Is there an easy way to deploy Ory? Even just to test?
At the moment I'm using Keycloak at work, authentik for side projects and authelia for personal ones where I don't need anything complicated.
I couldn't find a deployment guide or a quick docker-compose. Also, If this link is still up-to date the self-hosted version is missing user and configuration management UIs https://www.ory.sh/ory-network-or-self-hosting-explained-use...
For experimenting on your own machine, you can run Ory Kratos + the default user-facing UI in Docker. You can find the Docker Quickstart here: https://www.ory.sh/docs/kratos/quickstart
Ory Kratos does not do everything that we offer in the managed service. In particular the admin UI is not available (but the APIs and business logic are!), and the things we built around multi-region and multi-tenancy are not available in the open source self-hosted version.
> Any reason to pick this over keycloak?
Keycloak is an awesome open-source project! I never used Keycloak myself in a large production system. Here is a bit of feedback we hear from users who approach us. Keycloak
- is great for small-to-medium user bases (e.g. for employee management which it was originally designed for) but has issues when scaling to millions of users / customer-facing
- has a larger footprint due to Java
- has no managed service
- is tied to IBM (can be both good and bad, as we see with the RHEL changes. Can happen to any project though)
Generally speaking, Ory is more componetized and domain driven. If you don't want OAuth2, you don't need it. If you only want OAuth2, you don't need to also use sign in from Ory. And so on!
There's probably more differences but I think others with operational Keycloak experience can answer this better than me.
Generally speaking, both projects have their place. If you're looking more for web-based customer identity management I would go in Ory's direction. If it's about enterprise employee management, Keycloak is an easier plug-and-play solution.
> Ory Kratos does not do everything that we offer in the managed service. In particular the admin UI is not available (but the APIs and business logic are!), and the things we built around multi-region and multi-tenancy are not available in the open source self-hosted version.
Does the managed service use the same repo as Kratos with additional services not available to open source or do you use a forked/modified version of Kratos?
It’s mostly what’s on master plus ~15% additional code for multi-region and multi-tenancy. Other components such as the Ory Console are not open source
Absolutely, Authentik when you need complicated workflows but if you just need to put a login screen in front of page and use OIDC or LDAP with 2FA Authelia's got you covered.
Hi Aenea,
I'm still trying to understand, sorry for the newbie question, could this be some sort of replacement of Keycloak?
Can it be used to manage authn/authz with JWT between a react front-end and a Django backend?
Kratos + Hydra can be used to replace Keycloak’s authn. Authz is a little bit mord involved. Keycloak comes with UMA2. In the Ory stack this would be Keto with some sprinkle of Oathkeeper.
Are there are books on the topic, or at least good tutorials? I know the underlying concepts (have even read most of the specs), and the documentation has gotten better since I last looked at it, but I'd love to have a more comprehensive resource.
How easy do you estimate to be adding new storage backends to Kratos?
I would like to use it as a way to do user management, but I need to be able to save data about users to custom storage backends (built on top of boltdb, badger, etc)
Can we use Ory as the basis for a multi-tenant system? Or would we need to have one instance per tenant
It hasn’t been clear to figure this out, open source or paid.
