SlideShare a Scribd company logo

The LemonLDAP::NG Project

Clément OUDOT
Clément OUDOT
Technology
1 of 19
Download to read offline
LemonLDAP::NG The LemonLDAP::NG project Clément OUDOT FOSDEM – 5th February 2012 Web access under protect
Schedule ● Speaker ● Single Sign On ● The LemonLDAP::NG software 02/05/12 2 http://lemonldap-ng.org
About me 02/05/12 3 http://lemonldap-ng.org
Clément OUDOT ● LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration ● LinID Dream Team Manager http://linid.org ● Leader of LDAP Tool Box project http://ltb-project.org ● Leader of LemonLDAP::NG project http://lemonldap-ng.org 02/05/12 4 http://lemonldap-ng.org
Single Sign On 02/05/12 5 http://lemonldap-ng.org
Definition ● Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications ● Applications do not manage passwords anymore ● Identity of the user is forwarded to applications by the SSO software 02/05/12 6 http://lemonldap-ng.org
SSO for the newbies 1 User 3 2 Web Application WebSSO Portal 02/05/12 7 http://lemonldap-ng.org
LemonLDAP::NG 02/05/12 8 http://lemonldap-ng.org
Components ● LemonLDAP::NG main components: ● Portal: authentication process, user interaction, application menu, password change form ● Manager: configuration interface, sessions explorer ● Handler: Apache agent, manage access authorizations ● Perl, only Perl, just Perl ● Relies on Apache and mod_perl 02/05/12 9 http://lemonldap-ng.org
SSO for the L33T 02/05/12 10 http://lemonldap-ng.org
Application protection ● LemonLDAP::NG uses Apache virtual host as application identifier ● Each application owns: ● Access rules: each rule refers to an URL pattern, logout can be caught ● HTTP headers: each header contains a session value, or an evaluated Perl expression ● POST data: only used for form replay ● Redirection options: protocol and port 02/05/12 11 http://lemonldap-ng.org
Examples ● Access rules: ● default → accept ● ^/admin → $groups =~ /admin/ ● ^/logout.php → logout_sso ● HTTP headers: ● Auth-User → $uid ● Auth-Name → uc($sn).", ".ucfirst($gn) 02/05/12 12 http://lemonldap-ng.org
Configuration interface 02/05/12 13 http://lemonldap-ng.org
Authentication methods ● LemonLDAP::NG supports a lot of authentication methods: ● LDAP ● Database ● SSL X509 ● Apache built-in modules (Kerberos, OTP, ...) ● SAML 2.0 ● OpenID ● Twitter ● CAS ● Yubikey ● Methods can be stacked or displayed together 02/05/12 14 http://lemonldap-ng.org
Identity Provider ● LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: ● SAML 2.0 ● OpenID 2.0 ● CAS 1.0 and 2.0 02/05/12 15 http://lemonldap-ng.org
Release 1.2, soon... ● New release planned for soon (this month?): ● Radius authentication module ● Login history ● New 'skip' rule ● Improve session cache management ● Custom session granting policies ● Better URL handling in CAS and SAML Issuer modules 02/05/12 16 http://lemonldap-ng.org
The end... almost 02/05/12 17 http://lemonldap-ng.org
Thanks ● Thanks to: ● FOSDEM and Perl DevRoom organizers ● LINAGORA company ● Perl (it is still alive!) ● Stay in touch: ● Identica: @coudot ● Twitter: @clementoudot ● IRC: KPTN #lemonldap-ng@freenode 02/05/12 18 http://lemonldap-ng.org
Questions? 02/05/12 19 http://lemonldap-ng.org

Recommended

Introduction to Perl Net::LDAP
Introduction to Perl Net::LDAPIntroduction to Perl Net::LDAP
Introduction to Perl Net::LDAPClément OUDOT
 
LDAPCon 2011 - The LemonLDAP::NG Project
LDAPCon 2011 - The LemonLDAP::NG ProjectLDAPCon 2011 - The LemonLDAP::NG Project
LDAPCon 2011 - The LemonLDAP::NG ProjectClément OUDOT
 
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGWebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGClément OUDOT
 
