Extensions

Apple Identity Provider
Sign in with Apple using either a browser or natively by token_exchange.
CAS Login Procotol
Implements the CAS SSO protocol according to official specification by adding a new client type to the Keycloak admin console.
Client Authorization
Adds authorization capabilities to keycloak for a given client, whether the client itself has the capability to handle authorization or not.
Configuration as Code for Keycloak realms
Utility to ensure the desired configuration state for a realm based on a JSON or YAML file.
Discord Identity Provider
Keycloak extension to add discord as an identity provider.
Express.js GraphQL
Add Keyloak Authentication and Authorization to your GraphQL server.
France Connect Identity Provider
Extension to add support for the french administration Identity Provider France Connect.
Full export endpoint
Provides an endpoint allowing the full export of a realm, without having to restart keycloak.
GitHub SSH key mapper
An attribute mapper for the Github Identity Provider. The mapper can fetch the user's SSH keys from github's REST API.
Google Cloud Pub/Sub event listener
An event listener for Keycloak, using the Google Cloud Pub/Sub service.
HiOrg-Server Identity Provider
Keycloak extension to add HiOrg-Server as an identity provider.
IBM Security Verify Authenticator
Adds various authentication methods such as One-time-passcode, QR code, Push notifications, and FIDO2.
Impersonation Policy Enforcer
Enforces an impersonation policy restricting impersonators from accessing clients unless holding an associated client role.
JSON Remote Claim Mapper
Protocol mapper to retrieve JSON data from a remote HTTP endpoint.
Japanese documentation translation
Japanese translation of the Keycloak documentation.
Keycloakify
A tool for creating Keycloak theme with React
MQTT event listener
An event listener using the MQTT protocol.
Metrics SPI
Adds a Metrics Endpoint to Keycloak in Prometheus format.
ORCID Social Identity Provider
Enables ORCID as an Identity Provider.
Passport.js strategy
Passport.js strategy that enables the use of multiple realms in the same application.
Python Client
Client library for python applications.
RabbitMQ event listener
Event listener using the RabbitMQ message broker.
Regex role importer
This extension provides a broker mapper that maps a multivalued OIDC claim or SAML attribute to roles based on regular expressions.
Restrict Client Auth
The authenticator supports role-based or policy-based access decisions and can be enabled on a per-client basis.
Testcontainers
A Testcontainers implementation for Keycloak.
WS-Federation protocol
Implementation of the WS-Federation passive requestor model according to the official specification.
privacyIDEA two factor authentication
Adds 2nd factors to keycloak, that are authenticated against your central privacyIDEA system.