SlideShare uma empresa Scribd logo

[OW2con19] LemonLDAP::NG success stories

Worteks
Worteks

Presentation of LemonLDAP::NG and how it is used by Gendarmerie Nationale and Orange

Tecnologia
1 de 41
Baixar para ler offline
LEMONLDAP::NG SUCCESS STORIES
12/06/2019 2 LemonLDAP::NG Software
12/06/2019 3 SSO Workflow Authentication Portal Application 2. Authentication 1. First access 3. Send SSO Token Trust link 4. Validate SSO token
12/06/2019 4 History 2003 2006 2010 2016 2018 Project creation Fork – version NG Protocols CAS, SAML and OpenID Version 1.0 Protocol OpenID Connect Second factors (2FA) Version 2.0
12/06/2019 5 Main features ● Web Single Sign On ● Access control ● Applications portal ● Authentication modules choice and chain ● Password management, account creation ● Multi-factor authentication (MFA) ● Protection of Web applications and API/WebServices ● Graphical customisation ● Packages for Debian/Ubuntu/RHEL/CentOS
12/06/2019 6 Login page
12/06/2019 7 Portal with application menu
12/06/2019 8 Web Administration interface
12/06/2019 9 Command Line Interface
12/06/2019 10 Free Software ● License GPL ● OW2 project ● Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng ● Site: https://lemonldap-ng.org ● OW2 Community Award in 2014 ● SSO component of FusionIAM project: https://fusioniam.org/
12/06/2019 11 Component roles Configurations Sessions Portal Manager Handler Application menu CAS SAML OpenID Connect Self Services SOAP/REST server Session management Configurations Sessions Notifications Second factors Access Control SSOaaS Web Service Token Custom
12/06/2019 12 Web application Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers
12/06/2019 13 CAS, SAML and OpenID Connect ● LL::NG can act as client and as server ● Attributes sharing ● Manage authentication contexts and levels ● Autogeneration of public/private keys ● Access control per services ● Publication of configuration data (metadata) ● Multi-protocols gateway ● Single logout
12/06/2019 14 Second Factor Authentication (2FA) ● LemonLDAP::NG can use the following 2FA: ● TOTP ● U2F ● TOTP or U2F ● Mail ● External ● REST ● Yubikey
12/06/2019 15 DevOps (SSO as a Service) Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers rules .json Access rules Exported headers
12/06/2019 16 API – Service Token Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers Token Handler Service Token Web Service Token HTTP headers Session read
12/06/2019 17 OpenID Connect / OAuth2 Sessions Portal Handler Web Application Authentication Session creation Session read OAuth2 Access Token HTTP headers
12/06/2019 18 RENATER / eduGAIN ● Support of RENATER / eduGAIN via SAML2: ● Service Provider ● Identity Provider ● Call to Identity Provider selection page (WAYF) via SAML Discovery Protocol ● Metadata bulk import script
12/06/2019 19 Plugin engine ● Portal code was fully rewritten, and it now allows to write plugins ● Plugin examples, provided by default: ● Auto Signin: direct authentication for some IP ● Brute Force: protect against brute-force attacks ● Stay Connected: "remember me" button ● Public Pages: create static pages using portal skin ● Impersonation: take the identity of another user ● Write a custom plugin: https://lemonldap-ng.org/documentation/latest/plugincustom
12/06/2019 20 The beginning of the journey
12/06/2019 2105/06/2019 Orange is a complex environment… With many people and kind of skills With thousands applications In a full motion environment
12/06/2019 22 Orange is a complex environment in complex world… § Orange made or bought. § Including SSO compatibility or not. § Accessible from Internet or Intranet. § Security access level specific for each. § Each application has its own livecyle. § Our users want the same quality on work tools than on the personnal offer on Internet. § Rise of « fashion tool ». Long time parthnerships § Orange people § Contractors § Partners § Universities On demand relationships § Freelances with few days contracts With many people and kind of skills With thousands applications In a full motion environment
12/06/2019 23 …With the constraints and needs than others… Manage all identification / authentication cases Manage all identification / authentication cases Allow access from different contexts Allow access from different contexts Keep things as transparent as possible for users Keep things as transparent as possible for users Manage all kinds of users Manage all kinds of users Provide many types of protocols Provide many types of protocols Guaranty high security level Guaranty high security level Flexible to support futur Flexible to support futur Guaranty a high availability level Guaranty a high availability level Keep It Complex Stupid Keep It Complex Stupid Simple Have a single system to authenticate users Have a single system to authenticate users
