37 lines
2.4 KiB
Text
37 lines
2.4 KiB
Text
|
|
=== Features
|
|
|
|
* SSO and Single Log Out for browser applications
|
|
* Social Login. Enable Google, GitHub, Facebook, Twitter, and other social providers with no code required.
|
|
* LDAP and Active Directory support.
|
|
* Optional User Registration
|
|
* Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
|
|
* Forgot password support. User can have an email sent to them
|
|
* Reset password/totp. Admin can force a password reset, or set up a temporary password.
|
|
* Not-before revocation policies per realm, application, or user.
|
|
* User session management. Admin can view user sessions and what applications/clients have an access token. Sessions can be invalidated
|
|
per realm or per user.
|
|
* Pluggable theme and style support for user facing screens. Login, grant pages, account mgmt, and admin console all
|
|
can be styled, branded, and tailored to your application and organizational needs.
|
|
* Integrated Browser App to REST Service token propagation
|
|
* OAuth Bearer token auth for REST Services
|
|
* OAuth 2.0 Grant requests
|
|
* OpenID Connect Support.
|
|
* SAML Support.
|
|
* CORS Support
|
|
* CORS Web Origin management and validation
|
|
* Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
|
|
* Admin Console for managing users, roles, role mappings, clients, user sessions and allowed CORS web origins.
|
|
* Account Management console that allows users to manage their own account, view their open sessions, reset passwords, etc.
|
|
* Deployable as a WAR, appliance, or on Openshift. Completely clusterable.
|
|
* Multitenancy support. You can host and manage multiple realms for multiple organizations. In the same auth server
|
|
and even within the same deployed application.
|
|
* Identity brokering/chaining. You can make the {{book.project.name}} server a child IDP to another SAML 2.0 or OpenID Connect IDP.
|
|
* Token claim, assertion, and attribute mappings. You can map user attributes, roles, and role names however you want
|
|
into a OIDC ID Token, Access Token, SAML attribute statements, etc. This feature allows you to basically
|
|
tailor how you want auth responses to look.
|
|
* Can support any platform that has an Open ID Connect or SAML 2.0 client adapter. {{book.project.name}} does provide
|
|
client adapters for Pure HTML5/Javascript apps, JBoss AS7, JBoss EAP 6.x, JBoss EAP 7, Wildfly, Tomcat 7,
|
|
Tomcat 8, Jetty 9.1.x, Jetty 9.2.x, and Jetty 8.1.x.
|
|
* Tons of SPIs for customizing every aspect of the server.
|
|
|