If you can't read please download the document
Upload
clement-oudot
View
2.954
Download
0
Embed Size (px)
Citation preview
Groupe LINAGORA
WebSSO and Access Management
LemonLDAP::NG
Clment OUDOT
Single Sign On and Access Management
LemonLDAP::NG
Demonstration
Table of contents
Single Sign On
SSO is designed for users:One login/password to remember (or even better with physical token)
One authentication screen for all applications
SSO can also provides:A dynamic list of authorized applications
A single access point (portal) to information system
Access Management
Access Management is designed for system administrators:Single point of authentication (easy to audit)
Set access rights to applications
Use enterprise directory for authentication and authorization
Enterprise SSO
Delegation SSO
Reverse-proxy SSO
LemonLDAP::NG
LemonLDAP::NG is a free WebSSO project:GPL licence
OW2 Forge: http://lemonldap.ow2.org
Use standard Apache2 installation
Use mod_perl to hook Apache requests
Provides:Portal with dynamic application list
Graphical management interface
Wide integration (LDAP, Kerberos, SQL, CAS, SSL, SOAP, etc.)
Architecture overview
How it works
Some screen shots
LDAP forever
LemonLDAP::NG can use LDAP for:Authentication
Authorization
Password modification
Groups
Configuration storage
Session storage
LDAP password policy
LemonLDAP::NG is compatible with the draft of LDAP password policy (overlay ppolicy in OpenLDAP):Display if account is locked or expired
Display warning time and graces remaining
Force password change after reset
Show constraints error on password modification (size, history, etc.)
Authentication backends
LemonLDAP::NG can use several authentication backends:LDAP (the default)
SSL (through Apache)
Kerberos (through Apache)
CAS
Liberty Alliance (replaced soon by SAML2)
Any other Apache authentication methods
SOAP (portal chaining)
More features
Application provisioning trough HTTP headers
Logon hours with time zone management
RBAC model
Cross-domain
Session sharing over network
HTTP Basic authentication forward
Password reset by mail
Notifications
Active Directory support
Full integrated applications
Thank you for your attention
Visit us at our stand 107 - hall 7.2b
Cliquez pour diter le format du texte-titre
From 24th to 27th June 2009
www.linagora.com / www.obm.org / www.08000linux.com / www.job.linagora.com
/home/clement/Documents/Linagora/Conferences/2009_LinuxTag/LinuxTag_2009_WebSSO.odp
Cliquez pour diter le format du plan de texteSecond niveau de planTroisime niveau de planQuatrime niveau de planCinquime niveau de planSixime niveau de planSeptime niveau de planHuitime niveau de planNeuvime niveau de plan
titre