authnz services

services for authnz

authnz services

services for authnz

authnz

For user requests only.

authn

Situation: you have an API gateway (ex traefik) or service mesh (ex istio) that can intercept and redirect requests. You have some existing authz system you want to use, maybe the same as for your East-West traffic. You want to redirect requests without a valid session / jwt to login to a third party identity provider.

Options:

• Pomerium
• ORY Kratos
• loginsrv
• Auth0
• Keycloak

authn authz

Situation: you have an API gateway that can intercept requests. You want to redirect requests without a valid session / jwt to login to a third party identity provider and enforce some policy on that request at the same time.

Options:

• Pomerium (internally uses OpenPolicyAgent)
• ORY Kratos + ORY Keto (Keto is built on OpenPolicyAgent)
• Pomerium / ORY Kratos + OpenPolicyAgent

identity provider

loginserver4, ORY Hydra, ...

gateway

The reverse proxy / identity aware proxy / thing that intercepts your requests.

traefik, envoy, ory oathkeeper, pomerium, ...