Amazon Cognito
Customer identity and access management service for adding user sign-up, sign-in, and authentication to apps
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Enterprise Single Sign-On and Identity Provider for Web
Open-source Java-based authentication server supporting CAS, SAML2, OAuth2, OpenID Connect, and multifactor authentication with extensive integration options for enterprise identity management.
Central Authentication Service (CAS) is a comprehensive, multilingual identity provider and single sign-on solution designed for enterprise web environments. Built on Spring Boot and Spring Cloud, CAS serves as a robust authentication server implementing multiple industry-standard protocols including CAS v1-v3, SAML v1/v2, OAuth v2, OpenID Connect, and WS-Federation.
CAS supports authentication against virtually any identity source—LDAP, RDBMS, JAAS, X.509, RADIUS, SPNEGO, JWT, MongoDB, Apache Cassandra, and more. It enables delegated authentication to external providers, implements multifactor authentication through Duo Security, YubiKey, Google Authenticator, WebAuthn FIDO2, and other methods, and offers high-availability clustering via Hazelcast, Redis, MongoDB, DynamoDB, and additional backends.
The platform includes administrative interfaces for logging, monitoring, and configuration management, supports application registration through multiple backends (JSON, LDAP, YAML, JPA, cloud services), and provides per-application theming, password management, user consent workflows, and authorization via ABAC, OPA, OpenFGA, and Grouper. Deployment options include Apache Tomcat, Jetty, Undertow, and Docker containers, with the recommended WAR Overlay method for production installations.
When teams consider Apereo CAS, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
University Campus SSO
Students and faculty authenticate once to access learning management systems, email, library resources, and administrative portals using LDAP credentials with MFA enforcement.
Enterprise SAML Identity Provider
Centralized identity provider federating access to SaaS applications like Salesforce, Google Workspace, and AWS Console using SAML2 with role-based authorization.
Multi-Protocol API Gateway Authentication
Legacy applications use CAS protocol while modern services authenticate via OAuth2/OpenID Connect, all managed through a single identity platform with Redis session clustering.
Healthcare System Access Management
Clinicians access EHR systems with X.509 certificate authentication, administrative staff use LDAP credentials, and external partners authenticate via federated SAML2 providers.
The WAR Overlay method is recommended. This approach allows you to customize CAS without cloning the entire codebase, making upgrades and maintenance easier.
Yes, CAS supports multiple MFA providers including Duo Security, YubiKey, Google Authenticator, RSA, WebAuthn FIDO2, and a built-in Simple MFA option.
Yes, CAS provides native LDAP authentication support and can authenticate users against Active Directory, OpenLDAP, and other LDAP-compliant directories.
CAS supports its native CAS protocol (v1-v3), SAML v1/v2, OAuth v2, OpenID Connect, and WS-Federation Passive Requester Protocol for comprehensive SSO coverage.
CAS supports clustered deployments using ticket registries backed by Hazelcast, Redis, Memcached, MongoDB, DynamoDb, Apache Ignite, JPA, and other distributed storage systems.
Project at a glance
ActiveLast synced 4 days ago
