Skip to content

Montblanc0/keycloak-spid-cie-theme

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
keycloak-spid-cie/login
keycloak-spid-cie/login
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Keycloak SPID + CIE Only Theme

A Keycloak theme designed for SPID and CIE authentication, heavily based on RedHat Italy's keycloak-spid-provider theme.

Compatibility

This theme has been tested on Keycloak v26.1.2. Compatibility with older or newer Keycloak versions is not guaranteed.

Features

  • Allows authentication via SPID or CIE.
  • Dynamic rendering of IdP buttons.

SPID login tab CIE login tab

  • Can function as a SPID-only or CIE-only login theme, depending on available identity providers.

CIE-only tab (mobile view)

SPID Identity Providers

To detect SPID IdPs, their aliases must start with spid. (Important!)

To gain the best results and display the proper logos, use the naming convention from keycloak-spid-provider-configuration-client (which is still the recommended way of importing SPID idps):

spid-aruba
spid-teamsystem
spid-etnahitech
spid-sielte
spid-infocert
spid-infocamere
spid-intesi-group
spid-lepida
spid-namirial
spid-poste
spid-register.it
spid-tim
spid-spid-saml-check
spid-spid-saml-check-demo
spid-validator
spid-demo

Any SPID provider alias starting with spid but not in this list will display a generic logo but remain functional.

CIE Identity Providers

To detect CIE IdPs, their aliases must start with cie. (Important!)

For best results, the production IdP alias should be exactly:

cieid-saml

This ensures the proper "Entra con CIE" button is displayed.

Installation

  1. Clone the repo or download the latest release package.
  2. Place the keycloak-spid-cie folder into: 
    <KC_HOME>/themes/
  3. Restart Keycloak.
  4. In the Keycloak Admin Console:
    • Navigate to the client configuration.
    • Scroll down to Login Settings.
    • Set Login theme to keycloak-spid-cie.

Hiding Unwanted Providers

If you prefer not to disable or delete your preproduction/demo IdPs, you can modify their alias so that it does not start with "spid" or "cie". Since Keycloak does not allow renaming IdP aliases from the admin console, this must be done directly in the database. For example, in PostgreSQL:

UPDATE identity_provider SET provider_alias = 'hidden-spid-demo' WHERE provider_alias = 'spid-demo';

After making this change, restart Keycloak to ensure the provider login button is no longer displayed.

Related Projects

License

This project is released under the Apache 2.0 License.

About

Keycloak login theme for SPID or CIE

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v26.1.2 Latest
Feb 23, 2025

Packages

No packages published

Languages