12/06/2019 24 …So we are building a scalable LemonLDAP::NG infrastructure… ConfigConfig SessionsSessions ConfigConfig SessionsSessions Kerber os Kerber os 11 then if user come from internal SAML A P P L I C A T I O N S A P P L I C A T I O N S E X T E R N A L E X T E R N A L I N T E R N A L I N T E R N A L HA int HA int Lemon int 1 Lemon int 1 Lemon int 2 Lemon int 2 HA ext HA ext Lemon ext 1 Lemon ext 1 Lemon ext 2 Lemon ext 2 OidCOidC 22 REST  LDAP REST  LDAP 33 LDAPLDAP 44 External accounts External accounts Orange accounts Orange accounts
12/06/2019 25 ...And we are at the beginning of the journey... We have tested LemonLdap in real conditions on many applications used by innovation people:
12/06/2019 26 …Under industrialisation by a specialized team. Another team to « build » Another team to « build » First team to « think » First team to « think » - Test LemonLdap and try to get its limits - Test the potential architectures - Test intégration with about 20 applications (gitlab, nextcloud, jira & confluence, Dokuwiki, Apache 2, Flexible Engine, Grafana, WebCom, WordPress, OpenStack…). - Test authentication protocols and ways (OTP, …) - Test LemonLdap and try to get its limits - Test the potential architectures - Test intégration with about 20 applications (gitlab, nextcloud, jira & confluence, Dokuwiki, Apache 2, Flexible Engine, Grafana, WebCom, WordPress, OpenStack…). - Test authentication protocols and ways (OTP, …) - Get the results of the previous level to create an « industrial solution » able to support millions people. - Get the results of the previous level to create an « industrial solution » able to support millions people. Final team to« Run » Final team to« Run »
12/06/2019 27 Orange-Worteks Partnership ● Worteks offers a framework contract for support around LemonLDAP::NG and other free softwares, with two parts: ● Incident management: a ticket can be opened to solve any fault on a production or development system (business hours) ● Evolutions: a request can be done to fix bugs or code new features in the software ● Any Orange Business Unit can request a contract, prices are already defined ● It can then contribute to LemonLDAP::NG roadmap by requesting evolutions
12/06/2019 2805/06/2019 28 Thanks to all the contributors Thank you to all the contributors to this project, for their competence, their good humor and their motivation that are overcoming all the problems that veinly tried to stand up against us: ● The LemonLDAP::NG Team (Clément, Xavier and all the others). ● Worteks for the support. ● Orange internal contributors : Christian P., Laurence T. , Daniel V., David M., Ronan H.B., Aurelien P., Alexandre L., Jean-Louis F. ● All others success keys in this project:
12/06/2019 29 Gendarmerie Nationale ST(SI)²
12/06/2019 30 History ● 2002: First WebSSO GN (SiteMinder) ● Licencing cost : 90 k€/year for 5000 users (target ~1 M€/year) → Take LemonLDAP over from the Ministry of finance ● 2005: Development of LL::NG (fork), SSO now used by (almost) all civil services
12/06/2019 31 Budget ● Project build (excluding machine cost) : ● Between 2005 and 2015: ~ 150 k€ ● 2015 : 100 K€ ● 2016 & 2017: 0 € ● 2018 : 25 k€ ● 2019 : 0 €
12/06/2019 32 Technical team for all ST(SI) SSO² ● X. Guimard : Lead developer LL::NG ● S. Marcq : Project manager ● A. Rosier & C.Maudoux : developers and administrators
12/06/2019 33 Platforms ● Proxyma → GN ● CheopsNG → PN ● PSI → SP (SAML with interior security services) ● Judiweb → SP RIE (government network) ● Curasso & Espresso → internet SSO ● SAML with 12 civil services
12/06/2019 34 Proxyma : SSO GN ● ~ 22 millions requests / day ● ~ 65 000 unique users / day ● 253 different applications used / day ● 12 reverse proxies ● 7 LDAP servers ● 4 portals
12/06/2019 35 Top 10 connection’s peak during 10 min
12/06/2019 36 Top 10 event’s peak during 10 min
12/06/2019 37 Top 10 unique user’s peak during 10 min
12/06/2019 38 Unique users / month
12/06/2019 39 « good authentification » / month
12/06/2019 40 2019/2020 Evolution ● Upgrade all platform → LL::NG 2.0 ● Connect Agent implementation ● 2FA implementation ● Cloud : SSO as a service (handler devops + scalability)
4141 THANKS Pour plus d’informations : info@worteks.com @worteks_com linkedin.com/company/worteks

