I've used keycloak and I am exploring kanidm for infrasatructure authentication: https://github.com/kanidm/kanidm . I would use keycloak for client facing projects. Kanidm is smaller, and uses lower system requirements (50-100MB of RAM for < 100 users) Besides OIDC it also has built in LDAP endpoint and support for UNIX auth to be used by legacy auth systems and server auth. Project is still young but usable at least in hobby / infrastructure deployments.