Welcome to the Janssen Project
Janssen enables organizations to build a scalable centralized authentication and authorization service using free open source software. The components of the project include client and server implementations of the OAuth, OpenID Connect, SCIM and FIDO standards.
Table of Contents
- Janssen Modules
- Getting Started
- Users and Community
- More about Janssen Project
Janssen is not a big monolith--it's a lot of services working together. Whether you deploy Janssen to a Kubernetes cluster, or you are a developer running everything on one server, it's important to understand the different parts.
jans-auth-server: This component is the OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.
jans-fido2: This component provides the server side endpoints to enroll and validate devices that use FIDO. It provides both FIDO U2F (register, authenticate) and FIDO 2 (attestation, assertion) endpoints. This service must be internet facing.
jans-config-api: The API to configure the auth-server and other components is consolidated in this component. This service should not be Internet-facing.
jans-cli: This module is a command line interface for configuring the Janssen software, providing both interactive and simple single line options for configuration.
jans-client-api: Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting.
jans-core: This library has code that is shared across several janssen projects. You will most likely need this project when you build other Janssen components.
jans-orm: This is the library for persistence and caching implemenations in Janssen. Currently LDAP and Couchbase are supported. RDBMS is coming soon.
Agama: Agama module offers an alternative way to build authentication flows in Janssen Server. With Agama, flows are coded in a DSL (domain specific language) designed for the sole purpose of writing web flows.
Janssen can be installed as cloud-native in a Kubernetes cluster or as a server on a single VM. Go to the Janssen Project Wiki to know all the installation options
Users and Community
A BIG thanks to all amazing contributors!!
There are many ways you can contribute. Of course you can contribute code. But we also need people to write documentation and guides, to help us with testing, to answer questions on the forums and chat, to review PR's, to help us with devops and CI/CD, to provide feedback on usability, and to promote the project through outreach. Also, by sharing metrics with us, we can gain valuable insights into how the software performs in the wild.
Building a large community is our number one goal. Please let us know what we can do to make you feel more welcome, no matter what you want to contribute.
Code of Conduct
Janssen code of conduct ensures that Janssen community is a welcoming place for everyone.
Contribution guide will give you all necessary information and
howto to get started. Janssen community welcomes all types of contributions. Be it an interesting comment on an open issue or implementing a feature. Welcome aboard!
If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub. Instead, send us an email on firstname.lastname@example.org.
Refer to Janssen Security Policy
Refer to Janssen Wiki for documentation.
The Janssen Project is aligned with the goals of cloud native infrastructure to enable:
High Concurrency: For digital identity infrastructure, the number of users is not necessarily related to performance. If you have a billion users who never login, you can do this with a monolithic platform. Concurrency is hard. Janssen is designed to scale horizontally--enabling hypothetically any concurrency by adding more compute and memory.
Highly Available: Digital identity infrastructure is mission critical. For many applications, if you can't login, you're dead in the water. Robustness is a fundamental consideration.
Flexible while Upgradable: Open source gives you the freedom to modify the code. But having your own fork of the code might make it hard to upgrade--you'll have to merge changes. Janssen provides standard interfaces that make it possible to implement custom business logic in an upgrade-friendly manner.
Janssen is a Linux Foundation project, governed according to the charter. Technical oversight of the project is the responsibility of the Technical Steering Committee ("TSC"). Day to day decision making is in the hands of the Contributors. The TSC helps to guide the direction of the project and to improve the quality and security of the development process.
We prefer to have all our discussions through GitHub Discussions to better facilitate faster responses. However, other means are available such as the community chat on Gitter. You can register for free there with your Github identity.
Below are the list of current mega releases that hold information about each single release of our servies and modules:
More about Janssen Project
The initial code was ported by Gluu, based on version 4.2 of it's identity and access management (IAM) platform. Gluu launched in 2009 with the goal of creating an enterprise-grade open source distribution of IAM components. In 2012, Gluu started work on an OAuth Authorization Server to implement OpenID Connect, which they saw as a promising next-generation replacement for SAML. This project was called oxAuth, and over time, became the core component of the Gluu Server. Gluu has submitted many self-certifications at the OpenID Foundation. Today, it is one of the most comprehensive OpenID Connect Providers.
In 2020, Gluu decided to democratize the governance of the oxAuth project by moving it to the Linux Foundation. The name of the project was changed from oxAuth to Janssen, to avoid any potential trademark issues. Gluu felt that a collaboration with the Linux Foundation would help to build a larger ecosystem.
Why the name Janssen?
Pigeons (or doves if you like...) are universally regarded as a symbol of peace. But they are also fast. Powered by a handful of seeds, a well trained racing pigeon can fly 1000 kilometers in a day. The Janssen brothers of Arendonk in Belgium bred the world's fastest family of racing pigeons. Complex open source infrastructure, like competitive animal husbandry, requires incremental improvement. Janssen racing pigeons revolutionized the sport. The Janssen Project seeks to revolutionize identity and access management.