File Coverage

blib/lib/Lemonldap/NG/Common/Conf/Attributes.pm

Criterion	Covered	Total	%
statement	6	6	100.0
branch			n/a
condition			n/a
subroutine	2	2	100.0
pod			n/a
total	8	8	100.0

line	stmt	sub	time	code
1				##@file
2				# All configuration attributes
3
4				##@class
5				# All configuration attributes
6
7				package Lemonldap::NG::Common::Conf::Attributes;
8
9	6	6	19727	use Mouse;
	6		211459
	6		41
10
11				our $VERSION = 1.4.1;
12
13				## A
14
15				has 'activeTimer' => (
16				is => 'rw',
17				isa => 'Bool',
18				default => '1',
19				documentation => 'Enable timers on portal pages',
20				);
21
22				has 'apacheAuthnLevel' => (
23				is => 'rw',
24				isa => 'Int',
25				default => '4',
26				documentation => 'Apache authentication level',
27				);
28
29				has 'applicationList' => (
30				is => 'rw',
31				isa => 'HashRef',
32				default => sub {
33				return {
34				'default' => { catname => 'Default category', type => "category" },
35				};
36				},
37				documentation => 'Applications list',
38				);
39
40				has 'authChoiceParam' => (
41				is => 'rw',
42				isa => 'Str',
43				default => 'lmAuth',
44				documentation => 'HTTP parameter to store choosen authentication method',
45				);
46
47				has 'authentication' => (
48				is => 'rw',
49				isa => 'Str',
50				default => 'Demo',
51				documentation => 'Authentication module',
52				);
53
54				## B
55
56				has 'browserIdAuthnLevel' => (
57				is => 'rw',
58				isa => 'Int',
59				default => '1',
60				documentation => 'Browser ID authentication level',
61				);
62
63				## C
64
65				has 'captcha_login_enabled' => (
66				is => 'rw',
67				isa => 'Bool',
68				default => '0',
69				documentation => 'Captcha on login page',
70				);
71
72				has 'captcha_mail_enabled' => (
73				is => 'rw',
74				isa => 'Bool',
75				default => '0',
76				documentation => 'Captcha on password reset page',
77				);
78
79				has 'captcha_register_enabled' => (
80				is => 'rw',
81				isa => 'Bool',
82				default => '1',
83				documentation => 'Captcha on account creation page',
84				);
85
86				has 'captcha_size' => (
87				is => 'rw',
88				isa => 'Int',
89				default => '6',
90				documentation => 'Captcha size',
91				);
92
93				has 'captchaStorage' => (
94				is => 'rw',
95				isa => 'Str',
96				default => 'Apache::Session::File',
97				documentation => 'Captcha backend module',
98				);
99
100				has 'captchaStorageOptions' => (
101				is => 'rw',
102				isa => 'HashRef',
103				default => sub {
104				return { 'Directory' => '/var/lib/lemonldap-ng/captcha/', };
105				},
106				documentation => 'Captcha backend module options',
107				);
108
109				has 'casAccessControlPolicy' => (
110				is => 'rw',
111				isa => 'Str',
112				default => 'none',
113				documentation => 'CAS access control policy',
114				);
115
116				has 'CAS_authnLevel' => (
117				is => 'rw',
118				isa => 'Int',
119				default => '1',
120				documentation => 'CAS authentication level',
121				);
122
123				has 'CAS_pgtFile' => (
124				is => 'rw',
125				isa => 'Str',
126				default => '/tmp/pgt.txt',
127				documentation => 'CAS PGT file',
128				);
129
130				has 'cda' => (
131				is => 'rw',
132				isa => 'Bool',
133				default => '0',
134				documentation => 'Enable Cross Domain Authentication',
135				);
136
137				has 'cfgNum' => (
138				is => 'rw',
139				isa => 'Int',
140				default => '0',
141				documentation => 'Configuration number',
142				);
143
144				has 'checkXSS' => (
145				is => 'rw',
146				isa => 'Bool',
147				default => '1',
148				documentation => 'Check XSS',
149				);
150
151				has 'confirmFormMethod' => (
152				is => 'rw',
153				isa => 'Str',
154				default => 'post',
155				documentation => 'HTTP method for confirm page form',
156				);
157
158				has 'cookieName' => (
159				is => 'rw',
160				isa => 'Str',
161				default => 'lemonldap',
162				documentation => 'Name of the cookie',
163				);
164
165				## D
166
167				has 'dbiAuthnLevel' => (
168				is => 'rw',
169				isa => 'Int',
170				default => '2',
171				documentation => 'DBI authentication level',
172				);
173
174				has 'dbiExportedVars' => (
175				is => 'rw',
176				isa => 'HashRef',
177				default => sub { return {}; },
178				documentation => 'DBI exported variables',
179				);
180
181				has 'demoExportedVars' => (
182				is => 'rw',
183				isa => 'HashRef',
184				default => sub { return { cn => 'cn', mail => 'mail', uid => 'uid', }; },
185				documentation => 'Demo exported variables',
186				);
187
188				has 'domain' => (
189				is => 'rw',
190				isa => 'Str',
191				default => 'example.com',
192				documentation => 'DNS domain',
193				);
194
195				## E
196
197				has 'exportedVars' => (
198				is => 'rw',
199				isa => 'HashRef',
200				default => sub { return { 'UA' => 'HTTP_USER_AGENT' }; },
201				documentation => 'Main exported variables',
202				);
203
204				## F
205
206				has 'facebookAuthnLevel' => (
