Integrated SSO and IDM for browser apps and RESTful web services. Built on top of the OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications. Keycloak has tight integration with a variety of platforms and has a HTTP security proxy service where we don't have tight integration. Options are to deploy it with an existing app server, as a black-box appliance, or as an Openshift cloud service and/or cartridge.
Check out this introductory presentation and demo of Keycloak:
- OpenID Connect and SAML 2.0 SSO and Single Log Out for browser applications
- Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
- Identity Broker. Delegate to an external SAML 2.0 or OIDC broker for auth.
- Optional LDAP/Active Directory integration
- Optional User Registration, with optional Recaptcha ability
- Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
- User session management from both admin and user perspective
- Customizable themes for user facing pages: login, grant pages, account management, emails, and admin console all customizable!
- OAuth 2.0 Bearer token auth for REST Services
- Integrated Browser App to REST Service token propagation
- Admin REST API
- CORS Support
- Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
- Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
- Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
- HTTP Security Proxy for environments/platforms/languages that don't have a client adapter
- Session management from admin console
- Claim/assertion mappings. Make your tokens and assertion XML look however you want.
- Revocation policies
- Password policies
- Impersonation. Allow your admins to impersonate a user to debug problems.