1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="variables" id="variables">Variables</a></h1>
<div class="level1">
</div>
<!-- SECTION "Variables" [1-25] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
Variables can be used in rules and headers. All rules are concerned:
</p>
<ul>
<li class="level1"><div class="li"> Access rule in virtual host</div>
</li>
<li class="level1"><div class="li"> <acronym title="Security Assertion Markup Language">SAML</acronym> IDP preselection</div>
</li>
<li class="level1"><div class="li"> Session opening</div>
</li>
<li class="level1"><div class="li"> …</div>
</li>
</ul>
<p>
Variables are stored in the user session. We can distinguish several kind of variables:
</p>
<ul>
<li class="level1"><div class="li"> internal variables, managed by LemonLDAP::NG</div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.3/exportedvars.html" class="wikilink1" title="documentation:1.3:exportedvars">exported variables</a> collected from UserDB backend</div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.3/performances.html#macros_and_groups" class="wikilink1" title="documentation:1.3:performances">macro and groups</a></div>
</li>
</ul>
<p>
When you know the key of the variable, you just have to prefix it with the dollar sign to use it, for example to test if <code>uid</code> variable match <code>coudot</code> :
</p>
<pre class="code">
$uid eq "coudot"
</pre>
<p>
<p><div class="notetip">You can inspect a user session with the sessions explorer (in Manager)
</div></p>
</p>
<p>
Below are documented internal variables.
</p>
</div>
<!-- SECTION "Presentation" [26-794] -->
<h2><a name="modules" id="modules">Modules</a></h2>
<div class="level2">
<p>
Register what module was used for authentication, user data, password, …
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> _auth </td><td class="col1 leftalign"> Authentication module </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> _userDB </td><td class="col1 leftalign"> User module </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> _passwordDB </td><td class="col1 leftalign"> Password module </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> _issuerDB </td><td class="col1 leftalign"> Issuer module (can be multivalued) </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> _authChoice </td><td class="col1 leftalign"> User choice done if <a href="../../documentation/1.3/authchoice.html" class="wikilink1" title="documentation:1.3:authchoice">authentication choice</a> was used </td>
</tr>
</table>
</div>
<!-- SECTION "Modules" [795-1161] -->
<h2><a name="connection" id="connection">Connection</a></h2>
<div class="level2">
<p>
Datas concerning the first connection to the portal
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> ipAddr </td><td class="col1 leftalign"> <acronym title="Internet Protocol">IP</acronym> of the user (can be the X Forwarded For <acronym title="Internet Protocol">IP</acronym> if trusted proxies are configured) </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _timezone </td><td class="col1"> Timezone of the user, set with javascript from standard login form (will be empty if other authentication methods are used) </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _url </td><td class="col1 leftalign"> <acronym title="Uniform Resource Locator">URL</acronym> used before being redirected to the portal (empty if portal was used as entry point) </td>
</tr>
</table>
</div>
<!-- SECTION "Connection" [1162-1604] -->
<h2><a name="authentication" id="authentication">Authentication</a></h2>
<div class="level2">
<p>
Datas around the authentication process.
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _session_id </td><td class="col1 leftalign"> Session identifier (carried in cookie) </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _user </td><td class="col1 leftalign"> User found from login process </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _password </td><td class="col1 leftalign"> Password found from login process (only if <a href="../../documentation/1.3/passwordstore.html" class="wikilink1" title="documentation:1.3:passwordstore">password store in session</a> is configured) </td>
</tr>
<tr class="row4 roweven">
<td class="col0 leftalign"> authenticationLevel </td><td class="col1 leftalign"> Authentication level </td>
</tr>
</table>
</div>
<!-- SECTION "Authentication" [1605-1973] -->
<h2><a name="dates" id="dates">Dates</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _utime </td><td class="col1 leftalign"> Timestamp of session creation </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> startTime </td><td class="col1 leftalign"> Date of session creation </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> updateTime </td><td class="col1 leftalign"> Date of session last modification </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> _lastAuthnUTime </td><td class="col1 leftalign"> Timestamp of last authentication time </td>
</tr>
</table>
</div>
<!-- SECTION "Dates" [1974-2221] -->
<h2><a name="saml" id="saml">SAML</a></h2>
<div class="level2">
<p>
Datas related to <acronym title="Security Assertion Markup Language">SAML</acronym> protocol
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _idp </td><td class="col1 leftalign"> Name of IDP used for authentication </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> _idpConfKey </td><td class="col1 leftalign"> Configuration key of IDP used for authentication </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> _samlToken </td><td class="col1 leftalign"> <acronym title="Security Assertion Markup Language">SAML</acronym> token </td>
</tr>
<tr class="row4 roweven">
<td class="col0 leftalign"> _lassoSessionDump </td><td class="col1 leftalign"> Lasso session dump </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 leftalign"> _lassoIdentityDump </td><td class="col1 leftalign"> Lasso identity dump </td>
</tr>
</table>
</div>
<!-- SECTION "SAML" [2222-2538] -->
<h2><a name="notifications" id="notifications">Notifications</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _notification_<em>id</em> </td><td class="col1 leftalign"> Date of validation of the notification <em>id</em> </td>
</tr>
</table>
</div>
<!-- SECTION "Notifications" [2539-2667] -->
<h2><a name="login_history" id="login_history">Login history</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> loginHistory </td><td class="col1 leftalign"> HASH of login success and failures </td>
</tr>
</table>
</div>
<!-- SECTION "Login history" [2668-2777] -->
<h2><a name="ldap" id="ldap">LDAP</a></h2>
<div class="level2">
<p>
Only with UserDB <acronym title="Lightweight Directory Access Protocol">LDAP</acronym>.
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> dn </td><td class="col1"> Distinguished name </td>
</tr>
</table>
</div>
<!-- SECTION "LDAP" [2778-2875] -->
<h2><a name="openid" id="openid">OpenID</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> _openid_<em>id</em> </td><td class="col1 leftalign"> Consent to share attribute <em>id</em> trough OpenID </td>
</tr>
</table>
</div>
<!-- SECTION "OpenID" [2876-2993] -->
<h2><a name="other" id="other">Other</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Key </th><th class="col1 centeralign"> Description </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> appsListOrder </td><td class="col1 leftalign"> Order of categories in the menu </td>
</tr>
</table>
</div>
<!-- SECTION "Other" [2994-] --></div><!-- closes <div class="dokuwiki export">-->
|
