whilst browsing the security talks of this weeks FOSDEM 2016 ,
I stumbled upon two open source Identity Management solutions
in that presentation [0.1] which I was totally unaware of:
midpoint  [1.1] by evolveum and the Syncope  Apache project.
Since I think that those could serve (at least) as an inspiration
for Keycloak I wanted to share this with you.
Midpoint seems to be a pretty mature product with good documentation and
a wide feature palette as one can see here: [1.2].
Some of of those features might also be worth to be added to keycloak, e.g.:
- Detailed information about user attribute / configuration changes via
Deltas [1.3], [1.5]
- Parametric Roles as part of their Hybrid RBAC support [1.4]
- Support for Segregation of Duties by Role Exclusions [1.6]
SSO support in midPoint is provided by a Spring Security integration
as well as support for CAS, but I could not find an implementation for
OAuth 2.0, Open ID Connect nor SAML - only a Google Summer of Code 2015
OAuth / Open Id Connect integration proposal.
Midpoint seems to be a fully fledged IAM solution already but, IMHO with a
much broader scope (enterprise IdM, IAM) than Keycloak (IdM for cloud
Syncope [2.1] on the other hand seems to an effort to reimplement an
IdM (provisioning) solution from scratch.
Has anybody here heared of or investigated those projects?