Need advice about which tool to choose?Ask the StackShare community!
Keycloak vs Stormpath: What are the differences?
Token Management: Keycloak offers robust token management capabilities, allowing for fine-grained control over access tokens, refresh tokens, and ID tokens. On the other hand, Stormpath provides more limited token management features, focusing primarily on authentication and authorization.
User Federation: Keycloak supports user federation, enabling organizations to integrate with multiple external identity providers and directories easily. In contrast, Stormpath lacks native support for user federation and relies on its internal user store for authentication and authorization.
Customization: Keycloak provides extensive customization options, allowing developers to tailor the authentication and authorization workflows to meet specific business requirements. Stormpath, while offering some customization features, has limitations compared to the flexibility provided by Keycloak.
Scalability: Keycloak is designed for scalability, capable of handling large numbers of users and high volumes of authentication requests efficiently. Stormpath, while suitable for small to medium-sized applications, may face challenges in scaling to support enterprise-level workloads effectively.
Integration Ecosystem: Keycloak has a vast integration ecosystem with support for various platforms, protocols, and programming languages, making it versatile for diverse application environments. Stormpath, while versatile in integration capabilities, may have fewer options compared to Keycloak's extensive ecosystem.
Community Support: Keycloak benefits from a large and active community that contributes to its development, provides support, and offers a wide range of resources for users. Stormpath, on the other hand, has a smaller community base, which may impact the availability of resources and support for users.
In Summary, Keycloak and Stormpath differ in terms of token management, user federation, customization options, scalability, integration ecosystem, and community support.
I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server. 1. Keycloak 2. Okta 3. Auth0 Please advise which one to use.
It isn't clear if beside the AuthZ requirement you had others, but given the scenario you described my suggestion would for you to go with Keycloak. First of all because you have already an onpremise IdP and with Keycloak you could maintain that setup (if privacy is a concern). Another important point is configuration and customization: I would assume with Spring OAuth you might have had some custom logic around authentication, this can be easily reconfigured in Keycloak by leveraging SPI (https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi). Finally AuthZ as a functionality is well developed, based on standard protocols and extensible on Keycloak (https://www.keycloak.org/docs/latest/authorization_services/)
You can also use Keycloak as an Identity Broker, which enables you to handle authentication on many different identity providers of your customers. With this setup, you are able to perform authorization tasks centralized.
We have good experience using Keycloak for SSO with OIDC with our Spring Boot based applications. It's free, easy to install and configure, extensible - so I recommend it.
Pros of Keycloak
- It's a open source solution33
- Supports multiple identity provider24
- OpenID and SAML support17
- Easy customisation12
- JSON web token10
- Maintained by devs at Redhat6
Pros of Stormpath
- Authentication29
- User Management22
- API Authentication19
- Token Authentication17
- Security Workflows17
- Secure16
- Easy setup and great support7
- Great customer support7
- they manage the required, so I can focus on innovation6
- Private Deployment3
- Will sign BAA for HIPAA-compliance2
- Rapid Development1
- SAML Support0
Sign up to add or upvote prosMake informed product decisions
Cons of Keycloak
- Okta7
- Poor client side documentation6
- Lack of Code examples for client side5
Cons of Stormpath
- Discontinued4
