Implements the CAS SSO protocol according to official specification by adding a new client type to the Keycloak admin console. Supports CAS V1/V2/V3 with JSON or XML responses and attribute mapping. Full server implementation, no external components required.
The purpose of this module is to add authorization capabilities to keycloak for a given client, whether the client itself has the capability to handle authorization or not. When installed, it allows the use of a client's Authorization tab and a specific resource name (Keycloak Client Resource) to define the policies and permissions to grant access to the client. The effect is binary: either the client is allowed access to the client and will recieve a token, or is not and will recieve a 'forbidden' message. Either way, the user is authenticated in keycloak and will have SSO access to the other clients for which they are authorized.
|Maintainers||cloudtrust, AlistairDoswald, yelhouti|
Extension to add support for the french administration Identity Provider France Connect
Provides an endpoint allowing the full export of a realm, without having to restart keycloak. Secrets are exported in clear.
An attribute mapper for the Github Identity Provider. The mapper can fetch the user's SSH keys from github's REST API
This module adds a new mapper type to retrieve JSON data from a remote HTTP endpoint (e.g. from a REST API) and add it as a claim into tokens or user info.
Complete Japanese translation of the original Keycloak documentation.
|Maintainers||openstandia, wadahiro, k-tamura|
keycloak-connect-graphql is a comprehensive solution for adding keycloak authentication and authorization to Express.js based GraphQL servers. It is used alongside the keycloak-connect middleware to provide useful auth capabilities at the GraphQL level. Features include Authentication and Role Based Access Control (RBAC) on individual Queries, Mutations and fields, Auth and RBAC on Subscriptions, Declarative @auth and @hasRole directives that can be applied directly in the GraphQL Schema, access to Keycloak token/user information in GraphQL resolver context.
|Maintainers||darahayes, wtrocki, craicoverflow|
Keycloak Metrics SPI adds a Metrics Endpoint to Keycloak. The metrics are returned in Prometheus format and include, among others, JVM performance, Login and response time metrics.
Keycloak PassportJS connector that enables the use of multiple realms in the same application (multi-tenancy), integrating with oAuth2/Open ID Connect 'clients' in keycloak, and getting users' data+roles from keycloak automatically via the JSON API. It is aims to be a feature-complete drop-in solution for NodeJS projects using PassportJS for authenitcation and authorization.
Python client for keycloak server. Using this client python apps can integrate the authorization and authentication facility from the keycloak server
An event listener for Keycloak, using the MQTT protocol.
Implementation of the WS-Federation passive requestor model according to the official specification (v1.2, see http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html). This extension adds a new keycloak admin theme, a new client type and a new identity provider type to the admin console. Supports SAML 1.1 and SAML 2.0 tokens.
|Maintainers||cloudtrust, AlistairDoswald, brat000012001, dbarentine|
This extenion adds 2nd factors to keycloak, that are authenticated against your central privacyIDEA system. privacyIDEA is a two factor management system that can manage a lot of different token types for your users. Possible 2nd factors are e.g. HOTP, TOTP smartphone apps and hardware tokens, Email, SMS, Yubikeys, Nitrokeys, Push Token... privacyIDEA is completely Open Source licensed under the AGPLv3.