Demos, examples and playground for Keycloak extensions, providers, SPI implementations, etc.
Provided AS-IS - no warranties, no guarantees.
Just for demonstration purposes only!
This repository contains the following extensions, and probably (most likely 😉) more...
- MagicLink Authenticator - Passwordless authentication via magic link sent to user's email
- Authenticators - Collection of various demo authenticators including:
- CAPTCHA integration
- Deny/block authenticator
- MFA implementations
- MFA enrollment flows
- Redirect authenticators
- Registration enhancements
- Conditional Authenticators - Conditional logic for authentication flows based on:
- HTTP headers and values (or negated values)
- Authentication session notes and values
- Custom conditions
- Flintstones User Provider - Demo user storage provider with HTTP-based API, supporting read/write operations with the Flintstones family members
- Required Actions - Custom required actions (e.g., MobileNumberRequiredAction for enforcing mobile phone number updates)
- Validators - Custom validation providers for user attributes and forms
- Event Listeners - Multiple event listener implementations:
- Highlander - Session restrictor allowing only the last session to survive (single session per user)
- AWS SNS Publisher - Forwards all Keycloak events to AWS SNS topics
- LastLoginTime - Stores most recent login timestamp in user attributes
- Token Mappers - Custom OIDC protocol token mappers (e.g., LuckyNumberMapper)
- Action Tokens - Custom action token implementations for special-purpose links
- REST Endpoint - Custom REST resources within Keycloak with both public and authenticated endpoints
- Custom SMS SPI - Custom SMS provider service provider interface
- Admin UI Extensions - Custom Admin Console UI components and extensions
- Initializer - Realm initialization and configuration automation, including scheduled tasks
- Scheduled Tasks - Background task scheduling and cron-based operations
- Email Provider - Custom email templates and senders:
- JSON format templates for external service processing
- AWS SES integration instead of SMTP
- Vendor-specific email protocols
- Passwords - Password policy extensions and custom password validators
- Utils - Shared utilities and helper classes used across extensions
- Various - Miscellaneous extension examples and experimental features
A docker-compose.yml is provided for local development and testing with Keycloak. The setup includes:
- Keycloak running in development mode with preview features enabled
- Remote debugging available on port 8787
- All extension modules automatically mounted into Keycloak's providers directory
- Persistent data volume for Keycloak data
Build all extensions and start Keycloak:
./mvnw clean package -DskipTests && docker compose up- Keycloak Admin Console: http://localhost:8080
- Admin Credentials: username
admin, passwordadmin - Remote Debug Port: 8787
All 18 extension modules are automatically loaded:
- actiontoken, admin-ui, authenticators, conditional-authenticators
- custom-sms-spi, email, event-listener, flintstones-userprovider
- initializer, magiclink, passwords, requiredaction
- rest-endpoint, scheduled-task, tokenmapper, utils
- validators, various
Note: No warranties or support provided - use at your own risk for demonstration purposes only!