LemonLDAP::NG is ten years old but still innovating! The 2.0 release provides support of OpenID Connect, a brand new SSO protocol that will be used by French administration trough France Connect.
12. 12
AngularJS Manager
● FrontEnd written with AngularJS
● Responsive design
● Configuration data as JSON
● Import/Export feature
● Edition of multiple values on the same screen
● Possibility to set a log message on save
14. 14
Handler API
● No more direct link between Handler and mod_perl
● Creation of an internal API, with implementations:
– Apache mod_perl 1
– Apache mod_perl 2
– CGI
– Nginx
– PSGI
16. 16
CAS attributes exchange
● Conform to CAS 3.0 standard
● Returns attributes in service ticket validation response,
inside <cas:attributes>
● Compatible with phpCAS::getAttributes() function
17. 17
OpenID Connect
● Based on OAuth 2.0 / JOSE
● Specific scope “openid” to receive an ID token
● User consent required to share its identity
● Access token delivered to request UserInfo endpoint
● Already used by Google to manage authentication
23. 23
France Connect
● French administration choose OpenID Connect for its
next generation authentication platform
● LemonLDAP::NG 2.0 :
– Can be client of France Connect: users will be able to sign
with their France Connect identity
– Can be provider of France Connect: France Connect can
delegate authentication to LemonLDAP::NG
24. Thanks for your attention
@clementoudot
http://sflx.ca/coudot