Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
LemonLDAP::NG 1.3
David Coutadeur
New features of LemonLDAP::NG 1.3

www.ow2.org

Twitter #ow2con
About the speaker

www.ow2.org

Twitter #ow2con
David Coutadeur
●

LDAP engineer since 2010 in LINAGORA
company, with experiences in SUN/Oracle to
OpenLDAP migration

●

...
LemonLDAP::NG

www.ow2.org

Twitter #ow2con
Components
●

LemonLDAP::NG main components:
●

●
●

Portal: authentication process, user interaction,
application menu, p...
Follow the white request

www.ow2.org

Twitter #ow2con
What's new ?
●

FastCGI Portal

●

Authentication/user modules:
–
–
–
–
–

Active Directory,
BrowserID,
WebID,
Google,
Fac...
FastCGI Portal
●

●

●

CGI interfaces applications to web servers
FastCGI reduces overhead thanks to persistent
processes...
Active Directory module
●

●

Active Directory is a "special"
LDAP directory
AD module is nearly the same
as LDAP
●

●

●
...
BrowserID module
●

●

●

●

Authentication database only
Mozilla Persona: implementation of a distributed login
system ba...
WebID module
●

●

FOAF

Invented by a community group at W3C

Public Key WebID = URI that refers to a person
→ uniquely i...
Google module
●

Authentication and users databases

●

Users log in with Google authentication process

●

LemonLDAP uses...
Facebook module
●

More than 1.1 billion users in the world

●

Authentication and users databases

●

Oauth2 as authoriza...
JSON file configuration backend
●

●

"JavaScript Object Notation"
Generic data format allowing to represent structured
in...
And much more...
●

Captcha
●

Can be used
At user connection
– In mail reset component
Extra control to ensure one is hum...
What's next ?
●
●

●

Configuration and cache optimization
Code refactoring with Moose/Mouse for a
better OO code
Handler ...
The end... almost

www.ow2.org

Twitter #ow2con
Thanks
●

Thanks to:
●
●

LINAGORA company

●

●

OW2 Con organizers
LemonLDAP::NG and Perl community

Stay in touch:
●

I...
Questions?

www.ow2.org

Twitter #ow2con
Prochain SlideShare
Chargement dans…5
×

LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.

4 252 vues

Publié le

LemonLDAP::NG is a FOSS for WebSSO, access management and identity federation developed since 2005. Its community is active and regurlarly proposes new versions. This software provides many functionalities: * Multi-domain SSO * Configuration and session management * Form replay * Protocols support : LDAP, CAS, OpenID, SAML, Radius * Authentication methods chaining * Applications portal * Password management * Notifications * Connection history management * Put an application in maintenance state * Inserting a menu on protected applications LemonLDAP::NG can be used as a gateway between many authentifcation protocoles, for example : * Provide identity trough SAML after an LDAP authentication * Provide identity trough CAS after an OpenID authentication * Provide identity trough OpenID after a Twitter authentication LemonLDAP::NG is a efficient mean to link Saas applications to internal applications, all relying on the authentication of the enterprise directory.

Publié dans : Technologie
  • Identifiez-vous pour voir les commentaires

  • Soyez le premier à aimer ceci

LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.

