Need advice about which tool to choose?Ask the StackShare community!

Dex

41
53
+ 1
0
Keycloak

698
1.3K
+ 1
102
Add tool

Dex vs Keycloak: What are the differences?

Introduction

In this article, we will compare Dex and Keycloak, two popular identity and access management (IAM) solutions. We will explore the key differences between Dex and Keycloak and provide specific details about each difference.

  1. Authenticators Supported: One key difference between Dex and Keycloak is the range of authenticators supported. Dex primarily supports username/password, OAuth2 client credentials, and LDAP authenticators. On the other hand, Keycloak supports a wider range of authenticators including username/password, social login (Google, Facebook, etc.), multi-factor authentication (SMS, OTP), and more.

  2. Federation: Dex and Keycloak also differ in their federation capabilities. Dex supports federation through connectors, which allows integration with various upstream identity providers like GitHub, Google, and Active Directory. Keycloak, on the other hand, provides built-in federation capabilities where it can act as an identity provider (IdP) for multiple service providers (SPs) using protocols like SAML, OAuth2, and OpenID Connect.

  3. Scalability and High Availability: Dex and Keycloak have different approaches to scalability and high availability. Dex is designed to be lightweight and can be run as a single instance or in a small cluster. However, for larger deployments, external load balancers and databases are required to achieve scalability and high availability. Keycloak, on the other hand, has built-in clustering and a distributed cache system, making it easier to scale and achieve high availability out of the box.

  4. Customization and Extensibility: When it comes to customization and extensibility, Keycloak offers more flexibility compared to Dex. Keycloak provides a comprehensive administration console and a wide range of configuration options to customize the authentication flow, user registration, and other aspects of the IAM system. In addition, Keycloak supports the development of custom extensions, themes, and plugins to tailor the system to specific requirements. Dex, while providing some customization options, has a more limited set of features in terms of extensibility.

  5. Integration with Ecosystem: Dex and Keycloak have different levels of integration with other components and ecosystems. Keycloak, being part of the Red Hat ecosystem, seamlessly integrates with other Red Hat products like OpenShift, Red Hat Single Sign-On (RHSSO), and Red Hat Fuse. It also provides native support for Java and Spring Boot applications. Dex, on the other hand, does not have the same level of ecosystem integration and may require additional configuration or development efforts for specific integrations outside its core functionality.

  6. Support and Community: Support and community play a crucial role when evaluating IAM solutions. Keycloak benefits from a large and active community, being an open-source project with backing from Red Hat. It has extensive documentation, forums, and a strong ecosystem of developers contributing to its development and support. Dex, while also having an active community, may have a smaller user base and comparatively fewer resources available for support and troubleshooting.

Summary

In summary, Dex and Keycloak differ in terms of authenticators supported, federation capabilities, scalability and high availability, customization and extensibility, integration with the ecosystem, and the level of support and community. These differences should be considered when choosing an IAM solution that best suits your specific requirements.

Advice on Dex and Keycloak
Needs advice
on
KeycloakKeycloakOktaOkta
and
Spring SecuritySpring Security

I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server. 1. Keycloak 2. Okta 3. Auth0 Please advise which one to use.

See more
Replies (3)
Luca Ferrari
Solution Architect at Red Hat, Inc. · | 5 upvotes · 201.8K views
Recommends
on
KeycloakKeycloak

It isn't clear if beside the AuthZ requirement you had others, but given the scenario you described my suggestion would for you to go with Keycloak. First of all because you have already an onpremise IdP and with Keycloak you could maintain that setup (if privacy is a concern). Another important point is configuration and customization: I would assume with Spring OAuth you might have had some custom logic around authentication, this can be easily reconfigured in Keycloak by leveraging SPI (https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi). Finally AuthZ as a functionality is well developed, based on standard protocols and extensible on Keycloak (https://www.keycloak.org/docs/latest/authorization_services/)

See more
Sandor Racz
Recommends
on
KeycloakKeycloak

We have good experience using Keycloak for SSO with OIDC with our Spring Boot based applications. It's free, easy to install and configure, extensible - so I recommend it.

See more
Recommends
on
KeycloakKeycloak

You can also use Keycloak as an Identity Broker, which enables you to handle authentication on many different identity providers of your customers. With this setup, you are able to perform authorization tasks centralized.

See more
Get Advice from developers at your company using StackShare Enterprise. Sign up for StackShare Enterprise.
Learn More
Pros of Dex
Pros of Keycloak
    Be the first to leave a pro
    • 33
      It's a open source solution
    • 24
      Supports multiple identity provider
    • 17
      OpenID and SAML support
    • 12
      Easy customisation
    • 10
      JSON web token
    • 6
      Maintained by devs at Redhat

    Sign up to add or upvote prosMake informed product decisions

    Cons of Dex
    Cons of Keycloak
      Be the first to leave a con
      • 7
        Okta
      • 6
        Poor client side documentation
      • 5
        Lack of Code examples for client side

      Sign up to add or upvote consMake informed product decisions

      What is Dex?

      Dex is a personal CRM that helps you build stronger relationships. Remember where you left off, keep in touch, and be more thoughtful -- all in one place.

      What is Keycloak?

      It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.

      Need advice about which tool to choose?Ask the StackShare community!

      What companies use Dex?
      What companies use Keycloak?
      See which teams inside your own company are using Dex or Keycloak.
      Sign up for StackShare EnterpriseLearn More

      Sign up to get full access to all the companiesMake informed product decisions

      What tools integrate with Dex?
      What tools integrate with Keycloak?
        No integrations found

        Sign up to get full access to all the tool integrationsMake informed product decisions

        What are some alternatives to Dex and Keycloak?
        Salesforce Sales Cloud
        The Sales Cloud puts everything you need at your fingertips—available anywhere. From Social accounts and contacts to Mobile, Chatter, and Analytics, collaboration across your global organization and getting deals done faster is not only possible, it's easy.
        Salesforce
        It is a customer relationship management solution that brings customers and companies together. It's one integrated CRM platform that gives all your departments — including marketing, sales, commerce, and service — a single, shared view of every customer.
        Pipedrive
        Pipeline tool for active dealmakers. Get super-organized. Close deals in less time. Built by active salespeople and serious web app developers.
        Odoo
        It is a business management software including CRM, e-commerce, billing, accounting, manufacturing, warehouse, project management, and inventory management.
        Zoho CRM
        Online CRM software for managing your sales, marketing, customer support, and inventory in a single system.
        See all alternatives