2011-03-08 09:05:59 
阿炯
Lemonldap::NG 是一个模块化的 Web 单点登录系统,基于 Apache::Session 模块。它简化了构建应用程序的保护区域,可管理认证和授权,可实现完全的 AAA 保护。LemonLDAP::NG 是在 Lemonldap 基础上完全重新,不过为 Lemonldap 开发的模块将无法在 LemonLDAP::NG 上使用。采用Perl开发并在GPL协议下授权使用。
LemonLDAP::NG is an open source Web Single Sign On product (WebSSO) written in Perl, plugged into Apache Web Server.
LemonLDAP::NG is a free software, released under GPL license.
LemonLDAP::NG is the first SSO software deployed in French administrations. It can handle more than 200 000 users. Many private firms use it too.
Architecture
Main components
Manager: used to manage LemonLDAP::NG configuration and to explore sessions. Dedicated to administrators
Portal: used to authenticate users, display applications list and provides identity provider service (SAML, OpenID, CAS). Portal provides also many other features (see portal for more)
Handler: Apache modules used to protect applications
特点
* SSO for Web applications (Java, PHP, .Net, Perl, Ruby, Python, ...).
* Virtual Private Networks for external access (HTTP/HTTPS gateway).
* Strong authentication (LDAP, Kerberos, X.509, CAS, Liberty Alliance).
* Authorization based on LDAP filters.
* Authorizations inside application (subdirectories, or file types).
* LDAP groups management.
* Session sharing (SQL, memcached, SOAP).
* Configuration sharing (SQL, SOAP, LDAP).
* Password policy compliant.
* Dynamic application menu.
* Password change form.
* Push authentication trough HTTP Basic.
* Form replay.
* SAML Service Provider, identity Provider and Attribute Provider.
最新版本:2.0
官方主页:http://lemonldap-ng.org/