During the evaluation phase, different components were checked to decide which one suited the LifeWatch ERIC needs better, including EGI

check-in, B2ACCESS

, INDIGO IAM, and Keycloak. Finally, the decision was keycloak, an open source solution supported by RedHat and adopted by different communities. The reason for selecting keycloak was the set of features that provides, which are enough for the needs of LifeWatch ERIC as a community:

• Different ways of user management. Keycloak allows to create a local user in a database or connect with LDAP systems.
• User federation using the main technologies: OpenID Connect, SAML, Oauth2. It is pre-configured with many different social IDs (Google, Facebook, Github, other keycloak instances). Also eduGAIN.
• Unlimited federation of IdPs. It is needed for the complex LifeWatch community, with representatives of many institutions.
• Customizable set of attributes, both in local users as well as federated.
• Attributes mapping from federated IdPs. It is needed to classify the different expected roles.
• Group and role management to identify user permissions.
• Easy to install and maintained. It works with a database that can be distributed.
• Clustered mode to set up a high-availability environment.