Casdoor logo

Casdoor

Casdoor is an open-source, AI-first identity and access management (IAM) and MCP gateway authentication server with a web UI. Built in Go (Beego) with a React frontend, Casdoor supports OAuth 2.0, OIDC, SAML 2.0, CAS, LDAP, Kerberos/SPNEGO, WebAuthn / Passkeys, TOTP / MFA, SCIM 2.0 provisioning, social login, multi-tenant organizations, role-based access control, and an MCP Gateway plus A2A Protocol for agent-to-agent communication. The platform exposes a RESTful API documented via Swagger and ships SDKs for Go, Java, Python, Node.js, C#, C++, PHP, Ruby, JavaScript, Lua, and Haskell. Released under the Apache License 2.0.

8 APIs 22 Features
AuthenticationAuthorizationIAMIdentityLDAPMCPMFAOAuthOIDCOpen SourcePasskeysSAMLSCIMSingle Sign-OnSSOWebAuthn

APIs

Casdoor REST API

The Casdoor REST API provides programmatic access to the IAM platform's core resources including users, organizations, applications, roles, groups, permissions, identity provide...

Casdoor OAuth 2.0 / OIDC Provider

Casdoor implements an OAuth 2.0 authorization server and OpenID Connect identity provider, exposing the standard authorization, token, userinfo, revocation, introspection, JWKS,...

Casdoor SAML 2.0 Identity Provider

SAML 2.0 identity provider endpoints in Casdoor that issue SAML assertions to enterprise service providers, supporting SSO scenarios for legacy and enterprise SaaS applications ...

Casdoor CAS Server

Casdoor exposes a CAS (Central Authentication Service) server compatible with CAS protocol versions 1.0, 2.0, and 3.0, providing single sign-on to applications that integrate vi...

Casdoor LDAP Server

Casdoor provides an LDAP server interface so that legacy applications and infrastructure components requiring LDAP authentication can bind against Casdoor users and groups, and ...

Casdoor SCIM 2.0 API

SCIM 2.0 (System for Cross-domain Identity Management) endpoints for automated user and group provisioning between Casdoor and downstream identity-aware systems.

Casdoor MCP Gateway

Casdoor's MCP (Model Context Protocol) gateway and A2A (Agent-to-Agent) protocol surface, designed to broker authentication and authorization for AI agents and MCP-aware tooling...

Casdoor Webhooks

Outbound webhook events that notify external systems of identity events such as user signup, login, logout, profile changes, password resets, and MFA enrollments.

Features

OAuth 2.0 Server
OIDC Provider
SAML 2.0 IdP
CAS Server
LDAP Server
SCIM 2.0 Provisioning
WebAuthn / Passkeys
TOTP MFA
Face ID Biometrics
Social Login
RBAC
ABAC
ACL
Multi-Tenancy
Organizations
Audit Logs
Webhooks
Identity Provider Federation
MCP Gateway
A2A Protocol
Self-Hosted
Apache 2.0 License

Use Cases

Single Sign-On
Customer Identity (CIAM)
Workforce Identity
Passwordless Login
Multi-Factor Authentication
Enterprise SSO via SAML
API Authorization
Identity Provider for AI Agents
User Provisioning Automation
Self-Hosted Auth Server

Integrations

GitHub
Google
Azure AD
WeChat
QQ
MySQL
PostgreSQL
SQL Server
Redis
Beego
React
Casbin

Resources

🔗
Website
Website
🔗
Documentation
Documentation
🚀
GettingStarted
GettingStarted
🔑
Authentication
Authentication
🔗
Swagger
Swagger
👥
GitHub
GitHub
👥
GitHubOrganization
GitHubOrganization
💻
SourceCode
SourceCode
🔗
IssueTracker
IssueTracker
📰
Blog
Blog
🔗
Community
Community
🔗
Discord
Discord
🔗
License
License
🔗
DockerHub
DockerHub
🔗
Demo
Demo
📜
PrivacyPolicy
PrivacyPolicy
💰
Pricing
Pricing