Update documentation for #2330

doc/sources/admin/authsaml.rst

@@ -98,12 +98,12 @@ Exported attributes
 
 For each attribute, you can set:
 
--  **Key name**: name of the key in LemonLDAP::NG session (for example
-   "uid" will then be used as $uid in access rules)
+-  **Variable name**: name of the variable in LemonLDAP::NG session that will contain this attribute. For example
+   "uid" will then be used as $uid in access rules
+-  **Attribute name**: name of the SAML attribute coming from the remote IDP
+-  **Friendly Name**: optional, SAML attribute friendly name.
 -  **Mandatory**: if set to On, then session will not open if this
    attribute is not given by IDP.
--  **Name**: SAML attribute name.
--  **Friendly Name**: optional, SAML attribute friendly name.
 -  **Format** (optional): SAML attribute format.
 
 |image1|

doc/sources/admin/idpopenidconnect.rst

@@ -166,11 +166,16 @@ claim <http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims>`__.
 
 .. include:: openidconnectclaims.rst
 
-So you can define for example:
+For each OpenID Connect claim you want to release to applications, you can define:
 
--  name => cn
--  family_name => sn
--  email => mail
+* **Claim name**: the name of the claim as it will appear in Userinfo responses
+* **Variable name**: the name of the LemonLDAP::NG session variable containing the claim value
+* **Type**: the data type of the attribute. By default, a string. Choosing integer or boolean will make the claim appear as the corresponding JSON type.
+* **Array**: choose how to process multi-valued attributes
+
+  * **Auto**: If the session key contains a single value, it will be released as a JSON number, string or boolean, depending on the previously specified type. If the session key contains multiple values, it will be released as an array of numbers, strings or booleans.
+  * **Always**: Return an array even if the attribute only contains one value
+  * **Never**: If the session key contains a single value, it will be released as a JSON number, string or boolean. If the session key contains multiple values, it will be released as a single string with a separator character.
 
 
 .. attention::
@@ -178,6 +183,7 @@ So you can define for example:
     The specific ``sub`` attribute is not defined here, but
     in User attribute parameter (see below).
 
+
 Extra Claims
 ^^^^^^^^^^^^
 

doc/sources/admin/idpsaml.rst

@@ -89,9 +89,9 @@ Exported attributes
 
 For each attribute, you can set:
 
--  **Key name**: name of the key in LemonLDAP::NG session
--  **Name**: SAML attribute name.
--  **Friendly Name**: optional, SAML attribute friendly name.
+-  **Variable name**: name of the variable in LemonLDAP::NG session
+-  **Attribute name**: name of the SAML attribute that will be seen by applications
+-  **Friendly Name**: optional, friendly name of the SAML attribute seen by applications
 -  **Mandatory**: if set to "On", then this attribute is required to
    build the SAML response, an error will displayed if there is no value
    for it. Optional attribute will be sent only if there is a value

lemonldap-ng-manager/site/htdocs/static/forms/oidcAttribute.html

@@ -5,12 +5,12 @@
   <table class="table">
     <!-- Key Name -->
     <tr>
-      <th><span trspan="keyname"></span></th>
+      <th><span trspan="claimName"></span></th>
       <td><input id="oakinput" class="form-control" ng-model="currentNode.title"/></td>
     </tr>
     <!-- Name -->
     <tr>
-      <th><span trspan="name"></span></th>
+      <th><span trspan="variableName"></span></th>
       <td><input id="oaninput" class="form-control" ng-model="currentNode.data[0]"/></td>
     </tr>
     <!-- Type -->

lemonldap-ng-manager/site/htdocs/static/forms/oidcAttributeContainer.html

@@ -6,8 +6,8 @@
     <table class="table table-striped">
       <thead>
         <tr>
-          <th trspan="keyname"></th>
-          <th trspan="name"></th>
+          <th trspan="claimName"></th>
+          <th trspan="variableName"></th>
           <th trspan="type"></th>
           <th trspan="array"></th>
           <th></th>

