| Key name | Documentation | Portal | Handler | Manager | ini file only |
| ADPwdExpireWarning | AD password expire warning | ✔ | | | |
| ADPwdMaxAge | AD password max age | ✔ | | | |
| AuthLDAPFilter | LDAP filter for auth search | ✔ | | | |
| LDAPFilter | Default LDAP filter | ✔ | | | |
| SMTPAuthPass | Password to use to send mails | ✔ | | | |
| SMTPAuthUser | Login to use to send mails | ✔ | | | |
| SMTPPort | Fix SMTP port | ✔ | | | |
| SMTPServer | SMTP Server | ✔ | | | |
| SMTPTLS | TLS protocol to use with SMTP | ✔ | | | |
| SMTPTLSOpts | TLS/SSL options for SMTP | ✔ | | | |
| SSLAuthnLevel | SSL authentication level | ✔ | | | |
| SSLVar | | ✔ | | | |
| SSLVarIf | | ✔ | | | |
| activeTimer | Enable timers on portal pages | ✔ | | | |
| apacheAuthnLevel | Apache authentication level | ✔ | | | |
| applicationList | Applications list | ✔ | | | |
| authChoiceAuthBasic | Auth module used by AuthBasic handler | ✔ | | | |
| authChoiceModules | Hash list of Choice strings | ✔ | | | |
| authChoiceParam | Applications list | ✔ | | | |
| authentication | Authentication module | ✔ | | | |
| autoSigninRules | List of auto signin rules | ✔ | | | |
| available2F | Available second factor modules | ✔ | | | ✔ |
| available2FSelfRegistration | Available self-registration modules for second factor | ✔ | | | ✔ |
| browsersDontStorePassword | Avoid browsers to store users password | ✔ | | | |
| bruteForceProtection | Enable brute force attack protection | ✔ | | | |
| bruteForceProtectionMaxAge | Brute force attack protection -> Max age between last and first allowed failed login | ✔ | | | ✔ |
| bruteForceProtectionMaxFailed | Brute force attack protection -> Max allowed failed login | ✔ | | | ✔ |
| bruteForceProtectionTempo | Brute force attack protection -> Tempo before try again | ✔ | | | ✔ |
| captcha_login_enabled | Captcha on login page | ✔ | | | |
| captcha_mail_enabled | Captcha on password reset page | ✔ | | | |
| captcha_register_enabled | Captcha on account creation page | ✔ | | | |
| captcha_size | Captcha size | ✔ | | | |
| casAccessControlPolicy | CAS access control policy | ✔ | | | |
| casAppMetaDataOptions | Root of CAS app options | ✔ | | | [1] |
| casAttr | Pivot attribute for CAS | ✔ | | | |
| casAttributes | CAS exported attributes | ✔ | | | |
| casAuthnLevel | CAS authentication level | ✔ | | | |
| casSrvMetaDataOptions | Root of CAS server options | ✔ | | | [1] |
| casStorage | Apache::Session module to store CAS user data | ✔ | | | |
| casStorageOptions | Apache::Session module parameters | ✔ | | | |
| cda | Enable Cross Domain Authentication | ✔ | ✔ | | |
| certificateResetByMailCeaAttribute | | ✔ | | | |
| certificateResetByMailCertificateAttribute | | ✔ | | | |
| certificateResetByMailReplyTo | URL of certificate reset page | ✔ | | | |
| certificateResetByMailSender | URL of certificate reset page | ✔ | | | |
| certificateResetByMailStep1Body | Custom Certificate reset mail body | ✔ | | | |
| certificateResetByMailStep1Subject | Mail subject for certificate reset email | ✔ | | | |
| certificateResetByMailStep2Body | Custom confirm Certificate reset mail body | ✔ | | | |
| certificateResetByMailStep2Subject | Mail subject for reset confirmation | ✔ | | | |
| certificateResetByMailURL | URL of certificate reset page | ✔ | | | |
| certificateResetByMailValidityDelay | | ✔ | | | |
| cfgAuthor | Name of the author of the current configuration | ✔ | | | ✔ |
| cfgAuthorIP | Uploader IP address of the current configuration | ✔ | | | ✔ |
| cfgDate | Timestamp of the current configuration | ✔ | | | ✔ |
| cfgLog | Configuration update log | ✔ | | | ✔ |
| cfgNum | Enable Cross Domain Authentication | ✔ | | | ✔ |
| cfgVersion | Version of LLNG which build configuration | ✔ | | | ✔ |
| checkState | Enable CheckState plugin | ✔ | | | |
| checkStateSecret | Secret token for CheckState plugin | ✔ | | | |
| checkTime | Timeout to check new configuration in local cache | ✔ | ✔ | | ✔ |
| checkUser | Enable check user | ✔ | | | |
| checkUserDisplayEmptyValues | Display session empty values | ✔ | | | |
| checkUserDisplayPersistentInfo | Display persistent session info | ✔ | | | |
| checkUserHiddenAttributes | Attributes to hide in CheckUser plugin | ✔ | | | |
| checkUserIdRule | checkUser identities rule | ✔ | | | |
| checkUserSearchAttributes | Attributes used for retrieving sessions in user DataBase | ✔ | | | |
| checkXSS | Check XSS | ✔ | | | |
| combModules | Combination module description | ✔ | | | |
| combination | Combination rule | ✔ | | | |
