Keycloak Events To Everywhere
A flexible, high-performance Keycloak extension that streams matched events to various destinations, in various formats
User Guide • Developer Guide • Releases • Quick Starts
| Use Case | Description |
|---|---|
| Synchronization | Keep user directories, databases, CRMs, and other systems in sync with Keycloak |
| Security Monitoring | Stream login attempts, failed authentications, and admin actions to SIEM systems |
| Audit & Compliance | Maintain immutable audit logs in message queues or event streams |
| User Analytics | Track user behavior and authentication patterns |
| Event-Driven Architecture | Trigger downstream services based on Keycloak events |
| Multi-Destination Routing | Send different event types to different systems simultaneously |
- 29 destination kinds — stream events to messaging, cloud, and custom endpoints
- 12 serializers — JSON, XML, YAML, CSV, TOML, Properties, CBOR, Protobuf, Smile, URL-Encoded Form, Multipart Form, Template
- 4 matchers — Glob, List, Regex, SQL — to filter which events reach which destinations
- 11 certificate loaders — PEM, PKCS12, PKCS7, DER, JKS (file path, base64, and text variants)
- Multi-route — send different event types to different destinations simultaneously
- TLS / mTLS — full TLS and mutual TLS support across all destinations
- Retry — configurable retry via Resilience4j
- Connection pooling — Apache Commons Pool2 for all destination connections
| Category | Compatible Services |
|---|---|
| Kafka | Apache Kafka, Confluent, Redpanda, AWS MSK, Aiven, CloudKarafka |
| AMQP 1.0 | Apache ActiveMQ, Apache Artemis, Apache Qpid, RabbitMQ, Solace PubSub+ |
| AMQP 0-9-1 | RabbitMQ, LavinMQ, CloudAMQP, Amazon MQ |
| MQTT 3.1.1 | Eclipse Mosquitto, EMQX, HiveMQ, VerneMQ, NanoMQ, RabbitMQ |
| MQTT 5.0 | Eclipse Mosquitto, EMQX, HiveMQ, VerneMQ, NanoMQ, RabbitMQ |
| Redis | Redis, Valkey, Dragonfly, KeyDB, Garnet, Upstash, AWS ElastiCache, Azure Cache, Google Memorystore (Pub/Sub & Streams) |
| NATS | NATS Server, Synadia Cloud (NATS Core & JetStream) |
| Pulsar | Apache Pulsar, StreamNative Cloud |
| HTTP | Webhooks, REST APIs, Custom HTTP Endpoints |
| STOMP | Apache ActiveMQ, Apache Artemis, RabbitMQ, EMQX |
| WebSocket | Custom WebSocket Servers |
| ZeroMQ | Any ZeroMQ peer — brokerless, 40+ language bindings |
| AWS | EventBridge, Kinesis Data Streams, SNS, SQS |
| Azure | Event Grid, Event Hubs, Service Bus, Storage Queue, Web PubSub |
| GCP | Cloud Tasks, Pub/Sub |
| gRPC | Any gRPC Server |
| SOAP | Any SOAP Endpoint |
| SignalR | ASP.NET SignalR Hubs |
| Socket.IO | Socket.IO Servers |
Step 1: Download or create docker-compose.yml
services:
rabbitmq:
image: ghcr.io/fortunen/kete/quick-start-rabbitmq
ports:
- 5672:5672
- 15672:15672
healthcheck:
test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
interval: 5s
timeout: 5s
retries: 30
rabbitmq-init:
image: ghcr.io/fortunen/kete/quick-start-curl
depends_on:
rabbitmq:
condition: service_healthy
entrypoint: >
sh -c '
for i in $(seq 1 30); do curl -sf -u guest:guest http://rabbitmq:15672/api/overview > /dev/null && break || sleep 1; done &&
curl -s -u guest:guest -X PUT http://rabbitmq:15672/api/queues/%2f/keycloak-events -H "content-type: application/json" -d "{\"durable\":true}" &&
curl -s -u guest:guest -X POST http://rabbitmq:15672/api/bindings/%2f/e/amq.direct/q/keycloak-events -H "content-type: application/json" -d "{\"routing_key\":\"keycloak-events\"}"
'
keycloak:
image: ghcr.io/fortunen/kete/quick-start-keycloak
command: start-dev
ports:
- 8080:8080
- 9000:9000
environment:
kete.routes.quick-start.destination.kind: amqp-0.9.1
kete.routes.quick-start.destination.host: rabbitmq
kete.routes.quick-start.destination.username: guest
kete.routes.quick-start.destination.password: guest
kete.routes.quick-start.destination.exchange: amq.direct
kete.routes.quick-start.destination.routing-key: keycloak-events
depends_on:
rabbitmq-init:
condition: service_completed_successfullydocker compose up -d- Open Keycloak: http://localhost:8080 (admin/admin)
- Do something in Keycloak (log in/out, create a user, ...)
- Open RabbitMQ: http://localhost:15672/#/queues/%2F/keycloak-events (guest/guest)
- See events arriving!
| Platform | Type | Link |
|---|---|---|
| GitHub (Stars) | Free | Give the project a star |
| GitHub (Sponsors) | One-time / Recurring | Sponsor on GitHub |
| PayPal | One-time / Recurring | Donate using PayPal |
| Buy Me a Coffee | One-time / Recurring | Donate using Buy Me a Coffee |
| Ko-fi | One-time / Recurring | Donate using Ko-fi |
| Liberapay | Recurring | Donate using Liberapay |
| Library | Description |
|---|---|
| Keycloak | Open source identity and access management |
| Lombok | Boilerplate reduction for Java |
| Apache Commons | Configuration2, Lang3, Text, IO, Pool2 utilities |
| Apache Kafka Client | Kafka producer library |
| Apache Pulsar Client | Pulsar producer library |
| RabbitMQ Client | AMQP 0-9-1 client |
| Eclipse Paho | MQTT 3.1.1 and MQTT 5.0 clients |
| Apache Qpid JMS | AMQP 1.0 JMS client |
| Apache ActiveMQ | STOMP protocol client |
| Pooled JMS | JMS connection pooling |
| Java-WebSocket | WebSocket client library |
| OkHttp | HTTP client with TLS support |
| Lettuce | Redis client for Pub/Sub and Streams |
| NATS Java Client | NATS and JetStream messaging |
| JeroMQ | Pure Java ZeroMQ implementation |
| AWS SDK for Java v2 | SQS, SNS, Kinesis, EventBridge clients |
| Azure SDK for Java | Event Hubs, Service Bus, Storage Queue, Web PubSub, Event Grid, Identity |
| Google Cloud Java SDK | Pub/Sub and Cloud Tasks clients |
| Google Auth Library | OAuth2 and credential support for GCP services |
| gRPC Java | gRPC destination and Cloud Tasks transport |
| Microsoft SignalR Java Client | ASP.NET SignalR hub client |
| Socket.IO Java Client | Socket.IO protocol client |
| Nimbus OAuth SDK | OAuth 2.0 client credentials |
| Resilience4j | Retry patterns |
| Jackson | JSON, XML, YAML, CSV, CBOR, TOML, Smile, Properties |
| hrakaroo/glob | High-performance glob and SQL LIKE patterns |
| Bouncy Castle | TLS/SSL cryptography provider |
| Reflections | Runtime component discovery |
| Google Guava | Caching and case-format transformations |
| SLF4J | Logging facade |
| JUnit 5 | Testing framework |
| Mockito | Mocking framework for tests |
| AssertJ | Fluent assertions for tests |
| Awaitility | Asynchronous readiness probes for tests |
| Testcontainers | Docker-based integration testing |