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020OW2
 
LemonLDAP::NG 1.2
LemonLDAP::NG 1.2LemonLDAP::NG 1.2
LemonLDAP::NG 1.2Clément OUDOT
 
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnRMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnClément OUDOT
 
LemonLDAP::NG 1.2
LemonLDAP::NG 1.2LemonLDAP::NG 1.2
LemonLDAP::NG 1.2Clément OUDOT
 
Simulasi Penerapan SSO Dengan Teknologi SAML Pada Universitas
Simulasi Penerapan SSO Dengan Teknologi SAML Pada UniversitasSimulasi Penerapan SSO Dengan Teknologi SAML Pada Universitas
Simulasi Penerapan SSO Dengan Teknologi SAML Pada UniversitasFuad Fauzi
 

Recommended

Introduction to Perl Net::LDAP
Introduction to Perl Net::LDAPIntroduction to Perl Net::LDAP
Introduction to Perl Net::LDAPClément OUDOT
 
LDAPCon 2011 - The LemonLDAP::NG Project
LDAPCon 2011 - The LemonLDAP::NG ProjectLDAPCon 2011 - The LemonLDAP::NG Project
LDAPCon 2011 - The LemonLDAP::NG ProjectClément OUDOT
 
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGWebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGClément OUDOT
 
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020OW2
 
LemonLDAP::NG 1.2
LemonLDAP::NG 1.2LemonLDAP::NG 1.2
LemonLDAP::NG 1.2Clément OUDOT
 
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnRMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnClément OUDOT
 
LemonLDAP::NG 1.2
LemonLDAP::NG 1.2LemonLDAP::NG 1.2
LemonLDAP::NG 1.2Clément OUDOT
 
Simulasi Penerapan SSO Dengan Teknologi SAML Pada Universitas
Simulasi Penerapan SSO Dengan Teknologi SAML Pada UniversitasSimulasi Penerapan SSO Dengan Teknologi SAML Pada Universitas
Simulasi Penerapan SSO Dengan Teknologi SAML Pada UniversitasFuad Fauzi
 
Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewClément OUDOT
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.OW2
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleClément OUDOT
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...Worteks
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fastDenis Karpenko
 
LemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisLemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisOW2
 
1000 things-sso-code-one
1000 things-sso-code-one1000 things-sso-code-one
1000 things-sso-code-onegauchoproluanco
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...OW2
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...OW2
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM projectClément OUDOT
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...Clément OUDOT
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDFscorlosquet
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwaresWorteks
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012scorlosquet
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap WebinarMen and Mice
 
SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)Ontico
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdfn00py1
 
Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success storiesWorteks
 
[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0Clément OUDOT
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...Clément OUDOT
 

More Related Content

Similar to The LemonLDAP::NG Project

Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewClément OUDOT
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.OW2
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleClément OUDOT
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...Worteks
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fastDenis Karpenko
 
LemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisLemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisOW2
 
1000 things-sso-code-one
1000 things-sso-code-one1000 things-sso-code-one
1000 things-sso-code-onegauchoproluanco
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...OW2
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...OW2
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM projectClément OUDOT
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...Clément OUDOT
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDFscorlosquet
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwaresWorteks
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012scorlosquet
 
SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)Ontico
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdfn00py1
 
Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success storiesWorteks
 

Similar to The LemonLDAP::NG Project (20)

Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_preview
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fast
 
LemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, ParisLemonLDAP NG 1.2, OW2con'12, Paris
LemonLDAP NG 1.2, OW2con'12, Paris
 
1000 things-sso-code-one
1000 things-sso-code-one1000 things-sso-code-one
1000 things-sso-code-one
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
 
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
Full Identity and Access Management with LemonLDAP::NG and Fusion Directory: ...
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDF
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)SPDY быстрее на 146% (Валентин Бартенев)
SPDY быстрее на 146% (Валентин Бартенев)
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdf
 
Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories
 

More from Clément OUDOT

[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0Clément OUDOT
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...Clément OUDOT
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...Clément OUDOT
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libreClément OUDOT
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !Clément OUDOT
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...Clément OUDOT
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libreClément OUDOT
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017Clément OUDOT
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !Clément OUDOT
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NGClément OUDOT
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel LibreClément OUDOT
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideClément OUDOT
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGClément OUDOT
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security JerkClément OUDOT
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnClément OUDOT
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Clément OUDOT
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnectClément OUDOT
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect ProtocolClément OUDOT
 
