WebSSO and Access Management with LemonLDAP::NG


Citation preview


WebSSO and Access Management

Clment OUDOT

Single Sign On and Access Management



Table of contents

Single Sign On

SSO is designed for users:One login/password to remember (or even better with physical token)

One authentication screen for all applications

SSO can also provides:A dynamic list of authorized applications

A single access point (portal) to information system

Access Management

Access Management is designed for system administrators:Single point of authentication (easy to audit)

Set access rights to applications

Use enterprise directory for authentication and authorization

Enterprise SSO

Delegation SSO

Reverse-proxy SSO


LemonLDAP::NG is a free WebSSO project:GPL licence

OW2 Forge: http://lemonldap.ow2.org

Use standard Apache2 installation

Use mod_perl to hook Apache requests

Provides:Portal with dynamic application list

Graphical management interface

Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.)

Architecture overview

How it works

Some screen shots

LDAP forever

LemonLDAP::NG can use LDAP for:Authentication


Password modification


Configuration storage

Session storage

LDAP password policy

LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP):Display if account is locked or expired

Display warning time and graces remaining

Force password change after reset

Show constraints error on password modification (size, history, etc.)

Authentication backends

LemonLDAP::NG can use several authentication backends:LDAP (the default)

SSL (through Apache)

Kerberos (through Apache)


Liberty Alliance (replaced soon by SAML2)

Any other Apache authentication methods

SOAP (portal chaining)

More features

Application provisioning trough HTTP headers

Logon hours with time zone management

RBAC model


Session sharing over network

HTTP Basic authentication forward

Password reset by mail


Active Directory support

Full integrated applications

Thank you for your attention

Visit us at our stand 107 - hall 7.2b

Cliquez pour diter le format du texte-titre

From 24th to 27th June 2009

www.linagora.com / www.obm.org / www.08000linux.com / www.job.linagora.com


Cliquez pour diter le format du plan de texteSecond niveau de planTroisime niveau de planQuatrime niveau de planCinquime niveau de planSixime niveau de planSeptime niveau de planHuitime niveau de planNeuvime niveau de plan

