Parameter list

Tip

Click on a column header to sort table. The attribute key name can be used directly in lemonldap-ng.ini or in Perl scripts to override configuration parameters (see configuration location).

Main parameters

Key name

Documentation

Portal

Handler

Manager

ini file only

ADPwdExpireWarning

AD password expire warning

ADPwdMaxAge

AD password max age

AuthLDAPFilter

LDAP filter for auth search

LDAPFilter

Default LDAP filter

SMTPAuthPass

Password to use to send mails

SMTPAuthUser

Login to use to send mails

SMTPPort

Fix SMTP port

SMTPServer

SMTP Server

SMTPTLS

TLS protocol to use with SMTP

SMTPTLSOpts

TLS/SSL options for SMTP

SSLAuthnLevel

SSL authentication level

SSLIssuerVar

SSLVar

SSLVarIf

activeTimer

Enable timers on portal pages

adaptativeAuthenticationLevelRules

Adaptative authentication level rules

apacheAuthnLevel

Apache authentication level

applicationList

Applications list

authChoiceAuthBasic

Auth module used by AuthBasic handler

authChoiceFindUser

Auth module used by FindUser plugin

authChoiceModules

Hash list of Choice strings

authChoiceParam

Applications list

authentication

Authentication module

autoSigninRules

List of auto signin rules

available2F

Available second factor modules

available2FSelfRegistration

Available self-registration modules for second factor

avoidAssignment

Avoid assignment in expressions

browsersDontStorePassword

Avoid browsers to store users password

bruteForceProtection

Enable brute force attack protection

bruteForceProtectionIncrementalTempo

Enable incremental lock time for brute force attack protection

bruteForceProtectionLockTimes

Incremental lock time values for brute force attack protection

bruteForceProtectionMaxAge

Max age between current and first failed login

bruteForceProtectionMaxFailed

Max allowed failed login

bruteForceProtectionMaxLockTime

Max lock time

bruteForceProtectionTempo

Lock time

captcha

Captcha backend module

captchaOptions

Captcha module options

captcha_login_enabled

Captcha on login page

captcha_mail_enabled

Captcha on password reset page

captcha_register_enabled

Captcha on account creation page

captcha_size

Captcha size

casAccessControlPolicy

CAS access control policy

casAppMetaDataOptions

Root of CAS app options

[1]

casAttr

Pivot attribute for CAS

casAttributes

CAS exported attributes

casAuthnLevel

CAS authentication level

casBackChannelSingleLogout

Enable CAS (Back-Channel) Single Logout

casSrvMetaDataOptions

Root of CAS server options

[1]

