LL::NG can use federation protocols (SAML, CAS, OpenID) independently to:
So you can configure it to authenticate users using a federation protocol and simultaneously to provide identities using other(s) federation protocols.
Schemes tested:
Note that OpenID-Connect consortium hasn’t already defined single-logout initiated by OpenID-Connect Provider. LLNG will implement it when this standard will be published.
Attention
Federation proxy installation can be complex. Don’t hesitate to contact us on lemonldap-ng-users@ow2.org
See the following chapters: