LemonLDAP::NG is a Web Single Sign On system, it provides Authentication (LDAP, Active Directory, Kerberos, Database, SSL, Social Networks, CAS, SAML, OpenID Connect, ...), Authorization (access rules for applications based on attributes and groups) and Accounting (user identity in logs). Authentication, Authorization and Accounting is also known as AAA.
The software LemonLDAP was created in 2004 in a French Ministry and refactored in 2006 by Gendarmerie Nationale under the name LemonLDAP::NG.
The first implementation could only be used to authenticate users against an LDAP directory (that's why the name of the software is LemonLDAP) but the solution has evolved a lot and can be used with a lot of identity protocols, or even specific usage trough custom APIs.
Nowadays, the main power of LemonLDAP::NG is to be able to act as an identity provider for CAS protocol (Central Authentication Service), SAML 2.0 protocol (Security and Assertion Markup Language) and OIDC protocol (OpenID Connect). It allows connecting almost all web applications of the market to let users benefit from a single authentication step to access all their digital services.
As LemonLDAP::NG portal provides a single point of authentication, the solution provides recent and high level security components, like 2FA (Second Factor Authentication), also called MFA (Multi Factor Authentication). This improves the authentication process by asking the user to enter a temporary code or to enter a material token after using their password.
LemonLDAP::NG portal is also used as an application portal, displaying to end users the list of applications they can access, depending on their authorizations. This Self Service interface allows users to update their password, reset it if they lost it, or even create their account.
