Skip to content

Instantly share code, notes, and snippets.

@santoshshinde2012
Forked from bmaupin/open-source-sso.md
Created March 15, 2021 06:36
Show Gist options
  • Save santoshshinde2012/d21cc67b7a2e4d2eeda8f8e076ceebe9 to your computer and use it in GitHub Desktop.
Save santoshshinde2012/d21cc67b7a2e4d2eeda8f8e076ceebe9 to your computer and use it in GitHub Desktop.
Comparison of open-source SSO implementations

(Items in bold indicate possible concerns)

Keycloak WSO2 Identity Server Gluu CAS OpenAM Shibboleth IdP LemonLDAP::NG
OpenID Connect/OAuth support yes yes yes yes yes third-party yes
Multi-factor authentication yes yes yes yes yes yes yes
Admin UI yes yes yes yes yes no yes
OpenJDK support yes yes no³ yes yes partial N/A (Perl)
Identity brokering yes yes yes yes
Middleware Wildfly, JBOSS WSO2 Carbon¹ Jetty, Apache HTTPD any Java app server any Java app server Jetty, Tomcat Apache HTTP, Nginx, etc
Open source yes yes² yes yes yes yes yes
Commercial support yes yes yes third-party yes third-party third-party
Add federation metadata no yes yes yes
Add metadata from URL no yes yes yes
Installation and configuration easy difficult difficult moderate
  1. WSO2 Carbon appears to be based on Tomcat

  2. The downloadable binaries on their site don't appear to include the latest security patches. While you could compile and package yourself from the source code, it's not clear if the latest security patches are open-sourced. (http://lists.jboss.org/pipermail/keycloak-user/2016-August/007281.html)

  3. "we don't QA OpenJDK. So if you make that switch, we can't support it."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment