From c9072bfdb3b00b456f201164eaa6f9ffa60ef983 Mon Sep 17 00:00:00 2001 From: Camille Moussu Date: Fri, 24 May 2024 17:44:48 +0400 Subject: [PATCH] [#15 + #6]added issuer dashboard and tooltips --- src/App.tsx | 8 +- .../applicationsComponents/AppPage.css | 3 + .../issuersComponents/CasIssuer.tsx | 337 +++++++ .../issuersComponents/SAMLIssuer.tsx | 590 +++++++++++ .../managerComponents/VisuallyHiddenInput.tsx | 13 + src/dashboards/IssuerDashboard.tsx | 25 + src/dashboards/Manager.tsx | 106 +- src/pages/Configuration.tsx | 22 +- src/static/definitions.json | 921 +++++++++++++++++- src/utils/types.ts | 6 +- 10 files changed, 1967 insertions(+), 64 deletions(-) create mode 100644 src/components/issuersComponents/CasIssuer.tsx create mode 100644 src/components/issuersComponents/SAMLIssuer.tsx create mode 100644 src/components/managerComponents/VisuallyHiddenInput.tsx create mode 100644 src/dashboards/IssuerDashboard.tsx diff --git a/src/App.tsx b/src/App.tsx index d6b71d4..2bd41cd 100644 --- a/src/App.tsx +++ b/src/App.tsx @@ -1,11 +1,11 @@ -import Navbar from "./components/Navbar"; -import "./App.css"; import { Suspense } from "react"; import { useTranslation } from "react-i18next"; -import { HistoryRouter as Router } from "redux-first-history/rr6"; import { Route, Routes } from "react-router-dom"; -import { history } from "./app/store"; +import { HistoryRouter as Router } from "redux-first-history/rr6"; +import "./App.css"; import { useAppSelector } from "./app/hooks"; +import { history } from "./app/store"; +import Navbar from "./components/Navbar"; import { Configuration } from "./pages/Configuration"; function App() { diff --git a/src/components/applicationsComponents/AppPage.css b/src/components/applicationsComponents/AppPage.css index f94840a..dbc1646 100644 --- a/src/components/applicationsComponents/AppPage.css +++ b/src/components/applicationsComponents/AppPage.css @@ -91,6 +91,9 @@ textarea { .optionNavbar :hover { color: #ffffff; } +.option.selected { + color: #ffffff; +} .scopes { display: flex; diff --git a/src/components/issuersComponents/CasIssuer.tsx b/src/components/issuersComponents/CasIssuer.tsx new file mode 100644 index 0000000..a325bf6 --- /dev/null +++ b/src/components/issuersComponents/CasIssuer.tsx @@ -0,0 +1,337 @@ +import AddCircleIcon from "@mui/icons-material/AddCircle"; +import { + Button, + FormControl, + FormControlLabel, + InputLabel, + MenuItem, + Radio, + RadioGroup, + Select, + TextField, + Tooltip, +} from "@mui/material"; +import { t } from "i18next"; +import Markdown from "markdown-to-jsx"; +import { useState } from "react"; +import { useAppDispatch, useAppSelector } from "../../app/hooks"; +import { + toggleCAS, + updateConfigParams, +} from "../../features/config/configSlice"; +import attributes from "../../static/attributes.json"; +import definitions from "../../static/definitions.json"; +import { TableVars } from "../applicationsComponents/TableVars"; +export function CasIssuer() { + const config = useAppSelector((state) => state.config.data.config); + const dispatch = useAppDispatch(); + const [option, setOption] = useState("basic"); + return ( +
+ {t("casServiceMetadata")} +
+ + + +
+
+ {option === "basic" && ( +
+ + + + + {(definitions + ? definitions.issuerDBCASActivation + : "") + ""} + + } + > + + + + + + {definitions.casAttr}}> + + + + + + {definitions.casAccessControlPolicy} + } + > + + + + + + {definitions.casStrictMatching}} + > + + + + + + {definitions.casTicketExpiration} + } + > + + + + + + + {definitions.casBackChannelSingleLogout} + + } + > + + + + + + {definitions.casStorage}} + > + + + + + +
{t("issuerDBCASActivation")} + + dispatch(toggleCAS())} + > + } + label={t("on")} + /> + } + label={t("off")} + /> + + +
{t("casAttr")} + + dispatch( + updateConfigParams({ + param: "casAttr", + value: e.target.value, + }) + ) + } + /> +
{t("casAccessControlPolicy")} + + {t("casAccessControlPolicy")} + + +
{t("casStrictMatching")} + + + dispatch( + updateConfigParams({ + param: "casStrictMatching", + value: e.target.value, + }) + ) + } + > + } + label={t("on")} + /> + } + label={t("off")} + /> + + +
{t("casTicketExpiration")} + + dispatch( + updateConfigParams({ + param: "casTicketExpiration", + value: e.target.value, + }) + ) + } + /> +
{t("casBackChannelSingleLogout")} + + + dispatch( + updateConfigParams({ + param: "casBackChannelSingleLogout", + value: e.target.value, + }) + ) + } + > + } + label={t("on")} + /> + } + label={t("off")} + /> + + +
{t("casStorage")} + + dispatch( + updateConfigParams({ + param: "casStorage", + value: e.target.value, + }) + ) + } + /> +
+
+ )} + {option === "casStorageOptions" && ( + + + + + + + + + {TableVars( + "cas", + config.casStorageOptions ? config.casStorageOptions : {}, + "casStorageOptions", + console.log, + console.log, + console.log + )} +
{t("keys")}{t("values")} + +
+ )} + {option === "casAttributes" && ( + + + + + + + + + {TableVars( + "cas", + config.casAttributes ? config.casAttributes : {}, + "casAttributes", + console.log, + console.log, + console.log + )} +
{t("keys")}{t("values")} + +
+ )} +
+
+ ); +} diff --git a/src/components/issuersComponents/SAMLIssuer.tsx b/src/components/issuersComponents/SAMLIssuer.tsx new file mode 100644 index 0000000..aa44a27 --- /dev/null +++ b/src/components/issuersComponents/SAMLIssuer.tsx @@ -0,0 +1,590 @@ +import AddCircleIcon from "@mui/icons-material/AddCircle"; +import CloudUploadIcon from "@mui/icons-material/CloudUpload"; +import ExpandMoreIcon from "@mui/icons-material/ExpandMore"; +import { + Accordion, + AccordionSummary, + Button, + FormControl, + FormControlLabel, + Radio, + RadioGroup, + TextField, + Tooltip, +} from "@mui/material"; +import { t } from "i18next"; +import Markdown from "markdown-to-jsx"; +import { ChangeEvent, useState } from "react"; +import { useAppDispatch, useAppSelector } from "../../app/hooks"; +import { + saveSAMLPrivIdSig, + saveSAMLPrivSig, + saveSAMLPubSig, + toggleSAML, + updateConfigParams, +} from "../../features/config/configSlice"; +import definitions from "../../static/definitions.json"; +import { GenerateKeys } from "../../utils/generateKey"; +import { handleChangeFile } from "../../utils/readFiles"; +import { TableVars } from "../applicationsComponents/TableVars"; +import { VisuallyHiddenInput } from "../managerComponents/VisuallyHiddenInput"; +export function SAMLIssuer() { + const config = useAppSelector((state) => state.config.data.config); + const dispatch = useAppDispatch(); + const [option, setOption] = useState("basic"); + const handleGenerateKeys = async () => { + try { + const result = await GenerateKeys(); + + result.hash ? dispatch(saveSAMLPrivIdSig(result.hash)) : console.log(); + dispatch(saveSAMLPrivSig(result.private)); + dispatch(saveSAMLPubSig(result.public)); + } catch (error) { + console.error("Error generating keys:", error); + } + }; + + return ( +
+ {t("samlServiceMetaData")} +
+ + + + +
+
+ {option === "basic" && ( +
+ + + + + {(definitions + ? definitions.issuerDBSAMLActivation + : "") + ""} + + } + > + + + + + + {definitions.samlEntityID}} + > + + + + + +
{t("issuerDBSAMLActivation")} + + dispatch(toggleSAML())} + > + } + label={t("on")} + /> + } + label={t("off")} + /> + + +
{t("samlEntityID")} + + dispatch( + updateConfigParams({ + param: "samlEntityID", + value: e.target.value, + }) + ) + } + /> +
+ + }> + {t("samlOrganization")} + + + + + + + {definitions.samlOrganizationDisplayName} + + } + > + + + + + + {definitions.samlOrganizationName} + } + > + + + + + + {definitions.samlOrganizationURL} + } + > + + + + + +
{t("samlOrganizationDisplayName")} + + dispatch( + updateConfigParams({ + param: "samlOrganizationDisplayName", + value: e.target.value, + }) + ) + } + /> +
{t("samlOrganizationName")} + + dispatch( + updateConfigParams({ + param: "samlOrganizationName", + value: e.target.value, + }) + ) + } + /> +
{t("samlOrganizationURL")} + + dispatch( + updateConfigParams({ + param: "samlOrganizationURL", + value: e.target.value, + }) + ) + } + /> +
+ +
+ )} + {option === "samlServiceSecurity" && ( + + + + + + + + + + + + + + + + + + + +
+
{t("samlServicePrivateKeySig")}
+ + 		+ dispatch(saveSAMLPrivSig(e.target.value))} + /> +
{t("samlServiceKeyIdSig")} + + dispatch(saveSAMLPrivIdSig(e.target.value)) + } + /> +
+
{t("samlServicePublicKeySig")}
+ + 		+ dispatch(saveSAMLPubSig(e.target.value))} + /> +
+ +
+ )} + {option === "providerOptions" && ( + <> + + }> + {t("samlSPSSODescriptor")} + + + + + + + {(definitions + ? definitions.samlSPSSODescriptorAuthnRequestsSigned + : "") + ""} + + } + > + + + + + + + + {(definitions + ? definitions.samlSPSSODescriptorWantAssertionsSigned + : "") + ""} + + } + > + + + + + +
{t("samlSPSSODescriptorAuthnRequestsSigned")} + + + dispatch( + updateConfigParams({ + param: "samlSPSSODescriptorAuthnRequestsSigned", + value: e.target.value, + }) + ) + } + > + } + label={t("on")} + /> + } + label={t("off")} + /> + + +
{t("samlSPSSODescriptorWantAssertionsSigned")} + + + dispatch( + updateConfigParams({ + param: + "samlSPSSODescriptorWantAssertionsSigned", + value: e.target.value, + }) + ) + } + > + } + label={t("on")} + /> + } + label={t("off")} + /> + + +
+ + + }> + {t("samlIDPSSODescriptor")} + + + + + + + {(definitions + ? definitions.samlSPSSODescriptorAuthnRequestsSigned + : "") + ""} + + } + > + + + + + +
+ {t("samlIDPSSODescriptorWantAuthnRequestsSigned")} + + + + dispatch( + updateConfigParams({ + param: + "samlIDPSSODescriptorWantAuthnRequestsSigned", + value: e.target.value, + }) + ) + } + > + } + label={t("on")} + /> + } + label={t("off")} + /> + + +
+ + + )} + {option === "samlAdvanced" && ( + <> + + + + {definitions.samlOverrideIDPEntityID} + } + > + + + + + + {definitions.samlStorage}} + > + + + + + +
{t("samlOverrideIDPEntityID")} + + dispatch( + updateConfigParams({ + param: "samlOverrideIDPEntityID", + value: e.target.value, + }) + ) + } + /> +
{t("samlStorage")} + + dispatch( + updateConfigParams({ + param: "samlStorage", + value: e.target.value, + }) + ) + } + /> +
+ + + + + + + + + {TableVars( + "samlStorageOptions", + config.samlStorageOptions ? config.samlStorageOptions : {}, + "samlStorageOptions", + console.log, + console.log, + console.log + )} +
{t("keys")}{t("values")} + +
+ + )} +
+
+ ); +} diff --git a/src/components/managerComponents/VisuallyHiddenInput.tsx b/src/components/managerComponents/VisuallyHiddenInput.tsx new file mode 100644 index 0000000..4bc71f9 --- /dev/null +++ b/src/components/managerComponents/VisuallyHiddenInput.tsx @@ -0,0 +1,13 @@ +import { styled } from "@mui/material"; + +export const VisuallyHiddenInput = styled("input")({ + clip: "rect(0 0 0 0)", + clipPath: "inset(50%)", + height: 1, + overflow: "hidden", + position: "absolute", + bottom: 0, + left: 0, + whiteSpace: "nowrap", + width: 1, +}); diff --git a/src/dashboards/IssuerDashboard.tsx b/src/dashboards/IssuerDashboard.tsx new file mode 100644 index 0000000..209218d --- /dev/null +++ b/src/dashboards/IssuerDashboard.tsx @@ -0,0 +1,25 @@ +import { useAppDispatch } from "../app/hooks"; +import { CasIssuer } from "../components/issuersComponents/CasIssuer"; +import { SAMLIssuer } from "../components/issuersComponents/SAMLIssuer"; +import { setError } from "../features/config/configSlice"; + +export function IssuerDashboard({ type }: { type: string }) { + const dispatch = useAppDispatch(); + try { + switch (type) { + case "cas": + return ; + case "saml": + return ; + // case "oidc": + // return ; + default: + return
¯\_(ツ)_/¯
; + } + } catch (e) { + if (e instanceof Error) { + dispatch(setError(e.message)); + } + return
e
; + } +} diff --git a/src/dashboards/Manager.tsx b/src/dashboards/Manager.tsx index 4c9f1ab..5e84657 100644 --- a/src/dashboards/Manager.tsx +++ b/src/dashboards/Manager.tsx @@ -1,22 +1,22 @@ +import ArrowBackIcon from "@mui/icons-material/ArrowBack"; +import ArrowForwardIcon from "@mui/icons-material/ArrowForward"; +import CachedIcon from "@mui/icons-material/Cached"; +import { Button, Divider, Menu, MenuItem, Pagination } from "@mui/material"; import { ChangeEvent, useEffect, useState } from "react"; +import { useTranslation } from "react-i18next"; +import { useLocation } from "react-router-dom"; +import { push } from "redux-first-history"; import { useAppDispatch, useAppSelector } from "../app/hooks"; +import AppCard from "../components/managerComponents/AppCard"; +import FilterToggle from "../components/managerComponents/Filters"; +import Issuers from "../components/managerComponents/Issuers"; import { getConfigAsync, removeError, setError, } from "../features/config/configSlice"; -import AppCard from "../components/managerComponents/AppCard"; -import Issuers from "../components/managerComponents/Issuers"; -import FilterToggle from "../components/managerComponents/Filters"; import { ruleCAS, ruleOIDC, ruleSAML } from "../utils/rules"; -import { useTranslation } from "react-i18next"; import "./Manager.css"; -import { Button, Divider, Menu, MenuItem, Pagination } from "@mui/material"; -import ArrowBackIcon from "@mui/icons-material/ArrowBack"; -import ArrowForwardIcon from "@mui/icons-material/ArrowForward"; -import CachedIcon from "@mui/icons-material/Cached"; -import { push } from "redux-first-history"; -import { useLocation } from "react-router-dom"; export default function Manager() { const dispatch = useAppDispatch(); @@ -181,50 +181,48 @@ export default function Manager() { return ( <> -
- {t("currentConfiguration")} - - - - -
{pages[page - 1]}
- -
+ {t("currentConfiguration")} + + + + +
{pages[page - 1]}
+ state.config.data.metadata); + const dispatch = useAppDispatch(); switch (location.type) { case "app": return (
- {t("conf")} {metadata.cfgNum} + dispatch(push(`#conf/${metadata.cfgNum}`))}> + {t("conf")} {metadata.cfgNum} + {location.type} @@ -72,6 +76,20 @@ export function Configuration({ case "issuer": return (
+ + + dispatch(push(`#conf/${metadata.cfgNum}`))}> + {t("conf")} {metadata.cfgNum} + + + + {t(location.type)} + + + + {t(location.info.name)} + +
); diff --git a/src/static/definitions.json b/src/static/definitions.json index 607b390..ee80eac 100644 --- a/src/static/definitions.json +++ b/src/static/definitions.json @@ -1,3 +1,922 @@ { - "test": "## définition courte et efficace du parametre\n Le formatage de la définition est du **markdown** stocké dans un _JSON_" + "test": "## définition courte et efficace du parametre\n Le formatage de la définition est du **markdown** stocké dans un _JSON_", + "ADPwdExpireWarning": "AD password expire warning", + "ADPwdMaxAge": "AD password max age", + "AuthLDAPFilter": "LDAP filter for auth search", + "LDAPFilter": "Default LDAP filter", + "SMTPAuthPass": "Password to use to send mails", + "SMTPAuthUser": "Login to use to send mails", + "SMTPPort": "Fix SMTP port", + "SMTPServer": "SMTP Server", + "SMTPTLS": "TLS protocol to use with SMTP", + "SMTPTLSOpts": "TLS/SSL options for SMTP", + "SSLAuthnLevel": "SSL authentication level", + "SSLIssuerVar": null, + "SSLVar": null, + "SSLVarIf": null, + "activeTimer": "Enable timers on portal pages", + "adaptativeAuthenticationLevelRules": "Adaptative authentication level rules", + "apacheAuthnLevel": "Apache authentication level", + "applicationList": "Applications list", + "authChoiceAuthBasic": "Auth module used by AuthBasic handler", + "authChoiceFindUser": "Auth module used by FindUser plugin", + "authChoiceModules": "Hash list of Choice strings", + "authChoiceParam": "Applications list", + "authentication": "Authentication module", + "autoSigninRules": "List of auto signin rules", + "available2F": "Available second factor modules", + "available2FSelfRegistration": "Available self-registration modules for second factor", + "avoidAssignment": "Avoid assignment in expressions", + "browsersDontStorePassword": "Avoid browsers to store users password", + "bruteForceProtection": "Enable brute force attack protection", + "bruteForceProtectionIncrementalTempo": "Enable incremental lock time for brute force attack protection", + "bruteForceProtectionLockTimes": "Incremental lock time values for brute force attack protection", + "bruteForceProtectionMaxAge": "Max age between current and first failed login", + "bruteForceProtectionMaxFailed": "Max allowed failed login", + "bruteForceProtectionMaxLockTime": "Max lock time", + "bruteForceProtectionTempo": "Lock time", + "captcha": "Captcha backend module", + "captchaOptions": "Captcha module options", + "captcha_login_enabled": "Captcha on login page", + "captcha_mail_enabled": "Captcha on password reset page", + "captcha_register_enabled": "Captcha on account creation page", + "captcha_size": "Captcha size", + "casAccessControlPolicy": "CAS access control