Keycloak-as-a-Service – Open-Source Vendor-LockIn?
In addition to the lack of feature completeness and future readiness (time-to-market), this also includes the high operating costs and the lack of support for Keycloak. In recent years, a number of providers have therefore been found who offer Keycloak-as-a-Service. The spectrum ranges from providers who offer Keycloak as hosting, to providers who take Keycloak as a basic building block and expand it with their own developments. In the following, we take a look at the two aforementioned forms of Keycloak-as-a-Service.
Keycloak-as-a-Service – Hosting Service
Many companies using Keycloak struggle to find experts who can ensure the implementation and operation of Keycloak. Reliable operation of Keycloak 7 days a week and 24 hours a day (24×7) requires a large team of experts who are familiar with Keycloak and the topic of Single Sign-On. For Keycloak users, this way leads to a relief for the time being. The outstanding advantage of Keycloak – you get something for free – is thus obsolete. In the end, the cost advantage may even be a disadvantage because these operating costs are higher than subscribing to a ready-made Cloud Identity & Access Management (Cloud IAM). Once you have arrived at Hosted Keycloak, the question of comparing the functions of a cloud IAM and Keycloak quickly arises, and that is where cidaas comes out on top, apart from the fact that it is continuously developing and automatically updating in the background. After all, security in the area of identity management should not be limited to a firewall, but must be supported with fraud detection patterns as in cidaas – hosting may not be enough.
Keycloak-as-a-Service – Open Source as a Product
Keycloak is developed by Redhat in Java, with extensive use of the Redhat Java libraries and services. The original operating model was defined quite simply. As a Keycloak user, one installs a corresponding database, then Keycloak, which is based on an application server, on various server systems for development, testing and production – the operation teams then take over the operational management.
In the meantime, in addition to the “Keycloak Hosting Service”, companies have also started with placing their own IAM service based on Keycloak with meaningful product names and with some additional functions, so to speak “Open Source as a Product”. That sounds good at first, because why should you take the long and stony path and start from the drawing board when there is already an open-source solution that you can further develop individually?
- The rights of use defined with open source must be taken into account, which can restrict operation and further development,
- the rights of use can be changed by the manufacturer as a whole with a new version, so the next version may already no longer be open source,
- the IAM service provider depends on the corporate policy of the open-source provider, should the latter decide not to invest further in Keycloak or pursue point 2, then further development is questionable – the half-life of open source is known to be significantly shorter than that of commercial solutions.
- Finally, the IAM service provider can only build on the functions that Keycloak offers, and this applies to the range of functions as well as to the time of provision in the software version
Modern IAM solutions like cidaas do not have these dependencies but are actually modularly designed on the drawing board and have a highly scalable technology stack with which climate neutrality, without Java, can also be better achieved.
Keycloak hosting and Keycloak product derivatives expand the range of cloud IAM services. If you are thinking about a cloud IAM or no longer want to operate your own keycloak in your own data centre, you should sound out the market beforehand and use a modern, future-proof cloud IAM such as cidaas.
The migration from Keycloak to cidaas has been successfully tested in practice many times and is easier than perhaps thought.