Home
Utilities
Application Utilities
User Management and Authentication

Casbin vs Keycloak

Need advice about which tool to choose?Ask the StackShare community!

Casbin
26
78
+ 1
0
Keycloak
715
1.3K
+ 1
102
Add tool

Casbin vs Keycloak: What are the differences?

Key Differences Between Casbin and Keycloak

Casbin and Keycloak are both popular open-source authorization solutions, but they have several key differences. These differences are as follows:

  1. Integration Approach: Casbin is a lightweight and flexible authorization library written in Golang, making it suitable for integrating into various programming languages and frameworks. On the other hand, Keycloak is a complete identity and access management (IAM) solution that offers functionalities beyond authorization, such as single sign-on (SSO) and user management.

  2. Ease of Use and Configuration: Casbin provides a rule-based access control model that allows users to define their access control policies using a simple configuration file, which can be easily understood and managed. In contrast, Keycloak offers a more comprehensive and complex set of features, making it suitable for enterprise-level deployments with more advanced configuration and management requirements.

  3. Scalability and Performance: Due to its lightweight nature, Casbin is highly scalable and can handle a large number of access control policies efficiently. It can be easily deployed in distributed systems and cloud-native environments. Keycloak, being a complete IAM solution, may require more resources and configuration to achieve high scalability and performance in large-scale deployments.

  4. Authorization Model: Casbin follows the well-known Access Control List (ACL) authorization model, where rules are defined explicitly for each user, role, and resource combination. Keycloak, on the other hand, supports various authorization models including Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and User-Based Access Control (UBAC), providing more granular and flexible authorization capabilities.

  5. Community and Support: Both Casbin and Keycloak have active and growing communities, with a wide range of contributors and users. However, Keycloak, being backed by Red Hat, benefits from strong community support and extensive documentation, making it easier to find resources, tutorials, and troubleshooting assistance.

  6. Integration Ecosystem: Casbin provides a pluggable architecture, allowing seamless integration with different frameworks, databases, and programming languages. It supports various adaptors and plugins that can be used to integrate with different systems or extend its functionality. Keycloak, being a more comprehensive IAM solution, provides native integration with a range of other Red Hat products and technologies, such as JBoss, WildFly, and OpenShift.

In summary, Casbin offers a lightweight and flexible authorization library with a simplified configuration approach, whereas Keycloak provides a complete IAM solution with additional features beyond authorization. The choice between the two depends on project requirements, scalability demands, and the need for additional IAM features beyond basic access control.

Advice on Casbin and Keycloak
sindhujasrivastava
| 4 upvotes · 230.2K views
Needs advice
on
KeycloakKeycloakOktaOkta
and
Spring SecuritySpring Security

I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server. 1. Keycloak 2. Okta 3. Auth0 Please advise which one to use.

See more
Replies (3)
Luca Ferrari
Solution Architect at Red Hat, Inc. · | 5 upvotes · 208K views
Recommends
on
KeycloakKeycloak

It isn't clear if beside the AuthZ requirement you had others, but given the scenario you described my suggestion would for you to go with Keycloak. First of all because you have already an onpremise IdP and with Keycloak you could maintain that setup (if privacy is a concern). Another important point is configuration and customization: I would assume with Spring OAuth you might have had some custom logic around authentication, this can be easily reconfigured in Keycloak by leveraging SPI (https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi). Finally AuthZ as a functionality is well developed, based on standard protocols and extensible on Keycloak (https://www.keycloak.org/docs/latest/authorization_services/)

See more
Sandor Racz
Chief Architect · | 2 upvotes · 189.9K views
Recommends
on
KeycloakKeycloak

We have good experience using Keycloak for SSO with OIDC with our Spring Boot based applications. It's free, easy to install and configure, extensible - so I recommend it.

See more
Lukas Marschall
| 2 upvotes · 147.7K views
Recommends
on
KeycloakKeycloak

You can also use Keycloak as an Identity Broker, which enables you to handle authentication on many different identity providers of your customers. With this setup, you are able to perform authorization tasks centralized.

See more
Get Advice from developers at your company using StackShare Enterprise. Sign up for StackShare Enterprise.
Learn More
Pros of Casbin
Pros of Keycloak
    Be the first to leave a pro
    • 33
      It's a open source solution
    • 24
      Supports multiple identity provider
    • 17
      OpenID and SAML support
    • 12
      Easy customisation
    • 10
      JSON web token
    • 6
      Maintained by devs at Redhat

    Sign up to add or upvote prosMake informed product decisions

    Cons of Casbin
    Cons of Keycloak
      Be the first to leave a con
      • 7
        Okta
      • 6
        Poor client side documentation
      • 5
        Lack of Code examples for client side

      Sign up to add or upvote consMake informed product decisions

      - No public GitHub repository available -

      What is Casbin?

      In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models.

      What is Keycloak?

      It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.

      Need advice about which tool to choose?Ask the StackShare community!

      Jobs that mention Casbin and Keycloak as a desired skillset
      Sr. Staff Software Engineer, Core Retrieval
      Pinterest
      San Francisco, CA, US; , US
      View Job Details
      InfraDream+2
      Staff Software Engineer, Ads Serving Platform
      Pinterest
      San Francisco, CA, US; , US
      View Job Details
      guidanceInfraDream+9
      Manager II, Engineering - Storage Foundations
      Pinterest
      San Francisco, CA, US; , US
      View Job Details
      InfraSQLMySQL+7
      Staff Software Engineer, ML Training
      Pinterest
      San Francisco, CA, US; , CA, US
      View Job Details
      PatternsInfraDream+12
      Sr. Staff Software Engineer, Ads ML Infrastructure
      Pinterest
      San Francisco, CA, US; , CA, US
      View Job Details
      CUDAInfraDream+7
      Engineering Manager, Identity & Access Management
      Postman
      Bangalore, India
      View Job Details
      Cohesivehighlight.ioONES+9
      Senior Engineer (Backend), Identity & Access Management
      Postman
      Bangalore, India
      View Job Details
      ONESUtilizeSchedule+8
      What companies use Casbin?
      What companies use Keycloak?
      See which teams inside your own company are using Casbin or Keycloak.
      Sign up for StackShare EnterpriseLearn More

      Sign up to get full access to all the companiesMake informed product decisions

      What tools integrate with Casbin?
      What tools integrate with Keycloak?

      Sign up to get full access to all the tool integrationsMake informed product decisions

      What are some alternatives to Casbin and Keycloak?
      JavaScript
      JavaScript is most known as the scripting language for Web pages, but used in many non-browser environments as well such as node.js or Apache CouchDB. It is a prototype-based, multi-paradigm scripting language that is dynamic,and supports object-oriented, imperative, and functional programming styles.
      Git
      Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
      GitHub
      GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over three million people use GitHub to build amazing things together.
      Python
      Python is a general purpose programming language created by Guido Van Rossum. Python is most praised for its elegant syntax and readable code, if you are just beginning your programming career python suits you best.
      jQuery
      jQuery is a cross-platform JavaScript library designed to simplify the client-side scripting of HTML.
      See all alternatives

      Related Comparisons

      Keycloak vs UserbinAuth0 vs KeycloakDailyCred vs KeycloakKeycloak vs SatellizerKeycloak vs Stormpath

      Trending Comparisons

      Django vs Laravel vs Node.jsBootstrap vs Foundation vs Material-UINode.js vs Spring BootFlyway vs LiquibaseAWS CodeCommit vs Bitbucket vs GitHub

      Top Comparisons

      Bitbucket vs GitHub vs GitLabHipChat vs Mattermost vs SlackBootstrap vs MaterializePostman vs Swagger UI