/keycloak-extentions

Primary LanguageJavaApache License 2.0Apache-2.0

Keycloak Extensions Demo

Demos, examples and playground for Keycloak extensions, providers, SPI implementations, etc.

CI build

Keycloak User Storage Providers

Flintstones - Demo user storage provider, providing some members of the Flintstones family in a read-only mode, from an in-memory repository.

Peanuts - Demo user storage provider, providing some members of the Peanuts family in a read-only mode, via an external API.

Keycloak Authenticators

MagicLink Authenticator - demo authenticator which sends a magic link to the user with which the user can login without needing to provide a password.

Captcha Authenticator - demo authenticator in which the user needs to solve a math task and submit the result, before successful authentication.

MFA Authenticator - very simple(!!!) demo authenticator which prints a generated OTP to stdout.

Conditional Authenticator - conditions for authenticators which will decide upon

  • a header and given value (or negated value) if true/false
  • a authentication session note and given value (or negated value) if true/false

Keycloak Event Listeners

Session Restrictor

Highlander - demo event listener for Keycloak, allowing only the last session to survive (Highlander mode - there must only be one!), if a user logs in on multiple browsers/devices. (This was for long time not possible in Keycloak ootb, thus this event listener; since KC v19(?) this is natively supported.)

Event Forwarder

AWS SNS Publisher - demo event listener for Keycloak, simply forwarding/publishing all events to an AWS SNS topic.

User Attribute Updater

LastLoginTime - demo event listener for Keycloak, storing the most recent login time in an user attribute.

Custom Keycloak OIDC protocol token mapper

LuckyNumberMapper - example custom token mapper for Keycloak using the OIDC protocol.

Keycloak REST endpoint/resource extension

Custom Rest Resource - demo implementation for custom REST resources within Keycloak, public (unauthenticated) and secured (authenticated) endpoints.

Custom Required Action

MobileNumberRequiredAction - example which enforces the user to update its mobile phone number, if not already set.

Custom Email Template & Sender Provider

Email Provider for custom templates in JSON format (no actual emal, but for processing through external/3rd party services) and sending emails via a vendor specific (here: AWS SES) protocol, instead of SMTP.

Demo Docker Compose Environment

There's a docker-compose.yml definition to use with Docker Compose. No Warranties, use at your own risk and fortune, I'm not giving any support to this!

Build and run all the stuff with:

& ./mvnw clean package -DskipTests && docker compose up