OWASP SIMBA Project

Mission statement
SIMBA (Security Integration Module for Business Applications) is a User Access Management system that can be integrated with any business application. The purpose of the project is to secure an application fast and easy. Because SIMBA itself is generic it can be customized for every project. Many features are customizable e.g. designing your own authentication chain is easy and fast by using existing or newly created building blocks. A separate Flex manager application is available to manage the data, view the audit logs and configure parameters. With the support of the OWASP (Open Web Application Security Project) community SIMBA is constantly improved so current security vulnerabilities are better supported and proactive work is done against future vulnerabilities. SIMBA is not vendor specific, developed in an international community and is supported by all major platforms. Open-source software under Apache License 2.0 Brief list of features
 * Distributable and cloud ready
 * Simba token for Single Sign-On
 * Possibility to use a success URL or the target URL
 * Local cache or distributed cache (based on events)
 * Authentication
 * JAAS modules like Active Directory/LDAP, In Memory database and database
 * WS Security Token support
 * SAML 1.1 and 2.0 support (coming up)
 * E-ID support (coming up)
 * Authorization
 * URL restriction
 * Excluding resources
 * Authorization by user, roles, groups and policies
 * Management (Flex application, separate war to deploy)
 * Manage users, groups, roles and policies with immediate effect over all deployed instances
 * View audit log
 * View and manage current sessions
 * Manage configuration parameters
 * For more features see (link)