Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:start [2019/10/08 14:07]
coudot [Mini howtos]
documentation:latest:start [2020/04/20 16:56] (current)
paucur [Well known compatible applications]
Line 6: Line 6:
   * [[documentation:​features|Main features]]   * [[documentation:​features|Main features]]
   * [[documentation:​quickstart|Quick start tutorial]]   * [[documentation:​quickstart|Quick start tutorial]]
-  * [[https://​github.com/​LemonLDAPNG/​pts2019-llng-workshop|Workshop:​ connect LL::NG to OpenLDAP and use 2FA]] 
   * [[platformsoverview|Choose a platform]]   * [[platformsoverview|Choose a platform]]
  
Line 94: Line 93:
 | [[authdemo|Demonstration]] |  ✔  |  ✔  |  ✔  | | [[authdemo|Demonstration]] |  ✔  |  ✔  |  ✔  |
 | [[authfacebook|Facebook]] |  ✔  |  ✔  |   | | [[authfacebook|Facebook]] |  ✔  |  ✔  |   |
-| [[authgpg|GPG]] {{..:​new.png?​direct&​35|}} (([[authgpg|GPG]] is available with LLNG ≥ 2.0.2)) |  ✔  |    |    |+| [[authgithub|GitHub]] {{..:​new.png?​direct&​35|}} (([[authgithub|GitHub authentication]] is available with LLNG ≥ 2.0.8)) |  ✔  |    |    | 
 +| [[authgpg|GPG]] {{..:​new.png?​direct&​35|}} (([[authgpg|GPG ​authentication]] is available with LLNG ≥ 2.0.2)) |  ✔  |    |    |
 | [[authkerberos|Kerberos]] {{..:​new.png?​direct&​35|}} |  ✔  |    |    | | [[authkerberos|Kerberos]] {{..:​new.png?​direct&​35|}} |  ✔  |    |    |
 | [[authldap|LDAP]] |  ✔  |  ✔  |  ✔  | | [[authldap|LDAP]] |  ✔  |  ✔  |  ✔  |
Line 127: Line 127:
 | [[rest2f|REST Second Factor]] {{..:​new.png?​direct&​35|}} |  ✔  | | [[rest2f|REST Second Factor]] {{..:​new.png?​direct&​35|}} |  ✔  |
 | [[yubikey2f|Yubikey]] {{..:​new.png?​direct&​35|}} |  ✔  | | [[yubikey2f|Yubikey]] {{..:​new.png?​direct&​35|}} |  ✔  |
-| [[sfextra|Additional second factors]] {{..:​new.png?​direct&​35|}} (([[sfextra|Additional second factors]] ​is available with LLNG ≥ 2.0.6)) |  ✔  |+| [[sfextra|Additional second factors]] {{..:​new.png?​direct&​35|}} (([[sfextra|Additional second factors]] ​are available with LLNG ≥ 2.0.6)) |  ✔  |
 ^ Auth addons ^  Authentication ​ ^ ^ Auth addons ^  Authentication ​ ^
 | [[autosignin|Auto Signin]] {{..:​new.png?​direct&​35|}} |  ✔  | | [[autosignin|Auto Signin]] {{..:​new.png?​direct&​35|}} |  ✔  |
Line 154: Line 154:
  
 <note tip> <note tip>
-Issuers timeout : Delay for issuers to submit their authentication requests+Issuers timeout : Delay for issuers to submit their authentication requests 
 + 
 +* To avoid a bad/expired token and lose redirection to the SP protected application after authentication if IdP URLs are served by different load balancers, you can force Issuer tokens to be stored into Global Storage by editing ''​lemonldap-ng.ini''​ in section [portal]: 
 + 
 +<file ini> 
 +[portal] 
 +forceGlobalStorageIssuerOTT = 1 
 +</​file>​
 </​note>​ </​note>​
  
Line 189: Line 196:
 ^  Name  ^  Description ​ ^ ^  Name  ^  Description ​ ^
 | [[autosignin|Auto Signin]] {{..:​new.png?​direct&​35|}} | Auto Signin Addon | | [[autosignin|Auto Signin]] {{..:​new.png?​direct&​35|}} | Auto Signin Addon |
-| [[bruteforceprotection|Brute Force protection]] {{..:​new.png?​direct&​35|}} | User must wait to log in after failed login attempts |+| [[bruteforceprotection|Brute Force protection]] {{..:​new.png?​direct&​35|}} | User must wait to log in after some failed login attempts |
 | [[cda|CDA]] | Cross Domain Authentication | | [[cda|CDA]] | Cross Domain Authentication |
 | [[checkstate|Check state]] {{..:​new.png?​direct&​35|}} | Check state plugin (test page) | | [[checkstate|Check state]] {{..:​new.png?​direct&​35|}} | Check state plugin (test page) |
-| [[checkuser|Check user ]] {{..:​new.png?​direct&​35|}} | Check access rights, transmitted headers and session attibutes for a specific user and URL |+| [[checkuser|Check user]] ​(([[checkuser|Check user plugin]] is available with LLNG ≥ 2.0.3)) ​{{..:​new.png?​direct&​35|}} | Check access rights, transmitted headers and session attibutes for a specific user and URL |
 | [[viewer|Configuration viewer]] {{..:​new.png?​direct&​35|}} | Edit WebSSO configuration in Read Only mode | | [[viewer|Configuration viewer]] {{..:​new.png?​direct&​35|}} | Edit WebSSO configuration in Read Only mode |
-| [[contextswitching|Context switching]] (([[contextswitching|Context switching]] is available with LLNG ≥ 2.0.6)){{..:​new.png?​direct&​35|}} | Switch context other users |+| [[contextswitching|Context switching]] (([[contextswitching|Context switching ​plugin]] is available with LLNG ≥ 2.0.6)){{..:​new.png?​direct&​35|}} | Switch context other users |
 | [[plugincustom|Custom]] | Write a custom plugin | | [[plugincustom|Custom]] | Write a custom plugin |
 +| [[decryptvalue|Decrypt value]] (([[decryptvalue|Decrypt value plugin]] is available with LLNG ≥ 2.0.7)){{..:​beta.png?​direct&​35|}} | Decrypt ciphered values |
 | [[loginhistory|Display login history]] | | [[loginhistory|Display login history]] |
 | [[forceReAuthn|Force Authentication]] | Force authentication to access to Portal | | [[forceReAuthn|Force Authentication]] | Force authentication to access to Portal |
 +| [[globalLogout|Global Logout]] (([[globalLogout|Global Logout plugin]] is available with LLNG ≥ 2.0.7)) | Suggest to close all opened sessions at logout |
 | [[grantsession|Grant Sessions]] | Rules to apply before allowing a user to open a session | | [[grantsession|Grant Sessions]] | Rules to apply before allowing a user to open a session |
-| [[impersonation|Impersonation ]] {{..:​new.png?​direct&​35|}} | Allow users to use another identity |+| [[impersonation|Impersonation]] ​(([[impersonation|Impersonation plugin]] is available with LLNG ≥ 2.0.3)){{..:​new.png?​direct&​35|}} | Allow users to use another identity |
 | [[notifications|Notifications system]] | | [[notifications|Notifications system]] |
 | [[status|Portal Status]] | Experimental portal status page | | [[status|Portal Status]] | Experimental portal status page |
 | [[public_pages|Public pages]] | Enable public pages system | | [[public_pages|Public pages]] | Enable public pages system |
 +| [[refreshsessionapi|Refresh session API]] (([[refreshsessionapi|Refresh session API plugin]] is available with LLNG ≥ 2.0.7))| Plugin that provides an API to refresh a user session |
 | [[resetpassword|Reset password by mail]] | | [[resetpassword|Reset password by mail]] |
 +| [[resetcertificate|Reset certificate by mail]] (([[resetcertificate|Reset certificate by mail plugin]] is available with LLNG ≥ 2.0.7)){{..:​beta.png?​direct&​35|}} | Allow users to reset their certificate |
 | [[restservices|REST services]] {{..:​new.png?​direct&​35|}} | REST server for [[authproxy|Proxy]] | | [[restservices|REST services]] {{..:​new.png?​direct&​35|}} | REST server for [[authproxy|Proxy]] |
 | [[soapservices|SOAP services]] //​(deprecated)//​ | SOAP server for [[authproxy|Proxy]] | | [[soapservices|SOAP services]] //​(deprecated)//​ | SOAP server for [[authproxy|Proxy]] |
-| [[stayconnected|Stay connected]] {{..:​new.png?​direct&​35|}} | Enable persistent connection on same browser | +| Stay connected {{..:​new.png?​direct&​35|}} | Enable persistent connection on same browser | 
-| Upgrade session {{..:​new.png?​direct&​35|}} | Plugin that explain ​to user that a more secure ​authentication is needed ​instead of rejected it |+| Upgrade session {{..:​new.png?​direct&​35|}} | This plugin explains ​to an already authenticated ​user that a higher ​authentication ​level is required to access the URL instead of reject him |
  
 <​html></​div></​div></​html>​ <​html></​div></​div></​html>​
Line 277: Line 288:
  
 <​html></​div></​div></​html>​ <​html></​div></​div></​html>​
 +
 +<note tip>
 +You can migrate from one session backend to another using the [[changeSessionBackend|session conversion script]]. ({{..:​new.png?​direct&​35|}} //since 2.0.7//) </​note>​
  
 ===== Applications protection ===== ===== Applications protection =====
Line 290: Line 304:
   * [[formreplay|Form replay]]   * [[formreplay|Form replay]]
   * [[customhandlers|Custom Handlers]]   * [[customhandlers|Custom Handlers]]
 +  * [[webserviceprotection|WebServices / API]]
  
 <​html></​div></​div></​html>​ <​html></​div></​div></​html>​
Line 305: Line 320:
 <​html><​div class="​col-sm-3"></​html>​ <​html><​div class="​col-sm-3"></​html>​
 [[.:​applications:​alfresco|{{ :​applications:​alfresco_logo.png?​nolink |Alfresco}}]] [[.:​applications:​alfresco|{{ :​applications:​alfresco_logo.png?​nolink |Alfresco}}]]
 +<​html></​div></​html>​
 +
 +<​html><​div class="​col-sm-3"></​html>​
 +[[.:​applications:​awx|{{ :​applications:​logo-awx.png?​nolink |AWX}}]]
 <​html></​div></​html>​ <​html></​div></​html>​