Chromium Code Reviews Chromium Code Reviews
Issue 143463009:
Add policy that forces SAML users to log in online periodically (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 { | 1 { |
| 2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
| 3 # | 3 # |
| 4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
| 5 # | 5 # |
| 6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
| 7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
| 8 # | 8 # |
| 9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
| 10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 111 # templates and documentation. The policy definition list that Chrome sees | 111 # templates and documentation. The policy definition list that Chrome sees |
| 112 # will include policies marked with 'future'. If a WIP policy isn't meant to | 112 # will include policies marked with 'future'. If a WIP policy isn't meant to |
| 113 # be seen by the policy providers either, the 'supported_on' key should be set | 113 # be seen by the policy providers either, the 'supported_on' key should be set |
| 114 # to an empty list. | 114 # to an empty list. |
| 115 # | 115 # |
| 116 # IDs: | 116 # IDs: |
| 117 # Since a Protocol Buffer definition is generated from this file, unique and | 117 # Since a Protocol Buffer definition is generated from this file, unique and |
| 118 # persistent IDs for all fields (but not for groups!) are needed. These are | 118 # persistent IDs for all fields (but not for groups!) are needed. These are |
| 119 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, | 119 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, |
| 120 # because doing so would break the deployed wire format! | 120 # because doing so would break the deployed wire format! |
| 121 # For your editing convenience: highest ID currently used: 252 | 121 # For your editing convenience: highest ID currently used: 253 |
| 122 # | 122 # |
| 123 # Placeholders: | 123 # Placeholders: |
| 124 # The following placeholder strings are automatically substituted: | 124 # The following placeholder strings are automatically substituted: |
| 125 # $1 -> Google Chrome / Chromium | 125 # $1 -> Google Chrome / Chromium |
| 126 # $2 -> Google Chrome OS / Chromium OS | 126 # $2 -> Google Chrome OS / Chromium OS |
| 127 # $3 -> Google Chrome Frame / Chromium Frame | 127 # $3 -> Google Chrome Frame / Chromium Frame |
| 128 # $6 is reserved for doc_writer | 128 # $6 is reserved for doc_writer |
| 129 # | 129 # |
| 130 # Device Policy: | 130 # Device Policy: |
| 131 # An additional flag device_only (optional, defaults to False) indicates | 131 # An additional flag device_only (optional, defaults to False) indicates |
| (...skipping 3293 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3425 'caption': '''Ephemeral profile''', | 3425 'caption': '''Ephemeral profile''', |
| 3426 'desc': '''If set to enabled this policy forces the profile to be switched to ephemeral mode. If this policy is specified as an OS policy (e.g. GPO on Win dows) it will apply to every profile on the system; if the policy is set as a Cl oud policy it will apply only to a profile signed in with a managed account. | 3426 'desc': '''If set to enabled this policy forces the profile to be switched to ephemeral mode. If this policy is specified as an OS policy (e.g. GPO on Win dows) it will apply to every profile on the system; if the policy is set as a Cl oud policy it will apply only to a profile signed in with a managed account. |
| 3427 | 3427 |
| 3428 In this mode the profile data is persisted on disk only for the length of the user session. Features like browser history, extensions and their data, web data like cookies and web databases are not preserved after the browser is close d. However this does not prevent the user from downloading any data to disk manu ally, save pages or print them. | 3428 In this mode the profile data is persisted on disk only for the length of the user session. Features like browser history, extensions and their data, web data like cookies and web databases are not preserved after the browser is close d. However this does not prevent the user from downloading any data to disk manu ally, save pages or print them. |
| 3429 | 3429 |
| 3430 If the user has enabled sync all this data is preserved in his sync profil e just like with regular profiles. Incognito mode is also available if not expli citly disabled by policy. | 3430 If the user has enabled sync all this data is preserved in his sync profil e just like with regular profiles. Incognito mode is also available if not expli citly disabled by policy. |
| 3431 | 3431 |
| 3432 If the policy is set to disabled or left not set signing in leads to regul ar profiles.''' | 3432 If the policy is set to disabled or left not set signing in leads to regul ar profiles.''' |
| 3433 }, | 3433 }, |
| 3434 { | 3434 { |
| 3435 'name': 'SAMLOfflineSigninTimeLimit', | |
| 3436 'type': 'int', | |
| 3437 'schema': { 'type': 'integer', 'minimum': -1 }, | |
| 3438 'supported_on': ['chrome_os:34-'], | |
| 3439 'features': { | |
| 3440 'dynamic_refresh': True, | |
| 3441 'per_profile': True, | |
| 3442 }, | |
| 3443 'example_value': 32, | |
| 3444 'id': 253, | |
| 3445 'caption': '''Limit the time for which a user authenticated via SAML can l og in offline''', | |
| 3446 'desc': '''Limit the time for which a user authenticated via SAML can log in offline. | |
| 3447 | |
| 3448 During login, Chrome OS can authenticate against a server (online) or usin g a cached password (offline). | |
| 3449 | |
| 3450 When this policy is set to a value of -1, the user can authenticate offlin e indefinitely. When this policy is set to any other value, it specifies the len gth of time since the last online authentication after which the user must use o nline authentication again. | |
| 3451 | |
| 3452 Leaving this policy not set will make <ph name="PRODUCT_OS_NAME">$2<ex>Goo gle Chrome OS</ex></ph> use a default value for the time limit after which the u ser must use online authentication again. | |
|
dconnelly
2014/01/23 08:40:56
is this default value specified anywhere?
bartfab (slow)
2014/01/23 09:47:23
I had intentionally left it out because the defaul
| |
| 3453 | |
| 3454 This policy affects only users who authenticated using SAML. | |
| 3455 | |
| 3456 The policy value should be specified in seconds.''', | |
| 3457 }, | |
| 3458 { | |
| 3435 'name': 'AutoCleanUpStrategy', | 3459 'name': 'AutoCleanUpStrategy', |
| 3436 'type': 'string-enum', | 3460 'type': 'string-enum', |
| 3437 'schema': { | 3461 'schema': { |
| 3438 'type': 'string', | 3462 'type': 'string', |
| 3439 'enum': [ 'remove-lru', 'remove-lru-if-dormant' ], | 3463 'enum': [ 'remove-lru', 'remove-lru-if-dormant' ], |
| 3440 }, | 3464 }, |
| 3441 'items': [ | 3465 'items': [ |
| 3442 { | 3466 { |
| 3443 'name': 'RemoveLRU', | 3467 'name': 'RemoveLRU', |
| 3444 'value': 'remove-lru', | 3468 'value': 'remove-lru', |
| (...skipping 2527 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5972 'desc': '''Text appended in parentheses to the policy name to indicate tha t it has been deprecated''', | 5996 'desc': '''Text appended in parentheses to the policy name to indicate tha t it has been deprecated''', |
| 5973 'text': 'deprecated', | 5997 'text': 'deprecated', |
| 5974 }, | 5998 }, |
| 5975 'doc_recommended': { | 5999 'doc_recommended': { |
| 5976 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', | 6000 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', |
| 5977 'text': 'Default Settings (users can override)', | 6001 'text': 'Default Settings (users can override)', |
| 5978 }, | 6002 }, |
| 5979 }, | 6003 }, |
| 5980 'placeholders': [], | 6004 'placeholders': [], |
| 5981 } | 6005 } |
| OLD | NEW |
