Keycloak - What is the best way to add an endpoint that uses a different messaging protocol (ie not HTTP)?

Question

We are looking to use Keycloak as an identity management system. What is the best way to get Keycloak to use a custom messaging protocol (that is not HTTP)? I'm looking at the Keycloak Server Developer Guide section about extending the server by adding a custom SPI. Is this the correct way to do this?

Answer 1

Yes. I would implement SPI and the corresponding ProviderFactory and Provider, as you've mentioned.

In the past, I wrote a Kafka listener that picks messages off of a topic using this SPI strategy, and it works quite nicely. You'll need to do the following to get it to work:

1. Add your Spi class to META-INF/services/org.keycloak.provider.Spi
2. Create a file with the name of your ProviderFactory in META-INF/services and add your provider factory impl class there
3. Add the jar as a module in `modules/system/layers/keycloak/com/yourcompany/yourmodule/main
4. Add a module.xml config in the same directory as above. You'll need to add dependencies as appropriate here. Since you're implementing a custom protocol, you'll probably need to add a module containing that library and add it as a dependency. For example, I had to add kafka-clients.jar as a separate module and then list it as a dependency in my custom provider.
5. Modify standalone.xml and/or standalone-ha.xml to add the provider (see the existing <providers> block under the keycloak-server subsystem). Keycloak has some documentation on how to do this.