Wednesday, May 28, 2014

What is the difference between Picketlink and Keycloak?

Picketlink and Keycloak are both JBoss Projects.  The Picketlink Project is at and the Keycloak project is at  In our blog today we will highlight some differences between the projects.

 What is Picketlink?  PicketLink is an umbrella project for security and identity management for Java Applications. PicketLink is an important project under the security offerings from JBoss.

Highlights of Picketlink:
  • Security Framework for JavaEE Applications (Apache v2 License)
  • First Class support for CDI
  • Secures your beans, view layer, bean methods, REST endpoints, Servlets etc
  • Simple API for managing Users, Roles, Groups
  • Authenticate any way you want
  • Permissions API for fine grained authorization
  • Federation – SAML, WS-Trust, OpenID, OAuth
  • Social Login with Facebook, Twitter and Google+
What is Keycloak?  An Out of the box solution for security and a project included in the Picketlink umbrella.  An Integrated SSO solution  for browser apps and RESTful web services that is built on top of the OAuth 2.0 and JSON Web Token (JWT) specifications.

Highlights of Keycloak:
  • KeyCloak is an SSO server for web, mobile and rest applications
  • KeyCloak is an OOTB server for :
    • Authentication
    • Authorization
    • Centrally managing Application Users, Roles and Roles Mapping
    • Social Login
  • KeyCloak is deployable as a war, appliance or on OpenShift  
  • KeyCloak project is part of the PicketLink family

So what is the problem space and what is the solution?

The problem space revolves around:

1. Applications need to be secure.
2. Applications need the following security features:
  • Authentication
  • Authorization
  • Management of Users, Roles and Groups
  • Audit
  • Social Login
  • Single Sign On
The solution is one of two options provided by the JBoss Products:

Option 1: Roll your own security. PicketLink is the choice and has a ton of quickstarts.
Option 2: Out of the box solution with a User Interface.  Keycloak is the choice.
Building Blocks
Out of the Box with User Interface
 I will start blogging examples soon with the Middleware Products but take a look at the Project pages for more information: