A versatile OAuth2 authorization server and Traefik middleware for Kubernetes and Docker.

Own your user data. Prevent vendor lock-in.

What does Uitsmijter do?

Uitsmijter is a collection of Kubernetes middlewares and custom resources which allow you to provide access control to your services. Uitsmijter acts as the Single sign-on (SSO) orchestrator for all of your resources.

With a single login, you can protect static resources and websites via Uitsmijter's interceptor mode and more advanced services or single page applications (SPAs) via Uitsmijter's OAuth interface.

You stay in control of your data as Uitsmijter does not make you migrate your user data to any cloud provider or specific database. This makes Uitsmijter an ideal candidate for microservices and migration projects.

Why should I use Uitsmijter?

We are working with a lot of companies outgrowing their monolithic application landscape. Migrating user data away to a cloud provider in exchange for getting the desired authentication and authorisation interfaces is often either a legal challenge or requires a lot of changes to the existing applications.

Uitsmijter provides a simple and fast way to implement SSO among your application landscape without losing ownership of your user data. No matter if you are growing your company or are just getting started and want to keep authentication as a separate concern, Uitsmijter is the right tool to assist you in your SSO needs!

Rebuild with modern teams in mind

Uitsmijter has been written from the ground up to combine the needs of modern, self-organized teams with the thoroughness of enterprise security.

The separation of tenants and clients at namespace level allows fine-grained authorization to be given to developer teams without violating company-wide security policies.
From the first line of code, Uitsmijter implements the idea that teams must be able to connect new applications to a SSO in a self-managed way.

What's with the name?

The name Uitsmijter refers both to a delicious dish and the act of being rejected or "forcefully thrown out", which makes it an ideal name for any authentication system. Also makes it easy to google if you've practiced typing it a couple of times ;-)

Features

Check out documentation for a full list of features.

Multitenancy

A single Uitsmijter handles multiple logical tenants within your organisation. Want to have different login backends and pages for different parts of your organisation, e.g. split between internal and external users? Uitsmijter's got you covered!

Interceptor mode

Protect your static pages, intranet or anything that does not support OAuth using the interceptor mode. Uitsmijter will display a login page before users can access the protected resource. All resources for a given tenant are protected using the same SSO credentials, so your users don't see your login page too often.

OAuth mode

The heart and soul of Uitsmijter. Use any OAuth compatible application or BFFs and your own SPAs with your user credential store. Configure RBAC as needed and automatically manage OAuth grants as required.

Whitelabeling

Don't like Uitsmijter's beautiful default login or logout pages? You can provide your custom version for each tenant within your organisation, so your users can always see what exactly they are signing in to. As simple as uploading HTML to a S3 bucket.

Feature	Documentation	Community	Enterprise
OAuth 2.0	RFC 6749
Single-Sign On	SSO
Bearer Token Support	RFC 6750
JSON Web Token	JWT
Authorization Code	Grant Types
Refresh Token	Grant Types
Implicit Grant Flow	Grant Types
Proof Key for Code Exchange	PKCE
Interceptor for Traefik	Interceptor
Customised HTML	Customisation
Scalability and high availability	Clustering
ECMA-Script Providers	Providers
Python Providers	Providers
Interceptor Metering
Paywall
Multifactor Authorisation
Extended Support	Support

Easy to install and configure.

Check out documentation for a detailed explanation.

Fast implementation
Easy migration of legacy applications
Reliability
OAuth2 compability
Fast response times
Low memory and CPU consumption
Written in a modern and secure programming language


$ helm repo add uitsmijter https://charts.uitsmijter.io/
$ helm repo update
$ helm install uitsmijter -f values.yaml uitsmijter/uitsmijter

charts.uitsmijter.io


apiVersion: "uitsmijter.io/v1"
kind: Tenant
metadata:
  name: bnbc
spec:
  hosts:
    - bnbc.example
  interceptor:
    enabled: true
    domain: login.bnbc.example
    cookie: .bnbc.example
  informations:
    imprint_url: https://bnbc.example/imprint
    privacy_url: https://bnbc.example/privacy
    register_url: https://login.bnbc.example/register
  templates:
    access_key_id: [***]
    secret_access_key: [***]
    bucket: team-bnbc
    host: https://s3.us-west-2.amazonaws.com
  providers:
    - "class UserLoginProvider { [...] }"
    - "class UserValidationProvider { [...] }"
  silent_login: false

Tenant configuration


apiVersion: "uitsmijter.io/v1"
kind: Client
metadata:
  name: ios-app
spec:
  ident: 58392627-0121-4721-9DAC-D358BDD86CA6
  tenantname: "my-namespace/bnbc"
  redirect_urls:
    - https://www.bnbc.example/bnbc-club/.*
  grant_types:
    - password
    - authorization_code
    - refresh_token
  scopes:
    - list
    - read
    - write
  referrers:
    - https://www.bnbc.example/bnbc-club/login
  isPkceOnly: true
  secret: [***]

Client configuration

Want to know more?

Read the docs

How can Uitsmijter be useful for me?

Migration from a monolith

Refactoring legacy software systems

Uitsmijter offers a solution that makes migrations secure, well-planned, agile, and, most importantly, enjoyable for developers and project owners. Its transparent and intelligent approach makes it a standout choice for navigating the complexities of transformations.

Start fresh development

Best choice for shiny new services

Uitsmijter offers a straightforward and speedy method for implementing Single Sign-On across your applications, with easy configuration of various user stores for various needs and environments, all managed as infrastructure as code.

For agile teams

A modern approach to authentication

Uitsmijter, from the outset, enables self-organized teams to connect applications to a SSO system independently, while still complying with company-wide security policies. This streamlined approach promotes efficient development and robust security measures.

News wanted?

created by