LL::NG as federation protocol proxy¶
LL::NG can use federation protocols (SAML, CAS, OpenID) independently to:
authenticate users
provide identities to other systems
So you can configure it to authenticate users using a federation protocol and simultaneously to provide identities using other(s) federation protocols.
Tested schemes:
SAML / OpenID-Connect:
SAML-SP <=> LLNG as SAML/OpenID-Connect proxy <=> OIDC Provider
OIDC-RP <=> LLNG as OpenID-Connect/SAML proxy <=> SAML Identity Provider
SAML / CAS
Note that OpenID-Connect consortium has not already defined single-logout initiated by OpenID-Connect Provider. LL::NG will implement it when this standard will be published.
Attention
Federation proxy installation can be complex. Don’t hesitate to contact us on lemonldap-ng-users@ow2.org
See the following chapters: