lemonldap-ng/doc/pages/documentation/features.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
 lang="en" dir="ltr">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../css/print.css" />

</head>
<body>
<div class="dokuwiki export">


<h1 class="sectionedit1" id="main_features">Main features</h1>
<div class="level1">

</div>
<!-- EDIT1 SECTION "Main features" [1-29] -->
<h2 class="sectionedit2" id="full_access_control">Full access control</h2>
<div class="level2">

<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> is a web single-sign-on system, but unlike some systems it can manage rights on applications based on regular expressions on <abbr title="Uniform Resource Locator">URL</abbr>.
</p>

</div>
<!-- EDIT2 SECTION "Full access control" [30-200] -->
<h2 class="sectionedit3" id="easy_to_customize">Easy to customize</h2>
<div class="level2">

<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> is designed using <a href="http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller" class="urlextern" title="http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller"  rel="nofollow">Model–View–Controller software architecture</a>, so you just have to <a href="../documentation/current/portalcustom.html" class="wikilink1" title="documentation:latest:portalcustom">change HTML/CSS files</a> to custom portal.
</p>

</div>
<!-- EDIT3 SECTION "Easy to customize" [201-475] -->
<h2 class="sectionedit4" id="easy_to_integrate">Easy to integrate</h2>
<div class="level2">

<p>
<a href="../documentation/1.0/applications.html" class="wikilink1" title="documentation:1.0:applications">Integrating applications</a> in <abbr title="LemonLDAP::NG">LL::NG</abbr> is easy since its dialog with applications is based on <a href="../documentation/current/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:latest:writingrulesand_headers">customizable HTTP headers</a>.
</p>

</div>
<!-- EDIT4 SECTION "Easy to integrate" [476-716] -->
<h3 class="sectionedit5" id="unifying_authentications_federation">Unifying authentications (federation)</h3>
<div class="level3">

<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can easy talk to other authentication systems using <abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID, <abbr title="Central Authentication Service">CAS</abbr>. it may be the <em class="u">backbone</em> of a heterogeneous architecture.
Its SOAP <abbr title="Application Programming Interface">API</abbr> can also be used to dialog directly with your custom applications.
</p>

</div>
<!-- EDIT5 SECTION "Unifying authentications (federation)" [717-984] -->
<h2 class="sectionedit6" id="sessions">Sessions</h2>
<div class="level2">

</div>
<!-- EDIT6 SECTION "Sessions" [985-1006] -->
<h3 class="sectionedit7" id="session_explorer">Session explorer</h3>
<div class="level3">

<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> Manager has a session explorer module that can be used to browse opened sessions:
</p>
<ul>
<li class="level1"><div class="li"> by users</div>
</li>
<li class="level1"><div class="li"> by <abbr title="Internet Protocol">IP</abbr></div>
</li>
<li class="level1"><div class="li"> by date</div>
</li>
<li class="level1"><div class="li"> by double <abbr title="Internet Protocol">IP</abbr> (sessions opened by the same user from multiple computers)</div>
</li>
</ul>

<p>
It can be used to delete a session
</p>

</div>
<!-- EDIT7 SECTION "Session explorer" [1007-1270] -->
<h3 class="sectionedit8" id="session_restrictions">Session restrictions</h3>
<div class="level3">

<p>
By default, a user can open several <a href="../documentation/current/sessions.html" class="wikilink1" title="documentation:latest:sessions">sessions</a>. <abbr title="LemonLDAP::NG">LL::NG</abbr> can restrict this:
</p>
<ul>
<li class="level1"><div class="li"> Allow only one session per user</div>
</li>
<li class="level1"><div class="li"> Allow only one <abbr title="Internet Protocol">IP</abbr> address per user</div>
</li>
<li class="level1"><div class="li"> Allow only one session per <abbr title="Internet Protocol">IP</abbr> address</div>
</li>
</ul>

<p>
Those capabilities can be used simultaneously or separately.
</p>

</div>
<!-- EDIT8 SECTION "Session restrictions" [1271-1587] -->
<h3 class="sectionedit9" id="double_cookie">Double cookie</h3>
<div class="level3">

<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can be configured to provides <a href="../documentation/current/ssocookie.html" class="wikilink1" title="documentation:latest:ssocookie">2 cookies</a>:
</p>
<ul>
<li class="level1"><div class="li"> one secured (SSL only) for sensitive applications</div>
</li>
<li class="level1"><div class="li"> one unsecured for other applications</div>
</li>
</ul>

<p>
So if the http cookie is stolen, sensitive applications stay secured.
</p>

</div>
<!-- EDIT9 SECTION "Double cookie" [1588-1861] -->
<h2 class="sectionedit10" id="notifications">Notifications</h2>
<div class="level2">

<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can be used to prompt users with a message. This can be used to notify right changes,… See <a href="../documentation/current/notifications.html" class="wikilink1" title="documentation:latest:notifications">notifications</a> for more.
</p>

</div>
</div><!-- closes <div class="dokuwiki export">-->