Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:parameterlist [2019/02/07 20:20]
127.0.0.1 external edit
documentation:latest:parameterlist [2019/06/28 15:24] (current)
Line 58: Line 58:
 | checkStateSecret | Secret token for CheckState plugin | ✔ |  |  |  | | checkStateSecret | Secret token for CheckState plugin | ✔ |  |  |  |
 | checkTime | Timeout to check new configuration in local cache | ✔ | ✔ |  | ✔ | | checkTime | Timeout to check new configuration in local cache | ✔ | ✔ |  | ✔ |
 +| checkUser | Enable check user | ✔ |  |  |  |
 +| checkUserDisplayEmptyValues | Display session empty values | ✔ |  |  |  |
 +| checkUserDisplayPersistentInfo | Display persistent session info | ✔ |  |  |  |
 +| checkUserHiddenAttributes | Attributes to hide in CheckUser plugin | ✔ |  |  |  |
 +| checkUserIdRule | checkUser identities rule | ✔ |  |  |  |
 | checkXSS | Check XSS | ✔ |  |  |  | | checkXSS | Check XSS | ✔ |  |  |  |
 | combModules | Combination module description | ✔ |  |  |  | | combModules | Combination module description | ✔ |  |  |  |
Line 65: Line 70:
 | cookieExpiration | Cookie expiration | ✔ | ✔ |  |  | | cookieExpiration | Cookie expiration | ✔ | ✔ |  |  |
 | cookieName | Name of the main cookie | ✔ | ✔ |  |  | | cookieName | Name of the main cookie | ✔ | ✔ |  |  |
 +| corsAllow_Credentials | Allow credentials for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Headers | Allowed headers for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Methods | Allowed methods for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Origin | Allowed origine for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsEnabled | Enable Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsExpose_Headers | Exposed headers for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsMax_Age | MAx-age for Cross-Origin Resource Sharing | ✔ |  |  |  |
 | cspConnect | Authorized Ajax destination for Content-Security-Policy | ✔ |  |  |  | | cspConnect | Authorized Ajax destination for Content-Security-Policy | ✔ |  |  |  |
 | cspDefault | Default value for Content-Security-Policy | ✔ |  |  |  | | cspDefault | Default value for Content-Security-Policy | ✔ |  |  |  |
Line 104: Line 116:
 | ext2fActivation | External second factor activation | ✔ |  |  |  | | ext2fActivation | External second factor activation | ✔ |  |  |  |
 | ext2fAuthnLevel | Authentication level for users authentified by External second factor | ✔ |  |  |  | | ext2fAuthnLevel | Authentication level for users authentified by External second factor | ✔ |  |  |  |
 +| ext2fCodeActivation | OTP generated by Portal | ✔ |  |  |  |
 | ext2fLogo | Custom logo for External 2F | ✔ |  |  |  | | ext2fLogo | Custom logo for External 2F | ✔ |  |  |  |
 | facebookAppId |  | ✔ |  |  |  | | facebookAppId |  | ✔ |  |  |  |
Line 114: Line 127:
 | globalStorage | Session backend module | ✔ | ✔ |  |  | | globalStorage | Session backend module | ✔ | ✔ |  |  |
 | globalStorageOptions | Session backend module options | ✔ | ✔ |  |  | | globalStorageOptions | Session backend module options | ✔ | ✔ |  |  |
 +| gpgAuthnLevel | GPG authentication level | ✔ |  |  |  |
 | gpgDb | GPG keys database | ✔ |  |  |  | | gpgDb | GPG keys database | ✔ |  |  |  |
 | grantSessionRules | Rules to grant sessions | ✔ |  |  |  | | grantSessionRules | Rules to grant sessions | ✔ |  |  |  |
 | groups | Groups | ✔ |  |  |  | | groups | Groups | ✔ |  |  |  |
 | handlerInternalCache | Handler internal cache timeout | ✔ | ✔ |  | ✔ | | handlerInternalCache | Handler internal cache timeout | ✔ | ✔ |  | ✔ |
 +| handlerServiceTokenTTL | Handler ServiceToken timeout | ✔ | ✔ |  | ✔ |
 | hiddenAttributes | Name of attributes to hide in logs | ✔ |  |  |  | | hiddenAttributes | Name of attributes to hide in logs | ✔ |  |  |  |
 | hideOldPassword | Hide old password in portal | ✔ |  |  |  | | hideOldPassword | Hide old password in portal | ✔ |  |  |  |
 | httpOnly | Enable httpOnly flag in cookie | ✔ | ✔ |  |  | | httpOnly | Enable httpOnly flag in cookie | ✔ | ✔ |  |  |
 | https | Use HTTPS for redirection from portal |  | ✔ |  |  | | https | Use HTTPS for redirection from portal |  | ✔ |  |  |
 +| impersonationHiddenAttributes | Attributes to skip | ✔ |  |  |  |
 +| impersonationIdRule | Impersonation identities rule | ✔ |  |  |  |
 +| impersonationMergeSSOgroups | Merge spoofed and real SSO groups | ✔ |  |  |  |
 +| impersonationPrefix | Prefix to rename real session attributes | ✔ |  |  |  |
 +| impersonationRule | Impersonation activation rule | ✔ |  |  |  |
 +| impersonationSkipEmptyValues | Skip session empty values | ✔ |  |  |  |
 | infoFormMethod | HTTP method for info page form | ✔ |  |  |  | | infoFormMethod | HTTP method for info page form | ✔ |  |  |  |
 | issuerDBCASActivation | CAS server activation | ✔ |  |  |  | | issuerDBCASActivation | CAS server activation | ✔ |  |  |  |
Line 327: Line 348:
 | rest2fVerifyUrl | REST 2F init URL | ✔ |  |  |  | | rest2fVerifyUrl | REST 2F init URL | ✔ |  |  |  |
 | restAuthUrl |  | ✔ |  |  |  | | restAuthUrl |  | ✔ |  |  |  |
 +| restAuthnLevel | REST authentication level | ✔ |  |  |  |
 | restConfigServer | Enable REST config server | ✔ |  |  |  | | restConfigServer | Enable REST config server | ✔ |  |  |  |
 +| restExportSecretKeys | Allow to export secret keys in REST session server | ✔ |  |  |  |
 | restPwdConfirmUrl |  | ✔ |  |  |  | | restPwdConfirmUrl |  | ✔ |  |  |  |
 | restPwdModifyUrl |  | ✔ |  |  |  | | restPwdModifyUrl |  | ✔ |  |  |  |
Line 364: Line 387:
 | samlOrganizationName | SAML service organization name | ✔ |  |  |  | | samlOrganizationName | SAML service organization name | ✔ |  |  |  |
 | samlOrganizationURL | SAML service organization URL | ✔ |  |  |  | | samlOrganizationURL | SAML service organization URL | ✔ |  |  |  |
 +| samlOverrideIDPEntityID | Override SAML EntityID when acting as an IDP | ✔ |  |  |  |
 | samlRelayStateTimeout | SAML timeout of relay state | ✔ |  |  |  | | samlRelayStateTimeout | SAML timeout of relay state | ✔ |  |  |  |
 | samlSPMetaDataOptions |  | ✔ |  |  | [1] | | samlSPMetaDataOptions |  | ✔ |  |  | [1] |
Line 395: Line 419:
 | sessionDataToRemember | Data to remember in login history | ✔ |  |  |  | | sessionDataToRemember | Data to remember in login history | ✔ |  |  |  |
 | sfEngine | Second factor engine | ✔ |  |  | ✔ | | sfEngine | Second factor engine | ✔ |  |  | ✔ |
 +| sfRemovedMsgRule | Display a message if at leat one expired SF has been removed | ✔ |  |  |  |
 +| sfRemovedNotifMsg | Notification message | ✔ |  |  |  |
 +| sfRemovedNotifRef | Notification reference | ✔ |  |  |  |
 +| sfRemovedNotifTitle | Notification title | ✔ |  |  |  |
 +| sfRemovedUseNotif | Use Notifications plugin to display message | ✔ |  |  |  |
