...
- SimpleSAMLphp
- Shibboleth
- OpenConext
- PerunComanage
- COmanage
Authentication tools
Authentication technologies are the software and libraries that can be used to allow users to authenticate, and optionally if allowed by the identity provider and requested by the service provider, providing the identity information to another service.
Shibboleth | LCMAPS | Kerberos | Moonshot | simpleSAMLphp | UNITY | |
|---|---|---|---|---|---|---|
Authentication workflow | Password, RemoteUser, RemoteUserInternal, X509, X509Internal, SPNEGO/Kerberos, IPAddress,External | X.509 proxy certificate | Username/password, OTP,Kerberos ticket | Username/password (any RADIUS EAP- supported mechanism) | Username/password from user repository (SQL/LDAP/ RADIUS), X509 authentication through userCertificate, LDAP, social media | Username/Passwor d, Client Certificate, LDAP, Social Media |
| Supported standards | SAML 1.1/2.0, X509, Kerberos, LDAP, SQL | X.509 (RFC5280 and RFC3820), VOMS | RFC 4121,RFC 4120 | RFC3748, RFC5247, RFC7055 | SAML 1.1/2.0, X509, OpenID, OAuth 2.0, Kerberos, VOOT, SQL, LDAP, RADIUS | SAML 1.1/2.0, X.509, OIDC, LDAP |
HA deployment | yes | Deployed in the service | Yes | RADIUS service can be run in HA environments | Yes, through multiple memcached service instances | Yes, relying on database layer |
| Licence | Open Source | Open Source | Open Source | Open Source | Open Source | Open Source |
| Expected support level | Supported by the Shibboleth consortium | Supported by NIKHEF | Supported by Linux distributions | Supported by Jsic | Collaborative support, large user communities | Supported by ICM, JSC, funded by PLGrid |
Attribute management tools
...