View Source

{tip}Whydah is a light-weight, modular, open source Single Sign-on and Identity and Access Management (IdM, IAM){tip}

h3. Key Unique Selling Points

* *Agile, flexible and extendible.* aka. _Developer friendly_
* *Modern micro-service design* (Since Whydah 1.0)*
* *Support web, apps and desktop applications*, including session handover(s) (Since Whydah 1.3)
* *Easily integrated to project development and CI processes* - IAM/SSO from _day one_ (simpler than bake your own)... (Since Whydah 1.0)
* *High scalability and High Availability built-in (Since Whydah 2.0)*
* *Application security model* (Since Whydah 1.0)
* *User-session security elevation* (Will be rewritten and completed in Whydah 2.2)
* *ApplicationManagement* including security _contraints_, routing, (Since Whydah 2.1)
* *Configurable high-security levels on authentication and tokens (Will be completed in Whydah 2.2)*
* *Real-time threat level coordination and responses (Will be completed in Whydah 2.3)*

See [Why choose Whydah?] for more about what differentiates Whydah from other alternatives.

-----

h4. System features

||Feature ||Details || Ready for production||
|[High Availability|High Availability and Scalability] | Designed to support a variety of HA configurations out of the box for free |(/) |
|[High Scalability|High Availability and Scalability] | Designed with modern micro-services architecture, Whydah will support successful businesses with million of users actively using their services |(/) |
|[Fallback to secondary identity provider|Integration with LDAP and Active Directory]|Use cases vary, so expect to spend some time verifying the concrete setup required. |(/) |
|Threat level coordination | The registered system threat level is distributed to all Whydah applications so they can take action accordingly | (/) |
|[System threat mechanisms|https://wiki.cantara.no/display/whydah/DEFCON+-+System+threat+mechanisms] | Under construction - planned for Whydah 2.3| (x) |

-----

h4. User-level features

||Feature ||Details || Ready for production||
|[User Single Sign-On] | |(/) |
|[User authorization] |* (/) Role-based access control
* (/) [On-behalf-of relations] |(/) |
|[User Authentication] |Supported: \\
* (/) Whydah username and password
* (/) LDAP
* (/) AD
* (/) Facebook
* (/) NetIQ
* (x) ADFS (SSOLogin 2.1 or 2.2)
* (x) [OAuth 2.0 Google/OpenID |https://developers.google.com/accounts/docs/OAuth2Login] (SSOLogin 2.1)
* (/) MFA/2-factor auth (customer extensions, SSO 2.1) |(/)
|[User administration web application|UserAdminWebApp - UAWA] | Whydah ship with it's own Admiistration client for ease of use |(/) |
|[User self-service] | * (/) User registration
* (/) Reset password |(/) |
|[UserAdministration API| UIB services (API)] | |(/) Enhanced ApplicationModel in Whydah 2.1 |
|Session (user and application) configurable timeout and renew support | |(/) Renew in Whydah 2.1 |
|Security levels in application sessions and user sessions | | (/) Whydah 3.0 add _super-secure_ levels |

-----

h4. APPLICATION features

||Feature ||Details || Ready for production||
|Application Authentication |[UIB Data storage - persistence] | (/) |
|Application Sessions | To participate in Whydah, the application must use the authenticated session | (/) |
|Application Authorization | Whydah have AccessControlList (ACL) on all invocations controlling which applications who can perform privileged operations| (/) ApplicationModel is extended in Whydah 2.1 |
|Application Administration API |[UIB services (API)] -> [UAS services API] | (/) Whydah 2.1 |
|Application Administration WebApplication |[UAS services API] [UserAdminWebApp - UAWA] will include extensive administrative operations on Application Management in 2.1 | (/) Extended in Whydah 2.1 |
|Configurable Application session timeout(s) | |(/) |
|Configurable Application session security algorithms | |(x) Planned for Whydah 3,0 |