| configStorage | Configuration storage | ✔ | ✔ | ✔ | ✔ |
| confirmFormMethod | HTTP method for confirm page form | ✔ | | | |
| contextSwitchingIdRule | Context switching identities rule | ✔ | | | |
| contextSwitchingRule | Context switching activation rule | ✔ | | | |
| contextSwitchingStopWithLogout | Stop context switching by logout | ✔ | | | |
| cookieExpiration | Cookie expiration | ✔ | ✔ | | |
| cookieName | Name of the main cookie | ✔ | ✔ | | |
| corsAllow_Credentials | Allow credentials for Cross-Origin Resource Sharing | ✔ | | | |
| corsAllow_Headers | Allowed headers for Cross-Origin Resource Sharing | ✔ | | | |
| corsAllow_Methods | Allowed methods for Cross-Origin Resource Sharing | ✔ | | | |
| corsAllow_Origin | Allowed origine for Cross-Origin Resource Sharing | ✔ | | | |
| corsEnabled | Enable Cross-Origin Resource Sharing | ✔ | | | |
| corsExpose_Headers | Exposed headers for Cross-Origin Resource Sharing | ✔ | | | |
| corsMax_Age | MAx-age for Cross-Origin Resource Sharing | ✔ | | | |
| cspConnect | Authorized Ajax destination for Content-Security-Policy | ✔ | | | |
| cspDefault | Default value for Content-Security-Policy | ✔ | | | |
| cspFont | Font source for Content-Security-Policy | ✔ | | | |
| cspFormAction | Form action destination for Content-Security-Policy | ✔ | | | |
| cspImg | Image source for Content-Security-Policy | ✔ | | | |
| cspScript | Javascript source for Content-Security-Policy | ✔ | | | |
| cspStyle | Style source for Content-Security-Policy | ✔ | | | |
| customAddParams | Custom additional parameters | ✔ | | | |
| customAuth | Custom auth module | ✔ | | | |
| customFunctions | List of custom functions | ✔ | ✔ | ✔ | |
| customPassword | Custom password module | ✔ | | | |
| customPlugins | Custom plugins | ✔ | | | |
| customPluginsParams | Custom plugins parameters | ✔ | | | |
| customRegister | Custom register module | ✔ | | | |
| customToTrace | Session parameter used to fill REMOTE_CUSTOM | ✔ | ✔ | | |
| customUserDB | Custom user DB module | ✔ | | | |
| dbiAuthChain | | ✔ | | | |
| dbiAuthLoginCol | | ✔ | | | |
| dbiAuthPassword | | ✔ | | | |
| dbiAuthPasswordCol | | ✔ | | | |
| dbiAuthPasswordHash | | ✔ | | | |
| dbiAuthTable | | ✔ | | | |
| dbiAuthUser | | ✔ | | | |
| dbiAuthnLevel | DBI authentication level | ✔ | | | |
| dbiDynamicHashEnabled | | ✔ | | | |
| dbiDynamicHashNewPasswordScheme | | ✔ | | | |
| dbiDynamicHashValidSaltedSchemes | | ✔ | | | |
| dbiDynamicHashValidSchemes | | ✔ | | | |
| dbiExportedVars | DBI exported variables | ✔ | | | |
| dbiPasswordMailCol | | ✔ | | | |
| dbiUserChain | | ✔ | | | |
| dbiUserPassword | | ✔ | | | |
| dbiUserTable | | ✔ | | | |
| dbiUserUser | | ✔ | | | |
| decryptValueFunctions | Custom function used for decrypting values | ✔ | | | |
| decryptValueRule | Decrypt value activation rule | ✔ | | | |
| demoExportedVars | Demo exported variables | ✔ | | | |
| disablePersistentStorage | Enabled persistent storage | ✔ | | | |
| domain | DNS domain | ✔ | ✔ | | |
| dontCompactConf | Don t compact configuration | ✔ | | | |
| exportedAttr | List of attributes to export by SOAP or REST servers | ✔ | | | |
| exportedVars | Main exported variables | ✔ | | | |
| ext2FSendCommand | Send command of External second factor | ✔ | | | |
| ext2FValidateCommand | Validation command of External second factor | ✔ | | | |
| ext2fActivation | External second factor activation | ✔ | | | |
| ext2fAuthnLevel | Authentication level for users authentified by External second factor | ✔ | | | |
| ext2fCodeActivation | OTP generated by Portal | ✔ | | | |
| ext2fLabel | Portal label for External second factor | ✔ | | | |
| ext2fLogo | Custom logo for External 2F | ✔ | | | |
| facebookAppId | | ✔ | | | |
| facebookAppSecret | | ✔ | | | |
| facebookAuthnLevel | Facebook authentication level | ✔ | | | |
| facebookExportedVars | Facebook exported variables | ✔ | | | |
| facebookUserField | | ✔ | | | |
| failedLoginNumber | Number of failures stored in login history | ✔ | | | |
| forceGlobalStorageIssuerOTT | Force Issuer tokens to be stored into Global Storage | ✔ | | | ✔ |
| forceGlobalStorageUpgradeOTT | Force Upgrade tokens be stored into Global Storage | ✔ | | | ✔ |
| formTimeout | Token timeout for forms | ✔ | | | |
| globalLogoutRule | Global logout activation rule | ✔ | | | |
| globalLogoutTimer | Global logout auto accept time | ✔ | | | |
| globalStorage | Session backend module | ✔ | ✔ | | |
| globalStorageOptions | Session backend module options | ✔ | ✔ | | |
| gpgAuthnLevel | GPG authentication level | ✔ | | | |
| gpgDb | GPG keys database | ✔ | | | |
| grantSessionRules | Rules to grant sessions | ✔ | | | |
| groups | Groups | ✔ | | | |
| handlerInternalCache | Handler internal cache timeout | ✔ | ✔ | | ✔ |
| handlerServiceTokenTTL | Handler ServiceToken timeout | ✔ | ✔ | | ✔ |
| hiddenAttributes | Name of attributes to hide in logs | ✔ | | | |
| hideOldPassword | Hide old password in portal | ✔ | | | |
| httpOnly | Enable httpOnly flag in cookie | ✔ | ✔ | | |
| https | Use HTTPS for redirection from portal | | ✔ | | |
| impersonationHiddenAttributes | Attributes to skip | ✔ | | | |
| impersonationIdRule | Impersonation identities rule | ✔ | | | |
| impersonationMergeSSOgroups | Merge spoofed and real SSO groups | ✔ | | | |
| impersonationPrefix | Prefix to rename real session attributes | ✔ | | | ✔ |
| impersonationRule | Impersonation activation rule | ✔ | | | |
| impersonationSkipEmptyValues | Skip session empty values | ✔ | | | |
| infoFormMethod | HTTP method for info page form | ✔ | | | |
| issuerDBCASActivation | CAS server activation | ✔ | | | |
| issuerDBCASPath | CAS server request path | ✔ | | | |
| issuerDBCASRule | CAS server rule | ✔ | | | |
| issuerDBGetActivation | Get issuer activation | ✔ | | | |
| issuerDBGetParameters | List of virtualHosts with their get parameters | ✔ | | | |
| issuerDBGetPath | Get issuer request path | ✔ | | | |
| issuerDBGetRule | Get issuer rule | ✔ | | | |
| issuerDBOpenIDActivation | OpenID server activation | ✔ | | | |
| issuerDBOpenIDConnectActivation | OpenID Connect server activation | ✔ | | | |
| issuerDBOpenIDConnectPath | OpenID Connect server request path | ✔ | | | |
| issuerDBOpenIDConnectRule | OpenID Connect server rule | ✔ | | | |
| issuerDBOpenIDPath | OpenID server request path | ✔ | | | |
| issuerDBOpenIDRule | OpenID server rule | ✔ | | | |
| issuerDBSAMLActivation | SAML IDP activation | ✔ | | | |
| issuerDBSAMLPath | SAML IDP request path | ✔ | | | |
| issuerDBSAMLRule | SAML IDP rule | ✔ | | | |
| issuersTimeout | Token timeout for issuers | ✔ | | | |
| jsRedirect | Use javascript for redirections | ✔ | | | |
| key | Secret key | ✔ | | | |
| krbAuthnLevel | Null authentication level | ✔ | | | |
| krbByJs | Launch Kerberos authentication by Ajax | ✔ | | | |
| krbKeytab | Kerberos keytab | ✔ | | | |
| krbRemoveDomain | Remove domain in Kerberos username | ✔ | | | |
| ldapAllowResetExpiredPassword | Allow a user to reset his expired password | ✔ | | | |
| ldapAuthnLevel | LDAP authentication level | ✔ | | | |
| ldapBase | LDAP search base | ✔ | | | |
| ldapChangePasswordAsUser | | ✔ | | | |
| ldapExportedVars | LDAP exported variables | ✔ | | | |
| ldapGroupAttributeName | LDAP attribute name for member in groups | ✔ | | | |
| ldapGroupAttributeNameGroup | LDAP attribute name in group entry referenced as member in groups | ✔ | | | |
| ldapGroupAttributeNameSearch | LDAP attributes to search in groups | ✔ | | | |
| ldapGroupAttributeNameUser | LDAP attribute name in user entry referenced as member in groups | ✔ | | | |
| ldapGroupBase | | ✔ | | | |
| ldapGroupDecodeSearchedValue | Decode value before searching it in LDAP groups | ✔ | | | |
| ldapGroupObjectClass | LDAP object class of groups | ✔ | | | |
| ldapGroupRecursive | LDAP recursive search in groups | ✔ | | | |
| ldapITDS | Support for IBM Tivoli Directory Server | ✔ | | | |
| ldapPasswordResetAttribute | LDAP password reset attribute | ✔ | | | |
| ldapPasswordResetAttributeValue | LDAP password reset value | ✔ | | | |
| ldapPort | LDAP port | ✔ | | | |
| ldapPpolicyControl | | ✔ | | | |
| ldapPwdEnc | LDAP password encoding | ✔ | | | |
| ldapRaw | | ✔ | | | |
| ldapSearchDeref | "deref" param of Net::LDAP::search() | ✔ | | | |
| ldapServer | LDAP server (host or URI) | ✔ | | | |
| ldapSetPassword | | ✔ | | | |
| ldapTimeout | LDAP connection timeout | ✔ | | | |
| ldapUsePasswordResetAttribute | LDAP store reset flag in an attribute | ✔ | | | |
| ldapVersion | LDAP protocol version | ✔ | | | |
| linkedInAuthnLevel | LinkedIn authentication level | ✔ | | | |
| linkedInClientID | | ✔ | | | |
| linkedInClientSecret | | ✔ | | | |
| linkedInFields | | ✔ | | | |
| linkedInScope | | ✔ | | | |
| linkedInUserField | | ✔ | | | |
| localSessionStorage | Local sessions cache module | ✔ | | | |
| localSessionStorageOptions | Sessions cache module options | ✔ | | | |
| localStorage | Local cache | ✔ | ✔ | ✔ | ✔ |
| localStorageOptions | Local cache parameters | ✔ | ✔ | ✔ | ✔ |
| log4perlConfFile | Log4Perl logger configuration file | ✔ | ✔ | ✔ | ✔ |
