Parameter list
Click on a column header to sort table.
The attribute key name can be used directly in
lemonldap-ng.ini
or in Perl scripts to override configuration parameters (see configuration location).
Main parameters
Key name | Documentation | Portal | Handler | Manager | ini file only |
---|---|---|---|---|---|
ADPwdExpireWarning | AD password expire warning | ✔ | |||
ADPwdMaxAge | AD password max age | ✔ | |||
AuthLDAPFilter | LDAP filter for auth search | ✔ | |||
LDAPFilter | Default LDAP filter | ✔ | |||
SMTPAuthPass | Password to use to send mails | ✔ | |||
SMTPAuthUser | Login to use to send mails | ✔ | |||
SMTPPort | Fix SMTP port | ✔ | |||
SMTPServer | SMTP Server | ✔ | |||
SMTPTLS | TLS protocol to use with SMTP | ✔ | |||
SMTPTLSOpts | TLS/SSL options for SMTP | ✔ | |||
SSLAuthnLevel | SSL authentication level | ✔ | |||
SSLVar | ✔ | ||||
SSLVarIf | ✔ | ||||
activeTimer | Enable timers on portal pages | ✔ | |||
apacheAuthnLevel | Apache authentication level | ✔ | |||
applicationList | Applications list | ✔ | |||
authChoiceModules | Hash list of Choice strings | ✔ | |||
authChoiceParam | Applications list | ✔ | |||
authentication | Authentication module | ✔ | |||
autoSigninRules | List of auto signin rules | ✔ | |||
available2F | Available second factor modules | ✔ | ✔ | ||
available2FSelfRegistration | Available self-registration modules for second factor | ✔ | ✔ | ||
bruteForceProtection | Enable brute force attack protection | ✔ | |||
bruteForceProtectionMaxAge | Brute force attack protection -> Max age between last and first allowed failed login | ✔ | ✔ | ||
bruteForceProtectionMaxFailed | Brute force attack protection -> Max allowed failed login | ✔ | ✔ | ||
bruteForceProtectionTempo | Brute force attack protection -> Tempo before try again | ✔ | ✔ | ||
captcha_login_enabled | Captcha on login page | ✔ | |||
captcha_mail_enabled | Captcha on password reset page | ✔ | |||
captcha_register_enabled | Captcha on account creation page | ✔ | |||
captcha_size | Captcha size | ✔ | |||
casAccessControlPolicy | CAS access control policy | ✔ | |||
casAppMetaDataOptions | Root of CAS app options | ✔ | [1] | ||
casAttr | Pivot attribute for CAS | ✔ | |||
casAttributes | CAS exported attributes | ✔ | |||
casAuthnLevel | CAS authentication level | ✔ | |||
casSrvMetaDataOptions | Root of CAS server options | ✔ | [1] | ||
casStorage | Apache::Session module to store CAS user data | ✔ | |||
casStorageOptions | Apache::Session module parameters | ✔ | |||
cda | Enable Cross Domain Authentication | ✔ | ✔ | ||
cfgAuthor | Name of the author of the current configuration | ✔ | ✔ | ||
cfgAuthorIP | Uploader IP address of the current configuration | ✔ | ✔ | ||
cfgDate | Timestamp of the current configuration | ✔ | ✔ | ||
cfgLog | Configuration update log | ✔ | ✔ | ||
cfgNum | Enable Cross Domain Authentication | ✔ | ✔ | ||
cfgVersion | Version of LLNG which build configuration | ✔ | ✔ | ||
checkState | Enable CheckState plugin | ✔ | |||
checkStateSecret | Secret token for CheckState plugin | ✔ | |||
checkTime | Timeout to check new configuration in local cache | ✔ | ✔ | ✔ | |
checkXSS | Check XSS | ✔ | |||
combModules | Combination module description | ✔ | |||
combination | Combination rule | ✔ | |||
configStorage | Configuration storage | ✔ | ✔ | ✔ | ✔ |
confirmFormMethod | HTTP method for confirm page form | ✔ | |||
cookieExpiration | Cookie expiration | ✔ | ✔ | ||
cookieName | Name of the main cookie | ✔ | ✔ | ||
cspConnect | Authorized Ajax destination for Content-Security-Policy | ✔ | |||
