Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:parameterlist [2019/02/07 20:20]
127.0.0.1 external edit
documentation:latest:parameterlist [2019/09/23 22:38] (current)
Line 26: Line 26:
 | apacheAuthnLevel | Apache authentication level | ✔ |  |  |  | | apacheAuthnLevel | Apache authentication level | ✔ |  |  |  |
 | applicationList | Applications list | ✔ |  |  |  | | applicationList | Applications list | ✔ |  |  |  |
 +| authChoiceAuthBasic | Auth module used by AuthBasic handler | ✔ |  |  |  |
 | authChoiceModules | Hash list of Choice strings | ✔ |  |  |  | | authChoiceModules | Hash list of Choice strings | ✔ |  |  |  |
 | authChoiceParam | Applications list | ✔ |  |  |  | | authChoiceParam | Applications list | ✔ |  |  |  |
Line 32: Line 33:
 | available2F | Available second factor modules | ✔ |  |  | ✔ | | available2F | Available second factor modules | ✔ |  |  | ✔ |
 | available2FSelfRegistration | Available self-registration modules for second factor | ✔ |  |  | ✔ | | available2FSelfRegistration | Available self-registration modules for second factor | ✔ |  |  | ✔ |
 +| browsersDontStorePassword | Avoid browsers to store users password | ✔ |  |  |  |
 | bruteForceProtection | Enable brute force attack protection | ✔ |  |  |  | | bruteForceProtection | Enable brute force attack protection | ✔ |  |  |  |
 | bruteForceProtectionMaxAge | Brute force attack protection -> Max age between last and first allowed failed login | ✔ |  |  | ✔ | | bruteForceProtectionMaxAge | Brute force attack protection -> Max age between last and first allowed failed login | ✔ |  |  | ✔ |
Line 58: Line 60:
 | checkStateSecret | Secret token for CheckState plugin | ✔ |  |  |  | | checkStateSecret | Secret token for CheckState plugin | ✔ |  |  |  |
 | checkTime | Timeout to check new configuration in local cache | ✔ | ✔ |  | ✔ | | checkTime | Timeout to check new configuration in local cache | ✔ | ✔ |  | ✔ |
 +| checkUser | Enable check user | ✔ |  |  |  |
 +| checkUserDisplayEmptyValues | Display session empty values | ✔ |  |  |  |
 +| checkUserDisplayPersistentInfo | Display persistent session info | ✔ |  |  |  |
 +| checkUserHiddenAttributes | Attributes to hide in CheckUser plugin | ✔ |  |  |  |
 +| checkUserIdRule | checkUser identities rule | ✔ |  |  |  |
 +| checkUserSearchAttributes | Attributes used for retrieving sessions in user DataBase | ✔ |  |  |  |
 | checkXSS | Check XSS | ✔ |  |  |  | | checkXSS | Check XSS | ✔ |  |  |  |
 | combModules | Combination module description | ✔ |  |  |  | | combModules | Combination module description | ✔ |  |  |  |
Line 63: Line 71:
 | configStorage | Configuration storage | ✔ | ✔ | ✔ | ✔ | | configStorage | Configuration storage | ✔ | ✔ | ✔ | ✔ |
 | confirmFormMethod | HTTP method for confirm page form | ✔ |  |  |  | | confirmFormMethod | HTTP method for confirm page form | ✔ |  |  |  |
 +| contextSwitchingIdRule | Context switching identities rule | ✔ |  |  |  |
 +| contextSwitchingRule | Context switching activation rule | ✔ |  |  |  |
 +| contextSwitchingStopWithLogout | Stop context switching by logout | ✔ |  |  |  |
 | cookieExpiration | Cookie expiration | ✔ | ✔ |  |  | | cookieExpiration | Cookie expiration | ✔ | ✔ |  |  |
 | cookieName | Name of the main cookie | ✔ | ✔ |  |  | | cookieName | Name of the main cookie | ✔ | ✔ |  |  |
