How it works
Keycloak extensions (called providers) are JAR files placed in /opt/keycloak/providers/ before running kc.sh build. Finding and keeping track of community extensions across GitHub and Maven Central is
tedious.
This registry is a central index of community extensions. You can browse by category, read changelogs, download JARs directly from each extension's page, or use the Docker integration to pull them straight into your image.
Installing extensions
Manual download
simplest option
Go to any extension's Versions tab and click Download to get the JAR. Drop it into your /opt/keycloak/providers/ folder and run kc.sh build.
Each version shows its SHA-256 digest so you can verify the file before use.
Docker integration
recommended for containerised setups
For every extension version indexed, the registry publishes a minimal OCI image containing
just the JAR. Reference it with COPY --from= in your Dockerfile. Docker pulls the image at build time, no extra tools needed. Adding another
extension is one more line. The pattern never changes.
FROM quay.io/keycloak/keycloak AS builder
COPY --from=kcer.dev/providers/home-idp-discovery:v26.1.0 /providers/ /opt/keycloak/providers/
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
CMD ["start", "--optimized"]