I am replacing a custom java built IdP build in Spring with Keycloak. Initially I was
hoping to leverage Realms as a way to separate users across tenants, unfortunately clients
cannot be registered across Realms (AFAIK?).
Since I am replacing a user db including some minor attribution with Keycloak, I will need
to support fetching users by tenantId. As far as I know this can only be done via user
attributes and using client templates to expose those attribute to token primary level
objects. My question is.. Is there a way to leverage the Java Client API to search for
realm users belonging to a specific tenantId?
Ideally….
List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“tenantId:<some uuid>",
<start>, <limit>);
or
List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“attribute:tenantId:<some
uuid>", <start>, <limit>);
-dana