 Hi, thank you for being here. I'm very happy to be there, too, and to present LemanLapNg2.0. Maybe a quick question. Who knows about LemanLapNg2.0 in this room? Oh, great. Some of these people are from my company, so they knew the cheat, but I'm happy to see that other people also knew it. I'm here to present this brand new release because we worked three years to be able to release it, and we have a lot of new features. First, I will, for people that didn't know this product, I will present it. LemanLapNg2 is about single sign-in and web single sign-in, so a smaller picture to understand how it works. The goal is to protect access to web applications and to give authentication to the application. So when a user wants to connect to the application the first time, he needs to be able to authenticate, so he will be redirected on the authentication portal. So LemanLapNg2 is a software that implements the authentication portal. When he logs in, he will have a single sign-in token, a security token, and this token will be used by the application to authenticate the users. So there is a trust between the application and the single sign-in system, and we see this trust can be used with many protocols, like maybe you know a CAS protocol, SAML protocol, OpenIDConnect, etc. The goal is when the user connects to another application, a twice application, a fraud application, as he already owns a security token, he will be able to connect without logging in again. So he will just have to enter his password or anything else at the first finish. Some history, it's a very old software. It was built in France, it now used in other countries, of course. The fork was done with the NG version, which is new generation, but which is also gendarmerie nationale in France, so there are the same latest. It's very used in administration in France, but also in private companies. And we implement a lot of protocols, and the last one was OpenIDConnect, and we released last year the 2.0 version with the second factor feature. So what are the main features? Of course web single sign-in, but we also provide access control. It means that you can configure in the centralized database which are the access rules to the application. So you can say this group of users can access to an cloud, but this other group cannot access, can access to the intranet, etc. So you can use any information of the users to control the access. This provides a portal in which you can see your application, and of course you only see the application that you have access to. So users cannot click on applications that they can't access. We have a lot of authentication models, we will see that. We have some self-services, so a user can of course change his password, or ask a password reset, or ask an account question. And of multi-factor authentication, we protect web application, and we'll see that we are also able to protect web services and API. Of course it's an open source and free software project, so you can customize it, and we provide some packages for main distribution. It's GPL, it's a project from OW2, maybe some of you know this foundation. You can access it on our website. And we are building a full identity on an access management project, which is called Fusion IAM, in which you will find open LDAP, Fusion Directory, LEM and LDAP NG, LDAP Toolbox, and I see a lot of tools, open source tools, to build a full identity on an access management solution. So LEM and LDAP NG is a single sign-in component of these big tools. So what inside the project, I try to put some colors to make this happier. What is important, you see that you have a configuration and session that is based in the center of the project. You can use anything you want for this. This can be local files, this can be PostgreSQL database, this can be an LAP directory, this can be a Redis or MongoDB, no SQL database. And then the portal will be the visible part of the product in which the user will be able to log in, and then to get the SAML, CAS, OpenID tokens to use a sub-service, et cetera. The manager is just an administrative interface in which you can see the configurations, you can see the sessions. And the handler is a small agent we will see just after how it works, which will be protecting the web application. It is not mandatory to use a handler to do a single sign-in with LEM and LDAP NG because you see that we support CAS, SAML, and OpenID Connect protocol. This means if your application is already compatible with these protocols, you can directly plug in this application to LEM and LDAP NG. If you don't have any compatibility with these protocols, you can use the agent, which is the handler, that will be set in front of your web application and that will intercept all the calls on the HTTP request done to the application. So when a user wants to access your application, the handler controls the request, sees if there is a single sign-in token, which is a cookie, and it will match this cookie with the session in the database. And if this match, it will be able to control the access walls and then to send the identity of the user through an HTTP header. So you can deliver to web applications the identity of the user, like you do with a simple Apache authentication module. Maybe some of you know how to set up a ModOddBasic or ModOddLDAP in Apache. The handler is the same thing as an Apache authentication module. So the application is just reading inside the HTTP request the identity of the user. Of course, you can use anything on these standard protocols. LEM and LDAP NG is a client and server on these protocols. So of course, it is an identity provider. So you can connect any application that is a CAS client or a SAML client to LEM and