SlideShare a Scribd company logo

The LemonLDAP::NG Project

Clément OUDOT
Clément OUDOT
Technology
1 of 19
Download to read offline
LemonLDAP::NG The LemonLDAP::NG project Clément OUDOT FOSDEM – 5th February 2012 Web access under protect
Schedule ● Speaker ● Single Sign On ● The LemonLDAP::NG software 02/05/12 2 http://lemonldap-ng.org
About me 02/05/12 3 http://lemonldap-ng.org
Clément OUDOT ● LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration ● LinID Dream Team Manager http://linid.org ● Leader of LDAP Tool Box project http://ltb-project.org ● Leader of LemonLDAP::NG project http://lemonldap-ng.org 02/05/12 4 http://lemonldap-ng.org
Single Sign On 02/05/12 5 http://lemonldap-ng.org
Definition ● Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications ● Applications do not manage passwords anymore ● Identity of the user is forwarded to applications by the SSO software 02/05/12 6 http://lemonldap-ng.org
SSO for the newbies 1 User 3 2 Web Application WebSSO Portal 02/05/12 7 http://lemonldap-ng.org
LemonLDAP::NG 02/05/12 8 http://lemonldap-ng.org
Components ● LemonLDAP::NG main components: ● Portal: authentication process, user interaction, application menu, password change form ● Manager: configuration interface, sessions explorer ● Handler: Apache agent, manage access authorizations ● Perl, only Perl, just Perl ● Relies on Apache and mod_perl 02/05/12 9 http://lemonldap-ng.org
SSO for the L33T 02/05/12 10 http://lemonldap-ng.org
Application protection ● LemonLDAP::NG uses Apache virtual host as application identifier ● Each application owns: ● Access rules: each rule refers to an URL pattern, logout can be caught ● HTTP headers: each header contains a session value, or an evaluated Perl expression ● POST data: only used for form replay ● Redirection options: protocol and port 02/05/12 11 http://lemonldap-ng.org
Examples ● Access rules: ● default → accept ● ^/admin → $groups =~ /admin/ ● ^/logout.php → logout_sso ● HTTP headers: ● Auth-User → $uid ● Auth-Name → uc($sn).", ".ucfirst($gn) 02/05/12 12 http://lemonldap-ng.org
Configuration interface 02/05/12 13 http://lemonldap-ng.org
Authentication methods ● LemonLDAP::NG supports a lot of authentication methods: ● LDAP ● Database ● SSL X509 ● Apache built-in modules (Kerberos, OTP, ...) ● SAML 2.0 ● OpenID ● Twitter ● CAS ● Yubikey ● Methods can be stacked or displayed together 02/05/12 14 http://lemonldap-ng.org
Identity Provider ● LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: ● SAML 2.0 ● OpenID 2.0 ● CAS 1.0 and 2.0 02/05/12 15 http://lemonldap-ng.org
Release 1.2, soon... ● New release planned for soon (this month?): ● Radius authentication module ● Login history ● New 'skip' rule ● Improve session cache management ● Custom session granting policies ● Better URL handling in CAS and SAML Issuer modules 02/05/12 16 http://lemonldap-ng.org
The end... almost 02/05/12 17 http://lemonldap-ng.org
Thanks ● Thanks to: ● FOSDEM and Perl DevRoom organizers ● LINAGORA company ● Perl (it is still alive!) ● Stay in touch: ● Identica: @coudot ● Twitter: @clementoudot ● IRC: KPTN #lemonldap-ng@freenode 02/05/12 18 http://lemonldap-ng.org
Questions? 02/05/12 19 http://lemonldap-ng.org

Recommended

Introduction to Perl Net::LDAP
Introduction to Perl Net::LDAPIntroduction to Perl Net::LDAP
Introduction to Perl Net::LDAPClément OUDOT
 
LDAPCon 2011 - The LemonLDAP::NG Project
LDAPCon 2011 - The LemonLDAP::NG ProjectLDAPCon 2011 - The LemonLDAP::NG Project
LDAPCon 2011 - The LemonLDAP::NG ProjectClément OUDOT
 