 +| corsAllow_Credentials | Allow credentials for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Headers | Allowed headers for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Methods | Allowed methods for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsAllow_Origin | Allowed origine for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsEnabled | Enable Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsExpose_Headers | Exposed headers for Cross-Origin Resource Sharing | ✔ |  |  |  |
 +| corsMax_Age | MAx-age for Cross-Origin Resource Sharing | ✔ |  |  |  |
 | cspConnect | Authorized Ajax destination for Content-Security-Policy | ✔ |  |  |  | | cspConnect | Authorized Ajax destination for Content-Security-Policy | ✔ |  |  |  |
 | cspDefault | Default value for Content-Security-Policy | ✔ |  |  |  | | cspDefault | Default value for Content-Security-Policy | ✔ |  |  |  |
Line 77: Line 95:
 | customPassword | Custom password module | ✔ |  |  |  | | customPassword | Custom password module | ✔ |  |  |  |
 | customRegister | Custom register module | ✔ |  |  |  | | customRegister | Custom register module | ✔ |  |  |  |
 +| customToTrace | Session parameter used to fill REMOTE_CUSTOM | ✔ | ✔ |  |  |
 | customUserDB | Custom user DB module | ✔ |  |  |  | | customUserDB | Custom user DB module | ✔ |  |  |  |
 | dbiAuthChain |  | ✔ |  |  |  | | dbiAuthChain |  | ✔ |  |  |  |
Line 97: Line 116:
 | dbiUserUser |  | ✔ |  |  |  | | dbiUserUser |  | ✔ |  |  |  |
 | demoExportedVars | Demo exported variables | ✔ |  |  |  | | demoExportedVars | Demo exported variables | ✔ |  |  |  |
 +| disablePersistentStorage | Enabled persistent storage | ✔ |  |  |  |
 | domain | DNS domain | ✔ | ✔ |  |  | | domain | DNS domain | ✔ | ✔ |  |  |
 +| dontCompactConf | Don t compact configuration | ✔ |  |  |  |
 | exportedAttr | List of attributes to export by SOAP or REST servers | ✔ |  |  |  | | exportedAttr | List of attributes to export by SOAP or REST servers | ✔ |  |  |  |
 | exportedVars | Main exported variables | ✔ |  |  |  | | exportedVars | Main exported variables | ✔ |  |  |  |
Line 104: Line 125:
 | ext2fActivation | External second factor activation | ✔ |  |  |  | | ext2fActivation | External second factor activation | ✔ |  |  |  |
 | ext2fAuthnLevel | Authentication level for users authentified by External second factor | ✔ |  |  |  | | ext2fAuthnLevel | Authentication level for users authentified by External second factor | ✔ |  |  |  |
 +| ext2fCodeActivation | OTP generated by Portal | ✔ |  |  |  |
 +| ext2fLabel | Portal label for External second factor | ✔ |  |  |  |
 | ext2fLogo | Custom logo for External 2F | ✔ |  |  |  | | ext2fLogo | Custom logo for External 2F | ✔ |  |  |  |
 | facebookAppId |  | ✔ |  |  |  | | facebookAppId |  | ✔ |  |  |  |
Line 111: Line 134:
 | facebookUserField |  | ✔ |  |  |  | | facebookUserField |  | ✔ |  |  |  |
 | failedLoginNumber | Number of failures stored in login history | ✔ |  |  |  | | failedLoginNumber | Number of failures stored in login history | ✔ |  |  |  |
 +| forceGlobalStorageUpgradeOTT | Force upgrade tokens be stored into Global Storage | ✔ |  |  | ✔ |
 | formTimeout | Token timeout for forms | ✔ |  |  |  | | formTimeout | Token timeout for forms | ✔ |  |  |  |
 | globalStorage | Session backend module | ✔ | ✔ |  |  | | globalStorage | Session backend module | ✔ | ✔ |  |  |
 | globalStorageOptions | Session backend module options | ✔ | ✔ |  |  | | globalStorageOptions | Session backend module options | ✔ | ✔ |  |  |
