Casdoor — Open Source Identity and Access Management Platform

Introduction

Casdoor is an open source identity and access management server with a web UI for managing users, organizations, applications, and authentication providers. It supports a wide range of protocols and login methods, making it a flexible IAM solution for applications that need centralized authentication and single sign-on.

What Casdoor Does

• Provides single sign-on (SSO) across multiple applications via OAuth 2.0 and OIDC
• Supports 100+ third-party login providers including Google, GitHub, and SAML IdPs
• Manages users, roles, and permissions through a built-in web console
• Offers multi-factor authentication with TOTP, SMS, email, and WebAuthn/passkeys
• Handles user registration, password recovery, and account linking workflows

Architecture Overview

Casdoor is built with Go (Beego framework) on the backend and React on the frontend. It stores user data and configuration in a relational database (MySQL, PostgreSQL, or SQLite). The Casbin authorization library powers the internal permission model. Casdoor exposes RESTful APIs alongside standard OAuth 2.0 and OIDC endpoints, so client applications integrate through standard protocol flows rather than proprietary SDKs.

Self-Hosting & Configuration

• Deploy via Docker, Docker Compose, or build from source with Go and Node.js
• Configure the database connection in conf/app.conf or via environment variables
• Register applications in the web UI to get OAuth client IDs and secrets
• Set up identity providers (Google, GitHub, LDAP, SAML) through the provider management page
• Customize the login page theme, logo, and CSS from the web console

Key Features

• Protocol-agnostic with OAuth 2.0, OIDC, SAML 2.0, CAS 3.0, and LDAP support
• Built-in user directory with profile management, group hierarchy, and role assignment
• SDK libraries available for Go, Java, Node.js, Python, PHP, and more
• Webhook and syncer modules push user events to external systems
• Multi-organization support isolates tenants with separate user pools and branding

Comparison with Similar Tools

• Keycloak — more mature and feature-rich but significantly heavier on resources (Java-based)
• Authentik — Python-based with strong flow customization, but less protocol breadth
• Logto — developer-focused with polished UI, but fewer enterprise protocol options
• Zitadel — Go-based with event-sourcing architecture, stronger audit capabilities

FAQ

Q: How does Casdoor compare to Auth0? A: Casdoor provides similar core functionality (SSO, MFA, user management) that you self-host. It lacks some of Auth0's advanced features like adaptive MFA and anomaly detection, but avoids per-user pricing.

Q: Can it integrate with existing LDAP directories? A: Yes. Casdoor can authenticate against an external LDAP server and sync users bidirectionally.

Q: What databases are supported? A: MySQL, PostgreSQL, SQL Server, SQLite, CockroachDB, and several others through the XORM ORM layer.

Q: Is it production-ready? A: Casdoor is used in production by multiple organizations. Review the documentation for recommended hardening steps including database encryption and secret rotation.

Sources

• https://github.com/casdoor/casdoor
• https://casdoor.org/docs/overview