Extensions

Ansible collection for Keycloak

Collection to install and configure Keycloak

Apple Identity Provider

Sign in with Apple using either a browser or natively by token_exchange.

CAS Login Procotol

Implements the CAS SSO protocol according to official specification by adding a new client type to the Keycloak admin console.

Cassandra Datastore

Use Apache Cassandra as storage backend. Can be used to just replace Infinispan as distributed cache. Requires experimental map storage feature.

Client Authorization

Adds authorization capabilities to keycloak for a given client, whether the client itself has the capability to handle authorization or not.

Configuration as Code for Keycloak realms

Utility to ensure the desired configuration state for a realm based on a JSON or YAML file.

Discord Identity Provider

Keycloak extension to add discord as an identity provider.

Event Listener Utilities

Useful event listener implementations and utilities. Webhooks, scripts, HTTP, etc.

Express.js GraphQL

Add Keyloak Authentication and Authorization to your GraphQL server.

France Connect Identity Provider

Extension to add support for the french administration Identity Provider France Connect.

Full export endpoint

Provides an endpoint allowing the full export of a realm, without having to restart keycloak.

GitHub SSH key mapper

An attribute mapper for the Github Identity Provider. The mapper can fetch the user's SSH keys from github's REST API.

HiOrg-Server Identity Provider

Keycloak extension to add HiOrg-Server as an identity provider.

Home IdP Discovery

The authenticator redirects users to their home identity provider based on their email address and domain.

IBM Security Verify Authenticator

Adds various authentication methods such as One-time-passcode, QR code, Push notifications, and FIDO2.

Impersonation Policy Enforcer

Enforces an impersonation policy restricting impersonators from accessing clients unless holding an associated client role.

JSON Remote Claim Mapper

Protocol mapper to retrieve JSON data from a remote HTTP endpoint.

Japanese documentation translation

Japanese translation of the Keycloak documentation.

Keycloak Multi-Tenancy

Keycloak extension for creating multi-tenant IAM for B2B SaaS applications.

Keycloakify

A tool for creating Keycloak theme with React

MQTT event listener

An event listener using the MQTT protocol.

Magic Link Login

Allow users to authenticate through a link sent to their email address instead of using a password.

Metrics SPI

Adds a Metrics Endpoint to Keycloak in Prometheus format.

ORCID Social Identity Provider

Enables ORCID as an Identity Provider.

Organizations Extensions

Comprehensive extensions set for single realm multi-tenancy.

Passport.js strategy

Passport.js strategy that enables the use of multiple realms in the same application.

Python Client

Client library for python applications.

RabbitMQ event listener

Event listener using the RabbitMQ message broker.

Regex role importer

This extension provides a broker mapper that maps a multivalued OIDC claim or SAML attribute to roles based on regular expressions.

Restrict Client Auth

The authenticator supports role-based or policy-based access decisions and can be enabled on a per-client basis.

Testcontainers

A Testcontainers implementation for Keycloak.

WS-Federation protocol

Implementation of the WS-Federation passive requestor model according to the official specification.

privacyIDEA two factor authentication

Adds 2nd factors to keycloak, that are authenticated against your central privacyIDEA system.