LL::NG

Full AAA protection

LemonLDAP::NG provides authentication (LDAP, Active Directory, Kerberos, Database, SSL, Social Networks, CAS, SAML, OpenID Connect, ...), authorization (access rules for applications based on attributes and groups) and accounting (user identity in logs).

  • Authentication
  • Authorization
  • Accounting
LemonLDAP::NG components

Components

LemonLDAP::NG relies on backends (files, databases, NoSQL) to store configuration and sessions. The Portal is the visible part, it displays the authentication screen and the menu, implements the standard protocols (CAS, SAML and OpenID Connect). The Manager is the administration interface. For applications working with HTTP headers for SSO, the Handler can be configured.

Read full presentation

Identity Federation

LemonLDAP::NG implements main SSO standards and can be used as gateway between these protocols

  • CAS

    CAS v1, v2 and v3
    Attributes sharing
    Access rules

  • SAML

    SSO, SLO and AA
    Metadata import and export
    Discovery Protocol (WAYF)

  • OpenID Connect

    Authorization Code, Implicit and Hybrid flows
    ID Token HS and RS signatures
    Extra claims definition