A versatile identity management server.


Authentic 2 main features are:
  • SAML 2.0 Identity and service provider
  • OpenID 1.0 and 2.0 identity provider
  • Server CAS 1.0 and 2.0 using a plugin
  • Standards authentication mechanisms:
    • Login/password through internal directory or LDAP
    • X509 certificate over SSL/TLS
  • Protocol proxying, for instance between OpenID and SAML
  • Support of LDAP v2 and v3 directories
  • Support of the PAM backend
  • One-time password (OATH and Google-Authenticator) using a plugin
  • Identity attribute management
  • Plugin system


Originally focused on the SAML protocols, Authentic has evolved to become a trully multiprocol Identity provider : LDAP, SAML 2.0, OpenID, CAS, SSL... are all supported (to different extends). And it keeps evolving to integrate the most used standards.

Additionally it has several extra features; for example it can act as a proxy identity provider, redirecting requests from service providers to other identity providers; or help in forwardig identity attributes to service providers managing attribute namespaces.


The underlying components are quite fast and Authentic doesn't slow things down. There are no hard measure yet but a quick benchmark using autobench yielded more than 300 requests per second on a simple laptop.


  • multiple user referentials: you can plug authentic to many LDAP, RADIUS, SQL servers without fear of collisions; user can federate their accounts;
  • management of all kind of relying parties (CAS, SAML 2.0, WS-Federation, OpenID, etc..) using an unique interface; administrators will not be exposed to peculiarities of the protocols;
  • addition of an authorization policy management tool based on RBAC and ABAC, supporting the SAML 2.0 and XACML Authorization requests;
  • addition of an authenticating reverse proxy to integrate legacy application and simplify integration, with session management at the reverse proxy level;

SAML 2.0 conformance

Authentic implements SAML 2.0 through the use of Lasso, which has been certified as conformant to SAML 2.0 in december 2006.


from source
from debian packages
from git repository (Browse)


Administration guide (PDF version)


Authentic's developpers and users hangs on the mailing list


You want to use but it does not work as you would like; you found a bug; you have a remark submit your remark or your bug ! Developers will work on it !

Also available in: PDF HTML TXT