Features

1. 3rd party apps authentication, SSO and authorization:
   
   1. Act as SAML 2.0 Identity Provider; Integrate via
      1. mod_shib (Apache HTTPd)
      2. nginx-http-shibboleth (Nginx)
      3. iis7_shib.dll (IIS)
   2. Act as OpenID Connect 1.0 Provider, gain certification; integrate via
      1. mod_auth_openidc (Apache HTTPd)
      2. nginx-openid-connect (Nginx)
      3. Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS)
   3. Implement the latest version available of the CAS protocol; integrate via the various CAS clients available:
      1. Apache HTTPd
      2. Nginx
      3. Java
      4. .NET
      5. PHP
      6. Perl
      7. Python
      8. Ruby
2. Standard set of authentication modules, and API to extend / create new ones:
   1. JAAS
   2. username / password with different back-ends (DBMS, LDAP, ...)
   3. TLS client certificate
   4. Time-based One-time password
   5. SAML 2.0 SP
   6. OpenID Connect 1.0 Client
   7. Radius
   8. U2F
   9. WebAuthn
   10. ...
3. Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...)
   2. Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access)
   3. Multi-factor authentication
4. Authorization
5. (New) Flexible UI for web access
   1. dynamically adapting for the configured authentication features (modules, chains, levels, ...)
   2. highly customizable, either graphically and processing
6. (NEW) API gateway for REST APIs authentication and authorization
7. Core, which will provide additional REST endpoints for Access Management features
   1. Access Policies
      1. URL-based
      2. grant-based (for JWT)
   2. Implement XACML 3.0

Components

1. 1. Implement UMA

References

Projects and products

• OpenSSO / OpenAM
• CAS
• Apache Fortress
• Apache CXF Fediz
• Keycloack

Topics

• Enterprise Single SignOn
• API gateway
• mobile
• Physical Access Management / IoT
• eIDAS

...