The Single Sign-On Provider that makes securing your applications and resources easy. An Easy to Use and Self-Host Single Sign-On Provider 🐈‍⬛🔒

VoidAuth is an open-source authentication platform designed to simplify user management and securing access to your self-hosted applications and resources.

• VoidAuth @ GitHub.

opkssh is a tool which enables ssh to be used with OpenID Connect allowing SSH access management via identities like alice@example.com instead of long-lived SSH keys. It does not replace ssh, but rather generates ssh public keys that contain PK Tokens and configures sshd to verify the PK Token in the ssh public key. These PK Tokens contain standard OpenID Connect ID Tokens. This protocol builds on the OpenPubkey which adds user public keys to OpenID Connect without breaking compatibility with existing OpenID Provider.

Related contents:

• Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH @ The Cloudflare Blog.

A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.

• Pocket ID @ GitHub.

Related contents:

• DITCH PASSWORDS: Self-Host PassKeys with Pocket ID @ Techdox's YouTube.

A simple OIDC provider that allows users to authenticate with their passkeys to your services.

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

A free, secure, well integrated, reusable authentication solution for the Django framework, covering all functionality related to local and social user accounts, multi-factor authentication, in various configurations, with flows that just work.

• django-allauth @ GitHub.

Connect and Secure Your IT Infrastructure in Minutes. Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls. NetBird combines a configuration-free peer-to-peer private network and a centralized access control system in a single open-source platform, making it easy to create secure private networks for your organization or home.

• NetBird @ GitHub.
• Episode 575: Brent's Busted Builds @ Linux Unplugged.

an SSO and OAuth / OIDC login solution for Nginx using the auth_request module.

An SSO solution for Nginx using the auth_request module. Vouch Proxy can protect all of your websites at once.

Vouch Proxy supports many OAuth and OIDC login providers and can enforce authentication

OpenPubkey is an open source project that binds public keys and workload identities using standard SSO and OpenID Connect.

Use OpenPubkey today to SSH to machines on your network without SSH keys.

• OpenPubkey @ GitHub.
• OpenPubkey: Augmenting OpenID Connect with User held Signing Keys @ Cryptology ePrint Archive.
• How to Use OpenPubkey to Solve Key Management via SSO @ Docker Blog.

Identity, Policy, Audit.

Manage Linux users and client hosts in your realm from one central location with CLI, Web UI or RPC access. Enable Single Sign On authentication for all your systems, services and applications.

• FreeIPA @ Pagure.

Related contents:

• Installation le gestionnaire d'identité FreeIPA @ DevSecOps :fr:.

Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems.

Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy.

A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer.

Open Source Identity and Access Management. Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users. Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.

• Keycloak @ GitHub.

Related contents:

• Deploy Keycloak Single Sign-On With Ansible @ DZone.
• Building trust with OpenID Federation trust chain on Keycloak @ Cloud Native Computing Foundation.

Making authentication simple.

authentik is an open-source Identity Provider focused on flexibility and versatility. It can be seamlessly integrated into existing environments to support new protocols. authentik is also a great solution for implementing sign-up, recovery, and other similar features in your application, saving you the hassle of dealing with them.

• authentik @ GitHub.

Sources:

• GoAuthentik de A à Y @ Une tasse de café :fr:.
• La veille des Ours n°31 @ Bearstech's LinkedIn :fr:.
• Ultimate Authentik Docker Compose Guide with Traefik 2025 @ SmartHomeBeginner.
• Improving Security with Hardware Keys - Authentik & Pocket-ID @ Jim's Garage's YouTube.
• Secure Jellyfin with Authentik (SSO + LDAP + 2FA/MFA Tutorial) @ IBRACORP's YouTube.
• Manage Authentik Resources in Terraform @ Christian Lempa's YouTube.

Authentication server providing two-factor and SSO. Protect your applications with Single Sign-On and 2 Factor. Authelia is an open-source full-featured authentication server available on Github .

• Authelia @ GitHub.

Related contents:

• Authelia — Self-hosted Single Sign-On (SSO) for your homelab services @ Akash Rajpurohit.

Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source.

An open source project originally designed to provide the University of Michigan with a secure single sign-on web authentication system. cosign is part of the National Science Foundation Middleware Initiative (NMI) EDIT software release.

mod_auth_pubtkt is an Apache module that authenticates a user based on a cookie with a ticket that has been issued by a central login server and digitally signed using either RSA or DSA. This means that only the trusted login server has the private key required to generate tickets, while web servers only need the corresponding public key to verify them.

Whenever mod_auth_pubtkt encounters a request without a valid ticket/cookie, it redirects the user to a pre-configured login URL, passing the originally requested URL as a GET parameter. The login server can then prompt the user for credentials, verify them using any authentication backend it chooses, and upon success, generate a login ticket (signed with its private key), return it in a cookie to the client, and finally redirect the user back to the originally requested URL.

mod_auth_tkt is a lightweight single-sign-on authentication module for apache, supporting versions 1.3.x, 2.0.x, and 2.2.x. It uses secure cookie-based tickets to implement a single-signon framework that works across multiple apache instances and servers.

Open Source Web Single Sign On

Authentic 2, a versatile identity management server

Pubcookie consists of a standalone login server and modules for common web server platforms like Apache and Microsoft IIS. Together, these components can turn existing authentication services (like Kerberos, LDAP, or NIS) into a solution for single sign-on authentication to websites throughout an institution.

Vulture est une solution Web-SSO basée sur une technologie de proxy inverse implémentée sur le socle Apache. Vulture implémente également des fonctionnalités de firewall applicatif.