The LemonLDAP::NG project

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

MyProxy Jim Basney Senior Research Scientist NCSA
Sun Identity Manager Evaluation An exploration by the Advanced Systems Team, ICSD, Academic Services.
METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Contrail and Federated Identity Management
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
MyProxy: A Multi-Purpose Grid Authentication Service
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Introducing Windows Server 2012 R2 Work Folders:
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
Authentication via campus single sign-on 2012 VIVO Implementation Fest.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Course 201 – Administration, Content Inspection and SSL VPN
SharePoint Design Tools Office Applications.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Smart Card Single Sign On with Access Gateway Enterprise Edition
SWITCHaai Team Introduction to Shibboleth.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Shibboleth 2.0 IdP Training: Authentication January, 2009.
PubCookie Strategy and Tactics Mike Conlon Director of Data Infrastructure University of Florida.
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Shibboleth: An Introduction
Integrating and Troubleshooting Citrix Access Gateway.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
UMBC’s WebAuth Robert Banz – UMBC
SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.
Sakai Authentication and Directory Architecture for 1.0 and Beyond A response to an by Albert Wu and Thomas Bush 8/28/2004 Charles Severance.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
Web Services Security Patterns Alex Mackman CM Group Ltd
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
F5 APM & Security Assertion Markup Language ‘sam-el’
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
The FederID project The First Identity Management and Federation Free Software.
Clément OUDOT. 2 Table of contents ● LINAGORA Group ● A question of Identity ● Liberty Alliance ● The FederID architecture ● Advanced use of LDAP ● Conclusion.
Open OnDemand: 1.0, Jupyter, App Development, & Authentication
Access Policy - Federation March 23, 2016
Secure Single Sign-On Across Security Domains
Using Your Own Authentication System with ArcGIS Online
Ask the Experts – Building Login-Based Sites in AEM
Open OnDemand: Open Source General Purpose HPC Portal
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Authentication Interact Cloud.
Federation made simple
Node.js Express Web Applications
Migrating SharePoint Add-ins from Azure ACS to Azure AD
CAS and Web Single Sign-on at UConn
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Understand Hybrid Identity with Azure and Azure Stack
Server Concepts Dr. Charles W. Kann.
Sébastien BAHLOUL LINAGORA 5 April 2006 – ObjectWeb Meeting - Grenoble
Addressing the Beast: Single Sign-On II
Dominik Pinter, CMS.IO, Authentication Dominik Pinter,
ESA Single Sign On (SSO) and Federated Identity Management
IST346: Namespaces, Identity Management
Everything you need to know about implementing AD FS
Presentation transcript:

The LemonLDAP::NG project Clément OUDOT Solutions Linux – 28th May 2013 Web access under protect

Schedule Speaker Single Sign On The LemonLDAP::NG software 3/3/2017 http://lemonldap-ng.org

About me 3/3/2017 http://lemonldap-ng.org

Clément OUDOT LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration LinID Dream Team Manager http://linid.org Leader of LDAP Tool Box project http://ltb- project.org Leader of LemonLDAP::NG project http://lemonldap-ng.org 3/3/2017 http://lemonldap-ng.org

Single Sign On 3/3/2017 http://lemonldap-ng.org

Definition Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications Applications do not manage passwords anymore Identity of the user is forwarded to applications by the SSO software 3/3/2017 http://lemonldap-ng.org

SSO for the newbies 1 User 3 2 Web Application WebSSO Portal 3/3/2017 http://lemonldap-ng.org

LemonLDAP::NG 3/3/2017 http://lemonldap-ng.org

Components LemonLDAP::NG main components: Portal: authentication process, user interaction, application menu, password change form Manager: configuration interface, sessions explorer Handler: Apache agent, manage access authorizations Perl, only Perl, just Perl Relies on Apache and mod_perl 3/3/2017 http://lemonldap-ng.org

SSO for the L33T 3/3/2017 http://lemonldap-ng.org

Application protection LemonLDAP::NG uses Apache virtual host as application identifier Each application owns: Access rules: each rule refers to an URL pattern, logout can be caught HTTP headers: each header contains a session value, or an evaluated Perl expression POST data: only used for form replay Redirection options: protocol and port 3/3/2017 http://lemonldap-ng.org

Examples Access rules: default → accept ^/admin → $groups =~ /admin/ ^/logout.php → logout_sso HTTP headers: Auth-User → $uid Auth-Name → uc($sn).", ".ucfirst($gn) 3/3/2017 http://lemonldap-ng.org

Configuration interface 3/3/2017 http://lemonldap-ng.org

Authentication methods LemonLDAP::NG supports a lot of authentication methods: LDAP Database SSL X509 Apache built-in modules (Kerberos, OTP, ...) SAML 2.0 OpenID Twitter CAS Yubikey Radius Methods can be stacked or displayed together 3/3/2017 http://lemonldap-ng.org

Identity Provider LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: SAML 2.0 OpenID 2.0 CAS 1.0 and 2.0 3/3/2017 http://lemonldap-ng.org

Next steps Better Active Directory integration OAuth (Consumer and Provider) Captcha 3/3/2017 http://lemonldap-ng.org

The end... almost 3/3/2017 http://lemonldap-ng.org

Thanks Thanks to: Solutions Linux OW2 LINAGORA company Stay in touch: Identica: @coudot Twitter: @clementoudot @lemonldapng IRC: KPTN #lemonldap-ng@freenode 3/3/2017 http://lemonldap-ng.org

Questions? 3/3/2017 http://lemonldap-ng.org

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.