| logLevel | Log level, must be set in .ini | ✔ | ✔ | ✔ | ✔ |
| logger | technical logger | ✔ | ✔ | ✔ | ✔ |
| loginHistoryEnabled | Enable login history | ✔ | | | |
| logoutServices | Send logout trough GET request to these services | ✔ | | | |
| lwpOpts | Options given to LWP::UserAgent | ✔ | | | |
| lwpSslOpts | SSL options given to LWP::UserAgent | ✔ | | | |
| macros | Macros | ✔ | | | |
| mail2fActivation | Mail second factor activation | ✔ | | | |
| mail2fAuthnLevel | Authentication level for users authenticated by Mail second factor | ✔ | | | |
| mail2fBody | Mail body for second factor authentication | ✔ | | | |
| mail2fCodeRegex | Regular expression to create a mail OTP code | ✔ | | | |
| mail2fLabel | Portal label for Mail second factor | ✔ | | | |
| mail2fLogo | Custom logo for Mail 2F | ✔ | | | |
| mail2fSubject | Mail subject for second factor authentication | ✔ | | | |
| mail2fTimeout | Second factor code timeout | ✔ | | | |
| mailBody | Custom password reset mail body | ✔ | | | |
| mailCharset | Mail charset | ✔ | | | |
| mailConfirmBody | Custom confirm password reset mail body | ✔ | | | |
| mailConfirmSubject | Mail subject for reset confirmation | ✔ | | | |
| mailFrom | Sender email | ✔ | | | |
| mailLDAPFilter | LDAP filter for mail search | ✔ | | | |
| mailOnPasswordChange | Send a mail when password is changed | ✔ | | | |
| mailReplyTo | Reply-To address | ✔ | | | |
| mailSessionKey | Session parameter where mail is stored | ✔ | | | |
| mailSubject | Mail subject for new password email | ✔ | | | |
| mailTimeout | Mail password reset session timeout | ✔ | | | |
| mailUrl | URL of password reset page | ✔ | | | |
| maintenance | Maintenance mode for all virtual hosts | | ✔ | | |
| managerDn | LDAP manager DN | ✔ | | | |
| managerPassword | LDAP manager Password | ✔ | | | |
| max2FDevices | Maximum registered 2F devices | ✔ | | | ✔ |
| max2FDevicesNameLength | Maximum 2F devices name length | ✔ | | | ✔ |
| multiValuesSeparator | Separator for multiple values | ✔ | ✔ | ✔ | |
| mySessionAuthorizedRWKeys | Alterable session keys by user itself | ✔ | | | ✔ |
| nginxCustomHandlers | Custom Nginx handler (deprecated) | ✔ | | | |
| noAjaxHook | Avoid replacing 302 by 401 for Ajax responses | ✔ | | | |
| notification | Notification activation | ✔ | | | |
| notificationDefaultCond | Notification default condition | ✔ | | | |
| notificationServer | Notification server activation | ✔ | | | |
| notificationServerDELETE | Notification server activation | ✔ | | | |
| notificationServerGET | Notification server activation | ✔ | | | |
| notificationServerPOST | Notification server activation | ✔ | | | |
| notificationServerSentAttributes | Prameters to send with notification server GET method | ✔ | | | |
| notificationStorage | Notification backend | ✔ | | | |
| notificationStorageOptions | Notification backend options | ✔ | | | |
| notificationWildcard | Notification string to match all users | ✔ | | | |
| notificationXSLTfile | Custom XSLT document for notifications | ✔ | | | |
| notifyDeleted | Show deleted sessions in portal | ✔ | | | |
| notifyOther | Show other sessions in portal | ✔ | | | |
| nullAuthnLevel | Null authentication level | ✔ | | | |
| oidcAuthnLevel | OpenID Connect authentication level | ✔ | | | |
| oidcOPMetaDataOptions | | ✔ | | | [1] |
| oidcRPCallbackGetParam | OpenID Connect Callback GET URLparameter | ✔ | | | |
| oidcRPMetaDataOptions | | ✔ | | | [1] |
| oidcRPStateTimeout | OpenID Connect Timeout of state sessions | ✔ | | | |
| oidcServiceAccessTokenExpiration | OpenID Connect global access token TTL | ✔ | | | |
| oidcServiceAllowAuthorizationCodeFlow | OpenID Connect allow authorization code flow | ✔ | | | |
| oidcServiceAllowDynamicRegistration | OpenID Connect allow dynamic client registration | ✔ | | | |
| oidcServiceAllowHybridFlow | OpenID Connect allow hybrid flow | ✔ | | | |
| oidcServiceAllowImplicitFlow | OpenID Connect allow implicit flow | ✔ | | | |
| oidcServiceAuthorizationCodeExpiration | OpenID Connect global code TTL | ✔ | | | |
| oidcServiceDynamicRegistrationExportedVars | OpenID Connect exported variables for dynamic registration | ✔ | | | |
| oidcServiceDynamicRegistrationExtraClaims | OpenID Connect extra claims for dynamic registration | ✔ | | | |
| oidcServiceIDTokenExpiration | OpenID Connect global ID token TTL | ✔ | | | |
| oidcServiceKeyIdSig | OpenID Connect Signature Key ID | ✔ | | | |
| oidcServiceMetaDataAuthnContext | OpenID Connect Authentication Context Class Ref | ✔ | | | |
