Check user credentials against plenty of backends (LDAP, Active Directory, Kerberos, Database, PAM, CAS, SAML, OpenID Connect, Facebook, Twitter, LinkedIn, Radius, WebID, x509, REST, ...).
Second Factor Authentication (2FA) with U2F, TOTP, Yubikey and more.
Manage access rules per virtual hosts, CAS applications, SAML Service Providers and OpenID Connect Relying Parties.
Use any of user attributes, groups, authentication context to evaluate rules.
Catch logout requests, unprotect public areas, apply rules to URL patterns.
Push user identity in access logs.
Browse opened sessions live.
Display login history (success and failures).
CAS v1, v2 and v3
SSO, SLO and AA
Metadata import and export
Discovery Protocol (WAYF)
Authorization Code, Implicit and Hybrid flows
ID Token HS and RS signatures
Extra claims definition