Lemonldap-NG-Manager
view release on metacpan or search on metacpan
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
'&encrypt', '&token',
@Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions
]
);
$cpt->share_from( 'Lemonldap::NG::Common::Safelib',
$Lemonldap::NG::Common::Safelib::functions );
$cpt->reval("local *_;$val");
my $err = join( '',
grep { $_ =~ /(?:Undefined subroutine|Devel::StackTrace)/ ? () : $_ }
split( /\n/, $@ ) );
return ( -1, "__badExpression__: $err" )
if ( $err && $conf->{useSafeJail} );
return ( $val =~ qr/(?<=[^=<!>\|\?])=(?![>=~])/
&& $conf->{avoidAssignment} )
? ( 1, "__badExpressionAssignment__" )
: 1;
}
my $url_re = $RE{URI}{HTTP}{ -scheme => "https?" };
$url_re =~ s/(?<=[^\\])\$/\\\$/g;
my $url = qr/$url_re/;
my $urlOrEmpty = qr/(?:^$|$url_re)/;
sub types {
return {
# Simple text types
text => {
test => sub { 1 },
msgFail => '__malformedValue__',
},
password => {
test => sub { 1 },
msgFail => '__malformedValue__',
},
longtext => {
test => sub { 1 }
},
url => {
form => 'text',
test => $urlOrEmpty,
msgFail => '__badUrl__',
},
PerlModule => {
form => 'text',
test => qr/^(?:[a-zA-Z][a-zA-Z0-9]*)*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/,
msgFail => '__badPerlPackageName__',
},
hostname => {
form => 'text',
test => qr/^(?:$Regexp::Common::URI::RFC2396::host)?$/,
msgFail => '__badHostname__',
},
pcre => {
form => 'text',
test => sub {
eval { qr/$_[0]/ };
return $@ ? ( 0, "__badRegexp__: $@" ) : (1);
},
},
lmAttrOrMacro => {
form => 'text',
test => sub {
my ( $val, $conf ) = @_;
return 1
if ( defined $conf->{macros}->{$val}
or $val =~ m/^_/ );
foreach ( keys %$conf ) {
return 1
if ( $_ =~ /exportedvars$/i
and defined $conf->{$_}->{$val} );
}
return ( 1, "__unknownAttrOrMacro__: $val" );
},
},
# Other types
int => {
test => qr/^\-?\d+$/,
msgFail => '__notAnInteger__',
},
intOrNull => {
test => qr/^\-?\d*$/,
msgFail => '__notAnInteger__',
},
bool => {
test => qr/^[01]$/,
msgFail => '__notABoolean__',
},
trool => {
test => qr/^(?:-1|0|1)$/,
msgFail => '__authorizedValues__: -1, 0, 1',
},
boolOrExpr => {
test => sub { return perlExpr(@_) },
msgFail => '__notAValidPerlExpression__',
},
keyTextContainer => {
test => qr/./,
msgFail => '__emptyValueNotAllowed__',
keyTest => qr/^\w[\w\.\-]*$/,
keyMsgFail => '__badKeyName__',
},
subContainer => {
keyTest => qr/\w/,
test => sub { 1 },
},
select => {
test => sub {
return ( 0, "Value is not a scalar" ) if ref( $_[0] );
my $test = grep ( { $_ eq $_[0] }
map ( { $_->{k} } @{ $_[2]->{select} } ) );
return $test
? 1
: ( 1, "Invalid value '$_[0]' for this select" );
},
},
# Files type (long text)
file => {
test => sub { 1 }
},
RSAPublicKey => {
test => sub {
return (
$_[0] =~
/^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$/s
? (1)
: ( 1, '__badPemEncoding__' )
);
},
},
'RSAPublicKeyOrCertificate' => {
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
portalStatus => {
type => 'bool',
default => 0,
help => 'status.html',
documentation => 'Enable portal status',
},
portalUserAttr => {
type => 'text',
default => '_user',
documentation =>
'Session parameter to display connected user in portal',
},
redirectFormMethod => {
type => "select",
select =>
[ { k => 'get', v => 'GET' }, { k => 'post', v => 'POST' }, ],
default => 'get',
documentation => 'HTTP method for redirect page form',
},
reloadTimeout => {
type => 'int',
default => 5,
documentation => 'Configuration reload timeout',
flags => 'm',
},
reloadUrls => {
type => 'keyTextContainer',
keyTest => qr/^$Regexp::Common::URI::RFC2396::host(?::\d+)?$/,
test => $url,
msgFail => '__badUrl__',
documentation => 'URL to call on reload',
},
compactConf => {
type => 'bool',
default => 0,
documentation => 'Compact configuration',
},
portalMainLogo => {
type => 'text',
default => 'common/logos/logo_llng_400px.png',
