Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:federationproxy [2019/01/15 15:54] (current)
Line 1: Line 1:
 +====== LL::NG as federation protocol proxy ======
  
 +LL::NG can use federation protocols (SAML, CAS, OpenID) independently to:
 +  * authenticate users
 +  * provide identities to other systems
 +
 +So you can configure it to authenticate users using a federation protocol and simultaneously to provide identities using other(s) federation protocols.
 +
 +Schemes tested:
 +  * SAML / OpenID-Connect:​
 +    * SAML-SP **<​=>​** LLNG as [[idpsaml|SAML]]/​[[authopenidconnect|OpenID-Connect]] proxy **<​=>​** OIDC Provider
 +    * OIDC-RP **<​=>​** LLNG as [[idpopenidconnect|OpenID-Connect]]/​[[authsaml|SAML]] proxy **<​=>​** SAML Identity Provider
 +  * SAML / CAS
 +    * SAML-SP **<​=>​** LLNG as [[idpsaml|SAML]]/​[[authcas|CAS]] proxy **<​=>​** CAS Server
 +    * CAS Application **<​=>​** LLNG as [[idpcas|CAS]]/​[[authsaml|SAML]] proxy **<​=>​** SAML Identity Provider
 +
 +Note that OpenID-Connect consortium hasn't already defined single-logout initiated by OpenID-Connect Provider. LLNG will implement it when this standard will be published.
 +
 +<note important>​Federation proxy installation can be complex. Don't hesitate to contact us on lemonldap-ng-users@ow2.org</​note>​
 +
 +See the following chapters:
 +  * [[start#​authentication_users_and_password_databases|Authentication protocols]]
 +  * [[start#​identity_provider|Identity provider]]