Full AAA protection

Authentication

Check user credentials against plenty of backends (LDAP, Active Directory, Kerberos, Database, PAM, CAS, SAML, OpenID Connect, Facebook, Twitter, LinkedIn, Radius, WebID, x509, REST, ...).
Second Factor Authentication (2FA) with U2F, TOTP, Yubikey and more.

Authorization

Manage access rules per virtual hosts, CAS applications, SAML Service Providers and OpenID Connect Relying Parties.
Use any of user attributes, groups, authentication context to evaluate rules.
Catch logout requests, unprotect public areas, apply rules to URL patterns.

Accounting

Push user identity in access logs.
Browse opened sessions live.
Display login history (success and failures).




Roles of components

Portal, Manager and Handler

API and Web Services protection

Usage of Handler Service Token

Identity Federation

Standard protocols and identity gateway

CAS

CAS v1, v2 and v3
Attributes sharing
Access rules

SAML

SSO, SLO and AA
Metadata import and export
Discovery Protocol (WAYF)

OpenID Connect

Authorization Code, Implicit and Hybrid flows
ID Token HS and RS signatures
Extra claims definition