LDAP NG. But if you already have a CAS server or a Binary Connect server in your organization, LEM and LDAP NG can also be the client. So you can delegate the authentication to your main identity server. You do attribute sharing. We do a lot of things in these protocols. Of course, we manage the public private case and we add the access control over these protocols. Because these protocols are just authentication protocols, they are just designed to tell the application, okay, this user is connected. Here is this security token and the application trusts the security token. But we can also, with LEM and LDAP NG, choose to deliver the security token to the client's access rules. So if you don't want a user to access this application, LEM and LDAP NG will refuse to deliver the security token to this application. So a good feature is also to be able to be a gateway between these protocols. You can imagine, for example, you have a CAS server in your organization and you have an application with this SAML client. You can put LEM and LDAP NG between. LEM and LDAP NG will be the SAML server for your SAML application and will be the CAS client for your CAS server. So you will be able to link any application with any protocols with it. And the last point, single logout, which is very important, is because single sign-on is just to authenticate the users on all applications. But we also want to be able to logout the user. So single logout is how I tell all applications to logout the user. So what are the big new features? The first is linked to the presentation that was just before me, which is the second factor authentication. So if you were there just before, the guy from on-cloud said they can handle two-factor authentication. With LEM and LDAP NG, we are also able to handle this second factor authentication and we are able to protect on-cloud. So you can also do second factor authentication on-cloud through LEM and LDAP NG. This is another solution to do it. So you see we are doing QTP, UBK, etc. With configuration vacants, you see that we were able to store it in files and database, etc. We now use new vacants like YAML file or REST, etc. For people that are doing JavaScript or Node, there is a native handler, native authentication agent for Node.js, because maybe I didn't say it, but all the product is written in pair. So all people are not aware of the per language. So you can also use a native JavaScript client. We wanted to add the DevOps keyword in our product, so we did it. We are very proud of it. The goal is to be able to deploy an application with a single configuration file inside the container. So you can deploy an application without declaring it inside the main configuration. It will read its own rules from its container. So this is a single sign-in as a service. And also a big new feature is the web service protection. So we, if you already manage your web services or API, you know that authenticating people to API is not easy, because the people are not accessing directly the API. You are accessing to a web application, and this web application will access to the API with your credentials. But of course, you don't want to share your password with the application. You don't want that the application re-send your own password to the API. So we found a solution. You see that we still have the handler, so the authentication agent in front of the web application. But we are able to put a second handler between the web application and the web services, the API. And the first agent is able to generate a token. This token will be sent to the web application, and the web application is able to send a request to the web service with this token. This token is linked to the user session. So the service token handler will be able to find which user is requesting the web services and the web services. So you will be able to do two things. The first is to do access control on the web services. You can say, okay, this token is owned by this user and this user can access to this web service or cannot access to this web service. So the web service don't manage the authorization. And the handler will also forward the user identity to the web service. So the request will be sent to the web service with the user login, email, or whatever you want. And all this is configured inside the LemanNet App Engine. Regarding authentication models, we have some new models. We already have between 10 and 15 authentication models. We add these four models, but we can already authenticate through IDAP, Active Directory, KBOS, SSL certificates, et cetera. And you can write your own authentication models. We do some modification on the manager, the administration interface. You can know compare to configuration when you modify one configuration. In LemanNet App Engine, since the beginning, when you edit a configuration, we generate a new configuration with a new number. And now you can see with the graphical interface what are the differences. Of course, we added the second factor. So you can know manage second factor. You can delete a second factor for a user, for example. And you can sort a session. If you know Renata or Edugain organization, we are not fully compatible with this organization. So you can do identity federation with LemanNet App Engine. And we have a plugin engine, so you can write any new feature with a simple plugin inside LemanNet App Engine. So we have already some plugins which are in the core product, but you can write your own plugin. And to conclude, a list of new features. We have our rest services. We have many transitions, and you can select your language. We are now with the Brutal App 4 for the graphical interface, et cetera, et cetera. Right. I'm in the time.