207				is => 'rw',
208				isa => 'Int',
209				default => '1',
210				documentation => 'Facebook authentication level',
211				);
212
213				has 'facebookExportedVars' => (
214				is => 'rw',
215				isa => 'HashRef',
216				default => sub { return {}; },
217				documentation => 'Facebook exported variables',
218				);
219
220				has 'failedLoginNumber' => (
221				is => 'rw',
222				isa => 'Int',
223				default => '5',
224				documentation => 'Number of failures stored in login history',
225				);
226
227				## G
228
229				has 'globalStorage' => (
230				is => 'rw',
231				isa => 'Str',
232				default => 'Apache::Session::File',
233				documentation => 'Session backend module',
234				);
235
236				has 'globalStorageOptions' => (
237				is => 'rw',
238				isa => 'HashRef',
239				default => sub {
240				return {
241				'Directory' => '/var/lib/lemonldap-ng/sessions/',
242				'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/',
243				'generateModule' =>
244				'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
245				};
246				},
247				documentation => 'Session backend module options',
248				);
249
250				has 'googleAuthnLevel' => (
251				is => 'rw',
252				isa => 'Int',
253				default => '1',
254				documentation => 'Google authentication level',
255				);
256
257				has 'googleExportedVars' => (
258				is => 'rw',
259				isa => 'HashRef',
260				default => sub { return {}; },
261				documentation => 'Google exported variables',
262				);
263
264				has 'groups' => (
265				is => 'rw',
266				isa => 'HashRef',
267				default => sub { return {}; },
268				documentation => 'Groups',
269				);
270
271				## H
272
273				has 'hiddenAttributes' => (
274				is => 'rw',
275				isa => 'Str',
276				default => '_password',
277				documentation => 'Name of attributes to hide in logs',
278				);
279
280				has 'hideOldPassword' => (
281				is => 'rw',
282				isa => 'Bool',
283				default => '0',
284				documentation => 'Hide old password in portal',
285				);
286
287				has 'httpOnly' => (
288				is => 'rw',
289				isa => 'Bool',
290				default => '1',
291				documentation => 'Enable httpOnly flag in cookie',
292				);
293
294				has 'https' => (
295				is => 'rw',
296				isa => 'Bool',
297				default => '0',
298				documentation => 'Use HTTPS for redirection from portal',
299				);
300
301				## I
302
303				has 'infoFormMethod' => (
304				is => 'rw',
305				isa => 'Str',
306				default => 'get',
307				documentation => 'HTTP method for info page form',
308				);
309
310				has 'issuerDBCASActivation' => (
311				is => 'rw',
312				isa => 'Bool',
313				default => '0',
314				documentation => 'CAS server activation',
315				);
316
317				has 'issuerDBCASPath' => (
318				is => 'rw',
319				isa => 'Str',
320				default => '^/cas/',
321				documentation => 'CAS server request path',
322				);
323
324				has 'issuerDBCASRule' => (
325				is => 'rw',
326				isa => 'Str',
327				default => '1',
328				documentation => 'CAS server rule',
329				);
330
331				has 'issuerDBOpenIDActivation' => (
332				is => 'rw',
333				isa => 'Bool',
334				default => '0',
335				documentation => 'OpenID server activation',
336				);
337
338				has 'issuerDBOpenIDPath' => (
339				is => 'rw',
340				isa => 'Str',
341				default => '^/openidserver/',
342				documentation => 'OpenID server request path',
343				);
344
345				has 'issuerDBOpenIDRule' => (
346				is => 'rw',
347				isa => 'Str',
348				default => '1',
349				documentation => 'OpenID server rule',
350				);
351
352				has 'issuerDBSAMLActivation' => (
353				is => 'rw',
354				isa => 'Bool',
355				default => '0',
356				documentation => 'SAML IDP activation',
357				);
358
359				has 'issuerDBSAMLPath' => (
360				is => 'rw',
361				isa => 'Str',
362				default => '^/saml/',
363				documentation => 'SAML IDP request path',
364				);
365
366				has 'issuerDBSAMLRule' => (
367				is => 'rw',
368				isa => 'Str',
369				default => '1',
370				documentation => 'SAML IDP rule',
371				);
372
373				## J
374
375				has 'jsRedirect' => (
376				is => 'rw',
377				isa => 'Str',
378				default => '0',
379				documentation => 'Use javascript for redirections',
380				);
381
382				## K
383
384				has 'key' => (
385				is => 'rw',
386				isa => 'Str',
387				default => sub {
388				return join( '', map { chr( int( rand(94) ) + 33 ) } ( 1 .. 16 ) );
389				},
390				documentation => 'Secret key',
391				);
392
393				## L
394
395				has 'ldapAuthnLevel' => (
396				is => 'rw',
397				isa => 'Int',
398				default => '2',
399				documentation => 'LDAP authentication level',
400				);
401
402				has 'ldapBase' => (
403				is => 'rw',
404				isa => 'Str',
405				default => 'dc=example,dc=com',
406				documentation => 'LDAP search base',
407				);
408
409				has 'ldapExportedVars' => (
410				is => 'rw',
411				isa => 'HashRef',
412				default => sub { return { cn => 'cn', mail => 'mail', uid => 'uid', }; },
413				documentation => 'LDAP exported variables',
