forgerock Identity Management Solution Vs WSO2 Identity Server

Asked 25/1, 2013 at 11:59 Answered 13/12, 2014 at 20:53

Solved wso2 openam federated-identity identity-management openidm

I'm trying to choose one of forgerock identity management solution (openAM, openIDM) and wso2 identity server for implementing Identity and Access Management solution.

I'm interested in using following features:

Single Sign-On (SSO)
Policy based access control
Managing user identities
Connecting to central repository like Active Directory, OpenLdap, Oracle Internet Directory etc.
Etc..

Both open source products looks viable. I'm interested in having all of the above features along with good API to implement these features, along with active community support.

Which one would be the best amongst two ?

Thanks.

Sandisandidge answered 25/1, 2013 at 11:59 Comment(0)

I am an architect from WSO2 - mostly leading WSO2 Identity Server. I am trying to be not bias as much as possible :-)

Both products bring you a comprehensive Identity Management platform - having support for SAML2, OpenID, XACML 3.0, OAuth 2.0, SCIM, WS-Security standards.

Few unique features that I would like to highlight on WSO2 Identity Server are...

Decentralized Federated SAML2 IdPs (http://blog.facilelogin.com/2012/08/security-patterns-decentralized.html)
Distributed XACML PDPs
User friendly XACML PAP wizard
High scalability (We have a middle-east customer using WSO2 IS over an user base of 4 million for OpenID support.)
Cassandra based User Store ( To be used over 800 Million user base by one of our production customers)
Light-weight and Very low memory footprint. The stripped down version of WSO2 IS can be started with 64MB Heap Size and the standard versions runs with 96MB Heap.
Highly extensible. The architecture behind WSO2 IS is highly extensible. You can easily plugin your authenticators, user store, etc...
Support for multi-tenancy.
Suport for multiple user stores (AD, LDAP, JDBC)
Interoperability.
Part of a proven SOA product platform provided by WSO2.

Also, we are planning to add support for OpenID Connect this year with a set of improved Identity Management capabilities.

You can also read more about WSO2 Identity Server from http://blog.facilelogin.com/2012/08/wso2-identity-server-flexible.html

You will not get an unbiased answer from me for your question :-) "Which one would be the best amongst two ?". You will aso get answers from Forgerock and other folks here. Best would be to evaluate and decide.

Econometrics answered 26/1, 2013 at 6:45 Comment(4)

What about supporting of login using digital certificate? – Determined 27/1, 2013 at 20:57

This can implemented via a custom authenticator. – Econometrics 28/1, 2013 at 3:4

Prabhat, thanks for your inputs. WSO2 identity manager looks to be a promising product and on the other hand forgerock OpenAM looks trusted and widely accepted open source solution. However, as rightly said by you, I would like to evaluate both before coming to a conclusion. – Sandisandidge 28/1, 2013 at 4:51

@PrabathSiriwardena please can you answer this question ? link – Rotogravure 26/8, 2015 at 9:31

I'm a product manager at ForgeRock, but not for the products you're mentioning (OpenAM, OpenIDM).

ForgeRock Open Identity Stack has complete support for all your requirements, based on existing standards such as the ones mentioned by Prabath. It presents a single, common REST API to interact across the platform. It's easy to deploy, modular, lightweight and yet highly extensible. But in my opinion the key point is that it's a proven solution, deployed by hundreds of organizations, with built-in internet scale. The solution has been chosen by telecom service providers, medium and large enterprises for internal or customer facing services.

And I agree with Prabath, now that you've got answers from ForgeRock and WSO2, best would be to evaluate and make your own decision.

Regards.

Ludovic.

Confuse answered 26/1, 2013 at 20:10 Comment(1)

Ludovic Poitou thanks for your inputs too. I would evaluate both of these products to understand which one would fit my requirement better. – Sandisandidge 28/1, 2013 at 4:52

I am currently evaluating WSO2. It has a more permissive APACHE LICENSING Model and a more friendly management model from my having met with ForgeRock people.

Spearmint answered 13/12, 2014 at 20:53 Comment(0)

Abdul, please share your findings as I am looking at both as well. We implemented OpenSSO in production a couple years ago just prior to its transition to OpenAM. It was an excellent product with thought leadership and decent execution. Unfortunately the pending transition to OpenAM was too unnerving for some of us and we switched to another product at great, unnecessary cost and continue to look over our shoulder. Some downsides at the time were ability to migrate policy through lanes from dev-test-stage-prod, keeping configurations in sync, and issue resolution. Also, fine-grained policy was very new. So my info is a bit dated and I know they have matured since then.

Just starting with WSO2. It has strong thought leadership and good execution with several platforms per other reviews. Their base architecture looks solid and it's allowing them to create and consume/improve open source technology very quickly into integrated, commercially supported solutions.

Ciliolate answered 1/10, 2013 at 15:51 Comment(0)

Recommended topics

Hot tags