casStorage

Apache::Session module to store CAS user data

casStorageOptions

Apache::Session module parameters

casStrictMatching

Disable host-based matching of CAS services

casTicketExpiration

Expiration time of Service and Proxy tickets

cda

Enable Cross Domain Authentication

certificateResetByMailCeaAttribute

certificateResetByMailCertificateAttribute

certificateResetByMailStep1Body

Custom Certificate reset mail body

certificateResetByMailStep1Subject

Mail subject for certificate reset email

certificateResetByMailStep2Body

Custom confirm Certificate reset mail body

certificateResetByMailStep2Subject

Mail subject for reset confirmation

certificateResetByMailURL

URL of certificate reset page

certificateResetByMailValidityDelay

cfgAuthor

Name of the author of the current configuration

cfgAuthorIP

Uploader IP address of the current configuration

cfgDate

Timestamp of the current configuration

cfgLog

Configuration update log

cfgNum

Enable Cross Domain Authentication

cfgVersion

Version of LLNG which build configuration

checkDevOps

Enable check DevOps

checkDevOpsCheckSessionAttributes

Check if session attributes exist

checkDevOpsDisplayNormalizedHeaders

Display normalized headers

checkDevOpsDownload

Enable check DevOps download field

checkEntropy

Enable entropy check of password

checkEntropyRequired

Require entropy check to pass

checkEntropyRequiredLevel

Minimal entropy required for the password to be accepted

checkHIBP

Enable check HIBP

checkHIBPRequired

Require HIBP check to pass

checkHIBPURL

URL of Have I Been Pwned API

checkState

Enable CheckState plugin

checkStateSecret

Secret token for CheckState plugin

checkTime

Timeout to check new configuration in local cache

checkUser

Enable check user

checkUserDisplayComputedSession

Display empty headers rule

checkUserDisplayEmptyHeaders

Display empty headers rule

checkUserDisplayEmptyValues

Display session empty values rule

checkUserDisplayHiddenAttributes

Display hidden attributes rule

checkUserDisplayHistory

Display history rule

checkUserDisplayNormalizedHeaders

Display normalized headers rule

checkUserDisplayPersistentInfo

Display persistent session info rule

checkUserHiddenAttributes

Attributes to hide in CheckUser plugin

checkUserHiddenHeaders

Header values to hide if not empty

checkUserIdRule

checkUser identities rule

checkUserSearchAttributes

Attributes used for retrieving sessions in user DataBase

checkUserUnrestrictedUsersRule

checkUser unrestricted users rule

checkXSS

Check XSS

combModules

Combination module description

combination

Combination rule

compactConf

Compact configuration

configStorage

Configuration storage

confirmFormMethod

HTTP method for confirm page form

contextSwitchingAllowed2fModifications

Allowed SFA modifications

contextSwitchingIdRule

Context switching identities rule

contextSwitchingPrefix

Prefix to store real session Id

contextSwitchingRule

Context switching activation rule

contextSwitchingStopWithLogout

Stop context switching by logout

contextSwitchingUnrestrictedUsersRule

Context switching unrestricted users rule

cookieExpiration

Cookie expiration

cookieName

Name of the main cookie

corsAllow_Credentials

Allow credentials for Cross-Origin Resource Sharing

corsAllow_Headers

Allowed headers for Cross-Origin Resource Sharing

corsAllow_Methods

Allowed methods for Cross-Origin Resource Sharing

corsAllow_Origin

Allowed origine for Cross-Origin Resource Sharing

corsEnabled

Enable Cross-Origin Resource Sharing

corsExpose_Headers

Exposed headers for Cross-Origin Resource Sharing

corsMax_Age

Max-age for Cross-Origin Resource Sharing

crowdsec

CrowdSec plugin activation

crowdsecAction

CrowdSec action

crowdsecKey

CrowdSec API key

crowdsecUrl

Base URL of CrowdSec local API

cspConnect

Authorized Ajax destination for Content-Security-Policy

cspDefault

Default value for Content-Security-Policy

cspFont

Font source for Content-Security-Policy

cspFormAction

Form action destination for Content-Security-Policy

cspFrameAncestors

Frame-Ancestors for Content-Security-Policy

cspImg

Image source for Content-Security-Policy

cspScript

Javascript source for Content-Security-Policy

cspStyle

Style source for Content-Security-Policy

customAddParams

Custom additional parameters

customAuth

Custom auth module

customFunctions

List of custom functions

customPassword

Custom password module

customPlugins

Custom plugins

customPluginsParams

Custom plugins parameters

customRegister

Custom register module

customResetCertByMail

Custom certificateResetByMail module

customToTrace

Session parameter used to fill REMOTE_CUSTOM

customUserDB

Custom user DB module

dbiAuthChain

dbiAuthLoginCol

dbiAuthPassword

dbiAuthPasswordCol

dbiAuthPasswordHash

dbiAuthTable

dbiAuthUser

dbiAuthnLevel

DBI authentication level

dbiDynamicHashEnabled

dbiDynamicHashNewPasswordScheme

dbiDynamicHashValidSaltedSchemes

dbiDynamicHashValidSchemes

dbiExportedVars

DBI exported variables

dbiPasswordMailCol

dbiUserChain

dbiUserPassword

dbiUserTable

dbiUserUser

decryptValueFunctions

Custom function used for decrypting values

decryptValueRule

Decrypt value activation rule

defaultNewKeySize

Default size for new RSA key helper

