Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:parameterlist [2019/06/28 15:24]
documentation:latest:parameterlist [2019/09/02 23:00] (current)
Line 1: Line 1:
 +====== Parameter list ======
 +
 +<note tip>
 +Click on a column header to sort table.
 +The attribute key name can be used directly in ''​lemonldap-ng.ini''​ or in Perl scripts to override configuration parameters (see [[configlocation|configuration location]]).
 +</​note>​
 +
 +===== Main parameters =====
 +
 +<​sortable 1>
 +^  Key name  ^  Documentation ​ ^  Portal ​ ^  Handler ​ ^  Manager ​ ^  ini file only  ^
 +| ADPwdExpireWarning | AD password expire warning | ✔ |  |  |  |
 +| ADPwdMaxAge | AD password max age | ✔ |  |  |  |
 +| AuthLDAPFilter | LDAP filter for auth search | ✔ |  |  |  |
 +| LDAPFilter | Default LDAP filter | ✔ |  |  |  |
 +| SMTPAuthPass | Password to use to send mails | ✔ |  |  |  |
 +| SMTPAuthUser | Login to use to send mails | ✔ |  |  |  |
 +| SMTPPort | Fix SMTP port | ✔ |  |  |  |
 +| SMTPServer | SMTP Server | ✔ |  |  |  |
 +| SMTPTLS | TLS protocol to use with SMTP | ✔ |  |  |  |
 +| SMTPTLSOpts | TLS/SSL options for SMTP | ✔ |  |  |  |
 +| SSLAuthnLevel | SSL authentication level | ✔ |  |  |  |
 +| SSLVar |  | ✔ |  |  |  |
 +| SSLVarIf |  | ✔ |  |  |  |
 +| activeTimer | Enable timers on portal pages | ✔ |  |  |  |
 +| apacheAuthnLevel | Apache authentication level | ✔ |  |  |  |
 +| applicationList | Applications list | ✔ |  |  |  |
 +| authChoiceModules | Hash list of Choice strings | ✔ |  |  |  |
 +| authChoiceParam | Applications list | ✔ |  |  |  |
 +| authentication | Authentication module | ✔ |  |  |  |
 +| autoSigninRules | List of auto signin rules | ✔ |  |  |  |
 +| available2F | Available second factor modules | ✔ |  |  | ✔ |
 +| available2FSelfRegistration | Available self-registration modules for second factor | ✔ |  |  | ✔ |
 +| bruteForceProtection | Enable brute force attack protection | ✔ |  |  |  |
 +| bruteForceProtectionMaxAge | Brute force attack protection -> Max age between last and first allowed failed login | ✔ |  |  | ✔ |
 +| bruteForceProtectionMaxFailed | Brute force attack protection -> Max allowed failed login | ✔ |  |  | ✔ |
 +| bruteForceProtectionTempo | Brute force attack protection -> Tempo before try again | ✔ |  |  | ✔ |
 +| captcha_login_enabled | Captcha on login page | ✔ |  |  |  |
 +| captcha_mail_enabled | Captcha on password reset page | ✔ |  |  |  |
 +| captcha_register_enabled | Captcha on account creation page | ✔ |  |  |  |
 +| captcha_size | Captcha size | ✔ |  |  |  |
 +| casAccessControlPolicy | CAS access control policy | ✔ |  |  |  |
 +| casAppMetaDataOptions | Root of CAS app options | ✔ |  |  | [1] |
 +| casAttr | Pivot attribute for CAS | ✔ |  |  |  |
 +| casAttributes | CAS exported attributes | ✔ |  |  |  |
 +| casAuthnLevel | CAS authentication level | ✔ |  |  |  |
 +| casSrvMetaDataOptions | Root of CAS server options | ✔ |  |  | [1] |
 +| casStorage | Apache::​Session module to store CAS user data | ✔ |  |  |  |
 +| casStorageOptions | Apache::​Session module parameters | ✔ |  |  |  |
 +| cda | Enable Cross Domain Authentication | ✔ | ✔ |  |  |
 +| cfgAuthor | Name of the author of the current configuration | ✔ |  |  | ✔ |
 +| cfgAuthorIP | Uploader IP address of the current configuration | ✔ |  |  | ✔ |
 +| cfgDate | Timestamp of the current configuration | ✔ |  |  | ✔ |
 +| cfgLog | Configuration update log | ✔ |  |  | ✔ |
 +| cfgNum | Enable Cross Domain Authentication | ✔ |  |  | ✔ |
 +| cfgVersion | Version of LLNG which build configuration | ✔ |  |  | ✔ |
 +| checkState | Enable CheckState plugin | ✔ |  |  |  |
 +| checkStateSecret | Secret token for CheckState plugin | ✔ |  |  |  |
 +| checkTime | Timeout to check new configuration in local cache | ✔ | ✔ |  | ✔ |
 +| checkUser | Enable check user | ✔ |  |  |  |
 +| checkUserDisplayEmptyValues | Display session empty values | ✔ |  |  |  |
 +| checkUserDisplayPersistentInfo | Display persistent session info | ✔ |  |  |  |
 +| checkUserHiddenAttributes | Attributes to hide in CheckUser plugin | ✔ |  |  |  |
 +| checkUserIdRule | checkUser identities rule | ✔ |  |  |  |
 +| checkXSS | Check XSS | ✔ |  |  |  |
 +| combModules | Combination module description | ✔ |  |  |  |
 +| combination | Combination rule | ✔ |  |  |  |
 +| configStorage | Configuration storage | ✔ | ✔ | ✔ | ✔ |
 +| confirmFormMethod | HTTP method for confirm page form | ✔ |  |  |  |
 +| contextSwitchingIdRule | Context switching identities rule | ✔ |  |  |  |
 +| contextSwitchingRule | Context switching activation rule | ✔ |  |  |  |
 +| contextSwitchingStopWithLogout | Stop context switching by logout | ✔ |  |  |  |
 +| cookieExpiration | Cookie expiration | ✔ | ✔ |  |  |
 +| cookieName | Name of the main cookie | ✔ | ✔ |  |  |
 +| corsAllow_Credentials | Allow credentials for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Headers | Allowed headers for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Methods | Allowed methods for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Origin | Allowed origine for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsEnabled | Enable Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsExpose_Headers | Exposed headers for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsMax_Age | MAx-age for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| cspConnect | Authorized Ajax destination for Content-Security-Policy | ✔ |  |  |  |
 +| cspDefault | Default value for Content-Security-Policy | ✔ |  |  |  |
 +| cspFont | Font source for Content-Security-Policy | ✔ |  |  |  |
 +| cspFormAction | Form action destination for Content-Security-Policy | ✔ |  |  |  |
 +| cspImg | Image source for Content-Security-Policy | ✔ |  |  |  |
 +| cspScript | Javascript source for Content-Security-Policy | ✔ |  |  |  |
 +| cspStyle | Style source for Content-Security-Policy | ✔ |  |  |  |
 +| customAddParams | Custom additional parameters | ✔ |  |  |  |
 +| customAuth | Custom auth module | ✔ |  |  |  |
 +| customFunctions | List of custom functions | ✔ | ✔ | ✔ |  |
 +| customPassword | Custom password module | ✔ |  |  |  |
 +| customRegister | Custom register module | ✔ |  |  |  |
 +| customToTrace | Session parameter used to fill REMOTE_CUSTOM | ✔ | ✔ |  |  |
 +| customUserDB | Custom user DB module | ✔ |  |  |  |
 +| dbiAuthChain |  | ✔ |  |  |  |
 +| dbiAuthLoginCol |  | ✔ |  |  |  |
 +| dbiAuthPassword |  | ✔ |  |  |  |
 +| dbiAuthPasswordCol |  | ✔ |  |  |  |
 +| dbiAuthPasswordHash |  | ✔ |  |  |  |
 +| dbiAuthTable |  | ✔ |  |  |  |
 +| dbiAuthUser |  | ✔ |  |  |  |
 +| dbiAuthnLevel | DBI authentication level | ✔ |  |  |  |
 +| dbiDynamicHashEnabled |  | ✔ |  |  |  |
 +| dbiDynamicHashNewPasswordScheme |  | ✔ |  |  |  |
 +| dbiDynamicHashValidSaltedSchemes |  | ✔ |  |  |  |
 +| dbiDynamicHashValidSchemes |  | ✔ |  |  |  |
 +| dbiExportedVars | DBI exported variables | ✔ |  |  |  |
 +| dbiPasswordMailCol |  | ✔ |  |  |  |
 +| dbiUserChain |  | ✔ |  |  |  |
 +| dbiUserPassword |  | ✔ |  |  |  |
 +| dbiUserTable |  | ✔ |  |  |  |
 +| dbiUserUser |  | ✔ |  |  |  |
 +| demoExportedVars | Demo exported variables | ✔ |  |  |  |
 +| disablePersistentStorage | Enabled persistent storage | ✔ |  |  |  |
 +| domain | DNS domain | ✔ | ✔ |  |  |
 +| exportedAttr | List of attributes to export by SOAP or REST servers | ✔ |  |  |  |
 +| exportedVars | Main exported variables | ✔ |  |  |  |
 +| ext2FSendCommand | Send command of External second factor | ✔ |  |  |  |
 +| ext2FValidateCommand | Validation command of External second factor | ✔ |  |  |  |
 +| ext2fActivation | External second factor activation | ✔ |  |  |  |
 +| ext2fAuthnLevel | Authentication level for users authentified by External second factor | ✔ |  |  |  |
 +| ext2fCodeActivation | OTP generated by Portal | ✔ |  |  |  |
 +| ext2fLabel | Portal label for External second factor | ✔ |  |  |  |
 +| ext2fLogo | Custom logo for External 2F | ✔ |  |  |  |
 +| facebookAppId |  | ✔ |  |  |  |
 +| facebookAppSecret |  | ✔ |  |  |  |
 +| facebookAuthnLevel | Facebook authentication level | ✔ |  |  |  |
 +| facebookExportedVars | Facebook exported variables | ✔ |  |  |  |
 +| facebookUserField |  | ✔ |  |  |  |
 +| failedLoginNumber | Number of failures stored in login history | ✔ |  |  |  |
 +| forceGlobalStorageUpgradeOTT | Force upgrade tokens be stored into Global Storage | ✔ |  |  | ✔ |
 +| formTimeout | Token timeout for forms | ✔ |  |  |  |
 +| globalStorage | Session backend module | ✔ | ✔ |  |  |
 +| globalStorageOptions | Session backend module options | ✔ | ✔ |  |  |
 +| gpgAuthnLevel | GPG authentication level | ✔ |  |  |  |
 +| gpgDb | GPG keys database | ✔ |  |  |  |
 +| grantSessionRules | Rules to grant sessions | ✔ |  |  |  |
 +| groups | Groups | ✔ |  |  |  |
 +| handlerInternalCache | Handler internal cache timeout | ✔ | ✔ |  | ✔ |
 +| handlerServiceTokenTTL | Handler ServiceToken timeout | ✔ | ✔ |  | ✔ |
 +| hiddenAttributes | Name of attributes to hide in logs | ✔ |  |  |  |
 +| hideOldPassword | Hide old password in portal | ✔ |  |  |  |
 +| httpOnly | Enable httpOnly flag in cookie | ✔ | ✔ |  |  |
 +| https | Use HTTPS for redirection from portal |  | ✔ |  |  |
 +| impersonationHiddenAttributes | Attributes to skip | ✔ |  |  |  |
 +| impersonationIdRule | Impersonation identities rule | ✔ |  |  |  |
 +| impersonationMergeSSOgroups | Merge spoofed and real SSO groups | ✔ |  |  |  |
 +| impersonationPrefix | Prefix to rename real session attributes | ✔ |  |  | ✔ |
 +| impersonationRule | Impersonation activation rule | ✔ |  |  |  |
 +| impersonationSkipEmptyValues | Skip session empty values | ✔ |  |  |  |
 +| infoFormMethod | HTTP method for info page form | ✔ |  |  |  |
 +| issuerDBCASActivation | CAS server activation | ✔ |  |  |  |
 +| issuerDBCASPath | CAS server request path | ✔ |  |  |  |
 +| issuerDBCASRule | CAS server rule | ✔ |  |  |  |
 +| issuerDBGetActivation | Get issuer activation | ✔ |  |  |  |
 +| issuerDBGetParameters | List of virtualHosts with their get parameters | ✔ |  |  |  |
 +| issuerDBGetPath | Get issuer request path | ✔ |  |  |  |
 +| issuerDBGetRule | Get issuer rule | ✔ |  |  |  |
 +| issuerDBOpenIDActivation | OpenID server activation | ✔ |  |  |  |
 +| issuerDBOpenIDConnectActivation | OpenID Connect server activation | ✔ |  |  |  |
 +| issuerDBOpenIDConnectPath | OpenID Connect server request path | ✔ |  |  |  |
 +| issuerDBOpenIDConnectRule | OpenID Connect server rule | ✔ |  |  |  |
 +| issuerDBOpenIDPath | OpenID server request path | ✔ |  |  |  |
 +| issuerDBOpenIDRule | OpenID server rule | ✔ |  |  |  |
 +| issuerDBSAMLActivation | SAML IDP activation | ✔ |  |  |  |
 +| issuerDBSAMLPath | SAML IDP request path | ✔ |  |  |  |
 +| issuerDBSAMLRule | SAML IDP rule | ✔ |  |  |  |
 +| jsRedirect | Use javascript for redirections | ✔ |  |  |  |
 +| key | Secret key | ✔ |  |  |  |
 +| krbAuthnLevel | Null authentication level | ✔ |  |  |  |
 +| krbByJs | Launch Kerberos authentication by Ajax | ✔ |  |  |  |
 +| krbKeytab | Kerberos keytab | ✔ |  |  |  |
 +| krbRemoveDomain | Remove domain in Kerberos username | ✔ |  |  |  |
 +| ldapAllowResetExpiredPassword | Allow a user to reset his expired password | ✔ |  |  |  |
 +| ldapAuthnLevel | LDAP authentication level | ✔ |  |  |  |
 +| ldapBase | LDAP search base | ✔ |  |  |  |
 +| ldapChangePasswordAsUser |  | ✔ |  |  |  |
 +| ldapExportedVars | LDAP exported variables | ✔ |  |  |  |
 +| ldapGroupAttributeName | LDAP attribute name for member in groups | ✔ |  |  |  |
 +| ldapGroupAttributeNameGroup | LDAP attribute name in group entry referenced as member in groups | ✔ |  |  |  |
 +| ldapGroupAttributeNameSearch | LDAP attributes to search in groups | ✔ |  |  |  |
 +| ldapGroupAttributeNameUser | LDAP attribute name in user entry referenced as member in groups | ✔ |  |  |  |
 +| ldapGroupBase |  | ✔ |  |  |  |
 +| ldapGroupDecodeSearchedValue | Decode value before searching it in LDAP groups | ✔ |  |  |  |
 +| ldapGroupObjectClass | LDAP object class of groups | ✔ |  |  |  |
 +| ldapGroupRecursive | LDAP recursive search in groups | ✔ |  |  |  |
 +| ldapPasswordResetAttribute | LDAP password reset attribute | ✔ |  |  |  |
 +| ldapPasswordResetAttributeValue | LDAP password reset value | ✔ |  |  |  |
 +| ldapPort | LDAP port | ✔ |  |  |  |
 +| ldapPpolicyControl |  | ✔ |  |  |  |
 +| ldapPwdEnc | LDAP password encoding | ✔ |  |  |  |
 +| ldapRaw |  | ✔ |  |  |  |
 +| ldapSearchDeref | "​deref"​ param of Net::​LDAP::​search() | ✔ |  |  |  |
 +| ldapServer | LDAP server (host or URI) | ✔ |  |  |  |
 +| ldapSetPassword |  | ✔ |  |  |  |
 +| ldapTimeout | LDAP connection timeout | ✔ |  |  |  |
 +| ldapUsePasswordResetAttribute | LDAP store reset flag in an attribute | ✔ |  |  |  |
 +| ldapVersion | LDAP protocol version | ✔ |  |  |  |
 +| linkedInAuthnLevel | LinkedIn authentication level | ✔ |  |  |  |
 +| linkedInClientID |  | ✔ |  |  |  |
 +| linkedInClientSecret |  | ✔ |  |  |  |
 +| linkedInFields |  | ✔ |  |  |  |
 +| linkedInScope |  | ✔ |  |  |  |
 +| linkedInUserField |  | ✔ |  |  |  |
 +| localSessionStorage | Local sessions cache module | ✔ |  |  |  |
 +| localSessionStorageOptions | Sessions cache module options | ✔ |  |  |  |
 +| localStorage | Local cache | ✔ | ✔ | ✔ | ✔ |
 +| localStorageOptions | Local cache parameters | ✔ | ✔ | ✔ | ✔ |
 +| log4perlConfFile | Log4Perl logger configuration file | ✔ | ✔ | ✔ | ✔ |
 +| logLevel | Log level, must be set in .ini | ✔ | ✔ | ✔ | ✔ |
 +| logger | technical logger | ✔ | ✔ | ✔ | ✔ |
 +| loginHistoryEnabled | Enable login history | ✔ |  |  |  |
 +| logoutServices | Send logout trough GET request to these services | ✔ |  |  |  |
 +| lwpOpts | Options given to LWP::​UserAgent | ✔ |  |  |  |
 +| lwpSslOpts | SSL options given to LWP::​UserAgent | ✔ |  |  |  |
 +| macros | Macros | ✔ |  |  |  |
 +| mail2fActivation | Mail second factor activation | ✔ |  |  |  |
 +| mail2fAuthnLevel | Authentication level for users authenticated by Mail second factor | ✔ |  |  |  |
 +| mail2fBody | Mail body for second factor authentication | ✔ |  |  |  |
 +| mail2fCodeRegex | Regular expression to create a mail OTP code | ✔ |  |  |  |
