Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services.

Lucia is a simple yet flexible user and session management library that provides an abstraction layer between your app and your database. It's bare-bones by design, keeping everything easy to use and understand, and ensures type-safetly so you can use it confidently.

The Burp extension helps you to find authorization bugs. Just navigate through the web application with a high privileged user and let the Auth Analyzer repeat your requests for any defined non-privileged user. With the possibility to define Parameters the Auth Analyzer is able to extract and replace parameter values automatically. With this for instance, CSRF tokens or even whole session characteristics can be auto extracted from responses and replaced in further requests. Each response will be analyzed and tagged on its bypass status.

Open Source Identity and Access Management. Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users. Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.

• Keycloak @ GitHub.

Related contents:

• Deploy Keycloak Single Sign-On With Ansible @ DZone.
• Building trust with OpenID Federation trust chain on Keycloak @ Cloud Native Computing Foundation.

Making authentication simple.

authentik is an open-source Identity Provider focused on flexibility and versatility. It can be seamlessly integrated into existing environments to support new protocols. authentik is also a great solution for implementing sign-up, recovery, and other similar features in your application, saving you the hassle of dealing with them.

• authentik @ GitHub.

Sources:

• GoAuthentik de A à Y @ Une tasse de café :fr:.
• La veille des Ours n°31 @ Bearstech's LinkedIn :fr:.
• Ultimate Authentik Docker Compose Guide with Traefik 2025 @ SmartHomeBeginner.
• Improving Security with Hardware Keys - Authentik & Pocket-ID @ Jim's Garage's YouTube.
• Secure Jellyfin with Authentik (SSO + LDAP + 2FA/MFA Tutorial) @ IBRACORP's YouTube.
• Manage Authentik Resources in Terraform @ Christian Lempa's YouTube.

LDAP Tool Box project

Because even LDAP administrators need help

the open source solution for two factor authentication. LinOTP accommodates many different OTP algorithms using a modular approach. This includes the OATH standards such as HMAC (RFC 4226) and time-based HMAC. But LinOTP's design makes it easy to create your own tokens with different algorithms, including challenge-response tokens, tokens based on QR codes, and tokens based on push-type messages.

Your connected business card (QRCode or NFC )

FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code. If you need to generate a QR code, try our QR code generator.

• FreeOTP @ GitHub.

Mobile ID Authentication. Run instant authentication checks on any government issued ID.

Open Source User Authentication & Management.