Open Source Identity Management Solutions written in Java

The Identity Management (IM) is an integrated system of business processes, policies and technologies that enable organizations to facilitate and control their users' access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users. The main concept of Identity Management are trust, authentication, provisioning, authorization, and directories.

• Acegi Security System for Spring - Acegi Security is an open source project that provides comprehensive authentication and authorisation services for enterprise applications based on The Spring Framework. Acegi Security can authenticate using a variety of pluggable providers, and can authorise both web requests and method invocations. Acegi Security provides an integrated security approach across these various targets, and also offers access control list (ACL) capabilities to enable individual domain object instances to be secured. At an implementation level, Acegi Security is managed through Spring inversion of control and lifecycle services, and actually enforces security using interception through servlet Filters and Java AOP frameworks. In terms of AOP framework support, Acegi Security currently supports AOP Alliance (which is what the Spring IoC container uses internally) and AspectJ, although additional frameworks can be easily supported.
  
  
      
• Atlassian Seraph - Seraph is a very simple, pluggable J2EE web application security framework. It is developed and maintained primarily by Atlassian, who use it in their products, JIRA and Confluence.
      
• CAS Generic Handler - CAS Generic Handler is a plugin giving CAS (ITS Central Authentication Service) the ability to authenticate users with different methods (LDAP, database, files, NIS, ...).
  
  CAS GH is 100% Java software. It was originally written by Jean-Baptiste Daniel (while student at University of Rennes 1), then it was completly rewritten and is currently maintained by Pascal Aubry (University of Rennes 1) under the scope of the ESUP-Portail consortium.
  
  
      
• Gabriel - Gabriel is a security framework for Java. By using access control lists and permissions, Gabriel enables components to check access to actions. On top of that Gabriel protects methods like EJB does but without the overhead. It distinguishes itself from other frameworks by the ease of use with a small API and by mapping method access to permissions instead of persons.
  
  
      
• JOSSO - JOSSO - Java Open Single Sign-On - is an open source J2EE-based SSO infrastructure aimed to provide a solution for centralized platform neutral user authentication and authorization.
      
• JPAM - Jpam is a Java-PAM bridge. PAM, or Pluggable Authentication Modules, is a standard security architecture used on Linux, Solaris, Mac OS X and other Unix systems.
  
  JPAM permits the use of PAM authentication facilities by Java applications running on those platforms.
  
  These facilities include:
  
  account
  auth
  password,
  session
  
  
      
• jSai - jSai (pronounced jay-say) is iPOVs home grown Servlet Authentication Implementation. jSai is implemented completely using J2SE + Servlet technology; no J2EE Application Server needed. jSai supports basic JDBC and XML backed user stores, as well as an LDAP user store. jSai provides developers with the application level security they want and need for small and medium size web applications; avoiding the complex setup in other security implementations that are aimed at large enterprise applications.
      
• Kasai - Kasai is a 100% Java based authentication and authorization framework. It allows you to integrate into your application a granular, complete and manageable permission scheme. The goal of the framework is to provide a simple-to-use-yet-powerful security environment for multi-user applications. Unlike JAAS, Kasai provides a much higher security abstraction, its targeted at the specific security requirements that arise in real-life applications such as Intranets, ERPs, CRMs, document managers, accounting systems, etc.
  
  
      
• Novell Nsure UDDI Server - Novell Nsure UDDI Server is a UDDI version 2.0 registry, that leverages a directory backend to manage registry content and control access to it. It offers secure access (authentication and authorization) to UDDI registry entries, unified account management, and distribution of the registry content leveraging Directory Services, and offers great value for public as well as private UDDI registry deployments. Leveraging LDAP directory backend for UDDI is a natural fit, as UDDI is the new face of a directory in a web services environment.
  
  
  
  NSure UDDI Server is a cross-platform Java implementation that can be deployed on any J2EE Servlet container, and has been tested with Tomcat and JBoss.
  
      
• NSF Middleware Initiative - The National Science Foundation Middleware Initiative (NMI) addresses a critical need for software infrastructure to support scientific and engineering research. Begun in late 2001, NMI funds the design, development, testing, and deployment of middleware, a key enabling technology upon which customized applications are built. Specialized NMI teams are defining open-source, open-architecture standards that are creating important new avenues of on-line collaboration and resource sharing. In addition to the production-quality software and implementation standards created by those large systems-integration teams, NMI funds smaller projects that focus on experimental middleware applications. (NSF has an on-line list of prior NMI awards.)
  
