OpenAM

OpenAM delivers the authentication infrastructure that enterprises demand—single sign-on across thousands of applications, adaptive risk-based security, and federated identity—without surrendering control to commercial vendors.

Originally forked from Sun's OpenSSO after Oracle's acquisition, OpenAM has been revived and actively maintained by the Open Identity Platform Community under the CDDL license, ensuring this critical infrastructure remains available to organizations worldwide.

The platform ships with over 20 authentication modules out-of-the-box including LDAP, Active Directory, RADIUS, certificate-based, HOTP/TOTP (time-based one-time passwords), Windows Desktop SSO, and OAuth 2.0. Chain these modules together to create sophisticated multi-factor or adaptive authentication flows that adjust security requirements based on risk scoring from IP addresses, device fingerprints, time-of-day, or account idle time.

OpenAM functions as both an Identity Provider and Service Provider, supporting SAML 2.0, OAuth 2.0, and OpenID Connect 1.0 federation protocols. This enables cross-domain single sign-on scenarios where users authenticate once and access resources across multiple organizations—think partnerships between healthcare providers, supply chain collaborations, or academic consortiums.

Authorization capabilities range from basic access rules to highly sophisticated XACML-based entitlements, all abstracted from applications so developers can modify policies without touching code. The session management system supports both stateful (server-stored) and stateless (JWT-based) sessions with configurable timeouts and automatic failover.

Deploy OpenAM in high-availability clusters with system failover and session failover ensuring zero downtime for mission-critical authentication services. The pluggable architecture allows custom authentication modules, user data sources (LDAP, SQL databases, Cassandra), session stores, and post-authentication logic.

For organizations requiring ironclad security compliance, regulatory adherence, or simply refusing to trust authentication to cloud providers, OpenAM provides the production-ready foundation for securing access to every application in your ecosystem.