A Keycloak SPI that publishes events to a MQTT broker.
This SPI has been deployed successfully on a containerized Keycloak 15.0.2 and on a Keycloak 19.0 server on a kubernetes cluster. It should therefore work properly on any version of Keycloak above 15.0.2.
mvn clean install
- Copy target/event-listener-mqtt-jar-with-dependencies.jar to {KEYCLOAK_HOME}/standalone/deployments
- Edit standalone.xml to configure the MQTT service settings. Find the following section in the configuration:
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
And add below:
<spi name="eventsListener">
<provider name="mqtt" enabled="true">
<properties>
<property name="serverUri" value="tcp://127.0.0.1:1883"/>
<property name="username" value="mqtt_user"/>
<property name="password" value="mqtt_password"/>
<property name="topic" value="my_topic"/>
<property name="usePersistence" value="true">
</properties>
</provider>
</spi>
Leave username and password out if the service allows anonymous write access. If unset, the default message topic is "keycloak/events". By default, the SPI won't use persistence. If set to true, messages will be persisted in memory.
- Restart the keycloak server.
- Copy the jar archive to /opt/keycloak/providers/ in the keycloak container.
- run keycloak with the following options:
kc.sh start
--spi-events-listener-mqtt-server-uri "tcp://your.mqtt.server:port" \
--spi-events-listener-mqtt-username mqtt_user \
--spi-events-listener-mqtt-password mqtt_password \
--spi-events-listener-mqtt-topic my_topic
--spi-events-listener-mqtt-user-persistence true