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGWebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGClément OUDOT
 
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020OW2
 
LemonLDAP::NG 1.2
LemonLDAP::NG 1.2LemonLDAP::NG 1.2
LemonLDAP::NG 1.2Clément OUDOT
 
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnRMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnClément OUDOT
 
LemonLDAP::NG 1.2
LemonLDAP::NG 1.2LemonLDAP::NG 1.2
LemonLDAP::NG 1.2Clément OUDOT
 
Simulasi Penerapan SSO Dengan Teknologi SAML Pada Universitas
Simulasi Penerapan SSO Dengan Teknologi SAML Pada UniversitasSimulasi Penerapan SSO Dengan Teknologi SAML Pada Universitas
Simulasi Penerapan SSO Dengan Teknologi SAML Pada UniversitasFuad Fauzi
 

Recommended

Introduction to Perl Net::LDAP
Introduction to Perl Net::LDAPIntroduction to Perl Net::LDAP
Introduction to Perl Net::LDAPClément OUDOT
 
LDAPCon 2011 - The LemonLDAP::NG Project
LDAPCon 2011 - The LemonLDAP::NG ProjectLDAPCon 2011 - The LemonLDAP::NG Project
LDAPCon 2011 - The LemonLDAP::NG ProjectClément OUDOT
 
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGWebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGClément OUDOT
 
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020OW2
 
LemonLDAP::NG 1.2
LemonLDAP::NG 1.2LemonLDAP::NG 1.2
LemonLDAP::NG 1.2Clément OUDOT
 
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnRMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnClément OUDOT
 
LemonLDAP::NG 1.2
LemonLDAP::NG 1.2LemonLDAP::NG 1.2
LemonLDAP::NG 1.2Clément OUDOT
 
Simulasi Penerapan SSO Dengan Teknologi SAML Pada Universitas
Simulasi Penerapan SSO Dengan Teknologi SAML Pada UniversitasSimulasi Penerapan SSO Dengan Teknologi SAML Pada Universitas
Simulasi Penerapan SSO Dengan Teknologi SAML Pada UniversitasFuad Fauzi
 
Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewClément OUDOT
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.OW2
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleClément OUDOT
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...Worteks
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fastDenis Karpenko
 
LemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisLemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisOW2
 
1000 things-sso-code-one
1000 things-sso-code-one1000 things-sso-code-one
1000 things-sso-code-onegauchoproluanco
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...OW2
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...OW2
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM projectClément OUDOT
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...Clément OUDOT
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDFscorlosquet
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwaresWorteks
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012scorlosquet
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap WebinarMen and Mice
 
SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)Ontico
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdfn00py1
 
Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success storiesWorteks
 
[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0Clément OUDOT
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...Clément OUDOT
 

More Related Content

Similar to The LemonLDAP::NG Project

Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewClément OUDOT
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.OW2
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleClément OUDOT
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...Worteks
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fastDenis Karpenko
 
LemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisLemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisOW2
 
1000 things-sso-code-one
1000 things-sso-code-one1000 things-sso-code-one
1000 things-sso-code-onegauchoproluanco
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...OW2
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...OW2
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM projectClément OUDOT
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...Clément OUDOT
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDFscorlosquet
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwaresWorteks
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012scorlosquet
 
SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)Ontico
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdfn00py1
 
Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success storiesWorteks
 

Similar to The LemonLDAP::NG Project (20)

Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_preview
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fast
 
LemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisLemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, Paris
 
1000 things-sso-code-one
1000 things-sso-code-one1000 things-sso-code-one
1000 things-sso-code-one
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDF
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdf
 
Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories
 

More from Clément OUDOT

[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0Clément OUDOT
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...Clément OUDOT
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...Clément OUDOT
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libreClément OUDOT
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !Clément OUDOT
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...Clément OUDOT
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libreClément OUDOT
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017Clément OUDOT
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !Clément OUDOT
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NGClément OUDOT
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel LibreClément OUDOT
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideClément OUDOT
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGClément OUDOT
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security JerkClément OUDOT
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnClément OUDOT
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Clément OUDOT
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnectClément OUDOT
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect ProtocolClément OUDOT
 
