LemonLDAP::NG -- A Full AAA Free Open Source WebSSO Solution

TL;DR

LemonLDAP::NG is a comprehensive, open-source WebSSO solution implementing full AAA protocols, with unique plug-in and handler-based protections, widely adopted for securing critical infrastructure and services.

Contribution

It introduces a full AAA WebSSO solution with innovative plug-in architecture and advanced protection mechanisms, supporting standard protocols and enabling flexible deployment.

Findings

Supports all standard AAA protocols

Widely adopted in government and industry

Offers plug-in and handler-based security features

Abstract

Nowadays, security is becoming a major issue and concern. More and more organizations like hospitals, metropolis or banks are under cyberattacks and have to improve their network infrastructure security. The first prerequisites are to authenticate users, to provide identity and to grant just the needed and useful accesses. These requirements can be solved by implementing a Single Sign-On (SSO) solution. It is an authentication scheme that permits a user to log in with a single identity to any of several related, yet independent, systems. It allows users to log in once and to access services without authenticating again. SSO solutions are classified depending on Authentication, Authorization, and Accounting features. The 'AAA' acronym defines a framework for intelligently controlling access to resources, enforcing security policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and cybersecurity. LemonLDAP::NG (LL::NG) is a full AAA WebSSO solution. It implements all standard authentication and identity federation (IdF) protocols. The main LL::NG's advantages compared to other products are its plug-in engine and its advanced handlerbased protection mechanism that can be employed to protect Server2Server exchanges or to offer the SSO as a Service, a solution to implement a full DevOps architecture. LL::NG is a community and professional project mainly employed by the French government to secure Police, Finance or Justice Ministries and a French mobile operator IT infrastructures since 2010. But for several years, contributions come from all around the world and LL::NG is becoming more and more popular.