WebSSO and Access Management with LemonLDAP::NG
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

WebSSO and Access Management with LemonLDAP::NG

on

  • 3,581 views

 

Statistics

Views

Total Views
3,581
Views on SlideShare
3,328
Embed Views
253

Actions

Likes
0
Downloads
37
Comments
0

9 Embeds 253

http://wiki.lemonldap.ow2.org 104
http://www.toolinux.com 65
http://linagora.org 34
http://www.linagora.org 30
http://www.toolinux.org 10
http://toolinux.com 7
http://209.85.229.132 1
http://lemonldap-ng.org 1
http://www.health.medicbd.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

WebSSO and Access Management with LemonLDAP::NG Presentation Transcript

  • 1. WebSSO and Access Management LemonLDAP::NG Clément OUDOT
  • 2.
    • Single Sign On and Access Management
    • 3. LemonLDAP::NG
    • 4. Demonstration
    Table of contents
  • 5. Single Sign On
    • SSO is designed for users:
      • One login/password to remember (or even better with physical token)
      • 6. One authentication screen for all applications
    • SSO can also provides:
      • A dynamic list of authorized applications
      • 7. A single access point (portal) to information system
  • 8. Access Management
    • Access Management is designed for system administrators:
      • Single point of authentication (easy to audit)
      • 9. Set access rights to applications
      • 10. Use enterprise directory for authentication and authorization
  • 11. Enterprise SSO
  • 12. Delegation SSO
  • 13. Reverse-proxy SSO
  • 14. LemonLDAP::NG
    • LemonLDAP::NG is a free WebSSO project:
      • GPL licence
      • 15. OW2 Forge: http://lemonldap.ow2.org
    • Use standard Apache2 installation
    • 16. Use mod_perl to hook Apache requests
    • 17. Provides:
      • Portal with dynamic application list
      • 18. Graphical management interface
      • 19. Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.)
  • 20. Architecture overview
  • 21. How it works
  • 22. Some screen shots
  • 23. LDAP forever
    • LemonLDAP::NG can use LDAP for:
      • Authentication
      • 24. Authorization
      • 25. Password modification
      • 26. Groups
      • 27. Configuration storage
      • 28. Session storage
  • 29. LDAP password policy
    • LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP):
      • Display if account is locked or expired
      • 30. Display warning time and graces remaining
      • 31. Force password change after reset
      • 32. Show constraints error on password modification (size, history, etc.)
  • 33. Authentication backends
    • LemonLDAP::NG can use several authentication backends:
      • LDAP (the default)
      • 34. SSL (through Apache)
      • 35. Kerberos (through Apache)
      • 36. CAS
      • 37. Liberty Alliance (replaced soon by SAML2)
      • 38. Any other Apache authentication methods
      • 39. SOAP (portal chaining)
  • 40. More features
    • Application provisioning trough HTTP headers
    • 41. Logon hours with time zone management
    • 42. RBAC model
    • 43. Cross-domain
    • 44. Session sharing over network
    • 45. HTTP Basic authentication forward
    • 46. Password reset by mail
    • 47. Notifications
    • 48. Active Directory support
  • 49. Full integrated applications
  • 50. Thank you for your attention Visit us at our stand 107 - hall 7.2b