An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
Casdoor is an open-source identity and access management server written in Go that doubles as an MCP gateway, giving AI agents and human users a single authentication layer. It handles user login, organization management, and application access through a web UI, while supporting a broad range of protocols including OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, and Face ID, alongside integrations with Google Workspace and Azure AD. The MCP gateway role is the most relevant connection to Claude: it acts as a proxy that brokers authentication between MCP clients such as Claude Desktop or Claude Code and backend MCP servers, enforcing access policies defined through Casbin, which supports ACL, RBAC, and ABAC rule models. Developers building multi-tenant applications or agentic pipelines who need centralized identity control without a commercial identity provider will find the most use here. The project ships an all-in-one Docker image for quick trials and has accumulated over 13,000 GitHub stars.
- ✓Open-source license (Apache-2.0)
- ✓Actively maintained (<30d)
- ✓Healthy fork ratio
- ✓Clear description
- ✓Topics declared
- ✓Mature repo (>1y old)
git clone https://github.com/casdoor/casdoor && cp casdoor/*.md ~/.claude/agents/Subagents overview
<div align="center">
<a href="https://casdoor.ai">
<img src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png" alt="Casdoor" width="500">
</a>
<h3>Casdoor: AI-First Identity and Access Management (IAM) / AI MCP Gateway</h3>
<p align="center">
<strong>An open-source, AI-first IAM / MCP gateway and authentication server with a web UI.</strong><br>
Supporting MCP, A2A, OAuth 2.0, OIDC (OAuth 2.x), SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID,<br>
Google Workspace, Azure AD, and more.
</p>
<p align="center">
<a href="https://casdoor.ai/"><strong>Documentation and guides: casdoor.ai</strong></a>
</p>
<p>
<a href="https://casdoor.ai/docs/overview">
<img src="https://img.shields.io/badge/documentation-casdoor.ai%2Fdocs-1890ff?style=flat-square&logo=readthedocs&logoColor=white" alt="Documentation">
</a>
<a href="https://github.com/casdoor/casdoor/releases/latest">
<img src="https://img.shields.io/github/v/release/casdoor/casdoor?style=flat-square&color=blue" alt="GitHub Release">
</a>
<a href="https://hub.docker.com/r/casbin/casdoor">
<img src="https://img.shields.io/docker/pulls/casbin/casdoor?style=flat-square&color=brightgreen" alt="Docker Pulls">
</a>
<a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
<img src="https://img.shields.io/github/actions/workflow/status/casdoor/casdoor/build.yml?style=flat-square&label=build" alt="Build Status">
</a>
<a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
<img src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square" alt="Go Report Card">
</a>
<a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
<img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square&color=orange" alt="License">
</a>
</p>
<p>
<a href="https://github.com/casdoor/casdoor/stargazers">
<img src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square&color=yellow" alt="GitHub Stars">
</a>
<a href="https://github.com/casdoor/casdoor/network/members">
<img src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square" alt="GitHub Forks">
</a>
<a href="https://github.com/casdoor/casdoor/issues">
<img src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square&color=red" alt="GitHub Issues">
</a>
<a href="https://discord.gg/5rPsrAzK7S">
<img src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=Discord&color=5865F2" alt="Discord">
</a>
<a href="https://crowdin.com/project/casdoor-site">
<img src="https://badges.crowdin.net/casdoor-site/localized.svg" alt="Crowdin">
</a>
</p>
<p align="center">
<a href="https://casdoor.ai"><strong>Website</strong></a> ·
<a href="https://casdoor.ai/docs/overview"><strong>Documentation</strong></a> ·
<a href="https://door.casdoor.com"><strong>Live demo</strong></a> ·
<a href="https://discord.gg/5rPsrAzK7S"><strong>Discord</strong></a>
</p>
</div>
---
## Table of contents
- [Why Casdoor](#why-casdoor)
- [Live demos](#live-demos)
- [Quick start](#quick-start)
- [Features](#features)
- [Technology stack](#technology-stack)
- [Documentation](#documentation)
- [Integrations](#integrations)
- [Security](#security)
- [Community and support](#community-and-support)
- [Contributing](#contributing)
- [Donate](#donate)
- [License](#license)
---
<a id="why-casdoor"></a>
## Why Casdoor
Casdoor is a **UI-first** identity provider and access management platform: one place to manage users, organizations, applications, and providers, with a modern web console. Authorization policies can be expressed with **[Casbin](https://casbin.org/)** (ACL, RBAC, ABAC, and more). Unlike reverse-proxy-centric auth companions, Casdoor is a dedicated auth server with broad protocol support, designed to be straightforward to self-host and integrate—see **[casdoor.ai](https://casdoor.ai)** for documentation.
---
<a id="live-demos"></a>
## 🌐 Live demos
| Environment | URL | Description |
|-------------|-----|-------------|
| **Read-only** | [door.casdoor.com](https://door.casdoor.com) | Global demo; **any modification or write operation will fail** (read-only). |
| **Writable** | [demo.casdoor.com](https://demo.casdoor.com) | Full access for testing; **data is reset about every 5 minutes**. |
Default demo admin login (where applicable): `admin` / `123` — use only for demos; change credentials on your own deployment.
---
<a id="quick-start"></a>
## 🚀 Quick start
Pick one deployment method below. To keep behavior consistent with upstream, the steps are aligned with official docs.
### 🛠️ Source code (default)
1. Install dependencies: **Go 1.25** (follow `go.mod`), **Node.js LTS (20)**, **Yarn 1.x**, and a supported database.
2. Clone the repository:
```bash
git clone https://github.com/casdoor/casdoor.git
cd casdoor
```
3. Configure database in `conf/app.conf` (at minimum set `driverName`, `dataSourceName`, and `dbName`; for MySQL create database `casdoor` first).
4. Build frontend and start backend:
```bash
cd web
yarn install
yarn build
cd ..
go run main.go
```
5. Open [http://localhost:8000](http://localhost:8000) and sign in with `built-in/admin` / `123` on a fresh install (change password immediately in production).
Official guide: [Server installation](https://casdoor.ai/docs/basic/server-installation)
### 🐳 Docker
Use one of the official Docker paths:
- **All-in-one (SQLite quick trial)**:
```bash
docker run -p 8000:8000 casbin/casdoor-all-in-one
```
- **Docker Compose** (with your `conf/app.conf` next to `docker-compose.yml`):
```bash
docker compose up
```
Then open [http://localhost:8000](http://localhost:8000) and sign in with `built-in/admin` / `123` on a fresh install.
Official guide: [Try with Docker](https://casdoor.ai/docs/basic/try-with-docker)
### ☸️ Kubernetes Helm
With Helm v3 and a running Kubernetes cluster:
```bash
helm install casdoor oci://registry-1.docker.io/casbin/casdoor-helm-charts
```
After installation, access Casdoor through your cluster service/ingress. The official guide covers chart versions (including optional `--version`) and cluster-specific settings.
Official guide: [Try with Helm](https://casdoor.ai/docs/basic/try-with-helm)
---
<a id="features"></a>
## ✨ Features
<table>
<tr>
<td width="50%">
### 🔐 Authentication
- **OAuth 2.0 / OIDC** — OpenID Connect and OAuth 2.x authorization
- **SAML 2.0** — Enterprise SSO integration
- **CAS** — Central Authentication Service
- **LDAP** — Directory service integration
- **WebAuthn / Passkeys** — Passwordless authentication
- **TOTP / MFA** — Multi-factor authentication
- **Face ID** — Biometric authentication
</td>
<td width="50%">
### 🏢 Enterprise
- **SCIM 2.0** — User provisioning
- **RBAC** — Role-based access control
- **Social Login** — Google, GitHub, Azure AD, and more
- **Custom providers** — Extensible identity providers
- **User management** — Web UI for administration
- **Audit logs** — Comprehensive logging
- **Multi-tenancy** — Organization support
</td>
</tr>
<tr>
<td width="50%">
### 🤖 AI & MCP
- **MCP Gateway** — Model Context Protocol support
- **A2A Protocol** — Agent-to-Agent communication
- **AI-First Design** — Built for AI applications
</td>
<td width="50%">
### 🛠️ Developer Experience
- **RESTful API** — Complete API coverage
- **SDKs** — Go, Java, Python, Node.js, and more
- **Swagger UI** — Interactive API documentation
- **Webhooks** — Event-driven integrations
- **Customizable UI** — Brand theming support
</td>
</tr>
</table>
---
<a id="technology-stack"></a>
## Technology stack
Casdoor is built as a **frontend–backend separated** project:
- **Web UI**: JavaScript and **React** ([`web/`](https://github.com/casdoor/casdoor/tree/master/web))
- **API server**: **Go** with **Beego**, RESTful APIs ([repository root](https://github.com/casdoor/casdoor))
- **Data**: mainstream databases including **MySQL**, **PostgreSQL**, and others ([overview](https://casdoor.ai/docs/overview))
- **Cache**: optional **Redis** for session/cache-style deployments (configure as needed)
---
<a id="documentation"></a>
## 📖 Documentation
**All product documentation, installation, and tutorials live at [casdoor.ai/docs/overview](https://casdoor.ai/docs/overview).** Start here, then use the sections below.
**Install**
- [Install from source](https://casdoor.ai/docs/basic/server-installation)
- [Install with Docker](https://casdoor.ai/docs/basic/try-with-docker)
- [Install with Kubernetes Helm](https://casdoor.ai/docs/basic/try-with-helm)
**Connect applications**
- [How to connect to Casdoor](https://casdoor.ai/docs/how-to-connect/overview)
**APIs**
- [Public API](https://casdoor.ai/docs/basic/public-api)
- [Swagger UI](https://door.casdoor.com/swagger) (live API explorer)
---
<a id="integrations"></a>
## 🔌 Integrations
Casdoor integrates with common languages and frameworks:
<p align="center">
<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/go/go-original.svg" width="40" alt="Go">
<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/java/java-original.svg" width="40" alt="Java">
<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/python/python-original.svg" width="40" alt="Python">
<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/nodejs/nodejs-original.svg" width="40" alt="Node.js">
<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/react/react-original.svg" width="40" alt="React">
<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/vuejs/vuejs-original.svg" width="40" alt="Vue">
<img src="https://cdn.jsdelivr.net/gh/devicons/devicon/icons/angularjs/angularjs-original.svg" width="40" alt="Angular">
</p>
Browse the full list: [Integrations](https://casdoor.ai/docs/category/integWhat people ask about casdoor
What is casdoor/casdoor?
+
casdoor/casdoor is subagents for the Claude AI ecosystem. An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD It has 13.8k GitHub stars and was last updated today.
How do I install casdoor?
+
You can install casdoor by cloning the repository (https://github.com/casdoor/casdoor) or following the README instructions on GitHub. ClaudeWave also provides quick install blocks on this page.
Is casdoor/casdoor safe to use?
+
Our security agent has analyzed casdoor/casdoor and assigned a Trust Score of 100/100 (tier: Verified). See the full breakdown of passed checks and flags on this page.
Who maintains casdoor/casdoor?
+
casdoor/casdoor is maintained by casdoor. The last recorded GitHub activity is from today, with 104 open issues.
Are there alternatives to casdoor?
+
Yes. On ClaudeWave you can browse similar subagents at /categories/agents, sorted by popularity or recent activity.
Deploy casdoor to your cloud
Ship this repo to production in minutes. Each platform spins up its own environment with editable env vars.
Maintain this repo? Add a badge to your README
Drop the badge into your GitHub README to show it's tracked on ClaudeWave. Each badge links back to this page and reflects the live Trust Score.
[](https://claudewave.com/repo/casdoor-casdoor)<a href="https://claudewave.com/repo/casdoor-casdoor"><img src="https://claudewave.com/api/badge/casdoor-casdoor" alt="Featured on ClaudeWave: casdoor/casdoor" width="320" height="64" /></a>More Subagents
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
The agent that grows with you
Java 面试 & 后端通用面试指南,覆盖计算机基础、数据库、分布式、高并发、系统设计与 AI 应用开发
Production-ready platform for agentic workflow development.
The agent engineering platform.
🤯 LobeHub is your Chief Agent Operator, organizing your agents into 7×24 operations by hiring, scheduling, and reporting on your entire AI team.