| oidcServiceMetaDataAuthorizeURI | OpenID Connect authorizaton endpoint | ✔ | | | |
| oidcServiceMetaDataBackChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ | | | |
| oidcServiceMetaDataCheckSessionURI | OpenID Connect check session iframe | ✔ | | | |
| oidcServiceMetaDataEndSessionURI | OpenID Connect end session endpoint | ✔ | | | |
| oidcServiceMetaDataFrontChannelURI | OpenID Connect Front-Channel logout endpoint | ✔ | | | |
| oidcServiceMetaDataIntrospectionURI | OpenID Connect introspection endpoint | ✔ | | | |
| oidcServiceMetaDataIssuer | OpenID Connect issuer | ✔ | | | |
| oidcServiceMetaDataJWKSURI | OpenID Connect JWKS endpoint | ✔ | | | |
| oidcServiceMetaDataRegistrationURI | OpenID Connect registration endpoint | ✔ | | | |
| oidcServiceMetaDataTokenURI | OpenID Connect token endpoint | ✔ | | | |
| oidcServiceMetaDataUserInfoURI | OpenID Connect user info endpoint | ✔ | | | |
| oidcServiceOfflineSessionExpiration | OpenID Connect global offline session TTL | ✔ | | | |
| oidcServicePrivateKeySig | | ✔ | | | |
| oidcServicePublicKeySig | | ✔ | | | |
| oidcStorage | Apache::Session module to store OIDC user data | ✔ | | | |
| oidcStorageOptions | Apache::Session module parameters | ✔ | | | |
| oldNotifFormat | Use old XML format for notifications | ✔ | | | |
| openIdAttr | | ✔ | | | |
| openIdAuthnLevel | OpenID authentication level | ✔ | | | |
| openIdExportedVars | OpenID exported variables | ✔ | | | |
| openIdIDPList | | ✔ | | | |
| openIdIssuerSecret | | ✔ | | | |
| openIdSPList | | ✔ | | | |
| openIdSecret | | ✔ | | | |
| openIdSreg_country | | ✔ | | | |
| openIdSreg_dob | | ✔ | | | |
| openIdSreg_email | OpenID SREG email session parameter | ✔ | | | |
| openIdSreg_fullname | OpenID SREG fullname session parameter | ✔ | | | |
| openIdSreg_gender | | ✔ | | | |
| openIdSreg_language | | ✔ | | | |
| openIdSreg_nickname | OpenID SREG nickname session parameter | ✔ | | | |
| openIdSreg_postcode | | ✔ | | | |
| openIdSreg_timezone | OpenID SREG timezone session parameter | ✔ | | | |
| pamAuthnLevel | PAM authentication level | ✔ | | | |
| pamService | PAM service | ✔ | | | |
| passwordDB | Password module | ✔ | | | |
| passwordPolicyMinDigit | Password policy: minimal digit characters | ✔ | | | |
| passwordPolicyMinLower | Password policy: minimal lower characters | ✔ | | | |
| passwordPolicyMinSize | Password policy: minimal size | ✔ | | | |
| passwordPolicyMinUpper | Password policy: minimal upper characters | ✔ | | | |
| passwordResetAllowedRetries | Maximum number of retries to reset password | ✔ | | | |
| pdataDomain | pdata cookie DNS domain | ✔ | ✔ | | ✔ |
| persistentStorage | Storage module for persistent sessions | ✔ | | | |
| persistentStorageOptions | Options for persistent sessions storage module | ✔ | | | |
| port | Force port in redirection | | ✔ | | |
| portal | Portal URL | ✔ | ✔ | ✔ | |
| portalAntiFrame | Avoid portal to be displayed inside frames | ✔ | | | |
| portalCheckLogins | Display login history checkbox in portal | ✔ | | | |
| portalDisplayAppslist | Display applications tab in portal | ✔ | | | |
| portalDisplayCertificateResetByMail | Display Certificate Reset by mail tab in portal | ✔ | | | |
| portalDisplayChangePassword | Display password tab in portal | ✔ | | | |
| portalDisplayGeneratePassword | Display password generate box in reset password form | ✔ | | | |
| portalDisplayLoginHistory | Display login history tab in portal | ✔ | | | |
| portalDisplayLogout | Display logout tab in portal | ✔ | | | |
| portalDisplayOidcConsents | Display OIDC consent tab in portal | ✔ | | | |
| portalDisplayPasswordPolicy | Display policy in password form | ✔ | | | |
| portalDisplayRegister | Display register button in portal | ✔ | | | |
| portalDisplayResetPassword | Display reset password button in portal | ✔ | | | |
| portalErrorOnExpiredSession | Show error if session is expired | ✔ | | | |
| portalErrorOnMailNotFound | Show error if mail is not found in password reset process | ✔ | | | |
| portalForceAuthn | Enable force to authenticate when displaying portal | ✔ | | | |
| portalForceAuthnInterval | Maximum interval in seconds since last authentication to force reauthentication | ✔ | | | |
| portalMainLogo | Portal main logo path | ✔ | | | |
| portalOpenLinkInNewWindow | Open applications in new windows | ✔ | | | |
| portalPingInterval | Interval in ms between portal Ajax pings | ✔ | | | |
| portalRequireOldPassword | Old password is required to change the password | ✔ | | | |
