l e m o n l d a p n g 2 0 f f o o s s d d e e m m 2 2 0 0
play

L E M O N L D A P : : N G 2 . 0 F F O O S S D - PowerPoint PPT Presentation

Aug 08, 2023 •255 likes •558 views

L E M O N L D A P : : N G 2 . 0 F F O O S S D D E E M M 2 2 0 0 1 1 9 9 F F O O S S D D E E M M 2 2 0 0 1 1 9 9 i n f o @ w o r t e k s . c o m L e mo n L D A P : : N

  1. L E M O N L D A P : : N G 2 . 0 F F O O S S D D E E M M 2 2 0 0 1 1 9 9 F F O O S S D D E E M M 2 2 0 0 1 1 9 9 i n f o @ w o r t e k s . c o m

  2. L e mo n L D A P : : N G S o f t w a r e 2 0 3 / 0 2 / 1 9

  3. S S O Wo r k fl o w 2 . A u t h e n t i c a t i o n 1 . F i r s t a c c e s s 3 . S e n d S S O T o k e n 4 . V a l i d a t e S S O t o k e n A u t h e n t i c a t i o n T r u s t l i n k A p p l i c a t i o n P o r t a l 3 0 3 / 0 2 / 1 9

  4. H i s t o r y S e c o n d f a c t o r s ( 2 F A ) V e r s i o n 2 . 0 P r o t o c o l O p e n I D C o n n e c t P r o t o c o l s C A S , S A M L 2 0 1 8 a n d O p e n I D V e r s i o n 1 . 0 2 0 1 6 F o r k – v e r s i o n N G P r o j e c t c r e a t i o n 2 0 1 0 2 0 0 6 2 0 0 3 4 0 3 / 0 2 / 1 9

  5. M a i n f e a t u r e s ● Web Single Sign On ● Access control ● Applications portal ● Authentication modules choice and chain ● Password management, account creation ● Multi-factor authentication (MFA) ● Protection of Web applications and API/WebServices ● Graphical customisation ● Packages for Debian/Ubuntu/RHEL/CentOS 5 0 3 / 0 2 / 1 9

  6. L o g i n p a g e 6 0 3 / 0 2 / 1 9

  7. P o r t a l w i t h a p p l i c a t i o n me n u 7 0 3 / 0 2 / 1 9

  8. We b A d mi n i s t r a t i o n i n t e r f a c e 8 0 3 / 0 2 / 1 9

  9. C o mma n d L i n e I n t e r f a c e 9 0 3 / 0 2 / 1 9

  10. F r e e S o f t w a r e ● License GPL ● OW2 project ● Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng ● Site: https://lemonldap-ng.org ● OW2 Community Award in 2014 ● SSO component of FusionIAM project: https://fusioniam.org/ 1 0 0 3 / 0 2 / 1 9

  11. C o mp o n e n t r o l e s P o r t a l C A S A p p l i c a t i o n S O A P / R E S T S e s s i o n S A M L S e l f S e r v i c e s me n u s e r v e r ma n a g e me n t O p e n I D C o n n e c t M a n a g e r H a n d l e r C o n fi g u r a t i o n s S e s s i o n s A c c e s s C o n t r o l S S O a a S We b S e r v i c e N o t i fi c a t i o n s S e c o n d f a c t o r s C o n fi g u r a t i o n s S e s s i o n s C u s t o m T o k e n 1 1 0 3 / 0 2 / 1 9

  12. H o w w o r k s t h e a g e n t ( H a n d l e r ) 1 2 0 3 / 0 2 / 1 9

  13. We b a p p l i c a t i o n A u t h e n t i c a t i o n S S O c o o k i e S e s s i o n c r e a t i o n P o r t a l S e s s i o n r e a d H a n d l e r S e s s i o n s H T T P h e a d e r s We b A p p l i c a t i o n 1 3 0 3 / 0 2 / 1 9

  14. P r o t o c o l s C A S , S A M L a n d O p e n I D C o n n e c t 1 4 0 3 / 0 2 / 1 9

  15. M a i n f e a t u r e s ● LL::NG can act as client and as server ● Attributes sharing ● Manage authentication contexts and levels ● Autogeneration of public/private keys ● Access control per services ● Publication of configuration data (metadata) ● Multi-protocols gateway ● Single logout 1 5 0 3 / 0 2 / 1 9

  16. N e w i n L e mo n L D A P : : N G 2 . 0 1 6 0 3 / 0 2 / 1 9

  17. S e c o n d F a c t o r A u t h e n t i c a t i o n ( 2 F A ) ● LemonLDAP::NG can use the following 2FA: TOTP ● U2F ● TOTP or U2F ● External ● REST ● Yubikey ● 1 7

