Forgerock is not just a coding platform but provides flexibility to customize OOB modules using javascript or apache groovy. 98% of the time there will not be a need to customize for businesses.
Apart from OOB modules, there are opensource modules with customizations readily available and there is REST API available for everything (literally everything).
it can do stateful and stateless implementations on standard agent based and non agent based while making core token service (CTS) being made available to translate open standards.
Auth chaining can be done for any auth schemes (no limit on # of auth schemes to be chained which includes the MFA modules) while implementing decision drivers. Ca SSO is taking piecemeal approach on this and I'm sure they will take couple more years to get there :-P
the OOB modules include MFA modules(HOTP/TOTP, Push notifications for approval, OATH app to be used in customer mobile apps etc using their SDK) while supporting every open standard(SAML/OAuth authz server+client/OIDC OP+RP/GSMA mobile connect) at advanced level including FIDO1/2.
In their latest version, they allow metrics to be captured at every decision point with auth tress and contextual auth to be done down to time when resource is being accessed everytime.