Features

1. 3rd party apps authentication, SSO and authorization:
   
   1. Act as SAML 2.0 Identity Provider; Integrate via
      1. Integrate via mod_shib (Apache HTTPd),
      2. nginx-http-shibboleth (Nginx)
      3. , iis7_shib.dll (IIS)
   2. Act as OpenID Connect 1.0 Provider, gain certification; integrate via
      1. integrate via mod_auth_openidc (Apache HTTPd), 
      2. nginx-openid-connect (Nginx)
      3. , Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS)
   3. Implement the latest version available of the CAS protocol; integrate via the various CAS clients available:
      1. Apache HTTPd,
      2. Nginx
      3. , Java
      4. , .NET,
      5. PHP
      6. , Perl,
      7. Python
      8. , Ruby
2. Standard set of authentication modules, and API to extend / create new ones:
   1. username / password with different backends (DBMS, LDAP, ...)
   2. TLS client certificate
   3. Time-based One-time password
   4. SAML 2.0 SP
   5. OpenID Connect 1.0 Client
   6. Radius
   7. U2F
   8. WebAuthn
   9. ...
3. Authorization
   1. Access Policies
      1. URL-based
      2. grant-based (for JWT)
   2. Implement XACML 3.0
   3. Implement UMA
   Authentication chains by combining more authentication modules similar to Linux's PAM (required, sufficient, requisite, ...)
   1. Step-up authentication
   2. Multi-factor authentication

References

Projects and products

• OpenSSO / OpenAM
• CAS
• Apache Fortress
• Apache CXF Fediz
• Keycloack

Topics

• Enterprise Single SignOn
• API gateway
• mobile
• Physical Access Management / IoT
• eIDAS

...