WebSSO and Access Management with LemonLDAP::NG

WebSSO and Access Management LemonLDAP::NG Clément OUDOT

Single Sign On and Access Management
LemonLDAP::NG
Demonstration
Table of contents

Single Sign On
SSO is designed for users:
One login/password to remember (or even better with physical token)
One authentication screen for all applications
SSO can also provides:
A dynamic list of authorized applications
A single access point (portal) to information system

Access Management
Access Management is designed for system administrators:
Single point of authentication (easy to audit)
Set access rights to applications
Use enterprise directory for authentication and authorization

Enterprise SSO

Delegation SSO

Reverse-proxy SSO

LemonLDAP::NG
LemonLDAP::NG is a free WebSSO project:
GPL licence
OW2 Forge: http://lemonldap.ow2.org
Use standard Apache2 installation
Use mod_perl to hook Apache requests
Provides:
Portal with dynamic application list
Graphical management interface
Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.)

Architecture overview

How it works

Some screen shots

LDAP forever
LemonLDAP::NG can use LDAP for:
Authentication
Authorization
Password modification
Groups
Configuration storage
Session storage

LDAP password policy
LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP):
Display if account is locked or expired
Display warning time and graces remaining
Force password change after reset
Show constraints error on password modification (size, history, etc.)

Authentication backends
LemonLDAP::NG can use several authentication backends:
LDAP (the default)
SSL (through Apache)
Kerberos (through Apache)
CAS
Liberty Alliance (replaced soon by SAML2)
Any other Apache authentication methods
SOAP (portal chaining)

More features
Application provisioning trough HTTP headers
Logon hours with time zone management
RBAC model
Cross-domain
Session sharing over network
HTTP Basic authentication forward
Password reset by mail
Notifications
Active Directory support

Full integrated applications

Thank you for your attention Visit us at our stand 107 - hall 7.2b

http://wiki.lemonldap.ow2.org	64
http://www.toolinux.com	63
http://www.linagora.org	30
http://linagora.org	28
http://www.toolinux.org	10
http://toolinux.com	7
http://209.85.229.132	1
http://lemonldap-ng.org	1
http://www.health.medicbd.com	1

WebSSO and Access Management with LemonLDAP::NG

by OUDOT Clément on Jun 26, 2009

Accessibility

Categories

Upload Details

Usage Rights

9 Embeds 205

Statistics

WebSSO and Access Management with LemonLDAP::NG — Presentation Transcript