OpenAM vs Keycloak
| |
OpenAM |
Keycloak |
| Initial release |
2008 |
2014 |
| Maintainer |
Open Identity Platform Community |
Red Hat |
| Current version |
16.0.4 |
26.4.7 |
| Release and patches |
Regular |
Regular |
| Open Source |
✅ |
✅ |
| Programming Language |
Java |
Java |
| Supported Java version |
11+ LTS |
17+ LTS |
| License |
CDDL |
Apache License 2.0 |
| Multiple languages supported |
✅ |
✅ |
Single Sign On (SSO) and Federation
Authentication
Supported authentication methods:
| Authentication method |
OpenAM |
Keycloak |
| Login and password authentication |
✅ doc |
✅ doc |
| Microsoft Active Directory authentication |
✅ doc |
✅ doc |
| Authentication for demo access |
✅ doc |
⛔️ |
| Adaptive authentication |
✅ doc |
⛔️ |
| Authentication in an LDAPv3-compatible directory |
✅ doc |
✅ doc |
| Persistent cookie authentication |
✅ doc |
✅ doc |
| RDBMS authentication |
✅ doc |
✅ doc |
| Self-registration |
✅ doc |
✅ doc |
| HTTP Header enrichment authentication |
✅ doc |
⛔️ |
| Windows NT authentication |
✅ doc |
⛔️ |
| OAuth 2.0/OIDC authentication |
✅ doc |
✅ doc |
| Kerberos authentication |
✅ doc |
✅ doc |
| OIDC id_token authentication |
✅ doc |
⛔️ |
| RADIUS authentication |
✅ doc |
⛔️ |
| HOTP via SMS or email |
✅ doc |
⛔️ |
| One time password with HOTP or TOTP authentication |
✅ doc |
✅ doc |
| Custom scripted authentication provider |
✅ doc |
⛔️ |
| SAMLv2 authentication |
✅ doc |
✅ doc |
| ReCaptcha |
✅ doc |
✅ doc |
| QR-code authentication |
✅ doc |
⛔️ |
| NTLM authentication |
✅ doc |
⛔️ |
| Docker HTTP Basic Authentication |
⛔️ |
✅ doc |
| HTTP Basic Authentication |
✅ doc |
✅ doc |
| Recovery codes authentication |
✅ doc |
✅ doc |
| WebAuthn |
✅ doc |
✅ doc |
| X509 certificate authentication |
✅ doc |
✅ doc |
| Custom authentication provider |
✅ doc |
✅ doc |
Isolation (realms)
Realm support for isolation of identities and authentication processes
| |
OpenAM |
Keycloak |
| Realms support |
✅ doc |
✅ doc |
| Realm hierarchy |
✅ |
⛔️ |
Interfaces
| Interface |
OpenAM |
Keycloak |
| Administrator GUI |
✅ |
✅ |
| Admin REST API |
✅ |
✅ |
| Admin UI customization |
⛔️ |
✅ doc |
| Authentication GUI |
✅ |
✅ |
| Authentication GUI customization |
✅ doc |
✅ doc |
| Authentication REST API |
✅ doc |
⛔️ |
| Authentication XML-RPC API |
✅ doc |
⛔️ |
Authentication Sessions
| |
OpenAM |
Keycloak |
| Stateful |
Random session ID |
JWT |
| Stateless |
JWT |
JWT |
| REST Security Token Service |
✅ |
✅ |
| SOAP Security Token Service |
✅ |
⛔️ |
Identity Repositories
| Repository type |
OpenAM |
Keycloak |
| LDAP (OpenDJ, OpenLDAP, etc.) |
✅ |
✅ |
| Active Directory |
✅ |
✅ |
| Apache Cassandra |
✅ |
⛔️ |
| MariaDB Server |
✅ |
✅ |
| Microsoft SQL Server |
✅ |
✅ |
| MySQL |
✅ |
✅ |
| Oracle Database |
✅ |
✅ |
| PostgreSQL |
✅ |
✅ |
| Flat file |
✅ |
⛔️ |
| Custom identity repository |
✅ doc |
✅ doc |
Audit logging and Monitoring
| |
OpenAM |
Keycloak |
| Audit Logging |
✅ doc |
✅ doc |
| HTTP-based Monitoring |
✅ doc |
✅ doc |
| SNMP Monitoring |
✅ doc |
⛔️ |
| JMX Monitoring |
✅ doc |
⛔️ |
Useful Links
OpenAM:
Keycloak: