[keycloak-user] How to store and search for (standardized?) user attributes?

Guus der Kinderen guus.der.kinderen at gmail.com
Mon May 29 09:21:41 EDT 2017


Ah, I was afraid it'd come to that. Ok, I'll see how to make that happen.

Instant-follow-up: my new resource is likely not going to be available in
the admin-client, right? Is there an easy way of using my new resource with
admin-client, or will I have to recompile it, after adding my resource
definition?

 - Guus

On 29 May 2017 at 15:18, Marko Strukelj <mstrukel at redhat.com> wrote:

> I've never tried this myself, and we have no example for it, but in
> principle you can copy some code from https://github.com/keycloak/
> keycloak/blob/3.1.0.Final/services/src/main/java/org/
> keycloak/services/resources/admin/AdminRoot.java#L206-L219 and
> https://github.com/keycloak/keycloak/blob/3.1.0.Final/
> services/src/main/java/org/keycloak/services/resources/
> admin/RealmsAdminResource.java#L184-L209
>
> So, you'll have to construct AdminAuth, and RealmAuth by yourself.
>
> On Mon, May 29, 2017 at 2:37 PM, Guus der Kinderen <
> guus.der.kinderen at gmail.com> wrote:
>
>> Hi Marko,
>>
>> Thanks for the feedback. How do I obtain a RealmAuth reference to work
>> with, when extending the REST api?
>>
>> Regards,
>>
>>   Guus
>>
>> On 15 May 2017 at 16:38, Marko Strukelj <mstrukel at redhat.com> wrote:
>>
>>> There is a method for this:
>>>     https://github.com/keycloak/keycloak/blob/3.1.0.Final/server
>>> -spi/src/main/java/org/keycloak/storage/user/UserQueryProvid
>>> er.java#L134-L148
>>>
>>> But there is no Admin REST API through which it would be exposed.
>>>
>>> You can add your custom REST endpoint and implement your custom search
>>> call there.
>>> See:
>>>     https://github.com/keycloak/keycloak/tree/3.1.0.Final/exampl
>>> es/providers/rest for example.
>>>
>>> You'd have to make sure to protect your endpoint so its only accessible
>>> to admin client. See how /users endpoint does this:
>>>     https://github.com/keycloak/keycloak/blob/3.1.0.Final/servic
>>> es/src/main/java/org/keycloak/services/resources/admin/Users
>>> Resource.java#L675
>>>
>>>
>>>
>>> On Mon, May 15, 2017 at 3:44 PM, Guus der Kinderen <
>>> guus.der.kinderen at gmail.com> wrote:
>>>
>>>> *gently moves question back to the top of the mailinglist*
>>>>
>>>> On 2 May 2017 at 13:54, Guus der Kinderen <guus.der.kinderen at gmail.com>
>>>> wrote:
>>>>
>>>> > Hi!
>>>> >
>>>> > We'd like to be able to store somewhat standard user attributes that
>>>> > complete the email, first and last name values that Keycloak
>>>> 'natively'
>>>> > stores. Think of things like a date of birth, home/work address, phone
>>>> > number, etc. Additionally, we'd like to be able to find users based
>>>> on a
>>>> > search query. We'd like to be able to answer questions like: "how many
>>>> > users live in London?"
>>>> >
>>>> > So far, we've found the user attributes, where we could store this
>>>> > information. That is a very generic solution though. Are there
>>>> standardized
>>>> > attribute names, profiles, that we can use?
>>>> >
>>>> > A further challenge is that we'd like to be able to query the user
>>>> base,
>>>> > based on attributes. We'd like to find people by address, by date of
>>>> birth,
>>>> > etc. The REST API does have search functionality, but it doesn't look
>>>> like
>>>> > you can find users by attribute value.
>>>> >
>>>> > Can anyone recommend a course of action here?
>>>> >
>>>> > Regards,
>>>> >
>>>> >    Guus
>>>> >
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>


More information about the keycloak-user mailing list