A: OpenSSO has had it's issues in the transition from Sun Microsystems to ForgeRock, especially regarding setup and administration. This is better now, but the resistance from dev-teams to integrate with SAML2 tokens is still so high that many projects still implement their own auth and user databases. Whydah was made to remove these impediments so Companies get a working IAM/SSO strategy.
A: IAM/SSO should be black-box purchases, but as commented above, today's black-box solutions keep failing in organizations by being to "different" or "difficult" for many development teams/projects. One of the reasons seems to be that developers gets confused by the massive XML-scaffolding in SAML2 tokens and the lack of development/test stand-alone deployments which easily integrate with the project CI infrastructure.
A: Those products are great and full of functionality. But, and there is a but. If we look at companies which have implemented them you will find that in most companies more than 50% of their in-house developed systems do not integrate with the IAM/SSO solution, rendering the investment not very valuable. The reasons are usually/probably a combination of the ones mentioned above.
=> Q: What do you want to automate?
- Deployment of IAM solution
- Known state - i.e. clean all content and automated set up of users, roles and privileges.
- CI support in controlled, non-production manner