WebSSO and Access Management with LemonLDAP::NG

  • 2,176 views
Uploaded on

 

More in: Technology , Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,176
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
38
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. WebSSO and Access Management LemonLDAP::NG Clément OUDOT
  • 2.
    • Single Sign On and Access Management
    • 3. LemonLDAP::NG
    • 4. Demonstration
    Table of contents
  • 5. Single Sign On
    • SSO is designed for users:
      • One login/password to remember (or even better with physical token)
      • 6. One authentication screen for all applications
    • SSO can also provides:
      • A dynamic list of authorized applications
      • 7. A single access point (portal) to information system
  • 8. Access Management
    • Access Management is designed for system administrators:
      • Single point of authentication (easy to audit)
      • 9. Set access rights to applications
      • 10. Use enterprise directory for authentication and authorization
  • 11. Enterprise SSO
  • 12. Delegation SSO
  • 13. Reverse-proxy SSO
  • 14. LemonLDAP::NG
    • LemonLDAP::NG is a free WebSSO project:
      • GPL licence
      • 15. OW2 Forge: http://lemonldap.ow2.org
    • Use standard Apache2 installation
    • 16. Use mod_perl to hook Apache requests
    • 17. Provides:
      • Portal with dynamic application list
      • 18. Graphical management interface
      • 19. Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.)
  • 20. Architecture overview
  • 21. How it works
  • 22. Some screen shots
  • 23. LDAP forever
    • LemonLDAP::NG can use LDAP for:
  • 29. LDAP password policy
    • LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP):
      • Display if account is locked or expired
      • 30. Display warning time and graces remaining
      • 31. Force password change after reset
      • 32. Show constraints error on password modification (size, history, etc.)
  • 33. Authentication backends
    • LemonLDAP::NG can use several authentication backends:
      • LDAP (the default)
      • 34. SSL (through Apache)
      • 35. Kerberos (through Apache)
      • 36. CAS
      • 37. Liberty Alliance (replaced soon by SAML2)
      • 38. Any other Apache authentication methods
      • 39. SOAP (portal chaining)
  • 40. More features
    • Application provisioning trough HTTP headers
    • 41. Logon hours with time zone management
    • 42. RBAC model
    • 43. Cross-domain
    • 44. Session sharing over network
    • 45. HTTP Basic authentication forward
    • 46. Password reset by mail
    • 47. Notifications
    • 48. Active Directory support
  • 49. Full integrated applications
  • 50. Thank you for your attention Visit us at our stand 107 - hall 7.2b