[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Single Sign On for Debian

Le 22/08/2017 à 18:51, Xavier a écrit :
> Le 22/08/2017 à 16:29, gregor herrmann a écrit :
>> On Tue, 22 Aug 2017 09:45:10 +0200, Alexander Wirt wrote:
>>>> There is lemonldap-ng already packaged which provides saml, oauth,
>>>> openid-connect, CAS, and more (both identity provider and service
>>>> provider). It works with users in ldap but doesn't have a user management
>>>> interface.
>>>> We use it at work and it integrates nicely with all kind of webapp
>>>> (including gitlab, via oauth).
>>> I haven't looked into it. Can lemonldap-ng have multiple backends at the same
>>> time? 
>>> Specifially one LDAP (db.d.o.) Backend and one Oauth2 (gitlab) Backend?
>> I haven't used lemonldap-ng but I'd like to add that it's maintained
>> in Debian by Xavier Guimard (within the Debian Perl Group) who's also
>> part of upstream. I'm sure he's happy to help by answering questions
>> and maybe also setup or changes etc. (CC'd).
> Hi all,
> LLNG can have many backends simultaneously. The 2.0 version (not yet
> published, in tests) adds a better plugin system that can be used to
> create new backends. For now, LLNG is usable with:
> * LDAP, Active-Directory, SQL, Kerberos (better with 2.0), Radius,
>   another LLNG system (proxy or delegate), SSL (using webserver),
>   Yubikey (better with 2.0), WebID,
> * SAML-2.0, CAS, OpenID-2.0, OpenID-Connect,
> * Multi   : backend chosed by rule (better with 2.0 => "Combination")
> * Choice  : user can choose its backend
> * backends usable by 2.0 only:
>   * PAM
>   * REST API
>   * Second factor (U2F or custom)
> It can also (and simultaneously) be used as identity provider for CAS,
> OpenID-Connect, OpenID-2.0, SAML
> It has been designed for French government but is used in many places
> now. Our main installation handles hundreds applications for ~250000
> users (~30 millions hits/day). I've heard about a bigger one in US but
> have no info on it.
> Best regards,
> Xavier
> https://lemonldap-ng.org

Hi all,

lemonldap-ng 2.0 has been released (soon in Debian unstable). There are
many new features that can be useful.


Reply to: