Your SlideShare is downloading. ×
WebSSO and Access Management with LemonLDAP::NG
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

WebSSO and Access Management with LemonLDAP::NG

2,227
views

Published on

Published in: Technology, Education

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,227
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
40
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WebSSO and Access Management LemonLDAP::NG Clément OUDOT
  • 2.
    • Single Sign On and Access Management
    • 3. LemonLDAP::NG
    • 4. Demonstration
    Table of contents
  • 5. Single Sign On
    • SSO is designed for users:
      • One login/password to remember (or even better with physical token)
      • 6. One authentication screen for all applications
    • SSO can also provides:
      • A dynamic list of authorized applications
      • 7. A single access point (portal) to information system
  • 8. Access Management
    • Access Management is designed for system administrators:
      • Single point of authentication (easy to audit)
      • 9. Set access rights to applications
      • 10. Use enterprise directory for authentication and authorization
  • 11. Enterprise SSO
  • 12. Delegation SSO
  • 13. Reverse-proxy SSO
  • 14. LemonLDAP::NG
    • LemonLDAP::NG is a free WebSSO project:
      • GPL licence
      • 15. OW2 Forge: http://lemonldap.ow2.org
    • Use standard Apache2 installation
    • 16. Use mod_perl to hook Apache requests
    • 17. Provides:
      • Portal with dynamic application list
      • 18. Graphical management interface
      • 19. Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.)
  • 20. Architecture overview
  • 21. How it works
  • 22. Some screen shots
  • 23. LDAP forever
    • LemonLDAP::NG can use LDAP for:
  • 29. LDAP password policy
    • LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP):
      • Display if account is locked or expired
      • 30. Display warning time and graces remaining
      • 31. Force password change after reset
      • 32. Show constraints error on password modification (size, history, etc.)
  • 33. Authentication backends
    • LemonLDAP::NG can use several authentication backends:
      • LDAP (the default)
      • 34. SSL (through Apache)
      • 35. Kerberos (through Apache)
      • 36. CAS
      • 37. Liberty Alliance (replaced soon by SAML2)
      • 38. Any other Apache authentication methods
      • 39. SOAP (portal chaining)
  • 40. More features
    • Application provisioning trough HTTP headers
    • 41. Logon hours with time zone management
    • 42. RBAC model
    • 43. Cross-domain
    • 44. Session sharing over network
    • 45. HTTP Basic authentication forward
    • 46. Password reset by mail
    • 47. Notifications
    • 48. Active Directory support
  • 49. Full integrated applications
  • 50. Thank you for your attention Visit us at our stand 107 - hall 7.2b