 +| gpgAuthnLevel | GPG authentication level | ✔ |  |  |  |
 | gpgDb | GPG keys database | ✔ |  |  |  | | gpgDb | GPG keys database | ✔ |  |  |  |
 | grantSessionRules | Rules to grant sessions | ✔ |  |  |  | | grantSessionRules | Rules to grant sessions | ✔ |  |  |  |
 | groups | Groups | ✔ |  |  |  | | groups | Groups | ✔ |  |  |  |
 | handlerInternalCache | Handler internal cache timeout | ✔ | ✔ |  | ✔ | | handlerInternalCache | Handler internal cache timeout | ✔ | ✔ |  | ✔ |
 +| handlerServiceTokenTTL | Handler ServiceToken timeout | ✔ | ✔ |  | ✔ |
 | hiddenAttributes | Name of attributes to hide in logs | ✔ |  |  |  | | hiddenAttributes | Name of attributes to hide in logs | ✔ |  |  |  |
 | hideOldPassword | Hide old password in portal | ✔ |  |  |  | | hideOldPassword | Hide old password in portal | ✔ |  |  |  |
 | httpOnly | Enable httpOnly flag in cookie | ✔ | ✔ |  |  | | httpOnly | Enable httpOnly flag in cookie | ✔ | ✔ |  |  |
 | https | Use HTTPS for redirection from portal |  | ✔ |  |  | | https | Use HTTPS for redirection from portal |  | ✔ |  |  |
 +| impersonationHiddenAttributes | Attributes to skip | ✔ |  |  |  |
 +| impersonationIdRule | Impersonation identities rule | ✔ |  |  |  |
 +| impersonationMergeSSOgroups | Merge spoofed and real SSO groups | ✔ |  |  |  |
 +| impersonationPrefix | Prefix to rename real session attributes | ✔ |  |  | ✔ |
 +| impersonationRule | Impersonation activation rule | ✔ |  |  |  |
 +| impersonationSkipEmptyValues | Skip session empty values | ✔ |  |  |  |
 | infoFormMethod | HTTP method for info page form | ✔ |  |  |  | | infoFormMethod | HTTP method for info page form | ✔ |  |  |  |
 | issuerDBCASActivation | CAS server activation | ✔ |  |  |  | | issuerDBCASActivation | CAS server activation | ✔ |  |  |  |
Line 139: Line 171:
 | issuerDBSAMLPath | SAML IDP request path | ✔ |  |  |  | | issuerDBSAMLPath | SAML IDP request path | ✔ |  |  |  |
 | issuerDBSAMLRule | SAML IDP rule | ✔ |  |  |  | | issuerDBSAMLRule | SAML IDP rule | ✔ |  |  |  |
 +| issuersTimeout | Token timeout for issuers | ✔ |  |  |  |
 | jsRedirect | Use javascript for redirections | ✔ |  |  |  | | jsRedirect | Use javascript for redirections | ✔ |  |  |  |
 | key | Secret key | ✔ |  |  |  | | key | Secret key | ✔ |  |  |  |
Line 158: Line 191:
 | ldapGroupObjectClass | LDAP object class of groups | ✔ |  |  |  | | ldapGroupObjectClass | LDAP object class of groups | ✔ |  |  |  |
 | ldapGroupRecursive | LDAP recursive search in groups | ✔ |  |  |  | | ldapGroupRecursive | LDAP recursive search in groups | ✔ |  |  |  |
 +| ldapITDS | Support for IBM Tivoli Directory Server | ✔ |  |  |  |
 | ldapPasswordResetAttribute | LDAP password reset attribute | ✔ |  |  |  | | ldapPasswordResetAttribute | LDAP password reset attribute | ✔ |  |  |  |
 | ldapPasswordResetAttributeValue | LDAP password reset value | ✔ |  |  |  | | ldapPasswordResetAttributeValue | LDAP password reset value | ✔ |  |  |  |
Line 192: Line 226:
 | mail2fBody | Mail body for second factor authentication | ✔ |  |  |  | | mail2fBody | Mail body for second factor authentication | ✔ |  |  |  |
 | mail2fCodeRegex | Regular expression to create a mail OTP code | ✔ |  |  |  | | mail2fCodeRegex | Regular expression to create a mail OTP code | ✔ |  |  |  |
 +| mail2fLabel | Portal label for Mail second factor | ✔ |  |  |  |
