This was created years ago; at the time I'd been a Shibboleth admin for nearly a decade but we needed something that could handle OIDC/OAuth and that explicitly supported OpenJDK. After a lot of investigation, I really liked Keycloak/Red Hat Single Sign-On. More details here: Gluu vs keycloack vs wso2 identity management
(Items in bold indicate possible concerns)
| Keycloak | WSO2 Identity Server | Gluu | CAS | OpenAM | Shibboleth IdP | |
|---|---|---|---|---|---|---|
| OpenID Connect/OAuth support | yes | yes | yes | yes | yes | yes |
| Multi-factor authentication | yes | yes | yes | yes | yes | yes |
| Admin UI | yes | yes | yes | yes | yes | no |
| OpenJDK support | yes | yes | partial² | yes | yes | partial |
| Identity brokering | yes | yes | yes | |||
| Middleware | Quarkus | WSO2 Carbon¹ | Jetty, Apache HTTPD | any Java app server | any Java app server | Jetty, Tomcat |
| Open source | yes | ⚠ nominally | yes | yes | yes | yes |
| Commercial support | yes | yes | yes | third-party | yes | third-party |
| Add federation metadata | no | yes | yes | |||
| Add metadata from URL | import only | yes | yes | |||
| Installation and configuration | easy | difficult | difficult |
-
WSO2 Carbon appears to be based on Tomcat
-
Gluu 4.0 comes bundled with Amazon Corretto, one specific distribution of OpenJDK. This is likely because it is built on top of Shibboleth, which only supports specific distributions of OpenJDK.
https://www.youtube.com/watch?v=bbyC3oKYSmw