documentation => 'Portal main logo path',
},
showLanguages => {
type => 'bool',
default => 1,
documentation => 'Display langs icons',
},
scrollTop => {
type => 'int',
default => 400,
documentation => 'Display back to top button',
},
floatingCategoryName => {
type => 'text',
documentation => 'Name of the category displayed as floating menu',
},
staticPrefix => {
type => 'text',
documentation => 'Prefix of static files for HTML templates',
},
groupsBeforeMacros => {
type => 'bool',
default => 0,
documentation => 'Compute groups before macros',
},
multiValuesSeparator => {
type => 'authParamsText',
default => '; ',
documentation => 'Separator for multiple values',
flags => 'hmp',
},
rememberAuthChoiceForgetAtLogout => {
type => 'bool',
default => 0,
documentation => 'Forget Auth Choice at logout',
},
rememberAuthChoiceRule => {
type => 'boolOrExpr',
default => 0,
documentation => 'remember auth choice activation rule',
},
rememberCookieName => {
type => 'text',
test => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/,
msgFail => '__badCookieName__',
default => 'llngrememberauthchoice',
documentation => 'Name of the remember auth choice cookie',
flags => 'p',
},
rememberCookieTimeout => {
type => 'int',
default => 31536000,
documentation => 'lifetime of the remember auth choice cookie',
flags => 'm',
},
rememberDefaultChecked => {
type => 'bool',
default => 0,
documentation =>
'Is remember auth choice checkbox enabled by default?',
},
rememberTimer => {
type => 'int',
default => 5,
documentation =>
'timer before automatic authentication with remembered choice',
flags => 'm',
},
stayConnected => {
type => 'boolOrExpr',
default => 0,
documentation => 'Stay connected activation rule',
},
stayConnectedBypassFG => {
type => 'bool',
default => 0,
documentation => 'Disable fingerprint checkng',
},
stayConnectedTimeout => {
type => 'int',
default => 2592000,
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
type => 'int',
test => sub { $_[0] > 0 },
default => 72000,
documentation => 'Session timeout on server side',
},
timeoutActivity => {
type => 'int',
test => sub { $_[0] >= 0 },
default => 0,
documentation => 'Session activity timeout on server side',
},
timeoutActivityInterval => {
type => 'int',
test => sub { $_[0] >= 0 },
default => 60,
documentation => 'Update session timeout interval on server side',
},
userControl => {
type => 'pcre',
default => '^[\w\.\-@]+$',
documentation => 'Regular expression to validate login',
},
browsersDontStorePassword => {
default => 0,
type => 'bool',
documentation => 'Avoid browsers to store users password',
},
useRedirectAjaxOnUnauthorized => {
type => 'bool',
default => 1,
documentation =>
'Redirect Ajax requests to portal for unauthorized (401)',
flags => 'h',
},
useRedirectOnError => {
type => 'bool',
default => 1,
documentation => 'Use 302 redirect code for error (500)',
flags => 'h',
},
useRedirectOnForbidden => {
default => 0,
type => 'bool',
documentation => 'Use 302 redirect code for forbidden (403)',
},
useSafeJail => {
default => 1,
type => 'bool',
help => 'safejail.html',
documentation => 'Activate Safe jail',
flags => 'hp',
},
avoidAssignment => {
default => 0,
type => 'bool',
help => 'safejail.html',
documentation => 'Avoid assignment in expressions',
flags => 'hp',
},
whatToTrace => {
type => 'lmAttrOrMacro',
default => 'uid',
documentation => 'Session parameter used to fill REMOTE_USER',
flags => 'hp',
},
customToTrace => {
type => 'lmAttrOrMacro',
documentation => 'Session parameter used to fill REMOTE_CUSTOM',
flags => 'hp',
},
lwpOpts => {
type => 'keyTextContainer',
documentation => 'Options passed to LWP::UserAgent',
default => { timeout => 10 },
},
lwpSslOpts => {
type => 'keyTextContainer',
documentation => 'TLS/SSL options passed to LWP::UserAgent',
