R-Auth - Overview

R-Auth is a comprehensive, open-source identity and access management (IAM) platform designed to address the complex security needs of modern multi entity organizations. As a robust solution for managing user identities and controlling access to applications and services, R-Auth offers a wide range of features to ensure secure, seamless, and efficient identity management across your organization.

Key Features

R-Auth offers the following core features:

• Single-Sign On/Out (SSO): Seamless authentication across multiple applications.

• OpenID Connect Support: Implementation of the OpenID Connect protocol.

• OAuth 2.0 Support: Full support for the OAuth 2.0 authorization framework.

• PKCE Support: Authorization Code Flow with Proof Key for Code Exchange.

• SAML Support: Compatibility with SAML-based identity federation. Single Sign On/Out with R-Auth as IDP. SP initiated flow.

• Identity Brokering: Authenticate users through external OpenID Connect or Active Directory as Identity Providers.

• Social Login: Enable authentication via popular social networks.

• User Federation: Synchronize users from LDAP, Kerberos and Active Directory servers.

• Admin Console: Centralized management interface for users, roles, clients, and configurations.

• User Account Console: Self-service portal for users to manage their accounts.

• Customizable Login Page: Ability to tailor all user-facing pages to match your branding.

• Multi-factor Authentication: Support for various second-factor authentication methods.

• Flexible Flows: Customizable processes for user registration, password recovery, email verification, and more.

• Session Management: Tools for admins and users to view and control active sessions.

• Custom User Claims: Map user attributes and roles into tokens and statements as needed.

• Fine-grained Access Policies: Set access rules at the global, application, and user levels.

• Domain or realm setup: Can be setup as base url (acme.example.com, blue.example.com) or as a sub route for realms (auth.example.com/acme, auth.example.com/blue)

• Cross-Origin Resource Sharing (CORS) Support: Built-in CORS support in client adapters.

• Event Driven: Emits various events on TCP or MQTT for other services to subscribe.

• Wide Platform Support: Compatible with any platform or language that supports OpenID Connect or SAML 2.0.

Core Concepts and Terms

Understanding the following concepts is crucial for effectively using R-Auth:

Users

Entities capable or logging into your system, with associated attributes such as email, phone, name, uuid and other profile data.

Authentication

The process of verifying a user's identity.

Authorization

The process of granting or restricting access based on a user's identity and permissions.

Credentials

Data used to verify a user's identity, such as passwords, one-time-passwords, or biometric data.

Roles

Categories or types of users, often used to assign access permissions and simplify user management.

User Role Mapping

The association between users and roles, defining what roles a user holds.

Realms

Completely isolated user management domains, each controlling its own set of users, credentials, roles and applications. Allow one R-Auth installation per realm and have multiple realms. Realms can be domain name or URL route.

Clients

Applications or services that use R-Auth for authentication and authorization.

Consent

The process of users granting permission to clients to access their information.

Client Scopes

Reusable configuration elements for clients, simplifying the setup of new clients and enabling conditional claim or role requests.

Identity and Access Tokens

Secure tokens containing user information and access permissions, used in the OpenID Connect protocol.

Service Accounts

Built-in accounts for clients to obtain access tokens programmatically.

Sessions

Records of user logins and application interactions within the SSO environment.

User Federation

Integration with external user stores like LDAP or Active Directory.

Identity Provider Federation

The ability to delegate authentication to external identity providers, including social login services.

Required Login Factors

Mandatory steps users must complete during the authentication process.

Authentication Flows

Customizable workflows for various authentication scenarios, such as login, registration, or credential reset.

Events

Audit logs of system activities for monitoring and compliance purposes.

R-Auth leverages these concepts to provide a flexible, secure, and user-friendly identity and access management solution for your applications and services.