policy", + "casAppMetaDataExportedVars": "CAS exported variables", + "casAppMetaDataMacros": "Macros", + "casAppMetaDataNodes": null, + "casAppMetaDataOptions": "Root of CAS app options", + "casAppMetaDataOptionsAuthnLevel": "Authentication level requires to access to this CAS application", + "casAppMetaDataOptionsComment": "Comment for this CAS application", + "casAppMetaDataOptionsDisplayName": null, + "casAppMetaDataOptionsLogout": null, + "casAppMetaDataOptionsRule": "CAS application rule", + "casAppMetaDataOptionsService": "CAS application service", + "casAppMetaDataOptionsUserAttribute": "CAS User attribute", + "casAttr": "Pivot attribute for CAS", + "casAttributes": "CAS exported attributes", + "casAuthnLevel": "CAS authentication level", + "casBackChannelSingleLogout": "Enable CAS (Back-Channel) Single Logout", + "casSrvMetaDataExportedVars": "CAS exported variables", + "casSrvMetaDataNodes": null, + "casSrvMetaDataOptions": "Root of CAS server options", + "casSrvMetaDataOptionsComment": "Comment for this CAS server", + "casSrvMetaDataOptionsDisplayName": "Name to display for this CAS server", + "casSrvMetaDataOptionsGateway": null, + "casSrvMetaDataOptionsIcon": "Path of CAS server icon", + "casSrvMetaDataOptionsProxiedServices": null, + "casSrvMetaDataOptionsRenew": null, + "casSrvMetaDataOptionsResolutionRule": null, + "casSrvMetaDataOptionsSortNumber": "Number to sort buttons", + "casSrvMetaDataOptionsTooltip": "Tooltip for this CAS Server", + "casSrvMetaDataOptionsUrl": null, + "casStorage": "Apache::Session module to store CAS user data", + "casStorageOptions": "Apache::Session module parameters", + "casStrictMatching": "Disable host-based matching of CAS services", + "casTicketExpiration": "Expiration time of Service and Proxy tickets", + "cda": "Enable Cross Domain Authentication", + "certificateResetByMailCeaAttribute": null, + "certificateResetByMailCertificateAttribute": null, + "certificateResetByMailStep1Body": "Custom Certificate reset mail body", + "certificateResetByMailStep1Subject": "Mail subject for certificate reset email", + "certificateResetByMailStep2Body": "Custom confirm Certificate reset mail body", + "certificateResetByMailStep2Subject": "Mail subject for reset confirmation", + "certificateResetByMailURL": "URL of certificate reset page", + "certificateResetByMailValidityDelay": null, + "cfgAuthor": "Name of the author of the current configuration", + "cfgAuthorIP": "Uploader IP address of the current configuration", + "cfgDate": "Timestamp of the current configuration", + "cfgLog": "Configuration update log", + "cfgNum": "Enable Cross Domain Authentication", + "cfgVersion": "Version of LLNG which build configuration", + "checkDevOps": "Enable check DevOps", + "checkDevOpsCheckSessionAttributes": "Check if session attributes exist", + "checkDevOpsDisplayNormalizedHeaders": "Display normalized headers", + "checkDevOpsDownload": "Enable check DevOps download field", + "checkEntropy": "Enable entropy check of password", + "checkEntropyRequired": "Require entropy check to pass", + "checkEntropyRequiredLevel": "Minimal entropy required for the password to be accepted", + "checkHIBP": "Enable check HIBP", + "checkHIBPRequired": "Require HIBP check to pass", + "checkHIBPURL": "URL of Have I Been Pwned API", + "checkState": "Enable CheckState plugin", + "checkStateSecret": "Secret token for CheckState plugin", + "checkTime": "Timeout to check new configuration in local cache", + "checkUser": "Enable check user", + "checkUserDisplayComputedSession": "Display empty headers rule", + "checkUserDisplayEmptyHeaders": "Display empty headers rule", + "checkUserDisplayEmptyValues": "Display session empty values rule", + "checkUserDisplayHiddenAttributes": "Display hidden attributes rule", + "checkUserDisplayHistory": "Display history rule", + "checkUserDisplayNormalizedHeaders": "Display normalized headers rule", + "checkUserDisplayPersistentInfo": "Display persistent session info rule", + "checkUserHiddenAttributes": "Attributes to hide in CheckUser plugin", + "checkUserHiddenHeaders": "Header values to hide if not empty", + "checkUserIdRule": "checkUser identities rule", + "checkUserSearchAttributes": "Attributes used for retrieving sessions in user DataBase", + "checkUserUnrestrictedUsersRule": "checkUser unrestricted users rule", + "checkXSS": "Check XSS", + "combModules": "Combination module description", + "combination": "Combination rule", + "compactConf": "Compact configuration", + "configStorage": "Configuration storage", + "confirmFormMethod": "HTTP method for confirm page form", + "contextSwitchingAllowed2fModifications": "Allowed SFA modifications", + "contextSwitchingIdRule": "Context switching identities rule", + "contextSwitchingPrefix": "Prefix to store real session Id", + "contextSwitchingRule": "Context switching activation rule", + "contextSwitchingStopWithLogout": "Stop context switching by logout", + "contextSwitchingUnrestrictedUsersRule": "Context switching unrestricted users rule", + "cookieExpiration": "Cookie expiration", + "cookieName": "Name of the main cookie", + "corsAllow_Credentials": "Allow credentials for Cross-Origin Resource Sharing", + "corsAllow_Headers": "Allowed headers for Cross-Origin Resource Sharing", + "corsAllow_Methods": "Allowed methods for Cross-Origin Resource Sharing", + "corsAllow_Origin": "Allowed origine for Cross-Origin Resource Sharing", + "corsEnabled": "Enable Cross-Origin Resource Sharing", + "corsExpose_Headers": "Exposed headers for Cross-Origin Resource Sharing", + "corsMax_Age": "Max-age for Cross-Origin Resource Sharing", + "crowdsec": "CrowdSec plugin activation", + "crowdsecAction": "CrowdSec action", + "crowdsecKey": "CrowdSec API key", + "crowdsecUrl": "Base URL of CrowdSec local API", + "cspConnect": "Authorized Ajax destination for Content-Security-Policy", + "cspDefault": "Default value for Content-Security-Policy", + "cspFont": "Font source for Content-Security-Policy", + "cspFormAction": "Form action destination for Content-Security-Policy", + "cspFrameAncestors": "Frame-Ancestors for Content-Security-Policy", + "cspImg": "Image source for Content-Security-Policy", + "cspScript": "Javascript source for Content-Security-Policy", + "cspStyle": "Style source for Content-Security-Policy", + "customAddParams": "Custom additional parameters", + "customAuth": "Custom auth module", + "customFunctions": "List of custom functions", + "customPassword": "Custom password module", + "customPlugins": "Custom plugins", + "customPluginsParams": "Custom plugins parameters", + "customRegister": "Custom register module", + "customResetCertByMail": "Custom certificateResetByMail module", + "customToTrace": "Session parameter used to fill REMOTE_CUSTOM", + "customUserDB": "Custom user DB module", + "dbiAuthChain": null, + "dbiAuthLoginCol": null, + "dbiAuthPassword": null, + "dbiAuthPasswordCol": null, + "dbiAuthPasswordHash": null, + "dbiAuthTable": null, + "dbiAuthUser": null, + "dbiAuthnLevel": "DBI authentication level", + "dbiDynamicHashEnabled": null, + "dbiDynamicHashNewPasswordScheme": null, + "dbiDynamicHashValidSaltedSchemes": null, + "dbiDynamicHashValidSchemes": null, + "dbiExportedVars": "DBI exported variables", + "dbiPasswordMailCol": null, + "dbiUserChain": null, + "dbiUserPassword": null, + "dbiUserTable": null, + "dbiUserUser": null, + "decryptValueFunctions": "Custom function used for decrypting values", + "decryptValueRule": "Decrypt value activation rule", + "defaultNewKeySize": "Default size for new RSA key helper", + "demoExportedVars": "Demo exported variables", + "disablePersistentStorage": "Enabled persistent storage", + "displaySessionId": "Display _session_id with sessions explorer", + "domain": "DNS domain", + "exportedAttr": "List of attributes to export by SOAP or REST servers", + "exportedHeaders": "Virtualhost headers", + "exportedVars": "Main exported variables", + "ext2FSendCommand": "Send command of External second factor", + "ext2FValidateCommand": "Validation command of External second factor", + "ext2fActivation": "External second factor activation", + "ext2fAuthnLevel": "Authentication level for users authentified by External second factor", + "ext2fCodeActivation": "OTP generated by Portal", + "ext2fLabel": "Portal label for External second factor", + "ext2fLogo": "Custom logo for External 2F", + "ext2fResendInterval": "Delay before user is allowed to resend code", + "facebookAppId": null, + "facebookAppSecret": null, + "facebookAuthnLevel": "Facebook authentication level", + "facebookExportedVars": "Facebook exported variables", + "facebookUserField": null, + "failedLoginNumber": "Number of failures stored in login history", + "findUser": "Enable find user", + "findUserControl": "Regular expression to validate parameters", + "findUserExcludingAttributes": "Attributes used for excluding accounts", + "findUserSearchingAttributes": "Attributes used for searching accounts", + "findUserWildcard": "Character used as wildcard", + "forceGlobalStorageIssuerOTT": "Force Issuer tokens to be stored into Global Storage", + "forceGlobalStorageUpgradeOTT": "Force Upgrade tokens be stored into Global Storage", + "formTimeout": "Token timeout for forms", + "githubAuthnLevel": "GitHub authentication level", + "githubClientID": null, + "githubClientSecret": null, + "githubScope": null, + "githubUserField": null, + "globalLogoutCustomParam": "Custom session parameter to display", + "globalLogoutRule": "Global logout activation rule", + "globalLogoutTimer": "Global logout auto accept time", + "globalStorage": "Session backend module", + "globalStorageOptions": "Session backend module options", + "gpgAuthnLevel": "GPG authentication level", + "gpgDb": "GPG keys database", + "grantSessionRules": "Rules to grant sessions", + "groupLDAPFilter": "LDAP filter for group search", + "groups": "Groups", + "groupsBeforeMacros": "Compute groups before macros", + "handlerInternalCache": "Handler internal cache timeout", + "handlerServiceTokenTTL": "Handler ServiceToken timeout", + "hashedSessionStore": "Securize storage of sensible sessions", + "hiddenAttributes": "Name of attributes to hide in logs", + "hideOldPassword": "Hide old password in portal", + "httpOnly": "Enable httpOnly flag in cookie", + "https": "Use HTTPS for redirection from portal", + "impersonationHiddenAttributes": "Attributes to skip", + "impersonationIdRule": "Impersonation identities rule", + "impersonationMergeSSOgroups": "Merge spoofed and real SSO groups", + "impersonationPrefix": "Prefix to rename real session attributes", + "impersonationRule": "Impersonation activation rule", + "impersonationSkipEmptyValues": "Skip session empty values", + "impersonationUnrestrictedUsersRule": "Impersonation unrestricted users rule", + "infoFormMethod": "HTTP method for info page form", + "initializePasswordReset": "Enable Password Reset API plugin", + "initializePasswordResetSecret": "Secret key for the Initialize Password Reset API", + "issuerDBCASActivation": "CAS server activation", + "issuerDBCASPath": "CAS server request path", + "issuerDBCASRule": "CAS server rule", + "issuerDBGetActivation": "Get issuer activation", + "issuerDBGetParameters": "List of virtualHosts with their get parameters", + "issuerDBGetPath": "Get issuer request path", + "issuerDBGetRule": "Get issuer rule", + "issuerDBJitsiMeetTokensActivation": "Jitsi issuer activation", + "issuerDBJitsiMeetTokensPath": "Jitsi issuer request path", + "issuerDBJitsiMeetTokensRule": "Jitsi issuer rule", + "issuerDBOpenIDActivation": "OpenID server activation", + "issuerDBOpenIDConnectActivation": "OpenID Connect server activation", + "issuerDBOpenIDConnectPath": "OpenID Connect server request path", + "issuerDBOpenIDConnectRule": "OpenID Connect server rule", + "issuerDBOpenIDPath": "OpenID server request path", + "issuerDBOpenIDRule": "OpenID server rule", + "issuerDBSAMLActivation": "SAML IDP activation", + "issuerDBSAMLPath": "SAML IDP request path", + "issuerDBSAMLRule": "SAML IDP rule", + "issuersTimeout": "Token timeout for issuers", + "jitsiAppId": "Jitsi application ID", + "jitsiAppSecret": "Jitsi application secret", + "jitsiDefaultServer": "Jitsi server URL", + "jitsiExpiration": "Jitsi JWT expiration", + "jitsiIdAttribute": "Jitsi attribute for ID", + "jitsiMailAttribute": "Jitsi attribute for email", + "jitsiNameAttribute": "Jitsi attribute for name", + "jitsiSigningAlg": "Jitsi JWT signature method", + "jsRedirect": "Use javascript for redirections", + "key": "Secret key", + "krbAllowedDomains": "Allowed domains", + "krbAuthnLevel": "Null authentication level", + "krbByJs": "Launch Kerberos authentication by Ajax", + "krbKeytab": "Kerberos keytab", + "krbRemoveDomain": "Remove domain in Kerberos username", + "ldapAllowResetExpiredPassword": "Allow a user to reset his expired password", + "ldapAuthnLevel": "LDAP authentication level", + "ldapBase": "LDAP search base", + "ldapCAFile": "Location of the certificate file for LDAP connections", + "ldapCAPath": "Location of the CA directory for LDAP connections", + "ldapChangePasswordAsUser": null, + "ldapExportedVars": "LDAP exported variables", + "ldapGetUserBeforePasswordChange": null, + "ldapGroupAttributeName": "LDAP attribute name for member in groups", + "ldapGroupAttributeNameGroup": "LDAP attribute name in group entry referenced as member in groups", + "ldapGroupAttributeNameSearch": "LDAP attributes to search in groups", + "ldapGroupAttributeNameUser": "LDAP attribute name in user entry referenced as member in groups", + "ldapGroupBase": null, + "ldapGroupDecodeSearchedValue": "Decode value before searching it in LDAP groups", + "ldapGroupObjectClass": "LDAP object class of groups", + "ldapGroupRecursive": "LDAP recursive search in groups", + "ldapIOTimeout": "LDAP operation timeout", + "ldapITDS": "Support for IBM Tivoli Directory Server", + "ldapPasswordResetAttribute": "LDAP password reset attribute", + "ldapPasswordResetAttributeValue": "LDAP password reset value", + "ldapPort": "LDAP port", + "ldapPpolicyControl": null, + "ldapPwdEnc": "LDAP password encoding", + "ldapRaw": null, + "ldapSearchDeref": "\"deref\" param of Net::LDAP::search()", + "ldapServer": "LDAP server (host or URI)", + "ldapSetPassword": null, + "ldapTimeout": "LDAP connection timeout", + "ldapUsePasswordResetAttribute": "LDAP store reset flag in an attribute", + "ldapVerify": "Whether to validate LDAP certificates", + "ldapVersion": "LDAP protocol version", + "linkedInAuthnLevel": "LinkedIn authentication level", + "linkedInClientID": null, + "linkedInClientSecret": null, + "linkedInFields": null, + "linkedInScope": null, + "linkedInUserField": null, + "localSessionStorage": "Local sessions cache module", + "localSessionStorageOptions": "Sessions cache module options", + "localStorage": "Local cache", + "localStorageOptions": "Local cache parameters", + "locationDetect": "Enable LocationDetect plugin", + "locationDetectGeoIpDatabase": "Path to GeoIP database", + "locationDetectGeoIpLanguages": "Languages for GeoIP database", + "locationDetectIpDetail": "Information requested for IP", + "locationDetectUaDetail": "Information requested for User Agent", + "locationRules": "Virtualhost rules", + "log4perlConfFile": "Log4Perl logger configuration file", + "logLevel": "Log level, must be set in .ini", + "logger": "technical logger", + "loginHistoryEnabled": "Enable login history", + "logoutServices": "Send logout trough GET request to these services", + "lwpOpts": "Options passed to LWP::UserAgent", + "lwpSslOpts": "SSL options passed to LWP::UserAgent", + "macros": "Macros", + "mail2fActivation": "Mail second factor activation", + "mail2fAuthnLevel": "Authentication level for users authenticated by Mail second factor", + "mail2fBody": "Mail body for second factor authentication", + "mail2fCodeRegex": "Regular expression to create a mail OTP code", + "mail2fLabel": "Portal label for Mail second factor", + "mail2fLogo": "Custom logo for Mail 2F", + "mail2fResendInterval": "Delay before user is allowed to resend code", + "mail2fSessionKey": "Session parameter where mail is stored", + "mail2fSubject": "Mail subject for second factor authentication", + "mail2fTimeout": "Second factor code timeout", + "mailBody": "Custom password reset mail body", + "mailCharset": "Mail charset", + "mailConfirmBody": "Custom confirm password reset mail body", + "mailConfirmSubject": "Mail subject for reset confirmation", + "mailFrom": "Sender email", + "mailLDAPFilter": "LDAP filter for mail search", + "mailOnPasswordChange": "Send a mail when password is changed", + "mailReplyTo": "Reply-To address", + "mailSessionKey": "Session