R-Auth - Overview
R-Auth is a comprehensive, open-source identity and access management (IAM) platform designed to address the complex security needs of modern multi entity organizations. As a robust solution for managing user identities and controlling access to applications and services, R-Auth offers a wide range of features to ensure secure, seamless, and efficient identity management across your organization.
Key Features
R-Auth offers the following core features:
Single-Sign On/Out (SSO): Seamless authentication across multiple applications.
OpenID Connect Support: Implementation of the OpenID Connect protocol.
OAuth 2.0 Support: Full support for the OAuth 2.0 authorization framework.
PKCE Support: Authorization Code Flow with Proof Key for Code Exchange.
SAML Support: Compatibility with SAML-based identity federation. Single Sign On/Out with R-Auth as IDP. SP initiated flow.
Identity Brokering: Authenticate users through external OpenID Connect or Active Directory as Identity Providers.
Social Login: Enable authentication via popular social networks.
User Federation: Synchronize users from LDAP, Kerberos and Active Directory servers.
Admin Console: Centralized management interface for users, roles, clients, and configurations.
User Account Console: Self-service portal for users to manage their accounts.
Customizable Login Page: Ability to tailor all user-facing pages to match your branding.
Multi-factor Authentication: Support for various second-factor authentication methods.
Flexible Flows: Customizable processes for user registration, password recovery, email verification, and more.
Session Management: Tools for admins and users to view and control active sessions.
Custom User Claims: Map user attributes and roles into tokens and statements as needed.
Fine-grained Access Policies: Set access rules at the global, application, and user levels.
Domain or realm setup: Can be setup as base url (acme.example.com, blue.example.com) or as a sub route for realms (auth.example.com/acme, auth.example.com/blue)
Cross-Origin Resource Sharing (CORS) Support: Built-in CORS support in client adapters.
Event Driven: Emits various events on TCP or MQTT for other services to subscribe.
Wide Platform Support: Compatible with any platform or language that supports OpenID Connect or SAML 2.0.
Core Concepts and Terms
Understanding the following concepts is crucial for effectively using R-Auth:
Users
Entities capable or logging into your system, with associated attributes such as email, phone, name, uuid and other profile data.
Authentication
The process of verifying a user's identity.
Authorization
The process of granting or restricting access based on a user's identity and permissions.
Credentials
Data used to verify a user's identity, such as passwords, one-time-passwords, or biometric data.
Roles
Categories or types of users, often used to assign access permissions and simplify user management.
User Role Mapping
The association between users and roles, defining what roles a user holds.
Realms
Completely isolated user management domains, each controlling its own set of users, credentials, roles and applications. Allow one R-Auth installation per realm and have multiple realms. Realms can be domain name or URL route.
Clients
Applications or services that use R-Auth for authentication and authorization.
Consent
The process of users granting permission to clients to access their information.
Client Scopes
Reusable configuration elements for clients, simplifying the setup of new clients and enabling conditional claim or role requests.
Identity and Access Tokens
Secure tokens containing user information and access permissions, used in the OpenID Connect protocol.
Service Accounts
Built-in accounts for clients to obtain access tokens programmatically.
Sessions
Records of user logins and application interactions within the SSO environment.
User Federation
Integration with external user stores like LDAP or Active Directory.
Identity Provider Federation
The ability to delegate authentication to external identity providers, including social login services.
Required Login Factors
Mandatory steps users must complete during the authentication process.
Authentication Flows
Customizable workflows for various authentication scenarios, such as login, registration, or credential reset.
Events
Audit logs of system activities for monitoring and compliance purposes.
R-Auth leverages these concepts to provide a flexible, secure, and user-friendly identity and access management solution for your applications and services.