Purpose built, generic Single Sign On framework

The Asimba application was designed to provide a framework for authentication and authorization, and while doing so, support all the protocols that are required to be able to integrate Asimba into a custom environment. It is not an application “that also does SSO”, it is not a library that you can use to roll your own Identity Provider front-end, but instead, Asimba was designed to do Authentication and Authorization, and do it in the best possible way.

More than 10 years of experience went into the development of  Asimba.

Extensible architecture

Almost every part of Asimba can be extended or customized, because of the modular architecture of the application. Asimba consists of a core, that uses components to perform actual functionality. There are multiple components readily available that can be used or modified, or new components can be implemented to provide the missing functionality.

Created as J2EE Web Application

The Asimba SSO server is developed as J2EE Web Application, and can be deployed inside a J2EE Application Server. This proven technology is the foundation for a stable, flexible and scalable deployment platform.


Asimba is prepared and is already been deployed in load-balanced environments, thereby able to scale to meet different load and availability requirements.


The Asimba repository is managed through Maven, making it easy to integrated in custom deployments.


Single Sign On

Identification Transaction Pipeline

Throughout Asimba, an internal pipeline guides the process of creating an response to a request. The pipeline consists of different stages, like authorizing a request, authenticating a user, authorizing a user, retrieving user attributes, etc. All the stages of the Identification Pipeline are configurable components for each deployment, offering maximum flexibility for integrating Asimba in multiple environments.

Pluggable Protocol Front-Ends

A Single Sign On protocol, like SAML, A-Select or OpenID, can be configured for your custom endpoints, and multiple configurations can be configured within a single Asimba instance.

SAML2 Support

The SAML2 IDP Profile allows Asimba to act as a SAML2 Identity Provider. When also using the SAML2 Authentication Method, Asimba can be deployed as a full featured SAML2 Proxy.

The following SAML profiles are supported:

  • Web SSO
  • Single Logout
  • Artifact Resolution

Some of the supported SAML2 features are:

  • AuthnContext linked to Authentication Profiles
  • Support for behavior as SAML2 Proxy
  • Support for Passive AuthnRequest


Authentication Profiles

To authenticate a user, an authentication profile is executed. An authentication profile can consist of multiple authentication methods that are executed sequentically, to ensure an authenticated user.

Authentication Methods

All authentication methods are extensible and can be implemented for every custom environment. Included with the baseline Asimba distribution, are the following authentication methods:

Password Authentication

Multiple backends are supported, among which:

  • JDBC for database backed userstore
  • JNDI for LDAP backed userstore
  • RADIUS for using an existing Radius server
  • File backed (asimba-users.xml) for small deployments
  • htaccess backed for reusing existing managed identities
  • Guest for testing or allowing guest accounts
  • Identifying for development purposes

One Time Password Authentication

Support for SMS based distribution of One Time Passwords. Includes out-of-the-box support for using the CM Gateway (Asimba partner)

Remote or Federated Authentication

  • Remote A-Select authentication
  • Remote SAML2 authentication

X.509 Client Certificates

Support for implementing custom X.509 Client Certificates for authentication is available in a concept implementation. If interested, please contact Asimba.



Basic IP-address limited authorization. Extensible for implementing custom authorization rules that can be based on attributes or context.