Keymate Extensions
Enhance Keycloak with powerful, purpose-built extensions for enterprise-grade IAM.
Keycloak (18)
Secure, TCKN-Based Login for Public Sector Applications
Seamless Public Sector Login via TCKN and e-Devlet Gateway
Authenticate Users Through Legacy IAM Without Migration
Seamless User Login via Legacy Identity Systems
Log In with What You Know—National ID, Passport, Email, or Custom Keys
Flexible Login with National ID, Email, Passport, or Custom Identifiers
Federate LDAP Users Seamlessly—With Dynamic Mapping and Attribute Control
Dynamic User Federation and Attribute Mapping via LDAP
Event-Based OTP Authenticator
Risk-Aware OTP Challenge Triggered by Real-Time Conditions
MFA Step-Up Authenticator
On-Demand Multi-Factor Challenges for Sensitive Actions
Organization-Aware Login Extension
Tenant & Org Selection Built into the Login Flow
Token Attribute Enricher
Context-Rich Tokens for Authorization, Auditing, and Analytics
Department Switch via Token Exchange
Seamless Department Switching Without Reauthentication
Legacy Token Exchange Extension
Seamless Token Conversion for Parallel IAM Migration
Custom Token Introspector SPI
Enrich Token Payloads and Introspection Responses with Business Context
Risk Score Enricher SPI
Adaptive Token Enrichment with Contextual Risk Intelligence
Session Notes → Token Mapper SPI
Secure Propagation of Session Context into Access Tokens
Delegation Context SPI (Just-in-Time Role Elevation)
Secure Session-Level Delegation for Temporary Role Escalation
Tenant-Aware Organization Selector at Login
Personalized Org Selection During Login with Session Context Awareness
Custom Attribute Mapper SPI
Sync User & Organization Metadata Across Identity Layers
Scoped Role Assignment Mapper
Dynamic role assignment based on organizational hierarchy and contextual scopes
Organization Lifecycle Events SPI
Real-Time Sync of Organizational Changes via Event-Driven Architecture
User Interface (5)
User Avatar Management for Keycloak
Secure, Pluggable Profile Image Support for IAM Users
Dynamic Branding Extension for Keycloak
Per-Tenant Theming with Logo, Color, and Flow Customization
Custom Login & Account Pages for Keycloak
Secure, Branded, and Accessible Interfaces with Full Theming Support
Login Error Feedback Enhancer for Keycloak
Contextual, Secure, and Localized Error Handling for Better UX
Last Login Listener for Keycloak
Track, Display, and React to User Login Timestamps
Integration (4)
Kafka Event Publisher SPI
Emit Keycloak and Keymate lifecycle events to Kafka via outbox-driven, transaction-safe delivery
Identity Connectors for Public Registries
Real-Time Identity Sync from Government Systems to IAM
Event Filtering SPI for Kafka
Filtered Event Publishing by Tenant, Role, and Type
Session Sync SPI
Real-Time Session Synchronization Across IAM Systems