Recomendados

Micro Frontends Architecture - Jitendra kumawat (Guavus)
Micro Frontends Architecture - Jitendra kumawat (Guavus)Micro Frontends Architecture - Jitendra kumawat (Guavus)
Micro Frontends Architecture - Jitendra kumawat (Guavus)Tech Triveni
 
Building a Browser for Automotive: Alternatives, Challenges and Recommendations
Building a Browser for Automotive: Alternatives, Challenges and RecommendationsBuilding a Browser for Automotive: Alternatives, Challenges and Recommendations
Building a Browser for Automotive: Alternatives, Challenges and Recommendationsjuanjosanchezpenas
 
webthing-iotjs-20181027rzr
webthing-iotjs-20181027rzrwebthing-iotjs-20181027rzr
webthing-iotjs-20181027rzrPhil www.rzr.online.fr
 
Android Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - IntroductionAndroid Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - IntroductionAndreas Jakl
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with PieOpersys inc.
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
webthing-iotjs-tizenrt-cdl2018-20181117rzr
webthing-iotjs-tizenrt-cdl2018-20181117rzrwebthing-iotjs-tizenrt-cdl2018-20181117rzr
webthing-iotjs-tizenrt-cdl2018-20181117rzrPhil www.rzr.online.fr
 

Recomendados

Micro Frontends Architecture - Jitendra kumawat (Guavus)
Micro Frontends Architecture - Jitendra kumawat (Guavus)Micro Frontends Architecture - Jitendra kumawat (Guavus)
Micro Frontends Architecture - Jitendra kumawat (Guavus)Tech Triveni
 
Building a Browser for Automotive: Alternatives, Challenges and Recommendations
Building a Browser for Automotive: Alternatives, Challenges and RecommendationsBuilding a Browser for Automotive: Alternatives, Challenges and Recommendations
Building a Browser for Automotive: Alternatives, Challenges and Recommendationsjuanjosanchezpenas
 
webthing-iotjs-20181027rzr
webthing-iotjs-20181027rzrwebthing-iotjs-20181027rzr
webthing-iotjs-20181027rzrPhil www.rzr.online.fr
 
Android Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - IntroductionAndroid Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - IntroductionAndreas Jakl
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with PieOpersys inc.
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
webthing-iotjs-tizenrt-cdl2018-20181117rzr
webthing-iotjs-tizenrt-cdl2018-20181117rzrwebthing-iotjs-tizenrt-cdl2018-20181117rzr
webthing-iotjs-tizenrt-cdl2018-20181117rzrPhil www.rzr.online.fr
 
