Tornjak Integration with IAM - User Management and Authorization

[mamy-CS]

We would like to collect suggestions and feedback on integrating User management tools/ hooks with Tornjak. Below are some of the tools that we researched. If there are other or better options, we would like to hear from you. If possible with the pros and cons.

Here is what we would like to accomplish.

We would like for Tornjak to have a Role authentication pipeline that ensures:

• Viewer - Not to make changes or access exclusive information
• Admins - Be granted administrative privileges and access information accordingly

Break Down for Tornjak

A viewer/ Non-Admin Users - Cannot make changes or access exclusive information
ALLOWED:

• View Clusters page
• View the Agents tab
• View the Entries tab
• View Tornjak ServerInfo tab
• View the Tornjak Dashboard tab
• Download entries to YAML

NOT ALLOWED

• No Cluster Management page
  • No cluster creation
  • No cluster editing
• No Create Token Page
• No Create Entries Page
• No banning
• No deleting

An Admin - Full Access with administrative privileges

• Create and manage Clusters
• Create and manage Entries
• Manage Agents

Some User Management Tools

1. LoginRadius (loginradius.com/open-source)- Customer Identity and Access Management (CIAM) Platform

• React SDK for implemented LoginRadius for react applications
• 5000 users on free version
• 1 web app integration on free version

2. Auth0 (auth0.com/opensource)- application redirects users to an Auth0 customizable login page when they need to log in. Once your users log in successfully, Auth0 redirects them back to the app, returning JSON Web Tokens (JWTs) with their authentication and user information.

• 7,000 free active users and unlimited logins.
• Auth0 universal login for web, ios, and android
• unlimited serverless rules to customize and extend Auth0's capabilities

3. FusionAuth (fusionauth.io) - Fast, secure authentication and identity management that is flexible, easy to deploy, and ready to scale from 1 to 100 million users.

• Free version has full API access, custom user data, JWTs, refresh Tokens, configurable CORS, login, registration, email verification, forgot password, account locking, long-lived sessions, 3rd party login, password hashing, webhooks, user management UI, unlimited users
  Others: OKTA, REACHFIV, SENTRY LOGIN, SPHERE IDENTITY,
  Open Identity, Keycloak, OpenIAM, FusionIAM...

Fully Open Source Single Sign On Identity Management Tools

1. KeyCloak
   • Based on OpenID Connect, OAuth2.0, and SAML2.0.
   • provides SSO capabilities across web applications
   • Provides integration with LDAP and Active Directory
   • can manage roles, permissions, and sessions
   • Provides client libraries for many languages such as Java, JavaScript, and C#
   • Written in java
   • Provides Client Adapters
   • User-Friendly UI
   • Authentication as Service
2. IdentityServer
   • open source free single sign-on software. It is a cross-platform framework based on OpenID Connect and OAuth 2. 
   • central authentication and authorization capabilities
   • It supports federated identities, multiple flows, and API authorization
   • Self hosting
   • Written in c#
   • Claim-based Provider
   • Cross-Platform
   • UI Customization
   • Access Control for API
   • Single Sign-on /Sign-out
3. CAS (Central Authentication Service)
   • built on client-server architecture
   • Supports many protocols such as OpenID, OAuth, OpenID Connect, REST, WsFederation, and SAML
   • comprehensive system for integration with third-party apps
   • Written in java
   • UI To Manage Monitoring And Stats
   • Password Management
   • Multilingual
   • Multi-factor authentication
4. Authelia
   • support for LDAP and Active Directory
   • intuitive user interface that lets users navigate easily
   • two-factor authentication based on Google Authenticator OTP with Yubikey
   • works with a reverse proxy such as Nginx
5. WSO2
   • supports almost all popular identity standards to provide authentication
   • has exposed API end pints for the integration with other applications
   • user-friendly interface that is highly customizable.
   • offers two-factor authentication
   • mainly written in Java
   • Cloud integration
   • Flexible
   • Identity provider