The following table lists a list of representative Open Source Identity Management Products, some of those products work in the cloud environment. Readers are encouraged to do more research to see which product fit their cloud identity needs.
| Open Source IAM Project | Description |
| WBSAgnitio provides network services, directory services, certificate services and identity management. WBSAgnitio integrates all multiple features and components in a single physical or virtual box and comes with a browser based web interface for administrative purposes. It also has web services (based on RESTful) for easy integration of an application for remote management. | |
| OpenAM is ForgeRock’s solution to host and continue development of Sun Microsystems' OpenSSO product since Oracle taken over of Sun. OpenDJ is ForgeRock’s solution to host and continue development of Sun Microsystems' OpenDS product since Oracle taken over of Sun. OpenIDM is created from scratch and borrowed a lot of ideas from Sun IDM and support Sun IDM features and functionalities and is based on OpenESB. | |
| WSO2 Identity Server is an open source identity & entitlement management server and has the following features: · Entitlement engine with XACML 2.0 support. · Claim based security token service. · Information Cards provider supporting managed Information Cards backed by user name / password and self-issued cards. · Information Cards support for SAML 1.1/2.0. · OpenID provider. · Multi-factor authentication with Information Cards · Extension points for SAML assertion handling. WSO2 offers Identity as Service and other cloud service via its WSO2 Stratos brand. | |
| OpenIAM provides three open source IAM products: · Identity Manager for user life cycle management, · Access Manager for multifactor authentication, coarse and fine grained authorization, XACML 2 support, Single Sign On, Identity Federation, and Integration with development frameworks such as Spring Security. · Entitlement Server for RBAC and ABAC using XACML. | |
| SourceID is an open source multi-protocol project for enabling identity federation and cross-boundary security and enables cross-boundary single sign-on, dynamic user provisioning and identity attribute sharing. | |
| Shibboleth  | Shibboleth is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. Key concepts within Shibboleth include: Federated Administration, Access Control Based On Attributes, Active Management of Privacy and used OpenSAML. |
| | OpenSAML is a set of open source Java and C++ libraries that are fully consistent with the SAML 1.0 and 1.1 CR specifications. |
| The Central Authentication Server (CAS) is an single sign-on authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS became a Jasig project in December 2004. | |
| OpenSPML | The toolkit offers an easy-to-use interface for configuring, issuing and interpreting standards-compliant provisioning requests across diverse identity infrastructures. |
| A reference implementation of the Reputation Management Framework (RMF). OpenPrivacy's core project is designed to ease the process of creating community with reputation enhanced pseudonymous entities. The RMF is primarily a set of four interfaces: Nym Manager, Communications Manager, Storage Manager and Reputation Calculation Engine (RCE). | |
| The primary goal of the NMI-EDIT Consortium, part of the NSF Middleware Initiative (NMI), is to improve the productivity of the research and education community through development, testing, and dissemination of architectures, software, and practices in the areas of identity and access management. The NMI-EDIT’s efforts comprise a coordinated set of core middleware tools in the areas of identity and access management architectures, standards for deployments, related directory schemas, and tools. Current major projects include the collaboration management platform, groups management toolkit, and the Shibboleth single sign-on and federating software. | |
| Spring Security provides your applications with comprehensive authentication, authorization, instance-based access control, channel security and human user detection capabilities. Spring Security offers support for SAML, Kerberos, and oAuth. | |
| JOSSO, or Java Open Single Sign-On, is an open source J2EE-based SSO infrastructure aimed to provide a solution for centralized platform neutral user authentication. JOSSO supports SAML and can be integrated with Spring Security for fine grained access control. | |
| JPAM is a Java-PAM bridge. PAM, or Pluggable Authentication Modules, is a standard security architecture used on Unix, Linux and Mac OS X systems. JPAM permits the use of PAM authentication facilities by Java applications running on those platforms. | |
| The Open Web SSO project provides core identity services to facilitate the implementation of transparent single sign on as an infrastructure security component. The goal of Open Web SSO project is to provide an extensible implementation of identity services infrastructure that will facilitate single sign on for web applications hosted on web and application servers. This project is based on the code base of Sun Java(tm) System Access Manager product. | |
| This project is developing an extensible, platform-independent, identity protocol-independent, software framework to support existing and new applications that give users more convenience, privacy and control over their identity information. In addition Higgins aims on providing a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries. It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles. | |
| A library that allows you to OpenID-enable your Java web application. | |
| Based on OpenLDAP, Fortress is a suite of IAM products for authentication, authorization and auditing. The following is the list of the product. Fortress – (Core) Free download Commander – (Fortress Admin GUI) Sentry – (OpenLDAP Admin GUI) En Masse – (Policy Server) Perimeter – (SSO Server) Patroller – (Audit Viewer) | |
| The project was initiated by Rutgers University in Mar 2008, late became a Jasig Incubator project in Jan 2009, and in late 2009, SFU joined the project. The project has solid data model and its major focus is on User Provisioning and De-Provisioning workflow. |
Nice list! openIDM will support RuBAC aswell, afaik.
ReplyDeleteNice listing, however this page is rendering poorly in IE7.
ReplyDeleteHi,
ReplyDeleteThis site had made easy to know what are the open source project.Thanks a lot.
Good reference info, thanks. Any ideas as to installation base for the above products?
ReplyDeleteSyncope is also an Open source IdM tool!
ReplyDeletehttp://code.google.com/p/syncope/
Hi there, Here in the Netherlands we have this product called A-select http://www.aselect.org/home.html which is open source IDM. There are a few offshoots of this Open source product like SIAM (dutch) http://www.anoigo.nl/?page_id=10. Both A-select and SIAM can be downloaded at the European Union Open Source Repository http://osor.eu. (just search).
ReplyDeleteThis is mature software with large implementations as part of federations (used in education and government and health) or as Identity Middleware.
Hi. Check simplesamlphp (http://simplesamlphp.org/) and uniquid (http://www.yaco.es/uniquid/)
ReplyDeleteAlso take a look of this list of identity software:
http://www.360tek.com/identity_links.php
;)
Hey Ken,
ReplyDeleteThanks for the listing, if anyone needs help with Fortress let us know.
KP Joshuatreesoftware.us
Does anyone have any data on useage and deployments of these pacages as a way to assess popularity?
ReplyDeleteNice Blog keep sharing more information about furniture.
ReplyDeleteOpen Source Management Software