414				);
415
416				has 'ldapGroupAttributeName' => (
417				is => 'rw',
418				isa => 'Str',
419				default => 'member',
420				documentation => 'LDAP attribute name for member in groups',
421				);
422
423				has 'ldapGroupAttributeNameGroup' => (
424				is => 'rw',
425				isa => 'Str',
426				default => 'dn',
427				documentation =>
428				'LDAP attribute name in group entry referenced as member in groups',
429				);
430
431				has 'ldapGroupAttributeNameSearch' => (
432				is => 'rw',
433				isa => 'Str',
434				default => 'cn',
435				documentation => 'LDAP attributes to search in groups',
436				);
437
438				has 'ldapGroupAttributeNameUser' => (
439				is => 'rw',
440				isa => 'Str',
441				default => 'dn',
442				documentation =>
443				'LDAP attribute name in user entry referenced as member in groups',
444				);
445
446				has 'ldapGroupObjectClass' => (
447				is => 'rw',
448				isa => 'Str',
449				default => 'groupOfNames',
450				documentation => 'LDAP object class of groups',
451				);
452
453				has 'ldapGroupRecursive' => (
454				is => 'rw',
455				isa => 'Bool',
456				default => '0',
457				documentation => 'LDAP recursive search in groups',
458				);
459
460				has 'ldapPasswordResetAttribute' => (
461				is => 'rw',
462				isa => 'Str',
463				default => 'pwdReset',
464				documentation => 'LDAP password reset attribute',
465				);
466
467				has 'ldapPasswordResetAttributeValue' => (
468				is => 'rw',
469				isa => 'Str',
470				default => 'TRUE',
471				documentation => 'LDAP password reset value',
472				);
473
474				has 'ldapPwdEnc' => (
475				is => 'rw',
476				isa => 'Str',
477				default => 'utf-8',
478				documentation => 'LDAP password encoding',
479				);
480
481				has 'ldapPort' => (
482				is => 'rw',
483				isa => 'Int',
484				default => '389',
485				documentation => 'LDAP port',
486				);
487
488				has 'ldapServer' => (
489				is => 'rw',
490				isa => 'Str',
491				default => 'ldap://localhost',
492				documentation => 'LDAP server (host or URI)',
493				);
494
495				has 'ldapTimeout' => (
496				is => 'rw',
497				isa => 'Int',
498				default => '120',
499				documentation => 'LDAP connection timeout',
500				);
501
502				has 'ldapUsePasswordResetAttribute' => (
503				is => 'rw',
504				isa => 'Bool',
505				default => '1',
506				documentation => 'LDAP store reset flag in an attribute',
507				);
508
509				has 'ldapVersion' => (
510				is => 'rw',
511				isa => 'Int',
512				default => '3',
513				documentation => 'LDAP protocol version',
514				);
515
516				has 'localSessionStorage' => (
517				is => 'rw',
518				isa => 'Str',
519				default => 'Cache::FileCache',
520				documentation => 'Sessions cache module',
521				);
522
523				has 'localSessionStorageOptions' => (
524				is => 'rw',
525				isa => 'HashRef',
526				default => sub {
527				return {
528				'namespace' => 'lemonldap-ng-sessions',
529				'default_expires_in' => 600,
530				'directory_umask' => '007',
531				'cache_root' => '/tmp',
532				'cache_depth' => 3,
533				};
534				},
535				documentation => 'Sessions cache module options',
536				);
537
538				has 'loginHistoryEnabled' => (
539				is => 'rw',
540				isa => 'Bool',
541				default => '1',
542				documentation => 'Enable login history',
543				);
544
545				has 'logoutServices' => (
546				is => 'rw',
547				isa => 'HashRef',
548				default => sub { return {}; },
549				documentation => 'Send logout trough GET request to these services',
550				);
551
552				## M
553
554				has 'macros' => (
555				is => 'rw',
556				isa => 'HashRef',
557				default => sub { return {}; },
558				documentation => 'Macros',
559				);
560
561				has 'mailCharset' => (
562				is => 'rw',
563				isa => 'Str',
564				default => 'utf-8',
565				documentation => 'Mail charset',
566				);
567
568				has 'mailConfirmSubject' => (
569				is => 'rw',
570				isa => 'Str',
571				default => '[LemonLDAP::NG] Password reset confirmation',
572				documentation => 'Mail subject for reset confirmation',
573				);
574
575				has 'mailFrom' => (
576				is => 'rw',
577				isa => 'Str',
578				default => sub {
579				my $self = shift;
580				my $domain = $self ? $self->domain : "example.com";
581				return "noreply@" . $domain;
582				},
583				lazy => 1,
584				documentation => 'Sender email',
585				);
586
587				has 'mailSessionKey' => (
588				is => 'rw',
589				isa => 'Str',
590				default => 'mail',
591				documentation => 'Session parameter where mail is stored',
592				);
593
594				has 'mailOnPasswordChange' => (
595				is => 'rw',
596				isa => 'Bool',
597				default => '0',
598				documentation => 'Send a mail when password is changed',
599				);
600
601				has 'mailSessionKey' => (
602				is => 'rw',
603				isa => 'Str',
604				default => 'mail',
605				documentation => 'Session parameter where mail is stored',
606				);
607
608				has 'mailSubject' => (
609				is => 'rw',
610				isa => 'Str',
