Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.

21 nov. 2013
1 j’aime 4 392 vues
Prochain SlideShare
Running a Project with Github
Running a Project with Github
Chargement dans…3
×

Consultez-les par la suite

Sirocco Open Source Multi Cloud Manager, OW2con11, Nov 24-25, Paris
OW2
Spatial Sound 4: Getting the Best Surround Around
Richard Elen
A new interface between smart device and web using html5 web socket and qr code
Matthew Chang
Big data - Cassandra
Jen Wei Lee
Billboard Liberation Front - Steve Lambert
Crisis 999
OS Approach Industrializing Research Tools
OW2
Jasmine Probe, OW2con11, Nov 24-25, Paris
OW2
Automatizing SpagoBI, OW2con'16, Paris.
OW2
1 sur 19
1 sur 19

LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.

21 nov. 2013
1 j’aime 4 392 vues

Télécharger pour lire hors ligne

Technologie

LemonLDAP::NG is a FOSS for WebSSO, access management and identity federation developed since 2005. Its community is active and regurlarly proposes new versions. This software provides many functionalities: * Multi-domain SSO * Configuration and session management * Form replay * Protocols support : LDAP, CAS, OpenID, SAML, Radius * Authentication methods chaining * Applications portal * Password management * Notifications * Connection history management * Put an application in maintenance state * Inserting a menu on protected applications LemonLDAP::NG can be used as a gateway between many authentifcation protocoles, for example : * Provide identity trough SAML after an LDAP authentication * Provide identity trough CAS after an OpenID authentication * Provide identity trough OpenID after a Twitter authentication LemonLDAP::NG is a efficient mean to link Saas applications to internal applications, all relying on the authentication of the enterprise directory.

LemonLDAP::NG is a FOSS for WebSSO, access management and identity federation developed since 2005. Its community is active and regurlarly proposes new versions. This software provides many functionalities: * Multi-domain SSO * Configuration and session management * Form replay * Protocols support : LDAP, CAS, OpenID, SAML, Radius * Authentication methods chaining * Applications portal * Password management * Notifications * Connection history management * Put an application in maintenance state * Inserting a menu on protected applications LemonLDAP::NG can be used as a gateway between many authentifcation protocoles, for example : * Provide identity trough SAML after an LDAP authentication * Provide identity trough CAS after an OpenID authentication * Provide identity trough OpenID after a Twitter authentication LemonLDAP::NG is a efficient mean to link Saas applications to internal applications, all relying on the authentication of the enterprise directory.

Technologie

Suggestions

Plus De Contenu Connexe

Les utilisateurs ont également aimé

Sirocco Open Source Multi Cloud Manager, OW2con11, Nov 24-25, Paris
OW2
Spatial Sound 4: Getting the Best Surround Around
Richard Elen
A new interface between smart device and web using html5 web socket and qr code
Matthew Chang
Big data - Cassandra
Jen Wei Lee
Billboard Liberation Front - Steve Lambert
Crisis 999
OS Approach Industrializing Research Tools
OW2
Jasmine Probe, OW2con11, Nov 24-25, Paris
OW2
Automatizing SpagoBI, OW2con'16, Paris.
OW2
nuage, deployment strategy of a distributed cloud infrastructure, OW2con'15, ...
OW2
Amsterdam Data Portal
OW2
Obama slideshare
Ciszewski MSL
Chapter 13
dphil002
Ow2 Today Solution Linux2010
OW2
Chapter 10
dphil002
Microsoft Power Point Customview360 Linked In
Michiel Castelijns
Chapter 4
dphil002
Ea exam 2010 review course intro
dphil002
CompatibleOne project - OW2con 2011, Nov 24-25, Paris
OW2
Monitoring File transfert (MFT) WAARP R66, OW2con'16, Paris.
OW2
OSGi @ OW2, Clément Escoffier, Guillaume Sauthier.
OW2

Similaire à LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.

