Your SlideShare is downloading. ×
0
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

WebSSO and Access Management with LemonLDAP::NG

2,261

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,261
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WebSSO and Access Management LemonLDAP::NG Clément OUDOT
  • 2. <ul><li>Single Sign On and Access Management
  • 3. LemonLDAP::NG
  • 4. Demonstration </li></ul>Table of contents
  • 5. Single Sign On <ul><li>SSO is designed for users: </li><ul><li>One login/password to remember (or even better with physical token)
  • 6. One authentication screen for all applications </li></ul><li>SSO can also provides: </li><ul><li>A dynamic list of authorized applications
  • 7. A single access point (portal) to information system </li></ul></ul>
  • 8. Access Management <ul><li>Access Management is designed for system administrators: </li><ul><li>Single point of authentication (easy to audit)
  • 9. Set access rights to applications
  • 10. Use enterprise directory for authentication and authorization </li></ul></ul>
  • 11. Enterprise SSO
  • 12. Delegation SSO
  • 13. Reverse-proxy SSO
  • 14. LemonLDAP::NG <ul><li>LemonLDAP::NG is a free WebSSO project: </li><ul><li>GPL licence
  • 15. OW2 Forge: http://lemonldap.ow2.org </li></ul><li>Use standard Apache2 installation
  • 16. Use mod_perl to hook Apache requests
  • 17. Provides: </li><ul><li>Portal with dynamic application list
  • 18. Graphical management interface
  • 19. Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.) </li></ul></ul>
  • 20. Architecture overview
  • 21. How it works
  • 22. Some screen shots
  • 23. LDAP forever <ul><li>LemonLDAP::NG can use LDAP for: </li><ul><li>Authentication
  • 24. Authorization
  • 25. Password modification
  • 26. Groups
  • 27. Configuration storage
  • 28. Session storage </li></ul></ul>
  • 29. LDAP password policy <ul><li>LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP): </li><ul><li>Display if account is locked or expired
  • 30. Display warning time and graces remaining
  • 31. Force password change after reset
  • 32. Show constraints error on password modification (size, history, etc.) </li></ul></ul>
  • 33. Authentication backends <ul><li>LemonLDAP::NG can use several authentication backends: </li><ul><li>LDAP (the default)
  • 34. SSL (through Apache)
  • 35. Kerberos (through Apache)
  • 36. CAS
  • 37. Liberty Alliance (replaced soon by SAML2)
  • 38. Any other Apache authentication methods
  • 39. SOAP (portal chaining) </li></ul></ul>
  • 40. More features <ul><li>Application provisioning trough HTTP headers
  • 41. Logon hours with time zone management
  • 42. RBAC model
  • 43. Cross-domain
  • 44. Session sharing over network
  • 45. HTTP Basic authentication forward
  • 46. Password reset by mail
  • 47. Notifications
  • 48. Active Directory support </li></ul>
  • 49. Full integrated applications
  • 50. Thank you for your attention Visit us at our stand 107 - hall 7.2b

×