| Aerobase | Keycloak | WSO2 Identity Server | Gluu | CAS | OpenAM | Shibboleth IdP | |
|---|---|---|---|---|---|---|---|
| OpenID Connect/OAuth support | yes | yes | yes | yes | yes | yes | third-party |
| Multi-factor authentication | yes | yes | yes | yes | yes | yes | yes |
| Admin UI | yes | yes | yes | yes | yes | yes | no |
| OpenJDK support | yes | yes | yes | yes | no | ||
| Identity brokering | yes | yes | yes | ||||
| Middleware | NGINX, Wildfly | Wildfly, JBOSS | WSO2 Carbon | Jetty, Apache HTTPD | any Java app server | any Java app server | Jetty, Tomcat |
| Open source | yes | yes | Note 1 | yes | yes | yes | yes |
| Commercial support | yes | no | yes | yes | third-party | yes | third-party |
| Add federation metadata | no | no | yes | ||||
| Add metadata from URL | no | no | yes | ||||
| Installation | trivial | easy | difficult |
- The downloadable binaries on their site don't appear to include the latest security patches. While you could compile and package yourself from the source code, it's not clear if the latest security patches are open-sourced. (http://lists.jboss.org/pipermail/keycloak-user/2016-August/007281.html)
Thank you for the nice comparison. Do all these require an installation on a server such as Windows or Linux? Is there any of these that can be sued on shared hosting? Thanks.