![]() | Whydah is a light-weight, modular, open source Single Sign-on and Identity and Access Management (IdM, IAM) |
Key Unique Selling Points
- Agile, flexible and extendible. aka. Developer friendly
- Modern micro-service design (Since Whydah 1.0)*
- Support web, apps and desktop applications, including session handover(s) (Since Whydah 1.3)
- Easily integrated to project development and CI processes - IAM/SSO from day one (simpler than bake your own)... (Since Whydah 1.0)
- High scalability and High Availability built-in (Since Whydah 2.0)
- Application security model (Since Whydah 1.0)
- User-session security elevation (Will be rewritten and completed in Whydah 2.2)
- ApplicationManagement including security contraints, routing, (Since Whydah 2.1)
- Configurable high-security levels on authentication and tokens (Will be completed in Whydah 2.2)
- Real-time threat level coordination and responses (Will be completed in Whydah 2.3)
See Why choose Whydah? for more about what differentiates Whydah from other alternatives.
System features
Feature | Details | Ready for production |
---|---|---|
High Availability | Designed to support a variety of HA configurations out of the box for free | ![]() |
High Scalability | Designed with modern micro-services architecture, Whydah will support successful businesses with million of users actively using their services | ![]() |
Fallback to secondary identity provider | Use cases vary, so expect to spend some time verifying the concrete setup required. | ![]() |
Threat level coordination | The registered system threat level is distributed to all Whydah applications so they can take action accordingly | ![]() |
System threat mechanisms![]() |
Under construction - planned for Whydah 2.3 | ![]() |
User-level features
Feature | Details | Ready for production |
---|---|---|
User Single Sign-On | ![]() |
|
User authorization |
|
![]() |
User Authentication | Supported:
|
![]() |
User administration web application | Whydah ship with it's own Admiistration client for ease of use | ![]() |
User self-service |
|
![]() |
UserAdministration API | ![]() |
|
Session (user and application) configurable timeout and renew support | ![]() |
|
Security levels in application sessions and user sessions | ![]() |
APPLICATION features
Feature | Details | Ready for production |
---|---|---|
Application Authentication | UIB Data storage - persistence | ![]() |
Application Sessions | To participate in Whydah, the application must use the authenticated session | ![]() |
Application Authorization | Whydah have AccessControlList (ACL) on all invocations controlling which applications who can perform privileged operations | ![]() |
Application Administration API | UIB services (API) -> [UAS services API] | ![]() |
Application Administration WebApplication | [UAS services API] UserAdminWebApp - UAWA will include extensive administrative operations on Application Management in 2.1 | ![]() |
Configurable Application session timeout(s) | ![]() |
|
Configurable Application session security algorithms | ![]() |
Labels:
None
Page:
Security
Page:
Core design requirements and Whydah support
Page:
User Authentication
Page:
User Single Sign-On
Page:
Integration with LDAP and Active Directory
Page:
High Availability and Scalability
Page:
DEFCON - System threat mechanisms
Page:
User Administration
Page:
Application Authentication
Page:
User groups