Browse free open source Authentication software and projects below. Use the toggles on the left to filter open source Authentication software by OS, license, language, programming language, and project status.

  • Simplify IT and security with a single endpoint management platform Icon
    Simplify IT and security with a single endpoint management platform

    Automate the hardest parts of IT

    NinjaOne automates the hardest parts of IT, delivering visibility, security, and control over all endpoints for more than 20,000 customers. The NinjaOne automated endpoint management platform is proven to increase productivity, reduce security risk, and lower costs for IT teams and managed service providers. The company seamlessly integrates with a wide range of IT and security technologies. NinjaOne is obsessed with customer success and provides free and unlimited onboarding, training, and support.
    Learn More
  • No-Nonsense Code-to-Cloud Security for Devs | Aikido Icon
    No-Nonsense Code-to-Cloud Security for Devs | Aikido

    Connect your GitHub, GitLab, Bitbucket, or Azure DevOps account to start scanning your repos for free.

    Aikido provides a unified security platform for developers, combining 12 powerful scans like SAST, DAST, and CSPM. AI-driven AutoFix and AutoTriage streamline vulnerability management, while runtime protection blocks attacks.
    Start for Free
  • 1
    *NOTE* Migrated to http://github.com/cracklib/cracklib Next generation version of libCrack password checking library. As of Oct 2008 (reflected in 2.8.15 code release), licensed under LGPL.
    Leader badge
    Downloads: 2,972 This Week
    Last Update:
    See Project
  • 2
    JXplorer - A Java Ldap Browser

    JXplorer - A Java Ldap Browser

    Mature LDAP, LDIF and DSML client with i18n support.

    A java LDAP client with LDIF support, security (inc SSL, SASL & GSSAPI), translated into many languages (inc. Chinese), online help, user forms and many other features. The commercial version is available at https://jxworkbench.com for $9.95. It extends JXplorer to include: - custom LDAP reporting - to pdf, word etc. - Find and Replace with regexp and attribute substitution - A secure password vault to store directory connections - etc. Support for JXplorer and JXWorkbench is available at http://jxplorer.org. Commercial support available from sales@jxworkbench.com
    Leader badge
    Downloads: 873 This Week
    Last Update:
    See Project
  • 3
    LDAP Admin
    Windows LDAP editor, includes support for POSIX groups and accounts, SAMBA accounts, some Postfix objects and more
    Leader badge
    Downloads: 611 This Week
    Last Update:
    See Project
  • 4
    Gobuster

    Gobuster

    Directory/File, DNS and VHost busting tool written in Go

    Gobuster is a tool used to brute-force. This project is born out of the necessity to have something that didn't have a fat Java GUI (console FTW), something that did not do recursive brute force, something that allowed me to brute force folders and multiple extensions at once, something that compiled to native on multiple platforms, something that was faster than an interpreted script (such as Python), and something that didn't require a runtime. Provides several modes, like the classic directory brute-forcing mode, DNS subdomain brute-forcing mode, the mode that enumerates open S3 buckets and looks for existence and bucket listings, and the virtual host brute-forcing mode (not the same as DNS!). Since this tool is written in Go you need to install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options. You need at least go 1.16.0 to compile gobuster.
    Downloads: 102 This Week
    Last Update:
    See Project
  • Gen AI apps are built with MongoDB Atlas Icon
    Gen AI apps are built with MongoDB Atlas

    Build gen AI apps with an all-in-one modern database: MongoDB Atlas

    MongoDB Atlas provides built-in vector search and a flexible document model so developers can build, scale, and run gen AI apps without stitching together multiple databases. From LLM integration to semantic search, Atlas simplifies your AI architecture—and it’s free to get started.
    Start Free
  • 5
    Keycloak

    Keycloak

    Identity and access management for modern applications and services

    Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box. You'll even get advanced features such as User Federation, Identity Brokering and Social Login. Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. Users authenticate with Keycloak rather than individual applications. This means that your applications don't have to deal with login forms, authenticating users, and storing users. Once logged-in to Keycloak, users don't have to login again to access a different application. This also applied to logout. Keycloak provides single-sign out, which means users only have to logout once to be logged-out of all applications that use Keycloak.
    Downloads: 47 This Week
    Last Update:
    See Project
  • 6
    EJBCA, JEE PKI Certificate Authority
    EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.
    Leader badge
    Downloads: 161 This Week
    Last Update:
    See Project
  • 7
    Step Certificates

    Step Certificates

    A private certificate authority (X.509 & SSH) & ACME server

    Open Source step-ca provides the infrastructure, automations, and workflows to securely create and operate a private certificate authority. step-ca makes it easy for developers, operators and security teams to manage certificates for production workloads. Get a public key infrastructure and certificate authority running in minutes. Automate enrollment using ACME, OIDC, one-time tokens, cloud APIs and more. Use systemD timers, daemon mode, cron jobs, CI/CD, and more to automate certificate management. Build and operate systems using secure open standards (e.g. X.509, mTLS, JWT, OAuth, OIDC). step-ca is an online certificate authority for secure, automated certificate management. For people, in exchange for single sign-on ID tokens. For hosts, in exchange for cloud instance identity documents. Whatever your use case, step-ca is easy to use and hard to misuse.
    Downloads: 18 This Week
    Last Update:
    See Project
  • 8
    andOTP

    andOTP

    Open source two-factor authentication for Android

    Open source two-factor authentication for Android. It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code. This project started out as a fork of the great OTP Authenticator app written by Bruno Bierbaumer, which has sadly been inactive since 2015. By now almost every aspect of the app has been changed/re-written so the fork status of the Github repository got detached upon user request. But all credit for the original version and for starting this project still goes to Bruno.
    Downloads: 18 This Week
    Last Update:
    See Project
  • 9
    Central Authentication Service (CAS)

    Central Authentication Service (CAS)

    Identity & Single Sign On for all earthlings and beyond

    Welcome to the home of the Apereo Central Authentication Service project, more commonly referred to as CAS. CAS is an enterprise multilingual single sign-on solution and identity provider for the web and attempts to be a comprehensive platform for your authentication and authorization needs. CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name hosted here, with support for a plethora of additional authentication protocols and features. Monitor and track application and system behavior, statistics and metrics in real-time. Manage and review audits and logs centrally, and publish data to a variety of downstream systems. Manage and register client applications and services with specific authentication policies. Cross-platform client support (Java, .NET, PHP, Perl, Apache, etc).
    Downloads: 12 This Week
    Last Update:
    See Project
  • Powering the best of the internet | Fastly Icon
    Powering the best of the internet | Fastly

    Fastly's edge cloud platform delivers faster, safer, and more scalable sites and apps to customers.

    Ensure your websites, applications and services can effortlessly handle the demands of your users with Fastly. Fastly’s portfolio is designed to be highly performant, personalized and secure while seamlessly scaling to support your growth.
    Try for free
  • 10
    truffleHog

    truffleHog

    Searches through git repositories for high entropy strings and secrets

    truffleHog searches through git repositories for high entropy strings and secrets, digging deep into commit history. TruffleHog runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs. Secrets can be found anywhere, so TruffleHog scans more than just code repositories, including SaaS and internally hosted software. With support for custom integrations and new integrations added all the time, you can secure your secrets across your entire environment. TruffleHog is developed by a team entirely comprised of career security experts. Security is our passion and primary concern, and all features are developed with best practices in mind. TruffleHog enables you to track and manage secrets within our intuitive management interface, including links to exactly where secrets have been found. TruffleHog runs quietly in the background, continuously scanning your environment for secrets.
    Downloads: 12 This Week
    Last Update:
    See Project
  • 11
    Authelia

    Authelia

    The Single Sign-On Multi-Factor portal for web apps

    Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies. With a compressed container size smaller than 20 megabytes and observed memory usage normally under 30 megabytes, it's one of the most lightweight solutions available. Written in Go and React, authorization policies and many other backend tasks are completed in mere milliseconds and login portal loading times of 100 milliseconds makes it one of the fastest solutions available. Processors can use a lot of electricity, but when idle usage is basically so low that you can't measure it, and active usage in a small business environment being under 1% you can rest easy (with the exclusion of password hashing).
    Downloads: 11 This Week
    Last Update:
    See Project
  • 12
    ORY Oathkeeper