[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overviewClément OUDOT
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect ProtocolClément OUDOT
 

More from Clément OUDOT (20)

[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard Guide
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security Jerk
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign On
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol
 
[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

The LemonLDAP::NG Project

  • 1. LemonLDAP::NG The LemonLDAP::NG project Clément OUDOT FOSDEM – 5th February 2012 Web access under protect
  • 2. Schedule ● Speaker ● Single Sign On ● The LemonLDAP::NG software 02/05/12 2 http://lemonldap-ng.org
  • 3. About me 02/05/12 3 http://lemonldap-ng.org
  • 4. Clément OUDOT ● LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration ● LinID Dream Team Manager http://linid.org ● Leader of LDAP Tool Box project http://ltb-project.org ● Leader of LemonLDAP::NG project http://lemonldap-ng.org 02/05/12 4 http://lemonldap-ng.org
  • 5. Single Sign On 02/05/12 5 http://lemonldap-ng.org
  • 6. Definition ● Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications ● Applications do not manage passwords anymore ● Identity of the user is forwarded to applications by the SSO software 02/05/12 6 http://lemonldap-ng.org
  • 7. SSO for the newbies 1 User 3 2 Web Application WebSSO Portal 02/05/12 7 http://lemonldap-ng.org
  • 8. LemonLDAP::NG 02/05/12 8 http://lemonldap-ng.org
  • 9. Components ● LemonLDAP::NG main components: ● Portal: authentication process, user interaction, application menu, password change form ● Manager: configuration interface, sessions explorer ● Handler: Apache agent, manage access authorizations ● Perl, only Perl, just Perl ● Relies on Apache and mod_perl 02/05/12 9 http://lemonldap-ng.org
  • 10. SSO for the L33T 02/05/12 10 http://lemonldap-ng.org
  • 11. Application protection ● LemonLDAP::NG uses Apache virtual host as application identifier ● Each application owns: ● Access rules: each rule refers to an URL pattern, logout can be caught ● HTTP headers: each header contains a session value, or an evaluated Perl expression ● POST data: only used for form replay ● Redirection options: protocol and port 02/05/12 11 http://lemonldap-ng.org
  • 12. Examples ● Access rules: ● default → accept ● ^/admin → $groups =~ /admin/ ● ^/logout.php → logout_sso ● HTTP headers: ● Auth-User → $uid ● Auth-Name → uc($sn).", ".ucfirst($gn) 02/05/12 12 http://lemonldap-ng.org
  • 13. Configuration interface 02/05/12 13 http://lemonldap-ng.org
  • 14. Authentication methods ● LemonLDAP::NG supports a lot of authentication methods: ● LDAP ● Database ● SSL X509 ● Apache built-in modules (Kerberos, OTP, ...) ● SAML 2.0 ● OpenID ● Twitter ● CAS ● Yubikey ● Methods can be stacked or displayed together 02/05/12 14 http://lemonldap-ng.org
  • 15. Identity Provider ● LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: ● SAML 2.0 ● OpenID 2.0 ● CAS 1.0 and 2.0 02/05/12 15 http://lemonldap-ng.org
  • 16. Release 1.2, soon... ● New release planned for soon (this month?): ● Radius authentication module ● Login history ● New 'skip' rule ● Improve session cache management ● Custom session granting policies ● Better URL handling in CAS and SAML Issuer modules 02/05/12 16 http://lemonldap-ng.org
  • 17. The end... almost 02/05/12 17 http://lemonldap-ng.org
  • 18. Thanks ● Thanks to: ● FOSDEM and Perl DevRoom organizers ● LINAGORA company ● Perl (it is still alive!) ● Stay in touch: ● Identica: @coudot ● Twitter: @clementoudot ● IRC: KPTN #lemonldap-ng@freenode 02/05/12 18 http://lemonldap-ng.org
  • 19. Questions? 02/05/12 19 http://lemonldap-ng.org