Keycloak Events To Everywhere
A flexible, high-performance Keycloak extension that streams matched events to various destinations, in various formats
User Guide • Developer Guide • Releases • Quick Starts
| Use Case | Description |
|---|---|
| Synchronization | Keep user directories, databases, CRMs, and other systems in sync with Keycloak |
| Security Monitoring | Stream login attempts, failed authentications, and admin actions to SIEM systems |
| Audit & Compliance | Maintain immutable audit logs in message queues or event streams |
| User Analytics | Track user behavior and authentication patterns |
| Event-Driven Architecture | Trigger downstream services based on Keycloak events |
| Multi-Destination Routing | Send different event types to different systems simultaneously |
| Protocol | Examples |
|---|---|
| Kafka | Apache Kafka, Confluent Platform, Redpanda, Azure Event Hubs, AWS MSK, Aiven for Apache Kafka, Instaclustr, CloudKarafka |
| AMQP 1.0 | Apache ActiveMQ, Apache Artemis, Azure Service Bus, Azure Event Hubs, Apache Qpid, RabbitMQ, SwiftMQ, Solace PubSub+, IBM MQ |
| AMQP 0-9-1 | RabbitMQ, LavinMQ, Apache Qpid, CloudAMQP, Amazon MQ |
| MQTT 3.1.1 | Eclipse Mosquitto, EMQX, HiveMQ, VerneMQ, NanoMQ, RabbitMQ, AWS IoT Core, Azure IoT Hub |
| MQTT 5.0 | Eclipse Mosquitto, EMQX, HiveMQ, VerneMQ, NanoMQ, RabbitMQ, Azure Event Grid, AWS IoT Core |
| Redis | Redis, Valkey, Dragonfly, KeyDB, AWS ElastiCache, Azure Cache for Redis, Upstash Redis, Google Cloud Memorystore (Pub/Sub & Streams) |
| NATS | NATS Server, NATS JetStream, Synadia Cloud, NGS (NATS Global Service) |
| Pulsar | Apache Pulsar, StreamNative Cloud, DataStax Astra Streaming, StreamNative Private Cloud, Clever Cloud Pulsar |
| HTTP | Webhooks, REST APIs, Azure Event Grid, AWS EventBridge, Google Cloud Pub/Sub Push, Twilio, Slack, Discord, Custom HTTP Endpoints |
| STOMP | Apache ActiveMQ, Apache Artemis, RabbitMQ, EMQX, HornetQ |
| WebSocket | Custom WebSocket Servers, Socket.IO, SignalR, Ably, Pusher, WebSocket-based Chat Applications |
Step 1: Download or create docker-compose.yml
services:
rabbitmq:
image: ghcr.io/fortunen/kete/quick-start-rabbitmq
ports:
- 5672:5672
- 15672:15672
healthcheck:
test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
interval: 5s
timeout: 5s
retries: 30
rabbitmq-init:
image: ghcr.io/fortunen/kete/quick-start-curl
depends_on:
rabbitmq:
condition: service_healthy
entrypoint: >
sh -c '
curl -s -u guest:guest -X PUT http://rabbitmq:15672/api/queues/%2f/keycloak-events -H "content-type: application/json" -d "{\"durable\":true}" &&
curl -s -u guest:guest -X POST http://rabbitmq:15672/api/bindings/%2f/e/amq.direct/q/keycloak-events -H "content-type: application/json" -d "{\"routing_key\":\"keycloak-events\"}"
'
keycloak:
image: ghcr.io/fortunen/kete/quick-start-keycloak
command: start-dev
ports:
- 8080:8080
- 9000:9000
environment:
kete.routes.quick-start.destination.kind: amqp-0.9.1
kete.routes.quick-start.destination.host: rabbitmq
kete.routes.quick-start.destination.username: guest
kete.routes.quick-start.destination.password: guest
kete.routes.quick-start.destination.exchange: amq.direct
kete.routes.quick-start.destination.routing-key: keycloak-events
depends_on:
rabbitmq-init:
condition: service_completed_successfullydocker compose up -d- Open Keycloak: http://localhost:8080 (admin/admin)
- Do something in Keycloak (log in/out, create a user, ...)
- Open RabbitMQ: http://localhost:15672/#/queues/%2F/keycloak-events (guest/guest)
- See events arriving!
| Platform | Type | Link |
|---|---|---|
| GitHub (Stars) | Free | Give the project a star |
| GitHub (Sponsors) | One-time / Recurring | Sponsor on GitHub |
| PayPal | One-time / Recurring | Donate using PayPal |
| Buy Me a Coffee | One-time / Recurring | Donate using Buy Me a Coffee |
| Ko-fi | One-time / Recurring | Donate using Ko-fi |
| Liberapay | Recurring | Donate using Liberapay |
| Library | Description |
|---|---|
| Keycloak | Open source identity and access management |
| Lombok | Boilerplate reduction for Java |
| Apache Commons | Configuration2, Lang3, Text, IO, Pool2 utilities |
| Apache Kafka Client | Kafka producer library |
| Apache Pulsar Client | Pulsar producer library |
| RabbitMQ Client | AMQP 0-9-1 client |
| Eclipse Paho | MQTT 3.1.1 and MQTT 5.0 clients |
| Apache Qpid JMS | AMQP 1.0 JMS client |
| Apache ActiveMQ | STOMP protocol client |
| Pooled JMS | JMS connection pooling |
| Java-WebSocket | WebSocket client library |
| OkHttp | HTTP client with TLS support |
| Lettuce | Redis client for Pub/Sub and Streams |
| NATS Java Client | NATS and JetStream messaging |
| Nimbus OAuth SDK | OAuth 2.0 client credentials |
| Resilience4j | Retry patterns with exponential backoff |
| Jackson | JSON, XML, YAML, CSV, CBOR, TOML, Smile, Properties |
| hrakaroo/glob | High-performance glob and SQL LIKE patterns |
| Bouncy Castle | TLS/SSL cryptography provider |
| Reflections | Runtime component discovery |
| Google Guava | Cached matcher results |
| SLF4J | Logging facade |
| JUnit 5 | Testing framework |
| Mockito | Mocking framework for tests |
| AssertJ | Fluent assertions for tests |
| Testcontainers | Docker-based integration testing |
