This repository contains a Keycloak extension that introduces a conditional flow for matching the current authentication session's client ID using regular expressions (regex). This extension is particularly useful for scenarios where Keycloak's default behaviors do not provide the necessary flexibility for managing client-specific idp authentication flows.
One of the primary use cases for this extension is in environments where:
- IdP-First Broker Login Override: There is a need to customize the default IdP-first broker login or post login on a per-client basis, which is not natively supported by Keycloak.
- Client-Specific Registration Controls: In multi-tenant setups, it may be necessary to disable idp registration or apply specific registration policies for certain clients.
- Selective Authentication Flow Configuration: There's a need to configure the authentication flow for specific clients without the need to manually override settings for each one individually.
This project uses Gradle for building and packaging the extension. To compile the project, ensure you have Gradle installed on your system, and run the following command in the project's root directory:
gradle buildCopy the jar to the providers folder and run the following command:
${KEYCLOAK_HOME}/bin/kc.sh buildMount or copy the jar to /opt/keycloak/providers.
Here is the example of the configuration:
