SlideShare a Scribd company logo
1 of 29
Download to read offline
LEMONLDAP::NG 2.0
info@worteks.com
FOSDEM 2019FOSDEM 2019FOSDEM 2019FOSDEM 2019
03/02/19 2
LemonLDAP::NG Software
03/02/19 3
SSO Workfow
Authentication
Portal
Application
2. Authentication
1. First access
3. Send SSO Token
Trust link
4. Validate SSO token
03/02/19 4
History
2003
2006
2010
2016
2018
Project creation
Fork – version NG
Protocols CAS, SAML
and OpenID
Version 1.0
Protocol OpenID
Connect
Second factors (2FA)
Version 2.0
03/02/19 5
Main features
●
Web Single Sign On
●
Access control
●
Applications portal
●
Authentication modules choice and chain
●
Password management, account creation
●
Multi-factor authentication (MFA)
●
Protection of Web applications and API/WebServices
●
Graphical customisation
●
Packages for Debian/Ubuntu/RHEL/CentOS
03/02/19 6
Login page
03/02/19 7
Portal with application menu
03/02/19 8
Web Administration interface
03/02/19 9
Command Line Interface
03/02/19 10
Free Software
●
License GPL
●
OW2 project
●
Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
●
Site: https://lemonldap-ng.org
●
OW2 Community Award in 2014
●
SSO component of FusionIAM project: https://fusioniam.org/
03/02/19 11
Component roles
Confgurations Sessions
Portal
Manager Handler
Application
menu
CAS
SAML
OpenID Connect
Self Services
SOAP/REST
server
Session
management
Confgurations Sessions
Notifcations Second factors
Access Control SSOaaS
Web Service
Token
Custom
03/02/19 12
How works the agent (Handler)
03/02/19 13
Web application
Sessions
Portal
Handler
Web Application
Authentication
Session creation
Session read
SSO cookie
HTTP headers
03/02/19 14
Protocols CAS, SAML and OpenID Connect
03/02/19 15
Main features
●
LL::NG can act as client and as server
●
Attributes sharing
●
Manage authentication contexts and levels
●
Autogeneration of public/private keys
●
Access control per services
●
Publication of configuration data (metadata)
●
Multi-protocols gateway
●
Single logout
03/02/19 16
New in LemonLDAP::NG 2.0
17
Second Factor Authentication (2FA)
●
LemonLDAP::NG can use the following 2FA:
●
TOTP
●
U2F
●
TOTP or U2F
●
External
●
REST
●
Yubikey
03/02/19 18
Confguration backends
●
Already existing backends:
●
JSON file
●
Database
●
LDAP
●
NoSQL (MongoDB)
●
SOAP
●
New backends:
●
YAML file
●
REST
●
Local (no backend, only lemonldap-ng.ini file)
03/02/19 19
NodeJS Handler
●
Native integration in Express application
●
Rules and headers configured in Javascript
●
https://github.com/LemonLDAPNG/node-lemonldap-ng-handler
npm install node-lemonldap-ng-handler
03/02/19 20
DevOps (SSO as a Service)
●
Authentication managed by portal
●
Access control and HTTP headers configuration set in a local
JSON file
●
Allow quick applications deployement without need to edit main
SSO configuration
03/02/19 21
DevOps (SSO as a Service)
Sessions
Portal
Handler
Web Application
Authentication
Session creation
Session read
SSO cookie
HTTP headers
rules
.json
Access rules
Exported headers
03/02/19 22
API / WebService protection
●
New Handler "Service Token" installed between application and
WebService
●
Main Handler generates a token based on time session_id and
virtual hosts
●
The token is sent by application to WebService
●
The Handler "Service Token" intercepts the token, validates it
and apply access rules, and sent HTTP headers to WebService
03/02/19 23
API – Service Token
Sessions
Portal
Handler
Web Application
Authentication
Session creation
Session read
SSO cookie
HTTP headers
Token
Handler
Service Token
Web Service Token
HTTP headers
Session read
03/02/19 24
Authentifcation modules
●
New modules:
●
PAM
●
REST
●
Kerberos (GSSAPI)
●
CAS (attributes reading)
●
Multi is replaced by Combination
●
Custom module
03/02/19 25
Administration interface
●
Configurations comparator: differences between two
configurations are displayed in a tree
●
Second factors administration (search, revoke)
●
Sort sessions by creation date or modification date
03/02/19 26
RENATER / eduGAIN
●
Support of RENATER / eduGAIN via SAML2:
●
Service Provider
●
Identity Provider
●
Call to Identity Provider selection page (WAYF) via SAML
Discovery Protocol
●
Metadata bulk import script
03/02/19 27
Plugin engine
●
Portal code was fully rewritten, and it now allows to write
plugins
●
Plugin examples, provided by default:
●
Auto Signin: direct authentication for some IP
●
Brute Force: protect against brute-force attacks
●
Stay Connected: "remember me" button
●
Public Pages: create static pages using portal skin
●
Write a custom plugin:
https://lemonldap-ng.org/documentation/latest/plugincustom
03/02/19 28
Other new features
●
A user can refresh rights without disconnect/reconnect
●
REST services for configurations and sessions
●
Select language before authentication
●
New graphical theme built with Bootstrap 4
●
Logo customization (used in graphical theme and sent mails)
●
Log system choice (syslog, Apache, Log4Perl, Sentry...)
2929
THANKS
Pour plus d’informations :
info@worteks.com
@worteks_com
linkedin.com/company/worteks

