46 lines
1.4 KiB
ReStructuredText
46 lines
1.4 KiB
ReStructuredText
LL::NG as federation protocol proxy
|
|
===================================
|
|
|
|
LL::NG can use federation protocols (SAML, CAS, OpenID) independently to:
|
|
|
|
- authenticate users
|
|
- provide identities to other systems
|
|
|
|
So you can configure it to authenticate users using a federation
|
|
protocol and simultaneously to provide identities using other(s)
|
|
federation protocols.
|
|
|
|
Tested schemes:
|
|
|
|
- SAML / OpenID-Connect:
|
|
|
|
- SAML-SP **<=>** LLNG as
|
|
:doc:`SAML<idpsaml>`/:doc:`OpenID-Connect<authopenidconnect>`
|
|
proxy **<=>** OIDC Provider
|
|
- OIDC-RP **<=>** LLNG as
|
|
:doc:`OpenID-Connect<idpopenidconnect>`/:doc:`SAML<authsaml>`
|
|
proxy **<=>** SAML Identity Provider
|
|
|
|
- SAML / CAS
|
|
|
|
- SAML-SP **<=>** LLNG as :doc:`SAML<idpsaml>`/:doc:`CAS<authcas>`
|
|
proxy **<=>** CAS Server
|
|
- CAS Application **<=>** LLNG as
|
|
:doc:`CAS<idpcas>`/:doc:`SAML<authsaml>` proxy **<=>** SAML
|
|
Identity Provider
|
|
|
|
Note that OpenID-Connect consortium has not already defined single-logout
|
|
initiated by OpenID-Connect Provider. LL::NG will implement it when this
|
|
standard will be published.
|
|
|
|
|
|
.. attention::
|
|
|
|
Federation proxy installation can be complex. Don't
|
|
hesitate to contact us on lemonldap-ng-users@ow2.org
|
|
|
|
See the following chapters:
|
|
|
|
- :ref:`Authentication protocols<start-authentication-users-and-password-databases>`
|
|
- :ref:`Identity provider<start-identity-provider>`
|