Scribd
Upload
302 views10 pages

All Provider Configuration - Keycloak

The document provides a complete list of all available provider configuration options in Keycloak. It includes configuration options for authentication sessions, the CIBA authentication channel, HTTP client connections, JPA connections, database locking, and the email events listener. Each configuration option is accompanied by its default value or possible values.

Uploaded by

hisyam darwis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
302 views10 pages

All Provider Configuration - Keycloak

The document provides a complete list of all available provider configuration options in Keycloak. It includes configuration options for authentication sessions, the CIBA authentication channel, HTTP client connections, JPA connections, database locking, and the email events listener. Each configuration option is accompanied by its default value or possible values.

Uploaded by

hisyam darwis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

30/03/2023, 11:02 All provider configuration - Keycloak

Guides / Server / All provider configuration

All provider configuration


Complete list of all the available provider configuration options

authentication-sessions
infinispan
Value

 spi-authentication-sessions-infinispan-auth-sessions-limit 300 (default) or any


The maximum number of concurrent authentication sessions per int
RootAuthenticationSession.

map
Value

 spi-authentication-sessions-map-auth-sessions-limit 300 (default) or any


The maximum number of concurrent authentication sessions per int
RootAuthenticationSession.

ciba-auth-channel
ciba-http-auth-channel

https://www.keycloak.org/server/all-provider-config 1/10
30/03/2023, 11:02 All provider configuration - Keycloak

Value

 any string
spi-ciba-auth-channel-ciba-http-auth-channel-http-
authentication-channel-uri
The HTTP(S) URI of the authentication channel.

connections-http-client
default
Value

 spi-connections-http-client-default-client-key-password -1 (default) or any


The key password. string

 spi-connections-http-client-default-client-keystore any string


The file path of the key store from where the key material is going to
be read from to set-up TLS connections.

 spi-connections-http-client-default-client-keystore-password any string


The key store password.

 spi-connections-http-client-default-connection-pool-size any int


Assigns maximum total connection value.

 spi-connections-http-client-default-connection-ttl-millis -1 (default) or any


Sets maximum time, in milliseconds, to live for persistent connections. long

 spi-connections-http-client-default-disable-cookies true (default),


Disables state (cookie) management. false

 spi-connections-http-client-default-disable-trust-manager true , false


Disable trust management and hostname verification. (default)

 -1 (default) or any
spi-connections-http-client-default-establish-connection- long
timeout-millis
When trying to make an initial socket connection, what is the timeout?

https://www.keycloak.org/server/all-provider-config 2/10
30/03/2023, 11:02 All provider configuration - Keycloak

Value

 900000 (default) or
spi-connections-http-client-default-max-connection-idle-time- any long
millis
Sets the time, in milliseconds, for evicting idle connections from the
pool.

 spi-connections-http-client-default-max-pooled-per-route 64 (default) or any


Assigns maximum connection per route value. int

 spi-connections-http-client-default-proxy-mappings any string


Denotes the combination of a regex based hostname pattern and a
proxy-uri in the form of hostnamePattern;proxyUri.

 spi-connections-http-client-default-reuse-connections true (default),


If connections should be reused. false

 spi-connections-http-client-default-socket-timeout-millis 5000 (default) or any


Socket inactivity timeout. long

connections-jpa
legacy
Value

 spi-connections-jpa-legacy-initialize-empty true (default),


Initialize database if empty. false

 spi-connections-jpa-legacy-migration-export any string


Path for where to write manual database initialization/migration file.

 spi-connections-jpa-legacy-migration-strategy update (default),


Strategy to use to migrate database. manual , validate

dblock
jpa
https://www.keycloak.org/server/all-provider-config 3/10
30/03/2023, 11:02 All provider configuration - Keycloak

Value

 spi-dblock-jpa-lock-wait-timeout any int


The maximum time to wait when waiting to release a database lock.

events-listener
email
Value

 spi-events-listener-email-exclude-events authreqid_to_token ,
A comma-separated list of events that should not authreqid_to_token_error ,
be sent via email to the user’s account. client_delete , client_delete_error ,
client_info , client_info_error ,
client_initiated_account_linking ,
client_initiated_account_linking_error ,
client_login , client_login_error ,
client_register ,
client_register_error , client_update ,
client_update_error , code_to_token ,
code_to_token_error ,
custom_required_action ,
custom_required_action_error ,
delete_account , delete_account_error ,
execute_action_token ,
execute_action_token_error ,
execute_actions ,
execute_actions_error ,
federated_identity_link ,
federated_identity_link_error ,
grant_consent , grant_consent_error ,
identity_provider_first_login ,
identity_provider_first_login_error ,
identity_provider_link_account ,
identity_provider_link_account_error ,
identity_provider_login ,
identity_provider_login_error ,
identity_provider_post_login ,
identity_provider_post_login_error ,

https://www.keycloak.org/server/all-provider-config 4/10
30/03/2023, 11:02 All provider configuration - Keycloak

Value

identity_provider_response ,
identity_provider_response_error ,
identity_provider_retrieve_token ,
identity_provider_retrieve_token_error ,
impersonate , impersonate_error ,
introspect_token ,
introspect_token_error ,
invalid_signature ,
invalid_signature_error , login ,
login_error , logout , logout_error ,
oauth2_device_auth ,
oauth2_device_auth_error ,
oauth2_device_code_to_token ,
oauth2_device_code_to_token_error ,
oauth2_device_verify_user_code ,
oauth2_device_verify_user_code_error ,
permission_token ,
permission_token_error ,
pushed_authorization_request ,
pushed_authorization_request_error ,
refresh_token , refresh_token_error ,
register , register_error ,
register_node , register_node_error ,
remove_federated_identity ,
remove_federated_identity_error ,
remove_totp , remove_totp_error ,
reset_password , reset_password_error ,
restart_authentication ,
restart_authentication_error ,
revoke_grant , revoke_grant_error ,
send_identity_provider_link ,
send_identity_provider_link_error ,
send_reset_password ,
send_reset_password_error ,
send_verify_email ,
send_verify_email_error ,
token_exchange , token_exchange_error ,
unregister_node ,
unregister_node_error , update_consent ,
update_consent_error , update_email ,
update_email_error , update_password ,
https://www.keycloak.org/server/all-provider-config 5/10
30/03/2023, 11:02 All provider configuration - Keycloak

Value

update_password_error , update_profile ,
update_profile_error , update_totp ,
update_totp_error , user_info_request ,
user_info_request_error ,
validate_access_token ,
validate_access_token_error ,
verify_email , verify_email_error ,
verify_profile , verify_profile_error

 spi-events-listener-email-include-events authreqid_to_token ,
A comma-separated list of events that should be authreqid_to_token_error ,
sent via email to the user’s account. client_delete , client_delete_error ,
client_info , client_info_error ,
client_initiated_account_linking ,
client_initiated_account_linking_error ,
client_login , client_login_error ,
client_register ,
client_register_error , client_update ,
client_update_error , code_to_token ,
code_to_token_error ,
custom_required_action ,
custom_required_action_error ,
delete_account , delete_account_error ,
execute_action_token ,
execute_action_token_error ,
execute_actions ,
execute_actions_error ,
federated_identity_link ,
federated_identity_link_error ,
grant_consent , grant_consent_error ,
identity_provider_first_login ,
identity_provider_first_login_error ,
identity_provider_link_account ,
identity_provider_link_account_error ,
identity_provider_login ,
identity_provider_login_error ,
identity_provider_post_login ,
identity_provider_post_login_error ,
identity_provider_response ,
identity_provider_response_error ,
identity_provider_retrieve_token ,

https://www.keycloak.org/server/all-provider-config 6/10
30/03/2023, 11:02 All provider configuration - Keycloak

Value

identity_provider_retrieve_token_error ,
impersonate , impersonate_error ,
introspect_token ,
introspect_token_error ,
invalid_signature ,
invalid_signature_error , login ,
login_error , logout , logout_error ,
oauth2_device_auth ,
oauth2_device_auth_error ,
oauth2_device_code_to_token ,
oauth2_device_code_to_token_error ,
oauth2_device_verify_user_code ,
oauth2_device_verify_user_code_error ,
permission_token ,
permission_token_error ,
pushed_authorization_request ,
pushed_authorization_request_error ,
refresh_token , refresh_token_error ,
register , register_error ,
register_node , register_node_error ,
remove_federated_identity ,
remove_federated_identity_error ,
remove_totp , remove_totp_error ,
reset_password , reset_password_error ,
restart_authentication ,
restart_authentication_error ,
revoke_grant , revoke_grant_error ,
send_identity_provider_link ,
send_identity_provider_link_error ,
send_reset_password ,
send_reset_password_error ,
send_verify_email ,
send_verify_email_error ,
token_exchange , token_exchange_error ,
unregister_node ,
unregister_node_error , update_consent ,
update_consent_error , update_email ,
update_email_error , update_password ,
update_password_error , update_profile ,
update_profile_error , update_totp ,
update_totp_error , user_info_request ,
https://www.keycloak.org/server/all-provider-config 7/10
30/03/2023, 11:02 All provider configuration - Keycloak

Value

user_info_request_error ,
validate_access_token ,
validate_access_token_error ,
verify_email , verify_email_error ,
verify_profile , verify_profile_error

jboss-logging
Value

 spi-events-listener-jboss-logging-error-level debug , error ,


The log level for error messages. fatal , info , trace ,
warn (default)

 spi-events-listener-jboss-logging-success-level debug (default),


The log level for success messages. error , fatal , info ,
trace , warn

map-storage
jpa
Value

 spi-map-storage-jpa-lock-timeout 10000 (default) or any


The maximum time to wait in milliseconds when waiting for acquiring a long
pessimistic read lock.

resource-encoding
gzip

https://www.keycloak.org/server/all-provider-config 8/10
30/03/2023, 11:02 All provider configuration - Keycloak

Value

 spi-resource-encoding-gzip-excluded-content-types image/png image/jpeg

A space separated list of content-types to exclude from encoding. (default) or any


string

sticky-session-encoder
infinispan
Value

 spi-sticky-session-encoder-infinispan-should-attach-route true (default),


If the route should be attached to cookies to reflect the node that false
owns a particular session.

truststore
file
Value

 spi-truststore-file-file any string


The file path of the trust store from where the certificates are going to
be read from to validate TLS connections.

 spi-truststore-file-hostname-verification-policy any , wildcard


The hostname verification policy. (default), strict

 spi-truststore-file-password any string


The trust store password.

 spi-truststore-file-type any string


Type of the truststore.

well-known
https://www.keycloak.org/server/all-provider-config 9/10
30/03/2023, 11:02 All provider configuration - Keycloak

openid-configuration
Value

 spi-well-known-openid-configuration-include-client-scopes true (default),


If client scopes should be used to calculate the list of supported false
scopes.

 any string
spi-well-known-openid-configuration-openid-configuration-
override
The file path from where the metadata should be loaded from.

On this page

authentication-sessions
infinispan
map

ciba-auth-channel

connections-http-client
connections-jpa
dblock

events-listener
map-storage
resource-encoding
sticky-session-encoder
truststore

well-known

 Edit this guide

Sponsored by

https://www.keycloak.org/server/all-provider-config 10/10

You might also like