cspDefault | Default value for Content-Security-Policy | ✔ | |||
cspFont | Font source for Content-Security-Policy | ✔ | |||
cspFormAction | Form action destination for Content-Security-Policy | ✔ | |||
cspImg | Image source for Content-Security-Policy | ✔ | |||
cspScript | Javascript source for Content-Security-Policy | ✔ | |||
cspStyle | Style source for Content-Security-Policy | ✔ | |||
customAddParams | Custom additional parameters | ✔ | |||
customAuth | Custom auth module | ✔ | |||
customFunctions | List of custom functions | ✔ | ✔ | ✔ | |
customPassword | Custom password module | ✔ | |||
customRegister | Custom register module | ✔ | |||
customUserDB | Custom user DB module | ✔ | |||
dbiAuthChain | ✔ | ||||
dbiAuthLoginCol | ✔ | ||||
dbiAuthPassword | ✔ | ||||
dbiAuthPasswordCol | ✔ | ||||
dbiAuthPasswordHash | ✔ | ||||
dbiAuthTable | ✔ | ||||
dbiAuthUser | ✔ | ||||
dbiAuthnLevel | DBI authentication level | ✔ | |||
dbiDynamicHashEnabled | ✔ | ||||
dbiDynamicHashNewPasswordScheme | ✔ | ||||
dbiDynamicHashValidSaltedSchemes | ✔ | ||||
dbiDynamicHashValidSchemes | ✔ | ||||
dbiExportedVars | DBI exported variables | ✔ | |||
dbiPasswordMailCol | ✔ | ||||
dbiUserChain | ✔ | ||||
dbiUserPassword | ✔ | ||||
dbiUserTable | ✔ | ||||
dbiUserUser | ✔ | ||||
demoExportedVars | Demo exported variables | ✔ | |||
domain | DNS domain | ✔ | ✔ | ||
exportedAttr | List of attributes to export by SOAP or REST servers | ✔ | |||
exportedVars | Main exported variables | ✔ | |||
ext2FSendCommand | Send command of External second factor | ✔ | |||
ext2FValidateCommand | Validation command of External second factor | ✔ | |||
ext2fActivation | External second factor activation | ✔ | |||
ext2fAuthnLevel | Authentication level for users authentified by External second factor | ✔ | |||
ext2fLogo | Custom logo for External 2F | ✔ | |||
facebookAppId | ✔ | ||||
facebookAppSecret | ✔ | ||||
facebookAuthnLevel | Facebook authentication level | ✔ | |||
facebookExportedVars | Facebook exported variables | ✔ | |||
facebookUserField | ✔ | ||||
failedLoginNumber | Number of failures stored in login history | ✔ | |||
formTimeout | Token timeout for forms | ✔ | |||
globalStorage | Session backend module | ✔ | ✔ | ||
globalStorageOptions | Session backend module options | ✔ | ✔ | ||
gpgDb | GPG keys database | ✔ | |||
grantSessionRules | Rules to grant sessions | ✔ | |||
groups | Groups | ✔ | |||
handlerInternalCache | Handler internal cache timeout | ✔ | ✔ | ✔ | |
hiddenAttributes | Name of attributes to hide in logs | ✔ | |||
hideOldPassword | Hide old password in portal | ✔ | |||
httpOnly | Enable httpOnly flag in cookie | ✔ | ✔ | ||
https | Use HTTPS for redirection from portal | ✔ | |||
infoFormMethod | HTTP method for info page form | ✔ | |||
issuerDBCASActivation | CAS server activation | ✔ | |||
issuerDBCASPath | CAS server request path | ✔ | |||
issuerDBCASRule | CAS server rule | ✔ | |||
issuerDBGetActivation | Get issuer activation | ✔ | |||
issuerDBGetParameters | List of virtualHosts with their get parameters | ✔ | |||
issuerDBGetPath | Get issuer request path | ✔ | |||
issuerDBGetRule | Get issuer rule | ✔ | |||
issuerDBOpenIDActivation | OpenID server activation | ✔ | |||
issuerDBOpenIDConnectActivation | OpenID Connect server activation | ✔ | |||
issuerDBOpenIDConnectPath | OpenID Connect server request path | ✔ | |||
issuerDBOpenIDConnectRule | OpenID Connect server rule | ✔ | |||
issuerDBOpenIDPath | OpenID server request path | ✔ | |||
issuerDBOpenIDRule | OpenID server rule | ✔ | |||
issuerDBSAMLActivation | SAML IDP activation | ✔ | |||
issuerDBSAMLPath | SAML IDP request path | ✔ | |||
issuerDBSAMLRule | SAML IDP rule | ✔ | |||
jsRedirect | Use javascript for redirections | ✔ | |||
key | Secret key | ✔ | |||
krbAuthnLevel | Null authentication level | ✔ | |||
krbByJs | Launch Kerberos authentication by Ajax | ✔ | |||
krbKeytab | Kerberos keytab | ✔ | |||
krbRemoveDomain | Remove domain in Kerberos username | ✔ | |||
ldapAllowResetExpiredPassword | Allow a user to reset his expired password | ✔ | |||
ldapAuthnLevel | LDAP authentication level | ✔ | |||
ldapBase | LDAP search base | ✔ | |||
ldapChangePasswordAsUser | ✔ | ||||
ldapExportedVars | LDAP exported variables | ✔ | |||
ldapGroupAttributeName | LDAP attribute name for member in groups | ✔ | |||
ldapGroupAttributeNameGroup | LDAP attribute name in group entry referenced as member in groups | ✔ | |||
ldapGroupAttributeNameSearch | LDAP attributes to search in groups | ✔ | |||
ldapGroupAttributeNameUser | LDAP attribute name in user entry referenced as member in groups | ✔ | |||
ldapGroupBase | ✔ | ||||
ldapGroupDecodeSearchedValue | Decode value before searching it in LDAP groups | ✔ | |||
ldapGroupObjectClass | LDAP object class of groups | ✔ | |||
ldapGroupRecursive | LDAP recursive search in groups | ✔ | |||
ldapPasswordResetAttribute | LDAP password reset attribute | ✔ | |||
ldapPasswordResetAttributeValue | LDAP password reset value | ✔ | |||
ldapPort | LDAP port | ✔ | |||
ldapPpolicyControl | ✔ | ||||
ldapPwdEnc | LDAP password encoding | ✔ | |||
ldapRaw | ✔ | ||||
ldapSearchDeref | “deref” param of Net::LDAP::search() | ✔ | |||
ldapServer | LDAP server (host or URI) | ✔ | |||
ldapSetPassword | ✔ | ||||
ldapTimeout | LDAP connection timeout | ✔ | |||
ldapUsePasswordResetAttribute | LDAP store reset flag in an attribute | ✔ | |||
ldapVersion | LDAP protocol version | ✔ | |||
linkedInAuthnLevel | LinkedIn authentication level | ✔ | |||
linkedInClientID | ✔ | ||||
linkedInClientSecret | ✔ | ||||
linkedInFields | ✔ | ||||
linkedInScope | ✔ | ||||
linkedInUserField | ✔ | ||||
localSessionStorage | Local sessions cache module | ✔ | |||
localSessionStorageOptions | Sessions cache module options | ✔ | |||
localStorage | Local cache | ✔ | ✔ | ✔ | ✔ |
localStorageOptions | Local cache parameters | ✔ | ✔ | ✔ | ✔ |
log4perlConfFile | Log4Perl logger configuration file | ✔ | ✔ | ✔ | ✔ |
logLevel | Log level, must be set in .ini | ✔ | ✔ | ✔ | ✔ |
logger | technical logger | ✔ | ✔ | ✔ | ✔ |
loginHistoryEnabled | Enable login history | ✔ | |||
logoutServices | Send logout trough GET request to these services | ✔ | |||
lwpOpts | Options given to LWP::UserAgent | ✔ | |||
lwpSslOpts | SSL options given to LWP::UserAgent | ✔ | |||
macros | Macros | ✔ | |||
mail2fActivation | Mail second factor activation | ✔ | |||
mail2fAuthnLevel | Authentication level for users authenticated by Mail second factor | ✔ | |||
mail2fBody | Mail body for second factor authentication | ✔ | |||
mail2fCodeRegex | Regular expression to create a mail OTP code | ✔ | |||
mail2fLogo | Custom logo for Mail 2F | ✔ | |||
mail2fSubject | Mail subject for second factor authentication | ✔ | |||
mail2fTimeout | Second factor code timeout | ✔ | |||
mailBody | Custom password reset mail body | ✔ | |||
mailCharset | Mail charset | ✔ | |||
mailConfirmBody | Custom confirm password reset mail body | ✔ | |||
mailConfirmSubject | Mail subject for reset confirmation | ✔ | |||
mailFrom | Sender email | ✔ | |||
mailLDAPFilter | LDAP filter for mail search | ✔ | |||
mailOnPasswordChange | Send a mail when password is changed | ✔ | |||
mailReplyTo | Reply-To address | ✔ | |||
mailSessionKey | Session parameter where mail is stored | ✔ | |||
mailSubject | Mail subject for new password email | ✔ | |||
mailTimeout | Mail password reset session timeout | ✔ | |||
mailUrl | URL of password reset page | ✔ | |||
maintenance | Maintenance mode for all virtual hosts | ✔ | |||
managerDn | LDAP manager DN | ✔ | |||
managerPassword | LDAP manager Password | ✔ | |||
max2FDevices | Maximum registered 2F devices | ✔ | ✔ | ||
max2FDevicesNameLength | Maximum 2F devices name length | ✔ | ✔ | ||
multiValuesSeparator | Separator for multiple values | ✔ | ✔ | ✔ | |
mySessionAuthorizedRWKeys | Alterable session keys by user itself | ✔ | ✔ | ||
nginxCustomHandlers | Custom Nginx handler (deprecated) | ✔ | |||
noAjaxHook | Avoid replacing 302 by 401 for Ajax responses | ✔ | |||
notification | Notification activation | ✔ | |||
notificationServer | Notification server activation | ✔ | |||
notificationStorage | Notification backend | ✔ | |||
notificationStorageOptions | Notification backend options | ✔ | |||
notificationWildcard | Notification string to match all users | ✔ | |||
notificationXSLTfile | Custom XSLT document for notifications | ✔ | |||
notifyDeleted | Show deleted sessions in portal | ✔ | |||
notifyOther | Show other sessions in portal | ✔ | |||
nullAuthnLevel | Null authentication level | ✔ | |||
oidcAuthnLevel | OpenID Connect authentication level | ✔ | |||
oidcOPMetaDataOptions | ✔ | [1] | |||
oidcRPCallbackGetParam | OpenID Connect Callback GET URLparameter | ✔ | |||
oidcRPMetaDataOptions | ✔ | [1] | |||
oidcRPStateTimeout | OpenID Connect Timeout of state sessions | ✔ | |||
oidcServiceAllowAuthorizationCodeFlow | OpenID Connect allow authorization code flow | ✔ | |||
oidcServiceAllowDynamicRegistration | OpenID Connect allow dynamic client registration | ✔ | |||
oidcServiceAllowHybridFlow | OpenID Connect allow hybrid flow | ✔ | |||
oidcServiceAllowImplicitFlow | OpenID Connect allow implicit flow | ✔ | |||
oidcServiceKeyIdSig | OpenID Connect Signature Key ID | ✔ | |||
oidcServiceMetaDataAuthnContext | OpenID Connect Authentication Context Class Ref | ✔ | |||
oidcServiceMetaDataAuthorizeURI | OpenID Connect authorizaton endpoint | ✔ | |||
oidcServiceMetaDataBackChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ | |||
oidcServiceMetaDataCheckSessionURI | OpenID Connect check session iframe | ✔ | |||
oidcServiceMetaDataEndSessionURI | OpenID Connect end session endpoint | ✔ | |||
oidcServiceMetaDataFrontChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ | |||
oidcServiceMetaDataIssuer | OpenID Connect issuer | ✔ | |||
oidcServiceMetaDataJWKSURI | OpenID Connect JWKS endpoint | ✔ | |||
oidcServiceMetaDataRegistrationURI | OpenID Connect registration endpoint | ✔ | |||
oidcServiceMetaDataTokenURI | OpenID Connect token endpoint | ✔ | |||
oidcServiceMetaDataUserInfoURI | OpenID Connect user info endpoint | ✔ | |||
oidcServicePrivateKeySig | ✔ | ||||
oidcServicePublicKeySig | ✔ | ||||
oidcStorage | Apache::Session module to store OIDC user data | ✔ | |||
oidcStorageOptions | Apache::Session module parameters | ✔ | |||
oldNotifFormat | Use old XML format for notifications | ✔ | |||
openIdAttr | ✔ | ||||
openIdAuthnLevel | OpenID authentication level | ✔ | |||
openIdExportedVars | OpenID exported variables | ✔ | |||
openIdIDPList | ✔ | ||||