lemonldap-ng-manager/site/htdocs/static/forms/samlAttribute.html

@@ -5,12 +5,12 @@
   <table class="table">
     <!-- Key Name -->
     <tr>
-      <th><span trspan="keyname"></span></th>
+      <th><span trspan="variableName"></span></th>
       <td><input id="sakinput" class="form-control" ng-model="currentNode.title"/></td>
     </tr>
     <!-- Name -->
     <tr>
-      <th><span trspan="name"></span></th>
+      <th><span trspan="attributeName"></span></th>
       <td><input id="saninput" class="form-control" ng-model="currentNode.data[1]"/></td>
     </tr>
     <!-- Friendly Name -->

lemonldap-ng-manager/site/htdocs/static/forms/samlAttributeContainer.html

@@ -6,8 +6,8 @@
     <table class="table table-striped">
       <thead>
         <tr>
-          <th trspan="keyname"></th>
-          <th trspan="name"></th>
+          <th trspan="variableName"></th>
+          <th trspan="attributeName"></th>
           <th trspan="friendlyName"></th>
           <th trspan="mandatory"></th>
           <th trspan="format"></th>

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -55,6 +55,7 @@
 "appsInThisCat":"التطبيقات في هذه الفئة",
 "array":"Array",
 "attributesAndMacros":" السمات و الماكرو",
+"attributeName":"Attribute name",
 "authAndUserdb":"الترخيص وقاعدة بيانات المستخدم",
 "authChain":"سلسلة إثبات الهوية",
 "authChoice":"اختيار إثبات الهوية",
@@ -192,6 +193,7 @@
 "cfgVersion":"عملية ضبط الإصدارات",
 "checkXSS":"تحقق من هجمات XSS",
 "clickHereToForce":"انقر هنا لإجبار",
+"claimName":"Claim name",
 "checkboxes":"Checkboxes",
 "checkState":"تفعيل",
 "checkStateSecret":"سر مشترك",
@@ -995,6 +997,7 @@
 "value":"القيمة",
 "values":"القيم",
 "variables":"المتغيرات",
+"variableName":"Variable name",
 "verifyU2FKey":"Verify U2F key",
 "verifyTOTPKey":"Verify TOTP key",
 "version":"الإصدار",
@@ -1175,4 +1178,4 @@
 "samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
 "samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/de.json