 | mail2fLogo | Custom logo for Mail 2F | ✔ |  |  |  | | mail2fLogo | Custom logo for Mail 2F | ✔ |  |  |  |
 | mail2fSubject | Mail subject for second factor authentication | ✔ |  |  |  | | mail2fSubject | Mail subject for second factor authentication | ✔ |  |  |  |
Line 218: Line 253:
 | notification | Notification activation | ✔ |  |  |  | | notification | Notification activation | ✔ |  |  |  |
 | notificationServer | Notification server activation | ✔ |  |  |  | | notificationServer | Notification server activation | ✔ |  |  |  |
 +| notificationServerDELETE | Notification server activation | ✔ |  |  |  |
 +| notificationServerGET | Notification server activation | ✔ |  |  |  |
 +| notificationServerPOST | Notification server activation | ✔ |  |  |  |
 +| notificationServerSentAttributes | Prameters to send with notification server GET method | ✔ |  |  |  |
 | notificationStorage | Notification backend | ✔ |  |  |  | | notificationStorage | Notification backend | ✔ |  |  |  |
 | notificationStorageOptions | Notification backend options | ✔ |  |  |  | | notificationStorageOptions | Notification backend options | ✔ |  |  |  |
Line 241: Line 280:
 | oidcServiceMetaDataEndSessionURI | OpenID Connect end session endpoint | ✔ |  |  |  | | oidcServiceMetaDataEndSessionURI | OpenID Connect end session endpoint | ✔ |  |  |  |
 | oidcServiceMetaDataFrontChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ |  |  |  | | oidcServiceMetaDataFrontChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ |  |  |  |
 +| oidcServiceMetaDataIntrospectionURI | OpenID Connect introspection endpoint | ✔ |  |  |  |
 | oidcServiceMetaDataIssuer | OpenID Connect issuer | ✔ |  |  |  | | oidcServiceMetaDataIssuer | OpenID Connect issuer | ✔ |  |  |  |
 | oidcServiceMetaDataJWKSURI | OpenID Connect JWKS endpoint | ✔ |  |  |  | | oidcServiceMetaDataJWKSURI | OpenID Connect JWKS endpoint | ✔ |  |  |  |
Line 270: Line 310:
 | pamService | PAM service | ✔ |  |  |  | | pamService | PAM service | ✔ |  |  |  |
 | passwordDB | Password module | ✔ |  |  |  | | passwordDB | Password module | ✔ |  |  |  |
 +| passwordPolicyMinDigit | Password policy: minimal digit characters | ✔ |  |  |  |
 +| passwordPolicyMinLower | Password policy: minimal lower characters | ✔ |  |  |  |
 +| passwordPolicyMinSize | Password policy: minimal size | ✔ |  |  |  |
 +| passwordPolicyMinUpper | Password policy: minimal upper characters | ✔ |  |  |  |
 | passwordResetAllowedRetries | Maximum number of retries to reset password | ✔ |  |  |  | | passwordResetAllowedRetries | Maximum number of retries to reset password | ✔ |  |  |  |
 +| pdataDomain | pdata cookie DNS domain | ✔ | ✔ |  | ✔ |
 | persistentStorage | Storage module for persistent sessions | ✔ |  |  |  | | persistentStorage | Storage module for persistent sessions | ✔ |  |  |  |
 | persistentStorageOptions | Options for persistent sessions storage module | ✔ |  |  |  | | persistentStorageOptions | Options for persistent sessions storage module | ✔ |  |  |  |
Line 279: Line 324:
 | portalDisplayAppslist | Display applications tab in portal | ✔ |  |  |  | | portalDisplayAppslist | Display applications tab in portal | ✔ |  |  |  |
 | portalDisplayChangePassword | Display password tab in portal | ✔ |  |  |  | | portalDisplayChangePassword | Display password tab in portal | ✔ |  |  |  |
 +| portalDisplayGeneratePassword | Display password generate box in reset password form | ✔ |  |  |  |
