This document provides an overview of LemonLDAP::NG software, including its history, features, use cases, and partnerships. Some key points:
- LemonLDAP::NG is open source software that provides web single sign-on and access management capabilities. It began in 2003 and supports protocols like CAS, SAML, and OpenID Connect.
- It offers features like SSO, access control, authentication modules, password management, MFA, and application protection. It also has graphical customization and packages for major Linux distributions.
- Orange is using LemonLDAP::NG to build a scalable infrastructure to provide a single authentication system across its thousands of applications and mix of internal and external users.
Micro Frontends Architecture is micro service approach for Frontend development. Micro Frontends thinks web-app as a composition of features which are owned by independent teams. Each team has a distinct area of business or mission it cares about and specialises in it. A team is cross functional and develops its features end-to-end, from database to user interface and take care of CI/CD. Micro service architechure is well know concept for backend point of view but In frontend we need to follow diffrent type of design pattern to achieve this.
Key Take away:
1. Learn about Micro Frontend
2. How to practically use them
3. Key challenges
Build "Privacy by design" Webthings
With IoT.js on TizenRT and more
#MozFest, Privacy and Security track
Ravensbourne University, London UK <2018-10-27>
https://social.samsunginter.net/web/statuses/101091908485239453# #Cdl2018 : #WebThing using #WebThingIotJs on #TizenRT on #ARTIK05x connected to @MozillaIot featuring @The_Jst #JerryScript + #IotJs , video to be published by @CapitoleDuLibre
webthing-iotjs-tizenrt-cdl2018-20181117rzr
Micro Frontends Architecture is micro service approach for Frontend development. Micro Frontends thinks web-app as a composition of features which are owned by independent teams. Each team has a distinct area of business or mission it cares about and specialises in it. A team is cross functional and develops its features end-to-end, from database to user interface and take care of CI/CD. Micro service architechure is well know concept for backend point of view but In frontend we need to follow diffrent type of design pattern to achieve this.
Key Take away:
1. Learn about Micro Frontend
2. How to practically use them
3. Key challenges
Build "Privacy by design" Webthings
With IoT.js on TizenRT and more
#MozFest, Privacy and Security track
Ravensbourne University, London UK <2018-10-27>
https://social.samsunginter.net/web/statuses/101091908485239453# #Cdl2018 : #WebThing using #WebThingIotJs on #TizenRT on #ARTIK05x connected to @MozillaIot featuring @The_Jst #JerryScript + #IotJs , video to be published by @CapitoleDuLibre
webthing-iotjs-tizenrt-cdl2018-20181117rzr
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Paolo Nesi
• Snap4City Architecture
• Snap4City: Smart City IOT as a Service
• Snap4City Living Lab For Collaborative Work
• Smart City Development Life Cycle
• Analysis and Design for Innovation (Co-Creation and Co-Working)
• Development Tools
• How to Add Functions that are not present in the Platform
• Snap4City vs Fi-Ware
• Snap4City vs State of the Art Solutions
• Snap4City Services: Consulting and Developing
• Snap4City vs Snap4Industry 4.0
• Installing Snap4City
• The view of the Administrator
• Monitoring Resource Consumption and Traffic
• Managing and Monitoring Data Traffic in the BackOffice
• Auditing Activities
• Managing Back Office processes via Containers
• Acknowledgement
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshJamesAnderson599331
Service mesh implementation and usage continues to gain momentum, but where is the technology headed? With new developments related to Wasm, eBPF, GraphQL, and more playing an increasingly important role in how service mesh works and what it can provide for teams and users, it’s important to understand what evolution in the space means for you.
My session from TYPO3camp Mallorca covering the extension Arxia Mobiles for TYPO3 which allows the generation of mobile applications using the PhoneGap API
Manage Your Router with Dynamic Public IPGLC Networks
Webinar topic: Manage Your Router with Dynamic Public IP
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, Manage Your Router with Dynamic Public IP
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/d_9hc7RUu58
What are DApps, and how are they useful?OliviaJune1
Decentralized applications are trending nowadays. These bring the usability and functionality of applications and security of decentralization or the Blockchain. The distributed ledger technology surfaced in the year 2009, and after that, the unique features of Blockchain technology made it useful for several other business operations. Applications are easy to use, and with digitization, most companies are now investing in creating applications that have a faster reach to the customers.
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013Paolo Viskanic
The importance of Spatial Data has been steadily increasing in the past decade. This trend is even clearer for small and medium organizations and enterprises. Whereas classic GIS was related mostly to Defense, Environment Protection and Government, Spatial Information is used on a regular base by a large number of actors of all sizes and sectors.
The need of those actors to exchange data with the external world by the means of standardized formats and data specifications, fits particularly well with the aims of the INSPIRE initiative.
The development of an easy to setup solutions at fair cost can accelerate the adoption of the INSPIRE specifications dramatically, bringing to the SME a large number of benefits.
The FreeGIS.net project, started as a Interreg Italy-Switzerland project by the Italian company R3 GIS, the technological Park of the Province of Bolzano (TIS), the Province of Bolzano (Italy) and the Kanton Graubünden in Switzerland. It’s aim was to devlop a platform based on best of breed open source software packages for creating INSPIRE compliant web services. A particular attention was given to multilingual aspects, since South Tyrol and Kanton Graubünden are both multilingual areas.
A well defined and standardized setup lowers the investments needed to create INPIRE web services and brings INSPIRE to organizations, which would otherwise be excluded from the INSPIRE initiative, for financial or for technical reasons. Also, the ability to consume INSPIRE services in a standardized way and to easily merge them with own datasets using INSPIRE and OGC standards, will give SMEs access to geographic data all over Europe, lowering costs and difficulties related to obtaining data from different organizations. FreeGIS.net is an example on how a small enterprise can create business opportunities by investing on the deployment of INSPIRE-compliant technologies.
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...IBM Connections Developers
IBM SmartCloud for Social Business (IBM Connections in the cloud) provides an unique set of social and collaborative services like profiles, file sharing, community discussions and much more. Attend this webinar to see how to develop your own apps rapidly by leveraging these services from IBM Connections via the IBM Social Business Toolkit SDK. Additionally you will learn how to extend and customize IBM SmartCloud for Social Business via the extension framework.
Speakers:
Philippe Riand, IBM Collaboration Solutions Social Application Development Architect
Niklas Heidloff, IBM Collaboration Solutions Community Advocate
Mark Wallace, IBM Collaboration Solutions Social Business Toolkit SDK Architect
https://ibmdw.net/social
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Niklas Heidloff
IBM SmartCloud for Social Business (IBM Connections in the cloud) provides an unique set of social and collaborative services like profiles, file sharing, community discussions and much more. Attend this webinar to see how to develop your own apps rapidly by leveraging these services from IBM Connections via the IBM Social Business Toolkit SDK. Additionally you will learn how to extend and customize IBM SmartCloud for Social Business via the extension framework.
Speakers:
Philippe Riand, IBM Collaboration Solutions Social Application Development Architect
Niklas Heidloff, IBM Collaboration Solutions Community Advocate
Mark Wallace, IBM Collaboration Solutions Social Business Toolkit SDK Architect
https://ibmdw.net/social
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Paolo Nesi
• Snap4City Architecture
• Snap4City: Smart City IOT as a Service
• Snap4City Living Lab For Collaborative Work
• Smart City Development Life Cycle
• Analysis and Design for Innovation (Co-Creation and Co-Working)
• Development Tools
• How to Add Functions that are not present in the Platform
• Snap4City vs Fi-Ware
• Snap4City vs State of the Art Solutions
• Snap4City Services: Consulting and Developing
• Snap4City vs Snap4Industry 4.0
• Installing Snap4City
• The view of the Administrator
• Monitoring Resource Consumption and Traffic
• Managing and Monitoring Data Traffic in the BackOffice
• Auditing Activities
• Managing Back Office processes via Containers
• Acknowledgement
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshJamesAnderson599331
Service mesh implementation and usage continues to gain momentum, but where is the technology headed? With new developments related to Wasm, eBPF, GraphQL, and more playing an increasingly important role in how service mesh works and what it can provide for teams and users, it’s important to understand what evolution in the space means for you.
My session from TYPO3camp Mallorca covering the extension Arxia Mobiles for TYPO3 which allows the generation of mobile applications using the PhoneGap API
Manage Your Router with Dynamic Public IPGLC Networks
Webinar topic: Manage Your Router with Dynamic Public IP
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, Manage Your Router with Dynamic Public IP
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/d_9hc7RUu58
What are DApps, and how are they useful?OliviaJune1
Decentralized applications are trending nowadays. These bring the usability and functionality of applications and security of decentralization or the Blockchain. The distributed ledger technology surfaced in the year 2009, and after that, the unique features of Blockchain technology made it useful for several other business operations. Applications are easy to use, and with digitization, most companies are now investing in creating applications that have a faster reach to the customers.
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013Paolo Viskanic
The importance of Spatial Data has been steadily increasing in the past decade. This trend is even clearer for small and medium organizations and enterprises. Whereas classic GIS was related mostly to Defense, Environment Protection and Government, Spatial Information is used on a regular base by a large number of actors of all sizes and sectors.
The need of those actors to exchange data with the external world by the means of standardized formats and data specifications, fits particularly well with the aims of the INSPIRE initiative.
The development of an easy to setup solutions at fair cost can accelerate the adoption of the INSPIRE specifications dramatically, bringing to the SME a large number of benefits.
The FreeGIS.net project, started as a Interreg Italy-Switzerland project by the Italian company R3 GIS, the technological Park of the Province of Bolzano (TIS), the Province of Bolzano (Italy) and the Kanton Graubünden in Switzerland. It’s aim was to devlop a platform based on best of breed open source software packages for creating INSPIRE compliant web services. A particular attention was given to multilingual aspects, since South Tyrol and Kanton Graubünden are both multilingual areas.
A well defined and standardized setup lowers the investments needed to create INPIRE web services and brings INSPIRE to organizations, which would otherwise be excluded from the INSPIRE initiative, for financial or for technical reasons. Also, the ability to consume INSPIRE services in a standardized way and to easily merge them with own datasets using INSPIRE and OGC standards, will give SMEs access to geographic data all over Europe, lowering costs and difficulties related to obtaining data from different organizations. FreeGIS.net is an example on how a small enterprise can create business opportunities by investing on the deployment of INSPIRE-compliant technologies.
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...IBM Connections Developers
IBM SmartCloud for Social Business (IBM Connections in the cloud) provides an unique set of social and collaborative services like profiles, file sharing, community discussions and much more. Attend this webinar to see how to develop your own apps rapidly by leveraging these services from IBM Connections via the IBM Social Business Toolkit SDK. Additionally you will learn how to extend and customize IBM SmartCloud for Social Business via the extension framework.
Speakers:
Philippe Riand, IBM Collaboration Solutions Social Application Development Architect
Niklas Heidloff, IBM Collaboration Solutions Community Advocate
Mark Wallace, IBM Collaboration Solutions Social Business Toolkit SDK Architect
https://ibmdw.net/social
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Niklas Heidloff
IBM SmartCloud for Social Business (IBM Connections in the cloud) provides an unique set of social and collaborative services like profiles, file sharing, community discussions and much more. Attend this webinar to see how to develop your own apps rapidly by leveraging these services from IBM Connections via the IBM Social Business Toolkit SDK. Additionally you will learn how to extend and customize IBM SmartCloud for Social Business via the extension framework.
Speakers:
Philippe Riand, IBM Collaboration Solutions Social Application Development Architect
Niklas Heidloff, IBM Collaboration Solutions Community Advocate
Mark Wallace, IBM Collaboration Solutions Social Business Toolkit SDK Architect
https://ibmdw.net/social
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...Worteks
We introduce the password policy standard (IETF Behera draft) and its implementation in OpenLDAP. We then present LDAP Tool Box Service Desk, a simple web application do display user account status and providing functions to check and reset password, lock/unlock account.
LemonLDAP::NG is a well known WebSSO software. The 2.0 version was released in 2018 and brings a lot of new features, like multi-factor authentication (TOTP, U2F, ...), WebService and API protection, Plugin system...
