Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

[OW2Con 2015] LemonLDAP::NG 2.0 overview

Ad

LemonLDAP::NG 2.0 overview
@clementoudot

Ad

2
Clément OUDOT
http://sflx.ca/coudot
● Founded in 1999
● >100 persons
● Montréal, Quebec City, Ottawa, Paris
● ISO 9001:2...

Ad

LemonLDAP::NG Presentation

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Prochain SlideShare
The OpenID Connect Protocol
The OpenID Connect Protocol
Chargement dans…3
×

Consultez-les par la suite

1 sur 24 Publicité
1 sur 24 Publicité

[OW2Con 2015] LemonLDAP::NG 2.0 overview

Télécharger pour lire hors ligne

Presentation of LemonLDAP::NG project and news of the next release (2.0) : AngularJS Manager, CAS attributes and OpenID Connect support.

Presentation of LemonLDAP::NG project and news of the next release (2.0) : AngularJS Manager, CAS attributes and OpenID Connect support.

Publicité
Publicité

Plus De Contenu Connexe

Les utilisateurs ont également aimé (19)

Publicité

Similaire à [OW2Con 2015] LemonLDAP::NG 2.0 overview (20)

Publicité

[OW2Con 2015] LemonLDAP::NG 2.0 overview

  1. 1. LemonLDAP::NG 2.0 overview @clementoudot
  2. 2. 2 Clément OUDOT http://sflx.ca/coudot ● Founded in 1999 ● >100 persons ● Montréal, Quebec City, Ottawa, Paris ● ISO 9001:2004 / ISO 14001:2008 ● contact@savoirfairelinux.com
  3. 3. LemonLDAP::NG Presentation
  4. 4. 4 Some history 2003 2006 2010 2014 Project creation NG version V 1.0 SAML CAS OpenID V 1.4 V 2.0 OpenID Connect 2016
  5. 5. 5 Single Sign On User Web Application WebSSO Portal 1 2 3
  6. 6. 6 Access Control User Web Application 1 SSO 2 Authorization 3
  7. 7. 7 Components CommonCommon ManagerManager HandlerHandler PortalPortal Administration interface User interactions Applications protection
  8. 8. 8 Authentication backends LDAPLDAP ADAD ApacheApache SAMLSAML CASCAS RadiusRadius OpenIDOpenID WebIDWebID BrowserBrowser IDID DBIDBI YubikeyYubikey
  9. 9. 9 Self Service PasswordPassword changechange PasswordPassword resetreset AccountAccount CreationCreation
  10. 10. 10 Identity protocols gateway SAMLSAMLCASCAS OpenIDOpenID
  11. 11. Overview of version 2.0
  12. 12. 12 AngularJS Manager ● FrontEnd written with AngularJS ● Responsive design ● Configuration data as JSON ● Import/Export feature ● Edition of multiple values on the same screen ● Possibility to set a log message on save
  13. 13. 13
  14. 14. 14 Handler API ● No more direct link between Handler and mod_perl ● Creation of an internal API, with implementations: – Apache mod_perl 1 – Apache mod_perl 2 – CGI – Nginx – PSGI
  15. 15. 15 Portal skin background
  16. 16. 16 CAS attributes exchange ● Conform to CAS 3.0 standard ● Returns attributes in service ticket validation response, inside <cas:attributes> ● Compatible with phpCAS::getAttributes() function
  17. 17. 17 OpenID Connect ● Based on OAuth 2.0 / JOSE ● Specific scope “openid” to receive an ID token ● User consent required to share its identity ● Access token delivered to request UserInfo endpoint ● Already used by Google to manage authentication
  18. 18. 18 Roles Resource owner (end-user) Client (third-party) Authorization Server Resource Server
  19. 19. 19 Authorization Request Authorization Grant Authorization Grant Access Token Access Token Protected Resource
  20. 20. 20 RPRP OPOP (1) AuthN Request (2) AuthN & AuthZ (3) AuthN Response (4) UserInfo Request (5) UserInfo Response
  21. 21. 21 http://jwt.io/
  22. 22. 22
  23. 23. 23 France Connect ● French administration choose OpenID Connect for its next generation authentication platform ● LemonLDAP::NG 2.0 : – Can be client of France Connect: users will be able to sign with their France Connect identity – Can be provider of France Connect: France Connect can delegate authentication to LemonLDAP::NG
  24. 24. Thanks for your attention @clementoudot http://sflx.ca/coudot

×