| portalSkin | Name of portal skin | ✔ | | | |
| portalSkinBackground | Background image of portal skin | ✔ | | | |
| portalSkinRules | Rules to choose portal skin | ✔ | | | |
| portalStatus | Enable portal status | ✔ | | | |
| portalUserAttr | Session parameter to display connected user in portal | ✔ | | | |
| protection | Manager protection method | | ✔ | ✔ | ✔ |
| proxyAuthService | | ✔ | | | |
| proxyAuthnLevel | Proxy authentication level | ✔ | | | |
| proxySessionService | | ✔ | | | |
| proxyUseSoap | Use SOAP instead of REST | ✔ | | | |
| radius2fActivation | Radius second factor activation | ✔ | | | |
| radius2fAuthnLevel | Authentication level for users authenticated by Radius second factor | ✔ | | | |
| radius2fLabel | Portal label for Radius 2F | ✔ | | | |
| radius2fLogo | Custom logo for Radius 2F | ✔ | | | |
| radius2fSecret | | ✔ | | | |
| radius2fServer | | ✔ | | | |
| radius2fTimeout | Radius 2f verification timeout | ✔ | | | |
| radius2fUsernameSessionKey | Session key used as Radius login | ✔ | | | |
| radiusAuthnLevel | Radius authentication level | ✔ | | | |
| radiusSecret | | ✔ | | | |
| radiusServer | | ✔ | | | |
| randomPasswordRegexp | Regular expression to create a random password | ✔ | | | |
| redirectFormMethod | HTTP method for redirect page form | ✔ | | | |
| refreshSessions | Refresh sessions plugin | ✔ | | | |
| registerConfirmSubject | Mail subject for register confirmation | ✔ | | | |
| registerDB | Register module | ✔ | | | |
| registerDoneSubject | Mail subject when register is done | ✔ | | | |
| registerTimeout | Register session timeout | ✔ | | | |
| registerUrl | URL of register page | ✔ | | | |
| reloadTimeout | Configuration reload timeout | | | ✔ | |
| reloadUrls | URL to call on reload | ✔ | | | |
| remoteCookieName | | ✔ | | | |
| remoteGlobalStorage | Remote session backend | ✔ | | | |
| remoteGlobalStorageOptions | Apache::Session module parameters | ✔ | | | |
| remotePortal | | ✔ | | | |
| requireToken | Enable token for forms | ✔ | | | |
| rest2fActivation | REST second factor activation | ✔ | | | |
| rest2fAuthnLevel | Authentication level for users authentified by REST second factor | ✔ | | | |
| rest2fInitArgs | Args for REST 2F init | ✔ | | | |
| rest2fInitUrl | REST 2F init URL | ✔ | | | |
| rest2fLabel | Portal label for REST second factor | ✔ | | | |
| rest2fLogo | Custom logo for REST 2F | ✔ | | | |
| rest2fVerifyArgs | Args for REST 2F init | ✔ | | | |
| rest2fVerifyUrl | REST 2F init URL | ✔ | | | |
| restAuthUrl | | ✔ | | | |
| restAuthnLevel | REST authentication level | ✔ | | | |
| restClockTolerance | How tolerant the REST session server will be to clock dift | ✔ | | | |
| restConfigServer | Enable REST config server | ✔ | | | |
| restExportSecretKeys | Allow to export secret keys in REST session server | ✔ | | | |
| restPwdConfirmUrl | | ✔ | | | |
| restPwdModifyUrl | | ✔ | | | |
| restSessionServer | Enable REST session server | ✔ | | | |
| restUserDBUrl | | ✔ | | | |
| samlAttributeAuthorityDescriptorAttributeServiceSOAP | SAML Attribute Authority SOAP | ✔ | | | |
| samlAuthnContextMapKerberos | SAML authn context kerberos level | ✔ | | | |
| samlAuthnContextMapPassword | SAML authn context password level | ✔ | | | |
| samlAuthnContextMapPasswordProtectedTransport | SAML authn context password protected transport level | ✔ | | | |
| samlAuthnContextMapTLSClient | SAML authn context TLS client level | ✔ | | | |
| samlCommonDomainCookieActivation | SAML CDC activation | ✔ | | | |
| samlCommonDomainCookieDomain | | ✔ | | | |
| samlCommonDomainCookieReader | | ✔ | | | |
| samlCommonDomainCookieWriter | | ✔ | | | |
| samlDiscoveryProtocolActivation | SAML Discovery Protocol activation | ✔ | | | |
| samlDiscoveryProtocolIsPassive | SAML Discovery Protocol Is Passive | ✔ | | | |
| samlDiscoveryProtocolPolicy | SAML Discovery Protocol Policy | ✔ | | | |
| samlDiscoveryProtocolURL | SAML Discovery Protocol EndPoint URL | ✔ | | | |
| samlEntityID | SAML service entityID | ✔ | | | |
| samlIDPMetaDataOptions | | ✔ | | | [1] |
| samlIDPSSODescriptorArtifactResolutionServiceArtifact | SAML IDP artifact resolution service | ✔ | | | |
| samlIDPSSODescriptorSingleLogoutServiceHTTPPost | SAML IDP SLO HTTP POST | ✔ | | | |
| samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect | SAML IDP SLO HTTP Redirect | ✔ | | | |
| samlIDPSSODescriptorSingleLogoutServiceSOAP | SAML IDP SLO SOAP | ✔ | | | |
| samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact | SAML IDP SSO HTTP Artifact | ✔ | | | |
