Re: [keycloak-user] Obtain user from Keycloak admin API using LDAP_ID
Hello Edgar,
I'd be also interesed in a way to do this.
Currently keycloak doesn't provide a mechanism to register additional rest
endpoints, however one could probably introduce a way to do so.
`org.keycloak.services.resources.KeycloakApplication.KeycloakApplication(ServletContext,
Dispatcher) ` seems to be the place where the major JAX-RS Resources are
registered.
I think this could be extended with an SPI to easily add custom Resources.
This resources could then use DI or manual Lookups to access the Keycloak
infrastructure.
Cheers,
Thomas
2016-03-17 11:54 GMT+01:00 Edgar Vonk - Info.nl <Edgar(a)info.nl>:
Hi,
Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is for
us the unique ID of a user and not Keycloak’s internal user ID.
However it seems that it is not possible to retrieve users based on the
LDAP_ID attribute using the Keycloak admin API?
There is:
GET /admin/realms/{realm}/users/{id}
but this uses the internal Keycloak user ID which we cannot use (if only
because sometimes we wipe out the Keycloak database and re-import all users
from MSAD/LDAP)
and:
GET /admin/realms/{realm}/users
only allows searching on a very limited number of standard user attributes
How should we go about solving this? Does it make sense to create a
feature request in JIRA to extend the /users API endpoint to allow
searching on arbitrary user attributes for example? Or is it feasible to
add our own endpoint to Keycloak’s REST API perhaps?
cheers
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 2.3 KB)