[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"workflow-asset-009699d9":3,"seo:featured-workflow:009699d9-4d78-11f1-9bc6-00163e2b0d79:es":82,"workflow-related-asset-009699d9-009699d9-4d78-11f1-9bc6-00163e2b0d79":83},{"id":4,"uuid":5,"slug":6,"title":7,"description":8,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":12,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":14,"tags":21,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":28,"asset_kind":29,"target_tools":30,"install_mode":34,"entrypoint":18,"risk_profile":35,"dependencies":37,"verification":42,"agent_metadata":45,"agent_fit":58,"trust":70,"provenance":79,"created_at":81,"updated_at":81},3130,"009699d9-4d78-11f1-9bc6-00163e2b0d79","asset-009699d9","Kanidm — Modern Identity Management Built in Rust","Kanidm is an identity management server written in Rust, designed as a secure and developer-friendly alternative to LDAP and Active Directory. It provides OAuth2, OIDC, LDAP compatibility, UNIX integration, WebAuthn passkey support, and RADIUS authentication in a single self-contained binary.","8a911193-3180-11f1-9bc6-00163e2b0d79","AI Open Source","",0,"en",[15],{"id":16,"step_order":17,"title":18,"description":11,"prompt_template":19,"variables":11,"depends_on":20,"expected_output":11},3693,1,"Kanidm Identity Server","# Kanidm — Modern Identity Management Built in Rust\n\n## Quick Use\n```bash\n# Run with Docker\ndocker run -p 8443:8443 kanidm\u002Fserver:latest\n# Or install the CLI tools\ncargo install kanidm_tools\n# Create your first admin account\nkanidm login --name admin\n```\n\n## Introduction\nKanidm is a modern identity management platform written in Rust that aims to replace legacy LDAP directories and Active Directory for authentication and authorization. It provides a secure-by-default design with built-in support for modern standards like OAuth2, OIDC, WebAuthn passkeys, and RADIUS, all in a single binary.\n\n## What Kanidm Does\n- Manages users, groups, and service accounts through a web UI or CLI\n- Provides OAuth2 and OpenID Connect for web application single sign-on\n- Offers LDAP compatibility for legacy applications that require directory access\n- Supports WebAuthn and passkeys for passwordless authentication\n- Integrates with UNIX systems via PAM and NSS for SSH and local login\n\n## Architecture Overview\nKanidm is a single Rust binary containing the identity server, a built-in embedded database, and a web interface. It stores data in an append-only, copy-on-write B-tree database for crash resilience. The server exposes a REST API consumed by the web UI and CLI tools. Authentication flows support PKCE-enabled OAuth2, TOTP, WebAuthn, and backup codes. Replication between Kanidm instances uses a pull-based model for multi-site deployments.\n\n## Self-Hosting & Configuration\n- Deploy via Docker or as a standalone binary on Linux\n- Configure TLS certificates and domain name in server.toml\n- Set up OAuth2 resource servers for each application needing SSO\n- Enable LDAP gateway for legacy applications that require bind operations\n- Use kanidm CLI tools for user provisioning and group management\n\n## Key Features\n- Secure by default with mandatory TLS and modern cryptographic defaults\n- WebAuthn passkey support enables passwordless login across all integrated services\n- UNIX integration via PAM\u002FNSS eliminates the need for a separate LDAP client stack\n- Built-in RADIUS server for Wi-Fi and VPN authentication\n- Written in Rust for memory safety and high performance under concurrent load\n\n## Comparison with Similar Tools\n- **Keycloak** — Java-based, heavier deployment; Kanidm is a single Rust binary with UNIX integration\n- **Authentik** — Python\u002FDjango stack with broader UI; Kanidm focuses on security-first design\n- **FreeIPA** — LDAP+Kerberos suite; Kanidm offers OAuth2\u002FOIDC natively without Kerberos complexity\n- **LLDAP** — Lightweight LDAP server; Kanidm adds OAuth2, WebAuthn, and RADIUS beyond LDAP\n- **Zitadel** — Cloud-native Go identity platform; Kanidm is designed for on-premise UNIX-centric environments\n\n## FAQ\n**Q: Can Kanidm replace Active Directory?**\nA: For Linux and web-application authentication, yes. Windows domain-joined machines still require AD or Samba for Group Policy and Kerberos ticket integration.\n\n**Q: Does Kanidm support multi-factor authentication?**\nA: Yes. Kanidm supports TOTP, WebAuthn security keys, passkeys, and backup codes as second factors.\n\n**Q: How does replication work?**\nA: Kanidm uses a pull-based replication model where secondary servers pull changes from the primary. This simplifies network configuration and NAT traversal.\n\n**Q: Is Kanidm production-ready?**\nA: Kanidm is used in production by multiple organizations. The project follows semantic versioning and provides stable release channels.\n\n## Sources\n- https:\u002F\u002Fgithub.com\u002Fkanidm\u002Fkanidm\n- https:\u002F\u002Fkanidm.github.io\u002Fkanidm\u002Fstable\u002F","0",[22],{"id":23,"name":24,"slug":25,"icon":26},12,"Configs","config","⚙️",false,"c72a457261e05b53226cf64df925eb1921c4d7dcf428cb2ff908ffe496a6a836","skill",[31,32,33],"claude_code","codex","gemini_cli","single",{"executes_code":27,"modifies_global_config":27,"requires_secrets":36,"uses_absolute_paths":27,"network_access":27},[],{"npm":38,"pip":39,"brew":40,"system":41},[],[],[],[],{"commands":43,"expected_files":44},[],[18],{"asset_kind":29,"target_tools":46,"install_mode":34,"entrypoint":18,"risk_profile":47,"dependencies":49,"content_hash":28,"verification":54,"inferred":57},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":48,"uses_absolute_paths":27,"network_access":27},[],{"npm":50,"pip":51,"brew":52,"system":53},[],[],[],[],{"commands":55,"expected_files":56},[],[18],true,{"target":32,"score":59,"status":60,"policy":61,"why":62,"asset_kind":29,"install_mode":34},98,"native","allow",[63,64,65,66,67,68,69],"target_tools includes codex","asset_kind skill","install_mode single","markdown-only","policy allow","safe markdown-only Codex install","trust established",{"author_trust_level":71,"verified_publisher":27,"asset_signed_hash":28,"signature_status":72,"install_count":12,"report_count":12,"dangerous_capability_badges":73,"review_status":74,"signals":75},"established","hash_only",[],"unreviewed",[76,77,78],"author has published assets","content hash available","no dangerous capability badges",{"owner_uuid":9,"owner_name":10,"source_url":80,"content_hash":28,"visibility":17,"created_at":81,"updated_at":81},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fasset-009699d9","2026-05-12 04:28:42",null,[84,136,183,236],{"id":85,"uuid":86,"slug":87,"title":88,"description":89,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":90,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":91,"tags":92,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":94,"asset_kind":29,"target_tools":95,"install_mode":34,"entrypoint":96,"risk_profile":97,"dependencies":99,"verification":104,"agent_metadata":107,"agent_fit":119,"trust":121,"provenance":124,"created_at":126,"updated_at":127,"__relatedScore":128,"__relatedReasons":129,"__sharedTags":134},1951,"0930da48-3e48-11f1-9bc6-00163e2b0d79","casdoor-open-source-identity-access-management-platform-0930da48","Casdoor — Open Source Identity and Access Management Platform","A UI-first identity provider supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, WebAuthn, TOTP, and MFA with a modern web