Extensions

CAS Login Procotol

Implements the CAS SSO protocol according to official specification by adding a new client type to the Keycloak admin console. Supports CAS V1/V2/V3 with JSON or XML responses and attribute mapping. Full server implementation, no external components required.

MaintainersDoccrazy
Websitehttps://github.com/Doccrazy/keycloak-protocol-cas
Downloadhttps://github.com/Doccrazy/keycloak-protocol-cas/releases

Client Authorization

The purpose of this module is to add authorization capabilities to keycloak for a given client, whether the client itself has the capability to handle authorization or not. When installed, it allows the use of a client's Authorization tab and a specific resource name (Keycloak Client Resource) to define the policies and permissions to grant access to the client. The effect is binary: either the client is allowed access to the client and will recieve a token, or is not and will recieve a 'forbidden' message. Either way, the user is authenticated in keycloak and will have SSO access to the other clients for which they are authorized.

Maintainerscloudtrust, AlistairDoswald, yelhouti
Websitehttps://github.com/cloudtrust/keycloak-authorization
Downloadhttps://github.com/cloudtrust/keycloak-authorization/releases

Discord Identity Provider

Keycloak extension to add discord as an identity provider.

Maintainerswadahiro
Websitehttps://github.com/wadahiro/keycloak-discord
Downloadhttps://github.com/wadahiro/keycloak-discord/releases
Documentationhttps://github.com/wadahiro/keycloak-discord/blob/master/README.md
Sourcehttps://github.com/wadahiro/keycloak-discord

France Connect Identity Provider

Extension to add support for the french administration Identity Provider France Connect

MaintainersInseeFr
Websitehttps://github.com/InseeFr/Keycloak-FranceConnect
Downloadhttps://github.com/InseeFr/Keycloak-FranceConnect/releases

Full export endpoint

Provides an endpoint allowing the full export of a realm, without having to restart keycloak. Secrets are exported in clear.

Maintainerscloudtrust, yelhouti
Websitehttps://github.com/cloudtrust/keycloak-export
Downloadhttps://github.com/cloudtrust/keycloak-export/releases

Github SSH key mapper

An attribute mapper for the Github Identity Provider. The mapper can fetch the user's SSH keys from github's REST API

Maintainersmhuin
Websitehttps://github.com/mhuin/keycloak-github-ssh-key-attribute-mapper
Downloadhttps://github.com/mhuin/keycloak-github-ssh-key-attribute-mapper
Documentationhttps://github.com/mhuin/keycloak-github-ssh-key-attribute-mapper/blob/master/README.md
Sourcehttps://github.com/mhuin/keycloak-github-ssh-key-attribute-mapper

HiOrg-Server Identity Provider

Keycloak extension to add HiOrg-Server as an identity provider

MaintainersMartinBoehmer
Websitehttps://gitlab.com/MartinBoehmer/keycloak-hiorgserver-idp
Downloadhttps://gitlab.com/MartinBoehmer/keycloak-hiorgserver-idp/releases
Documentationhttps://gitlab.com/MartinBoehmer/keycloak-hiorgserver-idp/blob/master/README.en.md
Sourcehttps://gitlab.com/MartinBoehmer/keycloak-hiorgserver-idp

JSON Remote Claim Mapper

This module adds a new mapper type to retrieve JSON data from a remote HTTP endpoint (e.g. from a REST API) and add it as a claim into tokens or user info.

Maintainersgroupe-sii, niroussel
Websitehttps://github.com/groupe-sii/keycloak-json-remote-claim
Downloadhttps://github.com/groupe-sii/keycloak-json-remote-claim
Documentationhttps://github.com/groupe-sii/keycloak-json-remote-claim/blob/master/README.md
Sourcehttps://github.com/groupe-sii/keycloak-json-remote-claim

Japanese documentation translation

Complete Japanese translation of the original Keycloak documentation.

Maintainersopenstandia, wadahiro, k-tamura
Websitehttps://keycloak-documentation.openstandia.jp
Sourcehttps://github.com/openstandia/keycloak-documentation-i18n

Keycloak Connect GraphQL

keycloak-connect-graphql is a comprehensive solution for adding keycloak authentication and authorization to Express.js based GraphQL servers. It is used alongside the keycloak-connect middleware to provide useful auth capabilities at the GraphQL level. Features include Authentication and Role Based Access Control (RBAC) on individual Queries, Mutations and fields, Auth and RBAC on Subscriptions, Declarative @auth and @hasRole directives that can be applied directly in the GraphQL Schema, access to Keycloak token/user information in GraphQL resolver context.

