SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 SSO Open-Source Projects
-
casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Ory Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
-
oauth2-proxy
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)
-
S.S.Octopus
sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services
-
pgrok
Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding (by pgrok)
-
Cosmos-Server
☁️ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)
-
jackson
🔥 Streamline your web application's authentication with Jackson, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩 (by boxyhq)
-
caddy-security
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
-
OpenAM
OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.
-
product-is
Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.
Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...
https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.
Project mention: Building a Managed Service Provider Business With Open Source | dev.to | 2024-04-04Tailscale
Project mention: Show HN: Open-source OAuth2 server Ory Hydra now 6x faster | news.ycombinator.com | 2024-02-13
Recently I looked into having a relatively simple SSO setup for my homelab. My main objective is that I could easily login with Google or GitHub auth. At my previous job I used both JetBrains Hub [1] and Keycloak but I found both of them a bit of a PITA to setup.
JetBrains Hub was really, really easy to get going. As was my previous experience with them. The only thing that annoyed me was the lack of a latest tag on their Docker registry. Don't get me wrong, pinned versions are great, but for my personal use I mostly just want to update all my Docker containers in one go.
On the other hand I found Keycloak very cumbersome to get going. It was pretty easy in dev mode, but I stumbled to get it going in production. AFAIK it had something to do with the wildcard Let's Encrypt cert that I tried to use. But after a couple of hours, I just gave up.
I finally went with Dex [2]. I had previously put it off because of the lack of documentation, but in the end it was extremely easy to setup. It just required some basic YAML, a SQLite database and a (sub)domain. I combined Dex with the excellent OAuth2 Proxy and a custom Nginx (Proxy Manager) template for an easy two line SSO configuration on all of my internal services.
In addition to this setup, I also added Cloudflare Access and WAF outside of my home to add some security. I only want to add some CrowdSec to get a little more insights.
1. https://www.jetbrains.com/hub/
2. https://dexidp.io/
3. https://github.com/oauth2-proxy/oauth2-proxy
3. https://github.com/alex3305/unraid-docker-templates
Project mention: Maintainers of Zitadel and Ory discuss their tradeoffs as identity platforms | news.ycombinator.com | 2024-03-30
Project mention: Show HN: Stack, the open-source Clerk/Firebase Auth alternative | news.ycombinator.com | 2024-04-14If you're looking for a system that has more features, is user friendly, a nice admin ui and easy deployments compared to Keycloak. Please give https://goauthentik.io/ a shot. Not affiliated in any way, just a very happy user.
It has
-an admin UI
- Supports (LDAP, SAML, OAUTH, social logins)
- MFA, Passkeys
- Application access based on user groups etc
I get what you are trying to do, but it feels a bit insecure. Why not use an OSS passwordless project like https://github.com/supertokens/supertokens-core/ or https://github.com/teamhanko/hanko
Project mention: Best social login library for PHP ("sign in with Apple/Google/Facebook" etc.)? | /r/PHPhelp | 2023-05-21League/oauth2-client has a lot of implementations
Project mention: Google will disable all but OAuth for IMAP, SMTP and POP starting Sept. 30 | news.ycombinator.com | 2024-01-18https://github.com/smallstep/cli implements some OAuth flows from the CLI, it may be helpful for you.
That's basically just a docker-compose.
If you want something crazy all-in-one for homelab check out https://github.com/azukaar/Cosmos-Server
Project mention: I'm looking for an SSO server/reverse proxy with features I'm not sure exist | /r/selfhosted | 2023-06-23
Project mention: Building a Managed Service Provider Business With Open Source | dev.to | 2024-04-04BoxyHQ SAML Jackson - GitHub
Project mention: Caddy-Security: Security App and Plugin for Caddy | news.ycombinator.com | 2024-03-17
I did something similar, though picked Apache with mod_auth_openidc, which is a certified Relying Party implementation: https://github.com/OpenIDC/mod_auth_openidc
In other words, I can protect arbitrary applications through my reverse proxy and require either certain claims/roles, or simplify auth to the point where my downstream app/API will just receive a bunch of headers like OIDC_CLAIM_sub, OIDC_CLAIM_name, OIDC_CLAIM_email through the internal network, not making me bother with configuring OIDC libraries for all of my APIs and configure them in each stack that I might use, but rather contain all of that complexity in the web server.
Basically:
user <==> Apache (with mod_auth_openidc) <==> API (with OIDC_ headers, if logged in)
Project mention: Ask HN: How do you manage many profiles and credentials for cloud tooling? | news.ycombinator.com | 2023-10-03You're going to love https://granted.dev. It can be extended further, as we've done internally: https://www.duckbillgroup.com/blog/overhauling-aws-account-a...
SSO related posts
- How to update Go version of tailscaled on macOS
- Keycloak SSO with Docker Compose and Nginx
- 🛡️4 Top Database Security Tools in 2024 🏆🔥
- Keycloak open redirect: wildcard redirect URIs can be exploited to steal tokens
- I have made a smalll NAS server using samba. What is the port to fwd to get to it externally
- Why You Should Migrate to OAuth 2.0 From API Keys
- Remote Printing
-
A note from our sponsor - SaaSHub
www.saashub.com | 25 Apr 2024
Index
What are some of the best open-source SSO projects? This list will help you:
Project | Stars | |
---|---|---|
1 | authelia | 19,523 |
2 | casbin | 16,865 |
3 | tailscale | 16,437 |
4 | Ory Hydra | 15,068 |
5 | cas | 10,629 |
6 | oauth2-proxy | 8,674 |
7 | zitadel | 7,050 |
8 | authentik | 6,685 |
9 | hanko | 5,409 |
10 | OAuth 2.0 Client | 3,601 |
11 | cli | 3,478 |
12 | S.S.Octopus | 3,059 |
13 | pgrok | 3,049 |
14 | Cosmos-Server | 2,686 |
15 | vouch-proxy | 2,643 |
16 | jackson | 1,571 |
17 | caddy-security | 1,234 |
18 | OpenID | 947 |
19 | awesome-auth | 895 |
20 | granted | 888 |
21 | jso | 878 |
22 | OpenAM | 722 |
23 | product-is | 713 |
Sponsored