@n8n-dev/n8n-nodes-keycloak
v1.0.1
Published
Keycloak Admin REST API reference.
Maintainers
Readme
@n8n-dev/n8n-nodes-keycloak
Stop writing keycloak API integrations by hand.
Every time you connect n8n to keycloak, you waste hours mapping endpoints, defining parameters, and debugging schemas. You copy-paste from docs, fix edge cases, and pray nothing breaks.
What if connecting n8n to keycloak took 5 minutes, not half a day?
This node gives you 21+ resources out of the box: Root, Realms Admin, User Storage Provider, Attack Detection, Authentication Management, and 16 more: with full CRUD operations, typed parameters, and zero manual configuration.
What You Get
- Zero boilerplate: Resources, operations, and fields are pre-configured and ready to use
- Full CRUD: Create, read, update, and delete support where the API allows it
- Typed parameters: No more guessing field types
- Built-in auth: API key authentication, ready to go
- Declarative: Native n8n performance, no custom execute() overhead
Install
npm install @n8n-dev/n8n-nodes-keycloakOr in n8n:
- Settings → Community Nodes → Install
- Search:
@n8n-dev/n8n-nodes-keycloak - Click Install
Quick Start
- Install the node (above)
- Add credentials: keycloak API → paste your API key
- Drag the keycloak node into your workflow
- Pick a resource → pick an operation → done.
That's it. No configuration files. No code. It just works.
Resources
- Get themes social providers auth providers and event listeners available on this server
- Post Import a realm Imports a realm from a full representation of that realm
- Delete the realm
- Get the top level representation of the realm It will not include nested information like User and Client representations
- Put Update the top level information of the realm Any user roles or client information in the representation will be ignored
- Delete all admin events
- Get admin events Returns all admin events or filters events based on URL query parameters listed here
- Post Clear cache of external public keys Public keys of clients or Identity providers
- Post Clear realm cache
- Post Clear user cache
- Post Base path for importing clients under this realm
- Get client session stats Returns a JSON map
- Get Credential Registrators
- Get realm default client scopes
- Delete Default Default Client Scopes
- Put Default Default Client Scopes
- Get group hierarchy
- Delete Default Groups
- Put Default Groups
- Get realm optional client scopes
- Delete Default Optional Client Scopes
- Put Default Optional Client Scopes
- Delete all events
- Get events Returns all events or filters them based on URL query parameters listed here
- Get the events provider configuration Returns JSON object with events provider configuration
- Put Update the events provider Change the events provider and or its configuration
- Get Group By Path
- Post Removes all user sessions
- Post Partial export of existing realm into a JSON file
- Post Partial import from a JSON file to an existing realm
- Post Push the realm s revocation policy to any client that has an admin URL associated with it
- Delete Remove a specific user session
- Post Test LDAP connection
- Post Test SMTP Connection
- Get Users Management Permissions
- Put Users Management Permissions
- Get Need this for admin console to display simple name of provider when displaying client detail KEYCLOAK 4328
- Get Need this for admin console to display simple name of provider when displaying user detail KEYCLOAK 4328
- Post Remove imported users
- Post Trigger sync of users Action can be triggerFullSync or triggerChangedUsersSync
- Post Unlink imported users from a storage provider
- Post Trigger sync of mapper data related to ldap mapper roles groups direction is fedToKeycloak or keycloakToFed
- Delete Clear any user login failures for all users This can release temporary disabled users
- Get status of a username in brute force detection
- Get authenticator providers Returns a list of authenticator providers
- Get client authenticator providers Returns a list of client authenticator providers
- Get authenticator provider s configuration description
- Delete authenticator configuration
- Get authenticator configuration
- Put Update authenticator configuration
- Post Add new authentication execution
- Delete execution
- Get Single Execution
- Post Update execution with new configuration
- Post Lower execution s priority
- Post Raise execution s priority
- Get authentication flows Returns a list of authentication flows
- Post Create a new authentication flow
- Post Copy existing authentication flow under a new name The new name is given as newName attribute of the passed JSON object
- Get authentication executions for a flow
- Put Update authentication executions of a flow
- Post Add new authentication execution to a flow
- Post Add new flow with new execution to existing flow
- Delete an authentication flow
- Put Update an authentication flow
- Get form action providers Returns a list of form action providers
- Get form providers Returns a list of form providers
- Get configuration descriptions for all clients
- Post Register a new required actions
- Get required actions Returns a list of required actions
- Delete required action
- Put Update required action
- Post Lower required action s priority
- Post Raise required action s priority
- Get unregistered required actions Returns a list of unregistered required actions
- Get Base path for retrieve providers with the configProperties properly filled
- Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm
- Post Create a new client scope Client Scope s name must be unique
- Delete the client scope
- Put Update the client scope
- Delete the mapper
- Get mapper by ID
- Put Update the mapper
