Basic Identity Manager

...

This Identity Manager is a custom development on Spring Cloud Secuirity and supports:

...

• Open ID / OAuth2: This standard is available for both ConfigDB and LDAP/AD scenarios but not for SAML v2, as it is a multi-step synchronous protocol and therefore incompatible. Usage: OAuth2 Authentication in Platform with OAuth2 Server

• SAML v2: If integration with SAML v2 is required, it is partially possible. The platform is able to integrate an authentication via SAML with an external IdP, but it loses the REST authentication capabilities via Oauth, it is only possible to integrate the Web App part (Control Panel).

  If it is a requirement to use SAMLv2 + Open ID/OAuth2 it would be necessary to install the advanced version of IM.

• Extensible by plugins: Identity Manager can be extended through plugins to connect to other repositories.

Advanced Identity Manager

...

In scenarios where a more sophisticated IM is required we offer an integration with Keycloak.

...

Unlike basic IM, several user repositories can be configured simultaneously:

• ConfigDB.

• LDAP.

• Kerberos.

• Any other type of repository, but it is associated with the development of a Keycloak plugin.

...

Through the concept of Identity Brokering, we can delegate the authentication through protocols such as SAMLv2, OpenID/OAuth2...to other IMs, but the authentication process is still performed through our IM, so OpenID/OAuth2 could still be used as the REST authentication interface.

**NOTE: although this standard can still be used for authentication, only the Oauth2 authorization code flow will be available, the implicit authentication flow is unfeasible due to technical limitations (necessary redirections to external IM, etc.).

...