@@ -586,6 +586,7 @@
 "oidcConsents":"OpenID Connect Consents",
 "oidcOP":"OpenID Connect Provider",
 "oidcOPMetaDataExportedVars":"Exported attributes",
+"attributeName":"Attribute name",
 "oidcOPMetaDataJSON":"Metadata",
 "oidcOPMetaDataJWKS":"JWKS data",
 "oidcOPMetaDataNode":"OpenID Connect Providers",
@@ -611,6 +612,7 @@
 "oidcRPMetaDataOptionsLogoutUrl":"URL",
 "oidcOPMetaDataOptionsProtocol":"Protocol",
 "oidcRPMetaDataOptionsPublic":"Public client",
+"claimName":"Claim name",
 "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE",
 "oidcRPMetaDataOptionsAuthnLevel":"Authentication level",
 "oidcRPMetaDataOptionsRule":"Access rule",
@@ -691,6 +693,7 @@
 "openIdAttr":"OpenID login",
 "openIdAuthnLevel":"Authentication level",
 "openIdExportedVars":"Exported variables",
+"variableName":"Variable name",
 "openIdIDPList":"Authorized domains",
 "openIdIssuerSecret":"Secret token",
 "openidParams":"OpenID parameters",
@@ -1175,4 +1178,4 @@
 "samlRelayStateTimeout":"RelayState session timeout",
 "samlUseQueryStringSpecific":"Use specific query_string method",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -125,6 +125,7 @@
 "casAccessControlPolicy":"Access control policy",
 "casApp":"CAS Application",
 "casAppMetaDataExportedVars":"Exported attributes",
+"attributeName":"Attribute name",
 "casAppMetaDataNodes":"CAS Applications",
 "casAppMetaDataOptions":"Options",
 "casAppMetaDataOptionsService":"Service URL",
@@ -192,6 +193,7 @@
 "cfgVersion":"Configuration version",
 "checkXSS":"Check XSS attacks",
 "clickHereToForce":"Click here to force",
+"claimName":"Claim name",
 "checkboxes":"Checkboxes",
 "checkState":"Activation",
 "checkStateSecret":"Shared secret",
@@ -259,6 +261,7 @@
 "dbiAuthUser":"User",
 "dbiConnection":"Connection",
 "dbiExportedVars":"Exported variables",
+"variableName":"Variable name",
 "dbiParams":"DBI parameters",
 "dbiPassword":"Password",
 "dbiPasswordMailCol":"Mail field name",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -55,6 +55,7 @@
 "appsInThisCat":"Applications dans cette catégorie",
 "array":"Tableau",
 "attributesAndMacros":"Attributs et Macros",
+"attributeName":"Nom de l'attribut",
 "authAndUserdb":"Authent. et BD utilisateurs",
 "authChain":"Chaîne d'authentification",
 "authChoice":"Choix d'authentification",
@@ -192,6 +193,7 @@
 "cfgVersion":"Version de la configuration",
 "checkXSS":"Contrôler les attaques XSS",
 "clickHereToForce":"Cliquer ici pour forcer",
+"claimName":"Nom de la revendication",
 "checkboxes":"Cases à cocher",
 "checkState":"Activation",
 "checkStateSecret":"Secret partagé",
@@ -535,6 +537,7 @@
 "newHost":"Nouvel hôte",
 "newPost":"Nouveau rejeu de formulaire",
 "newPostVar":"Nouvelle variable",
+"variableName":"Nom de la variable",
 "newRSAKey":"Nouvelles clefs",
 "newRule":"Nouvelle règle",
 "newSfOver":"Nouveau paramètre",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -55,6 +55,7 @@
 "appsInThisCat":"Applicazioni in questa categoria",
 "array":"Array",
 "attributesAndMacros":"Attributi e Macro",
+"attributeName":"Attribute name",
 "authAndUserdb":"Authz e utente DB",
 "authChain":"Catena di autenticazione",
 "authChoice":"Scelta di autenticazione",
@@ -192,6 +193,7 @@
 "cfgVersion":"Versione configurazione",
 "checkXSS":"Verifica attacchi XSS",
 "clickHereToForce":"Clicca qui per forzare",
+"claimName":"Claim name",
 "checkboxes":"Checkboxes",
 "checkState":"Attivazione",
 "checkStateSecret":"Segreto condiviso",
@@ -535,6 +537,7 @@
 "newHost":"Nuovo host",
 "newPost":"Nuovo formulario di risposta",
 "newPostVar":"Nuova variabile",
+"variableName":"Variable name",
 "newRSAKey":"Nuove chiavi",
 "newRule":"Nuova regola",
 "newSfOver":"Nuovo parametro",
@@ -1175,4 +1178,4 @@
 "samlRelayStateTimeout":"Timeout di sessione di RelayState",
 "samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
 "samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/pl.json

@@ -55,6 +55,7 @@
 "appsInThisCat":"Aplikacje w tej kategorii",
 "array":"Array",
 "attributesAndMacros":"Atrybuty i Makra",
+"attributeName":"Attribute name",
 "authAndUserdb":"Authz i baza danych użytkownika",
 "authChain":"Łańcuch uwierzytelnienia",
 "authChoice":"Wybór uwierzytelnienia",
@@ -192,6 +193,7 @@
 "cfgVersion":"Wersja konfiguracji",
 "checkXSS":"Sprawdź ataki XSS",
 "clickHereToForce":"Kliknij tutaj, aby wymusić",
+"claimName":"Claim name",
 "checkboxes":"Checkboxes",
 "checkState":"Aktywacja",
 "checkStateSecret":"Współdzielony sekret",
@@ -995,6 +997,7 @@
 "value":"Wartość",
 "values":"Wartości",
 "variables":"Zmienne",
+"variableName":"Variable name",
 "verifyU2FKey":"Sprawdź klucz U2F",
 "verifyTOTPKey":"Sprawdź klucz TOTP",
 "version":"Wersja",
@@ -1175,4 +1178,4 @@
 "samlRelayStateTimeout":"Limit czasu sesji RelayState",
 "samlUseQueryStringSpecific":"Użyj określonej metody query_string",
 "samlOverrideIDPEntityID":"Zastąp identyfikator jednostki podczas działania jako IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/tr.json

