ZITADEL - Identity Experience Platform

Overview

Zitadel Logo

semantic-release Release license release Go Report Card codecov

What Is ZITADEL

ZITADEL is a "Cloud Native Identity and Access Management" solution built for the cloud era. ZITADEL uses a modern software stack consisting of Golang, Angular and CockroachDB as sole storage and follows an event sourced pattern.

We built ZITADEL not only with the vision of becoming a great open source project but also as a superb platform to support developers building their applications, without need to handle secure user login and account management themselves.

How Does It Work

We built ZITADEL around the idea that the IAM should be easy to deploy and scale. That's why we tried to reduce external systems as much as possible. For example, ZITADEL is event sourced but it does not rely on a pub/sub system to function. Instead we built all the functionality right into one binary. ZITADEL only needs Kubernetes for orchestration and CockroachDB as storage.

Features of ZITADEL platform

  • Authentication
    • OpenID Connect 1.0 Protocol (OP)
    • Username / Password
    • Machine-to-machine (JWT profile)
    • Passwordless with FIDO2
  • Multifactor authentication with OTP, U2F
  • Federation with OpenID Connect 1.0 Protocol (RP), OAuth 2.0 Protocol (RP)
  • Authorization via Role Based Access Control (RBAC)
  • Identity Brokering
  • Delegation of roles to other organizations for self-management
  • Strong audit trail for all IAM resources
  • User interface for administration
  • APIs for Management, Administration, and Authentication
  • Policy configuration and enforcement
  • Private Labeling

Run ZITADEL anywhere

Self-Managed

You can run an automatically operated ZITADEL instance on a CNCF compliant Kubernetes cluster of your choice:

CAOS-Managed

  • ZITADEL Cloud: ZITADEL.ch is our shared cloud service hosted in Switzerland. Get started and try the free tier, including already unlimited users and all necessary security features.
  • ZITADEL Enterprise: We operate and support a private instance of ZITADEL for you. Get in touch!

Start using ZITADEL

Quickstarts

See our Documentation to get started with ZITADEL quickly. Let us know, if you are missing a language or framework in the Q&A.

Client libraries

  • Go client library
  • .NET client library
  • Dart client library

Help and Documentation

Showcase

Passwordless Login

Use our login widget to allow easy and sucure access to your applications and enjoy all the benefits of passwordless (FIDO 2 / WebAuthN):

  • works on all modern platforms, devices, and browsers
  • phishing resistant alternative
  • requires only one gesture by the user
  • easy enrollment of the device during registration

passwordless-windows-hello passwordless-iphone

Admin Console

Use Console or our APIs to setup organizations, projects and applications.

Register new applications OIDC-Client-Register

Delegate the right to assign roles to another organization projects_create_org_grant

Customize login and console with your design
private_labeling

How To Contribute

Details about how to contribute you can find in the Contribution Guide

Security

See the policy here

Other CAOS Projects

  • ORBOS - GitOps everything
  • OIDC for GO - OpenID Connect SDK (client and server) for Go
  • ZITADEL Tools - Go tool to convert key file to privately signed JWT

Usage Data

ZITADEL components send errors and usage data to CAOS Ltd., so that we are able to identify code improvement potential. If you don't want to send this data or don't have an internet connection, pass the global flag --disable-analytics when using zitadelctl. For disabling ingestion for already-running components, execute the takeoff command again with the --disable-analytics flag.

We try to distinguishing the environments from which events come from. As environment identifier, we enrich the events by the domain you have configured in zitadel.yml, as soon as it's available. When it's not available and you passed the --gitops flag, we defer the environment identifier from your git repository URL.

Besides from errors that don't clearly come from misconfiguration or cli misuage, we send an inital event when any binary is started. This is a " invoked" event along with the flags that are passed to it, except secret values of course.

We only ingest operational data. Your ZITADEL workload data from the IAM application itself is never sent anywhere unless you chose to integrate other systems yourself.

