• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
WebSSO and Access Management with LemonLDAP::NG

WebSSO and Access Management with LemonLDAP::NG






Total Views
Views on SlideShare
Embed Views



9 Embeds 249

http://wiki.lemonldap.ow2.org 100
http://www.toolinux.com 65
http://linagora.org 34
http://www.linagora.org 30
http://www.toolinux.org 10
http://toolinux.com 7 1
http://lemonldap-ng.org 1
http://www.health.medicbd.com 1



Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    WebSSO and Access Management with LemonLDAP::NG WebSSO and Access Management with LemonLDAP::NG Presentation Transcript

    • WebSSO and Access Management LemonLDAP::NG Clément OUDOT
      • Single Sign On and Access Management
      • LemonLDAP::NG
      • Demonstration
      Table of contents
    • Single Sign On
      • SSO is designed for users:
        • One login/password to remember (or even better with physical token)
        • One authentication screen for all applications
      • SSO can also provides:
        • A dynamic list of authorized applications
        • A single access point (portal) to information system
    • Access Management
      • Access Management is designed for system administrators:
        • Single point of authentication (easy to audit)
        • Set access rights to applications
        • Use enterprise directory for authentication and authorization
    • Enterprise SSO
    • Delegation SSO
    • Reverse-proxy SSO
    • LemonLDAP::NG
      • LemonLDAP::NG is a free WebSSO project:
        • GPL licence
        • OW2 Forge: http://lemonldap.ow2.org
      • Use standard Apache2 installation
      • Use mod_perl to hook Apache requests
      • Provides:
        • Portal with dynamic application list
        • Graphical management interface
        • Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.)
    • Architecture overview
    • How it works
    • Some screen shots
    • LDAP forever
      • LemonLDAP::NG can use LDAP for:
        • Authentication
        • Authorization
        • Password modification
        • Groups
        • Configuration storage
        • Session storage
    • LDAP password policy
      • LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP):
        • Display if account is locked or expired
        • Display warning time and graces remaining
        • Force password change after reset
        • Show constraints error on password modification (size, history, etc.)
    • Authentication backends
      • LemonLDAP::NG can use several authentication backends:
        • LDAP (the default)
        • SSL (through Apache)
        • Kerberos (through Apache)
        • CAS
        • Liberty Alliance (replaced soon by SAML2)
        • Any other Apache authentication methods
        • SOAP (portal chaining)
    • More features
      • Application provisioning trough HTTP headers
      • Logon hours with time zone management
      • RBAC model
      • Cross-domain
      • Session sharing over network
      • HTTP Basic authentication forward
      • Password reset by mail
      • Notifications
      • Active Directory support
    • Full integrated applications
    • Thank you for your attention Visit us at our stand 107 - hall 7.2b