A simple OIDC provider that allows users to authenticate with their passkeys to your services.

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

A free, secure, well integrated, reusable authentication solution for the Django framework, covering all functionality related to local and social user accounts, multi-factor authentication, in various configurations, with flows that just work.

• django-allauth @ GitHub.

Connect and Secure Your IT Infrastructure in Minutes.
Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
NetBird combines a configuration-free peer-to-peer private network and a centralized access control system in a single open-source platform, making it easy to create secure private networks for your organization or home.

• NetBird @ GitHub.
• Episode 575: Brent's Busted Builds @ Linux Unplugged.

an SSO and OAuth / OIDC login solution for Nginx using the auth_request module.

An SSO solution for Nginx using the auth_request module. Vouch Proxy can protect all of your websites at once.

Vouch Proxy supports many OAuth and OIDC login providers and can enforce authentication

OpenPubkey is an open source project that binds public keys and workload identities using standard SSO and OpenID Connect.

Use OpenPubkey today to SSH to machines on your network without SSH keys.

• OpenPubkey @ GitHub.
• OpenPubkey: Augmenting OpenID Connect with User held Signing Keys @ Cryptology ePrint Archive.
• How to Use OpenPubkey to Solve Key Management via SSO @ Docker Blog.

Identity, Policy, Audit.

Manage Linux users and client hosts in your realm from one central location with CLI, Web UI or RPC access. Enable Single Sign On authentication for all your systems, services and applications.

Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems.

Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy.

A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer.

Open Source Identity and Access Management.
Add authentication to applications and secure services with minimum effort.
No need to deal with storing users or authenticating users.
Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.

• Keycloak @ GitHub.
• Deploy Keycloak Single Sign-On With Ansible @ DZone.

Making authentication simple.

authentik is an open-source Identity Provider focused on flexibility and versatility.
It can be seamlessly integrated into existing environments to support new protocols.
authentik is also a great solution for implementing sign-up, recovery,
and other similar features in your application, saving you the hassle of dealing with them.

• authentik @ GitHub.
• GoAuthentik de A à Y @ Une tasse de café :fr:.
• La veille des Ours n°31 @ Bearstech's LinkedIn :fr:.

Authentication server providing two-factor and SSO.
Protect your applications with Single Sign-On and 2 Factor.
Authelia is an open-source full-featured authentication server available on Github .

Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source.

An open source project originally designed to provide the University of Michigan with a secure single sign-on web authentication system. cosign is part of the National Science Foundation Middleware Initiative (NMI) EDIT software release.

mod_auth_pubtkt is an Apache module that authenticates a user based on a cookie with a ticket that has been issued by a central login server and digitally signed using either RSA or DSA. This means that only the trusted login server has the private key required to generate tickets, while web servers only need the corresponding public key to verify them.

Whenever mod_auth_pubtkt encounters a request without a valid ticket/cookie, it redirects the user to a pre-configured login URL, passing the originally requested URL as a GET parameter. The login server can then prompt the user for credentials, verify them using any authentication backend it chooses, and upon success, generate a login ticket (signed with its private key), return it in a cookie to the client, and finally redirect the user back to the originally requested URL.

mod_auth_tkt is a lightweight single-sign-on authentication module for apache, supporting versions 1.3.x, 2.0.x, and 2.2.x. It uses secure cookie-based tickets to implement a single-signon framework that works across multiple apache instances and servers.

Open Source Web Single Sign On