🐏 mogoz

Search

SearchSearch

Identity Management

Sep 16, 2024, 2 min read

tags : Security, Authentication

Two parts

SSO

Covering all bases for SSO

To cover all your bases, you need 2 identity providers. Any modern identity provider worth itself will also be able to sync back to an LDAP server to keep the two consistent.

  • An LDAP server that’s preferably not exposed to the web
  • An SSO identity provider that is exposed to the web.

Products

There are opensource and prioperty Products

NameRemarkReleased
Keycloak2014
Authentik
Authelia
Ory2016
Okta
AWS Cognito
Auth0
Clerk
Firebase Auth
Supabase Auth
Supertokens2019

Keycloak

  • Open-source identity and access management by RedHat
  • Managing users, roles, and permissions, as well as for implementing multi-factor authentication and social login.
  • Supports authentication mechanisms such as OpenID Connect, OAuth 2.0, and SAML
  • You also need to use their template and plugin system (so Java for Keycloak)
  • Can’t use a different OAuth2 provider because well - you use Keycloak
  • Needs to be selfhosted
  • Keycloak with PostgreSQL on Kubernetes | Hacker News

Auth0

  • Dedicated to providing its solution in the SaaS model.
  • Owned by Okta now

Okta

  • Identity SaaS product

Ory

  • Has both selfhosted and SaaS based(Ory Network)
  • Not super mature

Ory Kratos

Ory Hydra

  • OAuth/OIDC provider
  • Have multiple apps that need a common sign-in method (SSO)
  • 3rd parties to access your users data safely etc.

Oathkeeper

  • 2017
  • Access control for API endpoints

Keto

  • Authorization, define advanced permission rules (“Access Control Policies”)
  • Permission management, roles, who is allowed to do what

Supertokens

  • Ory has criticized these guys of using incorrect terms and specs etc.

Authentik

  • Authentik is a full LDAP container reimplementation with many bell and whistles.

Authelia

  • Authelia needs a LDAP or file backend with user credentials

Others

Graph View

Backlinks