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Paolo Nesi
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshJamesAnderson599331
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowKarim Yaghmour
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Efficient and effective: can we combine both to realize high-value, open, sca...
Efficient and effective: can we combine both to realize high-value, open, sca...Efficient and effective: can we combine both to realize high-value, open, sca...
Efficient and effective: can we combine both to realize high-value, open, sca...Research Data Alliance
 
Mobile Apps from TYPO3
Mobile Apps from TYPO3Mobile Apps from TYPO3
Mobile Apps from TYPO3Bodor László
 
Manage Your Router with Dynamic Public IP
Manage Your Router with Dynamic Public IPManage Your Router with Dynamic Public IP
Manage Your Router with Dynamic Public IPGLC Networks
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
What are DApps, and how are they useful?
What are DApps, and how are they useful?What are DApps, and how are they useful?
What are DApps, and how are they useful?OliviaJune1
 
Embedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VEmbedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VOpersys inc.
 
Embedded Android Workshop with Oreo
Embedded Android Workshop with OreoEmbedded Android Workshop with Oreo
Embedded Android Workshop with OreoOpersys inc.
 
mEducation Alliance Symposium - Oct 2019
mEducation Alliance Symposium - Oct 2019mEducation Alliance Symposium - Oct 2019
mEducation Alliance Symposium - Oct 2019Hal Speed
 
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013Paolo Viskanic
 
Lowering the entry barrier for INSPIRE compliant Web Services
Lowering the entry barrier for INSPIRE compliant Web ServicesLowering the entry barrier for INSPIRE compliant Web Services
Lowering the entry barrier for INSPIRE compliant Web Servicessmespire
 
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...IBM Connections Developers
 
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Niklas Heidloff
 
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE Platform
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE PlatformECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE Platform
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE PlatformJangHee Lee
 
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...Worteks
 
[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a Service[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a ServiceWorteks
 

Mais conteúdo relacionado

Semelhante a [OW2con19] LemonLDAP::NG success stories

Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Paolo Nesi
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshJamesAnderson599331
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowKarim Yaghmour
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Efficient and effective: can we combine both to realize high-value, open, sca...
Efficient and effective: can we combine both to realize high-value, open, sca...Efficient and effective: can we combine both to realize high-value, open, sca...
Efficient and effective: can we combine both to realize high-value, open, sca...Research Data Alliance
 
Mobile Apps from TYPO3
Mobile Apps from TYPO3Mobile Apps from TYPO3
Mobile Apps from TYPO3Bodor László
 
Manage Your Router with Dynamic Public IP
Manage Your Router with Dynamic Public IPManage Your Router with Dynamic Public IP
Manage Your Router with Dynamic Public IPGLC Networks
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
What are DApps, and how are they useful?
What are DApps, and how are they useful?What are DApps, and how are they useful?
What are DApps, and how are they useful?OliviaJune1
 
Embedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VEmbedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VOpersys inc.
 
Embedded Android Workshop with Oreo
Embedded Android Workshop with OreoEmbedded Android Workshop with Oreo
Embedded Android Workshop with OreoOpersys inc.
 
mEducation Alliance Symposium - Oct 2019
mEducation Alliance Symposium - Oct 2019mEducation Alliance Symposium - Oct 2019
mEducation Alliance Symposium - Oct 2019Hal Speed
 
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013Paolo Viskanic
 
Lowering the entry barrier for INSPIRE compliant Web Services
Lowering the entry barrier for INSPIRE compliant Web ServicesLowering the entry barrier for INSPIRE compliant Web Services
Lowering the entry barrier for INSPIRE compliant Web Servicessmespire
 
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...IBM Connections Developers
 
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Niklas Heidloff
 
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE Platform
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE PlatformECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE Platform
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE PlatformJangHee Lee
 

Semelhante a [OW2con19] LemonLDAP::NG success stories (20)

Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
Snap4City November 2019 Course: Smart City IOT platform installation, deploy,...
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Efficient and effective: can we combine both to realize high-value, open, sca...
Efficient and effective: can we combine both to realize high-value, open, sca...Efficient and effective: can we combine both to realize high-value, open, sca...
Efficient and effective: can we combine both to realize high-value, open, sca...
 
