dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
285ea93a65
lemonldap-ng/doc/sources/admin/features.rst
Maxime Besson 86b9ffedf7 doc: fix formatting
2020-06-01 16:22:25 +02:00

89 lines
2.2 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Main features
=============
Full access control
-------------------
LL::NG is a web single-sign-on system, but unlike some systems it can
manage rights on applications based on regular expressions on URL.
Easy to customize
-----------------
LL::NG is designed using `ModelViewController software
architecture <http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller>`__,
so you just have to
:doc:`change HTML/CSS files<portalcustom>` to
custom portal.
Easy to integrate
-----------------
:doc:`Integrating applications<applications>` in
LL::NG is easy since its dialog with applications is based on
:ref:`customizable HTTP headers<headers>`.
Unifying authentications (Identity Federation)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LL::NG can easily exchange with other authentication systems by using
SAML, OpenID or CAS protocoles. It may be the backbone of a
heterogeneous architecture. LL:NG can be set as Identity provider,
Service Provider or Protocol Proxy
(:doc:`LL::NG as federation protocol proxy<federationproxy>`).
Its SOAP API can also be used to dialog directly with your custom
applications.
Sessions
--------
.. _session-explorer:
Session explorer
~~~~~~~~~~~~~~~~
LL::NG Manager has a session explorer module that can be used to browse
opened sessions:
- by users
- by IP *(IPv4 and IPv6)*
- by date
- by double IP (sessions opened by the same user from multiple
computers)
It can be used to delete a session
.. _session-restrictions:
Session restrictions
~~~~~~~~~~~~~~~~~~~~
By default, a user can open several
:doc:`sessions<sessions>`. LL::NG can restrict
this:
- Allow only one session per user
- Allow only one IP address per user
- Allow only one user per IP address
Those capabilities can be used simultaneously or separately.
Double cookie
~~~~~~~~~~~~~
LL::NG can be configured to provides
:doc:`2 cookies<ssocookie>`:
- one secured (SSL only) for sensitive applications
- one unsecured for other applications
So if the http cookie is stolen, sensitive applications stay secured.
Notifications
-------------
LL::NG can be used to prompt users with a message. This can be used to
notify right changes,... See
:doc:`notifications<notifications>` for more.
Reference in New Issue View Git Blame Copy Permalink