An enterprise framework that makes effortless management of centralized authorization, authentication, and accounting. A3S supports OpenID and OAuth 2.0 identity protocols.

Being able to log in once and securely gain access to a variety of shared or stand-alone resources is one of the most important parts of developing an enterprise system. Additionally, effectively determining permissions to said resources is equally important. Finally, ensuring that both these concepts are implemented with the best security and engineering practices is vital to ensure your centralised users and protected resources are safe against theft and break-in attempts.

A3S makes this process simple for any project by offering all this right out-of-the-box. It can be deployed on virtually any system, and integrate with virtually any technology.

A3S takes the guesswork out of authenticating your users centrally and securely, leaving you to focus on the business solution.

While other AAA systems are very developer-centric, A3S understands that the end-user will define the business capabilities that require protection. Because of this, A3S speaks a language that business users can understand. Learn more

Classic AAA systems limits access-control to roles and the applications need to manage the finely grained permissions. But in the real world, enterprises understand access by grouped permissions. Shouldn't your application do the same? Learn more

• A3S is on open-standards-based and API-driven, making it integratable with virtually any technology.
• A3S allows delegated access control using OAuth2.
• Because A3S is in a Docker container, it can be deployed on-premise, in-cloud, or hybrid. Learn more
• The containerization of the components enables faster delivery on development and deployment.
• Enables fine-grained permissions access.
• A3S uses the OpenID Connect specification on top of the OAuth 2.0 protocol.
• Single-Sign-On allows your user to log in once and be authenticated across multiple applications.
• LDAP and Active Directory connectivity is supported to allow for easy integration into existing user stores. Learn more
• A3S has centralized management for users via a friendly API.
• Two-factor authentication with Time-based One-time Password (TOTP) allows even more secure user authentication. Learn more
• Terms of Service functionality allows agreement-based authentication. Learn more
• Client-level configurable end-user consent for grant share.

A3S consists of two main components:

• Identity Server 4, which is the main security protocol and access token engine for A3S.
• A custom-built business layer for managing how access is given to members of the enterprise. This is currently exposed as a REST API, but there are plans to include a default React UI soon.

Each component has been designed to be independently packaged and deployed, allowing separate configuration of high availability and scaling for each component. Both components running together are collectively referred to as A3S.

Getting started with A3S is incredibly simple. Navigate to the quickstart folder within this repository and follow the instructions in the Readme to have A3S running in minutes.

A3S has a detailed integration guide which will assist any developer to understand it's fundamental concepts and get started on implementation in a very short time.

All project documentation is currently available within the /doc folder.

• Glossary of Terms
• Integration Guide
• Concepts
• Docker-Compose Integration Conventions
• LDAP Setup
• View OAS3 Specification
• Deployment Options
• Contributing to A3S
• Contribution Workflow
• Coding Style Guide
• Roadmap
• Copyright

© Copyright 2019, Grindrod Bank Limited, and distributed under the MIT License.