Maintainersdarahayes, wtrocki, craicoverflow
Websitehttps://www.npmjs.com/package/keycloak-connect-graphql
Downloadhttps://www.npmjs.com/package/keycloak-connect-graphql
Documentationhttps://github.com/aerogear/keycloak-connect-graphql/blob/master/README.md
Sourcehttps://github.com/aerogear/keycloak-connect-graphql

Keycloak Metrics SPI

Keycloak Metrics SPI adds a Metrics Endpoint to Keycloak. The metrics are returned in Prometheus format and include, among others, JVM performance, Login and response time metrics.

Maintainerspb82, aliok
Websitehttps://github.com/aerogear/keycloak-metrics-spi
Downloadhttps://github.com/aerogear/keycloak-metrics-spi/releases
Documentationhttps://github.com/aerogear/keycloak-metrics-spi/blob/master/README.md
Sourcehttps://github.com/aerogear/keycloak-metrics-spi

Keycloak PassportJS Auth Strategy

Keycloak PassportJS connector that enables the use of multiple realms in the same application (multi-tenancy), integrating with oAuth2/Open ID Connect 'clients' in keycloak, and getting users' data+roles from keycloak automatically via the JSON API. It is aims to be a feature-complete drop-in solution for NodeJS projects using PassportJS for authenitcation and authorization.

Maintainersexlinc, svarlamov
Websitehttps://github.com/exlinc/keycloak-passport
Downloadhttps://www.npmjs.com/package/@exlinc/keycloak-passport
Documentationhttps://github.com/exlinc/keycloak-passport/blob/master/README.md
Sourcehttps://github.com/exlinc/keycloak-passport

Keycloak Python Client

Python client for keycloak server. Using this client python apps can integrate the authorization and authentication facility from the keycloak server

Maintainersakhilputhiry
Websitehttps://github.com/akhilputhiry/keycloak-client
Downloadhttps://pypi.org/project/keycloak/#files
Documentationhttps://keycloak-client.readthedocs.io
Sourcehttps://github.com/akhilputhiry/keycloak-client

MQTT event listener

An event listener for Keycloak, using the MQTT protocol.

Maintainersmhuin
Websitehttps://github.com/mhuin/keycloak-event-listener-mqtt
Downloadhttps://github.com/mhuin/keycloak-event-listener-mqtt
Documentationhttps://github.com/mhuin/keycloak-event-listener-mqtt/blob/master/README.md
Sourcehttps://github.com/mhuin/keycloak-event-listener-mqtt

WS-Federation protocol

Implementation of the WS-Federation passive requestor model according to the official specification (v1.2, see http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html). This extension adds a new keycloak admin theme, a new client type and a new identity provider type to the admin console. Supports SAML 1.1 and SAML 2.0 tokens.

Maintainerscloudtrust, AlistairDoswald, brat000012001, dbarentine
Websitehttps://github.com/cloudtrust/keycloak-wsfed
Downloadhttps://github.com/cloudtrust/keycloak-wsfed/releases

keycloak-config-cli - Configuration as Code for Keycloak realms

keycloak-config-cli is a Keycloak utility to ensure the desired configuration state for a realm based on a JSON file. The format of the JSON file based on the export realm format. Store and handle the configuration files inside git just like normal code. A Keycloak restart isn't required to apply the configuration.

Maintainersadorsys, jkroepke
Websitehttps://github.com/adorsys/keycloak-config-cli/
Downloadhttps://github.com/adorsys/keycloak-config-cli/releases
Documentationhttps://github.com/adorsys/keycloak-config-cli/blob/master/DOCUMENTATION.md
Sourcehttps://github.com/adorsys/keycloak-config-cli.git

privacyIDEA two factor authentication

This extenion adds 2nd factors to keycloak, that are authenticated against your central privacyIDEA system. privacyIDEA is a two factor management system that can manage a lot of different token types for your users. Possible 2nd factors are e.g. HOTP, TOTP smartphone apps and hardware tokens, Email, SMS, Yubikeys, Nitrokeys, Push Token... privacyIDEA is completely Open Source licensed under the AGPLv3.

Maintainersprivacyidea
Websitehttps://privacyidea.org
Downloadhttps://github.com/privacyidea/keycloak-provider/releases
Documentationhttps://community.privacyidea.org/t/how-to-use-keycloak-with-privacyidea/1132
Sourcehttps://github.com/privacyidea/keycloak-provider