_openid_id |
Consent to share attribute id through OpenID |
OpenID Connect¶
Key |
Description |
---|---|
_oidc_id_token |
ID Token |
_oidc_OP |
Configuration key of OP used for authentication |
_oidc_access_token |
OAuth2 Access Token used to get UserInfo data |
_oidc_consent_scope_rp |
Scope for which consent was given for RP rp |
_oidc_consent_time_rp |
Time when consent was given for RP rp |
Other¶
Key |
Description |
---|---|
_appsListOrder |
Order of categories in the menu |
_session_kind |
Type of session (SSO, Persistent, …) |