Full AAA protection

LemonLDAP::NG provides authentication (LDAP, Active Directory, Kerberos, Database, SSL, Social Networks, CAS, SAML, OpenID Connect, ...), authorization (access rules for applications based on attributes and groups) and accounting (user identity in logs).

  • Authentication
  • Authorization
  • Accounting
LemonLDAP::NG components


LemonLDAP::NG relies on backends (files, databases, NoSQL) to store configuration and sessions. The Portal is the visible part, it displays the authentication screen and the menu, implements the standard protocols (CAS, SAML and OpenID Connect). The Manager is the administration interface. For applications working with HTTP headers for SSO, the Handler can be configured.

Read full presentation

Identity Federation

LemonLDAP::NG implements main SSO standards and can be used as gateway between these protocols

  • CAS

    CAS v1, v2 and v3
    Attributes sharing
    Access rules

  • SAML

    SSO, SLO and AA
    Metadata import and export
    Discovery Protocol (WAYF)
    Compatibility with Renater and EduGain

  • OpenID Connect

    Authorization Code, Implicit and Hybrid flows
    Mobile applications and public clients
    Extra claims definition
    Front and back channel logout
    OAuth2 tokens

  • ANSSI OpenID Connect

    Compliance with ANSSI security guidelines

    ANSSI logo