Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
WebSSO and Access Management LemonLDAP::NG Clément OUDOT
<ul><li>Single Sign On and Access Management
LemonLDAP::NG
Demonstration </li></ul>Table of contents
Single Sign On <ul><li>SSO is designed for users: </li><ul><li>One login/password to remember (or even better with physica...
One authentication screen for all applications </li></ul><li>SSO can also provides: </li><ul><li>A dynamic list of authori...
A single access point (portal) to information system </li></ul></ul>
Access Management <ul><li>Access Management is designed for system administrators: </li><ul><li>Single point of authentica...
Set access rights to applications
Use enterprise directory for authentication and authorization </li></ul></ul>
Enterprise SSO
Delegation SSO
Reverse-proxy SSO
LemonLDAP::NG <ul><li>LemonLDAP::NG is a free WebSSO project: </li><ul><li>GPL licence
OW2 Forge:  http://lemonldap.ow2.org </li></ul><li>Use standard Apache2 installation
Use mod_perl to hook Apache requests
Provides: </li><ul><li>Portal with dynamic application list
Prochain SlideShare
Chargement dans…5
×

WebSSO and Access Management with LemonLDAP::NG

3 327 vues

Publié le

Publié dans : Technologie, Formation
  • Identifiez-vous pour voir les commentaires

  • Soyez le premier à aimer ceci

WebSSO and Access Management with LemonLDAP::NG

  1. 1. WebSSO and Access Management LemonLDAP::NG Clément OUDOT
  2. 2. <ul><li>Single Sign On and Access Management
  3. 3. LemonLDAP::NG
  4. 4. Demonstration </li></ul>Table of contents
  5. 5. Single Sign On <ul><li>SSO is designed for users: </li><ul><li>One login/password to remember (or even better with physical token)
  6. 6. One authentication screen for all applications </li></ul><li>SSO can also provides: </li><ul><li>A dynamic list of authorized applications
  7. 7. A single access point (portal) to information system </li></ul></ul>
  8. 8. Access Management <ul><li>Access Management is designed for system administrators: </li><ul><li>Single point of authentication (easy to audit)
  9. 9. Set access rights to applications
  10. 10. Use enterprise directory for authentication and authorization </li></ul></ul>
  11. 11. Enterprise SSO
  12. 12. Delegation SSO
  13. 13. Reverse-proxy SSO
  14. 14. LemonLDAP::NG <ul><li>LemonLDAP::NG is a free WebSSO project: </li><ul><li>GPL licence
  15. 15. OW2 Forge: http://lemonldap.ow2.org </li></ul><li>Use standard Apache2 installation
  16. 16. Use mod_perl to hook Apache requests
  17. 17. Provides: </li><ul><li>Portal with dynamic application list
  18. 18. Graphical management interface
  19. 19. Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.) </li></ul></ul>
  20. 20. Architecture overview
  21. 21. How it works
  22. 22. Some screen shots
  23. 23. LDAP forever <ul><li>LemonLDAP::NG can use LDAP for: </li><ul><li>Authentication
  24. 24. Authorization
  25. 25. Password modification
  26. 26. Groups
  27. 27. Configuration storage
  28. 28. Session storage </li></ul></ul>
  29. 29. LDAP password policy <ul><li>LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP): </li><ul><li>Display if account is locked or expired
  30. 30. Display warning time and graces remaining
  31. 31. Force password change after reset
  32. 32. Show constraints error on password modification (size, history, etc.) </li></ul></ul>
  33. 33. Authentication backends <ul><li>LemonLDAP::NG can use several authentication backends: </li><ul><li>LDAP (the default)
  34. 34. SSL (through Apache)
  35. 35. Kerberos (through Apache)
  36. 36. CAS
  37. 37. Liberty Alliance (replaced soon by SAML2)
  38. 38. Any other Apache authentication methods
  39. 39. SOAP (portal chaining) </li></ul></ul>
  40. 40. More features <ul><li>Application provisioning trough HTTP headers
  41. 41. Logon hours with time zone management
  42. 42. RBAC model
  43. 43. Cross-domain
  44. 44. Session sharing over network
  45. 45. HTTP Basic authentication forward
  46. 46. Password reset by mail
  47. 47. Notifications
  48. 48. Active Directory support </li></ul>
  49. 49. Full integrated applications
  50. 50. Thank you for your attention Visit us at our stand 107 - hall 7.2b

×