demoExportedVars

Demo exported variables

disablePersistentStorage

Enabled persistent storage

displaySessionId

Display _session_id with sessions explorer

domain

DNS domain

exportedAttr

List of attributes to export by SOAP or REST servers

exportedVars

Main exported variables

ext2FSendCommand

Send command of External second factor

ext2FValidateCommand

Validation command of External second factor

ext2fActivation

External second factor activation

ext2fAuthnLevel

Authentication level for users authentified by External second factor

ext2fCodeActivation

OTP generated by Portal

ext2fLabel

Portal label for External second factor

ext2fLogo

Custom logo for External 2F

ext2fResendInterval

Delay before user is allowed to resend code

facebookAppId

facebookAppSecret

facebookAuthnLevel

Facebook authentication level

facebookExportedVars

Facebook exported variables

facebookUserField

failedLoginNumber

Number of failures stored in login history

findUser

Enable find user

findUserControl

Regular expression to validate parameters

findUserExcludingAttributes

Attributes used for excluding accounts

findUserSearchingAttributes

Attributes used for searching accounts

findUserWildcard

Character used as wildcard

forceGlobalStorageIssuerOTT

Force Issuer tokens to be stored into Global Storage

forceGlobalStorageUpgradeOTT

Force Upgrade tokens be stored into Global Storage

formTimeout

Token timeout for forms

githubAuthnLevel

GitHub authentication level

githubClientID

githubClientSecret

githubScope

githubUserField

globalLogoutCustomParam

Custom session parameter to display

globalLogoutRule

Global logout activation rule

globalLogoutTimer

Global logout auto accept time

globalStorage

Session backend module

globalStorageOptions

Session backend module options

gpgAuthnLevel

GPG authentication level

gpgDb

GPG keys database

grantSessionRules

Rules to grant sessions

groupLDAPFilter

LDAP filter for group search

groups

Groups

groupsBeforeMacros

Compute groups before macros

handlerInternalCache

Handler internal cache timeout

handlerServiceTokenTTL

Handler ServiceToken timeout

hiddenAttributes

Name of attributes to hide in logs

hideOldPassword

Hide old password in portal

httpOnly

Enable httpOnly flag in cookie

https

Use HTTPS for redirection from portal

impersonationHiddenAttributes

Attributes to skip

impersonationIdRule

Impersonation identities rule

impersonationMergeSSOgroups

Merge spoofed and real SSO groups

impersonationPrefix

Prefix to rename real session attributes

impersonationRule

Impersonation activation rule

impersonationSkipEmptyValues

Skip session empty values

impersonationUnrestrictedUsersRule

Impersonation unrestricted users rule

infoFormMethod

HTTP method for info page form

initializePasswordReset

Enable Password Reset API plugin

initializePasswordResetSecret

Secret key for the Initialize Password Reset API

issuerDBCASActivation

CAS server activation

issuerDBCASPath

CAS server request path

issuerDBCASRule

CAS server rule

issuerDBGetActivation

Get issuer activation

issuerDBGetParameters

List of virtualHosts with their get parameters

issuerDBGetPath

Get issuer request path

issuerDBGetRule

Get issuer rule

issuerDBOpenIDActivation

OpenID server activation

issuerDBOpenIDConnectActivation

OpenID Connect server activation

issuerDBOpenIDConnectPath

OpenID Connect server request path

issuerDBOpenIDConnectRule

OpenID Connect server rule

issuerDBOpenIDPath

OpenID server request path

issuerDBOpenIDRule

OpenID server rule

issuerDBSAMLActivation

SAML IDP activation

issuerDBSAMLPath

SAML IDP request path

issuerDBSAMLRule

SAML IDP rule

issuersTimeout

Token timeout for issuers

jsRedirect

Use javascript for redirections

key

Secret key

krbAllowedDomains

Allowed domains

krbAuthnLevel

Null authentication level

krbByJs

Launch Kerberos authentication by Ajax

krbKeytab

Kerberos keytab

krbRemoveDomain

Remove domain in Kerberos username

ldapAllowResetExpiredPassword

Allow a user to reset his expired password

ldapAuthnLevel

LDAP authentication level

ldapBase

LDAP search base

ldapCAFile

Location of the certificate file for LDAP connections

ldapCAPath

Location of the CA directory for LDAP connections

ldapChangePasswordAsUser

ldapExportedVars

LDAP exported variables

ldapGetUserBeforePasswordChange

ldapGroupAttributeName

LDAP attribute name for member in groups

ldapGroupAttributeNameGroup

LDAP attribute name in group entry referenced as member in groups

ldapGroupAttributeNameSearch

LDAP attributes to search in groups

ldapGroupAttributeNameUser

LDAP attribute name in user entry referenced as member in groups

ldapGroupBase

ldapGroupDecodeSearchedValue

Decode value before searching it in LDAP groups

ldapGroupObjectClass

LDAP object class of groups

ldapGroupRecursive

LDAP recursive search in groups

ldapIOTimeout

LDAP operation timeout

ldapITDS

Support for IBM Tivoli Directory Server

ldapPasswordResetAttribute

LDAP password reset attribute

ldapPasswordResetAttributeValue

LDAP password reset value

ldapPort

LDAP port

ldapPpolicyControl

ldapPwdEnc

LDAP password encoding

ldapRaw

ldapSearchDeref

“deref” param of Net::LDAP::search()

ldapServer

LDAP server (host or URI)

ldapSetPassword

ldapTimeout

LDAP connection timeout

ldapUsePasswordResetAttribute

LDAP store reset flag in an attribute

ldapVerify

Whether to validate LDAP certificates

ldapVersion

LDAP protocol version

linkedInAuthnLevel

LinkedIn authentication level

linkedInClientID

linkedInClientSecret

linkedInFields

linkedInScope

linkedInUserField

localSessionStorage

Local sessions cache module

localSessionStorageOptions

Sessions cache module options

localStorage

Local cache

localStorageOptions

Local cache parameters

locationDetect

Enable LocationDetect plugin

locationDetectGeoIpDatabase

Path to GeoIP database

locationDetectGeoIpLanguages

Languages for GeoIP database

locationDetectIpDetail

Information requested for IP

locationDetectUaDetail

Information requested for User Agent

log4perlConfFile

Log4Perl logger configuration file

logLevel

Log level, must be set in .ini

logger

technical logger

loginHistoryEnabled

Enable login history

logoutServices

Send logout trough GET request to these services

lwpOpts

Options passed to LWP::UserAgent

lwpSslOpts

SSL options passed to LWP::UserAgent

macros

Macros

mail2fActivation

Mail second factor activation

mail2fAuthnLevel

Authentication level for users authenticated by Mail second factor

mail2fBody

Mail body for second factor authentication

mail2fCodeRegex

Regular expression to create a mail OTP code

mail2fLabel

Portal label for Mail second factor

mail2fLogo

Custom logo for Mail 2F

mail2fResendInterval

Delay before user is allowed to resend code

mail2fSessionKey

Session parameter where mail is stored

mail2fSubject

Mail subject for second factor authentication

mail2fTimeout

Second factor code timeout

mailBody

Custom password reset mail body

mailCharset

Mail charset

mailConfirmBody

Custom confirm password reset mail body

mailConfirmSubject

Mail subject for reset confirmation

mailFrom

Sender email

mailLDAPFilter

LDAP filter for mail search

mailOnPasswordChange

Send a mail when password is changed

mailReplyTo

Reply-To address

mailSessionKey

Session parameter where mail is stored

mailSubject

Mail subject for new password email

mailTimeout

Mail password reset session timeout

mailUrl

URL of password reset page

maintenance

Maintenance mode for all virtual hosts

managerDn

LDAP manager DN

managerPassword

LDAP manager Password

max2FDevices

Maximum registered 2F devices

max2FDevicesNameLength

Maximum 2F devices name length

multiValuesSeparator

Separator for multiple values

mySessionAuthorizedRWKeys

Alterable session keys by user itself

newLocationWarning

Enable New Location Warning

newLocationWarningLocationAttribute

New location session attribute

newLocationWarningLocationDisplayAttribute

New location session attribute for user display

newLocationWarningMailAttribute

New location warning mail session attribute

newLocationWarningMailBody

Mail body for new location warning

newLocationWarningMailSubject

Mail subject for new location warning

newLocationWarningMaxValues

How many previous locations should be compared

nginxCustomHandlers

Custom Nginx handler (deprecated)

noAjaxHook

Avoid replacing 302 by 401 for Ajax responses

notification

Notification activation

notificationDefaultCond

Notification default condition

notificationServer

Notification server activation

notificationServerDELETE

Notification server activation

notificationServerGET

Notification server activation

notificationServerPOST

Notification server activation

notificationServerSentAttributes

Prameters to send with notification server GET method

notificationStorage

Notification backend

notificationStorageOptions

Notification backend options

notificationWildcard

Notification string to match all users

notificationXSLTfile

Custom XSLT document for notifications

notificationsExplorer

Notifications explorer activation

notificationsMaxRetrieve

Max number of displayed notifications

notifyDeleted

Show deleted sessions in portal

notifyOther

Show other sessions in portal

nullAuthnLevel

Null authentication level

oidcAuthnLevel

OpenID Connect authentication level

oidcDropCspHeaders

Drop CORS headers from OIDC issuer responses

oidcOPMetaDataOptions

[1]

oidcRPCallbackGetParam

OpenID Connect Callback GET URLparameter

oidcRPMetaDataOptions

[1]

