[EtienneK]

Worth mentioning Keycloak as well: http://www.keycloak.org/

I've been playing around with it recently and it seems to be a very capable OIDC/Oauth2 provider indeed.

[willow9886]

The issue with Keycloak is that it is never patched.

> Think of Keycloak as bleeding edge with quick releases, unpatched, and limited community support. [1]

Seems fine for research, but using it in production seems risky.

[1] http://www.keycloak.org/support.html

[EtienneK]

RedHat SSO is the production-ready version of Keycloak: https://access.redhat.com/products/red-hat-single-sign-on

[tokenizerrr]

Indeed, it's excellent. I'm using it with an ldap back end for my companys internal infra. Unfortunately it doesn't support u2f as a 2nd factor yet, just totp codes. That's the only thing I can think of as critique for keycloak, so it's pretty damn good.

[willow9886]

Gluu Server supports U2F out of the box:

https://gluu.org/docs/ce/authn-guide/U2F/

Installation instructions:

https://gluu.org/docs/ce/installation-guide/

[tokenizerrr]

Last time I looked at gluu it seemed massive, requiring a beefy server dedicated to running it. It came with an ldap server etc, meaning I seemingly couldn't us my own. I'll have to revisit, but last I checked its way too much.

All I need is an openid server.

[willow9886]

It includes an LDAP server to persist all the data generated by the service.

You can integrate your own backend LDAP server using the cache refresh feature: https://gluu.org/docs/ce/admin-guide/user-management/#ldap-s...

It is pretty beefy though, built for enterprise use cases.

[tokenizerrr]

Bookmarked, thanks. I'll be sure to try gluu again and giving it its own server if u2f becomes a requirement, or if I need any of the other features it offers.