linotp.controllers.system module¶

system controller - to configure the system

class linotp.controllers.system.SystemController(*args, **kw)[source]¶

Bases: linotp.lib.base.BaseController

The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The SystemController is used to configure the LinOTP server. The functions of the SystemController are invoked like this

https://server/system/<functionname>

The functions are described below in more detail.

checkPolicy()[source]¶

method:

system/checkPolicy

description:

this function checks if a the given parameter will trigger a policy or not.

arguments:

user - the name of the user
realm - the realm
scope - the scope
action
client - the client IP

returns:

a json result like this:

value : { “allowed” : “true”,: “policy” : <Name der Policy, die das erlaubt hat> }
value : { “allowed” : “false”,: “info” : <sowas wie die Fehlermeldung> }

delConfig()[source]¶

delete a configuration key * if an error occurs an exception is serializedsetConfig and returned

Parameters:	key – configuration key name
Returns:	a json result with the deleted value

delPolicy()[source]¶

method:: system/delPolicy
description:: this function deletes the policy with the given name
arguments:: name - the policy with the given name
returns:: a json result about the delete success
exception:: if an error occurs an exception is serialized and returned

delProvider()[source]¶

method:: system/delProviders
description:: delete a SMS- and Email-providers
arguments:: name - the name of the SMS or EMail Provider type - the provider type

Returns:	boolean, true if number of deleted config entries is > 0 else False with message in detail

delRealm()[source]¶

method:: system/delRealm
description:: this function deletes the given realm
arguments:: realm - the name of the realm to be deleted
returns:: a json result if deleting the realm was successful
exception:: if an error occurs an exception is serialized and returned

delResolver()[source]¶

method:: system/delResolver
description:: this function deletes an existing resolver All config keys of this resolver get deleted
arguments:: resolver - the name of the resolver to delete.
returns:: success state
exception:: if an error occurs an exception is serialized and returned

getConfig()[source]¶

retrieve value of a defined configuration key, or if no key is given, the complete configuration is returned if an error occurs an exception is serialized and returned

remark: the assumption is, that the access to system/getConfig

is only allowed to privileged users

Parameters:	key – generic configuration entry name (optional)
Returns:	a json result with key value or all key + value pairs

getDefaultRealm()[source]¶

method:: system/getDefaultRealm
description:: this function returns the default realm
arguments:: ./.
returns:: a json description of the default realm
exception:: if an error occurs an exception is serialized and returned

getPolicy()[source]¶

method:

system/getPolicy

description:

this function is used to retrieve the policies that you defined.

arguments:

realm - (optional) will return all policies in the given realm
name - (optional) will only return the policy with the given

name
action (optional) will only return the policy with the given

action
user (optional) will only return the policy for this user
scope - (optional) will only return the policies within the

given scope
export - (optional) The filename needs to be specified as the

third part of the URL like /system/getPolicy/policy.cfg. It will then be exported to this file.
display_inactive - (optional) if set, then also inactive policies

will be displayed

returns:

a json result with the configuration of the specified policies

exception:

if an error occurs an exception is serialized and returned

getPolicyDef()[source]¶

method:

system/getPolicyDef

description:

This is a helper function that returns the POSSIBLE policy definitions, that can be used to define your policies.

arguments:

scope - optional - if given, the function will only return policy: definitions for the given scope.

returns:

the policy definitions of

allowed scopes
allowed actions in scopes
type of actions

exception:

if an error occurs an exception is serialized and returned

getProvider()[source]¶

method:: system/getProviders
description:: get a dict of SMS- and Email-providers
arguments:: name (optional) - the name of the provider in LinOTP type - the type of the provider: SMS or EMail

Returns:	dictionary of provider with its entries as dictionary {‘ProviderA’ : { ‘Timeout’: ‘100’, …}

getProviderDef()[source]¶

method:: system/getProviderDef
description:: get definition of a provider - used for automatic rendering
arguments:: type (required) - the provider type class (optional) - the specific class definition or the parent

class definition if not specified

Returns:	dictionary with the class as key and the parameters with their types as dictionaries

getRealms()[source]¶

method:: system/getRealms
description:: returns all realm definitinos as a json result.

arguments:

returns:: a json result with a list of Realms
exception:: if an error occurs an exception is serialized and returned

Either the admin has the policy scope=system, action=read or he is rights in scope=admin for some realms. If he does not have the system-read-right, then he will only see the realms, he is admin of.

