lemonldap-ng/doc/pages/documentation/features.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
 lang="en" dir="ltr">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../css/print.css" />

</head>
<body>
<div class="dokuwiki export">




<h1><a name="main_features" id="main_features">Main features</a></h1>
<div class="level1">

</div>
<!-- SECTION "Main features" [1-29] -->
<h2><a name="full_access_control" id="full_access_control">Full access control</a></h2>
<div class="level2">

<p>

<acronym title="LemonLDAP::NG">LL::NG</acronym> is a web single-sign-on system, but unlike some systems it can manage rights on applications based on regular expressions on <acronym title="Uniform Resource Locator">URL</acronym>.
</p>

</div>
<!-- SECTION "Full access control" [30-200] -->
<h2><a name="easy_to_customize" id="easy_to_customize">Easy to customize</a></h2>
<div class="level2">

<p>

<acronym title="LemonLDAP::NG">LL::NG</acronym> is designed using <a href="http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller" class="urlextern" title="http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller"  rel="nofollow">Model–View–Controller software architecture</a>, so you just have to <a href="../documentation/current/portalcustom.html" class="wikilink1" title="documentation:latest:portalcustom">change HTML/CSS files</a> to custom portal.
</p>

</div>
<!-- SECTION "Easy to customize" [201-475] -->
<h2><a name="easy_to_integrate" id="easy_to_integrate">Easy to integrate</a></h2>
<div class="level2">

<p>

<a href="../documentation/1.0/applications.html" class="wikilink1" title="documentation:1.0:applications">Integrating applications</a> in <acronym title="LemonLDAP::NG">LL::NG</acronym> is easy since its dialog with applications is based on <a href="../documentation/current/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:latest:writingrulesand_headers">customizable HTTP headers</a>.
</p>

</div>
<!-- SECTION "Easy to integrate" [476-716] -->
<h3><a name="unifying_authentications_federation" id="unifying_authentications_federation">Unifying authentications (federation)</a></h3>
<div class="level3">

<p>

<acronym title="LemonLDAP::NG">LL::NG</acronym> can easy talk to other authentication systems using <acronym title="Security Assertion Markup Language">SAML</acronym>, OpenID, <acronym title="Central Authentication Service">CAS</acronym>. it may be the <em class="u">backbone</em> of a heterogeneous architecture.
Its <acronym title="Simple Object Access Protocol">SOAP</acronym> <acronym title="Application Programming Interface">API</acronym> can also be used to dialog directly with your custom applications.
</p>

</div>
<!-- SECTION "Unifying authentications (federation)" [717-984] -->
<h2><a name="sessions" id="sessions">Sessions</a></h2>
<div class="level2">

</div>
<!-- SECTION "Sessions" [985-1006] -->
<h3><a name="session_explorer" id="session_explorer">Session explorer</a></h3>
<div class="level3">

<p>

<acronym title="LemonLDAP::NG">LL::NG</acronym> Manager has a session explorer module that can be used to browse opened sessions:
</p>
<ul>
<li class="level1"><div class="li"> by users</div>
</li>
<li class="level1"><div class="li"> by <acronym title="Internet Protocol">IP</acronym></div>
</li>
<li class="level1"><div class="li"> by double <acronym title="Internet Protocol">IP</acronym> (sessions opened by the same user from multiple computers)</div>
</li>
</ul>

<p>
It can be used to delete a session
</p>

</div>
<!-- SECTION "Session explorer" [1007-1258] -->
<h3><a name="session_restrictions" id="session_restrictions">Session restrictions</a></h3>
<div class="level3">

<p>

By default, a user can open several <a href="../documentation/current/sessions.html" class="wikilink1" title="documentation:latest:sessions">sessions</a>. <acronym title="LemonLDAP::NG">LL::NG</acronym> can restrict this:
</p>
<ul>
<li class="level1"><div class="li"> Allow only one session per user</div>
</li>
<li class="level1"><div class="li"> Allow only one <acronym title="Internet Protocol">IP</acronym> address per user</div>
</li>
<li class="level1"><div class="li"> Allow only one session per <acronym title="Internet Protocol">IP</acronym> address</div>
</li>
</ul>

<p>
Those capabilities can be used simultaneously or separately.
</p>

</div>
<!-- SECTION "Session restrictions" [1259-1575] -->
<h3><a name="double_cookie" id="double_cookie">Double cookie</a></h3>
<div class="level3">

<p>

<acronym title="LemonLDAP::NG">LL::NG</acronym> can be configured to provides <a href="../documentation/current/ssocookie.html" class="wikilink1" title="documentation:latest:ssocookie">2 cookies</a>:
</p>
<ul>
<li class="level1"><div class="li"> one secured (<acronym title="Secure Sockets Layer">SSL</acronym> only) for sensitive applications</div>
</li>
<li class="level1"><div class="li"> one unsecured for other applications</div>
</li>
</ul>

<p>
So if the http cookie is stolen, sensitive applications stay secured.
</p>

</div>
<!-- SECTION "Double cookie" [1576-1849] -->
<h2><a name="notifications" id="notifications">Notifications</a></h2>
<div class="level2">

<p>

<acronym title="LemonLDAP::NG">LL::NG</acronym> can be used to prompt users with a message. This can be used to notify right changes,… See <a href="../documentation/current/notifications.html" class="wikilink1" title="documentation:latest:notifications">notifications</a> for more.
</p>

</div>
<!-- SECTION "Notifications" [1850-] --></div><!-- closes <div class="dokuwiki export">-->