 | sfRequired | Second factor required | ✔ |  |  |  | | sfRequired | Second factor required | ✔ |  |  |  |
 | showLanguages | Display langs icons | ✔ |  |  |  | | showLanguages | Display langs icons | ✔ |  |  |  |
Line 430: Line 459:
 | totp2fRange | TOTP range (number of interval to test) | ✔ |  |  |  | | totp2fRange | TOTP range (number of interval to test) | ✔ |  |  |  |
 | totp2fSelfRegistration | TOTP self registration activation | ✔ |  |  |  | | totp2fSelfRegistration | TOTP self registration activation | ✔ |  |  |  |
 +| totp2fTTL | TOTP device time to live  | ✔ |  |  |  |
 | totp2fUserCanChangeKey | Authorize users to change existing TOTP secret | ✔ |  |  |  | | totp2fUserCanChangeKey | Authorize users to change existing TOTP secret | ✔ |  |  |  |
 | totp2fUserCanRemoveKey | Authorize users to remove existing TOTP secret | ✔ |  |  |  | | totp2fUserCanRemoveKey | Authorize users to remove existing TOTP secret | ✔ |  |  |  |
 | trustedDomains | Trusted domains | ✔ |  |  |  | | trustedDomains | Trusted domains | ✔ |  |  |  |
-| trustedProxies | Trusted proxies | ✔ |  |  |  | 
 | twitterAppName |  | ✔ |  |  |  | | twitterAppName |  | ✔ |  |  |  |
 | twitterAuthnLevel | Twitter authentication level | ✔ |  |  |  | | twitterAuthnLevel | Twitter authentication level | ✔ |  |  |  |
Line 442: Line 471:
 | u2fAuthnLevel | Authentication level for users authentified by password+U2F | ✔ |  |  |  | | u2fAuthnLevel | Authentication level for users authentified by password+U2F | ✔ |  |  |  |
 | u2fSelfRegistration | U2F self registration activation | ✔ |  |  |  | | u2fSelfRegistration | U2F self registration activation | ✔ |  |  |  |
 +| u2fTTL | U2F device time to live | ✔ |  |  |  |
 | u2fUserCanRemoveKey | Authorize users to remove existing U2F key | ✔ |  |  |  | | u2fUserCanRemoveKey | Authorize users to remove existing U2F key | ✔ |  |  |  |
 | upgradeSession | Upgrade session activation | ✔ |  |  |  | | upgradeSession | Upgrade session activation | ✔ |  |  |  |
Line 455: Line 485:
 | utotp2fAuthnLevel | Authentication level for users authentified by password+(U2F or TOTP) | ✔ |  |  |  | | utotp2fAuthnLevel | Authentication level for users authentified by password+(U2F or TOTP) | ✔ |  |  |  |
 | vhostOptions |  | ✔ |  |  | [1] | | vhostOptions |  | ✔ |  |  | [1] |
 +| viewerAllowBrowser | Allow configuration browser | ✔ |  |  | ✔ |
 +| viewerAllowDiff | Allow configuration diff | ✔ |  |  | ✔ |
 +| viewerHiddenKeys | Hidden Conf keys |  |  | ✔ | ✔ |
 | webIDAuthnLevel | WebID authentication level | ✔ |  |  |  | | webIDAuthnLevel | WebID authentication level | ✔ |  |  |  |
 | webIDExportedVars | WebID exported variables | ✔ |  |  |  | | webIDExportedVars | WebID exported variables | ✔ |  |  |  |
Line 467: Line 500:
 | yubikey2fSecretKey | Yubico secret key | ✔ |  |  |  | | yubikey2fSecretKey | Yubico secret key | ✔ |  |  |  |
 | yubikey2fSelfRegistration | Yubikey self registration activation | ✔ |  |  |  | | yubikey2fSelfRegistration | Yubikey self registration activation | ✔ |  |  |  |
 +| yubikey2fTTL | Yubikey device time to live | ✔ |  |  |  |
 | yubikey2fUrl | Yubico server | ✔ |  |  |  | | yubikey2fUrl | Yubico server | ✔ |  |  |  |
 | yubikey2fUserCanRemoveKey | Authorize users to remove existing Yubikey | ✔ |  |  |  | | yubikey2fUserCanRemoveKey | Authorize users to remove existing Yubikey | ✔ |  |  |  |