[keycloak-dev] Keycloak vs. midPoint vs. Apache Syncope
Thomas Darimont
thomas.darimont at googlemail.com
Sun Jan 31 17:47:10 EST 2016
Hello group,
whilst browsing the security talks of this weeks FOSDEM 2016 [0],
I stumbled upon two open source Identity Management solutions
in that presentation [0.1] which I was totally unaware of:
midpoint [1] [1.1] by evolveum and the Syncope [2] Apache project.
Since I think that those could serve (at least) as an inspiration
for Keycloak I wanted to share this with you.
Midpoint seems to be a pretty mature product with good documentation and
a wide feature palette as one can see here: [1.2].
Some of of those features might also be worth to be added to keycloak, e.g.:
- Detailed information about user attribute / configuration changes via
Deltas [1.3], [1.5]
- Parametric Roles as part of their Hybrid RBAC support [1.4]
- Support for Segregation of Duties by Role Exclusions [1.6]
SSO support in midPoint is provided by a Spring Security integration
as well as support for CAS, but I could not find an implementation for
OAuth 2.0, Open ID Connect nor SAML - only a Google Summer of Code 2015
OAuth / Open Id Connect integration proposal.
Midpoint seems to be a fully fledged IAM solution already but, IMHO with a
much broader scope (enterprise IdM, IAM) than Keycloak (IdM for cloud
products).
Syncope [2.1] on the other hand seems to an effort to reimplement an
IdM (provisioning) solution from scratch.
Has anybody here heared of or investigated those projects?
[0] https://fosdem.org/2016/schedule/track/security/
[0.1] https://fosdem.org/2016/schedule/event/midpointidm/
[1] https://evolveum.com/midpoint/
[1.1] https://github.com/Evolveum/midpoint
[1.2] https://wiki.evolveum.com/display/midPoint/Features
[1.3] https://wiki.evolveum.com/display/midPoint/Deltas
[1.4] https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC
[1.5] https://wiki.evolveum.com/display/midPoint/Relativity
[1.6] https://wiki.evolveum.com/display/midPoint/Segregation+of+Duties
[2] https://syncope.apache.org/
[2.1] https://github.com/apache/syncope
Cheers,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160131/b649e922/attachment.html
More information about the keycloak-dev
mailing list