ⓘ This list is not meant to be exhaustive and is not guaranteed to be maintained. See the comments for updates and alternative options.
(Items in bold indicate possible concerns)
| Keycloak | WSO2 Identity Server | Gluu | CAS | OpenAM | Shibboleth IdP | |
|---|---|---|---|---|---|---|
| OpenID Connect/OAuth support | yes | yes | yes | yes | yes | yes |
| Multi-factor authentication | yes | yes | yes | yes | yes | yes |
| Admin UI | yes | yes | yes | yes | yes | no |
| OpenJDK support | yes | yes | partial² | yes | yes | partial |
| Identity brokering | yes | yes | yes | |||
| Middleware | Quarkus | WSO2 Carbon¹ | Jetty, Apache HTTPD | any Java app server | any Java app server | Jetty, Tomcat |
| Open source | yes | ⚠ nominally | yes | yes | yes | yes |
| Commercial support | yes | yes | yes | third-party | yes | third-party |
| Add federation metadata | no | yes | yes | |||
| Add metadata from URL | import only | yes | yes | |||
| Installation and configuration | easy | difficult | difficult |
-
WSO2 Carbon appears to be based on Tomcat
-
Gluu 4.0 comes bundled with Amazon Corretto, one specific distribution of OpenJDK. This is likely because it is built on top of Shibboleth, which only supports specific distributions of OpenJDK.
https://logto.io/
OpenID Connect/OAuth support : yes
Multi-factor authentication : yes
Admin UI : yes
OpenJDK support : not needed
Identity brokering : yes
Middleware : Express
Open source : yes (MPL-2.0 license)
Commercial support : yes
Add federation metadata : yes
Add metadata from URL : yes
Installation and configuration : easy