611				default => '[LemonLDAP::NG] Your new password',
612				documentation => 'Mail subject for new password email',
613				);
614
615				has 'mailTimeout' => (
616				is => 'rw',
617				isa => 'Int',
618				default => '0',
619				documentation => 'Mail session timeout',
620				);
621
622				has 'mailUrl' => (
623				is => 'rw',
624				isa => 'Str',
625				default => sub {
626				my $self = shift;
627				my $portal = $self ? $self->portal : "http://auth.example.com/";
628				return $portal . "mail.pl";
629				},
630				lazy => 1,
631				documentation => 'URL of password reset page',
632				);
633
634				has 'maintenance' => (
635				is => 'rw',
636				isa => 'Bool',
637				default => '0',
638				documentation => 'Maintenance mode for all virtual hosts',
639				);
640
641				has 'managerDn' => (
642				is => 'rw',
643				isa => 'Str',
644				default => '',
645				documentation => 'LDAP manager DN',
646				);
647
648				has 'managerPassword' => (
649				is => 'rw',
650				isa => 'Str',
651				default => '',
652				documentation => 'LDAP manager Password',
653				);
654
655				has 'multiValuesSeparator' => (
656				is => 'rw',
657				isa => 'Str',
658				default => '; ',
659				documentation => 'Separator for multiple values',
660				);
661
662				## N
663
664				has 'notification' => (
665				is => 'rw',
666				isa => 'Bool',
667				default => '0',
668				documentation => 'Notification activation',
669				);
670
671				has 'notificationStorage' => (
672				is => 'rw',
673				isa => 'Str',
674				default => 'File',
675				documentation => 'Notification backend',
676				);
677
678				has 'notificationStorageOptions' => (
679				is => 'rw',
680				isa => 'HashRef',
681				default =>
682				sub { return { dirName => '/var/lib/lemonldap-ng/notifications', }; },
683				documentation => 'Notification backend options',
684				);
685
686				has 'notificationWildcard' => (
687				is => 'rw',
688				isa => 'Str',
689				default => 'allusers',
690				documentation => 'Notification string to match all users',
691				);
692
693				has 'notifyDeleted' => (
694				is => 'rw',
695				isa => 'Bool',
696				default => '1',
697				documentation => 'Show deleted sessions in portal',
698				);
699
700				has 'notifyOther' => (
701				is => 'rw',
702				isa => 'Bool',
703				default => '0',
704				documentation => 'Show other sessions in portal',
705				);
706
707				has 'nullAuthnLevel' => (
708				is => 'rw',
709				isa => 'Int',
710				default => '2',
711				documentation => 'Null authentication level',
712				);
713
714				## O
715
716				has 'openIdAuthnLevel' => (
717				is => 'rw',
718				isa => 'Int',
719				default => '1',
720				documentation => 'OpenID authentication level',
721				);
722
723				has 'openIdExportedVars' => (
724				is => 'rw',
725				isa => 'HashRef',
726				default => sub { return {}; },
727				documentation => 'OpenID exported variables',
728				);
729
730				has 'openIdSreg_email' => (
731				is => 'rw',
732				isa => 'Str',
733				default => 'mail',
734				documentation => 'OpenID SREG email session parameter',
735				);
736
737				has 'openIdSreg_fullname' => (
738				is => 'rw',
739				isa => 'Str',
740				default => 'cn',
741				documentation => 'OpenID SREG fullname session parameter',
742				);
743
744				has 'openIdSreg_nickname' => (
745				is => 'rw',
746				isa => 'Str',
747				default => 'uid',
748				documentation => 'OpenID SREG nickname session parameter',
749				);
750
751				has 'openIdSreg_timezone' => (
752				is => 'rw',
753				isa => 'Str',
754				default => '_timezone',
755				documentation => 'OpenID SREG timezone session parameter',
756				);
757
758				## P
759
760				has 'passwordDB' => (
761				is => 'rw',
762				isa => 'Str',
763				default => 'Demo',
764				documentation => 'Password module',
765				);
766
767				has 'portal' => (
768				is => 'rw',
769				isa => 'Any',
770				default => 'http://auth.example.com/',
771				documentation => 'Portal URL',
772				);
773
774				has 'portalAntiFrame' => (
775				is => 'rw',
776				isa => 'Bool',
777				default => '1',
778				documentation => 'Avoid portal to be displayed inside frames',
779				);
780
781				has 'portalAutocomplete' => (
782				is => 'rw',
783				isa => 'Bool',
784				default => '0',
785				documentation => 'Allow autocompletion of login input in portal',
786				);
787
788				has 'portalCheckLogins' => (
789				is => 'rw',
790				isa => 'Bool',
791				default => '1',
792				documentation => 'Display login history checkbox in portal',
793				);
794
795				has 'portalDisplayAppslist' => (
796				is => 'rw',
797				isa => 'Str',
798				default => '1',
799				documentation => 'Display applications tab in portal',
800				);
801
802				has 'portalDisplayChangePassword' => (
803				is => 'rw',
804				isa => 'Str',
805				default => '$_auth =~ /^(LDAP\|DBI\|Demo)$/',
806				documentation => 'Display password tab in portal',
807				);
808
809				has 'portalDisplayLoginHistory' => (