parameter where mail is stored", + "mailSubject": "Mail subject for new password email", + "mailTimeout": "Mail password reset session timeout", + "mailUrl": "URL of password reset page", + "maintenance": "Maintenance mode for all virtual hosts", + "managerDn": "LDAP manager DN", + "managerPassword": "LDAP manager Password", + "max2FDevices": "Maximum registered 2F devices", + "max2FDevicesNameLength": "Maximum 2F devices name length", + "multiValuesSeparator": "Separator for multiple values", + "mySessionAuthorizedRWKeys": "Alterable session keys by user itself", + "newLocationWarning": "Enable New Location Warning", + "newLocationWarningLocationAttribute": "New location session attribute", + "newLocationWarningLocationDisplayAttribute": "New location session attribute for user display", + "newLocationWarningMailAttribute": "New location warning mail session attribute", + "newLocationWarningMailBody": "Mail body for new location warning", + "newLocationWarningMailSubject": "Mail subject for new location warning", + "newLocationWarningMaxValues": "How many previous locations should be compared", + "nginxCustomHandlers": "Custom Nginx handler (deprecated)", + "noAjaxHook": "Avoid replacing 302 by 401 for Ajax responses", + "notification": "Notification activation", + "notificationDefaultCond": "Notification default condition", + "notificationServer": "Notification server activation", + "notificationServerDELETE": "Notification server activation", + "notificationServerGET": "Notification server activation", + "notificationServerPOST": "Notification server activation", + "notificationServerSentAttributes": "Prameters to send with notification server GET method", + "notificationStorage": "Notification backend", + "notificationStorageOptions": "Notification backend options", + "notificationWildcard": "Notification string to match all users", + "notificationXSLTfile": "Custom XSLT document for notifications", + "notificationsExplorer": "Notifications explorer activation", + "notificationsMaxRetrieve": "Max number of displayed notifications", + "notifyDeleted": "Show deleted sessions in portal", + "notifyOther": "Show other sessions in portal", + "nullAuthnLevel": "Null authentication level", + "oidcAuthnLevel": "OpenID Connect authentication level", + "oidcDropCspHeaders": "Drop CORS headers from OIDC issuer responses", + "oidcOPMetaDataExportedVars": null, + "oidcOPMetaDataJSON": null, + "oidcOPMetaDataJWKS": null, + "oidcOPMetaDataNodes": null, + "oidcOPMetaDataOptions": null, + "oidcOPMetaDataOptionsAcrValues": null, + "oidcOPMetaDataOptionsAuthnEndpointAuthMethod": null, + "oidcOPMetaDataOptionsAuthnEndpointAuthSigAlg": null, + "oidcOPMetaDataOptionsCheckJWTSignature": null, + "oidcOPMetaDataOptionsClientID": null, + "oidcOPMetaDataOptionsClientSecret": null, + "oidcOPMetaDataOptionsComment": null, + "oidcOPMetaDataOptionsConfigurationURI": null, + "oidcOPMetaDataOptionsDisplay": null, + "oidcOPMetaDataOptionsDisplayName": null, + "oidcOPMetaDataOptionsIDTokenMaxAge": null, + "oidcOPMetaDataOptionsIcon": null, + "oidcOPMetaDataOptionsJWKSTimeout": null, + "oidcOPMetaDataOptionsMaxAge": null, + "oidcOPMetaDataOptionsPrompt": null, + "oidcOPMetaDataOptionsRequirePkce": "Use PKCE with this OP", + "oidcOPMetaDataOptionsResolutionRule": null, + "oidcOPMetaDataOptionsScope": null, + "oidcOPMetaDataOptionsSortNumber": null, + "oidcOPMetaDataOptionsStoreIDToken": null, + "oidcOPMetaDataOptionsTokenEndpointAuthMethod": null, + "oidcOPMetaDataOptionsTooltip": null, + "oidcOPMetaDataOptionsUiLocales": null, + "oidcOPMetaDataOptionsUseNonce": null, + "oidcOPMetaDataOptionsUserAttribute": null, + "oidcRPCallbackGetParam": "OpenID Connect Callback GET URLparameter", + "oidcRPMetaDataExportedVars": null, + "oidcRPMetaDataMacros": "Macros", + "oidcRPMetaDataNodes": null, + "oidcRPMetaDataOptions": null, + "oidcRPMetaDataOptionsAccessTokenClaims": null, + "oidcRPMetaDataOptionsAccessTokenEncContentEncAlg": "\"enc\" algorithm for access_token encryption", + "oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg": "\"alg\" algorithm for access_token encryption", + "oidcRPMetaDataOptionsAccessTokenExpiration": null, + "oidcRPMetaDataOptionsAccessTokenJWT": null, + "oidcRPMetaDataOptionsAccessTokenSignAlg": null, + "oidcRPMetaDataOptionsAdditionalAudiences": null, + "oidcRPMetaDataOptionsAllowClientCredentialsGrant": "Allow OAuth2 Client Credentials Grant", + "oidcRPMetaDataOptionsAllowOffline": "Allow offline access", + "oidcRPMetaDataOptionsAllowPasswordGrant": "Allow OAuth2 Resource Owner Password Credentials Grant", + "oidcRPMetaDataOptionsAuthMethod": null, + "oidcRPMetaDataOptionsAuthRequiredForAuthorize": null, + "oidcRPMetaDataOptionsAuthnLevel": "Authentication level requires to access to this RP", + "oidcRPMetaDataOptionsAuthnRequireNonce": null, + "oidcRPMetaDataOptionsAuthnRequireState": null, + "oidcRPMetaDataOptionsAuthorizationCodeExpiration": null, + "oidcRPMetaDataOptionsBypassConsent": null, + "oidcRPMetaDataOptionsClientID": null, + "oidcRPMetaDataOptionsClientSecret": null, + "oidcRPMetaDataOptionsComment": null, + "oidcRPMetaDataOptionsDisplayName": null, + "oidcRPMetaDataOptionsExtraClaims": null, + "oidcRPMetaDataOptionsIDTokenExpiration": null, + "oidcRPMetaDataOptionsIDTokenForceClaims": null, + "oidcRPMetaDataOptionsIDTokenSignAlg": null, + "oidcRPMetaDataOptionsIcon": null, + "oidcRPMetaDataOptionsIdTokenEncContentEncAlg": "\"enc\" algorithm for id_token encryption", + "oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg": "\"alg\" algorithm for id_token encryption", + "oidcRPMetaDataOptionsJwks": "Relying party JWKS document", + "oidcRPMetaDataOptionsJwksUri": "Relying party JWKS endpoint (to get encryption keys)", + "oidcRPMetaDataOptionsLogoutBypassConfirm": "Bypass logout confirmation", + "oidcRPMetaDataOptionsLogoutEncContentEncAlg": "\"enc\" algorithm for logout encryption", + "oidcRPMetaDataOptionsLogoutEncKeyMgtAlg": "\"alg\" algorithm for logout token encryption", + "oidcRPMetaDataOptionsLogoutSessionRequired": "Session required for back/front channel logout", + "oidcRPMetaDataOptionsLogoutType": "Logout type", + "oidcRPMetaDataOptionsLogoutUrl": "Logout URL", + "oidcRPMetaDataOptionsOfflineSessionExpiration": null, + "oidcRPMetaDataOptionsPostLogoutRedirectUris": null, + "oidcRPMetaDataOptionsPublic": "Declare this RP as public client", + "oidcRPMetaDataOptionsRedirectUris": null, + "oidcRPMetaDataOptionsRefreshToken": "Issue refresh tokens", + "oidcRPMetaDataOptionsRequestUris": null, + "oidcRPMetaDataOptionsRequirePKCE": "Require PKCE", + "oidcRPMetaDataOptionsRule": "Rule to grant access to this RP", + "oidcRPMetaDataOptionsTokenXAuthorizedRP": "List of RP authorized to query for an access_token of this RP", + "oidcRPMetaDataOptionsUserIDAttr": null, + "oidcRPMetaDataOptionsUserInfoEncContentEncAlg": "\"enc\" algorithm for user_info encryption", + "oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg": "\"alg\" algorithm for user_info encryption", + "oidcRPMetaDataOptionsUserInfoSignAlg": null, + "oidcRPMetaDataOptionsUserinfoRequireHeaderToken": "/userinfo endpoint requires authn using Bearer token", + "oidcRPMetaDataScopeRules": "Scope rules", + "oidcRPStateTimeout": "OpenID Connect Timeout of state sessions", + "oidcServiceAccessTokenExpiration": "OpenID Connect global access token TTL", + "oidcServiceAllowAuthorizationCodeFlow": "OpenID Connect allow authorization code flow", + "oidcServiceAllowDynamicRegistration": "OpenID Connect allow dynamic client registration", + "oidcServiceAllowHybridFlow": "OpenID Connect allow hybrid flow", + "oidcServiceAllowImplicitFlow": "OpenID Connect allow implicit flow", + "oidcServiceAllowOnlyDeclaredScopes": "OpenID Connect allow only declared scopes", + "oidcServiceAuthorizationCodeExpiration": "OpenID Connect global code TTL", + "oidcServiceDynamicRegistrationExportedVars": "OpenID Connect exported variables for dynamic registration", + "oidcServiceDynamicRegistrationExtraClaims": "OpenID Connect extra claims for dynamic registration", + "oidcServiceEncAlgorithmAlg": "JWT encryption algorithme", + "oidcServiceEncAlgorithmEnc": "JWT encryption algorithme", + "oidcServiceHideMetadata": null, + "oidcServiceIDTokenExpiration": "OpenID Connect global ID token TTL", + "oidcServiceIgnoreScopeForClaims": "OpenID