    ORY Oathkeeper

    A cloud native Identity & Access Proxy / API (IAP)

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. The BeyondCorp Model is designed by Google and secures applications in Zero-Trust networks. An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable of authenticating and optionally authorizing access requests. The Access Control Decision API can be deployed alongside an existing API Gateway or reverse proxy. Ory offers a support plan for Ory Network Hybrid, including Ory on private cloud deployments. If you have a self-hosted solution and would like help, consider a support plan! The team at Ory has years of experience in cloud computing. Ory's offering is the only official program for qualified support from the maintainers.
    Downloads: 9 This Week
    Last Update:
    See Project
  • 13
    Sentry

    Sentry

    Cross-platform application monitoring and error tracking software

    Sentry is a cross-platform, self-hosted error monitoring solution that helps software teams discover, monitor and fix errors in real-time. The most users and logs will have to provide are the clues, and Sentry provides the answers. Sentry offers enhanced application performance monitoring through information-laden stack traces. It lets you build better software faster and more efficiently by showing you all issues in one place and providing the trail of events that lead to errors. It also provides real-time monitoring and data visualization through dashboards. Sentry’s server is in Python, but its API enables for sending events from any language, in any application. More than fifty-thousand companies already ship better software faster thanks to Sentry; let yours be one of them!
    Downloads: 9 This Week
    Last Update:
    See Project
  • 14
    Better Auth

    Better Auth

    The most comprehensive authentication library for TypeScript

    Better Auth is framework-agnostic authentication (and authorization) library for TypeScript. It provides a comprehensive set of features out of the box and includes a plugin ecosystem that simplifies adding advanced functionalities with minimal code in a short amount of time. Whether you need 2FA, multi-tenant support, or other complex features. It lets you focus on building your actual application instead of reinventing the wheel.
    Downloads: 8 This Week
    Last Update:
    See Project
  • 15
    Fail2Ban

    Fail2Ban

    Daemon to ban hosts that cause multiple authentication errors

    Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
    Downloads: 8 This Week
    Last Update:
    See Project
  • 16
    nuBuilder Forte

    nuBuilder Forte

    nuBuilder Forte is a cloud database builder.

    nuBuilder Forte is the 4th version of nuBuilder. A open-source browser-based tool created for developing web-based database applications. nuBuilder uses either MySQL or MariaDB databases and gives its users the ability to do database operations like... • Search, Create, Insert, Read, Update, Delete ✪ With low-code tools that create ... - Forms with the Form Builder - Fast Reports - Database queries with the SQL Builder - Customised date and number formats with the Format Builder - Calculated fields with the Formula Builder - Email Templates - Move and resize objects. - Further customisation that can be done with JavaScript and PHP. ✪ nuBuilder stores all forms, reports, company data and PHP/JavaScript code in MySQL. You can backup your entire application within a single database file. ✪ Easy installation: - Download and unzip the nuBuilder files - Upload to your webserver - Create a database (e.g. nubuilder4) and optionally a user - Make a copy of
    Downloads: 35 This Week
    Last Update:
    See Project
  • 17
    Google Auth Library

    Google Auth Library

    Google Auth Library for Node.js

    This is Google's officially supported node.js client library for using OAuth 2.0 authorization and authentication with Google APIs. Use Application Default Credentials when you use a single identity for all users in your application. Especially useful for applications running on Google Cloud. Application Default Credentials also support workload identity federation to access Google Cloud resources from non-Google Cloud platforms. Use JWT when you are using a single identity for all users. Especially useful for server->server or server->API communication. Use workload identity federation to access Google Cloud resources from Amazon Web Services (AWS), Microsoft Azure or any identity provider that supports OpenID Connect (OIDC). Use workforce identity federation to access Google Cloud resources using an external identity provider (IdP) to authenticate and authorize a workforce—a group of users, such as employees, partners, and contractors.
    Downloads: 7 This Week
    Last Update:
    See Project
  • 18
    Kanidm