oidcRPStateTimeout

OpenID Connect Timeout of state sessions

oidcServiceAccessTokenExpiration

OpenID Connect global access token TTL

oidcServiceAllowAuthorizationCodeFlow

OpenID Connect allow authorization code flow

oidcServiceAllowDynamicRegistration

OpenID Connect allow dynamic client registration

oidcServiceAllowHybridFlow

OpenID Connect allow hybrid flow

oidcServiceAllowImplicitFlow

OpenID Connect allow implicit flow

oidcServiceAllowOnlyDeclaredScopes

OpenID Connect allow only declared scopes

oidcServiceAuthorizationCodeExpiration

OpenID Connect global code TTL

oidcServiceDynamicRegistrationExportedVars

OpenID Connect exported variables for dynamic registration

oidcServiceDynamicRegistrationExtraClaims

OpenID Connect extra claims for dynamic registration

oidcServiceEncAlgorithmAlg

JWT encryption algorithme

oidcServiceEncAlgorithmEnc

JWT encryption algorithme

oidcServiceIDTokenExpiration

OpenID Connect global ID token TTL

oidcServiceIgnoreScopeForClaims

OpenID Connect release all attributes even when not allowed by scope

oidcServiceKeyIdEnc

OpenID Connect Encryption Key ID

oidcServiceKeyIdSig

OpenID Connect Signature Key ID

oidcServiceKeyTypeEnc

oidcServiceKeyTypeSig

oidcServiceMetaDataAuthnContext

OpenID Connect Authentication Context Class Ref

oidcServiceMetaDataAuthorizeURI

OpenID Connect authorizaton endpoint

oidcServiceMetaDataBackChannelURI

OpenID Connect Back-Channel logout endpoint

oidcServiceMetaDataCheckSessionURI

OpenID Connect check session iframe

oidcServiceMetaDataEndSessionURI

OpenID Connect end session endpoint

oidcServiceMetaDataFrontChannelURI

OpenID Connect Front-Channel logout endpoint

oidcServiceMetaDataIntrospectionURI

OpenID Connect introspection endpoint

oidcServiceMetaDataIssuer

OpenID Connect issuer

oidcServiceMetaDataJWKSURI

OpenID Connect JWKS endpoint

oidcServiceMetaDataRegistrationURI

OpenID Connect registration endpoint

oidcServiceMetaDataTokenURI

OpenID Connect token endpoint

oidcServiceMetaDataUserInfoURI

OpenID Connect user info endpoint

oidcServiceNewKeyIdSig

Future OpenID Connect Signature Key ID

oidcServiceNewKeyTypeSig

oidcServiceNewPrivateKeySig

oidcServiceNewPublicKeySig

oidcServiceOfflineSessionExpiration

OpenID Connect global offline session TTL

oidcServiceOldKeyIdEnc

Previous OpenID Connect Encryption Key ID

oidcServiceOldKeyIdSig

Previous OpenID Connect Signature Key ID

oidcServiceOldKeyTypeEnc

oidcServiceOldKeyTypeSig

oidcServiceOldPrivateKeyEnc

oidcServiceOldPrivateKeySig

oidcServiceOldPublicKeyEnc

oidcServiceOldPublicKeySig

oidcServicePrivateKeyEnc

oidcServicePrivateKeySig

oidcServicePublicKeyEnc

oidcServicePublicKeySig

oidcStorage

Apache::Session module to store OIDC user data

oidcStorageOptions

Apache::Session module parameters

oldNotifFormat

Use old XML format for notifications

openIdAttr

openIdAuthnLevel

OpenID authentication level

openIdExportedVars

OpenID exported variables

openIdIDPList

openIdIssuerSecret

openIdSPList

openIdSecret

openIdSreg_country

openIdSreg_dob

openIdSreg_email

OpenID SREG email session parameter

openIdSreg_fullname

OpenID SREG fullname session parameter

openIdSreg_gender

openIdSreg_language

openIdSreg_nickname

OpenID SREG nickname session parameter

openIdSreg_postcode

openIdSreg_timezone

OpenID SREG timezone session parameter

pamAuthnLevel

PAM authentication level

pamService

PAM service

password2fActivation

Password2F activation

password2fAuthnLevel

Authentication level for users authentified by Password2F

password2fLabel

Portal label for Password2F

password2fLogo

Custom logo for Password 2F

password2fSelfRegistration

Password2F self registration activation

password2fTTL

Password2F device time to live

password2fUserCanRemoveKey

Authorize users to remove existing Password2F secret

passwordDB

Password module

passwordPolicyActivation

Enable password policy

passwordPolicyMinDigit

Password policy: minimal digit characters

passwordPolicyMinLower

Password policy: minimal lower characters

passwordPolicyMinSize

Password policy: minimal size

passwordPolicyMinSpeChar

Password policy: minimal special characters

passwordPolicyMinUpper

Password policy: minimal upper characters

passwordPolicySpecialChar

Password policy: allowed special characters

passwordResetAllowedRetries

Maximum number of retries to reset password

pdataDomain

pdata cookie DNS domain

persistentSessionAttributes

Persistent session attributes to hide

persistentStorage

Storage module for persistent sessions

persistentStorageOptions

Options for persistent sessions storage module

port

Force port in redirection

portal

Portal URL

portalAntiFrame

Avoid portal to be displayed inside frames

portalCheckLogins

Display login history checkbox in portal

portalCustomCss

Path to custom CSS file

portalDisplayAppslist

Display applications tab in portal

portalDisplayCertificateResetByMail

Display certificate reset by mail button in portal

portalDisplayChangePassword

Display password tab in portal

portalDisplayGeneratePassword

Display password generate box in reset password form

portalDisplayLoginHistory

Display login history tab in portal

portalDisplayLogout

Display logout tab in portal

portalDisplayOidcConsents

Display OIDC consents tab in portal

portalDisplayOrder

List for ordering tabs in portal

portalDisplayPasswordPolicy

Display policy in password form

portalDisplayRefreshMyRights

Display link to refresh the user session

portalDisplayRegister

Display register button in portal

portalDisplayResetPassword

Display reset password button in portal

portalEnablePasswordDisplay

Allow to display password in login form

portalErrorOnExpiredSession

Show error if session is expired

portalErrorOnMailNotFound

Show error if mail is not found in password reset process

portalFavicon

Path to favicon file

portalForceAuthn

Enable force to authenticate when displaying portal

portalForceAuthnInterval

Maximum interval in seconds since last authentication to force reauthentication

portalMainLogo

Portal main logo path

portalOpenLinkInNewWindow

Open applications in new windows

portalPingInterval

Interval in ms between portal Ajax pings

portalRequireOldPassword

Rule to require old password to change the password

portalSkin

Name of portal skin

portalSkinBackground

Background image of portal skin

portalSkinRules

Rules to choose portal skin

portalStatus

Enable portal status

portalUserAttr

Session parameter to display connected user in portal

protection

Manager protection method

proxyAuthService

proxyAuthServiceChoiceParam

proxyAuthServiceChoiceValue

proxyAuthServiceImpersonation

Enable internal portal Impersonation

proxyAuthnLevel

Proxy authentication level

proxyCookieName

Name of the internal portal cookie

proxySessionService

proxyUseSoap

Use SOAP instead of REST

radius2fActivation

Radius second factor activation

radius2fAuthnLevel

Authentication level for users authenticated by Radius second factor

radius2fDictionaryFile

radius2fLabel

Portal label for Radius 2F

radius2fLogo

Custom logo for Radius 2F

radius2fRequestAttributes

RADIUS second factor authentication attributes

radius2fSecret

radius2fSendInitialRequest

Dial in to radius server before displaying form

radius2fServer

radius2fTimeout

Radius 2f verification timeout

radius2fUsernameSessionKey

Session key used as Radius login

radiusAuthnLevel

Radius authentication level

radiusDictionaryFile

radiusExportedVars

RADIUS exported variables

radiusRequestAttributes

RADIUS authentication attributes

radiusSecret

radiusServer

radiusTimeout

randomPasswordRegexp

Regular expression to create a random password

redirectFormMethod

HTTP method for redirect page form

refreshSessions

Refresh sessions plugin

registerConfirmBody

Mail body for register confirmation

registerConfirmSubject

Mail subject for register confirmation

registerDB

Register module

registerDoneBody

Mail body when register is done

registerDoneSubject

Mail subject when register is done

registerTimeout

Register session timeout

registerUrl

URL of register page

reloadTimeout

Configuration reload timeout

reloadUrls

URL to call on reload

rememberAuthChoiceRule

remember auth choice activation rule

rememberCookieName

Name of the remember auth choice cookie

rememberCookieTimeout

lifetime of the remember auth choice cookie

rememberDefaultChecked

Is remember auth choice checkbox enabled by default?

rememberTimer

timer before automatic authentication with remembered choice

remoteCookieName

Name of the remote portal cookie

remoteGlobalStorage

Remote session backend

remoteGlobalStorageOptions

Apache::Session module parameters

remotePortal

requireToken

Enable token for forms

rest2fActivation

REST second factor activation

rest2fAuthnLevel

Authentication level for users authentified by REST second factor

rest2fCodeActivation

OTP generated by Portal

rest2fInitArgs

Args for REST 2F init

rest2fInitUrl

REST 2F init URL

rest2fLabel

Portal label for REST second factor

rest2fLogo

Custom logo for REST 2F

rest2fResendInterval

Delay before user is allowed to resend code

rest2fVerifyArgs

Args for REST 2F init

rest2fVerifyUrl

REST 2F init URL

restAuthServer

Enable REST authentication server

restAuthUrl

restAuthnLevel

REST authentication level

restClockTolerance

How tolerant the REST session server will be to clock dift

restConfigServer

Enable REST config server

restExportSecretKeys

Allow to export secret keys in REST session server

restFindUserDBUrl

restPasswordServer

Enable REST password reset server

restPwdConfirmUrl

restPwdModifyUrl

restSessionServer

Enable REST session server

restUserDBUrl

sameSite

Cookie SameSite value

samlAttributeAuthorityDescriptorAttributeServiceSOAP

SAML Attribute Authority SOAP

samlAuthnContextMapKerberos

SAML authn context kerberos level

samlAuthnContextMapPassword

SAML authn context password level

samlAuthnContextMapPasswordProtectedTransport

SAML authn context password protected transport level

samlAuthnContextMapTLSClient

SAML authn context TLS client level

samlCommonDomainCookieActivation

SAML CDC activation

samlCommonDomainCookieDomain

samlCommonDomainCookieReader

samlCommonDomainCookieWriter

samlDiscoveryProtocolActivation

SAML Discovery Protocol activation

samlDiscoveryProtocolIsPassive

SAML Discovery Protocol Is Passive

samlDiscoveryProtocolPolicy

SAML Discovery Protocol Policy

samlDiscoveryProtocolURL

SAML Discovery Protocol EndPoint URL

samlEntityID

SAML service entityID

samlFederationFiles

Path to SAML Federation Metadata

samlIDPMetaDataOptions

[1]

samlIDPSSODescriptorArtifactResolutionServiceArtifact

SAML IDP artifact resolution service

samlIDPSSODescriptorSingleLogoutServiceHTTPPost

SAML IDP SLO HTTP POST

samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect

SAML IDP SLO HTTP Redirect

samlIDPSSODescriptorSingleLogoutServiceSOAP

SAML IDP SLO SOAP

samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact

SAML IDP SSO HTTP Artifact

samlIDPSSODescriptorSingleSignOnServiceHTTPPost

SAML IDP SSO HTTP POST

samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect

SAML IDP SSO HTTP Redirect

samlIDPSSODescriptorWantAuthnRequestsSigned

SAML IDP want authn request signed

samlMetadataForceUTF8

SAML force metadata UTF8 conversion

samlNameIDFormatMapEmail

SAML session parameter for NameID email

samlNameIDFormatMapKerberos

SAML session parameter for NameID kerberos

samlNameIDFormatMapWindows

SAML session parameter for NameID windows

samlNameIDFormatMapX509

SAML session parameter for NameID x509

samlOrganizationDisplayName

SAML service organization display name

samlOrganizationName

SAML service organization name

samlOrganizationURL

SAML service organization URL

samlOverrideIDPEntityID

Override SAML EntityID when acting as an IDP

samlRelayStateTimeout

SAML timeout of relay state

samlSPMetaDataOptions

[1]