 +| mail2fLabel | Portal label for Mail second factor | ✔ |  |  |  |
 +| mail2fLogo | Custom logo for Mail 2F | ✔ |  |  |  |
 +| mail2fSubject | Mail subject for second factor authentication | ✔ |  |  |  |
 +| mail2fTimeout | Second factor code timeout | ✔ |  |  |  |
 +| mailBody | Custom password reset mail body | ✔ |  |  |  |
 +| mailCharset | Mail charset | ✔ |  |  |  |
 +| mailConfirmBody | Custom confirm password reset mail body | ✔ |  |  |  |
 +| mailConfirmSubject | Mail subject for reset confirmation | ✔ |  |  |  |
 +| mailFrom | Sender email | ✔ |  |  |  |
 +| mailLDAPFilter | LDAP filter for mail search | ✔ |  |  |  |
 +| mailOnPasswordChange | Send a mail when password is changed | ✔ |  |  |  |
 +| mailReplyTo | Reply-To address | ✔ |  |  |  |
 +| mailSessionKey | Session parameter where mail is stored | ✔ |  |  |  |
 +| mailSubject | Mail subject for new password email | ✔ |  |  |  |
 +| mailTimeout | Mail password reset session timeout | ✔ |  |  |  |
 +| mailUrl | URL of password reset page | ✔ |  |  |  |
 +| maintenance | Maintenance mode for all virtual hosts |  | ✔ |  |  |
 +| managerDn | LDAP manager DN | ✔ |  |  |  |
 +| managerPassword | LDAP manager Password | ✔ |  |  |  |
 +| max2FDevices | Maximum registered 2F devices | ✔ |  |  | ✔ |
 +| max2FDevicesNameLength | Maximum 2F devices name length | ✔ |  |  | ✔ |
 +| multiValuesSeparator | Separator for multiple values | ✔ | ✔ | ✔ |  |
 +| mySessionAuthorizedRWKeys | Alterable session keys by user itself | ✔ |  |  | ✔ |
 +| nginxCustomHandlers | Custom Nginx handler (deprecated) | ✔ |  |  |  |
 +| noAjaxHook | Avoid replacing 302 by 401 for Ajax responses | ✔ |  |  |  |
 +| notification | Notification activation | ✔ |  |  |  |
 +| notificationServer | Notification server activation | ✔ |  |  |  |
 +| notificationServerDELETE | Notification server activation | ✔ |  |  |  |
 +| notificationServerGET | Notification server activation | ✔ |  |  |  |
 +| notificationServerPOST | Notification server activation | ✔ |  |  |  |
 +| notificationServerSentAttributes | Prameters to send with notification server GET method | ✔ |  |  |  |
 +| notificationStorage | Notification backend | ✔ |  |  |  |
 +| notificationStorageOptions | Notification backend options | ✔ |  |  |  |
 +| notificationWildcard | Notification string to match all users | ✔ |  |  |  |
 +| notificationXSLTfile | Custom XSLT document for notifications | ✔ |  |  |  |
 +| notifyDeleted | Show deleted sessions in portal | ✔ |  |  |  |
 +| notifyOther | Show other sessions in portal | ✔ |  |  |  |
 +| nullAuthnLevel | Null authentication level | ✔ |  |  |  |
 +| oidcAuthnLevel | OpenID Connect authentication level | ✔ |  |  |  |
 +| oidcOPMetaDataOptions |  | ✔ |  |  | [1] |
 +| oidcRPCallbackGetParam | OpenID Connect Callback GET URLparameter | ✔ |  |  |  |
 +| oidcRPMetaDataOptions |  | ✔ |  |  | [1] |
 +| oidcRPStateTimeout | OpenID Connect Timeout of state sessions | ✔ |  |  |  |
 +| oidcServiceAllowAuthorizationCodeFlow | OpenID Connect allow authorization code flow | ✔ |  |  |  |
 +| oidcServiceAllowDynamicRegistration | OpenID Connect allow dynamic client registration | ✔ |  |  |  |
 +| oidcServiceAllowHybridFlow | OpenID Connect allow hybrid flow | ✔ |  |  |  |
 +| oidcServiceAllowImplicitFlow | OpenID Connect allow implicit flow | ✔ |  |  |  |
 +| oidcServiceKeyIdSig | OpenID Connect Signature Key ID | ✔ |  |  |  |
 +| oidcServiceMetaDataAuthnContext | OpenID Connect Authentication Context Class Ref | ✔ |  |  |  |
 +| oidcServiceMetaDataAuthorizeURI | OpenID Connect authorizaton endpoint | ✔ |  |  |  |
 +| oidcServiceMetaDataBackChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ |  |  |  |
 +| oidcServiceMetaDataCheckSessionURI | OpenID Connect check session iframe | ✔ |  |  |  |
 +| oidcServiceMetaDataEndSessionURI | OpenID Connect end session endpoint | ✔ |  |  |  |
 +| oidcServiceMetaDataFrontChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ |  |  |  |
 +| oidcServiceMetaDataIssuer | OpenID Connect issuer | ✔ |  |  |  |
 +| oidcServiceMetaDataJWKSURI | OpenID Connect JWKS endpoint | ✔ |  |  |  |
 +| oidcServiceMetaDataRegistrationURI | OpenID Connect registration endpoint | ✔ |  |  |  |
 +| oidcServiceMetaDataTokenURI | OpenID Connect token endpoint | ✔ |  |  |  |
 +| oidcServiceMetaDataUserInfoURI | OpenID Connect user info endpoint | ✔ |  |  |  |
 +| oidcServicePrivateKeySig |  | ✔ |  |  |  |
 +| oidcServicePublicKeySig |  | ✔ |  |  |  |
 +| oidcStorage | Apache::​Session module to store OIDC user data | ✔ |  |  |  |
 +| oidcStorageOptions | Apache::​Session module parameters | ✔ |  |  |  |
 +| oldNotifFormat | Use old XML format for notifications | ✔ |  |  |  |
