Extensions

ℹ️

Marketplace available on all plans. Custom extension uploads require Enterprise plan.

Extensions Marketplace

Skycloak’s extension system allows you to enhance your Keycloak clusters with additional functionality through a curated marketplace of extensions. Extensions can add new authentication providers, integrations, monitoring capabilities, and custom features to your Keycloak instance.

Overview

Extensions in Skycloak are JAR files that extend Keycloak’s functionality. They are organized by categories and can be easily installed, managed, and uninstalled through the Skycloak dashboard.

Extension Categories

Authentication Extensions

Custom identity providers
Enhanced authentication flows
Multi-factor authentication providers
Social login integrations

Integration Extensions

Third-party system connectors
API integrations
Webhook providers
Data synchronization tools

Monitoring Extensions

Health check providers
Custom metrics collectors
Performance monitoring tools
Audit log enhancers

Utility Extensions

User management tools
Configuration helpers
Development utilities
Administrative enhancements

Managing Extensions

Installing Extensions

Navigate to your cluster in the Skycloak dashboard
Click on “Extensions” in the cluster sidebar
Browse available extensions or use the search function
Click on an extension card to view details
Click “Install” to open the installation modal
Configure any required parameters
Click “Install Extension” to begin installation

Installation Process:

Extensions are installed in the background
Cluster status shows “Updating” during installation
You’ll receive a notification when installation completes
Failed installations will show error details

Viewing Installed Extensions

Switch to the “Installed Extensions” tab to see:

Currently active extensions
Installation dates
Extension status (Active, Installing, Failed, Uninstalling)
Links to extension repositories
Uninstall options

Uninstalling Extensions

Go to the “Installed Extensions” tab
Find the extension you want to remove
Click the “Uninstall” button
Confirm the uninstall action
The extension will be marked as “Uninstalling”
Once complete, it will be removed from the list

⚠️

Important: Uninstalling an extension cannot be undone. Make sure you understand the impact before removing an extension, as it may affect functionality that depends on it.

Extension Compatibility

Keycloak Version Compatibility

Extensions are built for specific Keycloak versions. The Skycloak extension marketplace automatically shows only compatible extensions for your cluster’s Keycloak version.

Compatibility Indicators:

✅ Green badge: Compatible with your cluster version
⚠️ Yellow badge: Compatibility issues detected
🚫 Disabled: Not compatible with your cluster version

Version Support

Each extension may support multiple Keycloak versions:

Latest versions are shown first
Version badges indicate supported Keycloak releases
Compatibility warnings appear for potentially incompatible extensions

Extension Configuration

Parameter Types

Extensions can request various configuration parameters during installation:

Input Types:

Text fields: API keys, client IDs, realm names
Dropdowns: Environment selection, predefined options
Checkboxes: Feature toggles, enable/disable options
Number fields: Ports, timeouts, limits
Password fields: Secrets, tokens, sensitive data

Helper Features:

Contextual help text for each parameter
Placeholder examples showing expected format
Required field validation
Default values where applicable
Review step before installation

Post-Installation Resources

After installing an extension, access comprehensive documentation:

Usage Instructions:

Step-by-step quick start guides
Configuration tips by category (realm, client, auth flow, API)
Code examples and integration patterns
Video tutorials (when available)

API Documentation:

New endpoints added by the extension
Request/response formats
Authentication requirements
Usage examples

Extension Development

Finding Extensions

Marketplace Browse:

Filter by category (Authentication, Integration, Monitoring, Utility)
Search by name or description
View extension details and documentation
Check compatibility before installation
See tier requirements (Free, Paid, Custom)

Extension Details Include:

Description and features
Supported Keycloak versions with version badges
Configuration parameters with types and validation
Repository links for open-source extensions
Installation requirements and dependencies
Real-time compatibility checking

Custom Extension Development

For Enterprise customers developing custom extensions:

Development: Build your extension as a Keycloak JAR
Testing: Test with your target Keycloak version
Upload: Use the Custom Extensions tab to upload
Security: Wait for automatic malware scanning
Installation: Install once security scan passes

Development Guidelines:

Target specific Keycloak versions for compatibility
Include clear metadata in your JAR
Document all configuration parameters
Test thoroughly before uploading
Keep JAR size under 50MB

ℹ️

Professional Services: Need help developing a custom extension? Skycloak offers professional services for custom extension development. Contact our team for more information.