Connect release all attributes even when not allowed by scope", + "oidcServiceKeyIdEnc": "OpenID Connect Encryption Key ID", + "oidcServiceKeyIdSig": "OpenID Connect Signature Key ID", + "oidcServiceKeyTypeEnc": null, + "oidcServiceKeyTypeSig": null, + "oidcServiceMetaDataAuthnContext": "OpenID Connect Authentication Context Class Ref", + "oidcServiceMetaDataAuthorizeURI": "OpenID Connect authorizaton endpoint", + "oidcServiceMetaDataBackChannelURI": "OpenID Connect Back-Channel logout endpoint", + "oidcServiceMetaDataCheckSessionURI": "OpenID Connect check session iframe", + "oidcServiceMetaDataEndSessionURI": "OpenID Connect end session endpoint", + "oidcServiceMetaDataFrontChannelURI": "OpenID Connect Front-Channel logout endpoint", + "oidcServiceMetaDataIntrospectionURI": "OpenID Connect introspection endpoint", + "oidcServiceMetaDataIssuer": "OpenID Connect issuer", + "oidcServiceMetaDataJWKSURI": "OpenID Connect JWKS endpoint", + "oidcServiceMetaDataRegistrationURI": "OpenID Connect registration endpoint", + "oidcServiceMetaDataTokenURI": "OpenID Connect token endpoint", + "oidcServiceMetaDataUserInfoURI": "OpenID Connect user info endpoint", + "oidcServiceNewKeyIdSig": "Future OpenID Connect Signature Key ID", + "oidcServiceNewKeyTypeSig": null, + "oidcServiceNewPrivateKeySig": null, + "oidcServiceNewPublicKeySig": null, + "oidcServiceOfflineSessionExpiration": "OpenID Connect global offline session TTL", + "oidcServiceOldKeyIdEnc": "Previous OpenID Connect Encryption Key ID", + "oidcServiceOldKeyIdSig": "Previous OpenID Connect Signature Key ID", + "oidcServiceOldKeyTypeEnc": null, + "oidcServiceOldKeyTypeSig": null, + "oidcServiceOldPrivateKeyEnc": null, + "oidcServiceOldPrivateKeySig": null, + "oidcServiceOldPublicKeyEnc": null, + "oidcServiceOldPublicKeySig": null, + "oidcServicePrivateKeyEnc": null, + "oidcServicePrivateKeySig": null, + "oidcServicePublicKeyEnc": null, + "oidcServicePublicKeySig": null, + "oidcStorage": "Apache::Session module to store OIDC user data", + "oidcStorageOptions": "Apache::Session module parameters", + "okta2fActivation": "Okta2F activation", + "okta2fAdminURL": "Okta Administration URL", + "okta2fApiKey": "Okta API key", + "okta2fAuthnLevel": "Authentication level for users authentified by Okta2F", + "okta2fLabel": "Portal label for Okta2F", + "okta2fLoginAttribute": "Session key containing Okta login", + "okta2fLogo": "Custom logo for Okta 2F", + "oldNotifFormat": "Use old XML format for notifications", + "openIdAttr": null, + "openIdAuthnLevel": "OpenID authentication level", + "openIdExportedVars": "OpenID exported variables", + "openIdIDPList": null, + "openIdIssuerSecret": null, + "openIdSPList": null, + "openIdSecret": null, + "openIdSreg_country": null, + "openIdSreg_dob": null, + "openIdSreg_email": "OpenID SREG email session parameter", + "openIdSreg_fullname": "OpenID SREG fullname session parameter", + "openIdSreg_gender": null, + "openIdSreg_language": null, + "openIdSreg_nickname": "OpenID SREG nickname session parameter", + "openIdSreg_postcode": null, + "openIdSreg_timezone": "OpenID SREG timezone session parameter", + "pamAuthnLevel": "PAM authentication level", + "pamService": "PAM service", + "password2fActivation": "Password2F activation", + "password2fAuthnLevel": "Authentication level for users authentified by Password2F", + "password2fLabel": "Portal label for Password2F", + "password2fLogo": "Custom logo for Password 2F", + "password2fSelfRegistration": "Password2F self registration activation", + "password2fTTL": "Password2F device time to live ", + "password2fUserCanRemoveKey": "Authorize users to remove existing Password2F secret", + "passwordDB": "Password module", + "passwordPolicyActivation": "Enable password policy", + "passwordPolicyMaxSize": "Password policy: maximal size", + "passwordPolicyMinDigit": "Password policy: minimal digit characters", + "passwordPolicyMinLower": "Password policy: minimal lower characters", + "passwordPolicyMinSize": "Password policy: minimal size", + "passwordPolicyMinSpeChar": "Password policy: minimal special characters", + "passwordPolicyMinUpper": "Password policy: minimal upper characters", + "passwordPolicySpecialChar": "Password policy: allowed special characters", + "passwordResetAllowedRetries": "Maximum number of retries to reset password", + "pdataDomain": "pdata cookie DNS domain", + "persistentSessionAttributes": "Persistent session attributes to hide", + "persistentStorage": "Storage module for persistent sessions", + "persistentStorageOptions": "Options for persistent sessions storage module", + "port": "Force port in redirection", + "portal": "Portal URL", + "portalAntiFrame": "Avoid portal to be displayed inside frames", + "portalCheckLogins": "Display login history checkbox in portal", + "portalCustomCss": "Path to custom CSS file", + "portalCustomJs": "Path to custom JS file", + "portalDisplayAppslist": "Display applications tab in portal", + "portalDisplayCertificateResetByMail": "Display certificate reset by mail button in portal", + "portalDisplayChangePassword": "Display password tab in portal", + "portalDisplayGeneratePassword": "Display password generate box in reset password form", + "portalDisplayLoginHistory": "Display login history tab in portal", + "portalDisplayLogout": "Display logout tab in portal", + "portalDisplayOidcConsents": "Display OIDC consents tab in portal", + "portalDisplayOrder": "List for ordering tabs in portal", + "portalDisplayPasswordPolicy": "Display policy in password form", + "portalDisplayRefreshMyRights": "Display link to refresh the user session", + "portalDisplayRegister": "Display register button in portal", + "portalDisplayResetPassword": "Display reset password button in portal", + "portalEnablePasswordDisplay": "Allow to display password in login form", + "portalErrorOnExpiredSession": "Show error if session is expired", + "portalErrorOnMailNotFound": "Show error if mail is not found in password reset process", + "portalFavicon": "Path to favicon file", + "portalForceAuthn": "Enable force to authenticate when displaying portal", + "portalForceAuthnInterval": "Maximum interval in seconds since last authentication to force reauthentication", + "portalMainLogo": "Portal main logo path", + "portalOpenLinkInNewWindow": "Open applications in new windows", + "portalPingInterval": "Interval in ms between portal Ajax pings ", + "portalRequireOldPassword": "Rule to require old password to change the password", + "portalSkin": "Name of portal skin", + "portalSkinBackground": "Background image of portal skin", + "portalSkinRules": "Rules to choose portal skin", + "portalStatus": "Enable portal status", + "portalUserAttr": "Session parameter to display connected user in portal", + "post": "Virtualhost urls/Data to post", + "protection": "Manager protection method", + "proxyAuthService": null, + "proxyAuthServiceChoiceParam": null, + "proxyAuthServiceChoiceValue": null, + "proxyAuthServiceImpersonation": "Enable internal portal Impersonation", + "proxyAuthnLevel": "Proxy authentication level", + "proxyCookieName": "Name of the internal portal cookie", + "proxySessionService": null, + "proxyUseSoap": "Use SOAP instead of REST", + "radius2fActivation": "Radius second factor activation", + "radius2fAuthnLevel": "Authentication level for users authenticated by Radius second factor", + "radius2fDictionaryFile": null, + "radius2fLabel": "Portal label for Radius 2F", + "radius2fLogo": "Custom logo for Radius 2F", + "radius2fRequestAttributes": "RADIUS second factor authentication attributes", + "radius2fSecret": null, + "radius2fSendInitialRequest": "Dial in to radius server before displaying form", + "radius2fServer": null, + "radius2fTimeout": "Radius 2f verification timeout", + "radius2fUsernameSessionKey": "Session key used as Radius login", + "radiusAuthnLevel": "Radius authentication level", + "radiusDictionaryFile": null, + "radiusExportedVars": "RADIUS exported variables", + "radiusRequestAttributes": "RADIUS authentication attributes", + "radiusSecret": null, + "radiusServer": null, + "radiusTimeout": null, + "randomPasswordRegexp": "Regular expression to create a random password", + "redirectFormMethod": "HTTP method for redirect page form", + "refreshSessions": "Refresh sessions plugin", + "registerConfirmBody": "Mail