For a long time I've been wanting to deploy an OpenID IdP of the ones that didn't caught on that you entered and address, i.e; an OpenID, and the service would take you to your IdP SAML-style where you'd authorize it afterwards, the ones that had this logo:
It was even supported on the Stack Exchange Network too; that logo should look familiar to most users here.
However, the fact that that address is called the same as the protocol, and then came OpenID Connect, that actually caught on, buried information about OpenID deep down unless searched for as "openid uri" or similar. Even that isn't a guarantee as that is a common term related to Connect as well. For a minute I almost had it with Atlassian's Crowd ID, unfortunately ti was buggy, uncustomizable, and later became subscription-only software.
Since this is usually an enterprise thing, I'm focusing on Keycloak, on it's full-RHEL variant which I believe it's called just "Identity Management" and on Microsoft's ADFS, becomes it's sort of free too with Active Directory (with a very big asterisk), thus I figured these are the best chances I have if any of them has the capability. Also, since ADFS is an older product… It's been mostly the same since ADFS "4" (ADFS 2016).
Would any of these work? If they do, could you elaborate a little? just a the big picture of steps to take, or a link maybe. And if they don't, could you suggest another, preferably something not too expensive (and non-"cloud"-hosted) since this is only a learning experiment.
