forgerock Identity Management Solution Vs WSO2 Identity Server

wso2 openam federated-identity identity-management openidm
Abdul picture Abdul · Jan 25, 2013 · Viewed 8.6k times · Source

I'm trying to choose one of forgerock identity management solution (openAM, openIDM) and wso2 identity server for implementing Identity and Access Management solution.

I'm interested in using following features:

  • Single Sign-On (SSO)
  • Policy based access control
  • Managing user identities
  • Connecting to central repository like Active Directory, OpenLdap, Oracle Internet Directory etc.
  • Etc..

Both open source products looks viable. I'm interested in having all of the above features along with good API to implement these features, along with active community support.

Which one would be the best amongst two ?

Thanks.

Answer

Prabath Siriwardena picture Prabath Siriwardena · Jan 26, 2013

I am an architect from WSO2 - mostly leading WSO2 Identity Server. I am trying to be not bias as much as possible :-)

Both products bring you a comprehensive Identity Management platform - having support for SAML2, OpenID, XACML 3.0, OAuth 2.0, SCIM, WS-Security standards.

Few unique features that I would like to highlight on WSO2 Identity Server are...

  1. Decentralized Federated SAML2 IdPs (http://blog.facilelogin.com/2012/08/security-patterns-decentralized.html)
  2. Distributed XACML PDPs
  3. User friendly XACML PAP wizard
  4. High scalability (We have a middle-east customer using WSO2 IS over an user base of 4 million for OpenID support.)
  5. Cassandra based User Store ( To be used over 800 Million user base by one of our production customers)
  6. Light-weight and Very low memory footprint. The stripped down version of WSO2 IS can be started with 64MB Heap Size and the standard versions runs with 96MB Heap.
  7. Highly extensible. The architecture behind WSO2 IS is highly extensible. You can easily plugin your authenticators, user store, etc...
  8. Support for multi-tenancy.
  9. Suport for multiple user stores (AD, LDAP, JDBC)
  10. Interoperability.
  11. Part of a proven SOA product platform provided by WSO2.

Also, we are planning to add support for OpenID Connect this year with a set of improved Identity Management capabilities.

You can also read more about WSO2 Identity Server from http://blog.facilelogin.com/2012/08/wso2-identity-server-flexible.html

You will not get an unbiased answer from me for your question :-) "Which one would be the best amongst two ?". You will aso get answers from Forgerock and other folks here. Best would be to evaluate and decide.

Related questions

SOAP authentication with PHP

I need to connect to a web service that requires authentication credentials in the form of a plain text user name and password. I have a basic understanding of SOAP and have managed to connect to other open web services …

Read More
How can I resolve the error "certificate subject name does not match target host name"?

curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 90d2c018-73d1-324b-b121-a162cf870ac0' 'https://172.17.0.1:8243/V1.0.2/stock/getNA?name=te' The terminal prompted "curl: (51) SSL: certificate subject name (localhost) does not match target host …

Read More
"keytool error: java.io.IOException: Invalid keystore format"

I got a problem when I try to deploy the WSO2 EMM server. In the doc https://docs.wso2.org/display/EMM101/iOS+Server+Configurations, step 7.b, when I try to execute this command: keytool -importkeystore -srckeystore ca.p12 -srcstoretype …

Read More