  18. C o n fi g u r a t i o n b a c k e n d s ● Already existing backends: JSON file ● Database ● LDAP ● NoSQL (MongoDB) ● SOAP ● ● New backends: YAML file ● REST ● Local (no backend, only lemonldap-ng.ini file) ● 1 8 0 3 / 0 2 / 1 9

  19. N o d e J S H a n d l e r ● Native integration in Express application ● Rules and headers configured in Javascript ● https://github.com/LemonLDAPNG/node-lemonldap-ng-handler npm install node-lemonldap-ng-handler 1 9 0 3 / 0 2 / 1 9

  20. D e v O p s ( S S O a s a S e r v i c e ) ● Authentication managed by portal ● Access control and HTTP headers configuration set in a local JSON file ● Allow quick applications deployement without need to edit main SSO configuration 2 0 0 3 / 0 2 / 1 9

  21. D e v O p s ( S S O a s a S e r v i c e ) A u t h e n t i c a t i o n S S O c o o k i e S e s s i o n c r e a t i o n P o r t a l S e s s i o n r e a d H a n d l e r A c c e s s r u l e s E x p o r t e d h e a d e r s S e s s i o n s H T T P h e a d e r s r u l e s We b A p p l i c a t i o n . j s o n 2 1 0 3 / 0 2 / 1 9

  22. A P I / We b S e r v i c e p r o t e c t i o n ● New Handler "Service Token" installed between application and WebService ● Main Handler generates a token based on time session_id and virtual hosts ● The token is sent by application to WebService ● The Handler "Service Token" intercepts the token, validates it and apply access rules, and sent HTTP headers to WebService 2 2 0 3 / 0 2 / 1 9

  23. A P I – S e r v i c e T o k e n S S O c o o k i e A u t h e n t i c a t i o n S e s s i o n r e a d H a n d l e r S e s s i o n c r e a t i o n P o r t a l S e s s i o n s H T T P h e a d e r s S e s s i o n r e a d T o k e n H T T P h e a d e r s We b S e r v i c e H a n d l e r T o k e n We b A p p l i c a t i o n S e r v i c e T o k e n 2 3 0 3 / 0 2 / 1 9

  24. A u t h e n t i fi c a t i o n mo d u l e s ● New modules: PAM ● REST ● Kerberos (GSSAPI) ● CAS (attributes reading) ● ● Multi is replaced by Combination ● Custom module 2 4 0 3 / 0 2 / 1 9

  25. A d mi n i s t r a t i o n i n t e r f a c e ● Configurations comparator: differences between two configurations are displayed in a tree ● Second factors administration (search, revoke) ● Sort sessions by creation date or modification date 2 5 0 3 / 0 2 / 1 9

  26. R E N A T E R / e d u G A I N ● Support of RENATER / eduGAIN via SAML2: Service Provider ● Identity Provider ● ● Call to Identity Provider selection page (WAYF) via SAML Discovery Protocol ● Metadata bulk import script 2 6 0 3 / 0 2 / 1 9

  27. P l u g i n e n g i n e ● Portal code was fully rewritten, and it now allows to write plugins ● Plugin examples, provided by default: Auto Signin: direct authentication for some IP ● Brute Force: protect against brute-force attacks ● Stay Connected: "remember me" button ● Public Pages: create static pages using portal skin ● ● Write a custom plugin: https://lemonldap-ng.org/documentation/latest/plugincustom 2 7 0 3 / 0 2 / 1 9

  28. O t h e r n e w f e a t u r e s ● A user can refresh rights without disconnect/reconnect ● REST services for configurations and sessions ● Select language before authentication ● New graphical theme built with Bootstrap 4 ● Logo customization (used in graphical theme and sent mails) ● Log system choice (syslog, Apache, Log4Perl, Sentry...) 2 8 0 3 / 0 2 / 1 9

  29. T H A N K S P o u r p l u s d ’ i n f o r m a t i o n s : i n f o @ w o r t e k s . c o m @ w o r t e k s _ c o m 2 9 2 9 l i n k e d i n . c o m / c o mp a n y / w o r t e k s

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SQL for the IoT Move the query to the data, not the data to the query. Internals Why Do You

SQL for the IoT Move the query to the data, not the data to the query. Internals Why Do You

SQL for the IoT Move the query to the data, not the data to the query. Internals Why Do You Care? So you can better understand what your query is doing. So that you can appreciate how much work the database is saving you. So that

1.24k views • 99 slides
ARI SCHOOLS, ANKARA, TURKEY Last year, we started this project in our college. We are guided

ARI SCHOOLS, ANKARA, TURKEY Last year, we started this project in our college. We are guided

