14 repositorios
Security layers that enforce access policies and integrate with external directories to protect services.
Distinguishing note: Focuses on the gateway-level enforcement of access policies rather than the underlying authentication service logic.
Explore 14 awesome GitHub repositories matching security & cryptography · Authentication Gateways. Refine with filters or upvote what's useful.
Developer Roadmap es una plataforma impulsada por la comunidad que proporciona rutas de aprendizaje estructuradas basadas en grafos para la ingeniería de software. Sirve como un repositorio de conocimiento integral donde los dominios técnicos se organizan en secuencias visuales para guiar la adquisición de habilidades profesionales y el crecimiento profesional. El proyecto se distingue por un ecosistema colaborativo que permite a los usuarios contribuir con roadmaps, curar las mejores prácticas de la industria y mantener perfiles profesionales. Integra marcos de evaluación de diagnóstico para evaluar la competencia técnica, ayudando a los desarrolladores a identificar brechas de conocimiento y prepararse para entrevistas profesionales a través de secuencias de aprendizaje específicas. Más allá de sus capacidades principales de mapeo, la plataforma ofrece ideas de proyectos prácticos y tutoría interactiva para reforzar los conceptos de ingeniería. Proporciona un espacio centralizado para que la comunidad comparta recursos, rastree el desarrollo progresivo de habilidades y navegue por paisajes técnicos complejos.
Enforces credential validation for incoming gateway connections to prevent unauthorized access to the interface.
Keycloak is an open-source identity and access management server that provides a centralized platform for user authentication, authorization, and identity federation. It functions as a standards-compliant identity provider, utilizing a centralized engine to validate credentials and issue cryptographically signed tokens based on industry-standard protocols like OpenID Connect and SAML. This enables organizations to secure diverse applications and services through a unified authentication layer. The platform distinguishes itself through its cloud-native orchestration and high-availability capab
Enforces access policies and integrates with external directories to protect digital resources.
Go-micro is a distributed systems development toolkit designed for building, connecting, and managing modular microservices. It provides a comprehensive framework for service discovery, remote procedure call abstraction, and event-driven messaging, allowing developers to create decoupled architectures that communicate asynchronously through shared message brokers. The project distinguishes itself by integrating autonomous agent orchestration and language model tool binding directly into the service lifecycle. By exposing internal service endpoints as standardized tools, it enables AI agents t
Maps incoming HTTP requests to internal services while enforcing authentication and access control.
SafeLine is a containerized web application firewall and reverse proxy designed to secure web services by inspecting incoming HTTP traffic. It acts as a security gateway that sits in front of backend infrastructure to filter malicious requests and enforce access policies before they reach the application server. The platform distinguishes itself through advanced bot mitigation and content protection capabilities. It employs challenge-response mechanisms to verify human users and dynamically obfuscates HTML and JavaScript content to prevent unauthorized scraping and code tampering. These featu
Enforce password-based access gates for incoming traffic to ensure that only authorized visitors can reach the protected web application and view its content.
OpenList is a cloud storage indexing platform that transforms remote file collections into searchable lists and standardized streaming media endpoints. It functions as a centralized gateway, allowing users to connect external storage providers and manage their data through a unified interface. The platform distinguishes itself by providing a dedicated security layer for API authentication and traffic proxying, which protects user credentials while managing connectivity for distributed components. It also features automated service lifecycle management, enabling the deployment and maintenance
Implements a security gateway that enforces access policies and protects credentials for cloud storage APIs.
Teleport is a zero-trust access platform designed to provide secure, identity-based connectivity to servers, databases, and Kubernetes clusters. It functions as a centralized gateway that replaces static credentials with short-lived, identity-bound cryptographic certificates, effectively eliminating the need for traditional VPNs and long-term secret exposure. The platform distinguishes itself by orchestrating access through a unified control plane that maps external identity provider claims to granular, role-based infrastructure permissions. It enforces security through mutual TLS gateways an
A centralized control plane that consolidates authentication and authorization workflows across distributed, multi-cloud, and on-premises environments.
FreeRDP is a full software implementation of the Remote Desktop Protocol, providing both client and server capabilities for remote session management. It functions as an RDP client library and a standalone remote desktop client, enabling remote connectivity and interoperability across different operating systems. The project includes a dedicated network device redirector and an RDP gateway client to handle authentication and proxy routing. It allows developers to integrate remote desktop functionality into third-party software applications via its client library. The software covers a wide r
Displays authentication dialogs to users when establishing connections through a network gateway.
This project is an open-source identity provider and single sign-on platform that centralizes user authentication for multiple web applications and services. It functions as a multi-protocol authentication gateway, verifying user identities and issuing tokens through the CAS protocol as well as industry standards including SAML, OAuth2, and OpenID Connect. The system acts as a federated identity server, allowing authentication to be delegated to external third-party or corporate identity providers. It distinguishes itself through identity attribute governance, which manages which specific use
Acts as a security layer that supports diverse verification methods and enforces access policies.
deepstream.io is an open-source realtime server that synchronizes JSON records, events, and remote procedure calls across clients and backend services. It functions as a realtime data sync server, event pub/sub server, record database server, and RPC server, all within a single platform. The server authenticates and authorizes every message using multiple strategies including JWT, HTTP, and file-based credentials, with a declarative permission language controlling access to records, events, and RPCs at a granular level. The platform distinguishes itself through its combination of realtime dat
Authenticates and authorizes every message using multiple strategies including JWT, HTTP, and file-based credentials.
Geyser is a cross-platform bridge that translates network packets between Minecraft Bedrock Edition and Java Edition, enabling Bedrock clients to join Java Edition servers. It operates as either a server plugin or a standalone proxy, handling real-time protocol translation, authentication, and resource pack conversion to make Bedrock players appear as standard Java clients to the server. The project distinguishes itself through its comprehensive authentication system, which allows Xbox Live-authenticated Bedrock players to join Java servers without requiring a paid Java Edition account, inclu
Authenticates Xbox Live-authenticated Bedrock players on Java Edition servers without requiring a Java Edition account.
Organizr is a self-hosted service dashboard that aggregates links to all of your self-hosted applications into a single landing page for quick access. It functions as a unified tab manager, loading multiple services as individual tabs within one webpage to consolidate browser tabs and reduce clutter. The project provides role-based access control, restricting dashboard visibility and service links based on user authentication and permissions. It includes an external authentication gateway that validates credentials through Plex, Emby, LDAP, or sFTP, and a user management backend for creating,
Authenticates users through external identity providers like Plex, Emby, LDAP, or sFTP.
oauth2_proxy es un proxy inverso OAuth2 y puerta de enlace de autenticación que protege los servicios upstream requiriendo que los usuarios se autentiquen a través de proveedores de identidad externos. Actúa como una capa de inicio de sesión segura para aplicaciones backend que carecen de autenticación de usuario integrada. El proyecto proporciona control de acceso centralizado restringiendo la entrada basada en dominios de correo electrónico, membresía de organización o listas de usuarios aprobados. Se integra con proveedores de identidad a través de URLs de emisor y secretos de cliente, y admite métodos de autenticación adicionales como archivos htpasswd. La puerta de enlace gestiona el reenvío de identidad seguro pasando detalles de usuario autenticados y tokens de acceso a los servicios backend a través de encabezados HTTP personalizados o autenticación básica. Incluye capacidades para la gestión de cookies de sesión, terminación de conexión SSL y la capacidad de eximir rutas de solicitud específicas de la autenticación utilizando expresiones regulares. Se proporciona seguridad adicional mediante la firma de solicitudes HMAC para verificar el origen de las solicitudes proxy. El tráfico y la observabilidad del sistema están respaldados por el registro de solicitudes entrantes y metadatos detallados de solicitudes proxy. El sistema también permite páginas de autenticación personalizadas a través de plantillas HTML y admite la recarga automática de configuración desde archivos.
Provides a security layer that enforces access policies and integrates with external identity providers to protect services.
Remoteapptool is an administrative utility for managing remote application delivery, session behaviors, and the generation of signed connection installers. It serves as a configuration tool for defining and deploying remote applications via RDP and MSI files to provide client-side access to hosted applications. The tool functions as a remote application deployer and administrator, enabling the specification of executable paths and file associations on a host system. It generates signed connection files and installers to distribute hosted applications to end users, ensuring that specific host
Integrates with network gateways to centralize security and user authentication for remote application connections.
Login-with es una puerta de enlace de autenticación centralizada diseñada para desacoplar la verificación de identidad de los servicios de aplicaciones individuales. Funciona como un microservicio sin estado que orquesta los flujos de inicio y cierre de sesión de los usuarios integrándose con proveedores de identidad externos. El proyecto se distingue por su capacidad para gestionar sesiones de usuario a través de múltiples subdominios. Al emitir cookies cifradas en todo el dominio, mantiene un estado de usuario e información de perfil consistentes a medida que los usuarios navegan entre diferentes partes de una arquitectura web distribuida. El servicio maneja todo el ciclo de vida del acceso del usuario, incluida la redirección de clientes a proveedores externos, la validación de reclamos de identidad y la emisión de tokens seguros. Gestiona la persistencia y terminación de la sesión sin requerir almacenamiento local del lado del servidor, confiando en su lugar en la verificación basada en tokens para proteger los recursos del acceso no autorizado.
Acts as a centralized gateway that enforces access policies and integrates with external identity providers to protect downstream services.