Best Practices

Installation Planning

Before Installing:

Review extension documentation and compatibility
Understand configuration requirements and parameter types
Check your plan’s extension tier access
Plan for cluster restart during installation
Have a rollback plan if needed

During Installation:

Only one extension operation at a time (system enforced)
Monitor real-time progress through status indicators
Wait for “Active” status before using the extension
Review installation logs if issues occur

Extension Management

Regular Maintenance:

Keep extensions updated when new versions are available
Remove unused extensions to reduce complexity
Monitor extension performance impact
Review extension logs for issues

Security Considerations:

Only install extensions from trusted sources
Review extension permissions and access requirements
Monitor extension behavior after installation
Keep track of installed extensions for security audits

Troubleshooting

Common Issues

Installation Failures:

Check Keycloak version compatibility
Verify cluster has sufficient resources
Review error messages in the dashboard
Contact support if issues persist

Extension Not Working:

Verify extension is in “Active” status
Check extension configuration parameters
Review cluster logs for error messages
Restart cluster if recommended by extension documentation

Performance Impact:

Monitor cluster performance after installation
Check resource usage in insights dashboard
Consider removing or replacing problematic extensions
Optimize extension configuration if available

Getting Help

Support Channels:

Extension repository documentation
Skycloak support (for paid plans)
Extension-specific support channels

Information to Provide:

Extension name and version
Keycloak cluster version
Error messages or symptoms
Configuration details (without sensitive data)

Extension Tiers and Pricing

Extension Access by Plan

Extensions are categorized into three tiers based on your subscription:

Free Extensions (All plans: Trial, Dev, Launch, Business, Enterprise)

Open-source community extensions
GitHub-hosted extensions
Basic authentication providers

Paid Extensions (Business+)

Premium third-party integrations
Advanced monitoring tools
Enterprise authentication providers

Custom Extensions (Enterprise only)

Upload your own JAR files
Automatic malware scanning
Private extension hosting
Full control over extension lifecycle

Custom Extensions Upload

Enterprise customers can upload custom extensions:

Navigate to the “Custom Extensions” tab
Click “Upload Extension”
Select your JAR file (max 50MB)
Provide extension details:
- Name and description
- Keycloak version compatibility
- Configuration parameters
Wait for malware scanning to complete
Install once marked as “Clean”

Security Scanning Status:

🟢 Clean: Safe to install
🟡 Pending/Scanning: Analysis in progress
🔴 Infected: Security threat detected
⚠️ Failed: Scan could not complete

Extension Marketplace

Quality Standards

All marketplace extensions are reviewed for:

Security: No malicious code or vulnerabilities
Compatibility: Works with supported Keycloak versions
Documentation: Clear installation and usage instructions
Maintenance: Active development and support

Available Extensions

Our marketplace currently includes the following extensions:

Authentication & Access Control

Keycloak Restrict Client Authenticator

Restrict client access based on roles and policies
Configure which clients users can authenticate to
Ideal for multi-tenant environments
Parameters: None required

Keycloak Home IdP Discovery

Automatically redirect users to their identity provider based on email domain
Streamline login for organizations with multiple IdPs
Parameters: Email domain, IdP alias

Apple Identity Provider

Enable “Sign in with Apple” functionality
Support for Apple’s privacy-focused authentication
Parameters: Service ID, Team ID, Client Secret Key

privacyIDEA Two-Factor Authentication

Integrate with privacyIDEA for advanced MFA
Support for hardware tokens, SMS, and mobile apps
Parameters: Server URL, verify SSL, realm mapping

Email OTP Authenticator

Send one-time passwords via email
Passwordless authentication option
Customizable email templates
Parameters: Email subject, template customization

Multi-Tenancy & B2B

Keycloak Multi-Tenancy Extension

Create isolated tenant realms
Tenant-specific branding and configuration
Ideal for B2B SaaS applications
Parameters: Tenant identifier configuration

Regional & Compliance

Keycloak FranceConnect Extension

Integration with French government identity provider
Compliant with French digital identity standards
Parameters: Environment (production/sandbox), client credentials

Keycloak PII Data Encryption Provider

Encrypt sensitive user attributes at rest
GDPR compliance support
Field-level encryption
Parameters: Encryption key, fields to encrypt

API & Integration

Keycloak TOTP API

REST API for TOTP management
Programmatic MFA setup
QR code generation endpoints
Parameters: None required

SCIM 2.0 Server for Keycloak

SCIM provisioning API support
User and group synchronization
Compatible with enterprise provisioning tools
Parameters: Authentication mode, JWT settings (configured via realm attributes)

Keycloak RADIUS Plugin

Embedded RADIUS server
Network device authentication
VPN and WiFi integration
Parameters: Shared secret, NAS configuration

Communication

Keycloak Phone Provider (⚠️ Limited compatibility)

SMS-based authentication
Phone number verification
Note: Only supports Keycloak versions 20-21
Parameters: SMS gateway configuration

Managing Extensions Through the Dashboard

All extension management is handled through the Skycloak dashboard interface:

Viewing Available Extensions:

Navigate to your cluster’s Extensions section
Browse or search the marketplace
Filter by category and compatibility

Installing Extensions:

Click on an extension to view details
Configure any required parameters in the modal
Click “Install Extension” to begin installation
Monitor progress through the cluster status indicator

Managing Installed Extensions:

Switch to the “Installed Extensions” tab
View status and configuration details
Uninstall extensions when no longer needed

Next Steps

Insights & Analytics Security Logs