Open Source Java Authentication Software

A java LDAP client with LDIF support, security (inc SSL, SASL & GSSAPI), translated into many languages (inc. Chinese), online help, user forms and many other features. The commercial version is available at https://jxworkbench.com for $9.95. It extends JXplorer to include: - custom LDAP reporting - to pdf, word etc. - Find and Replace with regexp and attribute substitution - A secure password vault to store directory connections - etc. Support for JXplorer and JXWorkbench is available at http://jxplorer.org. Commercial support available from sales@jxworkbench.com

EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.

Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box. You'll even get advanced features such as User Federation, Identity Brokering and Social Login. Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. Users authenticate with Keycloak rather than individual applications. This means that your applications don't have to deal with login forms, authenticating users, and storing users. Once logged-in to Keycloak, users don't have to login again to access a different application. This also applied to logout. Keycloak provides single-sign out, which means users only have to logout once to be logged-out of all applications that use Keycloak.

Aegis Authenticator is a free and open-source two-factor authentication (2FA) app for Android that helps users secure their online accounts by generating cryptographic one-time passwords (OTPs) such as TOTP and HOTP codes. Unlike many proprietary MFA apps, Aegis is designed with user privacy and local control in mind, storing secrets only on the device in an encrypted vault protected by PIN or biometric unlock, and offering features like backups encrypted with a user-chosen passphrase. It supports importing accounts from QR codes, exporting encrypted backups for safe storage, and grouping or labeling tokens so managing dozens of accounts is simple. Aegis also offers options for custom token configuration, including changing issuer names, digits, and intervals, and includes a robust recovery mechanism in case a device is lost. It has a material design interface that makes navigation intuitive, and its open-source license ensures transparency.

Open source two-factor authentication for Android. It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code. This project started out as a fork of the great OTP Authenticator app written by Bruno Bierbaumer, which has sadly been inactive since 2015. By now almost every aspect of the app has been changed/re-written so the fork status of the Github repository got detached upon user request. But all credit for the original version and for starting this project still goes to Bruno.

Welcome to the home of the Apereo Central Authentication Service project, more commonly referred to as CAS. CAS is an enterprise multilingual single sign-on solution and identity provider for the web and attempts to be a comprehensive platform for your authentication and authorization needs. CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name hosted here, with support for a plethora of additional authentication protocols and features. Monitor and track application and system behavior, statistics and metrics in real-time. Manage and review audits and logs centrally, and publish data to a variety of downstream systems. Manage and register client applications and services with specific authentication policies. Cross-platform client support (Java, .NET, PHP, Perl, Apache, etc).

Maxkey Single Sign On System, which means the Maximum key, Leading-Edge IAM/IDaas Identity and Access Management product, supports OAuth 2.x/OpenID Connect, SAML 2.0, JWT, CAS, SCIM, and other standard protocols, and provide Secure, Standard and Open Identity management (IDM), Access management (AM), Single Sign On (SSO), RBAC permission management and Resource management. MaxKey focuses on performance, security, and ease of use in enterprise scenarios, is widely used in industries such as healthcare, finance, government, and manufacturing.

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is found in how easily it can be extended to meet custom requirements. Spring Security uses a Gradle-based build system. In the instructions, ./gradlew is invoked from the root of the source tree and serves as a cross-platform, self-contained bootstrap mechanism for the build. Be sure that your JAVA_HOME environment variable points to the jdk-11 folder extracted from the JDK download.

The WiKID Strong Authentication System is a public-key based two-factor authentication system. It is a flexible, extensible, and secure alternative to tokens, certs and passwords. Application & API support exists for Java, ASP, PHP, Ruby, OpenVPN, TACACS+, etc. Read our eGuide on how to setup your network with two-factor authentication: http://www.wikidsystems.com/learn-more/two-factor-authentication-white-papers

An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps).

A fast, comprehensive, and easy-to-use Java API for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communication.

SecurityFilter is a Java Servlet Filter that mimics the behavior and configuration format of container managed security, with several development and deployment advantages. See the Home Page for more details.

IdMUnit is an xUnit automated testing framework for Identity Management solutions.

jabook is an addressbook front-end for an LDAP server. It has multiple schema support via XML mapping, and multiple directory support for contact categorization.

An open source project originally designed to provide the University of Michigan with a secure single sign-on web authentication system. Cosign is part of the National Science Foundation Middleware Initiative (NMI) EDIT software release.

An Eclipse plugin for browsing and editing LDAP directories. Includes: tree-based DIT-browser, entry editor, spreadsheet-like search result editor, schema browser, LDIF support and a rich LDIF editor.

Identity and service provisioning software component allows service developers to automate the creation, modification and deletion of users' identity and service subscription information on multiple disparate identity stores.

Jamm (Java Mail Manager) is a web application to manage virtual email account information stored in an LDAP directory. It is meant as an administration tool for sites using mail servers, such as Postfix and Courier-IMAP.

JellyFish is a toolkit for persisting Java objects to LDAP. Its goals are similar to those of Java Data Objects(JDO), but it targets JNDI instead of JDBC. JellyFish has a built-in filesystem JNDI provider, so you do not need an LDAP server to try it.

A free java printer management tool for larger companies. You can use it to browse your network printers using your ldap directory (active directory supported), check printed pages,and generate reports. Runs on Windows, UNIX, Mac OS.

This is a demonstration of integrating the CAPTCHA service from http://recaptcha.org with Oracle Single-Sign-On. It can be used in production OSSO deployments, and also as an example of integrating any 3rd party authentication system with OSSO.

MyVD is an open source virtual directory that allows for the virtual integration of identity data NOTE - This project is now maintained on GitHub at https://github.com/tremolosecurity/myvirtualdirectory - this repository is no longer maintained..

The Node Director is a tool for managing distributed, hetergeneous UNIX Systems. Its functionality includes System Configuration, Application Distribution, NIS & NIS+ Management, User Creation and Dynamic System Documentation.

LDAP Account Sync project's goal is to synchronize windows user account information and passwords in a OpenLDAP server. This is not authorization, but rather synchronization of the account information. This service can be used for single login site

OAproject implements a plataform to allow applications to interact. Apps using the platform send/receive messages through a message oriented middleware. Main features are a Single Sign On (SSO), Identity Management System (IMS) and a provisioning system