Ahdapa logo

OAuth 2.0 Identity Provider
for Kerberos Environments

A stateless, horizontally scalable, post-quantum ready IdP built for FreeIPA.

Named after Adapa, the Mesopotamian sage whom the god Enki granted extraordinary wisdom — a mortal entrusted with divine knowledge.

Get StartedView on Codeberg

Built for Enterprise Identity

Everything you need to bridge Kerberos to modern OAuth 2.0 / OIDC applications.

🔐

OAuth 2.0 & OpenID Connect

Full OAuth 2.0 and OIDC implementation — authorization code + PKCE, client credentials, device flow, token exchange, DPoP, PAR, and mTLS.

🎫

Zero-Click Kerberos SSO

SPNEGO/Kerberos authentication for domain members. No passwords, no redirects — users are signed in automatically.

🔑

Post-Quantum Ready

ML-DSA token signing (FIPS 204) and ML-KEM-768 gossip encryption (FIPS 203) alongside classical EC and EdDSA algorithms.

🌐

Horizontal Scaling

Built-in CRDT gossip protocol replicates signing keys, client registry, and revocations. No external coordinator needed.

🏢

FreeIPA Native

Discovers IdP registrations and authentication constraints from FreeIPA LDAP. HBAC policies control which users get tokens for which clients.

🛡️

Stateless Architecture

Self-contained JWTs with AES-256-GCM encrypted authorization codes and refresh tokens. No per-token server-side storage.

Up and Running in Minutes

Configure, start, and authenticate your first user.

terminal
$ ahdapa /etc/ahdapa/config.toml

INFO ahdapa: loading config from '/etc/ahdapa/config.toml'
INFO ahdapa: opening database '/var/lib/ahdapa/ahdapa.db'
INFO ahdapa::keys: Generated signing key (ES256)
INFO ahdapa: OAuth2/OIDC server listening on 0.0.0.0:8443
     (issuer=https://idp.example.com)
Read the full quickstart guide →

The Ahdapa Ecosystem

A server, an admin WebUI, and a CLI — everything you need for enterprise identity.

⚙️

Ahdapa Server

Full OAuth2/OIDC IdP with admin API, Kerberos SSO, passkeys, federation, SPIFFE, and clustering.

🖥️

Admin WebUI

React 19 + PatternFly 6 panel for managing clients, users, groups, federation, and HBAC policies.

💻

CLI Tool (ahdapactl)

Command-line cluster management — register clients, manage keys, configure HBAC rules, and monitor nodes.

27

IETF RFCs and standards implemented — and counting

From RFC 6749 (OAuth 2.0) to RFC 9449 (DPoP) and ML-DSA post-quantum signatures, Ahdapa tracks the standards so you don't have to.

View RFC Compliance →