samlSPSSODescriptorArtifactResolutionServiceArtifact

SAML SP artifact resolution service

samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact

SAML SP ACS HTTP artifact

samlSPSSODescriptorAssertionConsumerServiceHTTPPost

SAML SP ACS HTTP POST

samlSPSSODescriptorAuthnRequestsSigned

SAML SP AuthnRequestsSigned

samlSPSSODescriptorSingleLogoutServiceHTTPPost

SAML SP SLO HTTP POST

samlSPSSODescriptorSingleLogoutServiceHTTPRedirect

SAML SP SLO HTTP Redirect

samlSPSSODescriptorSingleLogoutServiceSOAP

SAML SP SLO SOAP

samlSPSSODescriptorWantAssertionsSigned

SAML SP WantAssertionsSigned

samlServicePrivateKeyEnc

SAML encryption private key

samlServicePrivateKeyEncPwd

samlServicePrivateKeySig

SAML signature private key

samlServicePrivateKeySigPwd

SAML signature private key password

samlServicePublicKeyEnc

SAML encryption public key

samlServicePublicKeySig

SAML signature public key

samlServiceSignatureMethod

samlServiceUseCertificateInResponse

Use certificate instead of public key in SAML responses

samlStorage

Apache::Session module to store SAML user data

samlStorageOptions

Apache::Session module parameters

samlUseQueryStringSpecific

SAML use specific method for query_string

scrollTop

Display back to top button

secureTokenAllowOnError

Secure Token allow requests in error

secureTokenAttribute

Secure Token attribute

secureTokenExpiration

Secure Token expiration

secureTokenHeader

Secure Token header

secureTokenMemcachedServers

Secure Token Memcached servers

secureTokenUrls

securedCookie

Cookie securisation method

sentryDsn

Sentry logger DSN

sessionDataToRemember

Data to remember in login history

sfEngine

Second factor engine

sfExtra

Extra second factors

sfLoginTimeout

Timeout for 2F login process

sfManagerRule

Rule to display second factor Manager link

sfOnlyUpgrade

Only trigger second factor on session upgrade

sfRegisterTimeout

Timeout for 2F registration process

sfRemovedMsgRule

Display a message if at leat one expired SF has been removed

sfRemovedNotifMsg

Notification message

sfRemovedNotifRef

Notification reference

sfRemovedNotifTitle

Notification title

sfRemovedUseNotif

Use Notifications plugin to display message

sfRequired

Second factor required

showLanguages

Display langs icons

singleIP

Allow only one session per IP

singleSession

Allow only one session per user

singleUserByIP

Allow only one user per IP

skipRenewConfirmation

Avoid asking confirmation when an Issuer asks to renew auth

skipUpgradeConfirmation

Avoid asking confirmation during a session upgrade

slaveAuthnLevel

Slave authentication level

slaveDisplayLogo

Display Slave authentication logo

slaveExportedVars

Slave exported variables

slaveHeaderContent

slaveHeaderName

slaveMasterIP

slaveUserHeader

soapConfigServer

Enable SOAP config server

soapProxyUrn

SOAP URN for Proxy

soapSessionServer

Enable SOAP session server

sslByAjax

Use Ajax request for SSL

sslHost

URL for SSL Ajax request

staticPrefix

Prefix of static files for HTML templates

status

Status daemon activation

stayConnected

Stay connected activation rule

stayConnectedBypassFG

Disable fingerprint checkng

stayConnectedCookieName

Name of the stayConnected plugin cookie

stayConnectedSingleSession

Allow only one permanent session per user

stayConnectedTimeout

StayConnected persistent connexion session timeout

storePassword

Store password in session

storePasswordEncrypted

Crypt the password in session

strictTransportSecurityMax_Age

Max-age for Strict-Transport-Security

successLoginNumber

Number of success stored in login history

syslogFacility

Syslog logger technical facility

timeout

Session timeout on server side

timeoutActivity

Session activity timeout on server side

timeoutActivityInterval

Update session timeout interval on server side

tokenUseGlobalStorage

Enable global token storage

totp2fActivation

TOTP activation

totp2fAuthnLevel

Authentication level for users authentified by password+TOTP

totp2fDigits

Number of digits for TOTP code

totp2fEncryptSecret

Encrypt TOTP secrets in database

totp2fInterval

TOTP interval

totp2fIssuer

TOTP Issuer

totp2fLabel

Portal label for TOTP 2F

totp2fLogo

Custom logo for TOTP 2F

totp2fRange

TOTP range (number of interval to test)

