Need advice about which tool to choose?Ask the StackShare community!

Dex

42
54
+ 1
0
Keycloak

736
1.3K
+ 1
102
Add tool

Dex vs Keycloak: What are the differences?

Introduction

In this article, we will compare Dex and Keycloak, two popular identity and access management (IAM) solutions. We will explore the key differences between Dex and Keycloak and provide specific details about each difference.

  1. Authenticators Supported: One key difference between Dex and Keycloak is the range of authenticators supported. Dex primarily supports username/password, OAuth2 client credentials, and LDAP authenticators. On the other hand, Keycloak supports a wider range of authenticators including username/password, social login (Google, Facebook, etc.), multi-factor authentication (SMS, OTP), and more.

  2. Federation: Dex and Keycloak also differ in their federation capabilities. Dex supports federation through connectors, which allows integration with various upstream identity providers like GitHub, Google, and Active Directory. Keycloak, on the other hand, provides built-in federation capabilities where it can act as an identity provider (IdP) for multiple service providers (SPs) using protocols like SAML, OAuth2, and OpenID Connect.

  3. Scalability and High Availability: Dex and Keycloak have different approaches to scalability and high availability. Dex is designed to be lightweight and can be run as a single instance or in a small cluster. However, for larger deployments, external load balancers and databases are required to achieve scalability and high availability. Keycloak, on the other hand, has built-in clustering and a distributed cache system, making it easier to scale and achieve high availability out of the box.

  4. Customization and Extensibility: When it comes to customization and extensibility, Keycloak offers more flexibility compared to Dex. Keycloak provides a comprehensive administration console and a wide range of configuration options to customize the authentication flow, user registration, and other aspects of the IAM system. In addition, Keycloak supports the development of custom extensions, themes, and plugins to tailor the system to specific requirements. Dex, while providing some customization options, has a more limited set of features in terms of extensibility.

  5. Integration with Ecosystem: Dex and Keycloak have different levels of integration with other components and ecosystems. Keycloak, being part of the Red Hat ecosystem, seamlessly integrates with other Red Hat products like OpenShift, Red Hat Single Sign-On (RHSSO), and Red Hat Fuse. It also provides native support for Java and Spring Boot applications. Dex, on the other hand, does not have the same level of ecosystem integration and may require additional configuration or development efforts for specific integrations outside its core functionality.

  6. Support and Community: Support and community play a crucial role when evaluating IAM solutions. Keycloak benefits from a large and active community, being an open-source project with backing from Red Hat. It has extensive documentation, forums, and a strong ecosystem of developers contributing to its development and support. Dex, while also having an active community, may have a smaller user base and comparatively fewer resources available for support and troubleshooting.

Summary

In summary, Dex and Keycloak differ in terms of authenticators supported, federation capabilities, scalability and high availability, customization and extensibility, integration with the ecosystem, and the level of support and community. These differences should be considered when choosing an IAM solution that best suits your specific requirements.

Advice on Dex and Keycloak
Needs advice
on
KeycloakKeycloakOktaOkta
and
Spring SecuritySpring Security

I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server. 1. Keycloak 2. Okta 3. Auth0 Please advise which one to use.

See more
Replies (3)
Luca Ferrari
Solution Architect at Red Hat, Inc. · | 5 upvotes · 221.2K views
Recommends
on
KeycloakKeycloak

It isn't clear if beside the AuthZ requirement you had others, but given the scenario you described my suggestion would for you to go with Keycloak. First of all because you have already an onpremise IdP and with Keycloak you could maintain that setup (if privacy is a concern). Another important point is configuration and customization: I would assume with Spring OAuth you might have had some custom logic around authentication, this can be easily reconfigured in Keycloak by leveraging SPI (https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi). Finally AuthZ as a functionality is well developed, based on standard protocols and extensible on Keycloak (https://www.keycloak.org/docs/latest/authorization_services/)

See more
Recommends
on
KeycloakKeycloak

You can also use Keycloak as an Identity Broker, which enables you to handle authentication on many different identity providers of your customers. With this setup, you are able to perform authorization tasks centralized.

See more
Sandor Racz
Recommends
on
KeycloakKeycloak

We have good experience using Keycloak for SSO with OIDC with our Spring Boot based applications. It's free, easy to install and configure, extensible - so I recommend it.

See more
Manage your open source components, licenses, and vulnerabilities
Learn More
Pros of Dex
Pros of Keycloak
    Be the first to leave a pro
    • 33
      It's a open source solution
    • 24
      Supports multiple identity provider
    • 17
      OpenID and SAML support
    • 12
      Easy customisation
    • 10
      JSON web token
    • 6
      Maintained by devs at Redhat

    Sign up to add or upvote prosMake informed product decisions

    Cons of Dex
    Cons of Keycloak
      Be the first to leave a con
      • 7
        Okta
      • 6
        Poor client side documentation
      • 5
        Lack of Code examples for client side

      Sign up to add or upvote consMake informed product decisions

      What is Dex?

      Dex is a personal CRM that helps you build stronger relationships. Remember where you left off, keep in touch, and be more thoughtful -- all in one place.

      What is Keycloak?

      It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.

      Need advice about which tool to choose?Ask the StackShare community!

      What companies use Dex?
      What companies use Keycloak?
      Manage your open source components, licenses, and vulnerabilities
      Learn More

      Sign up to get full access to all the companiesMake informed product decisions

      What tools integrate with Dex?
      What tools integrate with Keycloak?
        No integrations found

        Sign up to get full access to all the tool integrationsMake informed product decisions

        What are some alternatives to Dex and Keycloak?
        WordPress
        The core software is built by hundreds of community volunteers, and when you’re ready for more there are thousands of plugins and themes available to transform your site into almost anything you can imagine. Over 60 million people have chosen WordPress to power the place on the web they call “home” — we’d love you to join the family.
        Google AdSense
        It is a program run by Google through which website publishers in the Google Network of content sites serve text, images, video, or interactive media advertisements that are targeted to the site content and audience.
        Mailchimp
        MailChimp helps you design email newsletters, share them on social networks, integrate with services you already use, and track your results. It's like your own personal publishing platform.
        HubSpot
        Attract, convert, close and delight customers with HubSpot’s complete set of marketing tools. HubSpot all-in-one marketing software helps more than 12,000 companies in 56 countries attract leads and convert them into customers.
        Drupal
        Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.
        See all alternatives