body for register confirmation", + "registerConfirmSubject": "Mail subject for register confirmation", + "registerDB": "Register module", + "registerDoneBody": "Mail body when register is done", + "registerDoneSubject": "Mail subject when register is done", + "registerTimeout": "Register session timeout", + "registerUrl": "URL of register page", + "reloadTimeout": "Configuration reload timeout", + "reloadUrls": "URL to call on reload", + "rememberAuthChoiceRule": "remember auth choice activation rule", + "rememberCookieName": "Name of the remember auth choice cookie", + "rememberCookieTimeout": "lifetime of the remember auth choice cookie", + "rememberDefaultChecked": "Is remember auth choice checkbox enabled by default?", + "rememberTimer": "timer before automatic authentication with remembered choice", + "remoteCookieName": "Name of the remote portal cookie", + "remoteGlobalStorage": "Remote session backend", + "remoteGlobalStorageOptions": "Apache::Session module parameters", + "remotePortal": null, + "requireToken": "Enable token for forms", + "rest2fActivation": "REST second factor activation", + "rest2fAuthnLevel": "Authentication level for users authentified by REST second factor", + "rest2fCodeActivation": "OTP generated by Portal", + "rest2fInitArgs": "Args for REST 2F init", + "rest2fInitUrl": "REST 2F init URL", + "rest2fLabel": "Portal label for REST second factor", + "rest2fLogo": "Custom logo for REST 2F", + "rest2fResendInterval": "Delay before user is allowed to resend code", + "rest2fVerifyArgs": "Args for REST 2F init", + "rest2fVerifyUrl": "REST 2F init URL", + "restAuthServer": "Enable REST authentication server", + "restAuthUrl": null, + "restAuthnLevel": "REST authentication level", + "restClockTolerance": "How tolerant the REST session server will be to clock dift", + "restConfigServer": "Enable REST config server", + "restExportSecretKeys": "Allow to export secret keys in REST session server", + "restFindUserDBUrl": null, + "restPasswordServer": "Enable REST password reset server", + "restPwdConfirmUrl": null, + "restPwdModifyUrl": null, + "restSessionServer": "Enable REST session server", + "restUserDBUrl": null, + "sameSite": "Cookie SameSite value", + "samlAttributeAuthorityDescriptorAttributeServiceSOAP": "SAML Attribute Authority SOAP", + "samlAuthnContextMapKerberos": "SAML authn context kerberos level", + "samlAuthnContextMapPassword": "SAML authn context password level", + "samlAuthnContextMapPasswordProtectedTransport": "SAML authn context password protected transport level", + "samlAuthnContextMapTLSClient": "SAML authn context TLS client level", + "samlCommonDomainCookieActivation": "SAML CDC activation", + "samlCommonDomainCookieDomain": null, + "samlCommonDomainCookieReader": null, + "samlCommonDomainCookieWriter": null, + "samlDiscoveryProtocolActivation": "SAML Discovery Protocol activation", + "samlDiscoveryProtocolIsPassive": "SAML Discovery Protocol Is Passive", + "samlDiscoveryProtocolPolicy": "SAML Discovery Protocol Policy", + "samlDiscoveryProtocolURL": "SAML Discovery Protocol EndPoint URL", + "samlEntityID": "SAML service entityID", + "samlFederationFiles": "Path to SAML Federation Metadata", + "samlIDPMetaDataExportedAttributes": null, + "samlIDPMetaDataNodes": null, + "samlIDPMetaDataOptions": null, + "samlIDPMetaDataOptionsAdaptSessionUtime": null, + "samlIDPMetaDataOptionsAllowLoginFromIDP": null, + "samlIDPMetaDataOptionsCheckAudience": null, + "samlIDPMetaDataOptionsCheckSLOMessageSignature": null, + "samlIDPMetaDataOptionsCheckSSOMessageSignature": null, + "samlIDPMetaDataOptionsCheckTime": null, + "samlIDPMetaDataOptionsComment": null, + "samlIDPMetaDataOptionsDisplayName": null, + "samlIDPMetaDataOptionsEncryptionMode": null, + "samlIDPMetaDataOptionsFederationEntityID": null, + "samlIDPMetaDataOptionsForceAuthn": null, + "samlIDPMetaDataOptionsForceUTF8": null, + "samlIDPMetaDataOptionsIcon": null, + "samlIDPMetaDataOptionsIsPassive": null, + "samlIDPMetaDataOptionsNameIDFormat": null, + "samlIDPMetaDataOptionsRelayStateURL": null, + "samlIDPMetaDataOptionsRequestedAuthnContext": null, + "samlIDPMetaDataOptionsResolutionRule": null, + "samlIDPMetaDataOptionsSLOBinding": null, + "samlIDPMetaDataOptionsSSOBinding": null, + "samlIDPMetaDataOptionsSignSLOMessage": null, + "samlIDPMetaDataOptionsSignSSOMessage": null, + "samlIDPMetaDataOptionsSignatureMethod": null, + "samlIDPMetaDataOptionsSortNumber": null, + "samlIDPMetaDataOptionsStoreSAMLToken": null, + "samlIDPMetaDataOptionsTooltip": null, + "samlIDPMetaDataOptionsUserAttribute": null, + "samlIDPMetaDataXML": null, + "samlIDPSSODescriptorArtifactResolutionServiceArtifact": "SAML IDP artifact resolution service", + "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "SAML IDP SLO HTTP POST", + "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "SAML IDP SLO HTTP Redirect", + "samlIDPSSODescriptorSingleLogoutServiceSOAP": "SAML IDP SLO SOAP", + "samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "SAML IDP SSO HTTP Artifact", + "samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "SAML IDP SSO HTTP POST", + "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "SAML IDP SSO HTTP Redirect", + "samlIDPSSODescriptorWantAuthnRequestsSigned": "SAML IDP want authn request signed", + "samlMetadataForceUTF8": "SAML force metadata UTF8 conversion", + "samlNameIDFormatMapEmail": "SAML session parameter for NameID email", + "samlNameIDFormatMapKerberos": "SAML session parameter for NameID kerberos", + "samlNameIDFormatMapWindows": "SAML session parameter for NameID windows", + "samlNameIDFormatMapX509": "SAML session parameter for NameID x509", + "samlOrganizationDisplayName": "SAML service organization display name", + "samlOrganizationName": "SAML service organization name", + "samlOrganizationURL": "SAML service organization URL", + "samlOverrideIDPEntityID": "Override SAML EntityID when acting as an IDP", + "samlRelayStateTimeout": "SAML timeout of relay state", + "samlSPMetaDataExportedAttributes": null, + "samlSPMetaDataMacros": "Macros", + "samlSPMetaDataNodes": null, + "samlSPMetaDataOptions": null, + "samlSPMetaDataOptionsAuthnLevel": "Authentication level requires to access to this SP", + "samlSPMetaDataOptionsCheckSLOMessageSignature": null, + "samlSPMetaDataOptionsCheckSSOMessageSignature": null, + "samlSPMetaDataOptionsComment": null, + "samlSPMetaDataOptionsEnableIDPInitiatedURL": null, + "samlSPMetaDataOptionsEncryptionMode": null, + "samlSPMetaDataOptionsFederationEntityID": null, + "samlSPMetaDataOptionsFederationOptionalAttributes": null, + "samlSPMetaDataOptionsFederationRequiredAttributes": null, + "samlSPMetaDataOptionsForceUTF8": null, + "samlSPMetaDataOptionsNameIDFormat": null, + "samlSPMetaDataOptionsNameIDSessionKey": null, + "samlSPMetaDataOptionsNotOnOrAfterTimeout": null, + "samlSPMetaDataOptionsOneTimeUse": null, + "samlSPMetaDataOptionsRule": "Rule to grant access to this SP", + "samlSPMetaDataOptionsSessionNotOnOrAfterTimeout": null, + "samlSPMetaDataOptionsSignSLOMessage": null, + "samlSPMetaDataOptionsSignSSOMessage": null, + "samlSPMetaDataOptionsSignatureMethod": null, + "samlSPMetaDataXML": null, + "samlSPSSODescriptorArtifactResolutionServiceArtifact": "SAML SP artifact resolution service ", + "samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "SAML SP ACS HTTP artifact", + "samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "SAML SP ACS HTTP POST", + "samlSPSSODescriptorAuthnRequestsSigned": "SAML SP AuthnRequestsSigned", + "samlSPSSODescriptorSingleLogoutServiceHTTPPost": "SAML SP SLO HTTP POST", + "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "SAML SP SLO HTTP Redirect", + "samlSPSSODescriptorSingleLogoutServiceSOAP": "SAML SP SLO SOAP", + "samlSPSSODescriptorWantAssertionsSigned": "SAML SP WantAssertionsSigned", + "samlServicePrivateKeyEnc": "SAML encryption private key", + "samlServicePrivateKeyEncPwd": null, + "samlServicePrivateKeySig": "SAML signature private key", + "samlServicePrivateKeySigPwd": "SAML signature private key password", + "samlServicePublicKeyEnc": "SAML encryption public key", + "samlServicePublicKeySig": "SAML signature public key", + "samlServiceSignatureMethod": null, + "samlServiceUseCertificateInResponse": "Use certificate instead of public key in SAML responses", + "samlStorage": "Apache::Session