11

Which is the best option for SSO implementation Keycloack Vs CAS Vs Okta? I'm specifically looking for the disadvantages of each service to identify the best suitability for my system.

Sachin Arora
  • 113
  • 1
  • 1
  • 4
  • https://skillsmatter.com/skillscasts/13120-identity-management-and-single-sign-on-how-much-flexibility might help you a bit but prob won't answer all your questions - slides at https://www.slideshare.net/RyanDawson16/identity-management-and-single-sign-on-how-much-flexibility-5 – Ryan Dawson Dec 06 '18 at 11:58
  • There is a lot to consider in this space. It could help if you could narrow your question by specifying particular features that you need coverage for or are concerned you might hit problems with or if you could break it into multiple questions. Or are you looking for a feature comparison chart? – Ryan Dawson Dec 06 '18 at 12:04
  • I'm specifically looking for a solution which provides SSO to different web applications (different products in our system using their own username and password based authentication). Also, the solution should be the right fit for API-API communication and Social sign on as well. Should support Oatuh2, OpenID, SAML and multi factor authntication. – Sachin Arora Dec 06 '18 at 12:15

1 Answers1

23

Both Keycloak and Okta should provide what you're looking for. I'm not sure about CAS as I haven't used it in 10 years. Since both Keycloak and Okta use OAuth 2.0/OIDC, you might even be able to use Keycloak in development, and Okta in production.

I've implemented OAuth 2.0 / OIDC support in JHipster. It uses Keycloak (in a Docker container) by default, and provides instructions for switching to Okta. Thanks to the power of Spring Security and Spring Boot, you only need to override some properties to switch between the two!

Matt Raible
  • 5,905
  • 8
  • 47
  • 98
  • 1
    So Okta provides the same features as Keycloak and the only difference is that Okta is a paid enterprise solution and Keyclock is a open-source solution? – Joseph Freeman Mar 13 '20 at 15:11
  • 3
    Yes. But you can also [sign up for an Okta developer account](https://developer.okta.com/signup) and get 1000 MAU (monthly active users) for free! You can also run Keycloak in a Docker container and use it offline. You can't do that with Okta. – Matt Raible Mar 13 '20 at 16:46