[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overviewClément OUDOT
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect ProtocolClément OUDOT
 

More from Clément OUDOT (20)

[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard Guide
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security Jerk
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign On
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol
 
[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

The LemonLDAP::NG Project

  • 1. LemonLDAP::NG The LemonLDAP::NG project Clément OUDOT FOSDEM – 5th February 2012 Web access under protect
  • 2. Schedule ● Speaker ● Single Sign On ● The LemonLDAP::NG software 02/05/12 2 http://lemonldap-ng.org
  • 3. About me 02/05/12 3 http://lemonldap-ng.org
  • 4. Clément OUDOT ● LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration ● LinID Dream Team Manager http://linid.org ● Leader of LDAP Tool Box project http://ltb-project.org ● Leader of LemonLDAP::NG project http://lemonldap-ng.org 02/05/12 4 http://lemonldap-ng.org
  • 5. Single Sign On 02/05/12 5 http://lemonldap-ng.org
  • 6. Definition ● Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications ● Applications do not manage passwords anymore ● Identity of the user is forwarded to applications by the SSO software 02/05/12 6 http://lemonldap-ng.org
  • 7. SSO for the newbies 1 User 3 2 Web Application WebSSO Portal 02/05/12 7 http://lemonldap-ng.org
  • 8. LemonLDAP::NG 02/05/12 8 http://lemonldap-ng.org
  • 9. Components ● LemonLDAP::NG main components: ● Portal: authentication process, user interaction, application menu, password change form ● Manager: configuration interface, sessions explorer ● Handler: Apache agent, manage access authorizations ● Perl, only Perl, just Perl ● Relies on Apache and mod_perl 02/05/12 9 http://lemonldap-ng.org
  • 10. SSO for the L33T 02/05/12 10 http://lemonldap-ng.org
  • 11. Application protection ● LemonLDAP::NG uses Apache virtual host as application identifier ● Each application owns: ● Access rules: each rule refers to an URL pattern, logout can be caught ● HTTP headers: each header contains a session value, or an evaluated Perl expression ● POST data: only used for form replay ● Redirection options: protocol and port 02/05/12 11 http://lemonldap-ng.org
  • 12. Examples ● Access rules: ● default → accept ● ^/admin → $groups =~ /admin/ ● ^/logout.php → logout_sso ● HTTP headers: ● Auth-User → $uid ● Auth-Name → uc($sn).", ".ucfirst($gn) 02/05/12 12 http://lemonldap-ng.org
  • 13. Configuration interface 02/05/12 13 http://lemonldap-ng.org
  • 14. Authentication methods ● LemonLDAP::NG supports a lot of authentication methods: ● LDAP ● Database ● SSL X509 ● Apache built-in modules (Kerberos, OTP, ...) ● SAML 2.0 ● OpenID ● Twitter ● CAS ● Yubikey ● Methods can be stacked or displayed together 02/05/12 14 http://lemonldap-ng.org
  • 15. Identity Provider ● LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: ● SAML 2.0 ● OpenID 2.0 ● CAS 1.0 and 2.0 02/05/12 15 http://lemonldap-ng.org
  • 16. Release 1.2, soon... ● New release planned for soon (this month?): ● Radius authentication module ● Login history ● New 'skip' rule ● Improve session cache management ● Custom session granting policies ● Better URL handling in CAS and SAML Issuer modules 02/05/12 16 http://lemonldap-ng.org
  • 17. The end... almost 02/05/12 17 http://lemonldap-ng.org
  • 18. Thanks ● Thanks to: ● FOSDEM and Perl DevRoom organizers ● LINAGORA company ● Perl (it is still alive!) ● Stay in touch: ● Identica: @coudot ● Twitter: @clementoudot ● IRC: KPTN #lemonldap-ng@freenode 02/05/12 18 http://lemonldap-ng.org
  • 19. Questions? 02/05/12 19 http://lemonldap-ng.org