    Kanidm

    Kanidm: A simple, secure, and fast identity management platform

    Kanidm is a simple and secure identity management platform, allowing other applications and services to offload the challenge of authenticating and storing identities to Kanidm. The goal of this project is to be a complete identity provider, covering the broadest possible set of requirements and integrations. You should not need any other components (like Keycloak) when you use Kanidm - we already have everything you need. To achieve this we rely heavily on strict defaults, simple configuration, and self-healing components. This allows Kanidm to support small home labs, families, small businesses, and all the way to the largest enterprise needs. If you want to host your own authentication service, then Kanidm is for you.
    Downloads: 7 This Week
    Last Update:
    See Project
  • 19
    Pow

    Pow

    Robust, modular, and extendable user authentication system

    Pow is a robust, modular, and extendable authentication and user management solution for Phoenix and Plug-based apps. Pow is built to be modular, and easy to configure. The configuration is passed to function calls as well as plug options, and they will take priority over any environment configuration. It's ideal in case you got an umbrella app with multiple separate user domains. The easiest way to use Pow with Phoenix is to use a :otp_app in function calls and set the app environment configuration. It will keep a persistent fallback configuration that you configure in one place. Pow ships with a session plug module. You can easily switch it out with a different one. Pow is extremely modular and fully customizable. As your platform scales, each moving part can be modified or replaced ad-hoc. Several extensions are included in Pow so you with no effort can add secure features to your app.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 20
    Uptrace

    Uptrace

    Open source APM: OpenTelemetry traces, metrics, and logs

    Uptrace is an open-source APM tool that supports distributed tracing, metrics, and logs. You can use it to monitor applications and set up automatic alerts to receive notifications via email, Slack, Telegram, and more. Uptrace is an open-source APM that supports OpenTelemetry tracing, metrics, and logs. You can use it to monitor applications and set up alerts to receive notifications via email, Slack, Telegram, and more. Uptrace collects and analyzes data from a variety of sources, including servers, databases, cloud providers, monitoring tools, and custom applications. It provides a unified view of the entire technology stack, enabling you to monitor the performance, availability, and health of your systems in real-time. Uptrace allows to monitor your whole application stack on a compact and informative dashboard. You get a quick overview for all your services, hosts, and systems.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 21
    Apache APISIX

    Apache APISIX

    The cloud-native API gateway

    Provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more. Based on the Nginx library and etcd. Cloud-native microservices API gateway, delivering the ultimate performance, security, open source and scalable platform for all your APIs and microservices. Apache APISIX is based on Nginx and etcd. Compared with traditional API gateways, APISIX has dynamic routing and plug-in hot loading, which is especially suitable for API management under micro-service system. You can use Apache APISIX as a traffic entrance to process all business data, including dynamic routing, dynamic upstream, dynamic certificates, A/B testing, canary release, blue-green deployment, limit rate, defense against malicious attacks, metrics, monitoring alarms, service observability, service governance, etc.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 22
    Auth.js

    Auth.js

    Authentication for the Web

    Auth.js is a set of open-source packages that are built on standard Web APIs for authentication in modern applications with any framework on any platform in any JS runtime.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 23
    Howdy For Linux

    Howdy For Linux

    Windows Hello style facial authentication for Linux

    Howdy provides Windows Hello™ style authentication for Linux. Use your built-in IR emitters and camera in combination with facial recognition to prove who you are. Using the central authentication system (PAM), works everywhere you would otherwise need your password: Login, lock screen, sudo, su, etc.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 24
    ZITADEL

    ZITADEL

    Identity infrastructure, simplified for you

    Secure authentication management for your application. Customize as you grow, with easy APIs and programmable workflows. Focus on growing, your login is in good hands. Streamline your application development with our all-in-one identity suite. Designed for all user types, be it consumers, businesses, or employees. Offload complex tasks by using our API as solid abstractions. Benefit from an adaptable identity infrastructure with custom code extensions and robust security defaults.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 25
    appwrite

    appwrite

    Secure Backend Server for Web, Mobile & Flutter Developers

    Appwrite is a self-hosted and cloud backend-as-a-service platform that provides developers with all the core APIs required to build any application. Build your entire backend within minutes and scale effortlessly using Appwrite's open-source platform. Add Authentication, Databases, Functions, Storage, and Messaging to your projects using the frameworks and languages of your choice.
    Downloads: 5 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • 4
  • 5
  • Next
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.