DERYA YAH ARI SCHOOLS, ANKARA, TURKEY Last year, we started this project in our college. We are guided by Hacettepe University during our meetings which we did every two weeks. Basicly, our meetings were about ; discuss the problems of

533 views • 21 slides
ADVERSE SELECTION CONCEPTS Economic transaction between M and L M has more info. than L about

ADVERSE SELECTION CONCEPTS Economic transaction between M and L M has more info. than L about

ECO 305 FALL 2003 December 9 ADVERSE SELECTION CONCEPTS Economic transaction between M and L M has more info. than L about some relevant aspect usually Ms own skill, health, preferences etc. M wants to reveal info. if good

602 views • 8 slides
Probability and Statistics for Computer Science (II)

Probability and Statistics for Computer Science (II)

Probability and Statistics for Computer Science (II) Probabilis+c analysis is mathema+cal, but intui+on dominates and guides the math Prof.

761 views • 64 slides
Gamification and libraries. Andrew Walsh Dublin, November 2012 University of Huddersfield

Gamification and libraries. Andrew Walsh Dublin, November 2012 University of Huddersfield

Lemons, badges, fun and games: Gamification and libraries. Andrew Walsh Dublin, November 2012 University of Huddersfield Academic Librarian University Teaching Fellow National Teaching Fellow @andywalsh999 From: Arizona State Universities

198 views • 18 slides
Obj Att Val An Example Semantic Network building comp_sci lemon_laptop_10000 r107

Obj Att Val An Example Semantic Network building comp_sci lemon_laptop_10000 r107

Semantics Networks When you only have one relation, prop , it can be omitted without loss of information. Write prop ( Obj , Att , Value ) as Obj Att Val An Example Semantic Network building comp_sci lemon_laptop_10000 r107

275 views • 8 slides
Smart Ticketing on Buses in Brighton & Hove Phase 2 research findings Prepared for: Transport

Smart Ticketing on Buses in Brighton & Hove Phase 2 research findings Prepared for: Transport

Smart Ticketing on Buses in Brighton & Hove Phase 2 research findings Prepared for: Transport Focus Date: December 2015 PREPARED BY ILLUMINAS a global team based in London, New York and Austin Prepared in compliance with the International

467 views • 29 slides
Peaches, Lemons, and Cookies: Designing Auction Markets with Dispersed Information Moshe

Peaches, Lemons, and Cookies: Designing Auction Markets with Dispersed Information Moshe

Peaches, Lemons, and Cookies: Designing Auction Markets with Dispersed Information Moshe Babaioff (Microsoft Research) Joint work with Ittai Abraham (Microsoft Research), Susan Athey (Harvard & Microsoft) Michael Grubb (MIT) Innovations

636 views • 44 slides
Choosing Objects and Relations How to represent: Pen #7 is red. 2 Its easy to ask

Choosing Objects and Relations How to represent: Pen #7 is red. 2 Its easy to ask

Choosing Objects and Relations How to represent: Pen #7 is red. 2 Its easy to ask Whats red? Cant ask what is the color of pen 7 ? 3 Its easy to ask Whats red? Its easy to ask What is the color

311 views • 16 slides
Ontologies and Knowledge-based Systems Is there a flexible way to represent relations? How can

Ontologies and Knowledge-based Systems Is there a flexible way to represent relations? How can

Ontologies and Knowledge-based Systems Is there a flexible way to represent relations? How can knowledge bases be made to interoperate semantically? D. Poole and A. Mackworth 2017 c Artificial Intelligence, Lecture 14.1, Page 1 1 / 12

336 views • 18 slides
Lemonade Profile and Related Mobile Drafts Stphane H. Maes stephane.maes@oracle.com

Lemonade Profile and Related Mobile Drafts Stphane H. Maes stephane.maes@oracle.com

IETF 60 Lemonade San Diego, CA August 2004 Lemonade Profile and Related Mobile Drafts Stphane H. Maes stephane.maes@oracle.com Overview of Drafts IMAP profile draft-ietf-lemonade-profile-00.txt Server-client

551 views • 12 slides
Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10,

Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10,

Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10, page 1 Model Checking in Practice System behaviour: what is possible in our model? We will use the language Promela to specify behaviour

341 views • 18 slides
Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University

Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University

Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University Daniel Olm edilla L3S Research Center Frank SiebenList Argonne National Laboratory 8 th IEEE POLICY Bologna, Italy, 15 th June 20 0 7 Outline

414 views • 19 slides
QC ARCHITECTURE: WHEN LIFE GIVES YOU LEMONS University of Michigan LEMONS LEMONADE

QC ARCHITECTURE: WHEN LIFE GIVES YOU LEMONS University of Michigan LEMONS LEMONADE