More Related Content

What's hot

The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect ProtocolClément OUDOT
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnClément OUDOT
 
OAuth 2.0 at the Globiots
OAuth 2.0 at the GlobiotsOAuth 2.0 at the Globiots
OAuth 2.0 at the GlobiotsTran Thanh Thi
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...Worteks
 
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020OW2
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect ProtocolClément OUDOT
 
Talk Microservices to Me: The Role of IAM in Microservice Architecture
Talk Microservices to Me: The Role of IAM in Microservice ArchitectureTalk Microservices to Me: The Role of IAM in Microservice Architecture
Talk Microservices to Me: The Role of IAM in Microservice ArchitectureWSO2
 
WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server WSO2
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Hermann Burgmeier
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnRMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnClément OUDOT
 
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice ArchitectureWSO2
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webFelix Arntz
 
GSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleGSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleMayank Sharma
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersWSO2
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 

What's hot (19)

The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect Protocol
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign On
 
OAuth 2.0 at the Globiots
OAuth 2.0 at the GlobiotsOAuth 2.0 at the Globiots
OAuth 2.0 at the Globiots
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
 
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol
 
Talk Microservices to Me: The Role of IAM in Microservice Architecture
Talk Microservices to Me: The Role of IAM in Microservice ArchitectureTalk Microservices to Me: The Role of IAM in Microservice Architecture
Talk Microservices to Me: The Role of IAM in Microservice Architecture
 
WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnRMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
 
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) web
 
GSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleGSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 Module
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
 

Similar to [FOSDEM 2019] LemonLDAP::NG 2.0

[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...Worteks
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...Paris Open Source Summit
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key ManagerWSO2
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Leadex Systems
 
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...WSO2
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)Channy Yun
 
Server interaction with web socket protocol
Server interaction with web socket protocolServer interaction with web socket protocol
Server interaction with web socket protocolRahul Rai
 
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?WSO2
 
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
MS_Learning_Transcript.PDF
MS_Learning_Transcript.PDFMS_Learning_Transcript.PDF
MS_Learning_Transcript.PDFJacco Maat
 
Introduction to Linked Data and Web Payments
Introduction to Linked Data and Web Payments Introduction to Linked Data and Web Payments
Introduction to Linked Data and Web Payments Brent Shambaugh
 
FIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonFIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonKi-Eun Shin
 
Blockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventBlockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventAraf Karsh Hamid
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...WSO2
 
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays  - The Evolution of API Security by Johann Dilantha Nal...INTERFACE, by apidays  - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...apidays
 

Similar to [FOSDEM 2019] LemonLDAP::NG 2.0 (20)

[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
 
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)
 
Server interaction with web socket protocol
Server interaction with web socket protocolServer interaction with web socket protocol
Server interaction with web socket protocol
 
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
 
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2
 
Mikrotik API
Mikrotik APIMikrotik API
Mikrotik API
 
MS_Learning_Transcript.PDF
MS_Learning_Transcript.PDFMS_Learning_Transcript.PDF
MS_Learning_Transcript.PDF
 
batch-4.pptx
batch-4.pptxbatch-4.pptx
batch-4.pptx
 
Introduction to Linked Data and Web Payments
Introduction to Linked Data and Web Payments Introduction to Linked Data and Web Payments
Introduction to Linked Data and Web Payments
 
FIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonFIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG Hackathon
 
Blockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventBlockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - Clavent
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
 
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays  - The Evolution of API Security by Johann Dilantha Nal...INTERFACE, by apidays  - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
 

More from Clément OUDOT

[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...Clément OUDOT
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM projectClément OUDOT
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...Clément OUDOT
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libreClément OUDOT
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !Clément OUDOT
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...Clément OUDOT
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libreClément OUDOT
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017Clément OUDOT
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !Clément OUDOT
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NGClément OUDOT
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel LibreClément OUDOT
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideClément OUDOT
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGClément OUDOT
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security JerkClément OUDOT
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Clément OUDOT
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnectClément OUDOT
 
Analyse OpenLDAP logs with ELK
Analyse OpenLDAP logs with ELKAnalyse OpenLDAP logs with ELK
Analyse OpenLDAP logs with ELKClément OUDOT
 
Le Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel LibreLe Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel LibreClément OUDOT
 
RMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization ConnectorRMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization ConnectorClément OUDOT
 
RMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et GitRMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et GitClément OUDOT
 

More from Clément OUDOT (20)

[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard Guide
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security Jerk
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
 
Analyse OpenLDAP logs with ELK
Analyse OpenLDAP logs with ELKAnalyse OpenLDAP logs with ELK
Analyse OpenLDAP logs with ELK
 
Le Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel LibreLe Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel Libre
 
RMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization ConnectorRMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization Connector
 
RMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et GitRMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et Git
 

Recently uploaded

Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoUXDXConf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxEasyPrinterHelp
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 

Recently uploaded (20)

Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 

[FOSDEM 2019] LemonLDAP::NG 2.0

  • 3. 03/02/19 3 SSO Workfow Authentication Portal Application 2. Authentication 1. First access 3. Send SSO Token Trust link 4. Validate SSO token
  • 4. 03/02/19 4 History 2003 2006 2010 2016 2018 Project creation Fork – version NG Protocols CAS, SAML and OpenID Version 1.0 Protocol OpenID Connect Second factors (2FA) Version 2.0
  • 5. 03/02/19 5 Main features ● Web Single Sign On ● Access control ● Applications portal ● Authentication modules choice and chain ● Password management, account creation ● Multi-factor authentication (MFA) ● Protection of Web applications and API/WebServices ● Graphical customisation ● Packages for Debian/Ubuntu/RHEL/CentOS
  • 7. 03/02/19 7 Portal with application menu
  • 10. 03/02/19 10 Free Software ● License GPL ● OW2 project ● Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng ● Site: https://lemonldap-ng.org ● OW2 Community Award in 2014 ● SSO component of FusionIAM project: https://fusioniam.org/
  • 11. 03/02/19 11 Component roles Confgurations Sessions Portal Manager Handler Application menu CAS SAML OpenID Connect Self Services SOAP/REST server Session management Confgurations Sessions Notifcations Second factors Access Control SSOaaS Web Service Token Custom
  • 12. 03/02/19 12 How works the agent (Handler)
  • 13. 03/02/19 13 Web application Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers
  • 14. 03/02/19 14 Protocols CAS, SAML and OpenID Connect
  • 15. 03/02/19 15 Main features ● LL::NG can act as client and as server ● Attributes sharing ● Manage authentication contexts and levels ● Autogeneration of public/private keys ● Access control per services ● Publication of configuration data (metadata) ● Multi-protocols gateway ● Single logout
  • 16. 03/02/19 16 New in LemonLDAP::NG 2.0
  • 17. 17 Second Factor Authentication (2FA) ● LemonLDAP::NG can use the following 2FA: ● TOTP ● U2F ● TOTP or U2F ● External ● REST ● Yubikey
  • 18. 03/02/19 18 Confguration backends ● Already existing backends: ● JSON file ● Database ● LDAP ● NoSQL (MongoDB) ● SOAP ● New backends: ● YAML file ● REST ● Local (no backend, only lemonldap-ng.ini file)
  • 19. 03/02/19 19 NodeJS Handler ● Native integration in Express application ● Rules and headers configured in Javascript ● https://github.com/LemonLDAPNG/node-lemonldap-ng-handler npm install node-lemonldap-ng-handler
  • 20. 03/02/19 20 DevOps (SSO as a Service) ● Authentication managed by portal ● Access control and HTTP headers configuration set in a local JSON file ● Allow quick applications deployement without need to edit main SSO configuration
  • 21. 03/02/19 21 DevOps (SSO as a Service) Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers rules .json Access rules Exported headers
  • 22. 03/02/19 22 API / WebService protection ● New Handler "Service Token" installed between application and WebService ● Main Handler generates a token based on time session_id and virtual hosts ● The token is sent by application to WebService ● The Handler "Service Token" intercepts the token, validates it and apply access rules, and sent HTTP headers to WebService
  • 23. 03/02/19 23 API – Service Token Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers Token Handler Service Token Web Service Token HTTP headers Session read
  • 24. 03/02/19 24 Authentifcation modules ● New modules: ● PAM ● REST ● Kerberos (GSSAPI) ● CAS (attributes reading) ● Multi is replaced by Combination ● Custom module
  • 25. 03/02/19 25 Administration interface ● Configurations comparator: differences between two configurations are displayed in a tree ● Second factors administration (search, revoke) ● Sort sessions by creation date or modification date
  • 26. 03/02/19 26 RENATER / eduGAIN ● Support of RENATER / eduGAIN via SAML2: ● Service Provider ● Identity Provider ● Call to Identity Provider selection page (WAYF) via SAML Discovery Protocol ● Metadata bulk import script
  • 27. 03/02/19 27 Plugin engine ● Portal code was fully rewritten, and it now allows to write plugins ● Plugin examples, provided by default: ● Auto Signin: direct authentication for some IP ● Brute Force: protect against brute-force attacks ● Stay Connected: "remember me" button ● Public Pages: create static pages using portal skin ● Write a custom plugin: https://lemonldap-ng.org/documentation/latest/plugincustom
  • 28. 03/02/19 28 Other new features ● A user can refresh rights without disconnect/reconnect ● REST services for configurations and sessions ● Select language before authentication ● New graphical theme built with Bootstrap 4 ● Logo customization (used in graphical theme and sent mails) ● Log system choice (syslog, Apache, Log4Perl, Sentry...)
  • 29. 2929 THANKS Pour plus d’informations : info@worteks.com @worteks_com linkedin.com/company/worteks