Ipsilon

Ipsilon is an open-source identity provider (IdP) from Red Hat that enables standards-based single sign-on for Linux and web environments through SAML 2.0 and OpenID Connect (OIDC). It integrates with FreeIPA or LDAP backends for authentication and issues SAML assertions or OIDC tokens to relying parties. While it remains functional, the project is now community-maintained with limited active development.

Key Capabilities

• Standards-based SSO: Functions as a SAML 2.0 and OIDC identity provider, issuing assertions and tokens for web and Linux applications.

• Pluggable authentication: Supports multiple backends including PAM, LDAP, and FreeIPA for credential verification.

• FreeIPA integration: Commonly deployed alongside FreeIPA to provide enterprise SSO and centralized identity management in Linux environments.

• Attribute and claim mapping: Allows administrators to define which user attributes or claims are released to service providers.

• Open-source extensibility: Built with Python and Apache, offering flexibility for customization via plugins and custom login handlers.

Limitations

• Lifecycle status: The project has been in maintenance mode since the mid-2020s with minimal updates; community forks exist but are lightly maintained.

• Protocol scope: Focused on core SAML 2.0 and OIDC functions; no confirmed support for advanced OAuth 2.0 profiles like PAR, DPoP, or mTLS.

• Documentation activity: Red Hat’s upstream documentation has been archived, and GitHub commit activity is low.

• Provisioning capabilities: Lacks SCIM or lifecycle management APIs, handles authentication and SSO only.

• Operational maturity: Geared toward Linux administrators familiar with FreeIPA and Apache; lacks the UX, automation, and governance depth of commercial IdPs.