I’ve been looking into ory platform recently. It’s all still alpha and beta but pretty impressive. The architecture is much more microservice oriented. Keycloack is one large monolith but easy to deploy with Docker.
Both suffer on the documentation front, especially useful “cookbook” type of things. Keycloak is impressive, like a lot of things from Red Hat. But ory is worth keeping an eye on. Both assume fluent understanding of terminology.
If you need an integrated identity database out of the box, go for Keycloak today. Comes with OIDC and SAML, both work great. Ory Kratos still requires some manual tinkering.
I’ve been tempted, but it doesn’t support multilateral SAML federation, which is almost mandatory for higher education, which is 100% of my customer base.
But it’s definitely easier to live with than Active Directory or SecureAuth.
Yup, it’s good, I use it with the recently introduced WebAuthN support although it would be nice if it supported passwordless/usernameless login with resident keys