console.",68,[],[93],{"id":23,"name":24,"slug":25,"icon":26},"8002e823f12b4f394cdb55062c225b9b1ac98af157b41c243c33496e25393e6a",[31,32,33],"Casdoor",{"executes_code":27,"modifies_global_config":27,"requires_secrets":98,"uses_absolute_paths":27,"network_access":27},[],{"npm":100,"pip":101,"brew":102,"system":103},[],[],[],[],{"commands":105,"expected_files":106},[],[96],{"asset_kind":29,"target_tools":108,"install_mode":34,"entrypoint":96,"risk_profile":109,"dependencies":111,"content_hash":94,"verification":116},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":110,"uses_absolute_paths":27,"network_access":27},[],{"npm":112,"pip":113,"brew":114,"system":115},[],[],[],[],{"commands":117,"expected_files":118},[],[96],{"target":32,"score":59,"status":60,"policy":61,"why":120,"asset_kind":29,"install_mode":34},[63,64,65,66,67,68,69],{"author_trust_level":71,"verified_publisher":27,"asset_signed_hash":94,"signature_status":72,"install_count":12,"report_count":12,"dangerous_capability_badges":122,"review_status":74,"signals":123},[],[76,77,78],{"owner_uuid":9,"owner_name":10,"source_url":125,"content_hash":94,"visibility":17,"created_at":126,"updated_at":127},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fcasdoor-open-source-identity-access-management-platform-0930da48","2026-04-22 20:37:33","2026-05-11 16:25:00",114.75827363610588,[130,131,132,133],"topic-match","same-kind","same-target","same-author",[25,135],"configs",{"id":137,"uuid":138,"slug":139,"title":140,"description":141,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":142,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":143,"tags":144,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":146,"asset_kind":29,"target_tools":147,"install_mode":34,"entrypoint":148,"risk_profile":149,"dependencies":151,"verification":156,"agent_metadata":159,"agent_fit":171,"trust":173,"provenance":176,"created_at":178,"updated_at":179,"__relatedScore":180,"__relatedReasons":181,"__sharedTags":182},1220,"110f3e58-373d-11f1-9bc6-00163e2b0d79","task-fast-cross-platform-build-tool-modern-workflows-110f3e58","Task — Fast Cross-Platform Build Tool for Modern Workflows","Task is a task runner and build tool written in Go. It uses simple YAML configuration as a modern, cross-platform alternative to Make — with better syntax, built-in variables, watch mode, and no platform-specific quirks.",99,[],[145],{"id":23,"name":24,"slug":25,"icon":26},"19b4ca2449149e7042a05a2e69e84bc9a40183ae96542003cd718a2200aaebd5",[31,32,33],"SKILL.md",{"executes_code":27,"modifies_global_config":27,"requires_secrets":150,"uses_absolute_paths":27,"network_access":27},[],{"npm":152,"pip":153,"brew":154,"system":155},[],[],[],[],{"commands":157,"expected_files":158},[],[11],{"asset_kind":29,"target_tools":160,"install_mode":34,"entrypoint":148,"risk_profile":161,"dependencies":163,"content_hash":146,"verification":168},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":162,"uses_absolute_paths":27,"network_access":27},[],{"npm":164,"pip":165,"brew":166,"system":167},[],[],[],[],{"commands":169,"expected_files":170},[],[11],{"target":32,"score":59,"status":60,"policy":61,"why":172,"asset_kind":29,"install_mode":34},[63,64,65,66,67,68,69],{"author_trust_level":71,"verified_publisher":27,"asset_signed_hash":146,"signature_status":72,"install_count":12,"report_count":12,"dangerous_capability_badges":174,"review_status":74,"signals":175},[],[76,77,78],{"owner_uuid":9,"owner_name":10,"source_url":177,"content_hash":146,"visibility":17,"created_at":178,"updated_at":179},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Ftask-fast-cross-platform-build-tool-modern-workflows-110f3e58","2026-04-13 21:31:24","2026-05-12 10:47:06",101,[130,131,132,133],[25,135],{"id":184,"uuid":185,"slug":186,"title":187,"description":188,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":189,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":190,"tags":191,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":193,"asset_kind":29,"target_tools":194,"install_mode":34,"entrypoint":195,"risk_profile":196,"dependencies":198,"verification":203,"agent_metadata":206,"agent_fit":218,"trust":225,"provenance":229,"created_at":231,"updated_at":232,"__relatedScore":233,"__relatedReasons":234,"__sharedTags":235},2662,"2abdf176-481a-11f1-9bc6-00163e2b0d79","asset-2abdf176","Firezone — Self-Hosted WireGuard VPN with Zero Trust Access","A self-hosted secure access platform built on WireGuard that provides zero-trust network