 +| openIdAttr |  | ✔ |  |  |  |
 +| openIdAuthnLevel | OpenID authentication level | ✔ |  |  |  |
 +| openIdExportedVars | OpenID exported variables | ✔ |  |  |  |
 +| openIdIDPList |  | ✔ |  |  |  |
 +| openIdIssuerSecret |  | ✔ |  |  |  |
 +| openIdSPList |  | ✔ |  |  |  |
 +| openIdSecret |  | ✔ |  |  |  |
 +| openIdSreg_country |  | ✔ |  |  |  |
 +| openIdSreg_dob |  | ✔ |  |  |  |
 +| openIdSreg_email | OpenID SREG email session parameter | ✔ |  |  |  |
 +| openIdSreg_fullname | OpenID SREG fullname session parameter | ✔ |  |  |  |
 +| openIdSreg_gender |  | ✔ |  |  |  |
 +| openIdSreg_language |  | ✔ |  |  |  |
 +| openIdSreg_nickname | OpenID SREG nickname session parameter | ✔ |  |  |  |
 +| openIdSreg_postcode |  | ✔ |  |  |  |
 +| openIdSreg_timezone | OpenID SREG timezone session parameter | ✔ |  |  |  |
 +| pamAuthnLevel | PAM authentication level | ✔ |  |  |  |
 +| pamService | PAM service | ✔ |  |  |  |
 +| passwordDB | Password module | ✔ |  |  |  |
 +| passwordResetAllowedRetries | Maximum number of retries to reset password | ✔ |  |  |  |
 +| pdataDomain | pdata cookie DNS domain | ✔ | ✔ |  | ✔ |
 +| persistentStorage | Storage module for persistent sessions | ✔ |  |  |  |
 +| persistentStorageOptions | Options for persistent sessions storage module | ✔ |  |  |  |
 +| port | Force port in redirection |  | ✔ |  |  |
 +| portal | Portal URL | ✔ | ✔ | ✔ |  |
 +| portalAntiFrame | Avoid portal to be displayed inside frames | ✔ |  |  |  |
 +| portalCheckLogins | Display login history checkbox in portal | ✔ |  |  |  |
 +| portalDisplayAppslist | Display applications tab in portal | ✔ |  |  |  |
 +| portalDisplayChangePassword | Display password tab in portal | ✔ |  |  |  |
 +| portalDisplayLoginHistory | Display login history tab in portal | ✔ |  |  |  |
 +| portalDisplayLogout | Display logout tab in portal | ✔ |  |  |  |
 +| portalDisplayOidcConsents | Display OIDC consent tab in portal | ✔ |  |  |  |
 +| portalDisplayRegister | Display register button in portal | ✔ |  |  |  |
 +| portalDisplayResetPassword | Display reset password button in portal | ✔ |  |  |  |
 +| portalErrorOnExpiredSession | Show error if session is expired | ✔ |  |  |  |
 +| portalErrorOnMailNotFound | Show error if mail is not found in password reset process | ✔ |  |  |  |
 +| portalForceAuthn | Enable force to authenticate when displaying portal | ✔ |  |  |  |
 +| portalForceAuthnInterval | Maximum interval in seconds since last authentication to force reauthentication | ✔ |  |  |  |
 +| portalMainLogo | Portal main logo path | ✔ |  |  |  |
 +| portalOpenLinkInNewWindow | Open applications in new windows | ✔ |  |  |  |
 +| portalPingInterval | Interval in ms between portal Ajax pings  | ✔ |  |  |  |
 +| portalRequireOldPassword | Old password is required to change the password | ✔ |  |  |  |
 +| portalSkin | Name of portal skin | ✔ |  |  |  |
 +| portalSkinBackground | Background image of portal skin | ✔ |  |  |  |
 +| portalSkinRules | Rules to choose portal skin | ✔ |  |  |  |
 +| portalStatus | Enable portal status | ✔ |  |  |  |
 +| portalUserAttr | Session parameter to display connected user in portal | ✔ |  |  |  |
 +| protection | Manager protection method |  | ✔ | ✔ | ✔ |
 +| proxyAuthService |  | ✔ |  |  |  |
 +| proxyAuthnLevel | Proxy authentication level | ✔ |  |  |  |
 +| proxySessionService |  | ✔ |  |  |  |
 +| proxyUseSoap | Use SOAP instead of REST | ✔ |  |  |  |
 +| radius2fActivation | Radius second factor activation | ✔ |  |  |  |
 +| radius2fAuthnLevel | Authentication level for users authenticated by Radius second factor | ✔ |  |  |  |
 +| radius2fLabel | Portal label for Radius 2F | ✔ |  |  |  |
 +| radius2fLogo | Custom logo for Radius 2F | ✔ |  |  |  |
 +| radius2fSecret |  | ✔ |  |  |  |
 +| radius2fServer |  | ✔ |  |  |  |
 +| radius2fTimeout | Radius 2f verification timeout | ✔ |  |  |  |
 +| radius2fUsernameSessionKey | Session key used as Radius login | ✔ |  |  |  |
 +| radiusAuthnLevel | Radius authentication level | ✔ |  |  |  |
 +| radiusSecret |  | ✔ |  |  |  |
 +| radiusServer |  | ✔ |  |  |  |
 +| randomPasswordRegexp | Regular expression to create a random password | ✔ |  |  |  |
 +| redirectFormMethod | HTTP method for redirect page form | ✔ |  |  |  |
 +| registerConfirmSubject | Mail subject for register confirmation | ✔ |  |  |  |
 +| registerDB | Register module | ✔ |  |  |  |
 +| registerDoneSubject | Mail subject when register is done | ✔ |  |  |  |
 +| registerTimeout | Register session timeout | ✔ |  |  |  |
 +| registerUrl | URL of register page | ✔ |  |  |  |
 +| reloadTimeout | Configuration reload timeout |  |  | ✔ |  |
 +| reloadUrls | URL to call on reload | ✔ |  |  |  |
 +| remoteCookieName |  | ✔ |  |  |  |
