In previous article, I have mentioned Best Auth0 alternatives (Open source or Free) but now in this article, I have mentioned best free open-source alternatives to Keycloak to add authentication to applications and secure services, and make SSO available on your website.
Keycloak is an open source identity and access management solution, although it is free and excellent to add authentication to applications, but You can still check it's alternatives which can be more developer friendly.
1. FreeIPA
FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.
Manage Linux users and client hosts in your realm from one central location with CLI, Web UI or RPC access.
Enable Single Sign On authentication for all your systems, services and applications.
Features:
- Built on top of well known Open Source components and standard protocols
- OAuth (Social, OpenID) login
- Strong focus on ease of management and automation of installation and configuration tasks.
- Create mutual trust with other Identity Management systems like Microsoft Active Directory.
Cons:
- Poor client side documentation
2. Ory
Ory is the only identity platform that can scale indefinitely and is based entirely on open source.
Ory builds cloud-native authentication (login), authorization (permission), delegation (OAuth2, OpenID Connect), and user management software. You can deploy what you need yourself or use the Ory Cloud Platform and get started in minutes.
Features:
- Authenticate and manage users, set and check permissions, protect your APIs, applications, and data - all inside an intuitive console.
- MFA, Permissions and Roles, Custom Branding, OAuth2, OIDC, IAP, RBAC, integrations - in a 5Mb docker image.
- Ory Cloud is based on our open source software and grows with every community member and pull-request.
- No limits on monthly active users are part of all pricing plans - pay for what you use.
- Migration from and to Ory Cloud is simple.
- Ory is completely headless - use your styles and design, and let your designers take back control.
- Supports all major programming languages
Cons:
- None
3. Central Authentication Service (CAS)
CAS is 100% free open source software managed by Apereo and CAS is an enterprise multilingual single sign-on solution for the web and attempts to be a comprehensive platform for your authentication and authorization needs.
CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name hosted here, with support for a plethora of additional authentication protocols and features.
Features:
- Multilingual
- SAML v1 and v2 Protocol
- OAuth v2 Protocol
- OpenID & OpenID Connect Protocol
- Authentication via JAAS, LDAP, RDBMS, X.509, Radius, SPNEGO, JWT, Remote, Apache Cassandra, Trusted, BASIC, Apache Shiro, MongoDb, Pac4J and more.
- Multifactor authentication via Duo Security, YubiKey, RSA, Google Authenticator, U2F, WebAuthn and more.
- Password management and password policy enforcement.
- UI To Manage Monitoring And Stats
Cons:
- CAS server's token must be verified by contacting the CAS server (so both user and app need to access the CAS server), while Keycloack's token are digitally signed so the app just need to verify the digital signature without contacting the Keycloack server.
4. Gluu Server
Gluu Server is a container distribution of free open source software (FOSS) for identity and access management (IAM).
Gluu provides Single Sign-on (SSO), Two-factor authentication (2FA), and access management service to different types of companies. The SSO feature offers secure sign-on across OpenID Connect, SAML, and CAS web & mobile applications.
Features:
- OpenID Connect, Signle Sign-On
- Everyone knows passwords are not secure. FIDO offers an alternative to passwords–cryptographic authentication using hardware or software.
- The UMA standard provides a way to interact with a person post-authentication.
- Using Kubernetes and other cloud native tools, you can improve the efficiency of operation and auto-scale to cost effectively meet demand
- Support OAuth 2.0
- Supports SCIM protocol.
Cons:
- The tool is not fully automated yet and lots of features are missing and it takes time to get familiar with Gluu and to make use from it.
5. IdentityServer
IdentityServer is a open source framework that uses openid connect and oauth 2.0 to achieve single sign on, acts as a single authentication and authorization server for multiple applications.
IdentityServer supports both full .NET framework (4.5.x) and .NET Core (which is cross platform). IdentityServer 4 takes the benefits of .NET Core and can be deployed using docker on linux systems.
Features:
- Authentication as Service
- Access Control for API
- Single Sign On
- Multiple Flows (Implicit, Authorization code etc).
- Supports Federated Identities (Google,Facebook etc).
- API Authorization
Cons:
- Works only with .NET Franework/.NET Core
That's it, these are some of the best open source alternatives of Keycloak, there are many more out there but we have picked best open source alternatives for you, if we have missed any open source alternative, please mention them in comments.
You may also like to read:
Best Auth0 alternatives (Open source or Free)
Best free LastPass alternative to use (Open Source)