access with identity-based policies and a web management portal.",87,[],[192],{"id":23,"name":24,"slug":25,"icon":26},"2071f00c9c2ab824a1dd479f49d930e05638762d94a89248d8de91cab58cafba",[31,32,33],"Firezone VPN",{"executes_code":27,"modifies_global_config":27,"requires_secrets":197,"uses_absolute_paths":27,"network_access":57},[],{"npm":199,"pip":200,"brew":201,"system":202},[],[],[],[],{"commands":204,"expected_files":205},[],[195],{"asset_kind":29,"target_tools":207,"install_mode":34,"entrypoint":195,"risk_profile":208,"dependencies":210,"content_hash":193,"verification":215},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":209,"uses_absolute_paths":27,"network_access":57},[],{"npm":211,"pip":212,"brew":213,"system":214},[],[],[],[],{"commands":216,"expected_files":217},[],[195],{"target":32,"score":219,"status":220,"policy":221,"why":222,"asset_kind":29,"install_mode":34},64,"needs_confirmation","confirm",[63,64,65,223,224,69],"policy confirm","risk_profile.network_access is true",{"author_trust_level":71,"verified_publisher":27,"asset_signed_hash":193,"signature_status":72,"install_count":12,"report_count":12,"dangerous_capability_badges":226,"review_status":74,"signals":228},[227],"network_access",[76,77],{"owner_uuid":9,"owner_name":10,"source_url":230,"content_hash":193,"visibility":17,"created_at":231,"updated_at":232},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fasset-2abdf176","2026-05-05 08:34:24","2026-05-12 10:18:52",98.91672400822526,[130,131,132,133],[25,135],{"id":237,"uuid":238,"slug":239,"title":240,"description":241,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":242,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":243,"tags":244,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":246,"asset_kind":29,"target_tools":247,"install_mode":248,"entrypoint":148,"risk_profile":249,"dependencies":254,"verification":259,"agent_metadata":262,"agent_fit":274,"trust":281,"provenance":285,"created_at":287,"updated_at":288,"__relatedScore":289,"__relatedReasons":290,"__sharedTags":291},935,"2d385875-34c8-11f1-9bc6-00163e2b0d79","keycloak-open-source-identity-access-management-2d385875","Keycloak — Open Source Identity & Access Management","Keycloak is the most widely deployed open-source IAM solution. SSO, OIDC, SAML, LDAP federation, MFA, social login, and user management for enterprise applications.",70,[],[245],{"id":23,"name":24,"slug":25,"icon":26},"6f051e0598631124304281caa87b8fa7dd8330c991bd99ba6444c44218dc473e",[31,32,33],"stage_only",{"executes_code":27,"modifies_global_config":27,"requires_secrets":250,"uses_absolute_paths":27,"network_access":27},[251,252,253],"KC_BOOTSTRAP_ADMIN_PASSWORD","KC_DB_PASSWORD","POSTGRES_PASSWORD",{"npm":255,"pip":256,"brew":257,"system":258},[],[],[],[],{"commands":260,"expected_files":261},[],[11],{"asset_kind":29,"target_tools":263,"install_mode":248,"entrypoint":148,"risk_profile":264,"dependencies":266,"content_hash":246,"verification":271},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":265,"uses_absolute_paths":27,"network_access":27},[251,252,253],{"npm":267,"pip":268,"brew":269,"system":270},[],[],[],[],{"commands":272,"expected_files":273},[],[11],{"target":32,"score":275,"status":248,"policy":248,"why":276,"asset_kind":29,"install_mode":248},29,[63,64,277,278,279,280,69],"install_mode stage_only","policy stage_only","install_mode is stage_only","risk_profile.requires_secrets is not empty",{"author_trust_level":71,"verified_publisher":27,"asset_signed_hash":246,"signature_status":72,"install_count":12,"report_count":12,"dangerous_capability_badges":282,"review_status":74,"signals":284},[283,248],"requires_secrets",[76,77],{"owner_uuid":9,"owner_name":10,"source_url":286,"content_hash":246,"visibility":17,"created_at":287,"updated_at":288},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fkeycloak-open-source-identity-access-management-2d385875","2026-04-10 18:29:38","2026-05-12 11:43:22",98.77688752307861,[130,131,132,133],[25,135]]