Mobile Apps from TYPO3
Mobile Apps from TYPO3Mobile Apps from TYPO3
Mobile Apps from TYPO3
 
Manage Your Router with Dynamic Public IP
Manage Your Router with Dynamic Public IPManage Your Router with Dynamic Public IP
Manage Your Router with Dynamic Public IP
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
 
What are DApps, and how are they useful?
What are DApps, and how are they useful?What are DApps, and how are they useful?
What are DApps, and how are they useful?
 
Embedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon VEmbedded Android Workshop at AnDevCon V
Embedded Android Workshop at AnDevCon V
 
Embedded Android Workshop with Oreo
Embedded Android Workshop with OreoEmbedded Android Workshop with Oreo
Embedded Android Workshop with Oreo
 
mEducation Alliance Symposium - Oct 2019
mEducation Alliance Symposium - Oct 2019mEducation Alliance Symposium - Oct 2019
mEducation Alliance Symposium - Oct 2019
 
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013
FreeGIS.net presentation at the Geospatial World Forum in Rotterdam 2013
 
Lowering the entry barrier for INSPIRE compliant Web Services
Lowering the entry barrier for INSPIRE compliant Web ServicesLowering the entry barrier for INSPIRE compliant Web Services
Lowering the entry barrier for INSPIRE compliant Web Services
 
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
 
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
Programmatic Access to and Extensibility of the IBM SmartCloud for Social Bus...
 
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE Platform
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE PlatformECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE Platform
ECCK Innovation Forum 2018 - Industry Renaissance with 3DEXPERIENCE Platform
 

Mais de Worteks

[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...Worteks
 
[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a Service[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a ServiceWorteks
 
[Identity Days 2021] Quel avenir pour OpenLDAP ?
[Identity Days 2021] Quel avenir pour OpenLDAP ?[Identity Days 2021] Quel avenir pour OpenLDAP ?
[Identity Days 2021] Quel avenir pour OpenLDAP ?Worteks
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwaresWorteks
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwaresWorteks
 
[AFUP Lyon 2021] LDAP Tool Box Self Service Password
[AFUP Lyon 2021] LDAP Tool Box Self Service Password[AFUP Lyon 2021] LDAP Tool Box Self Service Password
[AFUP Lyon 2021] LDAP Tool Box Self Service PasswordWorteks
 
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
[OpenDay 2021] Logiciel libre, entreprises et modèles économiquesWorteks
 
[Campus du Libre 2020] Présentation de la solution W'Sweet
[Campus du Libre 2020] Présentation de la solution W'Sweet[Campus du Libre 2020] Présentation de la solution W'Sweet
[Campus du Libre 2020] Présentation de la solution W'SweetWorteks
 
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...Worteks
 
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'SweetWorteks
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...Worteks
 
[OW2online 2020] LDAP Synchronization Connector
[OW2online 2020] LDAP Synchronization Connector[OW2online 2020] LDAP Synchronization Connector
[OW2online 2020] LDAP Synchronization ConnectorWorteks
 
[Aperhologramme 2020] Comment faire du logiciel libre ?
[Aperhologramme 2020] Comment faire du logiciel libre ?[Aperhologramme 2020] Comment faire du logiciel libre ?
[Aperhologramme 2020] Comment faire du logiciel libre ?Worteks
 
[POSS 2019] OVirt and Ceph: Perfect Combination.?
[POSS 2019] OVirt and Ceph: Perfect Combination.?[POSS 2019] OVirt and Ceph: Perfect Combination.?
[POSS 2019] OVirt and Ceph: Perfect Combination.?Worteks
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NGWorteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
[POSS 2019] Learn AWK in 15 minutes
[POSS 2019] Learn AWK in 15 minutes[POSS 2019] Learn AWK in 15 minutes
[POSS 2019] Learn AWK in 15 minutesWorteks
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...Worteks
 