 +| remoteGlobalStorage | Remote session backend | ✔ |  |  |  |
 +| remoteGlobalStorageOptions | Apache::​Session module parameters | ✔ |  |  |  |
 +| remotePortal |  | ✔ |  |  |  |
 +| requireToken | Enable token for forms | ✔ |  |  |  |
 +| rest2fActivation | REST second factor activation | ✔ |  |  |  |
 +| rest2fAuthnLevel | Authentication level for users authentified by REST second factor | ✔ |  |  |  |
 +| rest2fInitArgs | Args for REST 2F init | ✔ |  |  |  |
 +| rest2fInitUrl | REST 2F init URL | ✔ |  |  |  |
 +| rest2fLabel | Portal label for REST second factor | ✔ |  |  |  |
 +| rest2fLogo | Custom logo for REST 2F | ✔ |  |  |  |
 +| rest2fVerifyArgs | Args for REST 2F init | ✔ |  |  |  |
 +| rest2fVerifyUrl | REST 2F init URL | ✔ |  |  |  |
 +| restAuthUrl |  | ✔ |  |  |  |
 +| restAuthnLevel | REST authentication level | ✔ |  |  |  |
 +| restConfigServer | Enable REST config server | ✔ |  |  |  |
 +| restExportSecretKeys | Allow to export secret keys in REST session server | ✔ |  |  |  |
 +| restPwdConfirmUrl |  | ✔ |  |  |  |
 +| restPwdModifyUrl |  | ✔ |  |  |  |
 +| restSessionServer | Enable REST session server | ✔ |  |  |  |
 +| restUserDBUrl |  | ✔ |  |  |  |
 +| samlAttributeAuthorityDescriptorAttributeServiceSOAP | SAML Attribute Authority SOAP | ✔ |  |  |  |
 +| samlAuthnContextMapKerberos | SAML authn context kerberos level | ✔ |  |  |  |
 +| samlAuthnContextMapPassword | SAML authn context password level | ✔ |  |  |  |
 +| samlAuthnContextMapPasswordProtectedTransport | SAML authn context password protected transport level | ✔ |  |  |  |
 +| samlAuthnContextMapTLSClient | SAML authn context TLS client level | ✔ |  |  |  |
 +| samlCommonDomainCookieActivation | SAML CDC activation | ✔ |  |  |  |
 +| samlCommonDomainCookieDomain |  | ✔ |  |  |  |
 +| samlCommonDomainCookieReader |  | ✔ |  |  |  |
 +| samlCommonDomainCookieWriter |  | ✔ |  |  |  |
 +| samlDiscoveryProtocolActivation | SAML Discovery Protocol activation | ✔ |  |  |  |
 +| samlDiscoveryProtocolIsPassive | SAML Discovery Protocol Is Passive | ✔ |  |  |  |
 +| samlDiscoveryProtocolPolicy | SAML Discovery Protocol Policy | ✔ |  |  |  |
 +| samlDiscoveryProtocolURL | SAML Discovery Protocol EndPoint URL | ✔ |  |  |  |
 +| samlEntityID | SAML service entityID | ✔ |  |  |  |
 +| samlIDPMetaDataOptions |  | ✔ |  |  | [1] |
 +| samlIDPSSODescriptorArtifactResolutionServiceArtifact | SAML IDP artifact resolution service | ✔ |  |  |  |
 +| samlIDPSSODescriptorSingleLogoutServiceHTTPPost | SAML IDP SLO HTTP POST | ✔ |  |  |  |
 +| samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect | SAML IDP SLO HTTP Redirect | ✔ |  |  |  |
 +| samlIDPSSODescriptorSingleLogoutServiceSOAP | SAML IDP SLO SOAP | ✔ |  |  |  |
 +| samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact | SAML IDP SSO HTTP Artifact | ✔ |  |  |  |
 +| samlIDPSSODescriptorSingleSignOnServiceHTTPPost | SAML IDP SSO HTTP POST | ✔ |  |  |  |
 +| samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect | SAML IDP SSO HTTP Redirect | ✔ |  |  |  |
 +| samlIDPSSODescriptorWantAuthnRequestsSigned | SAML IDP want authn request signed | ✔ |  |  |  |
 +| samlIdPResolveCookie | SAML IDP resolution cookie | ✔ |  |  |  |
 +| samlMetadataForceUTF8 | SAML force metadata UTF8 conversion | ✔ |  |  |  |
 +| samlNameIDFormatMapEmail | SAML session parameter for NameID email | ✔ |  |  |  |
 +| samlNameIDFormatMapKerberos | SAML session parameter for NameID kerberos | ✔ |  |  |  |
 +| samlNameIDFormatMapWindows | SAML session parameter for NameID windows | ✔ |  |  |  |
 +| samlNameIDFormatMapX509 | SAML session parameter for NameID x509 | ✔ |  |  |  |
 +| samlOrganizationDisplayName | SAML service organization display name | ✔ |  |  |  |
 +| samlOrganizationName | SAML service organization name | ✔ |  |  |  |
 +| samlOrganizationURL | SAML service organization URL | ✔ |  |  |  |
 +| samlOverrideIDPEntityID | Override SAML EntityID when acting as an IDP | ✔ |  |  |  |
 +| samlRelayStateTimeout | SAML timeout of relay state | ✔ |  |  |  |
 +| samlSPMetaDataOptions |  | ✔ |  |  | [1] |
 +| samlSPSSODescriptorArtifactResolutionServiceArtifact | SAML SP artifact resolution service ​ | ✔ |  |  |  |
 +| samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact | SAML SP ACS HTTP artifact | ✔ |  |  |  |
 +| samlSPSSODescriptorAssertionConsumerServiceHTTPPost | SAML SP ACS HTTP POST | ✔ |  |  |  |
 +| samlSPSSODescriptorAuthnRequestsSigned | SAML SP AuthnRequestsSigned | ✔ |  |  |  |
 +| samlSPSSODescriptorSingleLogoutServiceHTTPPost | SAML SP SLO HTTP POST | ✔ |  |  |  |
 +| samlSPSSODescriptorSingleLogoutServiceHTTPRedirect | SAML SP SLO HTTP Redirect | ✔ |  |  |  |
