Casdoor - Decision Insights

Casdoor is an open-source identity and access management (IAM) platform that provides authentication, authorization, user management, and Single Sign-On (SSO) as a unified service.

Centralized user authentication and SSO across multiple applications (identity and access)
Support for standard authentication protocols such as Open Authorization 2.0 (OAuth 2.0), OpenID Connect (OIDC), and Security Assertion Markup Language (SAML) (identity and access)
User, organization, and permission management with Role-Based Access Control (RBAC) integration with Casbin (identity and access)
Multi-factor authentication, social login, and passwordless options depending on configuration (identity and access)
Admin console, SDKs, and APIs for integrating Identity Access Management (IAM) into web, mobile, and enterprise systems (developer tooling / identity and access)

More About Casdoor

Casdoor operates as an identity and access management (IAM) system designed to provide centralized authentication, authorization, and user management for applications and services. It addresses scenarios where organizations need a single, consistent identity platform to manage users, logins, permissions, and federation across heterogeneous environments, including web, mobile, and internal enterprise applications.

The platform supports multiple authentication protocols such as OAuth 2.0, OIDC, and SAML (identity and access), enabling integration with applications that rely on these standards for SSO and delegated authorization. Through these protocols, Casdoor functions as an Identity Provider (IdP), issuing tokens and assertions that applications can validate to enforce session and access policies.

Casdoor provides user, organization, and group management capabilities (identity and access), including registration, profile management, and account lifecycle operations. It integrates with Casbin for fine-grained access control (authorization), allowing policies to be defined and enforced based on users, roles, resources, and actions. This combination enables architectures where Casdoor handles identity and session management while Casbin evaluates authorization rules.

The system includes features such as SSO across multiple client applications, optional multi-factor authentication, social logins via external identity providers, and configurable authentication flows (identity and access). These capabilities are exposed through a web-based admin console, Representational State Transfer (REST) APIs, and SDKs for multiple programming languages (developer tooling), which allow teams to embed Casdoor into existing application stacks and Continuous Integration and Continuous Deployment (CI/CD) workflows.

In enterprise and institutional environments, Casdoor is typically deployed as a central IAM service that sits between users and protected applications. It can be integrated with front-end applications through OAuth/OIDC redirects, with back-end services through token validation, and with existing user directories or databases where supported. Deployment models include self-hosting in on-premises (on-prem) or cloud infrastructure, aligning with environments that require direct control over identity data and access policies.

Technically, Casdoor is positioned in the identity and access category alongside identity providers, SSO servers, and IAM gateways. Its protocol support and policy integration with Casbin allow it to fit into architectures that separate concerns between authentication, authorization, and application logic. For directory and cataloging purposes, Casdoor can be classified under identity and access management, SSO / Internal Developer Platform (IDP), and developer integration tooling for authentication and authorization workflows.

More About Casdoor

Mentions

CISA issues update on Casdoor authentication bypass flaws

CISA issues update for Casdoor arbitrary file write vulnerability