ADF.rs
Multi-factor authentication server · adf.rs

Authentication,
served in Rust.

ADF is a multi-factor authentication and remote-access server, built as a set of microservices in Rust. High security, high throughput, tiny CPU and RAM footprint — already in production with major banks and enterprises.

admin.adf.rs / dashboard
ADF admin console — dark themeADF admin console — light theme
Built inRustMemory-safe, compiled microservices. No JVM, no runtime drift.
ProtocolsREST · RADIUS · SAMLDrop-in for existing access stacks. Speaks what your VPN, IdP and apps already speak.
Footprint1 vCPU, 512 MBWithout database. Runs on a single small VM; scales horizontally when you need it.
Scale10Ks of usersIn production at major banks and enterprises. Tens of thousands of users authenticated daily.
Capabilities

Everything you need to authenticate, and nothing you don't.

Protocols, directory integrations, second factors, audit. Capabilities are grouped across several services, each scaling independently.

Protocols

Wire up to existing access infrastructure without bespoke connectors.

  • REST API (JSON)
  • RADIUS
  • SAML 2.0

Directories

Authenticate against your user store of record, or run with a local database.

  • LDAP
  • Active Directory
  • FreeIPA
  • Local user database

Passwords

Validate the first factor where it already lives.

  • Static password (local)
  • Static password (AD-synced)
  • Per-user policy controls

Second factors

Choose the second factor your operations and users actually accept.

  • OTP via messenger
  • OATH OTP (TOTP / HOTP)
  • Dynamic OOB challenge
  • Mobile app

Audit & logging

Every decision is a record. Forward to SIEM in the format your team already parses.

  • Structured audit log
  • Syslog forwarding
  • SIEM integration

Self-service

Cut the helpdesk loop for activation, enrollment and recovery.

  • Web activation portal
  • Email-based enrollment
  • Per-factor reset
Admin console

Operate without surprises.

Three-language admin UI in the same purple. User management, audit trail, and system info at a glance.

User management

Create, suspend, archive. Bulk import from your directory, manage second-factor enrollment, reset per user.

IMPORT & EDITGROUPS / POLICIESPer-user 2FA

Audit, config, certificates

Every authentication decision is logged. Server configuration and TLS certificates inspected and rotated from the same console.

Audit trailServer configTLS certificates

Directory connectors

Configure LDAP, Active Directory and FreeIPA bindings. Test connectivity, map attributes, sync on a schedule.

LDAP / AD / FreeIPAATTR. MAPScheduled sync
Architecture

Microservices, not a monolith.

Each service is one binary. Deploy what you need, update independently, scale the hot paths.

01Administration+mgmt-api+directory-connectors
02Authentication+api+methods
03RADIUS+radius+ad-bind+mschapv2
04IdP / Self-service+saml+sso
05Logs / Audit+structured-logging+syslog+siem
LanguageRustMemory-safe, no GC, no JVM. Single static binary per service.
Cold startunder secondsRestart a service mid-shift without holding traffic.
ScaleStatelessRun N replicas behind your load balancer. State lives in the directory and store.
Get started

Bring us your access architecture.

Email a short note about your stack — directories, applications, expected scale. We come back with a deployment plan, factor matrix and commercial proposal.

Write to adf@powersecurity.org Read the documentation

Reply within one business day · NDA on request