LL::NG as federation protocol proxy

LL::NG can use federation protocols (SAML, CAS, OpenID) independently to:

  • authenticate users
  • provide identities to other systems

So you can configure it to authenticate users using a federation protocol and simultaneously to provide identities using other(s) federation protocols.

Schemes tested:

  • SAML / OpenID-Connect:
  • SAML / CAS
    • SAML-SP LLNG as SAML/CAS proxy CAS Server
    • CAS Application LLNG as CAS/SAML proxy SAML Identity Provider

Note that OpenID-Connect consortium hasn't already defined single-logout initiated by OpenID-Connect Provider. LLNG will implement it when this standard will be published.

Federation proxy installation can be complex. Don't hesitate to contact us on lemonldap-ng-users@ow2.org

See the following chapters: