Casdoor website screenshot

Casdoor

Casdoor is an open-source, AI-first identity and access management (IAM) and MCP gateway authentication server with a web UI. Built in Go (Beego) with a React frontend, Casdoor supports OAuth 2.0, OIDC, SAML 2.0, CAS, LDAP, Kerberos/SPNEGO, WebAuthn / Passkeys, TOTP / MFA, SCIM 2.0 provisioning, social login, multi-tenant organizations, role-based access control, and an MCP Gateway plus A2A Protocol for agent-to-agent communication. The platform exposes a RESTful API documented via Swagger and ships SDKs for Go, Java, Python, Node.js, C#, C++, PHP, Ruby, JavaScript, Lua, and Haskell. Released under the Apache License 2.0.

8 APIs 22 Features
AuthenticationAuthorizationIAMIdentityLDAPMCPMFAOAuthOIDCOpen SourcePasskeysSAMLSCIMSingle Sign-OnSSOWebAuthn

APIs

Casdoor REST API

The Casdoor REST API provides programmatic access to the IAM platform's core resources including users, organizations, applications, roles, groups, permissions, identity provide...

Casdoor OAuth 2.0 / OIDC Provider

Casdoor implements an OAuth 2.0 authorization server and OpenID Connect identity provider, exposing the standard authorization, token, userinfo, revocation, introspection, JWKS,...

Casdoor SAML 2.0 Identity Provider

SAML 2.0 identity provider endpoints in Casdoor that issue SAML assertions to enterprise service providers, supporting SSO scenarios for legacy and enterprise SaaS applications ...

Casdoor CAS Server

Casdoor exposes a CAS (Central Authentication Service) server compatible with CAS protocol versions 1.0, 2.0, and 3.0, providing single sign-on to applications that integrate vi...

Casdoor LDAP Server

Casdoor provides an LDAP server interface so that legacy applications and infrastructure components requiring LDAP authentication can bind against Casdoor users and groups, and ...

Casdoor SCIM 2.0 API

SCIM 2.0 (System for Cross-domain Identity Management) endpoints for automated user and group provisioning between Casdoor and downstream identity-aware systems.

Casdoor MCP Gateway

Casdoor's MCP (Model Context Protocol) gateway and A2A (Agent-to-Agent) protocol surface, designed to broker authentication and authorization for AI agents and MCP-aware tooling...

Casdoor Webhooks

Outbound webhook events that notify external systems of identity events such as user signup, login, logout, profile changes, password resets, and MFA enrollments.

Collections

Pricing Plans

Casdoor Plans Pricing

3 plans

PLANS

Rate Limits

Casdoor Rate Limits

5 limits

RATE LIMITS

FinOps

Features

OAuth 2.0 Server
OIDC Provider
SAML 2.0 IdP
CAS Server
LDAP Server
SCIM 2.0 Provisioning
WebAuthn / Passkeys
TOTP MFA
Face ID Biometrics
Social Login
RBAC
ABAC
ACL
Multi-Tenancy
Organizations
Audit Logs
Webhooks
Identity Provider Federation
MCP Gateway
A2A Protocol
Self-Hosted
Apache 2.0 License

Use Cases

Single Sign-On
Customer Identity (CIAM)
Workforce Identity
Passwordless Login
Multi-Factor Authentication
Enterprise SSO via SAML
API Authorization
Identity Provider for AI Agents
User Provisioning Automation
Self-Hosted Auth Server

Integrations

GitHub
Google
Azure AD
WeChat
QQ
MySQL
PostgreSQL
SQL Server
Redis
Beego
React
Casbin

Resources

🔗
Website
Website
🔗
Documentation
Documentation
🚀
GettingStarted
GettingStarted
🔑
Authentication
Authentication
🔗
Swagger
Swagger
👥
GitHub
GitHub
👥
GitHubOrganization
GitHubOrganization
💻
SourceCode
SourceCode
🔗
IssueTracker
IssueTracker
📰
Blog
Blog
🔗
Community
Community
🔗
Discord
Discord
🔗
License
License
🔗
DockerHub
DockerHub
🔗
Demo
Demo
📜
PrivacyPolicy
PrivacyPolicy
💰
Pricing
Pricing
🔗
MCPServer
MCPServer