openIdIssuerSecret | ✔ | ||||
openIdSPList | ✔ | ||||
openIdSecret | ✔ | ||||
openIdSreg_country | ✔ | ||||
openIdSreg_dob | ✔ | ||||
openIdSreg_email | OpenID SREG email session parameter | ✔ | |||
openIdSreg_fullname | OpenID SREG fullname session parameter | ✔ | |||
openIdSreg_gender | ✔ | ||||
openIdSreg_language | ✔ | ||||
openIdSreg_nickname | OpenID SREG nickname session parameter | ✔ | |||
openIdSreg_postcode | ✔ | ||||
openIdSreg_timezone | OpenID SREG timezone session parameter | ✔ | |||
pamAuthnLevel | PAM authentication level | ✔ | |||
pamService | PAM service | ✔ | |||
passwordDB | Password module | ✔ | |||
passwordResetAllowedRetries | Maximum number of retries to reset password | ✔ | |||
persistentStorage | Storage module for persistent sessions | ✔ | |||
persistentStorageOptions | Options for persistent sessions storage module | ✔ | |||
port | Force port in redirection | ✔ | |||
portal | Portal URL | ✔ | ✔ | ✔ | |
portalAntiFrame | Avoid portal to be displayed inside frames | ✔ | |||
portalCheckLogins | Display login history checkbox in portal | ✔ | |||
portalDisplayAppslist | Display applications tab in portal | ✔ | |||
portalDisplayChangePassword | Display password tab in portal | ✔ | |||
portalDisplayLoginHistory | Display login history tab in portal | ✔ | |||
portalDisplayLogout | Display logout tab in portal | ✔ | |||
portalDisplayOidcConsents | Display OIDC consent tab in portal | ✔ | |||
portalDisplayRegister | Display register button in portal | ✔ | |||
portalDisplayResetPassword | Display reset password button in portal | ✔ | |||
portalErrorOnExpiredSession | Show error if session is expired | ✔ | |||
portalErrorOnMailNotFound | Show error if mail is not found in password reset process | ✔ | |||
portalForceAuthn | Enable force to authenticate when displaying portal | ✔ | |||
portalForceAuthnInterval | Maximum interval in seconds since last authentication to force reauthentication | ✔ | |||
portalMainLogo | Portal main logo path | ✔ | |||
portalOpenLinkInNewWindow | Open applications in new windows | ✔ | |||
portalPingInterval | Interval in ms between portal Ajax pings | ✔ | |||
portalRequireOldPassword | Old password is required to change the password | ✔ | |||
portalSkin | Name of portal skin | ✔ | |||
portalSkinBackground | Background image of portal skin | ✔ | |||
portalSkinRules | Rules to choose portal skin | ✔ | |||
portalStatus | Enable portal status | ✔ | |||
portalUserAttr | Session parameter to display connected user in portal | ✔ | |||
protection | Manager protection method | ✔ | ✔ | ✔ | |
proxyAuthService | ✔ | ||||
proxyAuthnLevel | Proxy authentication level | ✔ | |||
proxySessionService | ✔ | ||||
proxyUseSoap | Use SOAP instead of REST | ✔ | |||
radiusAuthnLevel | Radius authentication level | ✔ | |||
radiusSecret | ✔ | ||||
radiusServer | ✔ | ||||
randomPasswordRegexp | Regular expression to create a random password | ✔ | |||
redirectFormMethod | HTTP method for redirect page form | ✔ | |||
registerConfirmSubject | Mail subject for register confirmation | ✔ | |||
registerDB | Register module | ✔ | |||
registerDoneSubject | Mail subject when register is done | ✔ | |||
registerTimeout | Register session timeout | ✔ | |||
registerUrl | URL of register page | ✔ | |||
reloadTimeout | Configuration reload timeout | ✔ | |||
reloadUrls | URL to call on reload | ✔ | |||
remoteCookieName | ✔ | ||||
remoteGlobalStorage | Remote session backend | ✔ | |||
remoteGlobalStorageOptions | Apache::Session module parameters | ✔ | |||
