Skip to content

How to send Keycloak events as a webhook

silver imac on brown wooden table

Keycloak out of the box provides a lot of value as an IAM provider. On this blog post, I will talk about how I extended user jessylenne existing work on sending Keycloak webhook events to a third party provider.


The original git repository has a convenient README available, explaining how to build, deploy, and consume the webhook event. However, because I am not primarily a Java programmer, I prefer not to have to manually install the dependencies and development environment needed to run the project. Specifically, I need to be able to run Java and use Maven as my dependency manager.

My contribution is to build a Dockerfile and a Makefile so that fellow developers that are already using Docker can simply run one make command to generate the Java build output (JAR files) and go along their merry way.

You can access my fork here.


There’s really only two steps: build and deploy.


First, clone my fork of the repository that contains the Dockerfile and Makefile changes.

Note: There won’t be any need to customize the source files. You will simply inject the target webhook URL and username and password using XML later (see deployment stage).

To build the jar files, on the root directory of the project, run the command make package-image. This runs the build process for the keycloak webhook event project, and then subsequently, this copies the resulting JAR files to the mvn-output folder at the root directory of the project.

If you encounter any issues during building of the output image, such as in the case of permission issues, simply grant ownership of the mvn-output directory to the current $USER. This is explained in the README.


To use the newly generated Keycloak plugin (packaged as a .jar file), you simply need to upload the file to your keycloak’s instance and configure your Keycloak instance configuration settings (specific to this plugin).

User Jessylenne describes the deployment process simply:

Copy the event-listener-http-jar-with-dependencies.jar to {KEYCLOAK_HOME}/standalone/deployments

Edit standalone.xml to configure the Webhook settings. Find the following section in the configuration.

User jessylenne, on deployments

The following enables you to customize the target of the webhook.

<spi name="eventsListener">
    <provider name="mqtt" enabled="true">
            <property name="serverUri" value=""/>
            <property name="username" value="auth_user"/>
            <property name="password" value="auth_password"/>
            <property name="topic" value="my_topic"/>

That’s all to it. Your keycloak instance should recognize the change. If not, simply restart your keycloak instance to detect your plugin, and you should be receiving webhook events at your target service!

New to

Hi there reader! My name is Darren and I write about technology, learning, and gaming for mid to senior level software engineers. I love learning and finding lessons (and mistakes) in things that I do.

Sharing what we learn enables us to encourage, uplift, and empower the next set of engineering problem solvers. Writing them down also reminds me to seal the lesson in and not forget them!

I have a series of mental models that helps you think and strategize for problems whether in engineering or in your personal life. I also share short stories about reflections of my life, studying the similarities of playing competitively both in games and in performance at work.

Here are some trending things I’ve been talking about lately:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.