Features

1. 3rd party apps authentication, SSO and authorization:
   
   1. Act as SAML 2.0 Identity Provider; Integrate via
      1. Integrate via mod_shib (Apache HTTPd),
      2. nginx-http-shibboleth (Nginx)
      3. , iis7_shib.dll (IIS)
   2. Act as OpenID Connect 1.0 Provider, gain certification; integrate via
      1. integrate via mod_auth_openidc (Apache HTTPd), 
      2. nginx-openid-connect (Nginx)
      3. , Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS)
   3. Implement the latest version available of the CAS protocol; integrate via the various CAS clients available:
      1. Apache HTTPd,
      2. Nginx
      3. , Java
      4. , .NET,
      5. PHP
      6. , Perl,
      7. Python
      8. , Ruby
2. Standard set of authentication modules, and API to extend / create new ones:
   1. username / password with different backends (DBMS, LDAP, ...)
   2. TLS client certificate
   3. Time-based One-time password
   4. SAML 2.0 SP
   5. OpenID Connect 1.0 Client
   6. Radius
   7. U2F
   8. WebAuthn
3. Authentication chains by combining more authentication modules similar to Linux's PAM (required, sufficient, requisite, ...)
   1. Step-up authentication
   2. Multi-factor authentication

...

1. Authorization
   1. Access Policies
      1. URL-based
      2. grant-based (for JWT)
   2. Implement XACML 3.0
   3. Implement UMA

References

Projects and products

• OpenSSO / OpenAM
• CAS
• Apache Fortress
• Apache CXF Fediz
• Keycloack

...

Topics

• Enterprise Single SignOn
• API gateway
• mobile
• Physical Access Management / IoT
• eIDAS

...