},
# CrowdSec plugins
crowdsec => {
default => 0,
type => 'boolOrExpr',
documentation => 'CrowdSec bouncer activation',
},
crowdsecAction => {
type => 'select',
select => [
{ k => 'reject', v => 'Reject' },
{ k => 'warn', v => 'Warn' },
],
default => 'reject',
documentation => 'CrowdSec action',
},
crowdsecUrl => {
type => 'url',
documentation => 'Base URL of CrowdSec local API',
},
crowdsecKey => {
type => 'text',
documentation => 'CrowdSec API key',
},
crowdsecIgnoreFailures => {
default => 0,
type => 'bool',
documentation => 'Ignore Crowdsec errors',
},
crowdsecAgent => {
default => 0,
type => 'boolOrExpr',
documentation =>
'Enable plugin to report auth failures to Crowdsec (simple alert)',
},
crowdsecMachineId => {
type => 'text',
documentation => 'Crowdsec machine ID to send alerts',
},
crowdsecPassword => {
type => 'text',
documentation => 'Crowdsec password to send alerts',
},
crowdsecMaxFailures => {
type => 'int',
documentation =>
'Crowdesc-Agent maximum failures allowed during delay',
},
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
default => { dirName => '/var/lib/lemonldap-ng/notifications', },
documentation => 'Notification backend options',
},
# Captcha
captcha_login_enabled => {
default => 0,
type => 'boolOrExpr',
documentation => 'Captcha on login page',
},
captcha_mail_enabled => {
default => 1,
type => 'boolOrExpr',
documentation => 'Captcha on password reset page',
},
captcha_register_enabled => {
default => 1,
type => 'boolOrExpr',
documentation => 'Captcha on account creation page',
},
captcha_size => {
type => 'int',
default => 6,
documentation => 'Captcha size',
},
captcha => {
type => 'PerlModule',
documentation => 'Captcha backend module',
flags => 'hp',
},
captchaOptions => {
type => 'keyTextContainer',
documentation => 'Captcha module options',
flags => 'hp',
},
# Variables
exportedVars => {
type => 'keyTextContainer',
help => 'exportedvars.html',
keyTest => qr/^!?[_a-zA-Z][a-zA-Z0-9_]*$/,
keyMsgFail => '__badVariableName__',
test => qr/^[_a-zA-Z][a-zA-Z0-9_:\-]*$/,
msgFail => '__badValue__',
default => { 'UA' => 'HTTP_USER_AGENT' },
documentation => 'Main exported variables',
},
groups => {
type => 'keyTextContainer',
help =>
'exportedvars.html#extend-variables-using-macros-and-groups',
test => sub { return perlExpr(@_) },
default => {},
documentation => 'Groups',
},
macros => {
type => 'keyTextContainer',
help =>
'exportedvars.html#extend-variables-using-macros-and-groups',
keyTest => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
keyMsgFail => '__badMacroName__',
test => sub { return perlExpr(@_) },
default => {},
documentation => 'Macros',
},
# Storage
globalStorage => {
type => 'PerlModule',
default => 'Apache::Session::File',
documentation => 'Session backend module',
flags => 'hp',
},
globalStorageOptions => {
type => 'keyTextContainer',
default => {
'Directory' => '/var/lib/lemonldap-ng/sessions/',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/',
'generateModule' =>
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
},
documentation => 'Session backend module options',
flags => 'hp',
},
localSessionStorage => {
type => 'PerlModule',
default => 'Cache::FileCache',
documentation => 'Local sessions cache module',
},
localSessionStorageOptions => {
type => 'keyTextContainer',
default => {
'namespace' => 'lemonldap-ng-sessions',
'default_expires_in' => 600,
'directory_umask' => '007',
'cache_root' => '/var/cache/lemonldap-ng',
'cache_depth' => 3,
},
documentation => 'Sessions cache module options',
},
# Persistent storage
persistentStorage => {
type => 'PerlModule',
documentation => 'Storage module for persistent sessions'
},
persistentStorageOptions => {
type => 'keyTextContainer',
documentation => 'Options for persistent sessions storage module'
},
sessionDataToRemember => {
