The Keycloak Signature Extension gives Keycloak the ability to sign any values, after the user has "re-authenticated" himself. If the credentials are valid, Keycloak will response with a signed JWT including the payload.
This extension can be used in 3 different ways:
- Keycloak Sign Endpoint: The minimal way is sending the necessary data to the sign endpoint.
- Custom Element: Using the
<keycloak-signature>web component which calls the POST Keycloak Sign Endpoint. - Keycloak Page: Integrates the
<keycloak-signature>custom element to provide signing functionality.
Have a look at the specification for more detailed information about composition and configuration.
This extension can be downloaded as a Java Archive (jar) and can simply be placed in the providers directory of your Keycloak.
This project creates a custom Keycloak server based on Keycloak.X. It is structured as a multi-module Maven build and contains the following top-level modules:
config: provides the build stage configuration and the setup of Keycloakcontainer: creates the custom docker imagedocker-compose: provides a sample for launching the custom docker imageextensions: provides the implementation of the signature extensionserver: provides a Keycloak installation for local development & testing
Please refer to the tutorial of custom Keycloak for more details of this project.
Please have a look at the requirements of custom Keycloak.
For this project, you also need:
- Node.js (18.15.0)
-
Please have a look at how you can run custom Keycloak.
-
In order to develop on the
<keycloak-signature>component you can use the web dev server. Run the following command under./extensions/extension-signature/src/main/web:npm start
Development of the initial version was sponsored by Körber Pharma
For more support for this extension or your Keycloak project in general, visit Keycloak Competence Center Switzerland