Agama is an auth-server component that offers an alternative way to build authentication flows in the Janssen server. Originally, person authentication flows are defined in the server by means of Jython scripts that adhere to a predefined API. With Agama, flows are coded in a DSL (domain-specific language) designed to write web flows.
Advantages of using Agama include the following:
- Ability to express authentication flows in a clean and concise way
- Flow composition is supported out-of-the-box: reuse of an existing flow in another requires no effort
- Reasoning about flows behavior is easy (as consequence of points 1 and 2). This makes flow modifications and refactoring straightforward
- Small cognitive load. Agama DSL is a very small language with simple, non-distracting syntax
- Friendly UI templating engine. No complexities when authoring web pages – stay focused on writing HTML markup
Janssen is not a big monolith–it’s a lot of services working together. Whether you deploy Janssen to a Kubernetes cluster, or you are a developer running everything on one server, it’s important to understand the different parts.
This component is the OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server–this is the main Internet facing component of Janssen. It’s the service that returns tokens, JWT’s and identity assertions. This service must be Internet facing.
This component provides the server side endpoints to enroll and validate devices that use FIDO. It provides both FIDO U2F (register, authenticate) and FIDO 2 (attestation, assertion) endpoints. This service must be internet facing.
The API to configure the auth-server and other components is consolidated in this component. This service should not be Internet-facing.
SCIM is JSON/REST API to manage user data. Use it to add, edit and update user information. This service should not be Internet facing.
This module is a command line interface for configuring the Janssen software, providing both interactive and simple single line options for configuration.
Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting.
This library has code that is shared across several janssen projects. You will most likely need this project when you build other Janssen components.
This is the library for persistence and caching implemenations in Janssen. Currently LDAP and Couchbase are supported. RDBMS is coming soon.
Install Janssen with these packages
- Provision a Linux 4 CPU, 16 GB RAM, and 50GB SSD VM with ports 443 and 80 open.
- Save the VM IP address
- Install Docker
Why the name Janssen?
Pigeons (or doves if you like…) are universally regarded as a symbol of peace. But they are also fast. Powered by a handful of seeds, a well trained racing pigeon can fly 1000 kilometers in a day. The Janssen brothers of Arendonk in Belgium bred the world’s fastest family of racing pigeons. Complex open source infrastructure, like competitive animal husbandry, requires incremental improvement. Janssen racing pigeons revolutionized the sport. The Janssen Project seeks to revolutionize identity and access management.
While other identity and access management platforms exist, the Janssen Project seeks to tackle the most challenging security and performance requirements.
Based on the latest code that powers the Gluu Server which has passed more OpenID self-certification tests than any other platform. Janssen starts with a rich set of signing and encryption functionality that can be used for high assurance transactions.
Having shown throughput of more than one billion authentications per day, the software can also handle the most demanding requirements for concurrency thanks to Kubernetes auto-scaling and advances in persistence.