Jdll 2010 lemon_ldap-ng_100_preview
Clément OUDOT
The LemonLDAP::NG Project
Clément OUDOT
Securing data instances with ERBAC
kaosko
Owasp web security
Pankaj Kumar Sharma
Web servers (l6)
Nanhi Sinha
TYPO3 Flow 2.0 in the field - webtech Conference 2013
die.agilen GmbH
RIA Security - Broken By Design
jojule
TOSCA in Practice with ARIA
Cloudify Community
Official typo3.org infrastructure &
the TYPO3 Server Admin Team
Steffen Gebert
Advanced java programming notes
Ketan Rajpal
[LDAPCon 2015] The OpenID Connect Protocol
Clément OUDOT
Ruby on Rails: Building Web Applications Is Fun Again!
judofyr
Introduction Yii Framework
Tuan Nguyen
Puppet Design Patterns - PuppetConf
David Danzilio
CKAN as an open-source data management solution for open data
AIMS (Agricultural Information Management Standards)
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
Apigee | Google Cloud
Wade.Semantic User Profiles
ancutaionel
LDAP and Active Directory Authentication in Plone
Clayton Parker
The Meteor Framework
Damien Magoni
Secure Dot Net Programming
Adam Getchell

Plus par OW2

GLPi v.10, les fonctionnalités principales et l'offre cloud
OW2
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
OW2
FusionIAM : la gestion des identités et des accés open source
OW2
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2
SFScon'20 Bringing the User into the Equation
OW2
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
OW2
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
OW2
Open Source governance and the Eclipse Foundation, OW2online, June 2020
OW2
Open source contribution policies, OW2online, June 2020
OW2
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
OW2
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
OW2
Open Source Compliance at Orange, OW2online, June 2020
OW2
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
OW2
Intelligent package management with FASTEN, OW2online, June 2020
OW2
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
OW2
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
OW2
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
OW2
Cacti and Big Data at Orange France, OW2online, June 2020
OW2
Open Source Geographic Information System at Orange, OW2online, June 2020
OW2
Decentralized Digital Twins using FLOSS, OW2online, June 2020
OW2

À la une

Irresistible content for immovable prospects
Velocity Partners
How To Build Amazing Products Through Customer Feedback
Product School
Bridging the Gap Between Data Science & Engineer: Building High-Performance T...
ryanorban
Intro to user centered design
Rebecca Destello
How to Master Difficult Conversations at Work – Leader’s Guide
Piktochart
How to Land that First Customer
Floown
How to think like a startup
Loic Le Meur
What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden

Livres associés

Gratuit avec un essai de 30 jours de Scribd

Tout voir
De la Stratégie en général Carl Von Clausewitz
Manuel de fabrication du savon: Je fabrique mes savons facilement E. G. Thomssen
Tout sur l'auto Benoit Charette
Encyclopédie des plantes: Nature et Environnement Jacqueline Launay
Les protections électriques (HT) Gérard Leveque
L'Art de la guerre: Traité de stratégie en 13 chapitres (texte intégral) Sun Tzu
Hydraulique et hydrologie, 3e édition Saad Bennis
Comprendre la mécanique Yannick Rossi
La vie des abeilles: Prix Nobel de littérature Maurice Maeterlinck
Savoir réparer et entretenir sa voiture Yannick Rossi
Scrum - Le Guide Ultime des Méthodes Agiles Essentielles de Scrum! The Blokehead
Revue des incompris revue d'histoire des oubliettes: Le Réveil de l'Horloge de Célestin Louis Maxime Dubuisson aliéniste et poète Agnès Bertomeu
Le Manuel de Pilotage d'Avion et d'ULM - 7e édition: Tout pour l'examen théorique de pilote privé d'avion et d'ULM Collectif
Les Jinn bâtisseurs de pyramides...? Nas E. Boutammina
Le B.A.-Ba de la communication: Comment convaincre, informer, séduire ? Pierre Guilbert
Semis, boutures, greffes: Jardinage (2) Petit Guide

LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.

