Keycloak Customization

-- Description

In this two-day training course, you will learn how to develop and test Keycloak extensions. You will get to know the most important concepts and objects as well as the most common SPIs.

A major advantage of the Keycloak platform is that it can be extended with your own requirements and implementations without having to build/compile the actual core yourself. Keycloak relies to a large extent on the standard Java SPI (Service Provider Interface) mechanism, which allows you to implement your own extensions to an interface and deploy these extensions to the application core at runtime or put them into production in a joint deployment. Almost every functionality is mapped in Keycloak via the SPI pattern, allowing Keycloak to be almost completely customized to your own wishes and requirements.

In this 2-day workshop, we will first learn about the concept of Keycloak SPIs, consisting of factory and provider classes, as well as the most important objects, such as the KeycloakSession and other *Context-specific containers. We then implement the most common service provider interfaces such as EventListener, ResourceProvider, Authenticator, RequiredAction and User Storage and use them to create sample extensions. With these exercises, we gain a basic understanding of how SPIs are developed for Keycloak and what to look out for.

With the help of the testcontainers-keycloak extension, we will be able to test some of our extensions in an integration test scenario in a “real” Keycloak server.

-- Agenda

Getting to know the most important concepts for Keyclaok extensions

• ProviderFactory and provider interfaces
• KeycloakSession and *Context-specific objects

Implementation of the most common Keycloak SPIs:

• EventListener
• ResourceProvider
• Authenticator
• RequiredAction
• UserStorage

Testing extensions with testcontainers-keycloak

-- Audience

The workshop is aimed at software developers who would like to expand Keycloak with additional features and their own requirements. Ideally, participants should already have previous knowledge of Keycloak. As a test and verification environment, we use a local Docker Compose environment to keep the operational overhead as low as possible. Since the Keycloak extensions are developed in Java, a sound and up-to-date knowledge of Java and Maven as well as the use of a Java IDE are absolutely necessary.

Technical requirements:

• Notebook/laptop

• Java IDE of your choice (e.g. IntelliJ IDEA, Eclipse, VS Code, Netbeans, etc.)

• JDK 17+

• Docker and Docker Compose V2 installed and running (if necessary, grant local admin rights on the computer)

• Internet access (check proxy/firewall/VPN configurations etc. if necessary)

• Separate HTTP client if the IDE does not provide this (e.g. Insomnia, Postman, REST client for VS Code Plugin, etc.)

-- Training Objectives