Variables

Presentation

Variables can be used in rules and headers. All rules are concerned:

  • Access rule in virtual host
  • SAML IDP preselection
  • Session opening

Variables are stored in the user session. We can distinguish several kind of variables:

When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if uid variable match coudot :

$uid eq "coudot"
You can inspect a user session with the sessions explorer (in Manager)

Below are documented internal variables.

Modules

Register what module was used for authentication, user data, password, …

Key Description
_auth Authentication module
_userDB User module
_passwordDB Password module
_issuerDB Issuer module (can be multivalued)
_authChoice User choice done if authentication choice was used
_authMulti Full name of authentication module (with #label) used in Multi
_userDBMulti Full name of user module (with #label) used in Multi

Connection

Datas concerning the first connection to the portal

Key Description
ipAddr IP of the user (can be the X Forwarded For IP if trusted proxies are configured)
_timezone Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used)
_url URL used before being redirected to the portal (empty if portal was used as entry point)

Authentication

Datas around the authentication process.

Key Description
_session_id Session identifier (carried in cookie)
_user User found from login process
_password Password found from login process (only if password store in session is configured)
authenticationLevel Authentication level

Dates

Key Description
_utime Timestamp of session creation
_startTime Date of session creation
_updateTime Date of session last modification
_lastAuthnUTime Timestamp of last authentication time

SAML

Datas related to SAML protocol

Key Description
_idp Name of IDP used for authentication
_idpConfKey Configuration key of IDP used for authentication
_samlToken SAML token
_lassoSessionDump Lasso session dump
_lassoIdentityDump Lasso identity dump

Notifications

Key Description
_notification_id Date of validation of the notification id

Login history

Key Description
_loginHistory HASH of login success and failures

LDAP

Only with UserDB LDAP.

Key Description
_dn Distinguished name

OpenID

Key Description
_openid_id Consent to share attribute id trough OpenID

OpenID Connect

Key Description
_oidc_id_token ID Token
_oidc_OP Configuration key of OP used for authentication
_oidc_access_token OAuth2 Access Token used to get UserInfo data
_oidc_consent_scope_rp Scope for which consent was given for RP rp
_oidc_consent_time_rp Time when consent was given for RP rp

Other

Key Description
_appsListOrder Order of categories in the menu
_session_kind Type of session (SSO, Persistent, …)