Re: Single Sign On for Debian
- To: debian-devel@lists.debian.org
- Subject: Re: Single Sign On for Debian
- From: Xavier <x.guimard@free.fr>
- Date: Fri, 30 Nov 2018 14:48:06 +0100
- Message-id: <[🔎] a65f35b5-d91d-9314-826a-22163b31d5fa@free.fr>
- In-reply-to: <e5f25f10-9e61-c0b8-14f8-0a96c3b473bf@free.fr>
- References: <20170820161607.GP21385@gpm.stappers.nl> <20170820162805.3xetwdavwcwfpuau@snafu.emyr.net> <20170821091805.jchs7453onrmb7u4@enricozini.org> <20170821121951.GH2920@riseup.net> <20170821124849.sns7yoijxstvs7rf@smithers.snow-crash.org> <d595d9c493c8c527e6a1661e32d2c593@snyman.info> <20170822062214.7zdekw4cqrhjsgoq@snafu.emyr.net> <CAFX5sbz8=TGP-N5P-2dZoQ=tB9HnxLcNrVe0vU5=XDbhabO1pQ@mail.gmail.com> <20170822074510.5e6rjzfmedz366ms@smithers.snow-crash.org> <20170822142949.trh5hc6du45qhtch@jadzia.comodo.priv.at> <e5f25f10-9e61-c0b8-14f8-0a96c3b473bf@free.fr>
Le 22/08/2017 à 18:51, Xavier a écrit :
> Le 22/08/2017 à 16:29, gregor herrmann a écrit :
>> On Tue, 22 Aug 2017 09:45:10 +0200, Alexander Wirt wrote:
>>
>>>> There is lemonldap-ng already packaged which provides saml, oauth,
>>>> openid-connect, CAS, and more (both identity provider and service
>>>> provider). It works with users in ldap but doesn't have a user management
>>>> interface.
>>>>
>>>> We use it at work and it integrates nicely with all kind of webapp
>>>> (including gitlab, via oauth).
>>> I haven't looked into it. Can lemonldap-ng have multiple backends at the same
>>> time?
>>> Specifially one LDAP (db.d.o.) Backend and one Oauth2 (gitlab) Backend?
>>
>> I haven't used lemonldap-ng but I'd like to add that it's maintained
>> in Debian by Xavier Guimard (within the Debian Perl Group) who's also
>> part of upstream. I'm sure he's happy to help by answering questions
>> and maybe also setup or changes etc. (CC'd).
>
> Hi all,
>
> LLNG can have many backends simultaneously. The 2.0 version (not yet
> published, in tests) adds a better plugin system that can be used to
> create new backends. For now, LLNG is usable with:
> * LDAP, Active-Directory, SQL, Kerberos (better with 2.0), Radius,
> another LLNG system (proxy or delegate), SSL (using webserver),
> Yubikey (better with 2.0), WebID,
> * SAML-2.0, CAS, OpenID-2.0, OpenID-Connect,
> * Multi : backend chosed by rule (better with 2.0 => "Combination")
> * Choice : user can choose its backend
> * backends usable by 2.0 only:
> * PAM
> * REST API
> * Second factor (U2F or custom)
>
> It can also (and simultaneously) be used as identity provider for CAS,
> OpenID-Connect, OpenID-2.0, SAML
>
> It has been designed for French government but is used in many places
> now. Our main installation handles hundreds applications for ~250000
> users (~30 millions hits/day). I've heard about a bigger one in US but
> have no info on it.
>
> Best regards,
> Xavier
>
> https://lemonldap-ng.org
Hi all,
lemonldap-ng 2.0 has been released (soon in Debian unstable). There are
many new features that can be useful.
Cheers,
Xavier
---
https://lemonldap-ng.org/documentation/latest/start
https://fusioniam.org
Reply to: