Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements, and Web Services Security.
Cross Domain Single Sign On (CDSSO), SAML 2.0, OAuth 2.0 & OpenID Connect ensure that OpenAM integrates easily with legacy, custom, and cloud applications without requiring any modifications. It's a developer-friendly, open-source control solution that allows you to own and protect your user's digital identities.
With OpenAM you can set up complex authentication processes using various authentication methods, such as login and password, OTP, saved cookie, QR authentication, and more... OpenAM also supports third-party identity providers using SAML, OAuth2, NTLM, and Kerberos protocols.
Integrations with OpenIG or OpenAM Policy Agent allow you to set up flexible access policies to your resources. There could be role-based, authentication level-based, or attribute-based and, if you need flexible logic, you can script access policy.
After a single authentication, a user gets access to all resources protected by OpenAM. So, there is no need to authenticate at other services.
OpenAM supports OAuth2/OIDC and SAMLv2 Federation protocols, so OpenAM can act as both Identity and Service Provider.
If you have to extend OpenAM functionality, it is relatively easy to do. OpenAM pluggable architecture allows modification relatively easy. You can implement your custom authentication module, user data source, session data source, post-authentication process logic, and more...
This project is licensed under the Common Development and Distribution License (CDDL).
- OpenAM Distribution Packages (All OS)
- OpenAM Docker Image (All OS)
- OpenAM Java Policy Agent (All OS)
- OpenAM .Net/Mono Policy Agents (Windows/Linux)
- OpenAM Web Policy Agent Apache 2.2 (Linux x64)
- OpenAM Web Policy Agent Apache 2.4 (Linux x64)
- OpenAM Web Policy Agent (IIS Windows x32/x64 ZIP)
To build OpenAM from source you should use JDK 8 or higher
For Windows users before clone and build run the following command:
git config --system core.longpaths truegit clone https://github.com/OpenIdentityPlatform/OpenAM.git
mvn install -f OpenAMAdd FQDN host name in /etc/hosts (Windows c:\windows\systems32\drivers\etc\hosts) file:
127.0.0.1 login.domain.comRun OpenAM from source:
mvn cargo:run -f OpenAM/openam-serverThe next step is then to go to http://login.domain.com:8080/openam where you'll see the OpenAM welcome page
Important Note
You must allocate at least 1024m (2048m with embedded OpenDJ) heap memory for OpenAM JVM using -Xmx option.
For example, -Xmx2048m
- Config OpenAM as OAuth2 Service Provider
- How to Add Authorization and Protect Your Application With OpenAM and OpenIG Stack
- How to Customise OpenAM
- How to disable XUI by default
- How to make OpenAM log more verbose
- How To Run OpenAM in Kubernetes
- How to Setup 2FA with Google Authenticator in OpenAM
- How To Setup Active Directory Authentication In OpenAM
- How to setup Kerberos Authentication with OpenAM
- How to Setup WebAuthn Authentication in OpenAM
- How to Start OpenAM and OpenDJ in Separate Docker Contaners
- How to Use Apache Cassandra as User DataStore in OpenAM
- Migrate OpenAM to Apache Cassandra without Single Point of Failure
- OpenAM Monitoring Using Prometheus
- Creating a Custom Authentication Module
- OpenAM Community Wiki: https://github.com/OpenIdentityPlatform/OpenAM/wiki
- OpenAM Community Discussions: https://github.com/OpenIdentityPlatform/OpenIG/discussions
- OpenAM Community Archive: https://groups.google.com/d/forum/open-identity-platform-openam
- OpenAM Community on Gitter: https://gitter.im/OpenIdentityPlatform/OpenAM
- OpenAM Community Mailing List: [email protected]
- OpenAM Commercial support RFP: [email protected] (English, Russian)
Please, make Pull request
- Sun Access Manager
- Sun OpenSSO
- Oracle OpenSSO
- Forgerock OpenAM