{"id":44518783,"url":"https://github.com/grnet/eidas-keycloak-extension","last_synced_at":"2026-02-13T17:31:03.365Z","repository":{"id":63673585,"uuid":"433094829","full_name":"grnet/eidas-keycloak-extension","owner":"grnet","description":"Keycloak Identity Provider Extension which supports the extended SAML v2.0 dialect of the European Union eIDAS Nodes.","archived":false,"fork":false,"pushed_at":"2025-03-27T14:50:35.000Z","size":1732,"stargazers_count":32,"open_issues_count":7,"forks_count":8,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-03-27T15:30:46.285Z","etag":null,"topics":["eidas","eidas-broker","extension","idp","keycloak","saml"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/grnet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-29T15:24:18.000Z","updated_at":"2025-03-27T14:50:39.000Z","dependencies_parsed_at":"2023-12-30T11:35:02.537Z","dependency_job_id":"546f04a9-faeb-47f9-be34-c39560ef894a","html_url":"https://github.com/grnet/eidas-keycloak-extension","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/grnet/eidas-keycloak-extension","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grnet%2Feidas-keycloak-extension","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grnet%2Feidas-keycloak-extension/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grnet%2Feidas-keycloak-extension/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grnet%2Feidas-keycloak-extension/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/grnet","download_url":"https://codeload.github.com/grnet/eidas-keycloak-extension/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grnet%2Feidas-keycloak-extension/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29413365,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-13T06:24:03.484Z","status":"ssl_error","status_checked_at":"2026-02-13T06:23:12.830Z","response_time":78,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["eidas","eidas-broker","extension","idp","keycloak","saml"],"created_at":"2026-02-13T17:31:02.889Z","updated_at":"2026-02-13T17:31:03.360Z","avatar_url":"https://github.com/grnet.png","language":"Java","funding_links":[],"categories":["eIDAS and Digital Identity"],"sub_categories":[],"readme":"# Eidas Keycloak Extension\n\nThis repository contains a [keycloak](https://www.keycloak.org/) extension which adds support for the\nSAML v2.0 dialect of the [eIDAS](https://en.wikipedia.org/wiki/EIDAS) nodes.\nIt provides an identity provider extension which allows keycloak to be setup as an \"identity broker\".\n\n[Keycloak](https://www.keycloak.org/about) is an open source Identity and Access Management system for modern\napplications.\n\n[eIDAS-Nodes](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5) are operated\nfrom EU member states according to the eIDAS Regulation in order to ensure that people and businesses can use\ntheir own national eIDs (electronic identification schemes) to access public services available online in\nother countries.\n\nThe eIDAS Nodes use an extended version of SAML v2.0 which defines a number of SAML elements and attribute\ndefinitions which are not supported by default in standard SAML implementations. This extension provides support\nfor these extensions, by offering a custom IdP which can use this extended dialect.\n\nSee [eIDAS+eID+Profile](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+eID+Profile) and the\nfollowing documents for the v1.2 technical specifications:\n\n- [eIDAS - Interoperability Architecture v1.2](https://ec.europa.eu/cefdigital/wiki/download/attachments/82773108/eIDAS%20Interoperability%20Architecture%20v.1.2%20Final.pdf)\n- [eIDAS - Cryptographic requirements for the Interoperability Framework v1.2](https://ec.europa.eu/cefdigital/wiki/download/attachments/82773108/eIDAS%20Cryptographic%20Requirement%20v.1.2%20Final.pdf)\n- [eIDAS SAML Message Format v1.2](https://ec.europa.eu/cefdigital/wiki/download/attachments/82773108/eIDAS%20SAML%20Message%20Format%20v.1.2%20Final.pdf)\n- [eIDAS SAML Attribute Profile v1.2](https://ec.europa.eu/cefdigital/wiki/download/attachments/82773108/eIDAS%20SAML%20Attribute%20Profile%20v1.2%20Final.pdf)\n\n# Installation\n\nDownload the latest release jar from the releases page. Then deploy it in keycloak by copying it at folder\n`KEYCLOAK_HOME/standalone/deployments/`. See the keycloak [documentation](https://www.keycloak.org/docs/latest/server_installation/index.html#distribution-directory-structure) for the directory structure of the keycloak server.\n\n# Compatibility\n\n| Extension version | Keycloak version                  |\n| ----------------- | --------------------------------- |\n| 0.5               | 15.0.2 - 18.0.2                   |\n| 0.6               | 18.0.2, 19.0.2 (partial admin UI) |\n| 0.7               | 20.0.2 (partial admin UI)         |\n| 0.8               | 21.0.1 (partial admin UI)         |\n| 0.9               | 22.0.3 (partial admin UI)         |\n| 0.10              | 23.0.2 (partial admin UI)         |\n| 0.11              | 24.0.4                            |\n| 0.12              | 25.0.6                            |\n| 0.13              | 26.0.0                            |\n\nDepending on the version of keycloak (between 18 and 23) the admin UI might not show the extra attributes and you might need to configure the\nextension by editing the configuration inside the DB.\nAnother possibility is to import your realm from json and thus be able to configure the extension. See this [example](howto/example.config.json) for an example.\n\n# Providers\n\nThe extension provides the following components which are needed in order to connect to an eIDAS node using\nthe extended definitions of the eIDAS technical specifications:\n\n- Identity provider \"eIDAS SAML v2.0\" which is an extended version of the default \"SAML v2.0\" IdP.\n- Mapper \"Username Template Importer\" which can be used to setup the ID or username for federated user lookup.\n- Mapper \"Attribute Importer\" which can be used to import additional attributes.\n- Authenticator \"Citizen Country Selection\" which can collect the citizen country before authentication.\n\n# Setup\n\n- Setup the keycloak realm key provider for signing requests according to the eIDAS specifications.\n  Depending on the setup of the eIDAS node that you are trying to connect, it might be important that the\n  certificate contains the correct country code.\n- Add the \"eIDAS SAML v2.0\" identity provider.\n- Setup the \"eIDAS SAML v2.0\" identity provider by setting the classic \"SAML v2.0\" options and the\n  additional eIDAS specific options.\n- Add a \"Username Template Importer\" with template something like `${ALIAS}.${ATTRIBUTE.PersonIdentifier}` and target `BROKER_ID`.\n  You can also adjust the username in a similar fashion.\n- Add \"Attribute Importer\" for the attributes you want to consume, e.g. \"DateOfBirth\".\n- Go to \"Authentication\" and copy the \"Browser\" flow.\n- After the \"Cookie\" execution add an \"eIDAS\" flow which contains the following two executions:\n  - Citizen Country Selection. Use the \"Actions\" menu to configure this by adjusting the available country codes. These codes\n    are two letter names.\n  - Identity Provider Redirector. Use the \"Actions\" menu to adjust the \"Default Identity Provider\" to \"eidas-saml\", in order for\n    the redirection to happen automatically.\n- Set the new flow as default in the \"Browser Flow\" bindings.\n- Adjust depending on your use case the \"First Broker Login\" and additional properties.\n\nYou can find a very simple howto guide at [howto/README.md](howto/README.md).\n\n# Build and Install\n\nBuild the project using maven\n\n```\nmvn install\n```\n\nYou can find the jar under `target/keycloak-eidas-idp-x.x.x.jar`.\n\n# License\n\nApache License, Version 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrnet%2Feidas-keycloak-extension","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgrnet%2Feidas-keycloak-extension","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrnet%2Feidas-keycloak-extension/lists"}