ZITADEL - Cloud Native Identity and Access Management

  •        261

ZITADEL provides you with all the features necessary to build great solutions, without the need of building the login and access management yourself.

Its features include:

  • Authentication:  OpenID Connect 1.0 Protocol (OP), Username / Password,  Machine-to-machine (JWT profile), Passwordless with FIDO2
  • Multifactor authentication with OTP, U2F
  • Federation with OpenID Connect 1.0 Protocol (RP), OAuth 2.0 Protocol (RP)
  • Authorization via Role Based Access Control (RBAC)
  • Identity Brokering
  • Delegation of roles to other organizations for self-management
  • Strong audit trail for all IAM resources
  • User interface for administration
  • APIs for Management, Administration, and Authentication
  • Policy configuration and enforcement
  • Private Labeling

https://zitadel.ch
https://github.com/caos/zitadel

Tags
Implementation
License
Platform

   




Related Projects

LemonLDAP::NG - Web Single Sign On and Access Management Free Software

  •    Perl

LemonLDAP::NG is a complete and modular Web-SSO system that can run with reverse-proxies or directly on application webservers. It can be used in conjunction with OpenID-Connect, CAS and SAML systems as identity or service provider. It can also be used as proxy between those federation systems.

ORY Hydra - OpenID Connect and OAuth Provider written in Go

  •    Go

ORY Hydra is a hardened, OpenID Certified OAuth 2.0 Server and OpenID Connect Provider optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user login, password reset flow), but connects to your existing identity provider through a login and consent app. Implementing the login and consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs are provided.

Authelia - The Single Sign-On Multi-Factor Authentication Server

  •    Go

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies like nginx, Traefik or HAProxy to let them know whether requests should either be allowed or redirected to Authelia's portal for authentication. Authelia works in combination with nginx, Traefik or HAProxy. It can be deployed on bare metal with Docker or on top of Kubernetes.

Gluu Server - Identity and Access Management (IAM) platform

  •    Java

Gluu's open source authentication & API access management software for securing Web & mobile applications using open standards like SAML & OpenID Connect. Its features include Single Sign-On, Access Management, OAuth, Multi-Factor Authentication, LDAP Directory Integration, User Management and lot more.

Keycloak - Open Source Identity and Access Management For Modern Applications and Services

  •    Java

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. Users authenticate with Keycloak rather than individual applications. This means that your applications don't have to deal with login forms, authenticating users, and storing users. Once logged-in to Keycloak, users don't have to login again to access a different application.


Cierge - 🗝️ Passwordless OIDC authentication done right

  •    CSharp

Cierge is an OpenID Connect server that handles user signup, login, profiles, management, social logins, and more. Instead of storing passwords, Cirege uses magic links/codes and external logins to authenticate your users. Passwords are insecure by default. Cierge does away by the illusion of security passwords give ("forgot password" usually relies upon email-based auth at the end of the day).

node-oidc-provider - OpenID Provider(OP) implementation for node

  •    Javascript

oidc-provider is an OpenID Provider implementation of OpenID Connect. It allows to export a complete mountable or standalone OpenID Provider implementation. This implementation does not dictate a fixed data models or persistence store, instead, you must provide adapters for these. A generic in memory adapter is available to get you started as well as feature-less dev-only views to be able to get off the ground. The following specifications are implemented by oidc-provider. Note that not all features are enabled by default, check the configuration section on how to enable them.

Micro - Distributed Cloud OS

  •    Go

Micro is an operating system built for the cloud. It addresses the key requirements for building services in the cloud. It leverages the microservices architecture pattern and provides a set of services which act as the building blocks of a platform. Micro deals with the complexity of distributed systems and provides simpler programmable abstractions to build on.

caddy-auth-portal - Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2

  •    Go

Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication. The purpose of this plugin is providing authentication only. The plugin issue JWT tokens upon successful authentication. In turn, the authorization of the tokens is being handled by caddy-auth-jwt.

mod_auth_openidc - OpenID Connect Relying Party and OAuth 2

  •    C

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. It can also function as an OAuth 2.0 Resource Server, validating OAuth 2.0 bearer access tokens presented by OAuth 2.0 Clients. This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party (RP) to an OpenID Connect Provider (OP). It authenticates users against an OpenID Connect Provider, receives user identity information from the OP in a so called ID Token and passes on the identity information (a.k.a. claims) in the ID Token to applications hosted and protected by the Apache web server.

Dex - OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors

  •    Go

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex acts as a portal to other identity providers through "connectors." This lets dex defer authentication to LDAP servers, SAML providers, or established identity providers like GitHub, Google, and Active Directory. Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend.

Univention Corporate Server - Easy administration of your IT infrastructure

  •    C

Univention Corporate Server is a preconfigured, 100% open source Linux server and IT management system. It is free of charge and perfect for providing Microsoft Server-like services on the cloud or on the premises, to run and operate corporate IT environments with Windows- and Linux-based clients and to extend those environments with proven enterprise software, also either on the cloud or on the premises.

fosite - Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

  •    Go

The security first OAuth2 & OpenID Connect framework for Go. Built simple, powerful and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, hybrid.OAuth2 and OpenID Connect are difficult protocols. If you want quick wins, we strongly encourage you to look at Hydra. Hydra is a secure, high performance, cloud native OAuth2 and OpenID Connect service that integrates with every authentication method imaginable and is built on top of Fosite.

IdentityServer4 - OpenID Connect and OAuth 2.0 Framework for ASP.NET Core

  •    CSharp

IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Founded and maintained by Dominick Baier and Brock Allen, IdentityServer4 incorporates all the protocol implementations and extensibility points needed to integrate token-based authentication, single-sign-on and API access control in your applications. IdentityServer4 is officially certified by the OpenID Foundation and thus spec-compliant and interoperable. It is part of the .NET Foundation, and operates under their code of conduct. It is licensed under Apache 2 (an OSI approved license).For project documentation, please visit readthedocs.

dex - OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors

  •    Go

Dex is an identity service that uses OpenID Connect to drive authentication for other apps.Dex is NOT a user-management system, but acts as a portal to other identity providers through "connectors." This lets dex defer authentication to LDAP servers, SAML providers, or established identity providers like GitHub, Google, and Active Directory. Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend.

Apereo CAS - Enterprise Single Sign On for all earthlings and beyond

  •    Java

Welcome to the home of the Central Authentication Service project, more commonly referred to as CAS. CAS is an enterprise multilingual single sign-on solution for the web and attempts to be a comprehensive platform for your authentication and authorization needs. CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name hosted here, with support for a plethora of additional authentication protocols and features.

Pomerium - Identity-aware access proxy

  •    Go

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.

MITREid Connect - An OpenID Connect reference implementation in Java on the Spring platform

  •    Java

This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning server library, deployable server package, client (RP) library, and general utility libraries. The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server.

OpenAM - Authentication, Authorization and SSO

  •    Java

OpenAM provides open source Authentication, Authorization, Entitlement and Federation software. OpenAM provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. OpenAM provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers.

uaa - CloudFoundry User Account and Authentication (UAA) Server

  •    Java

The UAA is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. It's primary role is as an OAuth2 provider, issuing tokens for client applications to use when they act on behalf of Cloud Foundry users. It can also authenticate users with their Cloud Foundry credentials, and can act as an SSO service using those credentials (or others). It has endpoints for managing user accounts and for registering OAuth2 clients, as well as various other management functions. The apps all work together with the apps running on the same port (8080) as /uaa, /app and /api.