Need advice about which tool to choose?Ask the StackShare community!
Gravitee.io vs Keycloak: What are the differences?
Introduction
In this Markdown code, we will discuss the key differences between Gravitee.io and Keycloak. Gravitee.io and Keycloak are both identity and access management solutions, but they have distinct features and functionalities. Understanding these differences can help in selecting the most suitable solution for specific requirements.
Administration Interface: Gravitee.io provides a user-friendly web-based administration console, which offers a comprehensive set of features for managing and configuring the APIs, plans, and policies. On the other hand, Keycloak provides a more customizable administration interface that enables fine-grained control over the identity realm, client settings, and user attributes.
Authentication and Authorization: Gravitee.io supports various authentication methods, including OAuth2, OpenID Connect, and SAML. It provides flexible authorization policies that can be easily customized based on API requirements. Keycloak, on the other hand, focuses on providing a unified authentication and authorization service, supporting various protocols and standards such as OAuth2, OpenID Connect, and SAML. It offers a wide range of authentication flows and allows for the implementation of complex authorization scenarios.
User Federation: Gravitee.io allows user synchronization with external identity providers through its user federation feature. It supports LDAP, Active Directory, and other popular user directories. In contrast, Keycloak has a powerful user federation feature that enables synchronization with various external identity providers, including LDAP, Active Directory, and social login providers, with the ability to map and transform user attributes.
Fine-Grained Access Control: Gravitee.io provides comprehensive access control capabilities, allowing administrators to define roles and permissions at various levels, such as APIs, plans, and policies. It supports role-based access control (RBAC) and provides flexibility in defining access rules. Keycloak also offers fine-grained access control through its roles and permissions model, allowing administrators to define access policies at different levels, such as realms, clients, and resources. It supports role-based access control (RBAC) and attribute-based access control (ABAC) strategies.
Scalability and High Availability: Gravitee.io is designed to be highly scalable and can handle a large number of API requests. It provides clustering capabilities for horizontal scalability and supports high availability setups. Keycloak is also highly scalable and can handle a large number of authentication requests. It offers clustering capabilities for horizontal scalability and provides high availability configurations for production deployments.
Extensibility and Customization: Gravitee.io provides a plugin framework that allows developers to extend and customize its functionalities. It supports custom policies, event handlers, and authentication providers. Keycloak also offers a rich set of extension points and allows for the development of custom SPIs (Service Provider Interfaces). It provides capabilities to customize various aspects, such as user federation, authentication flows, and client authentication mechanisms.
In summary, Gravitee.io focuses on comprehensive API management features with flexible authentication and authorization capabilities, while Keycloak provides a unified identity and access management solution with extensive customization options. The choice between Gravitee.io and Keycloak depends on specific requirements, such as the need for API management functionalities or a more customizable authentication and authorization service.
I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server. 1. Keycloak 2. Okta 3. Auth0 Please advise which one to use.
It isn't clear if beside the AuthZ requirement you had others, but given the scenario you described my suggestion would for you to go with Keycloak. First of all because you have already an onpremise IdP and with Keycloak you could maintain that setup (if privacy is a concern). Another important point is configuration and customization: I would assume with Spring OAuth you might have had some custom logic around authentication, this can be easily reconfigured in Keycloak by leveraging SPI (https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi). Finally AuthZ as a functionality is well developed, based on standard protocols and extensible on Keycloak (https://www.keycloak.org/docs/latest/authorization_services/)
You can also use Keycloak as an Identity Broker, which enables you to handle authentication on many different identity providers of your customers. With this setup, you are able to perform authorization tasks centralized.
We have good experience using Keycloak for SSO with OIDC with our Spring Boot based applications. It's free, easy to install and configure, extensible - so I recommend it.
Pros of Gravitee.io
- Rich policy library1
- Easy deployment on OpenShoft1
- Paid service is available(beneficial in the time of p)1
- No Managed Service0
Pros of Keycloak
- It's a open source solution33
- Supports multiple identity provider24
- OpenID and SAML support17
- Easy customisation12
- JSON web token10
- Maintained by devs at Redhat6
Sign up to add or upvote prosMake informed product decisions
Cons of Gravitee.io
- Not Cloud Ready1
Cons of Keycloak
- Okta7
- Poor client side documentation6
- Lack of Code examples for client side5