License

See the exact licensing terms here

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Issues
  • Quickstart not working on Linux

    Quickstart not working on Linux

    Describe the bug

    Cannot get started using the quickstart

    To Reproduce

    Steps to reproduce the behavior:

    I am following: https://github.com/caos/zitadel/blob/main/guides/quickstart.md

    My assumption with the quickstart is that, after running the command:

    COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 \
    && docker-compose -f ./build/local/docker-compose-local.yml --profile database -p zitadel up --exit-code-from db-migrations \
    && sleep 5 \
    && docker-compose -f ./build/local/docker-compose-local.yml --profile database --profile init-backend --profile init-frontend --profile backend --profile frontend --profile setup -p zitadel up -d
    

    Expected behavior

    I would see two things:

    1. the following text appears:
    ++=========++
    || ZITADEL ||
    || STARTED ||
    ++=========++
    
    1. At that point, I will be be able to go to http://localhost:4200/

    Is this correct?

    Desktop (please complete the following information):

    • OS: Ubuntu 20.04
    • Browser: Chrome, cURL
    bug 
    opened by gc-ss 48
  • chore(dev): linux dev support workaround

    chore(dev): linux dev support workaround

    As of now we see some minor problems when running ZITADEL with the docker-compose QuickStart.

    • [x] DNS Resolution not working (the setup will not completely finish but it should work anyway)
    • [x] zitadel-started.sh not completing
    • [x] Buildkit needs to be enabled in some cases
    bug enhancement released 
    opened by fforootd 17
  • Refactoring Citadel

    Refactoring Citadel

    @adlerhurst already gathered lots of style guides, so please add missing topics

    • [x] Enums (names and defaults) (Proto: USER_STATE_ACTIVE, Go: UserStateActive)
    • [x] Proto in general (use validator, style guide: https://developers.google.com/protocol-buffers/docs/style)
    • [x] new vs struct (new just for declaration)
    • [ ] linting in general
      • [x] error ids (5Kürzel-5Zeichen 'REPO-Zhe73')
      • [ ] if / else / else if
    • [x] EventTypes: added/changed 'user.added, user.email.changed'
    opened by livio-a 10
  • Initialization mail sent for verified users (console)

    Initialization mail sent for verified users (console)

    Describe the bug Email verified is checked, and email is sent to the user

    To Reproduce

    1. Users > New
    2. Enter Details
    3. Check "Email verified"
    4. Create
    5. Check inbox

    Expected behavior As indicated in the info box: no email

    Screenshots If applicable, add screenshots to help explain your problem.

    image

    image

    bug 
    opened by mffap 9
  • Missing Docs: How to get Invoice for subscription

    Missing Docs: How to get Invoice for subscription

    Customers want to receive an invoice of the subscription for accounting. It is currently not obvious or documented how this works with Stripe. This should be documented under Manuals for Administrators

    bug documentation waiting 
    opened by mffap 9
  • fix: add hint for password-confirmation

    fix: add hint for password-confirmation

    Related issue : #1827

    Suggested changes:

    Before this changes users don't know why the form submit button is disabled even all fields are filled and all password policies are verified, so adding a hint for password confirmation is helpful

    Changes Preview:

    afterchanges2

    afterchanges

    afterchangesDeutch

    bug frontend 
    opened by you1996 9
  • review zitadelctl

    review zitadelctl

    List for findings on documentation/review zitadelctl:

    • [x] this should reference to zitadel, not orbos.
    • [x] Same with the orbctl command. if orbctl is needed, that needs to be stated or deleted. the need for .orbfile is unclear
    • [x] gopass is referenced but not explained, a new installation might need a new/another masterkey and/or explanation for what it is used
    $ ./zitadelctl
    zitadelctl launches zitadel and simplifies common tasks such as updating your kubeconfig.
    Participate in our community on https://github.com/caos/orbos
    and visit our website at https://caos.ch
    
