Presentation is loading. Please wait.

Presentation is loading. Please wait.

The LemonLDAP::NG project

Published by厄 鲁 Modified over 7 years ago

Similar presentations

Presentation on theme: "The LemonLDAP::NG project"— Presentation transcript:

1 The LemonLDAP::NG project
Clément OUDOT Solutions Linux – 28th May 2013 Web access under protect

2 Schedule Speaker Single Sign On The LemonLDAP::NG software 3/3/2017

3 About me 3/3/2017

4 Clément OUDOT LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration LinID Dream Team Manager Leader of LDAP Tool Box project project.org Leader of LemonLDAP::NG project 3/3/2017

5 Single Sign On 3/3/2017

6 Definition Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications Applications do not manage passwords anymore Identity of the user is forwarded to applications by the SSO software 3/3/2017

7 SSO for the newbies 1 User 3 2 Web Application WebSSO Portal 3/3/2017

8 LemonLDAP::NG 3/3/2017

9 Components LemonLDAP::NG main components:
Portal: authentication process, user interaction, application menu, password change form Manager: configuration interface, sessions explorer Handler: Apache agent, manage access authorizations Perl, only Perl, just Perl Relies on Apache and mod_perl 3/3/2017

10 SSO for the L33T 3/3/2017

11 Application protection
LemonLDAP::NG uses Apache virtual host as application identifier Each application owns: Access rules: each rule refers to an URL pattern, logout can be caught HTTP headers: each header contains a session value, or an evaluated Perl expression POST data: only used for form replay Redirection options: protocol and port 3/3/2017

12 Examples Access rules: default → accept ^/admin → $groups =~ /admin/
^/logout.php → logout_sso HTTP headers: Auth-User → $uid Auth-Name → uc($sn).", ".ucfirst($gn) 3/3/2017

13 Configuration interface
3/3/2017

14 Authentication methods
LemonLDAP::NG supports a lot of authentication methods: LDAP Database SSL X509 Apache built-in modules (Kerberos, OTP, ...) SAML 2.0 OpenID Twitter CAS Yubikey Radius Methods can be stacked or displayed together 3/3/2017

15 Identity Provider LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: SAML 2.0 OpenID 2.0 CAS 1.0 and 2.0 3/3/2017

16 Next steps Better Active Directory integration
OAuth (Consumer and Provider) Captcha 3/3/2017

17 The end... almost 3/3/2017

18 Thanks Thanks to: Solutions Linux OW2 LINAGORA company Stay in touch:
@lemonldapng IRC: KPTN 3/3/2017

19 Questions? 3/3/2017

Download ppt "The LemonLDAP::NG project"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Sun Identity Manager Evaluation An exploration by the Advanced Systems Team, ICSD, Academic Services.

Sun Identity Manager Evaluation An exploration by the Advanced Systems Team, ICSD, Academic Services.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Introducing Windows Server 2012 R2 Work Folders:

Introducing Windows Server 2012 R2 Work Folders:
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
SharePoint Design Tools Office Applications.

SharePoint Design Tools Office Applications.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Smart Card Single Sign On with Access Gateway Enterprise Edition

Smart Card Single Sign On with Access Gateway Enterprise Edition
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.

Similar presentations

Ads by Google