WebSSO and Access Management with LemonLDAP::NG
Upcoming SlideShare
Loading in...5

WebSSO and Access Management with LemonLDAP::NG






Total Views
Views on SlideShare
Embed Views



9 Embeds 250

http://wiki.lemonldap.ow2.org 101
http://www.toolinux.com 65
http://linagora.org 34
http://www.linagora.org 30
http://www.toolinux.org 10
http://toolinux.com 7 1
http://lemonldap-ng.org 1
http://www.health.medicbd.com 1



Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

WebSSO and Access Management with LemonLDAP::NG WebSSO and Access Management with LemonLDAP::NG Presentation Transcript

  • WebSSO and Access Management LemonLDAP::NG Clément OUDOT
    • Single Sign On and Access Management
    • LemonLDAP::NG
    • Demonstration
    Table of contents
  • Single Sign On
    • SSO is designed for users:
      • One login/password to remember (or even better with physical token)
      • One authentication screen for all applications
    • SSO can also provides:
      • A dynamic list of authorized applications
      • A single access point (portal) to information system
  • Access Management
    • Access Management is designed for system administrators:
      • Single point of authentication (easy to audit)
      • Set access rights to applications
      • Use enterprise directory for authentication and authorization
  • Enterprise SSO
  • Delegation SSO
  • Reverse-proxy SSO
  • LemonLDAP::NG
    • LemonLDAP::NG is a free WebSSO project:
      • GPL licence
      • OW2 Forge: http://lemonldap.ow2.org
    • Use standard Apache2 installation
    • Use mod_perl to hook Apache requests
    • Provides:
      • Portal with dynamic application list
      • Graphical management interface
      • Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.)
  • Architecture overview
  • How it works
  • Some screen shots
  • LDAP forever
    • LemonLDAP::NG can use LDAP for:
      • Authentication
      • Authorization
      • Password modification
      • Groups
      • Configuration storage
      • Session storage
  • LDAP password policy
    • LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP):
      • Display if account is locked or expired
      • Display warning time and graces remaining
      • Force password change after reset
      • Show constraints error on password modification (size, history, etc.)
  • Authentication backends
    • LemonLDAP::NG can use several authentication backends:
      • LDAP (the default)
      • SSL (through Apache)
      • Kerberos (through Apache)
      • CAS
      • Liberty Alliance (replaced soon by SAML2)
      • Any other Apache authentication methods
      • SOAP (portal chaining)
  • More features
    • Application provisioning trough HTTP headers
    • Logon hours with time zone management
    • RBAC model
    • Cross-domain
    • Session sharing over network
    • HTTP Basic authentication forward
    • Password reset by mail
    • Notifications
    • Active Directory support
  • Full integrated applications
  • Thank you for your attention Visit us at our stand 107 - hall 7.2b