    Usage:
      zitadelctl [command]
    
    Examples:
    $ mkdir -p ~/.orb
    $ cat > ~/.orb/myorb << EOF
    > url: [email protected]:me/my-orb.git
    > masterkey: "$(gopass my-secrets/orbs/myorb/masterkey)"
    > repokey: |
    > $(cat ~/.ssh/myorbrepo | sed s/^/\ \ /g)
    > EOF
    $ orbctl -f ~/.orb/myorb [command]
    
    • [ ] no interactive secret list is provided as stated in help
    $ ./zitadelctl -f ~/.orb/zitadelctl help writesecret
    Encrypt a secret and push it to the repository.
    If no path is provided, a secret can interactively be chosen from a list of all possible secrets
    

    when used:

    $ ./zitadelctl -f ~/.orb/zitadelctl writesecret
    ts="2021-03-11T14:48:34+01:00" err="Key must be provided eighter by value or by file path or by standard input" src="/go/src/github.com/caos/zitadel/cmd/zitadelctl/cmds/writesecret.go:49"
    ts="2021-03-11T14:48:34+01:00" err="Key must be provided eighter by value or by file path or by standard input" src="/go/src/github.com/caos/zitadel/cmd/zitadelctl/cmds/root.go:87"
    

    it seems to work, when a "value" is set. therefore a (write/read)secret list option would be suitable

    ./zitadelctl -f ~/.orb/zitadelctl writesecret --value="value"
    ? Select a secret:  [Use arrows to move, type to filter]
    > zitadel.emailappkey
      zitadel.googlechaturl
      zitadel.keys
      zitadel.tracingserviceaccountjson
      zitadel.twilioauthtoken
      zitadel.twiliosid
    
    • [ ] version is empty
     ./zitadelctl -v
    zitadelctl version
    
    • [ ] connection to gke cluster is not possible:
    $ kubectl create ns caos-system
    namespace/caos-system created
    $ kubectl create ns caos-zitadel
    namespace/caos-zitadel created
    
    ......
    
    $ ./zitadelctl -f ~/.orb/zitadelctl takeoff --kubeconfig  ~/.kube/config
    ts="2021-03-11T16:22:55+01:00" msg="Failed to connect to k8s"
    
    

    it works at @ orbos cluster though

    • [ ] nipointer when not using --gitops flag

    $ ./zitadelctl -f ~/.orb/zitadelctl readsecret
    panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x25d1fd3]
    
    goroutine 1 [running]:
    github.com/caos/zitadel/cmd/zitadelctl/cmds.ReadSecretCommand.func1(0xc000243600, 0xc00000cd40, 0x0, 0x2, 0x0, 0x0)
    	/Users/christianjakob/caos/internal/zitadel/cmd/zitadelctl/cmds/readsecret.go:31 +0xf3
    github.com/spf13/cobra.(*Command).execute(0xc000243600, 0xc00000cd20, 0x2, 0x2, 0xc000243600, 0xc00000cd20)
    	/Users/christianjakob/go/pkg/mod/github.com/spf13/[email protected]/command.go:850 +0x47c
    github.com/spf13/cobra.(*Command).ExecuteC(0xc0002422c0, 0xc0004fff38, 0x8, 0x8)
    	/Users/christianjakob/go/pkg/mod/github.com/spf13/[email protected]/command.go:958 +0x375
    github.com/spf13/cobra.(*Command).Execute(...)
    	/Users/christianjakob/go/pkg/mod/github.com/spf13/[email protected]/command.go:895
    main.main()
    	/Users/christianjakob/caos/internal/zitadel/cmd/zitadelctl/main.go:28 +0x285
    
    • [ ] node labels are fixed to Node-Selectors: orbos.ch/pool=management

    database and zitadel operator rely on the above label, there are not present e.g. in an gke environment