 +| samlSPSSODescriptorSingleLogoutServiceSOAP | SAML SP SLO SOAP | ✔ |  |  |  |
 +| samlSPSSODescriptorWantAssertionsSigned | SAML SP WantAssertionsSigned | ✔ |  |  |  |
 +| samlServicePrivateKeyEnc | SAML encryption private key | ✔ |  |  |  |
 +| samlServicePrivateKeyEncPwd |  | ✔ |  |  |  |
 +| samlServicePrivateKeySig | SAML signature private key | ✔ |  |  |  |
 +| samlServicePrivateKeySigPwd | SAML signature private key password | ✔ |  |  |  |
 +| samlServicePublicKeyEnc | SAML encryption public key | ✔ |  |  |  |
 +| samlServicePublicKeySig | SAML signature public key | ✔ |  |  |  |
 +| samlServiceSignatureMethod |  | ✔ |  |  |  |
 +| samlServiceUseCertificateInResponse | Use certificate instead of public key in SAML responses | ✔ |  |  |  |
 +| samlStorage | Apache::​Session module to store SAML user data | ✔ |  |  |  |
 +| samlStorageOptions | Apache::​Session module parameters | ✔ |  |  |  |
 +| samlUseQueryStringSpecific | SAML use specific method for query_string | ✔ |  |  |  |
 +| secureTokenAllowOnError | Secure Token allow requests in error |  | ✔ |  | ✔ |
 +| secureTokenAttribute | Secure Token attribute |  | ✔ |  | ✔ |
 +| secureTokenExpiration | Secure Token expiration |  | ✔ |  | ✔ |
 +| secureTokenHeader | Secure Token header |  | ✔ |  | ✔ |
 +| secureTokenMemcachedServers | Secure Token Memcached servers |  | ✔ |  | ✔ |
 +| secureTokenUrls |  |  | ✔ |  | ✔ |
 +| securedCookie | Cookie securisation method | ✔ | ✔ |  |  |
 +| sentryDsn | Sentry logger DSN | ✔ | ✔ | ✔ | ✔ |
 +| sessionDataToRemember | Data to remember in login history | ✔ |  |  |  |
 +| sfEngine | Second factor engine | ✔ |  |  | ✔ |
 +| sfExtra | Extra second factors | ✔ |  |  |  |
 +| sfRemovedMsgRule | Display a message if at leat one expired SF has been removed | ✔ |  |  |  |
 +| sfRemovedNotifMsg | Notification message | ✔ |  |  |  |
 +| sfRemovedNotifRef | Notification reference | ✔ |  |  |  |
 +| sfRemovedNotifTitle | Notification title | ✔ |  |  |  |
 +| sfRemovedUseNotif | Use Notifications plugin to display message | ✔ |  |  |  |
 +| sfRequired | Second factor required | ✔ |  |  |  |
 +| showLanguages | Display langs icons | ✔ |  |  |  |
 +| singleIP | Allow only one session per IP | ✔ |  |  |  |
 +| singleSession | Allow only one session per user | ✔ |  |  |  |
 +| singleSessionUserByIP | Allow only one session per user on an IP | ✔ |  |  |  |
 +| singleUserByIP | Allow only one user per IP | ✔ |  |  |  |
 +| skipRenewConfirmation | Avoid asking confirmation when an Issuer asks to renew auth | ✔ |  |  |  |
 +| slaveAuthnLevel | Slave authentication level | ✔ |  |  |  |
 +| slaveExportedVars | Slave exported variables | ✔ |  |  |  |
 +| slaveHeaderContent |  | ✔ |  |  |  |
 +| slaveHeaderName |  | ✔ |  |  |  |
 +| slaveMasterIP |  | ✔ |  |  |  |
 +| slaveUserHeader |  | ✔ |  |  |  |
 +| soapConfigServer | Enable SOAP config server | ✔ |  |  |  |
 +| soapSessionServer | Enable SOAP session server | ✔ |  |  |  |
 +| sslByAjax | Use Ajax request for SSL | ✔ |  |  |  |
 +| sslHost | URL for SSL Ajax request | ✔ |  |  |  |
 +| staticPrefix | Prefix of static files for HTML templates | ✔ |  |  | ✔ |
 +| status | Status daemon activation |  | ✔ |  | ✔ |
 +| stayConnected | Enable StayConnected plugin | ✔ |  |  |  |
 +| storePassword | Store password in session | ✔ |  |  |  |
 +| successLoginNumber | Number of success stored in login history | ✔ |  |  |  |
 +| syslogFacility | Syslog logger technical facility | ✔ | ✔ | ✔ | ✔ |
 +| timeout | Session timeout on server side | ✔ |  |  |  |
 +| timeoutActivity | Session activity timeout on server side | ✔ |  |  |  |
 +| timeoutActivityInterval | Update session timeout interval on server side | ✔ |  |  |  |
 +| tokenUseGlobalStorage | Enable global token storage | ✔ |  |  |  |
 +| totp2fActivation | TOTP activation | ✔ |  |  |  |
 +| totp2fAuthnLevel | Authentication level for users authentified by password+TOTP | ✔ |  |  |  |
 +| totp2fDigits | Number of digits for TOTP code | ✔ |  |  |  |
 +| totp2fDisplayExistingSecret | Display existing TOTP secret in registration form | ✔ |  |  |  |
 +| totp2fInterval | TOTP interval | ✔ |  |  |  |
 +| totp2fIssuer | TOTP Issuer | ✔ |  |  |  |
 +| totp2fLabel | Portal label for TOTP 2F | ✔ |  |  |  |
 +| totp2fLogo | Custom logo for TOTP 2F | ✔ |  |  |  |
 +| totp2fRange | TOTP range (number of interval to test) | ✔ |  |  |  |
 +| totp2fSelfRegistration | TOTP self registration activation | ✔ |  |  |  |
 +| totp2fTTL | TOTP device time to live  | ✔ |  |  |  |
 +| totp2fUserCanChangeKey | Authorize users to change existing TOTP secret | ✔ |  |  |  |
 +| totp2fUserCanRemoveKey | Authorize users to remove existing TOTP secret | ✔ |  |  |  |
 +| trustedDomains | Trusted domains | ✔ |  |  |  |
