Displaying 1 to 20 from 51 results

fosite - Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

  •    Go

The security first OAuth2 & OpenID Connect framework for Go. Built simple, powerful and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, hybrid.OAuth2 and OpenID Connect are difficult protocols. If you want quick wins, we strongly encourage you to look at Hydra. Hydra is a secure, high performance, cloud native OAuth2 and OpenID Connect service that integrates with every authentication method imaginable and is built on top of Fosite.

hydra - OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure

  •    Go

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.

OpenAM - Authentication, Authorization and SSO

  •    Java

OpenAM provides open source Authentication, Authorization, Entitlement and Federation software. OpenAM provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. OpenAM provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers.




bouncer - Eloquent roles and abilities.

  •    PHP

Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. With an expressive and fluent syntax, it stays out of your way as much as possible: use it when you want, ignore it when you don't.

pac4j - The security engine to protect all your Java web applications

  •    Java

pac4j is a Java security engine to authenticate users, get their profiles and manage their authorizations in order to secure Java web applications. It supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID, SAML, Google App Engine, OpenID Connect, JWT, LDAP, RDBMS, MongoDB and Stormpath and authorization checks.

JOSSO - Java Open Single Sign-On

  •    Java

JOSSO is an Open Source Internet SSO solution for rapid and standards-based (SAML) Internet-scale Single Sign-On implementations, allowing secure Internet access to the Web-based applications or services of customers, suppliers, and business partners. It supports Windows authentication, LDAP support.

connect-roles - Provides dynamic roles based authorisation for node.js connect and express servers.

  •    Javascript

Connect roles is designed to work with connect or express. It is an authorisation provider, not an authentication provider. It is designed to support context sensitive roles/abilities, through the use of middleware style authorisation strategies. If you're looking for an authentication system I suggest you check out passport.js, which works perfectly with this module.


OpenPAM - Linux Pluggable Authentication Module

  •    C

OpenPAM is an Pluggable Authentication Module (PAM) library that focuses on simplicity, correctness, and cleanliness. Its aim is to gather the best features of Solaris PAM, ?XSSO and Linux-PAM, plus some innovations of its own. In areas where these implementations disagree, OpenPAM tries to remain compatible with Solaris, at the expense of XSSO conformance and Linux-PAM compatibility.

Apache Shiro - Java Security Framework

  •    Java

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any JVM-based application – from the smallest mobile applications to the largest web and enterprise applications.

FreeIPA - Identity and Access Management for Linux

  •    C

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.

yosai - A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail

  •    Python

Yosai is a "security framework" that features authentication, authorization, and session management from a common, intuitive API. Yosai is based on Apache Shiro, written in Java and widely used today.

Sentinel - A framework agnostic authentication & authorization system.

  •    PHP

Sentinel is a PHP 5.4+ fully-featured authentication & authorization system. It also provides additional features such as user roles and additional security features. Sentinel is a framework agnostic set of interfaces with default implementations, though you can substitute any implementations you see fit.

credential - Easy password hashing and verification in Node

  •    Javascript

Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.Employs cryptographically secure, per password salts to prevent rainbow table attacks. Key stretching is used to make brute force attacks impractical. A constant time verification check prevents variable response time attacks.

express-rate-limit - Basic rate-limiting middleware for express

  •    Javascript

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Note: this module does not share state with other processes/servers by default. If you need a more robust solution, I recommend using an addon store or trying out one of the excelent competing options.

play-pac4j - Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT

  •    Java

The play-pac4j project is an easy and powerful security library for Play framework v2 web applications which supports authentication and authorization, but also logout and advanced features like CSRF protection. It can work with Deadbolt. It's based on Play 2.6 (and Scala 2.11 or Scala 2.12) and on the pac4j security engine v3. It's available under the Apache 2 license. The LogoutController logs out the user from the application.

jSLCore

  •    Silverlight

jSLCore is the easiest way to create business applications based on SilverLight 5. The project is still in aplha phase. But you can already create the apps with it.

patterns & practices: Windows Azure Security Guidance

  •    

Proven Practices, end-to-end application scenarios, guidelines, Q&A, and task-based how-tos for building secure cloud applications with Azure.

NetSqlAzMan - .NET SQL Authorization Manager

  •    

.NET Sql Authorization Manager is an authorization manager for .NET Framework 4.0 developed applications (smart?client/web). The authorizations storage is on MS Sql Server 2000/2005/2008/2012/Express/Compact. NetSqlAzMan has been developed with LINQ to SQL.