Themes
Keycloak provides theme support for web pages and emails. This allows customizing the look
and feel of end-user facing pages so they can be integrated with your applications.
Theme types
A theme can support several types to customize different aspects of Keycloak. The types currently available
are:
Account - Account management
Admin - Admin console
Email - Emails
Login - Login forms
Welcome - Welcome pages
Configure theme
All theme types, except welcome, is configured through Keycloak Admin Console. To change
the theme used for a realm open the Keycloak Admin Console, select your realm
from the drop-down box in the top left corner. Under Settings click on Theme.
To set the theme for the master Keycloak admin console set the admin console theme for
the master realm. To set the theme for per realm admin access control set the admin console
theme for the corresponding realm.
To change the welcome theme you need to edit standalone/configuration/keycloak-server.json
and add welcomeTheme to the theme element, for example:
"theme": {
...
"welcomeTheme": "custom-theme"
}
Default themes
Keycloak comes bundled with default themes in the server's root themes directory.
You should not edit the bundled themes directly. Instead create a new theme that extends a
bundled theme.
Creating a theme
A theme consists of:
FreeMarker templates
Stylesheets
Scripts
Images
Message bundles
Theme properties
A theme can extend another theme. When extending a theme you can override individual files (templates, stylesheets, etc.).
The recommended way to create a theme is to extend the base theme. The base theme provides templates
and a default message bundle. If you decide to override templates bear in mind that you may need to update
your templates when upgrading to a new release to include any changes made to the original template.
Before creating a theme it's a good idea to disable caching as this makes it possible to edit theme resources
without restarting the server. To do this open ../standalone/configuration/keycloak-server.json
for theme set staticMaxAge to -1 and
cacheTemplates and cacheThemes to false. For example:
[
Remember to re-enable caching in production as it will significantly impact performance.
To create a new theme create a directory for the theme in the server's root themes.
The name of the directory should be the name of the theme. For example to create a theme called example-theme
create the directory themes/example-theme. Inside the theme
directory you then need to create a directory for each of the types your theme is going to provide. For example
to add the login type to the example-theme theme create the directory
themes/example-theme/login.
For each type create a file theme.properties which allows setting some configuration for
the theme, for example what theme it overrides and if it should import any themes. For the above example we
want to override the base theme and import common resources from the Keycloak theme. To do this create the
file themes/example-theme/login/theme.properties with following contents:
[
You have now created a theme with support for the login type. To check that it works open the admin console.
Select your realm and click on Themes. For Login Theme select
example-theme and click Save. Then open the login page for the realm.
You can do this either by login through your application or by opening http://localhost:8080/realms/<realm name>/account.
To see the effect of changing the parent theme, set parent=keycloak in theme.properties
and refresh the login page. To follow the rest of the documentation set it back to parent=base
before continuing.
Stylesheets
A theme can have one or more stylesheets, to add a stylesheet create a file inside resources/css
(for example resources/css/styles.css) inside your theme folder. Then registering it
in theme.properties by adding:
styles=css/styles.css
The styles property supports a space separated list so you can add as many
as you want. For example:
styles=css/styles.css css/more-styles.css
For the example-theme above add example-theme/login/resources/css/styles.css with the
following content:
[
Then edit example-theme/login/theme.properties and add styles=css/styles.css.
Refresh the login page to see your changes. It's not pretty, but you can see how easily you can modify the
styles for your theme.
Scripts
A theme can have one or more scripts, to add a script create a file inside resources/js (for example resources/js/script.js)
inside your theme folder. Then registering it in theme.properties by adding:
scripts=js/script.js
The scripts property supports a space separated list so you can add as many
as you want. For example:
scripts=js/script.js js/more-script.js
Images
To make images available to the theme add them to resources/img. They can then be used
through stylesheets. For example:
body {
background-image: url('../img/image.jpg');
}
Or in templates, for example:
<img src="${url.resourcesPath}/img/image.jpg">
Messages
Text in the templates are loaded from message bundles. A theme that extends another theme will inherit
all messages from the parents message bundle, but can override individual messages. For example to replace
Username on the login form with Your Username create the file
messages/messages.properties inside your theme folder and add the following content:
username=Your Username
For the admin console, there is a second resource bundle named admin-messages.properties.
This resource bundle is converted to JSON and shipped to the console to be processed by
angular-translate. It is found in the same directory as messages.properties and can be overridden
in the same way as described above.
Modifying HTML
Keycloak uses Freemarker Templates in order to generate HTML.
These templates are defined in .ftl files and can be overriden from the base theme.
Check out the Freemarker website on how to form a template file. To override the login template for the
example-theme copy themes/base/login/login.ftl to
themes/example-theme/login and open it in an editor. After the first line
(<#import ...>) add <h1>HELLO WORLD!</h1> then refresh the page.
Deploying themes
Themes can be deployed to Keycloak by copying the theme directory to themes
or it can be deployed as a module. For a single server or during development just copying the theme is fine, but
in a cluster or domain it's recommended to deploy as a module.
To deploy a theme as a module you need to create an jar (it's basically just a zip with jar extension) with
the theme resources and a file META/keycloak-themes.json that describes the themes contained
in the archive. For example example-theme.jar with the contents:
META-INF/keycloak-themes.json
theme/example-theme/login/theme.properties
theme/example-theme/login/login.ftl
theme/example-theme/login/resources/css/styles.css
The contents of META-INF/keycloak-themes.json in this case would be:
[
As you can see a single jar can contain multiple themes and each theme can support one or more types.
The deploy the jar as a module to Keycloak you can either manually create the module or use jboss-cli.
It's simplest to use jboss-cli as it creates the required directories and module descriptor
for you. To deploy the above jar jboss-cli run:
[
If you're on windows run KEYCLOAK_HOME/bin/jboss-cli.bat.
This command creates modules/org/example/exampletheme/main containing example-theme.jar
and module.xml.
Once you've created the module you need to register it with Keycloak do this by editing
../standalone/configuration/keycloak-server.json and adding the module to theme/module/modules. For example:
[
If a theme is deployed to themes and as a module the first is used.
SPIs
For full control of login forms and account management Keycloak provides a number of SPIs.
Account SPI
The Account SPI allows implementing the account management pages using whatever web framework or templating
engine you want. To create an Account provider implement org.keycloak.account.AccountProviderFactory
and org.keycloak.account.AccountProvider.
Once you have deployed your account provider to Keycloak you need to configure keycloak-server.json to specify which provider should be used:
"account": {
"provider": "custom-provider"
}
Login SPI
The Login SPI allows implementing the login forms using whatever web framework or templating
engine you want. To create a Login forms provider implement org.keycloak.login.LoginFormsProviderFactory
and org.keycloak.login.LoginFormsProvider in forms/login-api.
Once you have deployed your account provider to Keycloak you need to configure keycloak-server.json to specify which provider should be used:
"login": {
"provider": "custom-provider"
}