| samlIDPSSODescriptorSingleSignOnServiceHTTPPost | SAML IDP SSO HTTP POST | ✔ | | | |
| samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect | SAML IDP SSO HTTP Redirect | ✔ | | | |
| samlIDPSSODescriptorWantAuthnRequestsSigned | SAML IDP want authn request signed | ✔ | | | |
| samlMetadataForceUTF8 | SAML force metadata UTF8 conversion | ✔ | | | |
| samlNameIDFormatMapEmail | SAML session parameter for NameID email | ✔ | | | |
| samlNameIDFormatMapKerberos | SAML session parameter for NameID kerberos | ✔ | | | |
| samlNameIDFormatMapWindows | SAML session parameter for NameID windows | ✔ | | | |
| samlNameIDFormatMapX509 | SAML session parameter for NameID x509 | ✔ | | | |
| samlOrganizationDisplayName | SAML service organization display name | ✔ | | | |
| samlOrganizationName | SAML service organization name | ✔ | | | |
| samlOrganizationURL | SAML service organization URL | ✔ | | | |
| samlOverrideIDPEntityID | Override SAML EntityID when acting as an IDP | ✔ | | | |
| samlRelayStateTimeout | SAML timeout of relay state | ✔ | | | |
| samlSPMetaDataOptions | | ✔ | | | [1] |
| samlSPSSODescriptorArtifactResolutionServiceArtifact | SAML SP artifact resolution service | ✔ | | | |
| samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact | SAML SP ACS HTTP artifact | ✔ | | | |
| samlSPSSODescriptorAssertionConsumerServiceHTTPPost | SAML SP ACS HTTP POST | ✔ | | | |
| samlSPSSODescriptorAuthnRequestsSigned | SAML SP AuthnRequestsSigned | ✔ | | | |
| samlSPSSODescriptorSingleLogoutServiceHTTPPost | SAML SP SLO HTTP POST | ✔ | | | |
| samlSPSSODescriptorSingleLogoutServiceHTTPRedirect | SAML SP SLO HTTP Redirect | ✔ | | | |
| samlSPSSODescriptorSingleLogoutServiceSOAP | SAML SP SLO SOAP | ✔ | | | |
| samlSPSSODescriptorWantAssertionsSigned | SAML SP WantAssertionsSigned | ✔ | | | |
| samlServicePrivateKeyEnc | SAML encryption private key | ✔ | | | |
| samlServicePrivateKeyEncPwd | | ✔ | | | |
| samlServicePrivateKeySig | SAML signature private key | ✔ | | | |
| samlServicePrivateKeySigPwd | SAML signature private key password | ✔ | | | |
| samlServicePublicKeyEnc | SAML encryption public key | ✔ | | | |
| samlServicePublicKeySig | SAML signature public key | ✔ | | | |
| samlServiceSignatureMethod | | ✔ | | | |
| samlServiceUseCertificateInResponse | Use certificate instead of public key in SAML responses | ✔ | | | |
| samlStorage | Apache::Session module to store SAML user data | ✔ | | | |
| samlStorageOptions | Apache::Session module parameters | ✔ | | | |
| samlUseQueryStringSpecific | SAML use specific method for query_string | ✔ | | | |
| secureTokenAllowOnError | Secure Token allow requests in error | | ✔ | | ✔ |
| secureTokenAttribute | Secure Token attribute | | ✔ | | ✔ |
| secureTokenExpiration | Secure Token expiration | | ✔ | | ✔ |
| secureTokenHeader | Secure Token header | | ✔ | | ✔ |
| secureTokenMemcachedServers | Secure Token Memcached servers | | ✔ | | ✔ |
| secureTokenUrls | | | ✔ | | ✔ |
| securedCookie | Cookie securisation method | ✔ | ✔ | | |
| sentryDsn | Sentry logger DSN | ✔ | ✔ | ✔ | ✔ |
| sessionDataToRemember | Data to remember in login history | ✔ | | | |
| sfEngine | Second factor engine | ✔ | | | ✔ |
| sfExtra | Extra second factors | ✔ | | | |
| sfRemovedMsgRule | Display a message if at leat one expired SF has been removed | ✔ | | | |
| sfRemovedNotifMsg | Notification message | ✔ | | | |
| sfRemovedNotifRef | Notification reference | ✔ | | | |
| sfRemovedNotifTitle | Notification title | ✔ | | | |
| sfRemovedUseNotif | Use Notifications plugin to display message | ✔ | | | |
| sfRequired | Second factor required | ✔ | | | |
| showLanguages | Display langs icons | ✔ | | | |
| singleIP | Allow only one session per IP | ✔ | | | |
| singleSession | Allow only one session per user | ✔ | | | |
| singleSessionUserByIP | Allow only one session per user on an IP | ✔ | | | |
| singleUserByIP | Allow only one user per IP | ✔ | | | |
| skipRenewConfirmation | Avoid asking confirmation when an Issuer asks to renew auth | ✔ | | | |
| slaveAuthnLevel | Slave authentication level | ✔ | | | |
| slaveDisplayLogo | Display Slave authentication logo | ✔ | | | |
| slaveExportedVars | Slave exported variables | ✔ | | | |
| slaveHeaderContent | | ✔ | | | |
| slaveHeaderName | | ✔ | | | |
| slaveMasterIP | | ✔ | | | |
| slaveUserHeader | | ✔ | | | |
| soapConfigServer | Enable SOAP config server | ✔ | | | |
| soapSessionServer | Enable SOAP session server | ✔ | | | |
| sslByAjax | Use Ajax request for SSL | ✔ | | | |
| sslHost | URL for SSL Ajax request | ✔ | | | |
