Written by ilgrosso
At Tirasa we have been working on Identity and Access Management for many years now: as consultancy agency for 3rd party proprietary products (especially in the past) and, much more during the last three years, as community builders and contributors for Apache Syncope and ConnId.
We have been building our experience in this IAM world by working for customers different by size, expertise, complexity, involvement and nationality, and this led us to select a restrict toolset of components that are suited to work well together when you need to conceive, design, build and maintain someone's identity infrastructure.
What is required for a IAM component to fit into this identity stack? It needs to be:
Let's borrow some very good definitions from midPoint's wiki; IAM components can be either:
You might have heard of the "Open Identity Stack": here's some real Open Source alternatives.
Alongside with main choice, for each category one or more alternatives are provided that, while still satisfying the requirements above, have proven to be less suitable - with the noticeable exception of Apache Syncope, of course: why should one look for alternatives? (DISCLAIMER: my company provides enterprise support for Apache Syncope).
Access Manager: CAS
The de-facto standard for Open Source access management, with wide usage all over the world.
Keywords: Authentication, Authorization, Federation, Entitlements, SSO, OAuth 2.0, SAML 2.0
Alternatives: Apache CXF Fediz, Gluu server
Provisioning Engine: Apache Syncope
Community-driven identity manager at The Apache Software Foundation.
Keywords: Workflow, Password Management, Roles, Synchronization, Connectors, Audit, Report
Alternative: Evolveum midPoint
Identity Store: 389
Latest evolution of one of the most deployed, fast and reliable LDAP services.
Keywords: LDAP, Replica
Alternatives: Apache DS, OpenLDAP