OpenUnison

Open Source Identity Management

OpenUnison provides open source identity management with all the power of Unison.  OpenUnison quickly integrates into your continuous integration / continuous deployment (CI/CD) pipeline with a build process that generates an easily patched web application that can be run in almost any Java Servlet container (such as Tomcat, Wildfly, or Jetty) or can be run in an embedded Undertow server.  OpenUnison’s configuration is updated via three files:

  1. XML file for application defenition
  2. Properties file for the internal LDAP virtual directory
  3. Java Keystore

OpenUnison can be easily managed through git, with secrets externalized and kept separate from the configuration.

Authentication as Dynamic as Your Environment

Username and password?  Multi-factor? Customers and partners?  What about contractors?  Your environment likely has more then one type of user and one type of authentication.  OpenUnison’s open source identity management platform provides multiple ways to authenticate beyond your username and password.  We make it easier to leverage your existing authentication investments, making them easier to integrate with more of your applications.

Dynamically Use Data From All of Your Sources

You likely have multiple Active Directory forests, databases and web services that store your identity data.  All that data is likely not owned by the same person in your organization.  OpenUnison’s internal LDAP virtual directory adds a layer capable of integrating with all of your sources in a way that lines up with your organization.  Our open source identity management platform is the only one that integrates this layer directly into the system without relying on an external solution.

Combine DevOps and Identity Management

Tired of the “email shuffle”?  Are you constantly answering questions such as “Can I have access to?”,”Who can approve this access”, or “Where’s the audit trail”? OpenUnison’s open source identity management platform brings the automation of DevOps to your identity management requirements by automating the creation, removal and recertification of user access.  Take your administrators out of the job of answering tickets, manually creating access, and having to generate reports by combining DevOps and identity management with OpenUnison.

Implement Your Compliance Goals

Are your identity management compliance goals not being followed because of technology that can’t implement them?  Nearly any rule you have we can cover since OpenUnison is so lightweight and flexible.  Automate your identity management compliance, just as you have automated the rest of your compliance workflows.

Integrate Into Your CI/CD Pipeline

OpenUnison deployments rely on Maven’s WAR Overlay plugin to combine Tremolo Security’s pre-built and tested binaries from our Nexus repository with your own configuration and customization to create a binary that can be deployed directly into a servlet container or using one of our pre-built Docker containers.  If you’re using Docker we have an Source-2-Image (S2I) image that will create a hardened container image for you.

Features

Authentication Types

  • Username and password
  • Compliance Acknowledgement
  • SAML2
  • OpenID Connect
  • TOTP (aka GoogleAuth)
  • U2F
  • Secret questions
  • OAuth2 Bearer Tokens
  • Kerberos
  • One-Time-Password over SMS
  • Certificates / PIV CAC

Data Stores

  • Active Directory
  • LDAP
  • RDBMS
  • Web Services
  • MongoDB
  • Kubernetes
  • OpenShift
  • OpenStack Keystone

Application Integration

  • Apache
  • Java
  • .NET
  • SAML2
  • Header

Deployment Options

  • Embedded Undertow server
  • J2EE Servlet containers – Tomcat, Wildfly, Jetty
  • Docker container
  • Red Hat certified container