[keycloak-user] How to store and search for (standardized?) user attributes?

Marko Strukelj mstrukel at redhat.com
Mon May 29 10:15:11 EDT 2017 

Your new resource will be bound under different root url than admin REST
API and thus will not be reachable through admin client, so you probably
won't really be able to use Admin Client to access it.

Maybe we need a way for a use-case like yours to add capability to deploy a
custom resource under /auth/admin. Maybe limiting it to /auth/admin/ext or
something so it's obvious that it's a custom extension.

Feel free to open a JIRA RFE. And also one for adding query user by
attribute to admin REST so it's available OOTB.

On Mon, May 29, 2017 at 3:21 PM, Guus der Kinderen <
guus.der.kinderen at gmail.com> wrote:

> Ah, I was afraid it'd come to that. Ok, I'll see how to make that happen.
>
> Instant-follow-up: my new resource is likely not going to be available in
> the admin-client, right? Is there an easy way of using my new resource with
> admin-client, or will I have to recompile it, after adding my resource
> definition?
>
>  - Guus
>
> On 29 May 2017 at 15:18, Marko Strukelj <mstrukel at redhat.com> wrote:
>
>> I've never tried this myself, and we have no example for it, but in
>> principle you can copy some code from https://github.com/keycloak/ke
>> ycloak/blob/3.1.0.Final/services/src/main/java/org/keycloak/
>> services/resources/admin/AdminRoot.java#L206-L219 and
>> https://github.com/keycloak/keycloak/blob/3.1.0.Final/servic
>> es/src/main/java/org/keycloak/services/resources/admin/
>> RealmsAdminResource.java#L184-L209
>>
>> So, you'll have to construct AdminAuth, and RealmAuth by yourself.
>>
>> On Mon, May 29, 2017 at 2:37 PM, Guus der Kinderen <
>> guus.der.kinderen at gmail.com> wrote:
>>
>>> Hi Marko,
>>>
>>> Thanks for the feedback. How do I obtain a RealmAuth reference to work
>>> with, when extending the REST api?
>>>
>>> Regards,
>>>
>>>   Guus
>>>
>>> On 15 May 2017 at 16:38, Marko Strukelj <mstrukel at redhat.com> wrote:
>>>
>>>> There is a method for this:
>>>>     https://github.com/keycloak/keycloak/blob/3.1.0.Final/server
>>>> -spi/src/main/java/org/keycloak/storage/user/UserQueryProvid
>>>> er.java#L134-L148
>>>>
>>>> But there is no Admin REST API through which it would be exposed.
>>>>
>>>> You can add your custom REST endpoint and implement your custom search
>>>> call there.
>>>> See:
>>>>     https://github.com/keycloak/keycloak/tree/3.1.0.Final/exampl
>>>> es/providers/rest for example.
>>>>
>>>> You'd have to make sure to protect your endpoint so its only accessible
>>>> to admin client. See how /users endpoint does this:
>>>>     https://github.com/keycloak/keycloak/blob/3.1.0.Final/servic
>>>> es/src/main/java/org/keycloak/services/resources/admin/Users
>>>> Resource.java#L675
>>>>
>>>>
>>>>
>>>> On Mon, May 15, 2017 at 3:44 PM, Guus der Kinderen <
>>>> guus.der.kinderen at gmail.com> wrote:
>>>>
>>>>> *gently moves question back to the top of the mailinglist*
>>>>>
>>>>> On 2 May 2017 at 13:54, Guus der Kinderen <guus.der.kinderen at gmail.com
>>>>> >
>>>>> wrote:
>>>>>
>>>>> > Hi!
>>>>> >
>>>>> > We'd like to be able to store somewhat standard user attributes that
>>>>> > complete the email, first and last name values that Keycloak
>>>>> 'natively'
>>>>> > stores. Think of things like a date of birth, home/work address,
>>>>> phone
>>>>> > number, etc. Additionally, we'd like to be able to find users based
>>>>> on a
>>>>> > search query. We'd like to be able to answer questions like: "how
>>>>> many
>>>>> > users live in London?"
>>>>> >
>>>>> > So far, we've found the user attributes, where we could store this
>>>>> > information. That is a very generic solution though. Are there
>>>>> standardized
>>>>> > attribute names, profiles, that we can use?
>>>>> >
>>>>> > A further challenge is that we'd like to be able to query the user
>>>>> base,
>>>>> > based on attributes. We'd like to find people by address, by date of
>>>>> birth,
>>>>> > etc. The REST API does have search functionality, but it doesn't
>>>>> look like
>>>>> > you can find users by attribute value.
>>>>> >
>>>>> > Can anyone recommend a course of action here?
>>>>> >
>>>>> > Regards,
>>>>> >
>>>>> >    Guus
>>>>> >
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>

More information about the keycloak-user mailing list