    • [x] namespaces is fixed to caos-system
     ./zitadelctl -f ~/.orb/zitadelctl --gitops takeoff
    ts="2021-03-15T12:09:17+01:00" err="Failed to deploy zitadel-operator into k8s-cluster: applying serviceaccount zitadel-operator failed: namespaces "caos-system" not found" src="/Users/christianjakob/caos/internal/zitadel/operator/zitadel/kinds/orb/reconcile.go:40" version="latest"
    

    If the namespaces is fixed anyway, it should be created. Or set as variable

    • [x] secret orbconfig gets not created and should be named zitadel config. (as this is zitadel operator)
    Volumes:
      orbconfig:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  caos
        Optional:    false
      ...
       MountVolume.SetUp failed for volume "orbconfig" : secret "caos" not found  
        
    
    enhancement 
    opened by thesephirot 9
  • UI/UX Improvements

    UI/UX Improvements

    • [x] Bug: layout managing roles (arrows)
    • [x] Bug: horizontal scroller
    • [x] clock icon weg
    • [x] laufweite access preferences
    • [x] shortcut: delete with ctrl+enter
    • [x] Discussion: layout 'flows'
    • [x] Discussion: org switch button behavior
    • [x] Discussion: keyboard shortcuts
    frontend angular v2 
    opened by juergrinaldi 8
  • Design element consistence for console

    Design element consistence for console

    With the console redesign we should have consistent elements.

    Acceptance criteria

    • [ ] Saving mechanism (e.g auto save, save button, pop up to save)
    • [ ] Table actions (buttons on hover, always icons, how do de icons look like)
    • [ ] Navigation
    • [ ] Documentation links #1677

    Hier sind noch zusätzliche Findings die mir aufgefallen sind und in das Thema Consistency laufen: (siehe Kommentare unten für mehr Details)

    • [ ] table inconcistency
    • [ ] table edit mode
    • [ ] table deselect-button
    • [ ] table buttons activate/deactivate
    • [ ] log panel (right) consistency
    • [ ] Question: separate button modify
    task design 
    opened by fgerschwiler 8
  • [Performance] GetProjectById Slow

    [Performance] GetProjectById Slow

    Describe the bug

    When loading GetProjectById via the console. The request can take up to 10 seconds.

    To Reproduce Steps to reproduce the behavior:

    1. Go to https://console.zitadel.ch/projects/86761430715523969
    2. See how long it takes to load

    Expected behavior

    A faster response.

    Screenshots

    None

    Additional context

    $ curl 'https://api.zitadel.ch/zitadel.management.v1.ManagementService/GetProjectByID' \
      -H 'sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"' \
      -H 'X-User-Agent: grpc-web-javascript/0.1' \
      -H 'Accept-Language: en-US' \
      -H 'sec-ch-ua-mobile: ?0' \
      -H 'Authorization: Bearer [TOKEN]' \
      -H 'x-zitadel-orgid: 86614223882349580' \
      -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36' \
      -H 'X-Grpc-Web: 1' \
      -H 'Referer: ' \
      -H 'Content-Type: application/grpc-web+proto' \
      --data-raw $'\u0000\u0000\u0000\u0000\u0013\n\u001186761430715523969' \
      --compressed
    
    bug go backend 
    opened by maennchen 8
  • Support offline-access via refresh token

    Support offline-access via refresh token

    Is your feature request related to a problem? Please describe. For SPAs as well as mobile (ionic/reactnative/whatever) applications and PWAs in particular, it should be possible to request a refresh token to guarantee "offline like" experience.

    Describe the solution you'd like A scope that also returns a refresh token according to the standard.

    enhancement help wanted go backend 
    opened by buehler 8
  • feat: Configurable Unique Machine Identification

    feat: Configurable Unique Machine Identification

    This change fixes Segfault on AWS App Runner with v2 #3625

    The change introduces two new dependencies:

    • github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
    • github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.

