Version 1.0.0

First stable release of Keycloak GeoAware.

Requirements

  • Keycloak 26 or later

Features

GeoAware IP Authenticator

Adds geolocation-based access control to Keycloak authentication flows.

Conditions:

  • Always
  • On IP change
  • Unknown IP
  • Unknown location (uses accuracy radius overlap for comparison)

Actions:

  • Notification email
  • Deny access
  • Log
  • Disable user

GeoAware Device Authenticator

Adds device-based access control to Keycloak authentication flows, using the User-Agent header to identify devices.

Conditions:

  • Always
  • Device changed
  • Unknown device

Actions:

  • Notification email
  • Deny access
  • Log
  • Disable user

GeoIP Providers

Support for multiple geolocation data sources:

  • IPinfo: IPinfo web service API
  • MaxMind File: Local MaxMind MMDB database files
  • MaxMind File Autodownload: Automatically downloads and keeps MaxMind databases up to date
  • MaxMind Webservice: MaxMind GeoIP web service API

Login History Tracking

Persistent login history per user, stored in a dedicated database table (geoaware_login_record). Tracks IP address, geolocation, device, and timestamp for each login event.

The geoaware-login-tracker event listener must be activated in realm settings for tracking to work.

Email Notifications

HTML and plain-text email alerts when a login is detected from a new IP address/location or from a new device. Emails are localised in English and German.

GeoIP Caching

Built-in caching layer for GeoIP lookups to reduce the number of external API calls.

Changes since 0.0.1-rc

  • Improved release pipeline with Maven Central publishing
  • Extension is now available on Maven Central (org.b2code:keycloak-geoaware)
  • Artifact renamed to keycloak-geoaware
This site uses Just the Docs, a documentation theme for Jekyll.