- Post Create multiple mappers
- Post Create a mapper
- Get mappers by name for a specific protocol
- Delete the mapper
- Get mapper by ID
- Put Update the mapper
- Post Create multiple mappers
- Post Create a mapper
- Get mappers by name for a specific protocol
- Get all scope mappings for the client
- Delete Remove client level roles from the client s scope
- Get the roles associated with a client s scope Returns roles for the client
- Post Add client level roles to the client s scope
- Get The available client level roles Returns the roles for the client that can be associated with the client s scope
- Get effective client roles Returns the roles for the client that are associated with the client s scope
- Delete Remove a set of realm level roles from the client s scope
- Get realm level roles associated with the client s scope
- Post Add a set of realm level roles to the client s scope
- Get realm level roles that are available to attach to this client s scope
- Get effective realm level roles associated with the client s scope What this does is recurse any composite roles associated with the client s scope and adds the roles to this lists
- Get all scope mappings for the client
- Delete Remove client level roles from the client s scope
- Get the roles associated with a client s scope Returns roles for the client
- Post Add client level roles to the client s scope
- Get The available client level roles Returns the roles for the client that can be associated with the client s scope
- Get effective client roles Returns the roles for the client that are associated with the client s scope
- Delete Remove a set of realm level roles from the client s scope
- Get realm level roles associated with the client s scope
- Post Add a set of realm level roles to the client s scope
- Get realm level roles that are available to attach to this client s scope
- Get effective realm level roles associated with the client s scope What this does is recurse any composite roles associated with the client s scope and adds the roles to this lists
- Get clients belonging to the realm Returns a list of clients belonging to the realm
- Post Create a new client Client s client ID must be unique
- Delete the client
- Put Update the client
- Get the client secret
- Post Generate a new secret for the client
- Get default client scopes
- Delete Clients Default Client Scopes
- Put Clients Default Client Scopes
- Get Create JSON with payload of example access token
- Get Return list of all protocol mappers which will be used when generating tokens issued for particular client
- Get effective scope mapping of all roles of particular role container which this client is defacto allowed to have in the accessToken issued for him
- Get roles which this client doesn t have scope for and can t have them in the accessToken issued for him
- Get Clients Installation Providers
- Get Return object stating whether client Authorization permissions have been initialized or not and a reference
- Put Return object stating whether client Authorization permissions have been initialized or not and a reference
- Post Register a cluster node with the client Manually register cluster node to this client usually it s not needed to call this directly as adapter should handle by sending registration request to Keycloak
- Delete Unregister a cluster node from the client
- Get application offline session count Returns a number of offline user sessions associated with this client count number
- Get offline sessions for client Returns a list of offline user sessions associated with this client
- Get optional client scopes
- Delete Clients Optional Client Scopes
- Put Clients Optional Client Scopes
- Post Push the client s revocation policy to its admin URL If the client has an admin URL push revocation policy to it
- Post Generate a new registration access token for the client
- Get a user dedicated to the service account
- Get application session count Returns a number of user sessions associated with this client count number
- Get Test if registered cluster nodes are available Tests availability by sending ping request to all cluster nodes
- Get user sessions for client Returns a list of user sessions associated with this client
- Get Clients Initial Access
- Post Create a new initial access token
- Delete Clients Initial Access
- Get key info
- Post Get a keystore file for the client containing private key and public certificate
- Post Generate a new certificate with new key pair
- Post Generate a new keypair and certificate and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format
- Post Upload certificate and eventually private key
- Post Upload only certificate not private key
- Get all roles for the realm or client
- Post Create a new role for the realm or client
- Delete a role by name
- Put Update a role by name
- Delete Remove roles from the role s composite
- Get composites of the role
- Post Add a composite to the role
- Get An app level roles for the specified app for the role s composite
- Get realm level roles of the role s composite
- Get Return List of Groups that have the specified role name
- Get Return object stating whether role Authoirzation permissions have been initialized or not and a reference
- Put Return object stating whether role Authoirzation permissions have been initialized or not and a reference
- Get Return List of Users that have the specified role name
- Get all roles for the realm or client
- Post Create a new role for the realm or client
- Delete a role by name
- Put Update a role by name
- Delete Remove roles from the role s composite
- Get composites of the role
- Post Add a composite to the role
- Get An app level roles for the specified app for the role s composite