    The change adds new configuration (see defaults.yaml):

    • Machine.Identification enables configuration of how machines are uniquely identified - I'm not sure about the top level category Machine, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
    • Machine.Identifiation.PrivateId turns on or off the existing private IP based identification. Default is on.
    • Machine.Identification.Hostname turns on or off using the OS hostname to identify the machine. Great for environments where you can be sure that the hostname will be unique for each instance of zitadel running, such as k8s.
    • Machine.Identification.Webhook configures identification based on the response to an HTTP GET request. Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format "${var}".

    The new flow for getting a unique machine id is:

    1. PrivateIP (if enabled)
    2. Hostname (if enabled)
    3. Webhook (if enabled, to configured URL)
    4. Give up and error out.

    It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that the application will generate an error if the module hasn't been configured and you try to get an ID.

    Misc changes:

    • Spelling and gramatical corrections to init.go::New() long description.
    • Spelling corrections to verify_zitadel.go::newZitadel().
    • Updated production.md and development.md based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
    • id.SonyFlakeGenerator is now a function, which sets id.sonyFlakeGenerator, this allows us to defer initialization until configuration has been read.
    enhancement go v2 
    opened by Alexei-Barnes 1
  • Segfault on AWS App Runner with v2

    Segfault on AWS App Runner with v2

    Describe the bug On AWS App Runner (which is based on AWS ECS), I'm unable to run Zitadel v2 because the container segfaults during configuration.

    Stack Trace Note, this log is in reverse chronological order (the ordering of CloudWatch logs in AWS, so read it from top to bottom in terms of time, but the stack trace from top to bottom as that's all sent as a single message.