| staticPrefix | Prefix of static files for HTML templates | ✔ | | | ✔ |
| status | Status daemon activation | | ✔ | | ✔ |
| stayConnected | Enable StayConnected plugin | ✔ | | | |
| storePassword | Store password in session | ✔ | | | |
| successLoginNumber | Number of success stored in login history | ✔ | | | |
| syslogFacility | Syslog logger technical facility | ✔ | ✔ | ✔ | ✔ |
| timeout | Session timeout on server side | ✔ | | | |
| timeoutActivity | Session activity timeout on server side | ✔ | | | |
| timeoutActivityInterval | Update session timeout interval on server side | ✔ | | | |
| tokenUseGlobalStorage | Enable global token storage | ✔ | | | |
| totp2fActivation | TOTP activation | ✔ | | | |
| totp2fAuthnLevel | Authentication level for users authentified by password+TOTP | ✔ | | | |
| totp2fDigits | Number of digits for TOTP code | ✔ | | | |
| totp2fDisplayExistingSecret | Display existing TOTP secret in registration form | ✔ | | | |
| totp2fInterval | TOTP interval | ✔ | | | |
| totp2fIssuer | TOTP Issuer | ✔ | | | |
| totp2fLabel | Portal label for TOTP 2F | ✔ | | | |
| totp2fLogo | Custom logo for TOTP 2F | ✔ | | | |
| totp2fRange | TOTP range (number of interval to test) | ✔ | | | |
| totp2fSelfRegistration | TOTP self registration activation | ✔ | | | |
| totp2fTTL | TOTP device time to live | ✔ | | | |
| totp2fUserCanChangeKey | Authorize users to change existing TOTP secret | ✔ | | | |
| totp2fUserCanRemoveKey | Authorize users to remove existing TOTP secret | ✔ | | | |
| trustedDomains | Trusted domains | ✔ | | | |
| twitterAppName | | ✔ | | | |
| twitterAuthnLevel | Twitter authentication level | ✔ | | | |
| twitterKey | | ✔ | | | |
| twitterSecret | | ✔ | | | |
| twitterUserField | | ✔ | | | |
| u2fActivation | U2F activation | ✔ | | | |
| u2fAuthnLevel | Authentication level for users authentified by password+U2F | ✔ | | | |
| u2fLabel | Portal label for U2F | ✔ | | | |
| u2fLogo | Custom logo for U2F | ✔ | | | |
| u2fSelfRegistration | U2F self registration activation | ✔ | | | |
| u2fTTL | U2F device time to live | ✔ | | | |
| u2fUserCanRemoveKey | Authorize users to remove existing U2F key | ✔ | | | |
| upgradeSession | Upgrade session activation | ✔ | | | |
| useRedirectOnError | Use 302 redirect code for error (500) | | ✔ | | |
| useRedirectOnForbidden | Use 302 redirect code for forbidden (403) | ✔ | | | |
| useSafeJail | Activate Safe jail | ✔ | ✔ | | |
| userControl | Regular expression to validate login | ✔ | | | |
| userDB | User module | ✔ | | | |
| userLogger | User actions logger | ✔ | ✔ | ✔ | ✔ |
| userPivot | | ✔ | | | |
| userSyslogFacility | Syslog logger user-actions facility | ✔ | ✔ | ✔ | ✔ |
| utotp2fActivation | UTOTP activation (mixed U2F/TOTP module) | ✔ | | | |
| utotp2fAuthnLevel | Authentication level for users authentified by password+(U2F or TOTP) | ✔ | | | |
| utotp2fLabel | Portal label for U2F+TOTP | ✔ | | | |
| utotp2fLogo | Custom logo for U2F+TOTP | ✔ | | | |
| vhostOptions | | ✔ | | | [1] |
| viewerAllowBrowser | Allow configuration browser | ✔ | | | ✔ |
| viewerAllowDiff | Allow configuration diff | ✔ | | | ✔ |
| viewerHiddenKeys | Hidden Conf keys | | | ✔ | ✔ |
| webIDAuthnLevel | WebID authentication level | ✔ | | | |
| webIDExportedVars | WebID exported variables | ✔ | | | |
| webIDWhitelist | | ✔ | | | |
| whatToTrace | Session parameter used to fill REMOTE_USER | ✔ | ✔ | | |
| wsdlServer | Enable /portal.wsdl server | ✔ | | | |
| yubikey2fActivation | Yubikey second factor activation | ✔ | | | |
| yubikey2fAuthnLevel | Authentication level for users authentified by Yubikey second factor | ✔ | | | |
| yubikey2fClientID | Yubico client ID | ✔ | | | |
| yubikey2fLabel | Portal label for Yubikey second factor | ✔ | | | |
| yubikey2fLogo | Custom logo for Yubikey 2F | ✔ | | | |
| yubikey2fNonce | Yubico nonce | ✔ | | | |
| yubikey2fPublicIDSize | Yubikey public ID size | ✔ | | | |
| yubikey2fSecretKey | Yubico secret key | ✔ | | | |
| yubikey2fSelfRegistration | Yubikey self registration activation | ✔ | | | |
| yubikey2fTTL | Yubikey device time to live | ✔ | | | |
| yubikey2fUrl | Yubico server | ✔ | | | |
| yubikey2fUserCanRemoveKey | Authorize users to remove existing Yubikey | ✔ | | | |
| zimbraAccountKey | Zimbra account session key | | ✔ | | ✔ |
| zimbraBy | Zimbra account type | | ✔ | | ✔ |
| zimbraPreAuthKey | Zimbra preauthentication key | | ✔ | | ✔ |
| zimbraSsoUrl | Zimbra local SSO URL pattern | | ✔ | | ✔ |
| zimbraUrl | Zimbra preauthentication URL | | ✔ | | ✔ |