 | portalDisplayLoginHistory | Display login history tab in portal | ✔ |  |  |  | | portalDisplayLoginHistory | Display login history tab in portal | ✔ |  |  |  |
 | portalDisplayLogout | Display logout tab in portal | ✔ |  |  |  | | portalDisplayLogout | Display logout tab in portal | ✔ |  |  |  |
 | portalDisplayOidcConsents | Display OIDC consent tab in portal | ✔ |  |  |  | | portalDisplayOidcConsents | Display OIDC consent tab in portal | ✔ |  |  |  |
 +| portalDisplayPasswordPolicy | Display policy in password form | ✔ |  |  |  |
 | portalDisplayRegister | Display register button in portal | ✔ |  |  |  | | portalDisplayRegister | Display register button in portal | ✔ |  |  |  |
 | portalDisplayResetPassword | Display reset password button in portal | ✔ |  |  |  | | portalDisplayResetPassword | Display reset password button in portal | ✔ |  |  |  |
Line 302: Line 349:
 | proxySessionService |  | ✔ |  |  |  | | proxySessionService |  | ✔ |  |  |  |
 | proxyUseSoap | Use SOAP instead of REST | ✔ |  |  |  | | proxyUseSoap | Use SOAP instead of REST | ✔ |  |  |  |
 +| radius2fActivation | Radius second factor activation | ✔ |  |  |  |
 +| radius2fAuthnLevel | Authentication level for users authenticated by Radius second factor | ✔ |  |  |  |
 +| radius2fLabel | Portal label for Radius 2F | ✔ |  |  |  |
 +| radius2fLogo | Custom logo for Radius 2F | ✔ |  |  |  |
 +| radius2fSecret |  | ✔ |  |  |  |
 +| radius2fServer |  | ✔ |  |  |  |
 +| radius2fTimeout | Radius 2f verification timeout | ✔ |  |  |  |
 +| radius2fUsernameSessionKey | Session key used as Radius login | ✔ |  |  |  |
 | radiusAuthnLevel | Radius authentication level | ✔ |  |  |  | | radiusAuthnLevel | Radius authentication level | ✔ |  |  |  |
 | radiusSecret |  | ✔ |  |  |  | | radiusSecret |  | ✔ |  |  |  |
Line 323: Line 378:
 | rest2fInitArgs | Args for REST 2F init | ✔ |  |  |  | | rest2fInitArgs | Args for REST 2F init | ✔ |  |  |  |
 | rest2fInitUrl | REST 2F init URL | ✔ |  |  |  | | rest2fInitUrl | REST 2F init URL | ✔ |  |  |  |
 +| rest2fLabel | Portal label for REST second factor | ✔ |  |  |  |
 | rest2fLogo | Custom logo for REST 2F | ✔ |  |  |  | | rest2fLogo | Custom logo for REST 2F | ✔ |  |  |  |
 | rest2fVerifyArgs | Args for REST 2F init | ✔ |  |  |  | | rest2fVerifyArgs | Args for REST 2F init | ✔ |  |  |  |
 | rest2fVerifyUrl | REST 2F init URL | ✔ |  |  |  | | rest2fVerifyUrl | REST 2F init URL | ✔ |  |  |  |
 | restAuthUrl |  | ✔ |  |  |  | | restAuthUrl |  | ✔ |  |  |  |
 +| restAuthnLevel | REST authentication level | ✔ |  |  |  |
 +| restClockTolerance | How tolerant the REST session server will be to clock dift | ✔ |  |  |  |
 | restConfigServer | Enable REST config server | ✔ |  |  |  | | restConfigServer | Enable REST config server | ✔ |  |  |  |
 +| restExportSecretKeys | Allow to export secret keys in REST session server | ✔ |  |  |  |
 | restPwdConfirmUrl |  | ✔ |  |  |  | | restPwdConfirmUrl |  | ✔ |  |  |  |
 | restPwdModifyUrl |  | ✔ |  |  |  | | restPwdModifyUrl |  | ✔ |  |  |  |
Line 364: Line 423:
 | samlOrganizationName | SAML service organization name | ✔ |  |  |  | | samlOrganizationName | SAML service organization name | ✔ |  |  |  |
 | samlOrganizationURL | SAML service organization URL | ✔ |  |  |  | | samlOrganizationURL | SAML service organization URL | ✔ |  |  |  |
 +| samlOverrideIDPEntityID | Override SAML EntityID when acting as an IDP | ✔ |  |  |  |
 | samlRelayStateTimeout | SAML timeout of relay state | ✔ |  |  |  | | samlRelayStateTimeout | SAML timeout of relay state | ✔ |  |  |  |
 | samlSPMetaDataOptions |  | ✔ |  |  | [1] | | samlSPMetaDataOptions |  | ✔ |  |  | [1] |
Line 395: Line 455:
 | sessionDataToRemember | Data to remember in login history | ✔ |  |  |  | | sessionDataToRemember | Data to remember in login history | ✔ |  |  |  |
 | sfEngine | Second factor engine | ✔ |  |  | ✔ | | sfEngine | Second factor engine | ✔ |  |  | ✔ |
 +| sfExtra | Extra second factors | ✔ |  |  |  |
 +| sfRemovedMsgRule | Display a message if at leat one expired SF has been removed | ✔ |  |  |  |
 +| sfRemovedNotifMsg | Notification message | ✔ |  |  |  |
 +| sfRemovedNotifRef | Notification reference | ✔ |  |  |  |
 +| sfRemovedNotifTitle | Notification title | ✔ |  |  |  |
 +| sfRemovedUseNotif | Use Notifications plugin to display message | ✔ |  |  |  |
 | sfRequired | Second factor required | ✔ |  |  |  | | sfRequired | Second factor required | ✔ |  |  |  |
 | showLanguages | Display langs icons | ✔ |  |  |  | | showLanguages | Display langs icons | ✔ |  |  |  |
Line 403: Line 469:
 | skipRenewConfirmation | Avoid asking confirmation when an Issuer asks to renew auth | ✔ |  |  |  | | skipRenewConfirmation | Avoid asking confirmation when an Issuer asks to renew auth | ✔ |  |  |  |
 | slaveAuthnLevel | Slave authentication level | ✔ |  |  |  | | slaveAuthnLevel | Slave authentication level | ✔ |  |  |  |
 +| slaveDisplayLogo | Display Slave authentication logo | ✔ |  |  |  |
 | slaveExportedVars | Slave exported variables | ✔ |  |  |  | | slaveExportedVars | Slave exported variables | ✔ |  |  |  |
 | slaveHeaderContent |  | ✔ |  |  |  | | slaveHeaderContent |  | ✔ |  |  |  |
Line 428: Line 495:
 | totp2fInterval | TOTP interval | ✔ |  |  |  | | totp2fInterval | TOTP interval | ✔ |  |  |  |
 | totp2fIssuer | TOTP Issuer | ✔ |  |  |  | | totp2fIssuer | TOTP Issuer | ✔ |  |  |  |
 +| totp2fLabel | Portal label for TOTP 2F | ✔ |  |  |  |
 +| totp2fLogo | Custom logo for TOTP 2F | ✔ |  |  |  |
 | totp2fRange | TOTP range (number of interval to test) | ✔ |  |  |  | | totp2fRange | TOTP range (number of interval to test) | ✔ |  |  |  |
 | totp2fSelfRegistration | TOTP self registration activation | ✔ |  |  |  | | totp2fSelfRegistration | TOTP self registration activation | ✔ |  |  |  |
 +| totp2fTTL | TOTP device time to live  | ✔ |  |  |  |
 | totp2fUserCanChangeKey | Authorize users to change existing TOTP secret | ✔ |  |  |  | | totp2fUserCanChangeKey | Authorize users to change existing TOTP secret | ✔ |  |  |  |
 | totp2fUserCanRemoveKey | Authorize users to remove existing TOTP secret | ✔ |  |  |  | | totp2fUserCanRemoveKey | Authorize users to remove existing TOTP secret | ✔ |  |  |  |
 | trustedDomains | Trusted domains | ✔ |  |  |  | | trustedDomains | Trusted domains | ✔ |  |  |  |
-| trustedProxies | Trusted proxies | ✔ |  |  |  | 
 | twitterAppName |  | ✔ |  |  |  | | twitterAppName |  | ✔ |  |  |  |
 | twitterAuthnLevel | Twitter authentication level | ✔ |  |  |  | | twitterAuthnLevel | Twitter authentication level | ✔ |  |  |  |
Line 441: Line 510:
 | u2fActivation | U2F activation | ✔ |  |  |  | | u2fActivation | U2F activation | ✔ |  |  |  |
 | u2fAuthnLevel | Authentication level for users authentified by password+U2F | ✔ |  |  |  | | u2fAuthnLevel | Authentication level for users authentified by password+U2F | ✔ |  |  |  |