getResolver()[source]¶

method:: system/getResolver
description:: this function retrieves the definition of the resolver
arguments:: resolver - the name of the resolver
returns:: a json result with the configuration of a specified resolver
exception:: if an error occurs an exception is serialized and returned

getResolvers()[source]¶

method:: system/getResolvers
descriptions:: returns a json list of all useridresolvers

arguments:

returns:: a json result with a list of all available resolvers
exception:: if an error occurs an exception is serialized and returned

getSupportInfo()[source]¶: return the support status, which is community support by default or the support subscription info, which could be the old license

importPolicy()[source]¶

method:: system/importPolicy
description:: This function is used to import policies from a file.
arguments:: file - mandatory: The policy file in the POST request

isSupportValid()[source]¶

verifies the support license status

if ok: status and value in response are both true
else: value is false and the detail is returned as detail in the response

policies_flexi()[source]¶: This function is used to fill the policies tab Unlike the complex /system/getPolcies function, it only returns a simple array of the tokens.

setConfig()[source]¶

set a configuration key or a set of configuration entries

parameter could either be in the form key=..&value=.. or as a set of generic keyname=value pairs.

Note

In case of key-value pairs the type information could be provided by an additional parameter with same keyname with the postfix “.type”. Value could then be ‘password’ to trigger the storing of the value in an encrypted form

Parameters:	key – configuration entry name value – configuration value type – type of the value: int or string/text or password password will trigger to store the encrypted value description – additional information for this config entry

or

Parameters:	pairs (key-value) – pair of &keyname=value pairs
Returns:	a json result with a boolean “result”: true

setDefault()[source]¶

method:

system/set

description:

define default settings for tokens. These default settings are used when new tokens are generated. The default settings will not affect already enrolled tokens.

arguments:

DefaultMaxFailCount - Default value for the maximum allowed: authentication failures
DefaultSyncWindow - Default value for the: synchronization window

DefaultCountWindow - Default value for the counter window DefaultOtpLen - Default value for the OTP value length –

usuall 6 or 8

DefaultResetFailCount - Default value, if the FailCounter should: be reset on successful authentication [True|False]

returns:

a json result with a boolean: “result”: true

exception:

if an error occurs an exception is serialized and returned

setDefaultProvider()[source]¶

method:: system/setDefaultProvider
description:: set provider (SMS- and Email) as default
arguments:: name - the name of the SMS or EMail Provider type - the provider type

Returns:	boolean, true if number of deleted config entries is > 0 else False with message in detail

setDefaultRealm()[source]¶

method:: system/setDefaultRealm
description:: this function sets the given realm to the default realm
arguments:: realm - the name of the realm, that should be the default realm
returns:: a json result with a list of Realms
exception:: if an error occurs an exception is serialized and returned

setPolicy()[source]¶

method:

system/setPolicy

description:

Stores a policy that define ACL or behaviour of several different actions in LinOTP. The policy is stored as configuration values like this:

Policy.<NAME>.action
Policy.<NAME>.scope
Policy.<NAME>.realm

arguments:

name: name of the policy action: which action may be executed scope: selfservice realm: This polcy holds for this realm user: (optional) This polcy binds to this user time: (optional) on which time does this policy hold client: (optional) for which requesting client this should be

returns:

a json result with success or error

exception:

if an error occurs an exception is serialized and returned

setProvider()[source]¶

method:: system/setProvider
description:: creates or updates SMS- and Email-provider
arguments:: name - the name of the provider in LinOTP type - the type of the provider [email, sms] class - the name of the provider config - the configuration for this provider timeout - the timeout

Returns:	boolean - True or False with message in detail

setRealm()[source]¶

method:

system/setRealm

description:

this function is used to define a realm with the given useridresolvers

arguments:

realm - name of the realm
resolvers - comma separated list of resolvers, that should be in this realm

returns:

a json result with a list of Realms

exception:

if an error occurs an exception is serialized and returned

setResolver()[source]¶

method:

system/setResolver

description:

creates or updates a useridresolver

arguments:

name - the name of the resolver type - the type of the resolver [ldapsersolver, sqlresolver]

LDAP:: LDAPURI LDAPBASE BINDDN BINDPW TIMEOUT SIZELIMIT LOGINNAMEATTRIBUTE LDAPSEARCHFILTER LDAPFILTER USERINFO NOREFERRALS - True|False
SQL:: Database Driver Server Port User Password Table Map

returns:

a json result with the found value

exception:

if an error occurs an exception is serialized and returned

setSupport()[source]¶

hook to load a support subscription file

receives the data with a form post file upload and installes it after license verification

setupSecurityModule()[source]¶

testProvider()[source]¶

method:: system/testProviders
description:: if the provider has a test interface, the provider test is run
arguments:: name required - the name of the provider in LinOTP

Returns:	dictionary of provider with its entries as dictionary {‘ProviderA’ : { ‘Timeout’: ‘100’, …}

linotp.controllers.system module¶

Table of Contents

Previous topic

Next topic

This Page