 +| twitterAppName |  | ✔ |  |  |  |
 +| twitterAuthnLevel | Twitter authentication level | ✔ |  |  |  |
 +| twitterKey |  | ✔ |  |  |  |
 +| twitterSecret |  | ✔ |  |  |  |
 +| twitterUserField |  | ✔ |  |  |  |
 +| u2fActivation | U2F activation | ✔ |  |  |  |
 +| u2fAuthnLevel | Authentication level for users authentified by password+U2F | ✔ |  |  |  |
 +| u2fLabel | Portal label for U2F | ✔ |  |  |  |
 +| u2fLogo | Custom logo for U2F | ✔ |  |  |  |
 +| u2fSelfRegistration | U2F self registration activation | ✔ |  |  |  |
 +| u2fTTL | U2F device time to live | ✔ |  |  |  |
 +| u2fUserCanRemoveKey | Authorize users to remove existing U2F key | ✔ |  |  |  |
 +| upgradeSession | Upgrade session activation | ✔ |  |  |  |
 +| useRedirectOnError | Use 302 redirect code for error (500) |  | ✔ |  |  |
 +| useRedirectOnForbidden | Use 302 redirect code for forbidden (403) | ✔ |  |  |  |
 +| useSafeJail | Activate Safe jail | ✔ | ✔ |  |  |
 +| userControl | Regular expression to validate login | ✔ |  |  |  |
 +| userDB | User module | ✔ |  |  |  |
 +| userLogger | User actions logger | ✔ | ✔ | ✔ | ✔ |
 +| userPivot |  | ✔ |  |  |  |
 +| userSyslogFacility | Syslog logger user-actions facility | ✔ | ✔ | ✔ | ✔ |
 +| utotp2fActivation | UTOTP activation (mixed U2F/TOTP module) | ✔ |  |  |  |
 +| utotp2fAuthnLevel | Authentication level for users authentified by password+(U2F or TOTP) | ✔ |  |  |  |
 +| utotp2fLabel | Portal label for U2F+TOTP | ✔ |  |  |  |
 +| utotp2fLogo | Custom logo for U2F+TOTP | ✔ |  |  |  |
 +| vhostOptions |  | ✔ |  |  | [1] |
 +| viewerAllowBrowser | Allow configuration browser | ✔ |  |  | ✔ |
 +| viewerAllowDiff | Allow configuration diff | ✔ |  |  | ✔ |
 +| viewerHiddenKeys | Hidden Conf keys |  |  | ✔ | ✔ |
 +| webIDAuthnLevel | WebID authentication level | ✔ |  |  |  |
 +| webIDExportedVars | WebID exported variables | ✔ |  |  |  |
 +| webIDWhitelist |  | ✔ |  |  |  |
 +| whatToTrace | Session parameter used to fill REMOTE_USER | ✔ | ✔ |  |  |
 +| wsdlServer | Enable /​portal.wsdl server | ✔ |  |  |  |
 +| yubikey2fActivation | Yubikey second factor activation | ✔ |  |  |  |
 +| yubikey2fAuthnLevel | Authentication level for users authentified by Yubikey second factor | ✔ |  |  |  |
 +| yubikey2fClientID | Yubico client ID | ✔ |  |  |  |
 +| yubikey2fLabel | Portal label for Yubikey second factor | ✔ |  |  |  |
 +| yubikey2fLogo | Custom logo for Yubikey 2F | ✔ |  |  |  |
 +| yubikey2fNonce | Yubico nonce | ✔ |  |  |  |
 +| yubikey2fPublicIDSize | Yubikey public ID size | ✔ |  |  |  |
 +| yubikey2fSecretKey | Yubico secret key | ✔ |  |  |  |
 +| yubikey2fSelfRegistration | Yubikey self registration activation | ✔ |  |  |  |
 +| yubikey2fTTL | Yubikey device time to live | ✔ |  |  |  |
 +| yubikey2fUrl | Yubico server | ✔ |  |  |  |
 +| yubikey2fUserCanRemoveKey | Authorize users to remove existing Yubikey | ✔ |  |  |  |
 +| zimbraAccountKey | Zimbra account session key |  | ✔ |  | ✔ |
 +| zimbraBy | Zimbra account type |  | ✔ |  | ✔ |
 +| zimbraPreAuthKey | Zimbra preauthentication key |  | ✔ |  | ✔ |
 +| zimbraSsoUrl | Zimbra local SSO URL pattern |  | ✔ |  | ✔ |
 +| zimbraUrl | Zimbra preauthentication URL |  | ✔ |  | ✔ |
 +</​sortable>​
 +
 +//[1]: complex nodes//
 +
 +===== Configuration backend parameters =====
 +
 +^  Full name  ^  Key name  ^  Configuration backend ​ ^
 +| Configuration load timeout | confTimeout | all backends (default: 10) |
 +| Directory | dirName | [[fileconfbackend|File]] |
 +| DBI connection string | dbiChain | [[sqlconfbackend|CDBI / RDBI]] |
 +| DBI user | dbiUser | ::: |
 +| DBI password | dbiPassword | ::: |
 +| DBI table name | dbiTable | ::: |
 +| Storage directory | dirName | [[fileconfbackend|File]] / [[yamlconfbackend|YAML]] |
 +| LDAP server | ldapServer | [[ldapconfbackend|LDAP]] |
 +| LDAP port | ldapPort | ::: |
 +| LDAP base | ldapConfBase | ::: |
 +| LDAP bind dn | ldapBindDN | ::: |
 +| LDAP bind password | ldapBindPassword | ::: |
 +| LDAP ObjectClass | ldapObjectClass | ::: |
 +| LDAP ID attribute | ldapAttributeId | ::: |
 +| LDAP content attribute | ldapAttributeContent | ::: |
 +| Certificate authorities file | caFile | ::: |
 +| Certificate authorities directory | caPath | ::: |
 +| MongoDB database | dbName | [[mongodbconfbackend|MongoDB]] |
 +| MongoDB collection | collectionName | ::: |
 +| REST base URL | baseUrl | [[restconfbackend|REST]] |
 +| REST realm | realm | ::: |
 +| REST user | user | ::: |
 +| REST password | password | ::: |
 +| SOAP server location (URL) | proxy | [[soapconfbackend|SOAP]] |
 +| [[http://​search.cpan.org/​perldoc?​LWP::​UserAgent|LWP::​UserAgent]] parameters | proxyOptions | ::: |
 +| SOAP user | User | ::: |
 +| SOAP password | Password | ::: |