810				is => 'rw',
811				isa => 'Str',
812				default => '1',
813				documentation => 'Display login history tab in portal',
814				);
815
816				has 'portalDisplayLogout' => (
817				is => 'rw',
818				isa => 'Str',
819				default => '1',
820				documentation => 'Display logout tab in portal',
821				);
822
823				has 'portalDisplayRegister' => (
824				is => 'rw',
825				isa => 'Str',
826				default => '1',
827				documentation => 'Display register button in portal',
828				);
829
830				has 'portalDisplayResetPassword' => (
831				is => 'rw',
832				isa => 'Str',
833				default => '1',
834				documentation => 'Display reset password button in portal',
835				);
836
837				has 'portalForceAuthn' => (
838				is => 'rw',
839				isa => 'Bool',
840				default => '0',
841				documentation => 'Force to authenticate when displaying portal',
842				);
843
844				has 'portalForceAuthnInterval' => (
845				is => 'rw',
846				isa => 'Int',
847				default => '0',
848				documentation =>
849				'Minimum number of seconds since last authentifcation to force reauthentication',
850				);
851
852				has 'portalOpenLinkInNewWindow' => (
853				is => 'rw',
854				isa => 'Bool',
855				default => '0',
856				documentation => 'Open applications in new windows',
857				);
858
859				has 'portalPingInterval' => (
860				is => 'rw',
861				isa => 'Int',
862				default => '60000',
863				documentation => 'Interval in ms between portal Ajax pings ',
864				);
865
866				has 'portalRequireOldPassword' => (
867				is => 'rw',
868				isa => 'Bool',
869				default => '1',
870				documentation => 'Old password is required to change the password',
871				);
872
873				has 'portalSkin' => (
874				is => 'rw',
875				isa => 'Str',
876				default => 'bootstrap',
877				documentation => 'Name of portal skin',
878				);
879
880				has 'portalUserAttr' => (
881				is => 'rw',
882				isa => 'Str',
883				default => '_user',
884				documentation => 'Session parameter to display connected user in portal',
885				);
886
887				has 'protection' => (
888				is => 'rw',
889				isa => 'Str',
890				default => 'none',
891				documentation => 'Manager protection method',
892				);
893
894				## Q
895
896				## R
897
898				has 'radiusAuthnLevel' => (
899				is => 'rw',
900				isa => 'Int',
901				default => '3',
902				documentation => 'Radius authentication level',
903				);
904
905				has 'randomPasswordRegexp' => (
906				is => 'rw',
907				isa => 'Str',
908				default => '[A-Z]{3}[a-z]{5}.\d{2}',
909				documentation => 'Regular expression to create a random password',
910				);
911
912				has 'redirectFormMethod' => (
913				is => 'rw',
914				isa => 'Str',
915				default => 'get',
916				documentation => 'HTTP method for redirect page form',
917				);
918
919				has 'registerConfirmSubject' => (
920				is => 'rw',
921				isa => 'Str',
922				default => '[LemonLDAP::NG] Account register confirmation',
923				documentation => 'Mail subject for register confirmation',
924				);
925
926				has 'registerDB' => (
927				is => 'rw',
928				isa => 'Str',
929				default => 'Demo',
930				documentation => 'Register module',
931				);
932
933				has 'registerDoneSubject' => (
934				is => 'rw',
935				isa => 'Str',
936				default => '[LemonLDAP::NG] Your new account',
937				documentation => 'Mail subject when register is done',
938				);
939
940				has 'registerTimeout' => (
941				is => 'rw',
942				isa => 'Int',
943				default => '0',
944				documentation => 'Register session timeout',
945				);
946
947				has 'registerUrl' => (
948				is => 'rw',
949				isa => 'Str',
950				default => sub {
951				my $self = shift;
952				my $portal = $self ? $self->portal : "http://auth.example.com/";
953				return $portal . "register.pl";
954				},
955				lazy => 1,
956				documentation => 'URL of register page',
957				);
958
959				has 'remoteGlobalStorage' => (
960				is => 'rw',
961				isa => 'Str',
962				default => 'Lemonldap::NG::Common::Apache::Session::SOAP',
963				documentation => 'Remote session backend',
964				);
965
966				has 'remoteGlobalStorageOptions' => (
967				is => 'rw',
968				isa => 'HashRef',
969				default => sub {
970				my $self = shift;
971				my $portal = $self ? $self->portal : "http://auth.example.com/";
972				return {
973				'proxy' => $portal . 'index.pl/sessions',
974				'ns' => $portal . 'Lemonldap/NG/Common/CGI/SOAPService',
975				};
976				},
977				lazy => 1,
978				documentation => 'Demo exported variables',
979				);
980
981				## S
982
983				has 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => (
984				is => 'rw',
985				isa => 'Str',
986				default =>
987				'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
988				documentation => 'SAML Attribute Authority SOAP',
989				);
990
991				has 'samlAuthnContextMapKerberos' => (
992				is => 'rw',
993				isa => 'Int',
994				default => '4',
995				documentation => 'SAML authn context kerberos level',
