What does HackerNews think of keycloak?
Open Source Identity and Access Management For Modern Applications and Services
Language:
Java
One might say you wouldn't be surprised. Security practices at start ups have never been good (no regulation, focus on sales) but to see this lack of security awareness in a company protecting PII is shocking. But what do VCs know ...
As always when something like this happens, here are some good open source alternatives with appropriate security policies and bug bounties in place:
* https://github.com/keycloak/keycloak
* https://github.com/ory/kratos
* https://github.com/GluuFederation (potentially dated for some use cases)
Keycloak[1] is self-hosted and widely used. Kratos[2] is also self-hosted but API only, but on the plus side won't have problem with "josh-api" like GP described above.
Congratulations on the launch! Innovation in the Auth* space is really necessary. How do you plan on differentiating from other open source solutions, such as https://github.com/ory/kratos or https://github.com/keycloak/keycloak?
Now is probably a good time to plug some of the open source alternatives to vendor locked in identity solutions:
- https://github.com/dexidp/dex
- https://github.com/authelia/authelia
Me and my team are happy users of keycloak[0] running in a docker swarm, pretty nice so far anf very good documentation. Building your own authorization/authentication solution is really nice as you learn a lot, but there is a lot of work involved.
[0] https://github.com/keycloak/keycloak
We use Keycloak at our place and are really happy with it.
Website: https://www.keycloak.org/
Keycloak is a personal fave for this general space
Keycloak from Redhat is also pretty good:
http://www.keycloak.org/ https://github.com/keycloak/keycloak