Problem with a built-in JMS event listener provider is that it should send messages to an external JMS server. Keycloak itself should not act as a JMS server. Further, there's no standard way to connect to JMS providers, so best we could do is one that connects to WildFly/EAP and make it easy for users to extend it to connect to different providers (maybe an getDestination() method).

At the moment I've got no spare time to help out in detail with Arquillian part, although I can answer questions over email if that's enough. For the Arquillian part I'd suggest starting an embedded Archimedes server in the test.

On 4 April 2016 at 13:44, Thomas Raehalme <> wrote:
It would probably be a good idea although I think this JMS publishing is such a basic feature that it should be part of the core package.

If you have a chance to help me get started with the Arquillian part, I'm happy to send the PR. I should have time to work on this again within the next week or so.

Best regards,

On Mon, Apr 4, 2016 at 12:26 PM, Stian Thorgersen <> wrote:
I wonder if we should have a Keycloak extensions repository where we could place things like this rather than adding directly to master.

On 31 March 2016 at 20:18, Thomas Raehalme <> wrote:

On Thu, Mar 31, 2016 at 4:38 PM, Thomas Darimont <> wrote:
would you mind sharing your keycloak configuration with a JMS resource-adapter?

Here are the changes I made to standalone/configuration/standalone.xml:

1. Added the following extension under /server/extensions:

<extension module="org.wildfly.extension.messaging-activemq"/>

2. Added the following subsystem under /server/profile:

<subsystem xmlns="urn:jboss:domain:messaging-activemq:1.0">
    <server name="default">
        <security enabled="false" /> <!-- I didn't need to use security as everything was localhost -->
        <remote-acceptor name="netty" socket-binding="messaging"/>
        <remote-connector name="netty" socket-binding="messaging"/>
        <in-vm-acceptor name="in-vm" server-id="0"/>
        <in-vm-connector name="in-vm" server-id="0"/>
        <pooled-connection-factory name="activemq-ra"
                    transaction="xa" connectors="in-vm"
                    entries="java:/ConnectionFactory java:/JmsXA java:jboss/DefaultJMSConnectionFactory"/>
        <jms-topic name="KeycloakEvents" entries="jms/KeycloakEvents java:jboss/exported/jms/KeycloakEvents" />

3. Added the following socket-binding under /server/socket-binding-group:

<socket-binding name="messaging" port="61616"/>

This enabled my external process to listen to the JMS topic. 

I attached a full example to this message. The changes have been marked with <!-- keycloak-events-jms -->.

Did you manage to configure a new resource-adapter via jboss-cli?

No, I haven't used jboss-cli but modified the configuration file directly.

My implementation of KEYCLOAK-2302 can be found at Github:

I have not sent a PR as I have yet to complete the Arquillian integration tests requested by Stian. Other work has kept me busy and I haven't had a chance to even rebase against 1.9.x.

Best regards,

keycloak-dev mailing list