  1. 1. LemonLDAP::NG 1.3 David Coutadeur New features of LemonLDAP::NG 1.3 www.ow2.org Twitter #ow2con
  2. 2. About the speaker www.ow2.org Twitter #ow2con
  3. 3. David Coutadeur ● LDAP engineer since 2010 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration ● Integrator for LinID solutions http://linid.org ● Member of the LTB team http://ltb-project.org ● Member of the LSC team http://lsc-project.org ● Member of LemonLDAP::NG project core-team http://lemonldap-ng.org www.ow2.org Twitter #ow2con
  4. 4. LemonLDAP::NG www.ow2.org Twitter #ow2con
  5. 5. Components ● LemonLDAP::NG main components: ● ● ● Portal: authentication process, user interaction, application menu, password change form Manager: configuration interface, sessions explorer Handler: Apache agent, manage access authorizations ● Perl, only Perl, just Perl ● Relies on Apache and mod_perl www.ow2.org Twitter #ow2con
  6. 6. Follow the white request www.ow2.org Twitter #ow2con
  7. 7. What's new ? ● FastCGI Portal ● Authentication/user modules: – – – – – Active Directory, BrowserID, WebID, Google, Facebook ● JSON file configuration backend ● Captcha ● Aliases for virtual hosts ● CLI LemonLDAP Manager www.ow2.org Twitter #ow2con
  8. 8. FastCGI Portal ● ● ● CGI interfaces applications to web servers FastCGI reduces overhead thanks to persistent processes, joined by a socket or TCP connexion LemonLDAP::NG CGIs can now be easily extended to FastCGI: Manager (not so useful) – Portal Improves response time – ● ● Scalability not tested yet (cgi farm servers) www.ow2.org Twitter #ow2con
  9. 9. Active Directory module ● ● Active Directory is a "special" LDAP directory AD module is nearly the same as LDAP ● ● ● Specific default values for filters to match AD schema Compatible password modification Reset password on next logon workflow www.ow2.org Twitter #ow2con
  10. 10. BrowserID module ● ● ● ● Authentication database only Mozilla Persona: implementation of a distributed login system based on BrowserID protocol Similar to OpenID BrowserID based on email address / OpenID based on a complicated URL ● Cross-browser (if recent) ● Public key cryptography ● Involves users, Relying Parties, and Identity Providers www.ow2.org Twitter #ow2con
  11. 11. WebID module ● ● FOAF Invented by a community group at W3C Public Key WebID = URI that refers to a person → uniquely identifies a user by his relation to a public key e.g. https://mywebsite.net/#dco ● ● ● ● WebID protocol is based on these URIs and a client certificate You may already have one! By joining a social network site: Libre.fm, MyOpera, Twitter URI can be linked to other profiles, to create a linked web of trust FOAF sites: store Friend of a a friend datas can provision users module in LemonLDAP::NG www.ow2.org Twitter #ow2con
  12. 12. Google module ● Authentication and users databases ● Users log in with Google authentication process ● LemonLDAP uses OpenID protocol to trust the latter ● OpenID ● ● ● ● decentralized authentication system based on URL, involving Providers, Relying parties and users, user chooses what data he wants to be accessible for each RP Mail used as login name A few data available: country, email, firstname, language, lastname www.ow2.org Twitter #ow2con
  13. 13. Facebook module ● More than 1.1 billion users in the world ● Authentication and users databases ● Oauth2 as authorization protocol (no authentication) ● Oauth2 – – Based on access and refresh tokens exchanged between client application and resource server Binding between LemonLDAP (client) and Facebook (resource server) is done by getting an application ID and a secret www.ow2.org Twitter #ow2con
  14. 14. JSON file configuration backend ● ● "JavaScript Object Notation" Generic data format allowing to represent structured information ● Configuration stored in a more readable way ● Can be shared by – – any files sharing system (NFS, NAS, SAN,…) SOAP configuration backend proxy www.ow2.org Twitter #ow2con
  15. 15. And much more... ● Captcha ● Can be used At user connection – In mail reset component Extra control to ensure one is human – ● ● Aliases for virtual hosts ● ● Allows numerous vhosts creation owning same headers and same protection rules CLI LemonLDAP Manager ● Tool to manage LemonLDAP configuration with the command line www.ow2.org Twitter #ow2con
  16. 16. What's next ? ● ● ● Configuration and cache optimization Code refactoring with Moose/Mouse for a better OO code Handler modularization ● compatibility with apache MPM-event or Nginx ? www.ow2.org Twitter #ow2con
  17. 17. The end... almost www.ow2.org Twitter #ow2con
  18. 18. Thanks ● Thanks to: ● ● LINAGORA company ● ● OW2 Con organizers LemonLDAP::NG and Perl community Stay in touch: ● IRC: stryg #lemonldap-ng@freenode www.ow2.org Twitter #ow2con
  19. 19. Questions? www.ow2.org Twitter #ow2con

×