    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/main.go:13 +0x76
    05-09-2022 05:54:00 PM main.main()
    05-09-2022 05:54:00 PM 	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
    05-09-2022 05:54:00 PM github.com/spf13/cobra.(*Command).Execute(...)
    05-09-2022 05:54:00 PM 	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x3bc
    05-09-2022 05:54:00 PM github.com/spf13/cobra.(*Command).ExecuteC(0xc0000d4000)
    05-09-2022 05:54:00 PM 	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x5f8
    05-09-2022 05:54:00 PM github.com/spf13/cobra.(*Command).execute(0xc000302a00, {0xc000569860, 0x6, 0x6})
    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/cmd/admin/start/start_from_init.go:35 +0x299
    05-09-2022 05:54:00 PM github.com/zitadel/zitadel/cmd/admin/start.NewStartFromInit.func1(0xc000302a00, {0x1dc319c, 0x6, 0x6})
    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/cmd/admin/start/start.go:96 +0x311
    05-09-2022 05:54:00 PM github.com/zitadel/zitadel/cmd/admin/start.startZitadel(0xc00038c300, {0x7ffdb0ad1df5, 0x20})
    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/internal/query/query.go:69 +0x307
    05-09-2022 05:54:00 PM github.com/zitadel/zitadel/internal/query.StartQueries({0x362f8a8, 0xc00012c000}, 0xc000b372e0, 0xc0000fc000, {0x2540be400, 0x3b9aca00, 0x5, 0xc8, 0xc000af9a40, 0x1}, ...)
    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/internal/query/projection/projection.go:37 +0x1a8
    05-09-2022 05:54:00 PM github.com/zitadel/zitadel/internal/query/projection.Start({0x362f8a8, 0xc00012c000}, 0x0, 0x20, {0x2540be400, 0x3b9aca00, 0x5, 0xc8, 0xc000af9a40, 0x1}, ...)
    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/internal/query/projection/org.go:53 +0x808
    05-09-2022 05:54:00 PM github.com/zitadel/zitadel/internal/query/projection.NewOrgProjection({0x362f8a8, 0xc00012c000}, {{{0xc000b372e0}, {0x1ddc23e, 0x10}, 0x2540be400, 0x3b9aca00}, 0xc0000fc000, {0x1df7949, 0x1d}, ...})
    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/internal/eventstore/handler/crdb/handler_stmt.go:76 +0x334
    05-09-2022 05:54:00 PM github.com/zitadel/zitadel/internal/eventstore/handler/crdb.NewStatementHandler({_, _}, {{{0xc000b372e0}, {0x1ddc23e, 0x10}, 0x2540be400, 0x3b9aca00}, 0xc0000fc000, {0x1df7949, 0x1d}, ...})
    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/internal/eventstore/handler/crdb/lock.go:36 +0x65
    05-09-2022 05:54:00 PM github.com/zitadel/zitadel/internal/eventstore/handler/crdb.NewLocker(0xc0000fc000, {0x1dddfc4, 0x11}, {0x1ddc23e, 0x10})
    05-09-2022 05:54:00 PM 	/home/runner/work/zitadel/zitadel/internal/id/sonyflake.go:23 +0x1c
    05-09-2022 05:54:00 PM github.com/zitadel/zitadel/internal/id.(*sonyflakeGenerator).Next(0xc000b419c0)
    05-09-2022 05:54:00 PM 	/home/runner/go/pkg/mod/github.com/sony/[email protected]/sonyflake.go:89 +0x3d
    05-09-2022 05:54:00 PM github.com/sony/sonyflake.(*Sonyflake).NextID(0x0)
    05-09-2022 05:54:00 PM goroutine 1 [running]:
    05-09-2022 05:54:00 PM [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x9f4fdd]
    05-09-2022 05:54:00 PM panic: runtime error: invalid memory address or nil pointer dereference
    05-09-2022 05:54:00 PM time="2022-05-09T16:54:00Z" level=info msg="starting handler" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/handler_projection.go:80" projection=projections.orgs
    05-09-2022 05:53:58 PM time="2022-05-09T16:53:58Z" level=info msg="verify zitadel" caller="/home/runner/work/zitadel/zitadel/cmd/admin/initialise/verify_zitadel.go:97" database=zitadel
    05-09-2022 05:53:57 PM time="2022-05-09T16:53:57Z" level=info msg="verify grant" caller="/home/runner/work/zitadel/zitadel/cmd/admin/initialise/verify_grant.go:39" database=zitadel user=zitadel
    05-09-2022 05:53:57 PM time="2022-05-09T16:53:57Z" level=info msg="verify user" caller="/home/runner/work/zitadel/zitadel/cmd/admin/initialise/verify_user.go:43" username=zitadel
    05-09-2022 05:53:57 PM time="2022-05-09T16:53:57Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/admin/initialise/init.go:52"
    

    To Reproduce Steps to reproduce the behavior:

    1. Create an ECR repository and upload a configured copy of the zitadel v2 container (I just used docker build with FROM set to the zitadel release v1.80.0-v2.20-amd64 and copy in my config file).
    2. Create an AWS App Runner service, based off of that ECR image.
    3. Wait for the task to start up and watch the logs

    Expected behavior No segfault.

    Screenshots N/A

    Desktop (please complete the following information): N/A

    Smartphone (please complete the following information): N/A

    Additional context Based on conversations in Discord, it was identified that the cause of this problem is down to trying to uniquely identify the machine: https://discord.com/channels/927474939156643850/927866013545025566/973323013216931891

    I'm creating a PR to fix this myself based on that discussion.

    bug go 
    opened by Alexei-Barnes 1
  • Console Bugs

    Console Bugs

    Project

    • [ ] After creating a role, i get an empty page, should be back on role list
    • [ ] Authorizations: If i click delete in the table, the popup to show the detail is shown, instead of the delete dialoge
    • [ ] On creating a grant, the selected ORG in the header changes, *Exact description in comments
    • [ ] If I use the key "N" on project overview, the add manager popup is shown in the front