totp2fSelfRegistration

TOTP self registration activation

totp2fTTL

TOTP device time to live

totp2fUserCanRemoveKey

Authorize users to remove existing TOTP secret

trustedBrowserRule

Trusted browser registration rule

trustedDomains

Trusted domains

twitterAppName

twitterAuthnLevel

Twitter authentication level

twitterKey

twitterSecret

twitterUserField

u2fActivation

U2F activation

u2fAuthnLevel

Authentication level for users authentified by password+U2F

u2fLabel

Portal label for U2F

u2fLogo

Custom logo for U2F

u2fSelfRegistration

U2F self registration activation

u2fTTL

U2F device time to live

u2fUserCanRemoveKey

Authorize users to remove existing U2F key

upgradeSession

Upgrade session activation

useRedirectOnError

Use 302 redirect code for error (500)

useRedirectOnForbidden

Use 302 redirect code for forbidden (403)

useSafeJail

Activate Safe jail

userControl

Regular expression to validate login

userDB

User module

userLogger

User actions logger

userPivot

userSyslogFacility

Syslog logger user-actions facility

utotp2fActivation

UTOTP activation (mixed U2F/TOTP module)

utotp2fAuthnLevel

Authentication level for users authentified by password+(U2F or TOTP)

utotp2fLabel

Portal label for U2F+TOTP

utotp2fLogo

Custom logo for U2F+TOTP

vhostOptions

[1]

viewerAllowBrowser

Allow configuration browser

viewerAllowDiff

Allow configuration diff

viewerHiddenKeys

Hidden Conf keys

webIDAuthnLevel

WebID authentication level

webIDExportedVars

WebID exported variables

webIDWhitelist

webauthn2fActivation

WebAuthn second factor activation

webauthn2fAttestation

Ask the authenticator for an attestation

webauthn2fAttestationTrust

Certificate bundle for attestation trust validation

webauthn2fAuthnLevel

Authentication level for users authentified by WebAuthn second factor

webauthn2fLabel

Portal label for WebAuthn second factor

webauthn2fLogo

Custom logo for WebAuthn 2F

webauthn2fSelfRegistration

WebAuthn self registration activation

webauthn2fUserCanRemoveKey

Authorize users to remove existing WebAuthn

webauthn2fUserVerification

Verify user during registration and login

webauthnDisplayNameAttr

Session attribute containing user display name

webauthnRpName

WebAuthn Relying Party display name

whatToTrace

Session parameter used to fill REMOTE_USER

wsdlServer

Enable /portal.wsdl server

yubikey2fActivation

Yubikey second factor activation

yubikey2fAuthnLevel

Authentication level for users authentified by Yubikey second factor

yubikey2fClientID

Yubico client ID

yubikey2fFromSessionAttribute

Provision yubikey from the given session variable

yubikey2fLabel

Portal label for Yubikey second factor

yubikey2fLogo

Custom logo for Yubikey 2F

yubikey2fNonce

Yubico nonce

yubikey2fPublicIDSize

Yubikey public ID size

yubikey2fSecretKey

Yubico secret key

yubikey2fSelfRegistration

Yubikey self registration activation

yubikey2fTTL

Yubikey device time to live

yubikey2fUrl

Yubico server

yubikey2fUserCanRemoveKey

Authorize users to remove existing Yubikey

zimbraAccountKey

Zimbra account session key

zimbraBy

Zimbra account type

zimbraPreAuthKey

Zimbra preauthentication key

zimbraSsoUrl

Zimbra local SSO URL pattern

zimbraUrl

Zimbra preauthentication URL

[1]: complex nodes

Configuration backend parameters

Full name

Key name

Configuration backend

Configuration load timeout

confTimeout

all backends (default: 10)

DBI connection string

dbiChain

CDBI / RDBI

DBI user

dbiUser

DBI password

dbiPassword

DBI table name

dbiTable

Directory

dirName

File / YAML

LDAP server

ldapServer

LDAP

LDAP port

ldapPort

LDAP base

ldapConfBase

LDAP bind dn

ldapBindDN

LDAP bind password

ldapBindPassword

LDAP ObjectClass

ldapObjectClass

LDAP ID attribute

ldapAttributeId

LDAP content attribute

ldapAttributeContent

Certificate authorities file

caFile

Certificate authorities directory

caPath

MongoDB database

dbName

MongoDB

MongoDB collection

collectionName

Pretty print

prettyPrint

File

REST base URL

baseUrl

REST

REST realm

realm

REST user

user

REST password

password

SOAP server location (URL)

proxy

SOAP

LWP::UserAgent parameters

proxyOptions

SOAP user

User

SOAP password

Password