<p dir="ltr">Erik - can you remove that from the PR? We have someone else working on adding the custom rest endpoints. Also I prefer a PR per feature in either case ;)</p>
<div class="gmail_quote">On 18 Mar 2016 12:48, "Erik Mulder" <<a href="mailto:erik.mulder@docdatapayments.com">erik.mulder@docdatapayments.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">FYI:<br>
My pull request <a href="https://github.com/keycloak/keycloak/pull/2219" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/pull/2219</a> adds support for extending the Keycloak REST API, among other things to support a full extension of the Keycloak datamodel.<br>
Regards, Erik<br>
<br>
________________________________________<br>
Van: <a href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a> [<a href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a>] namens Marek Posolda [<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>]<br>
Verzonden: vrijdag 18 maart 2016 9:55<br>
Aan: Thomas Darimont; Edgar Vonk - Info.nl<br>
CC: keycloak-user<br>
Onderwerp: Re: [keycloak-user] Obtain user from Keycloak admin API using LDAP_ID<br>
<br>
Hello,<br>
<br>
JIRA for searching by custom attributes already exists [1]. Hopefully we will add to 2.X, but we can't add to 1.9.X as it's new feature.<br>
<br>
The custom REST endpoints are planned for Keycloak 2.X for sure.<br>
<br>
[1] <a href="https://issues.jboss.org/browse/KEYCLOAK-1902" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-1902</a><br>
<br>
Marek<br>
On 17/03/16 12:32, Thomas Darimont wrote:<br>
Hello Edgar,<br>
<br>
I'd be also interesed in a way to do this.<br>
<br>
Currently keycloak doesn't provide a mechanism to register additional rest endpoints, however one could probably introduce a way to do so.<br>
`org.keycloak.services.resources.KeycloakApplication.KeycloakApplication(ServletContext, Dispatcher) ` seems to be the place where the major JAX-RS Resources are registered.<br>
<br>
I think this could be extended with an SPI to easily add custom Resources. This resources could then use DI or manual Lookups to access the Keycloak infrastructure.<br>
<br>
Cheers,<br>
Thomas<br>
<br>
2016-03-17 11:54 GMT+01:00 Edgar Vonk - Info.nl <<a href="mailto:Edgar@info.nl">Edgar@info.nl</a><mailto:<a href="mailto:Edgar@info.nl">Edgar@info.nl</a>>>:<br>
Hi,<br>
<br>
Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is for us the unique ID of a user and not Keycloak’s internal user ID.<br>
<br>
However it seems that it is not possible to retrieve users based on the LDAP_ID attribute using the Keycloak admin API?<br>
<br>
There is:<br>
<br>
GET /admin/realms/{realm}/users/{id}<br>
<br>
but this uses the internal Keycloak user ID which we cannot use (if only because sometimes we wipe out the Keycloak database and re-import all users from MSAD/LDAP)<br>
<br>
and:<br>
<br>
GET /admin/realms/{realm}/users<br>
<br>
only allows searching on a very limited number of standard user attributes<br>
<br>
<br>
How should we go about solving this? Does it make sense to create a feature request in JIRA to extend the /users API endpoint to allow searching on arbitrary user attributes for example? Or is it feasible to add our own endpoint to Keycloak’s REST API perhaps?<br>
<br>
cheers<br>
<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div>