FusionIAM is based on the following softwares:
* OpenLDAP
* Fusion Directory
* LemonLDAP::NG
* LDAP Tool Box
* LSC
It is hosted by OW2: https://gitlab.ow2.org/fusioniam/fusioniam
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...Worteks
LemonLDAP::NG est un logiciel libre d’authentification unique (SSO), contrôle d’accès et fédérations des identités pour les applications Web. Il implémente entre autres les protocoles CAS, SAMLv2 et OpenID Connect.
Disposant de nombreux connecteurs avec différents systèmes et applications, il permet en particulier de s’authentifier sur AD avec Kerberos ou via SAML sur ADFS ou AzureAD.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
5. 12/06/2019 5
Main features
●
Web Single Sign On
●
Access control
●
Applications portal
●
Authentication modules choice and chain
●
Password management, account creation
●
Multi-factor authentication (MFA)
●
Protection of Web applications and API/WebServices
●
Graphical customisation
●
Packages for Debian/Ubuntu/RHEL/CentOS
10. 12/06/2019 10
Free Software
●
License GPL
●
OW2 project
●
Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
●
Site: https://lemonldap-ng.org
●
OW2 Community Award in 2014
●
SSO component of FusionIAM project: https://fusioniam.org/
11. 12/06/2019 11
Component roles
Configurations Sessions
Portal
Manager Handler
Application
menu
CAS
SAML
OpenID Connect
Self Services
SOAP/REST
server
Session
management
Configurations Sessions
Notifications Second factors
Access Control SSOaaS
Web Service
Token
Custom
13. 12/06/2019 13
CAS, SAML and OpenID Connect
●
LL::NG can act as client and as server
●
Attributes sharing
●
Manage authentication contexts and levels
●
Autogeneration of public/private keys
●
Access control per services
●
Publication of configuration data (metadata)
●
Multi-protocols gateway
●
Single logout
14. 12/06/2019 14
Second Factor Authentication (2FA)
●
LemonLDAP::NG can use the following 2FA:
●
TOTP
●
U2F
●
TOTP or U2F
●
Mail
●
External
●
REST
●
Yubikey
15. 12/06/2019 15
DevOps (SSO as a Service)
Sessions
Portal
Handler
Web Application
Authentication
Session creation
Session read
SSO cookie
HTTP headers
rules
.json
Access rules
Exported headers
16. 12/06/2019 16
API – Service Token
Sessions
Portal
Handler
Web Application
Authentication
Session creation
Session read
SSO cookie
HTTP headers
Token
Handler
Service Token
Web Service Token
HTTP headers
Session read
18. 12/06/2019 18
RENATER / eduGAIN
●
Support of RENATER / eduGAIN via SAML2:
●
Service Provider
●
Identity Provider
●
Call to Identity Provider selection page (WAYF) via SAML
Discovery Protocol
●
Metadata bulk import script
19. 12/06/2019 19
Plugin engine
●
Portal code was fully rewritten, and it now allows to write
plugins
●
Plugin examples, provided by default:
●
Auto Signin: direct authentication for some IP
●
Brute Force: protect against brute-force attacks
●
Stay Connected: "remember me" button
●
Public Pages: create static pages using portal skin
●
Impersonation: take the identity of another user
●
Write a custom plugin:
https://lemonldap-ng.org/documentation/latest/plugincustom
21. 12/06/2019 2105/06/2019
Orange is a complex environment…
With many people and kind of skills With thousands applications In a full motion environment
22. 12/06/2019 22
Orange is a complex environment in complex
world…
§ Orange made or bought.
§ Including SSO
compatibility or not.
§ Accessible from Internet
or Intranet.
§ Security access level
specific for each.
§ Each application has its
own livecyle.
§ Our users want the same
quality on work tools
than on the personnal
offer on Internet.
§ Rise of « fashion tool ».
