Gortas (Golang Authentication Service) is a flexible API based authentication service, allows adding authentication to your site or service with minimum effort. Gortas supports multiple authentication methods across various data sources. You can authenticate against your Active Directory or other LDAP user directory or MongoDB.
It allows building complex authentication processes with various steps and different authentication methods.
For example, you can build login and password authentication with an SMS confirmation code
- Username and password - authenticates against an existing user datastore
- Registration - creates a user account in a user data store for further authentication
- Kerberos - uses Kerberos authentication
- OTP - one-time password sent via email or SMS
It is possible to develop custom authentication methods.
- LDAP
- NoSQL
- MongoDB
- SQL databases (in development)
With Gortas you can build an authentication system with any desired complexity across different data sources simultaneously.
There could be different realms in Gortas - for example, the staff
realm for employees and the clients
realm for clients.
All realms use their own user data stores. For example, for staff users, we will use an enterprise LDAP user directory, for clients we could use another database, for example, MongoDB.
Every realm contains authentication modules, authentication chains, and user data store.
Single authentication module, responsible for authentication or authorization step. For example - prompt username and password or send and verify a one-time password.
Authentication modules are organized in flows. Every authentication chain is a sequence of authentication modules to orchestrate complex authentication processes. For example, we have two modules: Login module - prompts a user to provide login and password, and OTP module - sends SMS with a one-time password to the user.
When a user tries to authenticate he will be prompted to enter login and password. If the credentials are correct authentication service sends OTP via SMS and prompts the user to enter the one-time password as a second authentication factor. On the other hand, we can line up Kerberos and login and password in the same chain. So if a user was not authenticated in Kerberos automatically, he will be prompted for username and password
Clone Gortas repository
git clone https://github.com/maximthomas/gortas.git
Then go to gortas
directory and run docker-compose
docker-compose up
This command will create services:
gortas
- authentication API servicemongo
- Mongo database for user and session storage
Further reading: Quick Start