2023-06-14 –, Main stage
LemonLDAP::NG is a free open source full AAA WebSSO solution. It provides global Authentication (Single Sign-On), Authorization (access rules) and Accounting: (access logs).
In cloud environments or DevOps architectures, applications may require other applications API. It means that a web application may need to request some other web applications on behalf of the authenticated users. LemonLDAP::NG provides three ways to do this:
* the Ugly that consists in providing SSO cookie to all protected applications. It is an unsecured method because the SSO cookie can be caught and used everywhere, every time by everyone! NOT RECOMMENDED solution.
* the Bad with the SecureToken Handler. This approach is deprecated. Should be used for specific use cases only.
* and the Good one with the ServiceToken Handler. Since 2.0 version, LL::NG provides a better way to protect API by using limited scope tokens aka ServiceTokens.
I will explain the ServiceToken Handler mechanism and how to implement it during this presentation...
Christophe Maudoux graduated from Cnam Networks and Systems Engineering track in 2019, is Part-time Professor at Cnam and ESIEE Paris. Huge LemonLDAP::NG instances administrator at STSISI (French Gendarmerie and Police IT System Department) since 2016, he works on WebSSO engineering and Identity and Access Management (IAM). He is part of the OW2 WebSSO project LemonLDAP::NG core team as maintainer and advanced Perl programmer. Since 2020, Christophe Maudoux has developed a research activity on security anomalies detection by means of machine learning algorithms at Cnam/Cedric Lab.