remotePortal | ✔ | ||||
requireToken | Enable token for forms | ✔ | |||
rest2fActivation | REST second factor activation | ✔ | |||
rest2fAuthnLevel | Authentication level for users authentified by REST second factor | ✔ | |||
rest2fInitArgs | Args for REST 2F init | ✔ | |||
rest2fInitUrl | REST 2F init URL | ✔ | |||
rest2fLogo | Custom logo for REST 2F | ✔ | |||
rest2fVerifyArgs | Args for REST 2F init | ✔ | |||
rest2fVerifyUrl | REST 2F init URL | ✔ | |||
restAuthUrl | ✔ | ||||
restConfigServer | Enable REST config server | ✔ | |||
restPwdConfirmUrl | ✔ | ||||
restPwdModifyUrl | ✔ | ||||
restSessionServer | Enable REST session server | ✔ | |||
restUserDBUrl | ✔ | ||||
samlAttributeAuthorityDescriptorAttributeServiceSOAP | SAML Attribute Authority SOAP | ✔ | |||
samlAuthnContextMapKerberos | SAML authn context kerberos level | ✔ | |||
samlAuthnContextMapPassword | SAML authn context password level | ✔ | |||
samlAuthnContextMapPasswordProtectedTransport | SAML authn context password protected transport level | ✔ | |||
samlAuthnContextMapTLSClient | SAML authn context TLS client level | ✔ | |||
samlCommonDomainCookieActivation | SAML CDC activation | ✔ | |||
samlCommonDomainCookieDomain | ✔ | ||||
samlCommonDomainCookieReader | ✔ | ||||
samlCommonDomainCookieWriter | ✔ | ||||
samlDiscoveryProtocolActivation | SAML Discovery Protocol activation | ✔ | |||
samlDiscoveryProtocolIsPassive | SAML Discovery Protocol Is Passive | ✔ | |||
samlDiscoveryProtocolPolicy | SAML Discovery Protocol Policy | ✔ | |||
samlDiscoveryProtocolURL | SAML Discovery Protocol EndPoint URL | ✔ | |||
samlEntityID | SAML service entityID | ✔ | |||
samlIDPMetaDataOptions | ✔ | [1] | |||
samlIDPSSODescriptorArtifactResolutionServiceArtifact | SAML IDP artifact resolution service | ✔ | |||
samlIDPSSODescriptorSingleLogoutServiceHTTPPost | SAML IDP SLO HTTP POST | ✔ | |||
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect | SAML IDP SLO HTTP Redirect | ✔ | |||
samlIDPSSODescriptorSingleLogoutServiceSOAP | SAML IDP SLO SOAP | ✔ | |||
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact | SAML IDP SSO HTTP Artifact | ✔ | |||
samlIDPSSODescriptorSingleSignOnServiceHTTPPost | SAML IDP SSO HTTP POST | ✔ | |||
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect | SAML IDP SSO HTTP Redirect | ✔ | |||
samlIDPSSODescriptorWantAuthnRequestsSigned | SAML IDP want authn request signed | ✔ | |||
samlIdPResolveCookie | SAML IDP resolution cookie | ✔ | |||
samlMetadataForceUTF8 | SAML force metadata UTF8 conversion | ✔ | |||
samlNameIDFormatMapEmail | SAML session parameter for NameID email | ✔ | |||
samlNameIDFormatMapKerberos | SAML session parameter for NameID kerberos | ✔ | |||
samlNameIDFormatMapWindows | SAML session parameter for NameID windows | ✔ | |||
samlNameIDFormatMapX509 | SAML session parameter for NameID x509 | ✔ | |||
samlOrganizationDisplayName | SAML service organization display name | ✔ | |||
samlOrganizationName | SAML service organization name | ✔ | |||
samlOrganizationURL | SAML service organization URL | ✔ | |||
samlRelayStateTimeout | SAML timeout of relay state | ✔ | |||
samlSPMetaDataOptions | ✔ | [1] | |||
samlSPSSODescriptorArtifactResolutionServiceArtifact | SAML SP artifact resolution service | ✔ | |||
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact | SAML SP ACS HTTP artifact | ✔ | |||
samlSPSSODescriptorAssertionConsumerServiceHTTPPost | SAML SP ACS HTTP POST | ✔ | |||
samlSPSSODescriptorAuthnRequestsSigned | SAML SP AuthnRequestsSigned | ✔ | |||