type => 'keyTextContainer',
keyTest => qr/^(\d+_)?[_a-zA-Z][a-zA-Z0-9_]*$/,
keyMsgFail => '__invalidSessionData__',
documentation => 'Data to remember in login history',
},
disablePersistentStorage => {
default => 0,
type => 'bool',
documentation => 'Enabled persistent storage',
},
# SAML issuer
issuerDBSAMLActivation => {
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
default => '^/saml/',
documentation => 'SAML IDP request path',
},
issuerDBSAMLRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'SAML IDP rule',
},
# OpenID-Connect issuer
issuerDBOpenIDConnectActivation => {
type => 'bool',
default => 0,
documentation => 'OpenID Connect server activation',
},
issuerDBOpenIDConnectPath => {
type => 'text',
default => '^/oauth2/',
documentation => 'OpenID Connect server request path',
},
issuerDBOpenIDConnectRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'OpenID Connect server rule',
},
# GET issuer
issuerDBGetActivation => {
type => 'bool',
default => 0,
documentation => 'Get issuer activation',
},
issuerDBGetPath => {
type => 'text',
default => '^/get/',
documentation => 'Get issuer request path',
},
issuerDBGetRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'Get issuer rule',
},
issuerDBGetParameters => {
type => 'doubleHash',
default => {},
keyTest => qr/^$Regexp::Common::URI::RFC2396::hostname$/,
keyMsgFail => '__badHostname__',
test => {
keyTest => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/,
keyMsgFail => '__badKeyName__',
test => sub {
my ( $val, $conf ) = @_;
return 1
if ( defined $conf->{macros}->{$val}
or $val eq '_timezone' );
foreach ( keys %$conf ) {
return 1
if ( $_ =~ /exportedvars$/i
and defined $conf->{$_}->{$val} );
}
return ( 1, "__unknownAttrOrMacro__: $val" );
},
},
documentation => 'List of virtualHosts with their get parameters',
},
# Message broker
messageBroker => {
type => 'select',
documentation => 'Messages broker module',
select => [
{ k => '', v => '' },
{ k => '::Redis', v => 'Redis' },
{ k => '::Pg', v => 'PostgreSQL' },
{ k => '::MQTT', v => 'MQTT' },
{ k => '::Web', v => 'Web' },
],
flags => 'hp',
},
messageBrokerOptions => {
type => 'keyTextContainer',
default => {},
documentation => 'Options of messages broker module',
flags => 'hp',
},
eventQueueName => {
type => 'text',
default => 'llng_events',
documentation => 'Event channel name',
},
# Jitsi Meet tokens issuer
issuerDBJitsiMeetTokensActivation => {
type => 'bool',
default => 0,
documentation => 'Jitsi issuer activation',
},
issuerDBJitsiMeetTokensPath => {
type => 'text',
default => '^/jitsi/',
documentation => 'Jitsi issuer request path',
},
issuerDBJitsiMeetTokensRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'Jitsi issuer rule',
},
jitsiDefaultServer => {
type => 'url',
documentation => 'Jitsi server URL',
},
jitsiAppId => {
type => 'text',
documentation => 'Jitsi application ID',
},
jitsiAppSecret => {
type => 'text',
documentation => 'Jitsi application secret',
},
jitsiSigningAlg => {
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
issuerDBCASPath => {
type => 'pcre',
default => '^/cas/',
documentation => 'CAS server request path',
},
issuerDBCASRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'CAS server rule',
},
# Partners
casAppMetaDataOptions => {
type => 'subContainer',
documentation => 'Root of CAS app options',
},
casAppMetaDataExportedVars => {
type => 'keyTextContainer',
default => { cn => 'cn', mail => 'mail', uid => 'uid', },
documentation => 'CAS exported variables',
},
casAppMetaDataOptionsAuthnLevel => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation =>
'Authentication level requires to access to this CAS application',
},
casAppMetaDataOptionsComment => {
type => 'longtext',
documentation => 'Comment for this CAS application',
},
