Hello group, whilst browsing the security talks of this weeks FOSDEM 2016 [0], I stumbled upon two open source Identity Management solutions in that presentation [0.1] which I was totally unaware of: midpoint [1] [1.1] by evolveum and the Syncope [2] Apache project. Since I think that those could serve (at least) as an inspiration for Keycloak I wanted to share this with you. Midpoint seems to be a pretty mature product with good documentation and a wide feature palette as one can see here: [1.2]. Some of of those features might also be worth to be added to keycloak, e.g.: - Detailed information about user attribute / configuration changes via Deltas [1.3], [1.5] - Parametric Roles as part of their Hybrid RBAC support [1.4] - Support for Segregation of Duties by Role Exclusions [1.6] SSO support in midPoint is provided by a Spring Security integration as well as support for CAS, but I could not find an implementation for OAuth 2.0, Open ID Connect nor SAML - only a Google Summer of Code 2015 OAuth / Open Id Connect integration proposal. Midpoint seems to be a fully fledged IAM solution already but, IMHO with a much broader scope (enterprise IdM, IAM) than Keycloak (IdM for cloud products). Syncope [2.1] on the other hand seems to an effort to reimplement an IdM (provisioning) solution from scratch. Has anybody here heared of or investigated those projects? [0] https://fosdem.org/2016/schedule/track/security/ [0.1] https://fosdem.org/2016/schedule/event/midpointidm/ [1] https://evolveum.com/midpoint/ [1.1] https://github.com/Evolveum/midpoint [1.2] https://wiki.evolveum.com/display/midPoint/Features [1.3] https://wiki.evolveum.com/display/midPoint/Deltas [1.4] https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC [1.5] https://wiki.evolveum.com/display/midPoint/Relativity [1.6] https://wiki.evolveum.com/display/midPoint/Segregation+of+Duties [2] https://syncope.apache.org/ [2.1] https://github.com/apache/syncope Cheers, Thomas