Keycloak Extensions

We love Keycloak for its openness. It can easily grow with evolving requirements. Keycloak provides a large set of functionality out-of-the-box. The true power of Keycloak can be unleashed by community extensions or by extending it yourself. Read our tutorials to learn more.

Support for a Custom Second Factor

The openess of Keycloak allows the integration of custom second factor types. They can either be found in the community (like SMS) or built on your own. We have built 3 different factors for e-banking systems. One factor integrates the KOBIL SecOPTIC elegance for login and signature transactions. The other are custom factors based on mobile devices.

Hasura Integration

Hasura is a very popular GraphQL gateway server with strong data security concerns. With its JWT authorization mode every request is authorised upon the token from the Authorization header. The token must contain specific claims for Hasura. Our Keycloak extension provides a protocol mapper for setting the necessary claims.

SMS Authenticator

SMS continues to be a widely used and trusted method for two-factor authentication, valued for its reliability, availability, and user familiarity. Although Keycloak does not natively support SMS as a second authentication factor, we have developed an extension to bridge this gap. This extension is highly configurable, enabling seamless integration with various SMS providers.

Theming

Keycloak user interfaces, such as the login and registration screens, offer extensive customization options. However, achieving this typically requires programming expertise.

Our theming extension simplifies this process by allowing you to effortlessly configure elements such as the logo, primary and secondary colors, background color, favicon, and CSS. Additionally, you can even inject custom JavaScript, enabling tailored branding and functionality without the need for coding skills.

Airlock WAF Integration

Protecting web applications exposed to the Internet with a Web Application Firewall (WAF) is a smart and essential design decision. If your web application uses the commercial WAF solution Airlock by Ergon, you can now use our Airlock WAF extension to seamlessly integrate Keycloak. This solution enhances security by supporting the Airlock Audit Token, adding credentials to the WAF user session, and embedding authorization headers for streamlined and secure user interactions.

Sorbay Risk

Risk-based authentication offers a compelling alternative to traditional two-factor authentication (2FA) methods. With each login attempt, a dedicated risk service evaluates a risk score by analyzing various attributes, including IP address, login frequency, time of day, and more. This dynamic risk score enables versatile use cases, such as streamlining the login process by bypassing 2FA for low-risk scenarios or triggering alerts to a security operations system for unusual login activities. To implement this approach, we’ve seamlessly integrated the Sorbay SaaS solution from United Security Providers into Keycloak, enhancing its security capabilities.

Magic links provide a passwordless authentication method, utilizing URLs with unique, time-sensitive embedded tokens to confirm a user’s identity during the login process. These links are usually sent via email, though they can also be delivered through SMS or messaging platforms like WhatsApp. With a single click or tap, users can effortlessly and securely log in to the application or service they’re accessing.

This method is highly appreciated by users for its ease of use and by service providers for its practicality in safeguarding less sensitive data while maintaining a seamless user experience.

Passkey Flow

Passkey is a cutting-edge technology designed to replace traditional passwords with a highly secure and seamless authentication experience. Embraced by industry leaders such as Apple, Google, and Microsoft, Passkey is rapidly gaining traction and ensuring widespread adoption across platforms.

Keycloak now also supports Passkeys. With “Passkey Flow”, we have enhanced and optimized the built-in login flow to deliver exceptional usability and faster access for end users.