[keycloak-dev] BeerCloak: a comprehensive KeyCloak extension example

Dmitry Telegin mitya at cargosoft.ru
Mon Oct 31 08:44:22 EDT 2016


Hi,

For a while, I've been working on a complex KeyCloak extension (for
those interested - it adds support for hardware OTP generators with
lifecycle management, provisioning etc.)

In the course of my work, I have developed some techniques not
documented elsewhere that I'd like to share. The main focus is creating
custom realm admin resources (even not yet having an official admin
resource SPI). However, this could also serve as a general-purpose
example that combines several SPIs in a form of complete, ready-to-use
extension.

https://github.com/dteleguin/beercloak

As the name suggests, the extension brings into KeyCloak... well, beer
:) you can manage a list of beers, and even try to virtually "drink"
some amount to know how drunk you will be.

Humor aside, what's under the hood:

* a JPA entity (using Entity SPI) and LiquiBase changelog;
* a REST resource (using Realm Resource SPI) with CRUD operations and
one special operation ("drink");
* admin console GUI extensions (using theme mechanism) that work with
REST resource.

Now what makes it "admin resource":

* new roles "view-beer" and "manage-beer" are automatically added to
every existing and newly added realms, as well as included into the
master "admin" role;
* an AdminAuth instance is initialized and subsequently used to secure
REST operations;
* an AdminEventBuilder is initialized to be used for event logging.

Future ideas include adding "Beer" tab for users, where the favorite
beer kind could be chosen; this would be to demonstrate many-to-one and
many-to-one relationships between system entities and custom entities.
This could be later used to create a "secret question"-like
authenticator that would ask a user to enter his/her correct beer
preference.

If there is demand, I think I could turn this example into a complete
tutorial and maybe publish it on GitBooks. Let me know what you think.

Cheers, Dmitry


More information about the keycloak-dev mailing list