You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »

  1. 3rd party apps authentication, SSO and authorization:
    1. Act as SAML 2.0 Identity Provider; Integrate via
      1. mod_shib (Apache HTTPd)
      2. nginx-http-shibboleth (Nginx)
      3. iis7_shib.dll (IIS)
    2. Act as OpenID Connect 1.0 Provider, gain certification; integrate via
      1. mod_auth_openidc (Apache HTTPd)
      2. nginx-openid-connect (Nginx)
      3. Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package (IIS)
    3. Implement the latest version available of the CAS protocol; integrate via the various CAS clients available:
      1. Apache HTTPd
      2. Nginx
      3. Java
      4. .NET
      5. PHP
      6. Perl
      7. Python
      8. Ruby
  2. Standard set of authentication modules, and API to extend / create new ones:
    1. JAAS
    2. username / password with different back-ends (DBMS, LDAP, ...)
    3. TLS client certificate
    4. Time-based One-time password
    5. SAML 2.0 SP
    6. OpenID Connect 1.0 Client
    7. Radius
    8. Kerberos
    9. U2F
    10. WebAuthn
    11. ...
  3. Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...)
    1. Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access)
    2. Multi-factor authentication
  4. Authorization
    1. Access Policies
      1. URL-based
      2. grant-based (for JWT)
    2. Implement XACML 3.0
    3. Implement UMA

References

Projects and products

  • OpenSSO / OpenAM
  • CAS
  • Apache Fortress
  • Apache CXF Fediz
  • Keycloack

Topics

  • Enterprise Single SignOn
  • API gateway
  • mobile
  • Physical Access Management / IoT
  • eIDAS


  • No labels

Questions? Just send an e-mail to user@syncope.apache.org