Authelia - The Single Sign-On Multi-Factor Authentication Server

  •        492

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies like nginx, Traefik or HAProxy to let them know whether requests should either be allowed or redirected to Authelia's portal for authentication. Authelia works in combination with nginx, Traefik or HAProxy. It can be deployed on bare metal with Docker or on top of Kubernetes.

Its features include:

  • Login portal to allow your users to login once and access everything.
  • Users stored in a LDAP to provide their username and password as first factor.
  • U2F security keys like Yubikeys as second factor.
  • Supports Time-base one-time password generated by apps like Google Authenticator.
  • Mobile push notifications is the new trendy second factor method. When second factor is requested by Authelia, a notification is sent on your phone that you can either accept or deny.
  • Password reset - let your users reset their passwords with email confirmation in a few clicks.
  • Regulates the number of login attempts made by a user to avoid brute force attacks.
  • supports U2F security keys like Yubikeys as second factor.
  • Allows to define a fine-grained rule-based access control policy in configuration
  • supports the OpenID Connect OP role as a beta feature. The OP role is the OpenID Connect Provider role, not the Relaying Party or RP role. This means other applications that implement the OpenID Connect RP role can use Authelia as an authentication and authorization backend similar to how you may use social media or development platforms for login.

https://www.authelia.com
https://github.com/authelia/authelia

Tags
Implementation
License
Platform

   




Related Projects

LemonLDAP::NG - Web Single Sign On and Access Management Free Software

  •    Perl

LemonLDAP::NG is a complete and modular Web-SSO system that can run with reverse-proxies or directly on application webservers. It can be used in conjunction with OpenID-Connect, CAS and SAML systems as identity or service provider. It can also be used as proxy between those federation systems.

privacyIDEA - Modular Authentication System

  •    Python

privacyIDEA is a Two Factor Authentication System which is multi-tenency- and multi-instance-capable. Using privacyIDEA you can enhance your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication.

two-factor - Two-Factor Authentication for WordPress.

  •    PHP

Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes. For more history, see this post.

django-two-factor-auth - Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects

  •    Python

Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django's built-in authentication framework django.contrib.auth for providing the easiest integration into most Django projects. Inspired by the user experience of Google's Two-Step Authentication, allowing users to authenticate through call, text messages (SMS), by using a token generator app like Google Authenticator or a YubiKey hardware token generator (optional). I would love to hear your feedback on this package. If you run into problems, please file an issue on GitHub, or contribute to the project by forking the repository and sending some pull requests. The package is translated into English, Dutch and other languages. Please contribute your own language using Transifex.

FreeOTP - Two factor authentication

  •    Java

FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code. If you need to generate a QR code, try our QR code generator.


aws-mfa - Manage AWS MFA Security Credentials

  •    Python

aws-mfa makes it easy to manage your AWS SDK Security Credentials when Multi-Factor Authentication (MFA) is enforced on your AWS account. It automates the process of obtaining temporary credentials from the AWS Security Token Service and updating your AWS Credentials file (located at ~/.aws/credentials). Traditional methods of managing MFA-based credentials requires users to write their own bespoke scripts/wrappers to fetch temporary credentials from STS and often times manually update their AWS credentials file. short-term - A temporary set of credentials that are generated by AWS STS using your long-term credentials in combination with your MFA device serial number (either a hardware device serial number or virtual device ARN) and one time token code. Your short term credentials are the credentials that are actively utilized by the AWS SDK in use.

M-Pin - Two Factor Authentication For Web sites

  •    Java

M-Pin Strong Authentication System enables true two-factor authentication for web sites and applications, based on the open source M-Pin Authentication Server and M-Pin Managed Service. The M-Pin™ Managed Service is a highly available, fault tolerant software as a service that issues cryptographic secrets to M-Pin Authentication Servers and Clients.

TwoFactorAuth - PHP library for Two Factor Authentication (TFA / 2FA)

  •    PHP

PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on but most importantly an improvement on 'PHPGangsta/GoogleAuthenticator'. There's a .Net implementation of this library as well. Here are some code snippets that should help you get started...

two-factor-bundle - Two-factor authentication for Symfony applications

  •    PHP

... and follow the installation instructions. Detailed documentation of all features can be found in the Resources/doc directory.

google2fa-laravel - A One Time Password Authentication package, compatible with Google Authenticator for Laravel

  •    PHP

Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. This package is a Laravel bridge to Google2FA's PHP package.

twofactorauth - List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software

  •    HTML

A list of popular sites and whether or not they accept two factor auth. The goal is to build a website (TwoFactorAuth.org) with a comprehensive list of sites that support Two Factor Authentication, as well as the methods that they provide.

2fa - Two-factor authentication on the command line

  •    Go

2fa is a two-factor authentication agent. 2fa -add name adds a new key to the 2fa keychain with the given name. It prints a prompt to standard error and reads a two-factor key from standard input. Two-factor keys are short case-insensitive strings of letters A-Z and digits 2-7.

Apereo CAS - Enterprise Single Sign On for all earthlings and beyond

  •    Java

Welcome to the home of the Central Authentication Service project, more commonly referred to as CAS. CAS is an enterprise multilingual single sign-on solution for the web and attempts to be a comprehensive platform for your authentication and authorization needs. CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name hosted here, with support for a plethora of additional authentication protocols and features.

google2fa - A One Time Password Authentication package, compatible with Google Authenticator.

  •    PHP

Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. This package is agnostic, but there's a Laravel bridge.

two-factor-auth - Generate 2FA tokens compatible with Google Authenticator

  •    Go

Simple CLI app that generates tokens compatible with Google Authenticator. I implemented this mainly to understand how it works, you should probably not use this.

andOTP - Open source two-factor authentication for Android

  •    Java

andOTP is a two-factor authentication App for Android 5.1+. It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code.

cli - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

  •    Go

step is a zero trust swiss army knife. It’s an easy-to-use and hard-to-misuse utility for building, operating, and automating systems that use zero trust technologies like authenticated encryption (X.509, TLS), single sign-on (OAuth OIDC, SAML), multi-factor authentication (OATH OTP, FIDO U2F), encryption mechanisms (JSON Web Encryption, NaCl), and verifiable claims (JWT, SAML assertions). For more information and docs see the step website and the blog post announcing step.

yosai - A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail

  •    Python

Yosai is a "security framework" that features authentication, authorization, and session management from a common, intuitive API. Yosai is based on Apache Shiro, written in Java and widely used today.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.