Long time parthnerships
§ Orange people
§ Contractors
§ Partners
§ Universities
On demand relationships
§ Freelances with few days
contracts
With many people and kind of skills With thousands applications In a full motion environment
23. 12/06/2019 23
…With the constraints and needs than
others…
Manage all
identification /
authentication
cases
Manage all
identification /
authentication
cases
Allow access
from different
contexts
Allow access
from different
contexts
Keep things as
transparent as
possible for users
Keep things as
transparent as
possible for users
Manage all kinds
of users
Manage all kinds
of users
Provide many
types of protocols
Provide many
types of protocols
Guaranty high
security level
Guaranty high
security level
Flexible to
support futur
Flexible to
support futur
Guaranty a
high
availability
level
Guaranty a
high
availability
level
Keep It Complex
Stupid
Keep It Complex
Stupid
Simple
Have a single
system to
authenticate users
Have a single
system to
authenticate users
24. 12/06/2019 24
…So we are building a scalable
LemonLDAP::NG infrastructure…
ConfigConfig
SessionsSessions
ConfigConfig
SessionsSessions
Kerber
os
Kerber
os
11
then
if user come from internal
SAML
A
P
P
L
I
C
A
T
I
O
N
S
A
P
P
L
I
C
A
T
I
O
N
S
E
X
T
E
R
N
A
L
E
X
T
E
R
N
A
L
I
N
T
E
R
N
A
L
I
N
T
E
R
N
A
L
HA
int
HA
int
Lemon
int 1
Lemon
int 1
Lemon
int 2
Lemon
int 2
HA
ext
HA
ext
Lemon
ext 1
Lemon
ext 1
Lemon
ext 2
Lemon
ext 2
OidCOidC
22 REST
LDAP
REST
LDAP
33
LDAPLDAP
44
External
accounts
External
accounts
Orange
accounts
Orange
accounts
25. 12/06/2019 25
...And we are at the beginning of the journey...
We have tested LemonLdap in real conditions on many applications used by innovation
people:
26. 12/06/2019 26
…Under industrialisation by a specialized
team.
Another
team to
« build »
Another
team to
« build »
First team to
« think »
First team to
« think »
- Test LemonLdap
and try to get its
limits
- Test the potential
architectures
- Test intégration
with about 20
applications
(gitlab,
nextcloud, jira &
confluence,
Dokuwiki,
Apache 2,
Flexible Engine,
Grafana,
WebCom,
WordPress,
OpenStack…).
- Test authentication
protocols and
ways (OTP, …)
- Test LemonLdap
and try to get its
limits
- Test the potential
architectures
- Test intégration
with about 20
applications
(gitlab,
nextcloud, jira &
confluence,
Dokuwiki,
Apache 2,
Flexible Engine,
Grafana,
WebCom,
WordPress,
OpenStack…).
- Test authentication
protocols and
ways (OTP, …)
- Get the results of the previous
level to create an « industrial
solution » able to support
millions people.
- Get the results of the previous
level to create an « industrial
solution » able to support
millions people.
Final team
to« Run »
Final team
to« Run »
27. 12/06/2019 27
Orange-Worteks Partnership
●
Worteks offers a framework contract for support around
LemonLDAP::NG and other free softwares, with two parts:
●
Incident management: a ticket can be opened to solve any fault on a
production or development system (business hours)
●
Evolutions: a request can be done to fix bugs or code new features in
the software
●
Any Orange Business Unit can request a contract, prices are
already defined
●
It can then contribute to LemonLDAP::NG roadmap by
requesting evolutions
28. 12/06/2019 2805/06/2019 28
Thanks to all the contributors
Thank you to all the contributors to this project, for their competence, their good humor and their motivation that
are overcoming all the problems that veinly tried to stand up against us:
●
The LemonLDAP::NG Team (Clément, Xavier and all the others).
●
Worteks for the support.
●
Orange internal contributors : Christian P., Laurence T. , Daniel V., David M., Ronan H.B., Aurelien
P., Alexandre L., Jean-Louis F.
●
All others success keys in this project:
30. 12/06/2019 30
History
●
2002: First WebSSO GN (SiteMinder)
●
Licencing cost : 90 k€/year for 5000 users (target ~1 M€/year)
→ Take LemonLDAP over from the Ministry of finance
●
2005: Development of LL::NG (fork), SSO now used by (almost)
all civil services
32. 12/06/2019 32
Technical team for all ST(SI) SSO²
●
X. Guimard : Lead developer LL::NG
●
S. Marcq : Project manager
●
A. Rosier & C.Maudoux : developers and administrators