Casdoor is not just maintaining an IAM server. It is pushing identity deeper into agent workflows, with 17 release events in 30 days and a website that now leads with AI agent identity, MCP server support, OAuth 2.1 for agents, Dynamic Client Registration, per-tool permissions, and agent-to-agent auth.

That is the interesting signal. Casdoor already covers the expected enterprise identity surface: OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, RADIUS, Google Workspace, Active Directory, and Kerberos. The recent positioning says the team is trying to make that same control plane work for MCP clients and LLM agents, not only browser apps and internal SaaS.

The release stream backs up the direction, but it is not a clean launch narrative. v3.52.0 includes permission filtering in UploadPermissions API and a fix for XLSX imports converting empty arrays to null. v3.48.0 adds camel-case support for the /api/update-user columns argument and fixes a white-screen bug in Custom HTTP SMS provider selection. v3.44.0 improves app-user permission handling and preserves database customization when seeding api-enforcer policies.

Those are plumbing changes. Good IAM is mostly plumbing.

The MCP documentation is more explicit. Casdoor shows a client obtaining a scoped token, connecting to /api/mcp, listing tools filtered by scopes, calling tools, and handling insufficient_scope errors. That is the right shape for agent authentication because the unit of risk is no longer just a human login. It is a tool call with permissions attached.

Casdoor is OSI-approved open source under Apache-2.0, with 13,655 GitHub stars, a 91 health score, a 100 shipping score, and a 96 ToolVitals score. ToolVitals tracks 30 GitHub releases in 90 days. For a security tool, that amount of release activity cuts both ways: it suggests real maintenance, and it also means teams should read changelogs before upgrading production identity infrastructure.

What ToolVitals cannot infer

ToolVitals can see release cadence, stars, website availability signals, license classification, and score inputs. It cannot prove the code is secure. It cannot tell whether the admin UX fits your team. It cannot tell whether Casdoor will be painless to migrate into an existing identity setup.

The payload has no 30-day commit count and no active contributor count, so this post does not infer either. The health and shipping scores remain strong, but the visible evidence here is release-heavy rather than contributor-heavy.

The website claims broad protocol and provider support, and the docs confirm the core IAM positioning. The recent release notes confirm active work around permissions, user-update behavior, import handling, and app-user enforcement. They do not prove that the new agent-auth path is battle-tested in production.

The comparison that matters

Among nearby security tools in the ToolVitals data, Pipelock is louder on release events: 62 release events in 30 days, 636 stars, a 95 shipping score, and a 204.7 hot score. Casdoor has fewer 30-day release events at 17, but far more GitHub traction with 13,655 stars and a slightly higher shipping score at 100.

Tailscale is the opposite comparison. It has 31,842 stars, 7 release events in 30 days, a 95 shipping score, and a 193.0 hot score. Casdoor is smaller by stars but currently busier by release cadence.

That makes Casdoor look like a mature IAM project entering a new agent-auth phase, not a brand-new AI security wrapper chasing a trend.

Recommendation

If your team already needs self-hosted IAM and you are starting to expose internal tools to MCP clients or agent workflows, evaluate Casdoor because it connects boring identity primitives to scoped tool access. Start with a test instance, validate OAuth/OIDC or SAML first, then test MCP scopes against real tool-call permissions.

Do not swap your production identity layer just because the release velocity is high. Use the velocity as a reason to test now, not as proof that the product fits your risk model.

Sources