JID
JID is a multitennant and interactive authentication, authorization, auditing and notification/alert solution using JRPC over TLS.
The JID client is included in the JLinux package J and its ABI is in C++.
There is also a small web module for JWebapp.
Authentication is achieved when the user authenticates with enough authentication methods that pass the required points set by the service the user is authenticating against.
If the service also requested authorization, permission is achieved the same way. If authorization is not requested, only authentication is performed.
The JID servers use a redundant SQL database to store data, implements JCPA for SMS-sending and reports to Loke real-time monitoring service. A standard installation can typically peak beyond 1000 authentications per second on normal hardware.
Supported authentication types
- Multiple usernames per user ID
- Multiple passwords per user ID
- Plain
- MD5 hash with and without nonce (rfc2195 ++)
- HMAC MD5 with nonce (rfc6151)
- HMAC SHA2 with nonce (rfc6151)
- HTTP Digest (rfc2617)
- HTTP Digest SHA256 (rfc7616)
- HTTP Basic (rfc2617)
- HTTP AWS4-HMAC-SHA256
- One-time-password sent via SMS
- One-time-password using HOTP (rfc4226)
- One-time-password using TOTP (rfc6238)
- One-time-password using Yubico OTP
- PKI using JAUTH
- PKI using Webauthn (W3C)
- NFC device
- Bluetooth device
- Fingerprint device
- USB key
- IP-address/prefix filter
- SSO token (for HTTP sessions, OAuth, SAML etc)
- 24SevenOffice user and sessions
All authentication types support valid from and valid to dates for auto-expiricy.
Examples of implementations in standard protocols
- OpenSSH / PAM (rfc86)
- Microsoft Windows credential provider
- IMAP
- POP3
- SMTP
- LDAP
- WebDAV
- Websites / REST
- SNMP
- SIP
- FTP
- JSH
- Tacacs
- Activesync/Exchange
Conformant security standards
- NIST FIPS 140-2 level 3
- PCI DSS
Supported user information
- User ID
- Multiple Group IDs
- Username
- Multiple authorization groups and services based on both User ID and Group ID
Supported contact/notification methods
- Email
- SMS
- Message via JID client back to the user when implemented by calling service.
Notification is used when alerting the user of suspicious activity, for password reset purposes etc.
Supported auditing fields
- User ID
- Date and time
- Host name of service
- IP-address of service
- Protocol of service
- IP-address of user
- Country of users IP-address
- Type of request
- Security level achieved
- Status (ok / success etc)