996				);
997
998				has 'samlAuthnContextMapPassword' => (
999				is => 'rw',
1000				isa => 'Int',
1001				default => '2',
1002				documentation => 'SAML authn context password level',
1003				);
1004
1005				has 'samlAuthnContextMapPasswordProtectedTransport' => (
1006				is => 'rw',
1007				isa => 'Int',
1008				default => '3',
1009				documentation => 'SAML authn context password protected transport level',
1010				);
1011
1012				has 'samlAuthnContextMapTLSClient' => (
1013				is => 'rw',
1014				isa => 'Int',
1015				default => '5',
1016				documentation => 'SAML authn context TLS client level',
1017				);
1018
1019				has 'samlCommonDomainCookieActivation' => (
1020				is => 'rw',
1021				isa => 'Bool',
1022				default => '0',
1023				documentation => 'SAML CDC activation',
1024				);
1025
1026				has 'samlEntityID' => (
1027				is => 'rw',
1028				isa => 'Str',
1029				default => '#PORTAL#/saml/metadata',
1030				documentation => 'SAML service entityID',
1031				);
1032
1033				has 'samlIdPResolveCookie' => (
1034				is => 'rw',
1035				isa => 'Str',
1036				default => sub {
1037				my $self = shift;
1038				my $cookieName = $self ? $self->cookieName : "lemonldap";
1039				return $cookieName . "idp";
1040				},
1041				lazy => 1,
1042				documentation => 'SAML IDP resolution cookie',
1043				);
1044
1045				has 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => (
1046				is => 'rw',
1047				isa => 'Str',
1048				default =>
1049				'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
1050				documentation => 'SAML IDP artifact resolution service',
1051				);
1052
1053				has 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => (
1054				is => 'rw',
1055				isa => 'Str',
1056				default =>
1057				'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
1058				documentation => 'SAML IDP SLO HTTP POST',
1059				);
1060
1061				has 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => (
1062				is => 'rw',
1063				isa => 'Str',
1064				default =>
1065				'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
1066				documentation => 'SAML IDP SLO HTTP Redirect',
1067				);
1068
1069				has 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => (
1070				is => 'rw',
1071				isa => 'Str',
1072				default =>
1073				'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
1074				documentation => 'SAML IDP SLO SOAP',
1075				);
1076
1077				has 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => (
1078				is => 'rw',
1079				isa => 'Str',
1080				default =>
1081				'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
1082				documentation => 'SAML IDP SSO HTTP Artifact',
1083				);
1084
1085				has 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => (
1086				is => 'rw',
1087				isa => 'Str',
1088				default =>
1089				'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
1090				documentation => 'SAML IDP SSO HTTP POST',
1091				);
1092
1093				has 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => (
1094				is => 'rw',
1095				isa => 'Str',
1096				default =>
1097				'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
1098				documentation => 'SAML IDP SSO HTTP Redirect',
1099				);
1100
1101				has 'samlIDPSSODescriptorSingleSignOnServiceSOAP' => (
1102				is => 'rw',
1103				isa => 'Str',
1104				default =>
1105				'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;',
1106				documentation => 'SAML IDP SSO SOAP',
1107				);
1108
1109				has 'samlIDPSSODescriptorWantAuthnRequestsSigned' => (
1110				is => 'rw',
1111				isa => 'Bool',
1112				default => '1',
1113				documentation => 'SAML IDP want authn request signed',
1114				);
1115
1116				has 'samlMetadataForceUTF8' => (
1117				is => 'rw',
1118				isa => 'Bool',
1119				default => '1',
1120				documentation => 'SAML force metadata UTF8 conversion',
1121				);
1122
1123				has 'samlNameIDFormatMapEmail' => (
1124				is => 'rw',
1125				isa => 'Str',
1126				default => 'mail',
1127				documentation => 'SAML session parameter for NameID email',
1128				);
1129
1130				has 'samlNameIDFormatMapKerberos' => (
1131				is => 'rw',
1132				isa => 'Str',
1133				default => 'uid',
1134				documentation => 'SAML session parameter for NameID kerberos',
1135				);
1136
1137				has 'samlNameIDFormatMapWindows' => (
1138				is => 'rw',
1139				isa => 'Str',
1140				default => 'uid',
1141				documentation => 'SAML session parameter for NameID windows',
1142				);
1143
1144				has 'samlNameIDFormatMapX509' => (
1145				is => 'rw',
1146				isa => 'Str',
1147				default => 'mail',
1148				documentation => 'SAML session parameter for NameID x509',
1149				);
1150				has 'samlOrganizationDisplayName' => (
1151				is => 'rw',
1152				isa => 'Str',
1153				default => 'Example',
1154				documentation => 'SAML service organization display name',
1155				);
1156
1157				has 'samlOrganizationName' => (
1158				is => 'rw',
1159				isa => 'Str',
1160				default => 'Example',
