Users ——————SP(uncommon) ———— Company SSO —— ——
|
|
|(saml2)
|
|
Users ———————————— IdP ——— ————————— Keycloak ————— (JWT) ————> service gateway
————> clients/resources
On Dec 21, 2016, at 5:37 PM, Dana Danet
<Dana.Danet(a)Evisions.com> wrote:
I am replacing a custom java built IdP build in Spring with Keycloak. Initially I was
hoping to leverage Realms as a way to separate users across tenants, unfortunately clients
cannot be registered across Realms (AFAIK?).
Since I am replacing a user db including some minor attribution with Keycloak, I will
need to support fetching users by tenantId. As far as I know this can only be done via
user attributes and using client templates to expose those attribute to token primary
level objects. My question is.. Is there a way to leverage the Java Client API to search
for realm users belonging to a specific tenantId?
Ideally….
List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“tenantId:<some uuid>",
<start>, <limit>);
or
List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“attribute:tenantId:<some
uuid>", <start>, <limit>);
-dana
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user