[LDAPCon 2019] The FusionIAM initiative
[LDAPCon 2019] The FusionIAM initiative[LDAPCon 2019] The FusionIAM initiative
[LDAPCon 2019] The FusionIAM initiativeWorteks
 
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...Worteks
 

Mais de Worteks (20)

[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
 
[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a Service[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a Service
 
[Identity Days 2021] Quel avenir pour OpenLDAP ?
[Identity Days 2021] Quel avenir pour OpenLDAP ?[Identity Days 2021] Quel avenir pour OpenLDAP ?
[Identity Days 2021] Quel avenir pour OpenLDAP ?
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
 
[AFUP Lyon 2021] LDAP Tool Box Self Service Password
[AFUP Lyon 2021] LDAP Tool Box Self Service Password[AFUP Lyon 2021] LDAP Tool Box Self Service Password
[AFUP Lyon 2021] LDAP Tool Box Self Service Password
 
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
 
[Campus du Libre 2020] Présentation de la solution W'Sweet
[Campus du Libre 2020] Présentation de la solution W'Sweet[Campus du Libre 2020] Présentation de la solution W'Sweet
[Campus du Libre 2020] Présentation de la solution W'Sweet
 
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
 
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
 
[OW2online 2020] LDAP Synchronization Connector
[OW2online 2020] LDAP Synchronization Connector[OW2online 2020] LDAP Synchronization Connector
[OW2online 2020] LDAP Synchronization Connector
 
[Aperhologramme 2020] Comment faire du logiciel libre ?
[Aperhologramme 2020] Comment faire du logiciel libre ?[Aperhologramme 2020] Comment faire du logiciel libre ?
[Aperhologramme 2020] Comment faire du logiciel libre ?
 
[POSS 2019] OVirt and Ceph: Perfect Combination.?
[POSS 2019] OVirt and Ceph: Perfect Combination.?[POSS 2019] OVirt and Ceph: Perfect Combination.?
[POSS 2019] OVirt and Ceph: Perfect Combination.?
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
 
[POSS 2019] Learn AWK in 15 minutes
[POSS 2019] Learn AWK in 15 minutes[POSS 2019] Learn AWK in 15 minutes
[POSS 2019] Learn AWK in 15 minutes
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
 
[LDAPCon 2019] The FusionIAM initiative
[LDAPCon 2019] The FusionIAM initiative[LDAPCon 2019] The FusionIAM initiative
[LDAPCon 2019] The FusionIAM initiative
 
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
 

Último

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Último (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

