OpenAM vs Keycloak
| OpenAM | Keycloak | |
|---|---|---|
| Initial release | 2008 | 2014 |
| Maintainer | Open Identity Platform Community | Red Hat |
| Current version | 16.0.4 | 26.4.7 |
| Release and patches | Regular | Regular |
| Open Source | ✅ | ✅ |
| Programming Language | Java | Java |
| Supported Java version | 11+ LTS | 17+ LTS |
| License | CDDL | Apache License 2.0 |
| Multiple languages supported | ✅ | ✅ |
| OpenAM | Keycloak | |
|---|---|---|
| Applications deployment behind an auth gateway | ✅ doc | ✅ doc |
| API gateway control | ✅ doc | ⛔️ |
| Apache Web Server Policy Agent | ✅ doc | ⛔️ |
| IIS Policy Agent | ✅ doc | ⛔️ |
| J2EE Policy Agent (for Tomcat, Jetty, etc) | ✅ doc | ⛔️ |
| OAuth 2.0/OIDC federation | ✅ Google example | ✅ GitHub example |
| SAMLv2 federation | ✅ WordPress example | ✅ doc |
Supported authentication methods:
| Authentication method | OpenAM | Keycloak |
|---|---|---|
| Login and password authentication | ✅ doc | ✅ doc |
| Microsoft Active Directory authentication | ✅ doc | ✅ doc |
| Authentication for demo access | ✅ doc | ⛔️ |
| Adaptive authentication | ✅ doc | ⛔️ |
| Authentication in an LDAPv3-compatible directory | ✅ doc | ✅ doc |
| Persistent cookie authentication | ✅ doc | ✅ doc |
| RDBMS authentication | ✅ doc | ✅ doc |
| Self-registration | ✅ doc | ✅ doc |
| HTTP Header enrichment authentication | ✅ doc | ⛔️ |
| Windows NT authentication | ✅ doc | ⛔️ |
| OAuth 2.0/OIDC authentication | ✅ doc | ✅ doc |
| Kerberos authentication | ✅ doc | ✅ doc |
| OIDC id_token authentication | ✅ doc | ⛔️ |
| RADIUS authentication | ✅ doc | ⛔️ |
| HOTP via SMS or email | ✅ doc | ⛔️ |
| One time password with HOTP or TOTP authentication | ✅ doc | ✅ doc |
| Custom scripted authentication provider | ✅ doc | ⛔️ |
| SAMLv2 authentication | ✅ doc | ✅ doc |
| ReCaptcha | ✅ doc | ✅ doc |
| QR-code authentication | ✅ doc | ⛔️ |
| NTLM authentication | ✅ doc | ⛔️ |
| Docker HTTP Basic Authentication | ⛔️ | ✅ doc |
| HTTP Basic Authentication | ✅ doc | ✅ doc |
| Recovery codes authentication | ✅ doc | ✅ doc |
| WebAuthn | ✅ doc | ✅ doc |
| X509 certificate authentication | ✅ doc | ✅ doc |
| Custom authentication provider | ✅ doc | ✅ doc |
Realm support for isolation of identities and authentication processes
| OpenAM | Keycloak | |
|---|---|---|
| Realms support | ✅ doc | ✅ doc |
| Realm hierarchy | ✅ | ⛔️ |
| Interface | OpenAM | Keycloak |
|---|---|---|
| Administrator GUI | ✅ | ✅ |
| Admin REST API | ✅ | ✅ |
| Admin UI customization | ⛔️ | ✅ doc |
| Authentication GUI | ✅ | ✅ |
| Authentication GUI customization | ✅ doc | ✅ doc |
| Authentication REST API | ✅ doc | ⛔️ |
| Authentication XML-RPC API | ✅ doc | ⛔️ |
| OpenAM | Keycloak | |
|---|---|---|
| Stateful | Random session ID | JWT |
| Stateless | JWT | JWT |
| REST Security Token Service | ✅ | ✅ |
| SOAP Security Token Service | ✅ | ⛔️ |
| Repository type | OpenAM | Keycloak |
|---|---|---|
| LDAP (OpenDJ, OpenLDAP, etc.) | ✅ | ✅ |
| Active Directory | ✅ | ✅ |
| Apache Cassandra | ✅ | ⛔️ |
| MariaDB Server | ✅ | ✅ |
| Microsoft SQL Server | ✅ | ✅ |
| MySQL | ✅ | ✅ |
| Oracle Database | ✅ | ✅ |
| PostgreSQL | ✅ | ✅ |
| Flat file | ✅ | ⛔️ |
| Custom identity repository | ✅ doc | ✅ doc |
| OpenAM | Keycloak | |
|---|---|---|
| Audit Logging | ✅ doc | ✅ doc |
| HTTP-based Monitoring | ✅ doc | ✅ doc |
| SNMP Monitoring | ✅ doc | ⛔️ |
| JMX Monitoring | ✅ doc | ⛔️ |