casAppMetaDataOptionsDisplayName => {
type => 'text',
},
casAppMetaDataOptionsLogout => {
type => 'trool',
default => -1,
},
casAppMetaDataOptionsRule => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation => 'CAS application rule',
},
casAppMetaDataOptionsService => {
type => 'text',
documentation => 'CAS application service',
},
casSrvMetaDataOptionsSamlValidate => {
type => 'bool',
documentation => 'use SAML validateion',
},
casAppMetaDataOptionsUserAttribute => {
type => 'text',
documentation => 'CAS User attribute',
},
casAppMetaDataOptionsAllowProxy => {
type => 'bool',
documentation => 'Allow CAS proxy',
default => 1,
},
casAppMetaDataMacros => {
type => 'keyTextContainer',
help =>
'exportedvars.html#extend-variables-using-macros-and-groups',
test => {
keyTest => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
keyMsgFail => '__badMacroName__',
test => sub { return perlExpr(@_) },
},
default => {},
documentation => 'Macros',
},
# Fake attribute: used by manager REST API to agglomerate all nodes
# related to a CAS SP partner
casAppMetaDataNodes => {
type => 'casAppMetaDataNodeContainer',
template => 'casAppMetaDataNode',
help => 'idpcas.html#configuring-cas-applications',
},
# OpenID Issuer
issuerDBOpenIDActivation => {
default => 0,
type => 'bool',
documentation => 'OpenID server activation',
},
issuerDBOpenIDPath => {
type => 'pcre',
default => '^/openidserver/',
documentation => 'OpenID server request path',
},
issuerDBOpenIDRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'OpenID server rule',
},
openIdIssuerSecret => { type => 'text', },
openIdAttr => { type => 'text', },
openIdSreg_fullname => {
type => 'lmAttrOrMacro',
default => 'cn',
documentation => 'OpenID SREG fullname session parameter',
},
openIdSreg_nickname => {
type => 'lmAttrOrMacro',
default => 'uid',
documentation => 'OpenID SREG nickname session parameter',
},
openIdSreg_language => { type => 'lmAttrOrMacro', },
openIdSreg_postcode => { type => 'lmAttrOrMacro', },
openIdSreg_timezone => {
type => 'lmAttrOrMacro',
default => '_timezone',
documentation => 'OpenID SREG timezone session parameter',
},
openIdSreg_country => { type => 'lmAttrOrMacro', },
openIdSreg_gender => { type => 'lmAttrOrMacro', },
openIdSreg_email => {
type => 'lmAttrOrMacro',
default => 'mail',
documentation => 'OpenID SREG email session parameter',
},
openIdSreg_dob => { type => 'lmAttrOrMacro', },
openIdSPList => { type => 'blackWhiteList', default => '0;' },
#########
## SAML #
#########
samlEntityID => {
type => 'text',
default => '#PORTAL#/saml/metadata',
documentation => 'SAML service entityID',
},
samlOrganizationDisplayName => {
type => 'text',
default => 'Example',
documentation => 'SAML service organization display name',
},
samlOrganizationName => {
type => 'text',
default => 'Example',
documentation => 'SAML service organization name',
},
samlOrganizationURL => {
type => 'text',
default => 'http://www.example.com',
documentation => 'SAML service organization URL',
},
samlNameIDFormatMapEmail => {
type => 'text',
default => 'mail',
documentation => 'SAML session parameter for NameID email',
},
samlNameIDFormatMapX509 => {
type => 'text',
default => 'mail',
documentation => 'SAML session parameter for NameID x509',
},
samlNameIDFormatMapWindows => {
type => 'text',
default => 'uid',
documentation => 'SAML session parameter for NameID windows',
},
samlNameIDFormatMapKerberos => {
type => 'text',
default => 'uid',
documentation => 'SAML session parameter for NameID kerberos',
},
samlAttributeAuthorityDescriptorAttributeServiceSOAP => {
type => 'samlService',
default => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
. '#PORTAL#/saml/AA/SOAP;',
documentation => 'SAML Attribute Authority SOAP',
},
samlServicePrivateKeySig => {
type => 'RSAPrivateKey',
default => '',
documentation => 'SAML signature private key',
},
samlServicePrivateKeySigPwd => {
type => 'password',
default => '',
documentation => 'SAML signature private key password',
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
},
samlSPMetaDataOptionsSignSSOMessage => {
type => 'trool',
default => -1,
},
samlSPMetaDataOptionsSignatureMethod => {
type => 'select',
select => [
{ k => '', v => 'default' },
{ k => 'RSA_SHA1', v => 'RSA SHA1' },
{ k => 'RSA_SHA256', v => 'RSA SHA256' },
{ k => 'RSA_SHA384', v => 'RSA SHA384' },
{ k => 'RSA_SHA512', v => 'RSA SHA512' },
],
default => '',
},
samlSPMetaDataOptionsSignatureKey => {
type => 'text',
default => '',
},
samlSPMetaDataOptionsCheckSSOMessageSignature => {
type => 'bool',
default => 1,
},
samlSPMetaDataOptionsSignSLOMessage => {
type => 'trool',
default => -1,
},
samlSPMetaDataOptionsCheckSLOMessageSignature => {
type => 'bool',
default => 1,
},
samlSPMetaDataOptionsEncryptionMode => {
type => 'select',
select => [
{ k => 'none', v => 'None' },
{ k => 'nameid', v => 'Name ID' },
{ k => 'assertion', v => 'Assertion' },
],
default => 'none',
},
samlSPMetaDataOptionsEnableIDPInitiatedURL => {
type => 'bool',
default => 0,
},
samlSPMetaDataOptionsForceUTF8 => {
type => 'bool',
default => 1,
},
samlSPMetaDataOptionsAuthnLevel => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation =>
'Authentication level requires to access to this SP',
},
samlSPMetaDataOptionsRule => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation => 'Rule to grant access to this SP',
},
samlSPMetaDataMacros => {
type => 'keyTextContainer',
help =>
'exportedvars.html#extend-variables-using-macros-and-groups',
test => {
keyTest => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
keyMsgFail => '__badMacroName__',
test => sub { return perlExpr(@_) },
},
default => {},
documentation => 'Macros',
},
# AUTH, USERDB and PASSWORD MODULES
authentication => {
type => 'select',
select => [
{ k => 'Apache', v => 'Apache' },
{ k => 'AD', v => 'Active Directory' },
{ k => 'DBI', v => 'Database (DBI)' },
{ k => 'Facebook', v => 'Facebook' },
{ k => 'GitHub', v => 'GitHub' },
{ k => 'GPG', v => 'GPG' },
{ k => 'Kerberos', v => 'Kerberos' },
{ k => 'LDAP', v => 'LDAP' },
{ k => 'LinkedIn', v => 'LinkedIn' },
{ k => 'PAM', v => 'PAM' },
{ k => 'Radius', v => 'Radius' },
{ k => 'REST', v => 'REST' },
{ k => 'SSL', v => 'mTLS' },
{ k => 'Twitter', v => 'Twitter' },
{ k => 'WebID', v => 'WebID (deprecated)' },
{ k => 'WebAuthn', v => 'WebAuthn' },
{ k => 'Demo', v => 'Demonstration' },
{ k => 'Choice', v => 'authChoice' },
{ k => 'Combination', v => 'combineMods' },
{ k => 'CAS', v => 'Central Authentication Service (CAS)' },
{ k => 'OpenID', v => 'OpenID 2.0 (deprecated)' },
{ k => 'OpenIDConnect', v => 'OpenID Connect' },
{ k => 'SAML', v => 'SAML v2' },
{ k => 'Proxy', v => 'Proxy' },
{ k => 'Remote', v => 'Remote' },
{ k => 'Slave', v => 'Slave' },
{ k => 'Null', v => 'None' },
{ k => 'Custom', v => 'customModule' },
],
default => 'Demo',
documentation => 'Authentication module',
},
userDB => {
type => 'select',
select => [
{ k => 'Same', v => 'Same' },
{ k => 'AD', v => 'Active Directory' },
{ k => 'DBI', v => 'Database (DBI)' },
{ k => 'LDAP', v => 'LDAP' },
{ k => 'REST', v => 'REST' },
{ k => 'Null', v => 'None' },
{ k => 'Custom', v => 'customModule' },
],
default => 'Same',
documentation => 'User module',
},
passwordDB => {
type => 'select',
select => [
{ k => 'AD', v => 'Active Directory' },
{ k => 'Choice', v => 'authChoice' },
{ k => 'DBI', v => 'Database (DBI)' },
{ k => 'Demo', v => 'Demonstration' },
{ k => 'LDAP', v => 'LDAP' },
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
documentation => 'Session required for back/front channel logout',
},
oidcRPMetaDataOptionsPublic => {
type => 'bool',