    Settings

    • [ ] Branding: When I change the colours I get constantly an error message, because the request sent about 10times when I only change one colour.
    • [ ] Branding: If I upload a logo or an image nothing happens. I should see that it is uploaded.
    • [ ] Login Policy: If there are no mfa/passwordless providers left, the add button should be hidden. At the moment I click add and get a popup with no providers to add
    • [ ] Its not possible to remove a mfa or passwordless
    • [ ] Login Polidy: After I added a new IDentity Provider, its not shown in the list
    go angular task v2 
    opened by fgerschwiler 2
  • SAML Integration into v2

    SAML Integration into v2

    Description

    • [x] Move SAML package into a separate repository
    • [x] Update handling of certificates like in v2
    • [x] Integrate SAML library into ZITADEL

    Acceptance criteria

    • [ ] connection possible with SAML to ZITADEL v2
    go backend task 
    opened by stebenz 0
Releases(v1.84.0)
Owner
CAOS
Always run a changing system
CAOS
Identity - An OAuth2 identity provider that operates over gRPC

Otter Social > Identity Provider An OAuth2 identity provider that operates over

Otter Social 2 May 2, 2022
It is a JWT based implement of identity server.

JWTAuth 安裝說明 基本需求 安裝 docker 服務 安裝 OpenSSL 安裝指令 建立 OS 系統的 jwtauth 帳號 sudo useradd -m jwtauth 給予 JWTAuth 帳號可以操作 docker 的權限 sudo usermod -aG docker jwtau

null 0 Nov 30, 2021
Demonstration of sharing secret data between an OAuth/OIDC client and an Identity Providers web client.

OAuth / OIDC Cubbyhole Share secret data between client applications. This is mostly a demonstration of some of the work I've been evaluating at Storj

mya 3 Mar 21, 2022
Authenticating using Workload Identity Federation to Cloud Run, Cloud Functions

Authenticating using Workload Identity Federation to Cloud Run, Cloud Functions This tutorial and code samples cover how customers that use Workload i

null 0 Feb 11, 2022
Platform-Agnostic Security Tokens implementation in GO (Golang)

Golang implementation of PASETO: Platform-Agnostic Security Tokens This is a 100% compatible pure Go (Golang) implementation of PASETO tokens. PASETO

Oleg Lobanov 595 May 12, 2022
Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.

A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC

Casbin 3k May 22, 2022
Generate and verify JWT tokens with Trusted Platform Module (TPM)

golang-jwt for Trusted Platform Module (TPM) This is just an extension for go-jwt i wrote over thanksgiving that allows creating and verifying JWT tok

null 2 Mar 2, 2022
Go client library for the Auth0 platform.

Auth0 Go SDK Go client library for the Auth0 platform. Note: This SDK was previously maintained under go-auth0/auth0. Table of Contents Installation D

Auth0 19 May 19, 2022
Terraform Provider for the Auth0 platform.

Auth0 Terraform Provider Terraform Provider for the Auth0 platform. Note: This Provider was previously maintained under alexkappa/terraform-provider-a

Auth0 54 May 15, 2022
stratus is a cross-cloud identity broker that allows workloads with an identity issued by one cloud provider to exchange this identity for a workload identity issued by another cloud provider.

stratus stratus is a cross-cloud identity broker that allows workloads with an identity issued by one cloud provider to exchange this identity for a w

robert lestak 1 Dec 26, 2021
Identity-service - An OAuth2 identity provider that operates over gRPC

Identity-service - An OAuth2 identity provider that operates over gRPC

Otter Social 2 May 2, 2022
Identity - An OAuth2 identity provider that operates over gRPC

Otter Social > Identity Provider An OAuth2 identity provider that operates over

Otter Social 2 May 2, 2022
Attractify is a customer experience platform.

