LL::NG as federation protocol proxy

LL::NG can use federation protocols (SAML, CAS, OpenID) independently to:

  • authenticate users

  • provide identities to other systems

So you can configure it to authenticate users using a federation protocol and simultaneously to provide identities using other(s) federation protocols.

Tested schemes:

  • SAML / OpenID-Connect:

  • SAML / CAS

    • SAML-SP <=> LLNG as SAML/CAS proxy <=> CAS Server

    • CAS Application <=> LLNG as CAS/SAML proxy <=> SAML Identity Provider

Note that OpenID-Connect consortium has not already defined single-logout initiated by OpenID-Connect Provider. LL::NG will implement it when this standard will be published.

Attention

Federation proxy installation can be complex. Don’t hesitate to contact us on lemonldap-ng-users@ow2.org

See the following chapters: