2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:federationproxy< / title >
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,federationproxy" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "federationproxy.html" / >
< link rel = "contents" href = "federationproxy.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : f e d e r a t i o n p r o x y " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
< h1 class = "sectionedit1" id = "llng_as_federation_protocol_proxy" > LL::NG as federation protocol proxy< / h1 >
< div class = "level1" >
< p >
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > can use federation protocols (< abbr title = "Security Assertion Markup Language" > SAML< / abbr > , < abbr title = "Central Authentication Service" > CAS< / abbr > , OpenID) independently to:
< / p >
< ul >
< li class = "level1" > < div class = "li" > authenticate users< / div >
< / li >
< li class = "level1" > < div class = "li" > provide identities to other systems< / div >
< / li >
< / ul >
< p >
So you can configure it to authenticate users using a federation protocol and simultaneously to provide identities using other(s) federation protocols.
< / p >
< p >
2018-07-14 22:23:25 +02:00
Schemes tested:
2016-10-15 19:57:04 +02:00
< / p >
< ul >
2018-07-14 22:23:25 +02:00
< li class = "level1" > < div class = "li" > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > / OpenID-Connect:< / div >
< ul >
< li class = "level2" > < div class = "li" > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > -SP < strong > ⇔< / strong > LLNG as < a href = "idpsaml.html" class = "wikilink1" title = "documentation:2.0:idpsaml" > SAML< / a > /< a href = "authopenidconnect.html" class = "wikilink1" title = "documentation:2.0:authopenidconnect" > OpenID-Connect< / a > proxy < strong > ⇔< / strong > OIDC Provider< / div >
< / li >
< li class = "level2" > < div class = "li" > OIDC-RP < strong > ⇔< / strong > LLNG as < a href = "idpopenidconnect.html" class = "wikilink1" title = "documentation:2.0:idpopenidconnect" > OpenID-Connect< / a > /< a href = "authsaml.html" class = "wikilink1" title = "documentation:2.0:authsaml" > SAML< / a > proxy < strong > ⇔< / strong > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > Identity Provider< / div >
< / li >
< / ul >
2016-10-15 19:57:04 +02:00
< / li >
2018-07-14 22:23:25 +02:00
< li class = "level1" > < div class = "li" > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > / < abbr title = "Central Authentication Service" > CAS< / abbr > < / div >
< ul >
< li class = "level2" > < div class = "li" > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > -SP < strong > ⇔< / strong > LLNG as < a href = "idpsaml.html" class = "wikilink1" title = "documentation:2.0:idpsaml" > SAML< / a > /< a href = "authcas.html" class = "wikilink1" title = "documentation:2.0:authcas" > CAS< / a > proxy < strong > ⇔< / strong > < abbr title = "Central Authentication Service" > CAS< / abbr > Server< / div >
< / li >
< li class = "level2" > < div class = "li" > < abbr title = "Central Authentication Service" > CAS< / abbr > Application < strong > ⇔< / strong > LLNG as < a href = "idpcas.html" class = "wikilink1" title = "documentation:2.0:idpcas" > CAS< / a > /< a href = "authsaml.html" class = "wikilink1" title = "documentation:2.0:authsaml" > SAML< / a > proxy < strong > ⇔< / strong > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > Identity Provider< / div >
< / li >
< / ul >
2016-10-15 19:57:04 +02:00
< / li >
< / ul >
2017-03-30 07:08:56 +02:00
< p >
Note that OpenID-Connect consortium hasn' t already defined single-logout initiated by OpenID-Connect Provider. LLNG will implement it when this standard will be published.
< / p >
2018-07-14 22:23:25 +02:00
< div class = "noteimportant" > Federation proxy installation can be complex. Don' t hesitate to contact us on lemonldap-ng-users@ow2.org
2017-03-30 07:08:56 +02:00
< / div >
2016-10-15 19:57:04 +02:00
< p >
See the following chapters:
< / p >
< ul >
< li class = "level1" > < div class = "li" > < a href = "start.html#authentication_users_and_password_databases" class = "wikilink1" title = "documentation:2.0:start" > Authentication protocols< / a > < / div >
< / li >
< li class = "level1" > < div class = "li" > < a href = "start.html#identity_provider" class = "wikilink1" title = "documentation:2.0:start" > Identity provider< / a > < / div >
< / li >
< / ul >
< / div >
< / div >
< / body >
< / html >