Web lists-archives.com

Re: Single Sign On for Debian




Le 22/08/2017 à 16:29, gregor herrmann a écrit :
> On Tue, 22 Aug 2017 09:45:10 +0200, Alexander Wirt wrote:
> 
>>> There is lemonldap-ng already packaged which provides saml, oauth,
>>> openid-connect, CAS, and more (both identity provider and service
>>> provider). It works with users in ldap but doesn't have a user management
>>> interface.
>>>
>>> We use it at work and it integrates nicely with all kind of webapp
>>> (including gitlab, via oauth).
>> I haven't looked into it. Can lemonldap-ng have multiple backends at the same
>> time? 
>> Specifially one LDAP (db.d.o.) Backend and one Oauth2 (gitlab) Backend?
> 
> I haven't used lemonldap-ng but I'd like to add that it's maintained
> in Debian by Xavier Guimard (within the Debian Perl Group) who's also
> part of upstream. I'm sure he's happy to help by answering questions
> and maybe also setup or changes etc. (CC'd).

Hi all,

LLNG can have many backends simultaneously. The 2.0 version (not yet
published, in tests) adds a better plugin system that can be used to
create new backends. For now, LLNG is usable with:
* LDAP, Active-Directory, SQL, Kerberos (better with 2.0), Radius,
  another LLNG system (proxy or delegate), SSL (using webserver),
  Yubikey (better with 2.0), WebID,
* SAML-2.0, CAS, OpenID-2.0, OpenID-Connect,
* Multi   : backend chosed by rule (better with 2.0 => "Combination")
* Choice  : user can choose its backend
* backends usable by 2.0 only:
  * PAM
  * REST API
  * Second factor (U2F or custom)

It can also (and simultaneously) be used as identity provider for CAS,
OpenID-Connect, OpenID-2.0, SAML

It has been designed for French government but is used in many places
now. Our main installation handles hundreds applications for ~250000
users (~30 millions hits/day). I've heard about a bigger one in US but
have no info on it.

Best regards,
Xavier

https://lemonldap-ng.org

Attachment: signature.asc
Description: OpenPGP digital signature