... | ... | @@ -2301,18 +2301,18 @@ individually. |
|
|
Here's a list of the possible applications that could do this that
|
|
|
we're aware of:
|
|
|
|
|
|
| Application | Features | Notes |
|
|
|
|------------------|---------------------------------------------------------------------------------------------------|-------------------------------------------------------|
|
|
|
| [Authelia][] | SSO, 2FA/webauthn, OIDC, LDAP, rate-limiting, password reset, HA, Go/React | |
|
|
|
| [Authentik][] | SSO, 2FA/webauthn, OIDC, LDAP, Radius, proxy, metrics, Python/TypScript | sponsored by DigitalOcean |
|
|
|
| [Casdoor][] | SSO, MFA/webauthn, OIDC, LDAP, SAML, CAS, SCIM, Radius, OAuth 2, | sponsored by Stytch, widely used |
|
|
|
| [Dex][] | SSO, OIDC, LDAP, SAML, OAuth 2 | |
|
|
|
| [FreeIPA][] | SSO, LDAP, DNS, web/CLI UI, C? | built on top of 389 DS (Fedora LDAP server) |
|
|
|
| [A/I id][] | SSO, LDAP, 2FA/webauthn, SASL, PAM, Proxy, SQLite, rate-limiting | |
|
|
|
| [Kanidm][] | SSO, 2FA, OIDC, LDAP, Radius, SSH, PAM + offline support, web/CLI UI, Rust | |
|
|
|
| [Keycloak][] | SSO, 2FA, OIDC, OAuth 2, LDAP, SAML 2, Kerberos, SQL, web UI, HA/clustering, Java | [possibly no Webauthn support][], sponsored by RedHat |
|
|
|
| [LemonLDAP-ng][] | SSO, 2FA/webauthn, OIDC, LDAP, SAML, Kerberos, SQL, Perl | [packaged in Debian][] |
|
|
|
| [ory.sh][] | SSO, 2FA/webauthn, OIDC, OAuth 2, multi-tenant, account verification, password resets, HA, Golang | complicated, no LDAP |
|
|
|
| Application | MFA | webauthn | OIDC | OAuth2 | SAML | SCIM | LDAP | Radius | Notes |
|
|
|
|------------------|-----|----------|------|--------|------|------|------|--------|------------------------------------------------------------------------------|
|
|
|
| [Authelia][] | 2FA | ✓ | ✓ | x | x | x | ✓ | x | rate-limiting, password reset, HA, Go/React |
|
|
|
| [Authentik][] | 2FA | ✓ | ✓ | x | x | x | ✓ | ✓ | proxy, metrics, Python/TypScript, sponsored by DigitalOcean |
|
|
|
| [Casdoor][] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | CAS, sponsored by Stytch, widely used |
|
|
|
| [Dex][] | x | x | ✓ | ✓ | ✓ | x | ✓ | x | |
|
|
|
| [FreeIPA][] | x | x | x | x | x | x | ✓ | x | DNS, web/CLI UI, C?, built on top of 389 DS (Fedora LDAP server) |
|
|
|
| [A/I id][] | 2FA | ✓ | x | x | x | x | ✓ | x | SASL, PAM, Proxy, SQLite, rate-limiting |
|
|
|
| [Kanidm][] | 2FA | x | ✓ | x | x | x | ✓ | ✓ | SSH, PAM + offline support, web/CLI UI, Rust |
|
|
|
| [Keycloak][] | 2FA | [x][w3c] | ✓ | ✓ | 2 | x | ✓ | x | Kerberos, SQL, web UI, HA/clustering, Java, sponsored by RedHat |
|
|
|
| [LemonLDAP-ng][] | 2FA | ✓ | ✓ | x | ✓ | x | ✓ | x | Kerberos, SQL, Perl, [packaged in Debian][] |
|
|
|
| [ory.sh][] | 2FA | ✓ | ✓ | ✓ | x | x | x | x | multi-tenant, account verification, password resets, HA, Golang, complicated |
|
|
|
|
|
|
See also [mod_auth_openidc](https://github.com/OpenIDC/mod_auth_openidc) for an Apache module supporting OIDC.
|
|
|
|
... | ... | @@ -2326,7 +2326,7 @@ swap ud-ldap out if we need to, replacing bits of it as we go. |
|
|
[Kanidm]: https://github.com/kanidm/kanidm
|
|
|
[LemonLDAP-ng]: https://lemonldap-ng.org/
|
|
|
[packaged in Debian]: https://tracker.debian.org/pkg/lemonldap-ng
|
|
|
[possibly no Webauthn support]: https://github.com/keycloak/keycloak-community/blob/main/design/web-authn-two-factor.md
|
|
|
[w3c]: https://github.com/keycloak/keycloak-community/blob/main/design/web-authn-two-factor.md
|
|
|
[A/I id]: https://git.autistici.org/id
|
|
|
[ory.sh]: https://www.ory.sh/
|
|
|
[Dex]: https://dexidp.io/
|
... | ... | |