Skip to content

Latest commit

 

History

History
293 lines (215 loc) · 19.2 KB

README.md

File metadata and controls

293 lines (215 loc) · 19.2 KB

Authentication & Authorization: Theory, Techniques, and Tools

An ongoing & curated collection of awesome AuthN+Z software, software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Authentication & Authorization & SSO & IAM in Cybersecurity

Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources

Authentication (aka AuthN) and authorization (aka AuthZ) are both security measures. Authentication is the process of verifying who you are. Authorization is the process of verifying that you have access to something. Authorization occurs after successful authentication.

Authorization

Access priviledges granted to a user, program, or process or the act of granting those privileges.

auth

Table of Contents

^ back to top ^

Authentication

SSO (Single-Sign-On)

  • Casdoor - UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0 / OIDC and SAML.
  • Keycloak - Open Source Identity and Access Management.
  • Authelia - The Single Sign-On Multi-Factor portal for web apps.
  • ZITADEL - Cloud-native Identity & Access Management platform for secure authentication, authorization and identity management.
  • Single sign-on - wiki page about SSO
  • Central Authentication Service (CAS) - Open Source Enterprise Single Sign On
  • Okta - Identity and Access Management as a service; provides broad integrations
  • Auth0 - Identity and Access Management as a service
  • Cloud-IAM - Keycloak IAM as a Service
  • LoginRadius - Identity and Access Management as a service
  • FusionAuth - Identity and Access Management, either a service or self-hosted
  • PAC4J - The security library for Java
  • buzzfeed/sso - A single sign-on solution for securing internal services (Go based)
  • cidaas - Cloud Identity & Access Management (Identity and Access Management as a service)

OAuth

SAML

Two-factor authentication

Passwordless authentication

Authentication Development

C#

Golang

  • Casdoor - UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0 / OIDC and SAML.
  • OIDC - OpenID Connect Library (client and server) for Go
  • Ory Hydra - OpenID Connect certified OAuth2 server.
  • Ory Kratos - API-first Identity and User Management system built for cloud applications.
  • Ory Oathkeeper - Identity/Access proxy inspired by the BeyondCorp/Zero-Trust white paper.
  • Ory Fosite - Extensible OAuth 2.0 and OpenID Connect SDK for Golang.
  • ZITADEL - Cloud-native Identity & Access Management platform for secure authentication, authorization and identity management.

Java

  • Apache Shiro - Powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
  • pac4j - Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT.
  • Spring Security OAuth - Provides support for using Spring Security with OAuth (1a) and OAuth2.

Node.js

  • Passport - Simple, unobtrusive authentication for Node.js. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
  • bell - Third-party authentication plugin for hapi. Ships with built-in support for various well-known sites and simple configuration object will support other OAuth 1.0a and OAuth 2.0 sites.

Python

  • Keystone - Provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family.
  • Authomatic - Simple yet powerful authorization & authentication client library for Python web applications.
  • Python Social Auth - Easy to setup social authentication/registration mechanism with support for several frameworks and auth providers.
  • Raider - Web authentication testing framework, which treats the authentication process as finite state machines.

Ruby

Authorization

^ back to top ^

Authorization Development

Android

  • AndPermission - Android runtime permission, support the right to apply for permission at any place.

C#

  • Casbin.NET - Authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#).
  • DotNetOpenAuth - Implementation of the OpenID, OAuth protocols.
  • AuthorizationServer - Sample implementation of an OAuth2 authorization server.

Golang

  • [Aserto] (https://www.aserto.com) - Fine-grained access controls for cloud-native applications (based on Go). Support role, attribute, and relationship-based access controls.
  • Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Golang.
  • goRBAC - Lightweight role-based access control implementation in Go.
  • Ladon - SDK for access control policies: authorization for the microservice and IoT age.
  • Foulkon - Authorization server that allows or denies access to web resources.
  • Gocialite - Social OAuth login in Go with multiple providers has never been so easy.
  • OIDC - OpenID Connect Library (client and server) for Go
  • Ory Keto - Access control server capable of solving complex use cases (multi-tenant, attribute-based access control, etc.) with access control policies.
  • Oso - Batteries-included framework for building authorization in your Go application.
  • ZITADEL - Cloud-native Identity & Access Management platform for secure authentication, authorization and identity management.

Rust

  • Casbin-Rs - Authorization library that supports access control models like ACL, RBAC, ABAC in Rust.
  • Oso - Batteries-included framework for building authorization in your Rust application.

iOS

  • Permission - Unified API to ask for permissions on iOS.

Java

  • jCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Java.
  • Apache Shiro - Powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
  • pac4j - Security engine for Java (authentication, authorization, multi-frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT.
  • AT&T XACML - XACML 3.0 implementation from AT&T.
  • Apache Sentry - Highly modular system for providing fine grained role based authorization to both data and metadata stored on an Apache Hadoop cluster.
  • TOTP Server-Side Library - TOTP server-side library.
  • Oso - Batteries-included framework for building authorization in your Java application.

Node.js

  • Node-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Node.js.
  • RBAC - Hierarchical role-based access control for Node.js.
  • ABAC - Attribute-based access control for Node.js.
  • accesscontrol - Role and attribute-based access control for Node.js.
  • Oso - Batteries-included framework for building authorization in your Node.js application.

PHP

  • PHP-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in PHP.
  • PHP-RBAC - Authorization library for PHP which provides developers with NIST Level 2 hierarchical role-based access control.
  • ezRbac - Simple yet easy to implement role-based access control library for popular PHP framework: Codeigniter.
  • php-abac - Attribute-based access control library.
  • laravel-permission - Allows you to manage user permissions and roles in a database.
  • logical-permissions-php - This is a generic library that provides support for array-based permissions with logic gates such as AND and OR.
  • symfony-logical-authorization-bundle - This Symfony bundle provides a unifying solution for authorization that aims to be flexible, convenient and consistent.

Python

  • PyCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Python.
  • Simple RBAC - Simple role-based access control utility for Python.
  • Flask-RBAC - Adds RBAC support to Flask.
  • Vakt - Attribute-based access control (ABAC) SDK for Python.
  • Oso - Batteries-included framework for building authorization in your Python application.

Ruby

  • Oso - Batteries-included framework for building authorization in your Ruby application.
  • Pundit - Minimal authorization through OO design and pure Ruby classes.
  • Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Ruby.
  • CanCanCan - Authorization for Ruby on Rails.
  • ^ back to top ^

Articles

^ back to top ^

Identity & Access management (IAM)

  • Keycloak - Open Source Identity and Access Management
  • IdentityServer - .NET based IAM server
  • ORY - Open Source Identity Infrastructure and Services (Go based)
  • casbin - Go authorization library
  • OpenAM - (discontinued), successor of OpenSSO
  • WSO2 Identity Server - also has SSO, authZ, ...

^ back to top ^

Tools

  • Step CLI - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
  • JWT DEBUGGER - A simple JWT decoder tool, that can help to verify the JWT and with the help of signature.

Other aggregators

^ back to top ^

Cloud solutions

Amazon Web Services (AWS)

  • AWS IAM - Identity and Access Management for AWS
  • AWS SSO - Centrally manage single sign-on (SSO) access to multiple AWS accounts
  • Amazon Cognito - SSO for business applications
  • AWS Directory Service - AD in the AWS Cloud
  • AWS STS - AWS Security Token Service for temporary IAM tokens

Google Cloud Platform (GCP)

Microsoft Azure

^ back to top ^

Contribute

PR is welcomed.

^ back to top ^

License

MIT License & cc license

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.

^ back to top ^