default => 0,
documentation => 'Declare this RP as public client',
},
oidcRPMetaDataOptionsRequirePKCE => {
type => 'bool',
default => 0,
documentation => 'Require PKCE',
},
oidcRPMetaDataOptionsAllowOffline => {
type => 'bool',
default => 0,
documentation => 'Allow offline access',
},
oidcRPMetaDataOptionsAllowPasswordGrant => {
type => 'bool',
default => 0,
documentation =>
'Allow OAuth2 Resource Owner Password Credentials Grant',
},
oidcRPMetaDataOptionsAllowClientCredentialsGrant => {
type => 'bool',
default => 0,
documentation => 'Allow OAuth2 Client Credentials Grant',
},
oidcRPMetaDataOptionsRefreshToken => {
type => 'bool',
default => 0,
documentation => 'Issue refresh tokens',
},
oidcRPMetaDataOptionsRefreshTokenRotation => {
type => 'bool',
default => 0,
documentation => 'Invalidate refresh token after use',
},
oidcRPMetaDataOptionsRtActivity => {
type => 'int',
test => sub { $_[0] >= 0 },
default => 0,
documentation => 'refresh_token activity timeout',
},
oidcRPMetaDataOptionsAuthnLevel => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation =>
'Authentication level requires to access to this RP',
},
oidcRPMetaDataOptionsRule => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation => 'Rule to grant access to this RP',
},
oidcRPMetaDataOptionsAllowNativeSso => {
type => 'bool',
default => 0,
documentation => 'Allow Native SSO for Mobile Apps',
},
oidcRPMetaDataMacros => {
type => 'keyTextContainer',
help =>
'exportedvars.html#extend-variables-using-macros-and-groups',
test => {
keyTest => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
keyMsgFail => '__badMacroName__',
test => sub { return perlExpr(@_) },
},
default => {},
documentation => 'Macros',
},
oidcRPMetaDataScopeRules => {
type => 'keyTextContainer',
help => 'idpopenidconnect.html#scope-rules',
test => {
# RFC6749
keyTest => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/,
keyMsgFail => '__badMacroName__',
test => sub { return perlExpr(@_) },
},
default => {},
documentation => 'Scope rules',
},
oidcRPMetaDataOptionsJwks => {
type => 'file',
keyTest => sub { 1 },
documentation => 'Relying party JWKS document',
},
oidcRPMetaDataOptionsJwksUri => {
type => 'url',
help => 'idpopenidconnect.html',
documentation =>
'Relying party JWKS endpoint (to get encryption keys)',
},
oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg => {
type => 'select',
select => oidcEncAlgorithmAlg,
documentation => '"alg" algorithm for access_token encryption',
},
oidcRPMetaDataOptionsAccessTokenEncContentEncAlg => {
type => 'select',
select => oidcEncAlgorithmEnc,
default => 'A256GCM',
documentation => '"enc" algorithm for access_token encryption',
},
oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg => {
type => 'select',
select => oidcEncAlgorithmAlg,
documentation => '"alg" algorithm for id_token encryption',
},
oidcRPMetaDataOptionsIdTokenEncContentEncAlg => {
type => 'select',
select => oidcEncAlgorithmEnc,
default => 'A256GCM',
documentation => '"enc" algorithm for id_token encryption',
},
oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg => {
type => 'select',
select => oidcEncAlgorithmAlg,
documentation => '"alg" algorithm for user_info encryption',
},
oidcRPMetaDataOptionsUserInfoEncContentEncAlg => {
type => 'select',
select => oidcEncAlgorithmEnc,
default => 'A256GCM',
documentation => '"enc" algorithm for user_info encryption',
},
oidcRPMetaDataOptionsLogoutEncKeyMgtAlg => {
type => 'select',
select => oidcEncAlgorithmAlg,
documentation => '"alg" algorithm for logout token encryption',
},
oidcRPMetaDataOptionsLogoutEncContentEncAlg => {
type => 'select',
select => oidcEncAlgorithmEnc,
default => 'A256GCM',
documentation => '"enc" algorithm for logout encryption',
},
( run in 0.375 second using v1.01-cache-2.11-cpan-39bf76dae61 )