IDM Europe 2018: WSO2 Identity Server vs. Keycloak (Dmitry Kann)

Dmitry Kann
29 Oct 201814:04

Summary

TLDRThe speaker from an American freelance full-stack developer company discusses identity servers, focusing on Keycloak and WSO2 Identity Server. They compare features like user management, single sign-on, identity federation, provisioning, and multi-step authentication. Keycloak is praised for its ease of use and cost-effectiveness, while WSO2 is recognized for its extensive functionality, suitable for complex application landscapes.

Takeaways

  • 😀 The speaker is an American freelance full-stack developer who operates a sole proprietorship company and has experience with identity solutions, particularly in the Netherlands.
  • 🔐 The concept of an identity server is introduced as a centralized way to manage users, roles, and permissions across multiple applications within an organization.
  • 📚 The script explains the necessity for identity servers to implement various protocols and comply with regulations such as GDPR for data privacy and security.
  • 🛠️ Two open-source identity server solutions are highlighted: Keycloak and WSO2 Identity Server, both widely adopted for enterprise identity management.
  • 📅 Keycloak was first released in 2014, while WSO2 Identity Server has been around since 2008, indicating a longer track record for WSO2.
  • 📜 Both Keycloak and WSO2 Identity Server are distributed under the Apache License 2.0, allowing for commercial use and redistribution.
  • 💻 Both solutions are written in Java and require middleware, with Keycloak using WildFly and WSO2 using WSO2 Carbon.
  • 💰 Commercial support for Keycloak is available through Red Hat's product called RH-SSO, starting at $8,000 per year, while WSO2 offers support for its identity server at approximately €20,000 per year.
  • 🐳 Keycloak can be easily tried out with a single Docker command, whereas WSO2 Identity Server requires downloading a binary package for installation.
  • 🔄 The script compares functionalities of both identity servers, such as user management, single sign-on support, attribute mapping, identity federation, and multi-factor authentication.
  • 🏆 The conclusion suggests that Keycloak is easier to configure with a more modern UI and cheaper commercial support, making it suitable for less complex application landscapes, whereas WSO2 offers more comprehensive functionality at a higher cost, suitable for diverse and complex environments.

Q & A

  • What is the speaker's profession and the nature of their current work?

    -The speaker is an American freelance full-stack developer who runs a sole proprietorship company called 'solutions' and is currently working in the Netherlands at Paul Way.

  • What is the speaker's experience with the product of WSO2?

    -The speaker has experience with WSO2 from a previous client, which was one of the Dutch ministries. The product was popular with the Dutch government.

  • What is the concept of an identity server according to the speaker?

    -An identity server is a system that allows for the centralized management of users and roles within an organization, handling authentication and login requests, and ideally managing permissions and role changes as people move within the organization.

  • What are the two major single sign-on protocols mentioned in the script?

    -The two major single sign-on protocols mentioned are SAML2 and OpenID Connect.

  • How does the speaker describe the compliance requirements for an identity server?

    -The speaker mentions that an identity server must comply with regulations such as GDPR in Europe and other local legislations, manage user consent regarding terms and conditions, and be auditable due to its role in granting access to critical infrastructure.

  • What are the two open-source projects for identity management mentioned by the speaker?

    -The two open-source projects mentioned are Keycloak and WSO2 Identity Server.

  • What are the basic differences between Keycloak and WSO2 Identity Server in terms of development and licensing?

    -Keycloak is developed by JBoss, a division of Red Hat, and was first released in 2014. WSO2 Identity Server is developed by WSO2 and was first released in 2008. Both are distributed under the Apache License 2.0, which is permissive and allows for commercial use.

  • What is the difference in commercial support options for Keycloak and WSO2 Identity Server?

    -Keycloak has a community version that does not get patches, with commercial support available for a paid Red Hat product called RH-SSO starting at $8,000 per year. WSO2 offers a product specifically for the identity server at about 20k euros per year, which includes updates and incident support, with the community version also not receiving patches.

  • How does the speaker compare the ease of installation and configuration between Keycloak and WSO2 Identity Server?

    -The speaker states that Keycloak is easier to install and configure, requiring only a single Docker command for trial. In contrast, WSO2 Identity Server does not have public Docker registries but can be downloaded and installed from a binary package, which is not as straightforward.

  • What is the speaker's recommendation based on the complexity of the application landscape?

    -The speaker recommends choosing WSO2 Identity Server for a diverse and complex application landscape due to its extensive functionality, while suggesting Keycloak for simpler scenarios due to its ease of use and lower cost of commercial support.

Outlines

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级

Mindmap

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级

Keywords

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级

Highlights

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级

Transcripts

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级
Rate This

5.0 / 5 (0 votes)

相关标签
Identity ServerKeycloakWSO2User ManagementRole ManagementAuthenticationSingle Sign-OnSecurity ProtocolsComplianceEnterprise Solutions
您是否需要英文摘要?