samlSPSSODescriptorSingleLogoutServiceHTTPPost | SAML SP SLO HTTP POST | ✔ | |||
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect | SAML SP SLO HTTP Redirect | ✔ | |||
samlSPSSODescriptorSingleLogoutServiceSOAP | SAML SP SLO SOAP | ✔ | |||
samlSPSSODescriptorWantAssertionsSigned | SAML SP WantAssertionsSigned | ✔ | |||
samlServicePrivateKeyEnc | SAML encryption private key | ✔ | |||
samlServicePrivateKeyEncPwd | ✔ | ||||
samlServicePrivateKeySig | SAML signature private key | ✔ | |||
samlServicePrivateKeySigPwd | SAML signature private key password | ✔ | |||
samlServicePublicKeyEnc | SAML encryption public key | ✔ | |||
samlServicePublicKeySig | SAML signature public key | ✔ | |||
samlServiceSignatureMethod | ✔ | ||||
samlServiceUseCertificateInResponse | Use certificate instead of public key in SAML responses | ✔ | |||
samlStorage | Apache::Session module to store SAML user data | ✔ | |||
samlStorageOptions | Apache::Session module parameters | ✔ | |||
samlUseQueryStringSpecific | SAML use specific method for query_string | ✔ | |||
secureTokenAllowOnError | Secure Token allow requests in error | ✔ | ✔ | ||
secureTokenAttribute | Secure Token attribute | ✔ | ✔ | ||
secureTokenExpiration | Secure Token expiration | ✔ | ✔ | ||
secureTokenHeader | Secure Token header | ✔ | ✔ | ||
secureTokenMemcachedServers | Secure Token Memcached servers | ✔ | ✔ | ||
secureTokenUrls | ✔ | ✔ | |||
securedCookie | Cookie securisation method | ✔ | ✔ | ||
sentryDsn | Sentry logger DSN | ✔ | ✔ | ✔ | ✔ |
sessionDataToRemember | Data to remember in login history | ✔ | |||
sfEngine | Second factor engine | ✔ | ✔ | ||
sfRequired | Second factor required | ✔ | |||
showLanguages | Display langs icons | ✔ | |||
singleIP | Allow only one session per IP | ✔ | |||
singleSession | Allow only one session per user | ✔ | |||
singleSessionUserByIP | Allow only one session per user on an IP | ✔ | |||
singleUserByIP | Allow only one user per IP | ✔ | |||
skipRenewConfirmation | Avoid asking confirmation when an Issuer asks to renew auth | ✔ | |||
slaveAuthnLevel | Slave authentication level | ✔ | |||
slaveExportedVars | Slave exported variables | ✔ | |||
slaveHeaderContent | ✔ | ||||
slaveHeaderName | ✔ | ||||
slaveMasterIP | ✔ | ||||
slaveUserHeader | ✔ | ||||
soapConfigServer | Enable SOAP config server | ✔ | |||
soapSessionServer | Enable SOAP session server | ✔ | |||
sslByAjax | Use Ajax request for SSL | ✔ | |||
sslHost | URL for SSL Ajax request | ✔ | |||
staticPrefix | Prefix of static files for HTML templates | ✔ | ✔ | ||
status | Status daemon activation | ✔ | ✔ | ||
stayConnected | Enable StayConnected plugin | ✔ | |||
storePassword | Store password in session | ✔ | |||
successLoginNumber | Number of success stored in login history | ✔ | |||
syslogFacility | Syslog logger technical facility | ✔ | ✔ | ✔ | ✔ |
timeout | Session timeout on server side | ✔ | |||
timeoutActivity | Session activity timeout on server side | ✔ | |||
timeoutActivityInterval | Update session timeout interval on server side | ✔ | |||
tokenUseGlobalStorage | Enable global token storage | ✔ | |||
totp2fActivation | TOTP activation | ✔ | |||
totp2fAuthnLevel | Authentication level for users authentified by password+TOTP | ✔ | |||
totp2fDigits | Number of digits for TOTP code | ✔ | |||
totp2fDisplayExistingSecret | Display existing TOTP secret in registration form | ✔ | |||
totp2fInterval | TOTP interval | ✔ | |||
totp2fIssuer | TOTP Issuer | ✔ | |||
totp2fRange | TOTP range (number of interval to test) | ✔ | |||