@@ -55,6 +55,7 @@
 "appsInThisCat":"Bu kategorideki uygulamalar",
 "array":"Array",
 "attributesAndMacros":"Nitelikler ve Makrolar",
+"attributeName":"Attribute name",
 "authAndUserdb":"Yetkilendirme ve kullanıcı veri tabanı",
 "authChain":"Doğrulama zinciri",
 "authChoice":"Kimlik doğrulama tercihi",
@@ -192,6 +193,7 @@
 "cfgVersion":"Yapılandırma sürümü",
 "checkXSS":"XSS saldırılarını kontrol et",
 "clickHereToForce":"Zorlamak için buraya tıklayın",
+"claimName":"Claim name",
 "checkboxes":"Onay kutuları",
 "checkState":"Aktivasyon",
 "checkStateSecret":"Paylaşılan sır",
@@ -995,6 +997,7 @@
 "value":"Değer",
 "values":"Değerler",
 "variables":"Değişkenler",
+"variableName":"Variable name",
 "verifyU2FKey":"U2F anahtarını doğrula",
 "verifyTOTPKey":"TOTP anahtarını doğrula",
 "version":"Sürüm",
@@ -1175,4 +1178,4 @@
 "samlRelayStateTimeout":"RelayState oturum zaman aşımı",
 "samlUseQueryStringSpecific":"Spesifik query_string metodu kullan",
 "samlOverrideIDPEntityID":"IDP olarak davrandığında Varlık ID'yi geçersiz kıl"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -192,6 +192,7 @@
 "cfgVersion":"Phiên bản cấu hình",
 "checkXSS":"Kiểm tra tấn công XSS",
 "clickHereToForce":"Nhấp vào đây để bắt buộc",
+"claimName":"Claim name",
 "checkboxes":"Checkboxes",
 "checkState":"Kích hoạt",
 "checkStateSecret":"Chia sẻ bí mật",
@@ -832,6 +833,7 @@
 "rest2fVerifyArgs":"Verify Arguments",
 "rest2fVerifyUrl":"Verify URL",
 "restExportSecretKeys":"Export secret attributes in REST",
+"attributeName":"Attribute name",
 "restParams":"Tham số REST",
 "restPwdConfirmUrl":"URL xác nhận mật khẩu",
 "restPwdModifyUrl":"URL thay đổi mật khẩu",
@@ -995,6 +997,7 @@
 "value":"Giá trị",
 "values":"Giá trị",
 "variables":"biến",
+"variableName":"Variable name",
 "verifyU2FKey":"Verify U2F key",
 "verifyTOTPKey":"Verify TOTP key",
 "version":"Phiên bản",
@@ -1175,4 +1178,4 @@
 "samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
 "samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -586,6 +586,7 @@
 "oidcConsents":"OpenID Connect Consents",
 "oidcOP":"OpenID Connect Provider",
 "oidcOPMetaDataExportedVars":"Exported attributes",
+"attributeName":"Attribute name",
 "oidcOPMetaDataJSON":"Metadata",
 "oidcOPMetaDataJWKS":"JWKS data",
 "oidcOPMetaDataNode":"OpenID Connect Providers",
@@ -611,6 +612,7 @@
 "oidcRPMetaDataOptionsLogoutUrl":"URL",
 "oidcOPMetaDataOptionsProtocol":"Protocol",
 "oidcRPMetaDataOptionsPublic":"Public client",
+"claimName":"Claim name",
 "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE",
 "oidcRPMetaDataOptionsAuthnLevel":"认证级别",
 "oidcRPMetaDataOptionsRule":"Access rule",
@@ -691,6 +693,7 @@
 "openIdAttr":"OpenID login",
 "openIdAuthnLevel":"认证等级",
 "openIdExportedVars":"Exported variables",
+"variableName":"Variable name",
 "openIdIDPList":"Authorized domains",
 "openIdIssuerSecret":"Secret token",
 "openidParams":"OpenID parameters",
@@ -1175,4 +1178,4 @@
 "samlRelayStateTimeout":"RelayState session timeout",
 "samlUseQueryStringSpecific":"Use specific query_string method",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}