The LemonLDAP::NG Project
Upcoming SlideShare
Loading in...5
×
 

The LemonLDAP::NG Project

on

  • 2,804 views

 

Statistics

Views

Total Views
2,804
Views on SlideShare
2,692
Embed Views
112

Actions

Likes
1
Downloads
14
Comments
0

7 Embeds 112

http://www.linagora.com 57
http://lanyrd.com 34
http://linagora.com 9
http://a0.twimg.com 4
https://twitter.com 4
http://us-w1.rockmelt.com 3
https://si0.twimg.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

The LemonLDAP::NG Project The LemonLDAP::NG Project Presentation Transcript

  • LemonLDAP::NG The LemonLDAP::NG project Clément OUDOT FOSDEM – 5th February 2012 Web access under protect
  • Schedule● Speaker● Single Sign On● The LemonLDAP::NG software 02/05/122 http://lemonldap-ng.org
  • About me 02/05/123 http://lemonldap-ng.org
  • Clément OUDOT● LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration● LinID Dream Team Manager http://linid.org● Leader of LDAP Tool Box project http://ltb-project.org● Leader of LemonLDAP::NG project http://lemonldap-ng.org 02/05/124 http://lemonldap-ng.org
  • Single Sign On 02/05/125 http://lemonldap-ng.org
  • Definition● Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications● Applications do not manage passwords anymore● Identity of the user is forwarded to applications by the SSO software 02/05/12 6 http://lemonldap-ng.org
  • SSO for the newbies 1 User 3 2 Web Application WebSSO Portal 02/05/127 http://lemonldap-ng.org
  • LemonLDAP::NG 02/05/128 http://lemonldap-ng.org
  • Components● LemonLDAP::NG main components: ● Portal: authentication process, user interaction, application menu, password change form ● Manager: configuration interface, sessions explorer ● Handler: Apache agent, manage access authorizations● Perl, only Perl, just Perl● Relies on Apache and mod_perl 02/05/129 http://lemonldap-ng.org
  • SSO for the L33T 02/05/1210 http://lemonldap-ng.org
  • Application protection ● LemonLDAP::NG uses Apache virtual host as application identifier ● Each application owns: ● Access rules: each rule refers to an URL pattern, logout can be caught ● HTTP headers: each header contains a session value, or an evaluated Perl expression ● POST data: only used for form replay ● Redirection options: protocol and port 02/05/1211 http://lemonldap-ng.org
  • Examples ● Access rules: ● default → accept ● ^/admin → $groups =~ /admin/ ● ^/logout.php → logout_sso ● HTTP headers: ● Auth-User → $uid ● Auth-Name → uc($sn).", ".ucfirst($gn) 02/05/1212 http://lemonldap-ng.org
  • Configuration interface 02/05/1213 http://lemonldap-ng.org
  • Authentication methods ● LemonLDAP::NG supports a lot of authentication methods: ● LDAP ● Database ● SSL X509 ● Apache built-in modules (Kerberos, OTP, ...) ● SAML 2.0 ● OpenID ● Twitter ● CAS ● Yubikey ● Methods can be stacked or displayed together 02/05/1214 http://lemonldap-ng.org
  • Identity Provider ● LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: ● SAML 2.0 ● OpenID 2.0 ● CAS 1.0 and 2.0 02/05/1215 http://lemonldap-ng.org
  • Release 1.2, soon... ● New release planned for soon (this month?): ● Radius authentication module ● Login history ● New skip rule ● Improve session cache management ● Custom session granting policies ● Better URL handling in CAS and SAML Issuer modules 02/05/1216 http://lemonldap-ng.org
  • The end... almost 02/05/1217 http://lemonldap-ng.org
  • Thanks ● Thanks to: ● FOSDEM and Perl DevRoom organizers ● LINAGORA company ● Perl (it is still alive!) ● Stay in touch: ● Identica: @coudot ● Twitter: @clementoudot ● IRC: KPTN #lemonldap-ng@freenode 02/05/1218 http://lemonldap-ng.org
  • Questions? 02/05/1219 http://lemonldap-ng.org