 +| u2fLabel | Portal label for U2F | ✔ |  |  |  |
 +| u2fLogo | Custom logo for U2F | ✔ |  |  |  |
 | u2fSelfRegistration | U2F self registration activation | ✔ |  |  |  | | u2fSelfRegistration | U2F self registration activation | ✔ |  |  |  |
 +| u2fTTL | U2F device time to live | ✔ |  |  |  |
 | u2fUserCanRemoveKey | Authorize users to remove existing U2F key | ✔ |  |  |  | | u2fUserCanRemoveKey | Authorize users to remove existing U2F key | ✔ |  |  |  |
 | upgradeSession | Upgrade session activation | ✔ |  |  |  | | upgradeSession | Upgrade session activation | ✔ |  |  |  |
Line 454: Line 526:
 | utotp2fActivation | UTOTP activation (mixed U2F/TOTP module) | ✔ |  |  |  | | utotp2fActivation | UTOTP activation (mixed U2F/TOTP module) | ✔ |  |  |  |
 | utotp2fAuthnLevel | Authentication level for users authentified by password+(U2F or TOTP) | ✔ |  |  |  | | utotp2fAuthnLevel | Authentication level for users authentified by password+(U2F or TOTP) | ✔ |  |  |  |
 +| utotp2fLabel | Portal label for U2F+TOTP | ✔ |  |  |  |
 +| utotp2fLogo | Custom logo for U2F+TOTP | ✔ |  |  |  |
 | vhostOptions |  | ✔ |  |  | [1] | | vhostOptions |  | ✔ |  |  | [1] |
 +| viewerAllowBrowser | Allow configuration browser | ✔ |  |  | ✔ |
 +| viewerAllowDiff | Allow configuration diff | ✔ |  |  | ✔ |
 +| viewerHiddenKeys | Hidden Conf keys |  |  | ✔ | ✔ |
 | webIDAuthnLevel | WebID authentication level | ✔ |  |  |  | | webIDAuthnLevel | WebID authentication level | ✔ |  |  |  |
 | webIDExportedVars | WebID exported variables | ✔ |  |  |  | | webIDExportedVars | WebID exported variables | ✔ |  |  |  |
Line 463: Line 540:
 | yubikey2fAuthnLevel | Authentication level for users authentified by Yubikey second factor | ✔ |  |  |  | | yubikey2fAuthnLevel | Authentication level for users authentified by Yubikey second factor | ✔ |  |  |  |
 | yubikey2fClientID | Yubico client ID | ✔ |  |  |  | | yubikey2fClientID | Yubico client ID | ✔ |  |  |  |
 +| yubikey2fLabel | Portal label for Yubikey second factor | ✔ |  |  |  |
 +| yubikey2fLogo | Custom logo for Yubikey 2F | ✔ |  |  |  |
 | yubikey2fNonce | Yubico nonce | ✔ |  |  |  | | yubikey2fNonce | Yubico nonce | ✔ |  |  |  |
 | yubikey2fPublicIDSize | Yubikey public ID size | ✔ |  |  |  | | yubikey2fPublicIDSize | Yubikey public ID size | ✔ |  |  |  |
 | yubikey2fSecretKey | Yubico secret key | ✔ |  |  |  | | yubikey2fSecretKey | Yubico secret key | ✔ |  |  |  |
 | yubikey2fSelfRegistration | Yubikey self registration activation | ✔ |  |  |  | | yubikey2fSelfRegistration | Yubikey self registration activation | ✔ |  |  |  |
 +| yubikey2fTTL | Yubikey device time to live | ✔ |  |  |  |
 | yubikey2fUrl | Yubico server | ✔ |  |  |  | | yubikey2fUrl | Yubico server | ✔ |  |  |  |
 | yubikey2fUserCanRemoveKey | Authorize users to remove existing Yubikey | ✔ |  |  |  | | yubikey2fUserCanRemoveKey | Authorize users to remove existing Yubikey | ✔ |  |  |  |
Line 481: Line 561:
  
 ^  Full name  ^  Key name  ^  Configuration backend ​ ^ ^  Full name  ^  Key name  ^  Configuration backend ​ ^
 +| Configuration load timeout | confTimeout | all backends (default: 10) |
 | Directory | dirName | [[fileconfbackend|File]] | | Directory | dirName | [[fileconfbackend|File]] |
 | DBI connection string | dbiChain | [[sqlconfbackend|CDBI / RDBI]] | | DBI connection string | dbiChain | [[sqlconfbackend|CDBI / RDBI]] |