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Casdoor REST API
  version: 1.503.0
request:
  auth:
    type: bearer
    token: '{{bearerToken}}'
items:
- info:
    name: OIDC
    type: folder
  items:
  - info:
      name: OIDC discovery document
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/.well-known/openid-configuration
    docs: OIDC discovery document
  - info:
      name: JSON Web Key Set
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/.well-known/jwks
    docs: JSON Web Key Set
  - info:
      name: WebFinger user lookup
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/.well-known/webfinger
      params:
      - name: resource
        value: ''
        type: query
    docs: WebFinger user lookup
- info:
    name: Authentication
    type: folder
  items:
  - info:
      name: Login a user
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/login
      body:
        type: json
        data: '{}'
    docs: Login a user
  - info:
      name: Sign up a new user
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/signup
      body:
        type: json
        data: '{}'
    docs: Sign up a new user
  - info:
      name: Log out the current user
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/logout
    docs: Log out the current user
  - info:
      name: OAuth 2.0 device authorization
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/device-auth
    docs: OAuth 2.0 device authorization
- info:
    name: Users
    type: folder
  items:
  - info:
      name: List users in an organization
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/api/get-users
      params:
      - name: owner
        value: ''
        type: query
        description: Organization name
    docs: List users in an organization
  - info:
      name: List all users across organizations
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/api/get-global-users
    docs: List all users across organizations
  - info:
      name: Get a single user
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/api/get-user
      params:
      - name: id
        value: ''
        type: query
        description: Composite id in form owner/name
    docs: Get a single user
  - info:
      name: Create a user
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/add-user
      body:
        type: json
        data: '{}'
    docs: Create a user
  - info:
      name: Update a user
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/update-user
      params:
      - name: id
        value: ''
        type: query
      body:
        type: json
        data: '{}'
    docs: Update a user
  - info:
      name: Delete a user
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/delete-user
      body:
        type: json
        data: '{}'
    docs: Delete a user
  - info:
      name: Validate a user password
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/check-user-password
      body:
        type: json
        data: '{}'
    docs: Validate a user password
- info:
    name: Organizations
    type: folder
  items:
  - info:
      name: List organizations
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/api/get-organizations
      params:
      - name: owner
        value: ''
        type: query
    docs: List organizations
  - info:
      name: Create an organization
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/add-organization
      body:
        type: json
        data: '{}'
    docs: Create an organization
- info:
    name: Applications
    type: folder
  items:
  - info:
      name: List applications
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/api/get-applications
      params:
      - name: owner
        value: ''
        type: query
    docs: List applications
  - info:
      name: Get an application
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/api/get-application
      params:
      - name: id
        value: ''
        type: query
    docs: Get an application
  - info:
      name: Create an application
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/add-application
      body:
        type: json
        data: '{}'
    docs: Create an application
- info:
    name: Roles
    type: folder
  items:
  - info:
      name: List roles
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/api/get-roles
      params:
      - name: owner
        value: ''
        type: query
    docs: List roles
  - info:
      name: Create a role
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/add-role
      body:
        type: json
        data: '{}'
    docs: Create a role
- info:
    name: Permissions
    type: folder
  items:
  - info:
      name: Casbin enforcement check
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/enforce
      body:
        type: json
        data: '{}'
    docs: Casbin enforcement check
  - info:
      name: Batch Casbin enforcement
      type: http
    http:
      method: POST
      url: https://door.casdoor.com/api/batch-enforce
      body:
        type: json
        data: '{}'
    docs: Batch Casbin enforcement
  - info:
      name: List permissions
      type: http
    http:
      method: GET
      url: https://door.casdoor.com/api/get-permissions
      params:
      - name: owner
        value: ''
        type: query
    docs: List permissions
bundled: true