- Get realm level roles of the role s composite
- Get Return List of Groups that have the specified role name
- Get Return object stating whether role Authoirzation permissions have been initialized or not and a reference
- Put Return object stating whether role Authoirzation permissions have been initialized or not and a reference
- Get Return List of Users that have the specified role name
- Get Components
- Post Components
- Delete Components
- Put Components
- Get List of subcomponent types that are available to configure for a particular parent component
- Get group hierarchy
- Post create or add a top level realm groupSet or create child
- Get Returns the groups counts
- Delete Groups
- Put Update group ignores subgroups
- Post Set or create child
- Get Return object stating whether client Authorization permissions have been initialized or not and a reference
- Put Return object stating whether client Authorization permissions have been initialized or not and a reference
- Get users Returns a list of users filtered according to query parameters
- Get role mappings
- Delete realm level role mappings
- Get realm level role mappings
- Post Add realm level role mappings to the user
- Get realm level roles that can be mapped
- Get effective realm level role mappings This will recurse all composite roles to get the result
- Get role mappings
- Delete realm level role mappings
- Get realm level role mappings
- Post Add realm level role mappings to the user
- Get realm level roles that can be mapped
- Get effective realm level role mappings This will recurse all composite roles to get the result
- Delete client level roles from user role mapping
- Get client level role mappings for the user and the app
- Post Add client level roles to the user role mapping
- Get available client level roles that can be mapped to the user
- Get effective client level role mappings This recurses any composite roles
- Delete client level roles from user role mapping
- Get client level role mappings for the user and the app
- Post Add client level roles to the user role mapping
- Get available client level roles that can be mapped to the user
- Get effective client level role mappings This recurses any composite roles
- Post Import identity provider from uploaded JSON file
- Get identity providers
- Post Create a new identity provider
- Delete the identity provider
- Put Update the identity provider
- Get Export public broker configuration for identity provider
- Get Return object stating whether client Authorization permissions have been initialized or not and a reference
- Put Return object stating whether client Authorization permissions have been initialized or not and a reference
- Get mapper types for identity provider
- Get mappers for identity provider
- Post Add a mapper to identity provider
- Delete a mapper for the identity provider
- Put Update a mapper for the identity provider
- Get identity providers
- Get Keys
- Delete the role
- Get a specific role s representation
- Put Update the role
- Delete Remove a set of roles from the role s composite
- Get role s children Returns a set of role s children provided the role is a composite
- Post Make the role a composite role by associating some child roles
- Get client level roles for the client that are in the role s composite
- Get realm level roles that are in the role s composite
- Get Return object stating whether role Authoirzation permissions have been initialized or not and a reference
- Put Return object stating whether role Authoirzation permissions have been initialized or not and a reference
- Get users Returns a list of users filtered according to query parameters
- Post Create a new user Username must be unique
- Get Returns the number of users that match the given criteria
- Delete the user
- Put Update the user
- Get Return credential types which are provided by the user storage where user is stored
- Get consents granted by the user
- Delete Revoke consent and offline tokens for particular client from user
- Get Users Credentials
- Delete Remove a credential for a user
- Post Move a credential to a position behind another credential
- Post Move a credential to a first position in the credentials list of the user
- Put Update a credential label for a user
- Put Disable all credentials for a user of a specific type
- Put Send a update account email to the user An email contains a link the user can click to perform a set of required actions
- Get social logins associated with the user
- Delete Remove a social login provider from user
- Post Add a social login provider to the user
- Get Users Groups
- Get Users Groups Count
- Delete Users Groups
- Put Users Groups
- Post Impersonate the user
- Post Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user
- Get offline sessions associated with the user and client
- Put Set up a new password for the user
- Put Send an email verification email to the user An email contains a link the user can click to verify their email address
- Get sessions associated with the user
Why This Node?
Without this node:
- Hours of manual API integration
- Copy-pasting from keycloak docs
- Debugging auth, pagination, error handling
- Maintaining your own client code
With this node:
- Install → configure → use. 5 minutes.
- Auto-generated from the official keycloak OpenAPI spec
- Always up to date when the API changes
- Native n8n performance
Auto-Generated
This node was auto-generated from the official keycloak OpenAPI specification using @n8n-dev/n8n-openapi-node-ultimate, then validated against the live API so you get accurate types and real parameters, not guesswork.
When the keycloak API updates, this node updates too.
License
MIT © kelvinzer0
