Demos, examples and playground for Keycloak extensions, providers, SPI implementations, etc.
Provided AS-IS - no warranties, no guarantees. Just for demonstration purposes only!
This repository contains the following extensions, and probably (most likely 😉) more...
Flintstones - Demo user storage provider, providing some members of the Flintstones family, through an HTTP-base API and in writable mode, also possible to add new users.
MagicLink Authenticator - demo authenticator which sends a magic link to the user with which the user can login without needing to provide a password.
Captcha Authenticator - demo authenticator in which the user needs to solve a math task and submit the result, before successful authentication.
MFA Authenticator - very simple(!!!) demo authenticator which prints a generated OTP to stdout.
Conditional Authenticator - conditions for authenticators which will decide upon
- a header and given value (or negated value) if
true/false - a authentication session note and given value (or negated value) if
true/false
Highlander - demo event listener for Keycloak, allowing only the last session to survive (Highlander mode - there must only be one!), if a user logs in on multiple browsers/devices. (This was for long time not possible in Keycloak ootb, thus this event listener; since KC v19(?) this is natively supported.)
AWS SNS Publisher - demo event listener for Keycloak, simply forwarding/publishing all events to an AWS SNS topic.
LastLoginTime - demo event listener for Keycloak, storing the most recent login time in an user attribute.
LuckyNumberMapper - example custom token mapper for Keycloak using the OIDC protocol.
Custom Rest Resource - demo implementation for custom REST resources within Keycloak, public (unauthenticated) and secured (authenticated) endpoints.
MobileNumberRequiredAction - example which enforces the user to update its mobile phone number, if not already set.
Email Provider for custom templates in JSON format (no actual emal, but for processing through external/3rd party services) and sending emails via a vendor specific (here: AWS SES) protocol, instead of SMTP.
There's a docker-compose.yml definition to use with Docker Compose. No Warranties, use at your own risk and fortune, I'm not giving any support to this!
Build and run all the stuff with:
& ./mvnw clean package -DskipTests && docker compose up