totp2fSelfRegistration | TOTP self registration activation | ✔ | |||
totp2fUserCanChangeKey | Authorize users to change existing TOTP secret | ✔ | |||
totp2fUserCanRemoveKey | Authorize users to remove existing TOTP secret | ✔ | |||
trustedDomains | Trusted domains | ✔ | |||
twitterAppName | ✔ | ||||
twitterAuthnLevel | Twitter authentication level | ✔ | |||
twitterKey | ✔ | ||||
twitterSecret | ✔ | ||||
twitterUserField | ✔ | ||||
u2fActivation | U2F activation | ✔ | |||
u2fAuthnLevel | Authentication level for users authentified by password+U2F | ✔ | |||
u2fSelfRegistration | U2F self registration activation | ✔ | |||
u2fUserCanRemoveKey | Authorize users to remove existing U2F key | ✔ | |||
upgradeSession | Upgrade session activation | ✔ | |||
useRedirectOnError | Use 302 redirect code for error (500) | ✔ | |||
useRedirectOnForbidden | Use 302 redirect code for forbidden (403) | ✔ | |||
useSafeJail | Activate Safe jail | ✔ | ✔ | ||
userControl | Regular expression to validate login | ✔ | |||
userDB | User module | ✔ | |||
userLogger | User actions logger | ✔ | ✔ | ✔ | ✔ |
userPivot | ✔ | ||||
userSyslogFacility | Syslog logger user-actions facility | ✔ | ✔ | ✔ | ✔ |
utotp2fActivation | UTOTP activation (mixed U2F/TOTP module) | ✔ | |||
utotp2fAuthnLevel | Authentication level for users authentified by password+(U2F or TOTP) | ✔ | |||
vhostOptions | ✔ | [1] | |||
webIDAuthnLevel | WebID authentication level | ✔ | |||
webIDExportedVars | WebID exported variables | ✔ | |||
webIDWhitelist | ✔ | ||||
whatToTrace | Session parameter used to fill REMOTE_USER | ✔ | ✔ | ||
wsdlServer | Enable /portal.wsdl server | ✔ | |||
yubikey2fActivation | Yubikey second factor activation | ✔ | |||
yubikey2fAuthnLevel | Authentication level for users authentified by Yubikey second factor | ✔ | |||
yubikey2fClientID | Yubico client ID | ✔ | |||
yubikey2fNonce | Yubico nonce | ✔ | |||
yubikey2fPublicIDSize | Yubikey public ID size | ✔ | |||
yubikey2fSecretKey | Yubico secret key | ✔ | |||
yubikey2fSelfRegistration | Yubikey self registration activation | ✔ | |||
yubikey2fUrl | Yubico server | ✔ | |||
yubikey2fUserCanRemoveKey | Authorize users to remove existing Yubikey | ✔ | |||
zimbraAccountKey | Zimbra account session key | ✔ | ✔ | ||
zimbraBy | Zimbra account type | ✔ | ✔ | ||
zimbraPreAuthKey | Zimbra preauthentication key | ✔ | ✔ | ||
zimbraSsoUrl | Zimbra local SSO URL pattern | ✔ | ✔ | ||
zimbraUrl | Zimbra preauthentication URL | ✔ | ✔ |
[1]: complex nodes
Configuration backend parameters
Full name | Key name | Configuration backend |
---|---|---|
Directory | dirName | File |
DBI connection string | dbiChain | CDBI / RDBI |
DBI user | dbiUser | |
DBI password | dbiPassword | |
DBI table name | dbiTable | |
Storage directory | dirName | File / YAML |
LDAP server | ldapServer | LDAP |
LDAP port | ldapPort | |
LDAP base | ldapConfBase | |
LDAP bind dn | ldapBindDN | |
LDAP bind password | ldapBindPassword | |
LDAP ObjectClass | ldapObjectClass | |
LDAP ID attribute | ldapAttributeId | |
LDAP content attribute | ldapAttributeContent | |
Certificate authorities file | caFile | |
Certificate authorities directory | caPath | |
MongoDB database | dbName | MongoDB |
MongoDB collection | collectionName | |
REST base URL | baseUrl | REST |
REST realm | realm | |
REST user | user | |
REST password | password | |
SOAP server location (URL) | proxy | SOAP |
LWP::UserAgent parameters | proxyOptions | |
SOAP user | User | |
SOAP password | Password |