=== Features * Single-Sign On and Single-Sign Out for browser applications. * OpenID Connect support. * OAuth 2.0 support. * SAML support. * Identity Brokering - Authenticate with external OpenID Connect or SAML Identity Providers. * Social Login - Enable login with Google, GitHub, Facebook, Twitter, and other social networks. * User Federation - Sync users from LDAP and Active Directory servers. * Kerberos bridge - Automatically authenticate users that are logged-in to a Kerberos server. * Admin Console for central management of users, roles, role mappings, clients and configuration. * Account Management console that allows users to centrally manage their account. * Theme support - Customize all user facing pages to integrate with your applications and branding. * Two-factor Authentication - Support for TOTP/HOTP via Google Authenticator or FreeOTP. * Login flows - optional user self-registration, recover password, verify email, require password update, etc. * Session management - Admins and users themselves can view and manage user sessions. * Token mappers - Map user attributes, roles, etc. how you want into tokens and statements. * Not-before revocation policies per realm, application and user. * CORS support - Client adapters have built-in support for CORS. {% if book.community %} * Service Provider Interfaces (SPI) - A number of SPIs to enable customizing various aspects of the server. Authentication flows, user federation providers, protocol mappers and many more. * Client adapters for JavaScript applications, WildFly, JBoss EAP, Fuse, Tomcat, Jetty, Spring, etc. {% endif %} {% if book.product %} * Client adapters for JavaScript applications, JBoss EAP, Fuse, etc. {% endif %} * Supports any platform/language that has an OpenID Connect Resource Provider library or SAML 2.0 Service Provider library.