  1. 1. LemonLDAP::NG 1.3 David Coutadeur New features of LemonLDAP::NG 1.3 www.ow2.org Twitter #ow2con
  2. 2. About the speaker www.ow2.org Twitter #ow2con
  3. 3. David Coutadeur ● LDAP engineer since 2010 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration ● Integrator for LinID solutions http://linid.org ● Member of the LTB team http://ltb-project.org ● Member of the LSC team http://lsc-project.org ● Member of LemonLDAP::NG project core-team http://lemonldap-ng.org www.ow2.org Twitter #ow2con
  4. 4. LemonLDAP::NG www.ow2.org Twitter #ow2con
  5. 5. Components ● LemonLDAP::NG main components: ● ● ● Portal: authentication process, user interaction, application menu, password change form Manager: configuration interface, sessions explorer Handler: Apache agent, manage access authorizations ● Perl, only Perl, just Perl ● Relies on Apache and mod_perl www.ow2.org Twitter #ow2con
  6. 6. Follow the white request www.ow2.org Twitter #ow2con
  7. 7. What's new ? ● FastCGI Portal ● Authentication/user modules: – – – – – Active Directory, BrowserID, WebID, Google, Facebook ● JSON file configuration backend ● Captcha ● Aliases for virtual hosts ● CLI LemonLDAP Manager www.ow2.org Twitter #ow2con
  8. 8. FastCGI Portal ● ● ● CGI interfaces applications to web servers FastCGI reduces overhead thanks to persistent processes, joined by a socket or TCP connexion LemonLDAP::NG CGIs can now be easily extended to FastCGI: Manager (not so useful) – Portal Improves response time – ● ● Scalability not tested yet (cgi farm servers) www.ow2.org Twitter #ow2con
  9. 9. Active Directory module ● ● Active Directory is a "special" LDAP directory AD module is nearly the same as LDAP ● ● ● Specific default values for filters to match AD schema Compatible password modification Reset password on next logon workflow www.ow2.org Twitter #ow2con
  10. 10. BrowserID module ● ● ● ● Authentication database only Mozilla Persona: implementation of a distributed login system based on BrowserID protocol Similar to OpenID BrowserID based on email address / OpenID based on a complicated URL ● Cross-browser (if recent) ● Public key cryptography ● Involves users, Relying Parties, and Identity Providers www.ow2.org Twitter #ow2con
  11. 11. WebID module ● ● FOAF Invented by a community group at W3C Public Key WebID = URI that refers to a person → uniquely identifies a user by his relation to a public key e.g. https://mywebsite.net/#dco ● ● ● ● WebID protocol is based on these URIs and a client certificate You may already have one! By joining a social network site: Libre.fm, MyOpera, Twitter URI can be linked to other profiles, to create a linked web of trust FOAF sites: store Friend of a a friend datas can provision users module in LemonLDAP::NG www.ow2.org Twitter #ow2con
  12. 12. Google module ● Authentication and users databases ● Users log in with Google authentication process ● LemonLDAP uses OpenID protocol to trust the latter ● OpenID ● ● ● ● decentralized authentication system based on URL, involving Providers, Relying parties and users, user chooses what data he wants to be accessible for each RP Mail used as login name A few data available: country, email, firstname, language, lastname www.ow2.org Twitter #ow2con
  13. 13. Facebook module ● More than 1.1 billion users in the world ● Authentication and users databases ● Oauth2 as authorization protocol (no authentication) ● Oauth2 – – Based on access and refresh tokens exchanged between client application and resource server Binding between LemonLDAP (client) and Facebook (resource server) is done by getting an application ID and a secret www.ow2.org Twitter #ow2con
  14. 14. JSON file configuration backend ● ● "JavaScript Object Notation" Generic data format allowing to represent structured information ● Configuration stored in a more readable way ● Can be shared by – – any files sharing system (NFS, NAS, SAN,…) SOAP configuration backend proxy www.ow2.org Twitter #ow2con
  15. 15. And much more... ● Captcha ● Can be used At user connection – In mail reset component Extra control to ensure one is human – ● ● Aliases for virtual hosts ● ● Allows numerous vhosts creation owning same headers and same protection rules CLI LemonLDAP Manager ● Tool to manage LemonLDAP configuration with the command line www.ow2.org Twitter #ow2con
  16. 16. What's next ? ● ● ● Configuration and cache optimization Code refactoring with Moose/Mouse for a better OO code Handler modularization ● compatibility with apache MPM-event or Nginx ? www.ow2.org Twitter #ow2con
  17. 17. The end... almost www.ow2.org Twitter #ow2con
  18. 18. Thanks ● Thanks to: ● ● LINAGORA company ● ● OW2 Con organizers LemonLDAP::NG and Perl community Stay in touch: ● IRC: stryg #lemonldap-ng@freenode www.ow2.org Twitter #ow2con
  19. 19. Questions? www.ow2.org Twitter #ow2con

×