We are developers and we hate to integrate marketing tools into websites and apps. We want clean APIs and no tools that generate garbage HTML that we

inovex GmbH 8 Apr 2, 2022
An Enhanced Go Experience For The Atom Editor

go-plus An Improved Go Experience For The Atom Editor Github: https://github.com/joefitzgerald/go-plus Atom: https://atom.io/packages/go-plus Overview

Joe Fitzgerald 1.5k May 15, 2022
red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel with certain experience.

Red Team TL;DR English | 中文简体 What is Red Team TL;DR ? red-tldr is a lightweight text search tool, which is used to help red team staff quickly find t

倾旋 158 May 1, 2022
Flagr is an open source Go service that delivers the right experience to the right entity and monitors the impact.

Flagr is an open source Go service that delivers the right experience to the right entity and monitors the impact. It provides feature flags, experimentation (A/B testing), and dynamic configuration. It has clear swagger REST APIs for flags management and flag evaluation.

null 31 May 2, 2022
A "passwordless" login experience for your AWS RDS

RDS Auth Proxy A two-layer proxy for connecting into RDS postgres databases based on IAM authentication. This tool allows you to keep your databases f

Mothership 17 May 6, 2022
A unified graphical user experience toolkit for Go desktop applications

Unison A unified graphical user experience toolkit for Go desktop applications. macOS, Windows, and Linux are supported. Required setup Unison is buil

Richard Wilkes 6 Mar 29, 2022
Devstack is Razorpay's Developer Experience Solution for cloud on laptop

devstack Devstack is Razorpay's Developer Experience Solution for cloud on laptop What is Devstack At razorpay, we run all our workloads on kubernetes

Razorpay 98 May 3, 2022
Used gRPC for the first time, and it was a amazing developer experience

gRPC Used gRPC for the first time, and it was a amazing developer experience. Edge points of using gPRC which I felt: Structured Code Uniform request

Mrigank Anand 5 Oct 11, 2021
A BPMN engine, meant to be embedded in Go applications with minim hurdles, and a pleasant developer experience using it.

A BPMN engine, meant to be embedded in Go applications with minim hurdles, and a pleasant developer experience using it. This approach can increase transparency for non-developers.

Martin W. Kirst 27 May 7, 2022
Enables a FaaS experience for Knative / Cloud Native Runtimes.

Function Buildpacks for Knative Enables a FaaS experience for Knative / Cloud Native Runtimes. Will soon extend func to create deployable functions vi

VMware Tanzu 13 May 8, 2022
Scraping medium blogs to make them loadable with shitty internet and have a pleasant reading experience

Unmedium This project is still WIP We all know medium right? A bunch of JS, wast

Marcel Schramm 2 Mar 20, 2022
K-Mesh is an experimental Knative distribution which provides a fresh, CLI-focused, holistic user experience of running and managing Knative.

K-Mesh is an experimental Knative distribution which provides a fresh, CLI-focused, holistic user experience of running and managing Knative. N

Ahmed Abdalla Abdelrehim 0 Feb 14, 2022
Parallel Digital Universe - A decentralized identity-based social network

Parallel Digital Universe Golang implementation of PDU. What is PDU? Usage Development Contributing PDU PDU is a decentralized identity-based social n

PDU.PUB 38 Apr 20, 2022
Pomerium is an identity-aware access proxy.

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access cont

null 3.1k May 14, 2022
Boundary enables identity-based access management for dynamic infrastructure.

Boundary Please note: We take Boundary's security and our users' trust very seriously. If you believe you have found a security issue in Boundary, ple

HashiCorp 3.3k May 20, 2022
Identity & Access Management simplified and secure.

IAM Zero Identity & Access Management simplified and secure. ?? Get Started | ?? Support What is IAM Zero? IAM Zero detects identity and access manage

Common Fate 191 May 10, 2022
Free, secure communications for everyone, powered by decentralized private identity.

Ubikom Project Encrypted email service based on decentralized private identity. The Project With Ubikom project, you can communicate via email in a se

Leonid Gorkin 63 Apr 24, 2022