      
• Open Web SSO - The Open Web SSO project provides core identity services to facilitate the implementation of transparent single sign on as an infrastructure security component. Targeted towards the web tier, this project provides the foundation for achieving seamless integration of diverse web applications that typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers. This project is based on the code base of Sun Java(tm) System Access Manager product, a core identity infrastructure product offered by Sun Microsystems.
  
  
      
• OpenPrivacy - The OpenPrivacy initiative is an Open Source collection of software frameworks, protocols and services providing a cryptographically secure and distributed platform for creating, maintaining, and selectively sharing user profile information.
  
  In effect, OpenPrivacy is the first open platform that enables user control over personal data while simultaneously - and at user discretion - providing marketers with access to higher quality profile segments
  
      
• OpenSAML - OpenSAML is a set of open-source libraries in Java and C++ which can be used to build, transport, and parse SAML messages. OpenSAML is able to store the individual information fields that make up a SAML message, build the correct XML representation, and parse XML back into the individual fields before handing it off to a recipient. OpenSAML supports the SOAP binding for the exchange of SAML request and response objects (C++ supports requesting only). It provides additional help in supporting the SAML browser/POST profile for web single sign-on. It does not currently provide any additional support for the artifact profile, but provides the machinery needed to implement it in other software. All core SAML constructs are now supported to some degree.
  
  
      
• OpenSPML - OpenSPML is a site dedicated to the promotion and distribution of an open source client code that supports the Service Provisioning Markup Language (SPML) and provides an open interface to service provisioning activities. OpenSPML is a cooperative initiative by independent software vendors and implementers of the SPML version 1.0 specification. Initially developed in Java™, the OpenSPML client code is expected to be available in other languages in the near future.
  
  
      
• Shaj - Shaj (Simple Host Authentication for Java) is a simple library that allows your Java app to verify users with the underlying operating system. Shaj also allows you to check group membership. Shaj is not a competitor for full featured authentication APIs but rather a complimentary way to piggyback on system accounts on any platforms.
  
  Shaj is used in FishEye for local account authentication, hence it is in use on most flavours of Windows and *NIX.
  
  Shaj currently supports Windows and Unix (PAM), and comes with pre-compiled JNI libraries for win32, Linux, Mac OS-X and Solaris. Shaj should work on Java 1.2+ JVMs. Shaj is written in C and Java.
  
  
      
• Shibboleth - When you want to share secured online services or access restricted digital content, the Shibboleth system offers a powerful, scalable, and easy-to-use solution. It leverages campus identity and access management infrastructures to authenticate individuals and then sends information about them to the resource site, enabling the resource provider to make an informed authorization decision. Shibboleth software is at work today providing this capability—its a powerful, secure, standards-based and userfriendly, interrealm access-control solution for research and education.
  
  
  The Shibboleth system provides a standards-based link between existing campus authentication systems and resource providers of all kinds. For example, when a student requests access to a protected video clip, her home organization (origin site) requests her to authenticate (if she has not done so already) and then passes on the information that she is enrolled in Biology 562 to the site housing the video.
  
      
• Sun Interoperability Prototype for Liberty - Interoperability Prototype for Liberty is the first open-source implementation of the Liberty Alliance Version 1.0 specification based on Java technology. IPL consists of sample Java source code libraries, implementing the Liberty version 1.0 specification, and is not designed for commercial deployment. IPL is licensed as open source under the Sun Microsystems Open Source License.
  
      
• SunXACML - XACML, the eXtensible Access Control Markup Language, is an OASIS standard. Originally ratified in Februrary 2003, it is currently at version 1.1 and a final 2.0 specification is expected at the end of summer 2004. XACML is a standard language for expressing access control, or authorization, policy, and a standard format for expressing queries over these policies. For a high-level description of XACML, look at the first section of the programmers guide.
      
• Yale CAS - Technology & Planning exists to promote effective technical planning within Yale ITS. Our work ranges from recommendations regarding longer-term architectural directions to immediate development of concrete project deliverables to solve current and expected problems.