[OW2con19] LemonLDAP::NG success stories

  • 3. 12/06/2019 3 SSO Workflow Authentication Portal Application 2. Authentication 1. First access 3. Send SSO Token Trust link 4. Validate SSO token
  • 4. 12/06/2019 4 History 2003 2006 2010 2016 2018 Project creation Fork – version NG Protocols CAS, SAML and OpenID Version 1.0 Protocol OpenID Connect Second factors (2FA) Version 2.0
  • 5. 12/06/2019 5 Main features ● Web Single Sign On ● Access control ● Applications portal ● Authentication modules choice and chain ● Password management, account creation ● Multi-factor authentication (MFA) ● Protection of Web applications and API/WebServices ● Graphical customisation ● Packages for Debian/Ubuntu/RHEL/CentOS
  • 7. 12/06/2019 7 Portal with application menu
  • 10. 12/06/2019 10 Free Software ● License GPL ● OW2 project ● Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng ● Site: https://lemonldap-ng.org ● OW2 Community Award in 2014 ● SSO component of FusionIAM project: https://fusioniam.org/
  • 11. 12/06/2019 11 Component roles Configurations Sessions Portal Manager Handler Application menu CAS SAML OpenID Connect Self Services SOAP/REST server Session management Configurations Sessions Notifications Second factors Access Control SSOaaS Web Service Token Custom
  • 12. 12/06/2019 12 Web application Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers
  • 13. 12/06/2019 13 CAS, SAML and OpenID Connect ● LL::NG can act as client and as server ● Attributes sharing ● Manage authentication contexts and levels ● Autogeneration of public/private keys ● Access control per services ● Publication of configuration data (metadata) ● Multi-protocols gateway ● Single logout
  • 14. 12/06/2019 14 Second Factor Authentication (2FA) ● LemonLDAP::NG can use the following 2FA: ● TOTP ● U2F ● TOTP or U2F ● Mail ● External ● REST ● Yubikey
  • 15. 12/06/2019 15 DevOps (SSO as a Service) Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers rules .json Access rules Exported headers
  • 16. 12/06/2019 16 API – Service Token Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers Token Handler Service Token Web Service Token HTTP headers Session read
  • 17. 12/06/2019 17 OpenID Connect / OAuth2 Sessions Portal Handler Web Application Authentication Session creation Session read OAuth2 Access Token HTTP headers
  • 18. 12/06/2019 18 RENATER / eduGAIN ● Support of RENATER / eduGAIN via SAML2: ● Service Provider ● Identity Provider ● Call to Identity Provider selection page (WAYF) via SAML Discovery Protocol ● Metadata bulk import script
  • 19. 12/06/2019 19 Plugin engine ● Portal code was fully rewritten, and it now allows to write plugins ● Plugin examples, provided by default: ● Auto Signin: direct authentication for some IP ● Brute Force: protect against brute-force attacks ● Stay Connected: "remember me" button ● Public Pages: create static pages using portal skin ● Impersonation: take the identity of another user ● Write a custom plugin: https://lemonldap-ng.org/documentation/latest/plugincustom
  • 20. 12/06/2019 20 The beginning of the journey
  • 21. 12/06/2019 2105/06/2019 Orange is a complex environment… With many people and kind of skills With thousands applications In a full motion environment
  • 22. 12/06/2019 22 Orange is a complex environment in complex world… § Orange made or bought. § Including SSO compatibility or not. § Accessible from Internet or Intranet. § Security access level specific for each. § Each application has its own livecyle. § Our users want the same quality on work tools than on the personnal offer on Internet. § Rise of « fashion tool ». Long time parthnerships § Orange people § Contractors § Partners § Universities On demand relationships § Freelances with few days contracts With many people and kind of skills With thousands applications In a full motion environment
  • 23. 12/06/2019 23 …With the constraints and needs than others… Manage all identification / authentication cases Manage all identification / authentication cases Allow access from different contexts Allow access from different contexts Keep things as transparent as possible for users Keep things as transparent as possible for users Manage all kinds of users Manage all kinds of users Provide many types of protocols Provide many types of protocols Guaranty high security level Guaranty high security level Flexible to support futur Flexible to support futur Guaranty a high availability level Guaranty a high availability level Keep It Complex Stupid Keep It Complex Stupid Simple Have a single system to authenticate users Have a single system to authenticate users
