[tokenizerrr]

Indeed, it's excellent. I'm using it with an ldap back end for my companys internal infra. Unfortunately it doesn't support u2f as a 2nd factor yet, just totp codes. That's the only thing I can think of as critique for keycloak, so it's pretty damn good.

[willow9886]

Gluu Server supports U2F out of the box:

https://gluu.org/docs/ce/authn-guide/U2F/

Installation instructions:

https://gluu.org/docs/ce/installation-guide/

[tokenizerrr]

Last time I looked at gluu it seemed massive, requiring a beefy server dedicated to running it. It came with an ldap server etc, meaning I seemingly couldn't us my own. I'll have to revisit, but last I checked its way too much.

All I need is an openid server.

[willow9886]

It includes an LDAP server to persist all the data generated by the service.

You can integrate your own backend LDAP server using the cache refresh feature: https://gluu.org/docs/ce/admin-guide/user-management/#ldap-s...

It is pretty beefy though, built for enterprise use cases.

[tokenizerrr]

Bookmarked, thanks. I'll be sure to try gluu again and giving it its own server if u2f becomes a requirement, or if I need any of the other features it offers.