1161				documentation => 'SAML service organization name',
1162				);
1163
1164				has 'samlOrganizationURL' => (
1165				is => 'rw',
1166				isa => 'Str',
1167				default => 'http://www.example.com',
1168				documentation => 'SAML service organization URL',
1169				);
1170
1171				has 'samlRelayStateTimeout' => (
1172				is => 'rw',
1173				isa => 'Int',
1174				default => '600',
1175				documentation => 'SAML timeout of relay state',
1176				);
1177
1178				has 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => (
1179				is => 'rw',
1180				isa => 'Str',
1181				default =>
1182				'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
1183				documentation => 'SAML SP artifact resolution service ',
1184				);
1185
1186				has 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => (
1187				is => 'rw',
1188				isa => 'Str',
1189				default =>
1190				'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
1191				documentation => 'SAML SP ACS HTTP artifact',
1192				);
1193
1194				has 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => (
1195				is => 'rw',
1196				isa => 'Str',
1197				default =>
1198				'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
1199				documentation => 'SAML SP ACS HTTP POST',
1200				);
1201
1202				has 'samlSPSSODescriptorAuthnRequestsSigned' => (
1203				is => 'rw',
1204				isa => 'Bool',
1205				default => '1',
1206				documentation => 'SAML SP AuthnRequestsSigned',
1207				);
1208
1209				has 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => (
1210				is => 'rw',
1211				isa => 'Str',
1212				default => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;'
1213				. '#PORTAL#'
1214				. '/saml/proxySingleLogout;'
1215				. '#PORTAL#'
1216				. '/saml/proxySingleLogoutReturn',
1217				documentation => 'SAML SP SLO HTTP POST',
1218				);
1219
1220				has 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => (
1221				is => 'rw',
1222				isa => 'Str',
1223				default => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;'
1224				. '#PORTAL#'
1225				. '/saml/proxySingleLogout;'
1226				. '#PORTAL#'
1227				. '/saml/proxySingleLogoutReturn',
1228				documentation => 'SAML SP SLO HTTP Redirect',
1229				);
1230
1231				has 'samlSPSSODescriptorSingleLogoutServiceSOAP' => (
1232				is => 'rw',
1233				isa => 'Str',
1234				default => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;'
1235				. '#PORTAL#'
1236				. '/saml/proxySingleLogoutSOAP;',
1237				documentation => 'SAML SP SLO SOAP',
1238				);
1239
1240				has 'samlSPSSODescriptorWantAssertionsSigned' => (
1241				is => 'rw',
1242				isa => 'Bool',
1243				default => '1',
1244				documentation => 'SAML SP WantAssertionsSigned',
1245				);
1246
1247				has 'samlServicePrivateKeyEnc' => (
1248				is => 'rw',
1249				isa => 'Str',
1250				default => '',
1251				documentation => 'SAML encryption private key',
1252				);
1253
1254				has 'samlServicePrivateKeyEncPwd' => (
1255				is => 'rw',
1256				isa => 'Str',
1257				default => '',
1258				documentation => 'SAML encryption private key password',
1259				);
1260
1261				has 'samlServicePrivateKeySig' => (
1262				is => 'rw',
1263				isa => 'Str',
1264				default => '',
1265				documentation => 'SAML signature private key',
1266				);
1267
1268				has 'samlServicePrivateKeySigPwd' => (
1269				is => 'rw',
1270				isa => 'Str',
1271				default => '',
1272				documentation => 'SAML signature private key password',
1273				);
1274
1275				has 'samlServicePublicKeyEnc' => (
1276				is => 'rw',
1277				isa => 'Str',
1278				default => '',
1279				documentation => 'SAML encryption public key',
1280				);
1281
1282				has 'samlServicePublicKeySig' => (
1283				is => 'rw',
1284				isa => 'Str',
1285				default => '',
1286				documentation => 'SAML signature public key',
1287				);
1288
1289				has 'samlUseQueryStringSpecific' => (
1290				is => 'rw',
1291				isa => 'Bool',
1292				default => '0',
1293				documentation => 'SAML use specific method for query_string',
1294				);
1295
1296				has 'securedCookie' => (
1297				is => 'rw',
1298				isa => 'Int',
1299				default => '0',
1300				documentation => 'Cookie securisation method',
1301				);
1302
1303				has 'secureTokenAllowOnError' => (
1304				is => 'rw',
1305				isa => 'Bool',
1306				default => '1',
1307				documentation => 'Secure Token Handler allow request on error',
1308				);
1309
1310				has 'secureTokenAttribute' => (
1311				is => 'rw',
1312				isa => 'Str',
1313				default => 'uid',
1314				documentation => 'Secure Token Handler attribute to store',
1315				);
1316
1317				has 'secureTokenExpiration' => (
1318				is => 'rw',
1319				isa => 'Int',
1320				default => '60',
1321				documentation => 'Secure Token Handler token expiration',
1322				);
1323
1324				has 'secureTokenHeader' => (
1325				is => 'rw',
1326				isa => 'Str',
1327				default => 'Auth-Token',
1328				documentation => 'Secure Token Handler header name',
1329				);
1330
