Local Testing Guide
Comprehensive guide for testing Keycloak Email Authenticator locally using Docker or Podman.
Prerequisites
- Docker or Podman installed
- Java 21 + Maven installed
- Port 8080 available
note
All commands work with both Docker and Podman — substitute as needed.
Quick Start
# 1. Build the JAR (macOS: set JAVA_HOME if needed)
# macOS: export JAVA_HOME=$(/usr/libexec/java_home -v 21)
# Linux: export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64
# Windows: set JAVA_HOME=C:\Program Files\Eclipse Adoptium\jdk-21...
mvn clean package
# 2. Build image
docker build -t keycloak-email-auth:latest .
# 3. Run container
docker run -d --name keycloak-test \
-p 8080:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
keycloak-email-auth:latest start-dev
# 4. View logs
docker logs -f keycloak-test
# 5. Admin console → http://localhost:8080/admin (admin / admin)
Method 1: Compose
- Docker Compose
- Podman Compose
mvn clean package
docker-compose up --build
mvn clean package
podman-compose up --build
Open http://localhost:8080 — username admin, password admin.
Method 2: Manual Build
Build Image
- Docker
- Podman
docker build -t keycloak-email-auth:latest .
podman build -t keycloak-email-auth:latest .
The image build:
- Compiles the JAR with Maven
- Copies the JAR to
/opt/keycloak/providers/ - Runs
kc.sh buildto register the provider
Run & Watch Logs
- Docker
- Podman
docker run -d --name keycloak-test \
-p 8080:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
keycloak-email-auth:latest start-dev
docker logs -f keycloak-test
podman run -d --name keycloak-test \
-p 8080:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
keycloak-email-auth:latest start-dev
podman logs -f keycloak-test
Successful startup:
Keycloak 26.5.3 on JVM (powered by Quarkus)
Running the server in development mode.
Keycloak Setup
1. Create a Realm
- Admin console → dropdown top-left → "Create Realm"
- Name:
test→ "Create"
2. Configure Email
Realm Settings → Email:
| Field | Example |
|---|---|
| From | noreply@example.com |
| Host | smtp.gmail.com |
| Port | 587 |
| Enable StarTLS | ON |
| Username | your-email@gmail.com |
| Password | your App Password |
:::tip Gmail Create an App Password — requires 2FA enabled on your Google account. :::
3. Create Test User
Users → Add User:
- Username:
testuser - Email: a real address you can receive mail at
- Email Verified: ON
Credentials → Set Password: test123, Temporary: OFF
4. Create Authentication Flow
- Authentication → Flows → select "Browser" → "Copy" → name
"Browser with Email OTP" - Select "Browser with Email OTP Forms" → "Add step" → "Email OTP" → "Add"
- Set requirement to REQUIRED
- Bindings tab → Browser Flow →
"Browser with Email OTP"→ "Save"
5. Configure OTP Settings
Click ⚙️ on the "Email OTP" row:
| Setting | Value |
|---|---|
| Code length | 6 |
| Time-to-live | 300 |
| Simulation mode | false |
| Resend cooldown | 30 |
Test Scenarios
Test 1 — Basic OTP Flow
- Go to http://localhost:8080/realms/test/account
- Login:
testuser/test123 - Check email for OTP → enter code → login succeeds ✅
Test 2 — Code Expiration
- Login, receive code
- Wait 5+ minutes, enter the expired code
- Expected: "Code expired" error ❌
Test 3 — Resend Code
- Login, receive code
- Click "Resend code" within 30 s → cooldown message
- After 30 s → new code sent ✅
Test 4 — Invalid Code
- Login, enter a wrong code
- Expected: "Invalid code" error ❌
Test 5 — Simulation Mode
Enable Simulation mode in OTP settings, then:
podman logs -f keycloak-test | grep "SIMULATION MODE"
# ***** SIMULATION MODE ***** Email code send to test@example.com for user testuser is: 123456
Test 6 — Language Support
Verify that all 11 built-in translations display correctly.
Enable internationalization in Keycloak:
- Admin console → your realm → Realm Settings → Localization tab
- Enable Internationalization
- Add the languages you want to test (e.g.
fr,de,ar) - Set a Default Locale
- Save
Test a specific language:
- Open the login page:
http://localhost:8080/realms/test/account - A language selector appears at the bottom of the form — pick a language
- Log in as
testuserand go through the OTP step - Verify that the form labels, button text, and OTP email subject/body are all in the selected language
Supported languages: English · Turkish · German · French · Italian · Spanish · Russian · Arabic · Danish · Azerbaijani · Chinese (Traditional)
tip
For right-to-left languages (Arabic), also verify that the Keycloak login page renders the layout correctly in RTL mode.
Troubleshooting
Container not running
podman ps -a
podman logs keycloak-test
podman stop keycloak-test && podman rm keycloak-test
Provider not loaded
podman exec -it keycloak-test ls -la /opt/keycloak/providers/
# Expected: keycloak-2fa-email-authenticator-26.4.0.jar
Email not sending
- Realm Settings → Email → "Test connection"
- Enable simulation mode and inspect logs
- Gmail: use App Password, not regular password
Port 8080 in use
podman run -d -p 8081:8080 \
-e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
keycloak-email-auth:latest start-dev
# Access at http://localhost:8081