Igor L. Markov QC ARCHITECTURE: WHEN LIFE GIVES YOU LEMONS University of Michigan LEMONS LEMONADE Traditional digital systems Qubit systems Huge numbers of fast gates and wires Very few, flaky gates; so-so interconnect of

765 views • 14 slides
by Rich Mayorga Awards are fine; they do NOT = respect Speak the truth, model, vote,

by Rich Mayorga Awards are fine; they do NOT = respect Speak the truth, model, vote,

by Rich Mayorga Awards are fine; they do NOT = respect Speak the truth, model, vote, volunteer Teacher respect for me = AP facilitator Our kids are not capable, is not just Create programs for all levels of kids

379 views • 15 slides
SIKS tutorial Agent Systems Multi-agent learning Gerard Vreeswijk Intelligent Systems

SIKS tutorial Agent Systems Multi-agent learning Gerard Vreeswijk Intelligent Systems

Introduction Cournot dynamics Alternative Cournot dynamics SIKS tutorial Agent Systems Multi-agent learning Gerard Vreeswijk Intelligent Systems Group, Computer Science Department Faculty of Sciences, Utrecht University, The Netherlands

1.45k views • 141 slides
2020-2021 - Captn Rob, Dr. Rob or Mixologist Rob? July 7,2020 Stage setting Optimism -

2020-2021 - Captn Rob, Dr. Rob or Mixologist Rob? July 7,2020 Stage setting Optimism -

2020-2021 - Captn Rob, Dr. Rob or Mixologist Rob? July 7,2020 Stage setting Optimism - Glass Half-full Victim versus forward thinking (HBR On Mental Toughness) Public health reality Awesome Strategic Plan in our pocket 2

404 views • 23 slides
1 Multi-armed bandit problem A natural generalization Exponential Weights for Exploration and

1 Multi-armed bandit problem A natural generalization Exponential Weights for Exploration and

Recap No - regret algorithms for repeated decisions: Algorithm has N options. World chooses cost vector. Online Learning Can view as matrix like this (maybe infinite # cols) World life - fate Algorithm At each time step,

348 views • 6 slides
Introduction to IO Study the functioning of markets. 1 Historical development of IO 2 waves:

Introduction to IO Study the functioning of markets. 1 Historical development of IO 2 waves:

Introduction to IO Study the functioning of markets. 1 Historical development of IO 2 waves: 1. Harvard Tradition (J. Bain (1956, 1959) and E. Mason (1939, 1949)) is more empirical. Structure - Conduct - Performance paradigm.

462 views • 14 slides
Plagiarizing: Sylvain Bouveret and Jrme Lang, Tutorial on Graphical Preference Representation

Plagiarizing: Sylvain Bouveret and Jrme Lang, Tutorial on Graphical Preference Representation

Preferences for Fair Division Jrme Lang LAMSADE, CNRS / Universit Paris-Dauphine COST Summer School on Fair Division Grenoble, July 1317, 2015 Plagiarizing: Sylvain Bouveret and Jrme Lang, Tutorial on Graphical Preference

1.32k views • 120 slides
Action and Human-Robot Interaction Ron Petrick Edinburgh Centre for Robotics & Department

Action and Human-Robot Interaction Ron Petrick Edinburgh Centre for Robotics & Department

Epistemic Planning for Task-Based Action and Human-Robot Interaction Ron Petrick Edinburgh Centre for Robotics & Department of Computer Science Heriot-Watt University, Edinburgh, UK R.Petrick@hw.ac.uk http://petrick.uk/ Sapienza

637 views • 40 slides
Memberships Lets go back to June/July 2016... Newly ConvertKit Certified Expert

Memberships Lets go back to June/July 2016... Newly ConvertKit Certified Expert

Memberships Lets go back to June/July 2016... Newly ConvertKit Certified Expert Working as a Tech VA Mostly hourly, but had started to offer ConvertKit migrations and other package work Lots of requests to create a ConvertKit

468 views • 35 slides
Machine Learning and Social Participation Hello! We are Marlia Monteiro and Yasodara

Machine Learning and Social Participation Hello! We are Marlia Monteiro and Yasodara

Machine Learning and Social Participation Hello! We are Marlia Monteiro and Yasodara Crdova a lawyer & a web specialist We <3 technology and public policies ! You can find us at: @mmariliaa0 m.monteiro@mpp.hertie-school.org

552 views • 18 slides
Regulating Menthol Tobacco Products: The Current Policy Landscape Tobacco Policy Webinar

Regulating Menthol Tobacco Products: The Current Policy Landscape Tobacco Policy Webinar

Regulating Menthol Tobacco Products: The Current Policy Landscape Tobacco Policy Webinar Series February 26, 2016 Tobacco Control Legal Consortium A"orneys suppor,ng tobacco control policy change.

598 views • 49 slides

More recommend