Signing in can be a much time-consuming and complex process, even if you have lesser accounts. Further, it can be a nightmare if you happen to deal with a significantly high number of accounts repeatedly. Single Sign On (SSO) solutions are designed to provide users with an easier way to access their accounts. It is done by enabling access to those accounts with a single set of credentials so that you do not have to remember hundreds of credentials. In this article, we will be discussing a few popular open source Single Sign-On solutions.
IdentityServer is an open-source single sign-on software that is available for free. It is a cross-platform solution implemented based on OAuth 2 and OpenID Connect, which supports various client devices such as web, mobile, and Single Page Applications. This software provides authentication services for multiple applications via centralized authentication. The identity server acts as an authentication server allowing clients to sign in and get a JWT bearer token which can be used as an access credential. It can also be used to authenticate multi-tenant apps. The source code of the Identity server is based on C# and can be found on GitHub.
Pros of IdentityServer
- Single Sign-on and Sign-out option
- Access Control for API
- Customized UI
- API Authorization
- Claim-based provider
- Support for all the OAuth 2.0 Flows
- Provide authorization for websites, mobile apps, IoT devices, etc.
- Server configuration is provided via code
- Integration with .NET Core
- Remind password feature based on XYZ functionality
The drawback of IdentityServer is that the code template of the server does not provide features such as user registration, multi-factor authentication, forgot password functionality, and Google Recaptcha support.
WSO2 is another open-source identity management system with a large client base. It supports most of the popular identity standards when providing authentication. It is convenient to integrate with WSO2 due to its comprehensive documentation and huge community support. WSO2 is written in Java and available on Github.
Pros of WSO2
- Significantly high Performance
- Cloud Integrations
- Identity Provider
- Multi-Factor Authentication
- Customizable and functional User Interface
- Ensured Security
- Cloud Integration
Cons of WSO2
- No inbuilt integration for BPM workflows
- Less user-friendly user interface
- Less on-premise / hybrid versions – solely based on cloud integrations
Features and Pros
- Consists of components such as Directory Server, PKI, NTP Server, Kerberos, DNS, Certmonger, Trusts, and Client.
- Ability to configure with other software. Ex: Microsoft Active Directory.
- Increased usability with multiple user interfaces. Ex: CLI, Web interface, API
- Integrated PKI signs / publishes certificates to the hosts and services.
Cons of FreeIPA
- Users can get locked out due to the complexities and difficulties in coding and debugging.
4. Open Identity Platform
Open Identity Platform is a free and open-source multi-factor authentication software that provides Open identity management with SSO functionalities. It is basically implemented in Java with a little support from other languages. The Source code of the Open Identity Platform can be found on GitHub.
How does the Open Identity Platform (OpenAM) work?
Pros of Open Identity Platform
- Supports multiple protocols such as SAML, OAuth 2.0 & OpenID Connect, and other stands protocols
- User federation feasibility
- Third-party cloud integration support
- Ensure web services security
- Developer-Friendly and extensible
Cons of Open Identity Platform
- Less user friendly
- The ability to customize policies can be an overhead
Features and Pros
- Multi-factor authentication support
- Enhanced user profiles
- rules-based authorization
- Allowing access to white-listed users and blocking access for external users.
- Modify tokens upon requirement.
- Anomaly Detection
- Easily deployable
- Complexity in deployment integration
Cons of Auth0
- No Disaster Data Recovery support is available
- More complex User interface
- Poor documentation
Pros of KeyCloak
- Supports multiple protocols
- Centralized Management via Admin Console
- Account Management Console for users to manage their accounts
- Client Adapters to secure applications and services
- User Federation support with LDAP(Lightweight Directory Access Protocol) and active directories
- Social media Login support
- Identity Brokering
- High Performance as lightweight and scalable
- Enable clustering
- Customizable password policies
Cons of KeyCloak
- Lack of support in integrating with external databases
- Not offering alternate login methods such as OTP over message or email, soft token,
- Lacks Third-Party MFA Providers
- Supports single application with one client
CAS is a free and open-source SSO solution that provides central authorization using an exclusively designed ticket-based protocol. It has a client-server-based architecture.
In addition to user authentication and granting access to the applications, CAS lets clients retrieve information from users who have already been granted access by the CAS server.CAS is written with Java, and you can find its source code on GitHub.
Pros of CAS
- Supports multiple protocols such as OAuth, OpenID, OpenID Connect, WsFederation, REST, and SAML.
- Provided documentation
- Password Management
- Multi-Factor authentication
- Provided Integrations for Third Parties
- User Interface to Manage Logs, Monitoring, and Stats
- Authentication to Social media
Cons of CAS
- The tickets can be stolen by redirecting to malicious sites.
- May provide access to non-mapped applications
Gluu is also an open source identity management tool that supports the single sign on option, aiming to keep the platforms securely together. It offers an authorization server for web & API authentication and provides a separate directory to store identity data. Additionally, it provides a directory for identifying data storage, authentication middleware for inbound identities, two-factor authentication, and directory integration.
Features and Pros
- Supports directory integration
- Password Management
- Enabled Multi-factor Authentication
- User role management
- Social Sign-On support
Cons of Gluu
- Does not include a process mining facility
- Being more internal based and less support for external users
Pros of Authelia
- Two-factor Authentication with Yubikey based on Google Authenticator OTP
- Provides support for LDAP and Active Directory
- An attractive user interface to manage user navigation
- Works with reverse proxies
- Push Notifications With DUO
- Identity verification
- Provides better Password Management
- Password reset option with identity verification via emails.
- Access restriction after exceeded authentication attempts.
Cons of Authelia
- Lack of support for third-party app integration
Soffid offers Single Sign-On facilities at an enterprise level. It is a 100% open-source tool that targets odder security and productivity in the same solution. Soffid offers features such as identity provisioning, reporting, workflow features and also includes a unified directory. This tool is mainly written in Java while also using a little C++. There are a few components attached with Soffid: Soffid Console, Soffid Sync Server, Connectors, and other addons.
Features and Cons
- Identity governance
- Account management support with session monitoring and recording.
- Centralized administration via a web interface
- Supports third party integration
Cons of Soffid
- Less convenient user interface
So far, we have discussed some of the best SSO solutions available these days. Most of the solutions listed here are suitable for enterprise-level use cases. However, there may be quite a few features compared to paid software since they are free and open-source. This article is a good point to start engaging with SSO, as it helps to choose what exactly fits your business when carefully going through this list of software.