[keycloak-user] Best practice for getting roles for all users

[Tony Harris]

I would be interested to know this too.  In order to overcome some the performance issue we found when having to iterate over the users we used the Keycloak provider extension points to add our own custom Rest end points with our own database query to perform the lookup in one statement for all users matching the search criteria, I would sooner not do this as it just added additional overheads when we upgrade.

Regards Tony Harris

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Benjamin Huskic
Sent: 11 March 2019 15:32
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Best practice for getting roles for all users

Hello everybody,

I need to query a list of all users with their roles in our application. I would like to avoid calling for every user (~10000) the GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/realm. The GET /auth/admin/realms/{realm}/users unfortunately does not provide the roles. I have read the API documentation and tried to find out any recommendation on the web, but I didn't find any. The only thing I found was a feature request which might help to lower the calls: https://issues.jboss.org/browse/KEYCLOAK-2035 but it seems that this feature was not implemented.

I would like to know if there is a best practice for getting roles for all the users because calling a million times the role-mapping is very inefficient.

Thank you in advance
Kind regards,
Benjamin




[cid:image001.png at 01D4D841.19FC8380]

Benjamin Huskić
Founder & Solution Director

mobile: +971-5444-9-4664
email: benjamin.huskic at thequalitygate.com<mailto:benjamin.huskic at thequalitygate.com>
web: http://www.thequalitygate.com<http://www.thequalitygate.com/>




________________________________

Please consider the environment: Think before you print!


This message has been scanned for malware by Websense. www.websense.com