Identity Management has become a critical component in modern IT industry. Its a challenge to choose the best product, while ensuring the flexibility is not lost due to increase in employee base and adhering to security compliance needs. Some of the key industry leading products include CA Siteminder, Oracle Access Manager, IBM Tivoli Access Manager and so on. Before explaining the products and alternatives, let's analyze the different capabilities required for an IT enterprise.
Identity management solution normally requires Access Management, Federation, Web Services Ability, Policy Based Enforcements, Enterprise Single Sign on (ESSO) and so on. Let's see a sample Comparison table for each of the products
Identity management solution normally requires Access Management, Federation, Web Services Ability, Policy Based Enforcements, Enterprise Single Sign on (ESSO) and so on. Let's see a sample Comparison table for each of the products
Comparison of Major Identity management solutions
CA Siteminder | Oracle Access Manager | IBM Tivoli Access Manager | |
Access Management | Yes | Yes | Yes |
Federation | Require Federation Mgr | Oracle Identity Federation | Federated Identity Mgr |
Web Services Support | CA WS Manager | WS Manager | Federated Identity Mgr |
Policy Enforcements | CA Entitlements Mgr | Oracle Entitlements Mgr | Security Policy Mgr |
Enterprise SSO | CA Single Sign-on | Passlogix | Access Manager Adapter |
So What are the Open Source Alternatives?
- OpenLDAP - Mostly a LDAP implementation, but available with most of native OS installations. Now an essential part of CURL
- Apache Knox - provides pluggable authentication to LDAP using REST API's. Knox would be fast growing especially in big data environments
Apache Knox Design - OpenAM - The forked version of the ever best OpenSSO project which was dismantled after Oracle's bid on Sun. Some great documentation and Video Tutorials for beginners.
- SimpleSAMLphp- If you are working on PHP clients, this one is for you. A native PHP based simple tool.
- OpenDS - Not so active thesedays.
- Others include OpenLiberty, Lasso, Higgins Project from Eclipse