module to store SAML user data", + "samlStorageOptions": "Apache::Session module parameters", + "samlUseQueryStringSpecific": "SAML use specific method for query_string", + "scrollTop": "Display back to top button", + "secureTokenAllowOnError": "Secure Token allow requests in error", + "secureTokenAttribute": "Secure Token attribute", + "secureTokenExpiration": "Secure Token expiration", + "secureTokenHeader": "Secure Token header", + "secureTokenMemcachedServers": "Secure Token Memcached servers", + "secureTokenUrls": "", + "securedCookie": "Cookie securisation method", + "sentryDsn": "Sentry logger DSN", + "sessionDataToRemember": "Data to remember in login history", + "sfEngine": "Second factor engine", + "sfExtra": "Extra second factors", + "sfLoginTimeout": "Timeout for 2F login process", + "sfManagerRule": "Rule to display second factor Manager link", + "sfOnlyUpgrade": "Only trigger second factor on session upgrade", + "sfRegisterTimeout": "Timeout for 2F registration process", + "sfRemovedMsgRule": "Display a message if at leat one expired SF has been removed", + "sfRemovedNotifMsg": "Notification message", + "sfRemovedNotifRef": "Notification reference", + "sfRemovedNotifTitle": "Notification title", + "sfRemovedUseNotif": "Use Notifications plugin to display message", + "sfRequired": "Second factor required", + "sfRetries": "Allowed number of retries", + "showLanguages": "Display langs icons", + "singleIP": "Allow only one session per IP", + "singleSession": "Allow only one session per user", + "singleUserByIP": "Allow only one user per IP", + "skipRenewConfirmation": "Avoid asking confirmation when an Issuer asks to renew auth", + "skipUpgradeConfirmation": "Avoid asking confirmation during a session upgrade", + "slaveAuthnLevel": "Slave authentication level", + "slaveDisplayLogo": "Display Slave authentication logo", + "slaveExportedVars": "Slave exported variables", + "slaveHeaderContent": null, + "slaveHeaderName": null, + "slaveMasterIP": null, + "slaveUserHeader": null, + "soapConfigServer": "Enable SOAP config server", + "soapProxyUrn": "SOAP URN for Proxy", + "soapSessionServer": "Enable SOAP session server", + "sslByAjax": "Use Ajax request for SSL", + "sslHost": "URL for SSL Ajax request", + "staticPrefix": "Prefix of static files for HTML templates", + "status": "Status daemon activation", + "stayConnected": "Stay connected activation rule", + "stayConnectedBypassFG": "Disable fingerprint checkng", + "stayConnectedCookieName": "Name of the stayConnected plugin cookie", + "stayConnectedSingleSession": "Allow only one permanent session per user", + "stayConnectedTimeout": "StayConnected persistent connexion session timeout", + "storePassword": "Store password in session", + "storePasswordEncrypted": "Crypt the password in session", + "strictTransportSecurityMax_Age": "Max-age for Strict-Transport-Security", + "successLoginNumber": "Number of success stored in login history", + "syslogFacility": "Syslog logger technical facility", + "timeout": "Session timeout on server side", + "timeoutActivity": "Session activity timeout on server side", + "timeoutActivityInterval": "Update session timeout interval on server side", + "tokenUseGlobalStorage": "Enable global token storage", + "totp2fActivation": "TOTP activation", + "totp2fAuthnLevel": "Authentication level for users authentified by password+TOTP", + "totp2fDigits": "Number of digits for TOTP code", + "totp2fEncryptSecret": "Encrypt TOTP secrets in database", + "totp2fInterval": "TOTP interval", + "totp2fIssuer": "TOTP Issuer", + "totp2fLabel": "Portal label for TOTP 2F", + "totp2fLogo": "Custom logo for TOTP 2F", + "totp2fRange": "TOTP range (number of interval to test)", + "totp2fSelfRegistration": "TOTP self registration activation", + "totp2fTTL": "TOTP device time to live ", + "totp2fUserCanRemoveKey": "Authorize users to remove existing TOTP secret", + "trustedBrowserRule": "Trusted browser registration rule", + "trustedDomains": "Trusted domains", + "twitterAppName": null, + "twitterAuthnLevel": "Twitter authentication level", + "twitterKey": null, + "twitterSecret": null, + "twitterUserField": null, + "upgradeSession": "Upgrade session activation", + "useRedirectOnError": "Use 302 redirect code for error (500)", + "useRedirectOnForbidden": "Use 302 redirect code for forbidden (403)", + "useSafeJail": "Activate Safe jail", + "userControl": "Regular expression to validate login", + "userDB": "User module", + "userLogger": "User actions logger", + "userPivot": null, + "userSyslogFacility": "Syslog logger user-actions facility", + "vhostAccessToTrace": null, + "vhostAliases": null, + "vhostAuthnLevel": null, + "vhostComment": null, + "vhostDevOpsRulesUrl": null, + "vhostHttps": null, + "vhostMaintenance": null, + "vhostOptions": null, + "vhostPort": null, + "vhostServiceTokenTTL": null, + "vhostType": "Handler type", + "viewerAllowBrowser": "Allow configuration browser", + "viewerAllowDiff": "Allow configuration diff", + "viewerHiddenKeys": "Hidden Conf keys", + "virtualHosts": null, + "webIDAuthnLevel": "WebID authentication level", + "webIDExportedVars": "WebID exported variables", + "webIDWhitelist": null, + "webauthn2fActivation": "WebAuthn second factor activation", + "webauthn2fAttestation": "Ask the authenticator for an attestation", + "webauthn2fAttestationTrust": "Certificate bundle for attestation trust validation", + "webauthn2fAuthnLevel": "Authentication level for users authentified by WebAuthn second factor", + "webauthn2fLabel": "Portal label for WebAuthn second factor", + "webauthn2fLogo": "Custom logo for WebAuthn 2F", + "webauthn2fSelfRegistration": "WebAuthn self registration activation", + "webauthn2fUserCanRemoveKey": "Authorize users to remove existing WebAuthn", + "webauthn2fUserVerification": "Verify user during registration and login", + "webauthnAppId": "Send AppID extension", + "webauthnDisplayNameAttr": "Session attribute containing user display name", + "webauthnRpId": "WebAuthn Relying Party ID", + "webauthnRpName": "WebAuthn Relying Party display name", + "whatToTrace": "Session parameter used to fill REMOTE_USER", + "wsdlServer": "Enable /portal.wsdl server", + "yubikey2fActivation": "Yubikey second factor activation", + "yubikey2fAuthnLevel": "Authentication level for users authentified by Yubikey second factor", + "yubikey2fClientID": "Yubico client ID", + "yubikey2fFromSessionAttribute": "Provision yubikey from the given session variable", + "yubikey2fLabel": "Portal label for Yubikey second factor", + "yubikey2fLogo": "Custom logo for Yubikey 2F", + "yubikey2fNonce": "Yubico nonce", + "yubikey2fPublicIDSize": "Yubikey public ID size", + "yubikey2fSecretKey": "Yubico secret key", + "yubikey2fSelfRegistration": "Yubikey self registration activation", + "yubikey2fTTL": "Yubikey device time to live", + "yubikey2fUrl": "Yubico server", + "yubikey2fUserCanRemoveKey": "Authorize users to remove existing Yubikey", + "zimbraAccountKey": "Zimbra account session key", + "zimbraBy": "Zimbra account type", + "zimbraPreAuthKey": "Zimbra preauthentication key", + "zimbraSsoUrl": "Zimbra local SSO URL pattern", + "zimbraUrl": "Zimbra preauthentication URL" } \ No newline at end of file diff --git a/src/utils/types.ts b/src/utils/types.ts index 6542c2d..ceb9e77 100644 --- a/src/utils/types.ts +++ b/src/utils/types.ts @@ -56,7 +56,7 @@ export interface llngConfig { casAppMetaDataOptionsService?: string; casAppMetaDataOptionsUserAttribute?: string; casAttr?: string; - casAttributes?: Record>; + casAttributes?: Record; casAuthnLevel?: number; casBackChannelSingleLogout?: boolean | number; casSrvMetaDataExportedVars?: Record>; @@ -73,7 +73,7 @@ export interface llngConfig { casSrvMetaDataOptionsTooltip?: string; casSrvMetaDataOptionsUrl?: string; casStorage?: string; - casStorageOptions?: Record>; + casStorageOptions?: Record; casStrictMatching?: boolean | number; casTicketExpiration?: number; cda?: boolean | number; @@ -803,7 +803,7 @@ export interface llngConfig { samlServiceSignatureMethod?: Array<{ k: string; v: string }>; samlServiceUseCertificateInResponse?: boolean | number; samlStorage?: string; - samlStorageOptions?: Record>; + samlStorageOptions?: Record; samlUseQueryStringSpecific?: boolean | number; scrollTop?: number; secureTokenAllowOnError?: string;