  • 24. 12/06/2019 24 …So we are building a scalable LemonLDAP::NG infrastructure… ConfigConfig SessionsSessions ConfigConfig SessionsSessions Kerber os Kerber os 11 then if user come from internal SAML A P P L I C A T I O N S A P P L I C A T I O N S E X T E R N A L E X T E R N A L I N T E R N A L I N T E R N A L HA int HA int Lemon int 1 Lemon int 1 Lemon int 2 Lemon int 2 HA ext HA ext Lemon ext 1 Lemon ext 1 Lemon ext 2 Lemon ext 2 OidCOidC 22 REST  LDAP REST  LDAP 33 LDAPLDAP 44 External accounts External accounts Orange accounts Orange accounts
  • 25. 12/06/2019 25 ...And we are at the beginning of the journey... We have tested LemonLdap in real conditions on many applications used by innovation people:
  • 26. 12/06/2019 26 …Under industrialisation by a specialized team. Another team to « build » Another team to « build » First team to « think » First team to « think » - Test LemonLdap and try to get its limits - Test the potential architectures - Test intégration with about 20 applications (gitlab, nextcloud, jira & confluence, Dokuwiki, Apache 2, Flexible Engine, Grafana, WebCom, WordPress, OpenStack…). - Test authentication protocols and ways (OTP, …) - Test LemonLdap and try to get its limits - Test the potential architectures - Test intégration with about 20 applications (gitlab, nextcloud, jira & confluence, Dokuwiki, Apache 2, Flexible Engine, Grafana, WebCom, WordPress, OpenStack…). - Test authentication protocols and ways (OTP, …) - Get the results of the previous level to create an « industrial solution » able to support millions people. - Get the results of the previous level to create an « industrial solution » able to support millions people. Final team to« Run » Final team to« Run »
  • 27. 12/06/2019 27 Orange-Worteks Partnership ● Worteks offers a framework contract for support around LemonLDAP::NG and other free softwares, with two parts: ● Incident management: a ticket can be opened to solve any fault on a production or development system (business hours) ● Evolutions: a request can be done to fix bugs or code new features in the software ● Any Orange Business Unit can request a contract, prices are already defined ● It can then contribute to LemonLDAP::NG roadmap by requesting evolutions
  • 28. 12/06/2019 2805/06/2019 28 Thanks to all the contributors Thank you to all the contributors to this project, for their competence, their good humor and their motivation that are overcoming all the problems that veinly tried to stand up against us: ● The LemonLDAP::NG Team (Clément, Xavier and all the others). ● Worteks for the support. ● Orange internal contributors : Christian P., Laurence T. , Daniel V., David M., Ronan H.B., Aurelien P., Alexandre L., Jean-Louis F. ● All others success keys in this project:
  • 30. 12/06/2019 30 History ● 2002: First WebSSO GN (SiteMinder) ● Licencing cost : 90 k€/year for 5000 users (target ~1 M€/year) → Take LemonLDAP over from the Ministry of finance ● 2005: Development of LL::NG (fork), SSO now used by (almost) all civil services
  • 31. 12/06/2019 31 Budget ● Project build (excluding machine cost) : ● Between 2005 and 2015: ~ 150 k€ ● 2015 : 100 K€ ● 2016 & 2017: 0 € ● 2018 : 25 k€ ● 2019 : 0 €
  • 32. 12/06/2019 32 Technical team for all ST(SI) SSO² ● X. Guimard : Lead developer LL::NG ● S. Marcq : Project manager ● A. Rosier & C.Maudoux : developers and administrators
  • 33. 12/06/2019 33 Platforms ● Proxyma → GN ● CheopsNG → PN ● PSI → SP (SAML with interior security services) ● Judiweb → SP RIE (government network) ● Curasso & Espresso → internet SSO ● SAML with 12 civil services
  • 34. 12/06/2019 34 Proxyma : SSO GN ● ~ 22 millions requests / day ● ~ 65 000 unique users / day ● 253 different applications used / day ● 12 reverse proxies ● 7 LDAP servers ● 4 portals
  • 35. 12/06/2019 35 Top 10 connection’s peak during 10 min
  • 36. 12/06/2019 36 Top 10 event’s peak during 10 min
  • 37. 12/06/2019 37 Top 10 unique user’s peak during 10 min
  • 39. 12/06/2019 39 « good authentification » / month
  • 40. 12/06/2019 40 2019/2020 Evolution ● Upgrade all platform → LL::NG 2.0 ● Connect Agent implementation ● 2FA implementation ● Cloud : SSO as a service (handler devops + scalability)
  • 41. 4141 THANKS Pour plus d’informations : info@worteks.com @worteks_com linkedin.com/company/worteks