1331				has 'secureTokenMemcachedServers' => (
1332				is => 'rw',
1333				isa => 'Str',
1334				default => '127.0.0.1:11211',
1335				documentation => 'Secure Token Handler memcached servers',
1336				);
1337
1338				has 'secureTokenUrls' => (
1339				is => 'rw',
1340				isa => 'Str',
1341				default => '.*',
1342				documentation =>
1343				'Secure Token Handler regular expression to match protected URL',
1344				);
1345
1346				has 'singleIP' => (
1347				is => 'rw',
1348				isa => 'Bool',
1349				default => '0',
1350				documentation => 'Allow only one session per IP',
1351				);
1352
1353				has 'singleSession' => (
1354				is => 'rw',
1355				isa => 'Bool',
1356				default => '0',
1357				documentation => 'Allow only one session per user',
1358				);
1359
1360				has 'singleSessionUserByIP' => (
1361				is => 'rw',
1362				isa => 'Bool',
1363				default => '0',
1364				documentation => 'Allow only one session per user on an IP',
1365				);
1366
1367				has 'slaveAuthnLevel' => (
1368				is => 'rw',
1369				isa => 'Int',
1370				default => '2',
1371				documentation => 'Slave authentication level',
1372				);
1373
1374				has 'slaveExportedVars' => (
1375				is => 'rw',
1376				isa => 'HashRef',
1377				default => sub { return {}; },
1378				documentation => 'Slave exported variables',
1379				);
1380
1381				has 'SMTPServer' => (
1382				is => 'rw',
1383				isa => 'Str',
1384				default => '',
1385				documentation => 'SMTP Server',
1386				);
1387
1388				has 'Soap' => (
1389				is => 'rw',
1390				isa => 'Bool',
1391				default => '1',
1392				documentation => 'Enable SOAP services',
1393				);
1394
1395				has 'storePassword' => (
1396				is => 'rw',
1397				isa => 'Bool',
1398				default => '0',
1399				documentation => 'Store password in session',
1400				);
1401
1402				has 'SSLAuthnLevel' => (
1403				is => 'rw',
1404				isa => 'Int',
1405				default => '5',
1406				documentation => 'SSL authentication level',
1407				);
1408
1409				has 'successLoginNumber' => (
1410				is => 'rw',
1411				isa => 'Int',
1412				default => '5',
1413				documentation => 'Number of success stored in login history',
1414				);
1415
1416				has 'syslog' => (
1417				is => 'rw',
1418				isa => 'Str',
1419				default => '',
1420				documentation => 'Syslog facility',
1421				);
1422
1423				## T
1424
1425				has 'timeout' => (
1426				is => 'rw',
1427				isa => 'Int',
1428				default => '72000',
1429				documentation => 'Session timeout on server side',
1430				);
1431
1432				has 'timeoutActivity' => (
1433				is => 'rw',
1434				isa => 'Int',
1435				default => '0',
1436				documentation => 'Session activity timeout on server side',
1437				);
1438
1439				has 'trustedProxies' => (
1440				is => 'rw',
1441				isa => 'Str',
1442				default => '',
1443				documentation => 'Trusted proxies',
1444				);
1445
1446				has 'twitterAuthnLevel' => (
1447				is => 'rw',
1448				isa => 'Int',
1449				default => '1',
1450				documentation => 'Twitter authentication level',
1451				);
1452
1453				## U
1454
1455				has 'userControl' => (
1456				is => 'rw',
1457				isa => 'Str',
1458				default => '^[\w\.\-@]+$',
1459				documentation => 'Regular expression to validate login',
1460				);
1461
1462				has 'userDB' => (
1463				is => 'rw',
1464				isa => 'Str',
1465				default => 'Demo',
1466				documentation => 'User module',
1467				);
1468
1469				has 'useRedirectOnError' => (
1470				is => 'rw',
1471				isa => 'Bool',
1472				default => '1',
1473				documentation => 'Use 302 redirect code for error (500)',
1474				);
1475
1476				has 'useRedirectOnForbidden' => (
1477				is => 'rw',
1478				isa => 'Bool',
1479				default => '0',
1480				documentation => 'Use 302 redirect code for forbidden (403)',
1481				);
1482
1483				has 'useSafeJail' => (
1484				is => 'rw',
1485				isa => 'Bool',
1486				default => '1',
1487				documentation => 'Activate Safe jail',
1488				);
1489
1490				## V
1491
1492				## W
1493
1494				has 'webIDAuthnLevel' => (
1495				is => 'rw',
1496				isa => 'Int',
1497				default => '1',
1498				documentation => 'WebID authentication level',
1499				);
1500
1501				has 'webIDExportedVars' => (
1502				is => 'rw',
1503				isa => 'HashRef',
1504				default => sub { return {}; },
1505				documentation => 'WebID exported variables',
1506				);
1507
1508				has 'whatToTrace' => (
1509				is => 'rw',
1510				isa => 'Str',
1511				default => 'uid',
1512				documentation => 'Session parameter used to fill REMOTE_USER',
1513				);
1514
1515				## X
1516
1517				## Y
1518
1519				has 'yubikeyAuthnLevel' => (
1520				is => 'rw',
1521				isa => 'Int',
1522				default => '3',
1523				documentation => 'Yubikey authentication level',
1524				);
1525
1526				has 'yubikeyPublicIDSize' => (
1527				is => 'rw',
1528				isa => 'Int',
1529				default => '12',
1530				documentation => 'Yubikey public ID size',
1531				);
1532
1533				## Z
1534
1535	6	6	29650	no Mouse;
	6		21
	6		48
1536
1537				1;