Need advice about which tool to choose?Ask the StackShare community!
FortiAuthenticator vs Keycloak: What are the differences?
Key Differences between FortiAuthenticator and Keycloak
FortiAuthenticator and Keycloak are both authentication systems used to secure access to applications and resources. While they have similarities, there are several key differences between the two:
User Management: FortiAuthenticator provides a centralized user management system that allows administrators to create and manage user accounts. Keycloak, on the other hand, delegates user management to external identity providers, allowing for more flexibility in user authentication and authorization.
Scalability: FortiAuthenticator is designed for small and medium-sized enterprises, with a maximum limit on the number of users it can handle. Keycloak, on the other hand, is highly scalable and can support a large number of users, making it more suitable for enterprise-level deployments.
Support for Identity Federation: Keycloak provides built-in support for identity federation, allowing users to authenticate using external identity providers such as social media accounts or enterprise identity systems. FortiAuthenticator, on the other hand, does not have native support for identity federation and requires additional configurations to enable this functionality.
Multi-Factor Authentication (MFA): FortiAuthenticator has built-in support for multi-factor authentication, allowing administrators to enforce additional layers of security, such as one-time passwords or biometric authentication. Keycloak also supports MFA but requires additional configuration and integration with external MFA providers.
Integration with other Fortinet products: FortiAuthenticator seamlessly integrates with other Fortinet security products, such as FortiGate firewall and FortiAnalyzer, providing a unified authentication and security infrastructure. Keycloak, being an open-source solution, can integrate with various platforms and systems but may require additional customization and development efforts.
Commercial Support: FortiAuthenticator is a commercial product and comes with vendor support and maintenance agreements. Keycloak, being an open-source project, relies on community support and may require additional resources and expertise to ensure proper operation and support.
In Summary, FortiAuthenticator provides centralized user management, limited scalability, and seamless integration with other Fortinet products, while Keycloak offers more flexibility in user management, scalability, and built-in support for identity federation and MFA.
I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server. 1. Keycloak 2. Okta 3. Auth0 Please advise which one to use.
It isn't clear if beside the AuthZ requirement you had others, but given the scenario you described my suggestion would for you to go with Keycloak. First of all because you have already an onpremise IdP and with Keycloak you could maintain that setup (if privacy is a concern). Another important point is configuration and customization: I would assume with Spring OAuth you might have had some custom logic around authentication, this can be easily reconfigured in Keycloak by leveraging SPI (https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi). Finally AuthZ as a functionality is well developed, based on standard protocols and extensible on Keycloak (https://www.keycloak.org/docs/latest/authorization_services/)
We have good experience using Keycloak for SSO with OIDC with our Spring Boot based applications. It's free, easy to install and configure, extensible - so I recommend it.
You can also use Keycloak as an Identity Broker, which enables you to handle authentication on many different identity providers of your customers. With this setup, you are able to perform authorization tasks centralized.
Pros of FortiAuthenticator
Pros of Keycloak
- It's a open source solution33
- Supports multiple identity provider24
- OpenID and SAML support17
- Easy customisation12
- JSON web token10
- Maintained by devs at Redhat6
Sign up to add or upvote prosMake informed product decisions
Cons of FortiAuthenticator
Cons of Keycloak
- Okta7
- Poor client side documentation6
- Lack of Code examples for client side5