Your SlideShare is downloading. ×
0
WebSSO and Access Management LemonLDAP::NG Clément OUDOT
<ul><li>Single Sign On and Access Management
LemonLDAP::NG
Demonstration </li></ul>Table of contents
Single Sign On <ul><li>SSO is designed for users: </li><ul><li>One login/password to remember (or even better with physica...
One authentication screen for all applications </li></ul><li>SSO can also provides: </li><ul><li>A dynamic list of authori...
A single access point (portal) to information system </li></ul></ul>
Access Management <ul><li>Access Management is designed for system administrators: </li><ul><li>Single point of authentica...
Set access rights to applications
Use enterprise directory for authentication and authorization </li></ul></ul>
Enterprise SSO
Delegation SSO
Reverse-proxy SSO
LemonLDAP::NG <ul><li>LemonLDAP::NG is a free WebSSO project: </li><ul><li>GPL licence
OW2 Forge:  http://lemonldap.ow2.org </li></ul><li>Use standard Apache2 installation
Use mod_perl to hook Apache requests
Provides: </li><ul><li>Portal with dynamic application list
Upcoming SlideShare
Loading in...5
×

WebSSO and Access Management with LemonLDAP::NG

2,271

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,271
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "WebSSO and Access Management with LemonLDAP::NG"

  1. 1. WebSSO and Access Management LemonLDAP::NG Clément OUDOT
  2. 2. <ul><li>Single Sign On and Access Management
  3. 3. LemonLDAP::NG
  4. 4. Demonstration </li></ul>Table of contents
  5. 5. Single Sign On <ul><li>SSO is designed for users: </li><ul><li>One login/password to remember (or even better with physical token)
  6. 6. One authentication screen for all applications </li></ul><li>SSO can also provides: </li><ul><li>A dynamic list of authorized applications
  7. 7. A single access point (portal) to information system </li></ul></ul>
  8. 8. Access Management <ul><li>Access Management is designed for system administrators: </li><ul><li>Single point of authentication (easy to audit)
  9. 9. Set access rights to applications
  10. 10. Use enterprise directory for authentication and authorization </li></ul></ul>
  11. 11. Enterprise SSO
  12. 12. Delegation SSO
  13. 13. Reverse-proxy SSO
  14. 14. LemonLDAP::NG <ul><li>LemonLDAP::NG is a free WebSSO project: </li><ul><li>GPL licence
  15. 15. OW2 Forge: http://lemonldap.ow2.org </li></ul><li>Use standard Apache2 installation
  16. 16. Use mod_perl to hook Apache requests
  17. 17. Provides: </li><ul><li>Portal with dynamic application list
  18. 18. Graphical management interface
  19. 19. Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.) </li></ul></ul>
  20. 20. Architecture overview
  21. 21. How it works
  22. 22. Some screen shots
  23. 23. LDAP forever <ul><li>LemonLDAP::NG can use LDAP for: </li><ul><li>Authentication
  24. 24. Authorization
  25. 25. Password modification
  26. 26. Groups
  27. 27. Configuration storage
  28. 28. Session storage </li></ul></ul>
  29. 29. LDAP password policy <ul><li>LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP): </li><ul><li>Display if account is locked or expired
  30. 30. Display warning time and graces remaining
  31. 31. Force password change after reset
  32. 32. Show constraints error on password modification (size, history, etc.) </li></ul></ul>
  33. 33. Authentication backends <ul><li>LemonLDAP::NG can use several authentication backends: </li><ul><li>LDAP (the default)
  34. 34. SSL (through Apache)
  35. 35. Kerberos (through Apache)
  36. 36. CAS
  37. 37. Liberty Alliance (replaced soon by SAML2)
  38. 38. Any other Apache authentication methods
  39. 39. SOAP (portal chaining) </li></ul></ul>
  40. 40. More features <ul><li>Application provisioning trough HTTP headers
  41. 41. Logon hours with time zone management
  42. 42. RBAC model
  43. 43. Cross-domain
  44. 44. Session sharing over network
  45. 45. HTTP Basic authentication forward
  46. 46. Password reset by mail
  47. 47. Notifications
  48. 48. Active Directory support </li></ul>
  49. 49. Full integrated applications
  50. 50. Thank you for your attention Visit us at our stand 107 - hall 7.2b
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×