Re: [keycloak-user] Obtain user from Keycloak admin API using LDAP_ID

FYI: My pull request https://github.com/keycloak/keycloak/pull/2219 adds support for extending the Keycloak REST API, among other things to support a full extension of the Keycloak datamodel. Regards, Erik ________________________________________ Van: keycloak-user-bounces(a)lists.jboss.org [ keycloak-user-bounces(a)lists.jboss.org] namens Marek Posolda [ mposolda(a)redhat.com] Verzonden: vrijdag 18 maart 2016 9:55 Aan: Thomas Darimont; Edgar Vonk - Info.nl CC: keycloak-user Onderwerp: Re: [keycloak-user] Obtain user from Keycloak admin API using LDAP_ID Hello, JIRA for searching by custom attributes already exists [1]. Hopefully we will add to 2.X, but we can't add to 1.9.X as it's new feature. The custom REST endpoints are planned for Keycloak 2.X for sure. [1] https://issues.jboss.org/browse/KEYCLOAK-1902 Marek On 17/03/16 12:32, Thomas Darimont wrote: Hello Edgar, I'd be also interesed in a way to do this. Currently keycloak doesn't provide a mechanism to register additional rest endpoints, however one could probably introduce a way to do so. `org.keycloak.services.resources.KeycloakApplication.KeycloakApplication(ServletContext, Dispatcher) ` seems to be the place where the major JAX-RS Resources are registered. I think this could be extended with an SPI to easily add custom Resources. This resources could then use DI or manual Lookups to access the Keycloak infrastructure. Cheers, Thomas 2016-03-17 11:54 GMT+01:00 Edgar Vonk - Info.nl <Edgar(a)info.nl&lt;mailto: Edgar(a)info.nl&gt;&gt;: Hi, Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is for us the unique ID of a user and not Keycloak’s internal user ID. However it seems that it is not possible to retrieve users based on the LDAP_ID attribute using the Keycloak admin API? There is: GET /admin/realms/{realm}/users/{id} but this uses the internal Keycloak user ID which we cannot use (if only because sometimes we wipe out the Keycloak database and re-import all users from MSAD/LDAP) and: GET /admin/realms/{realm}/users only allows searching on a very limited number of standard user attributes How should we go about solving this? Does it make sense to create a feature request in JIRA to extend the /users API endpoint to allow searching on arbitrary user attributes for example? Or is it feasible to add our own endpoint to Keycloak’s REST API perhaps? cheers _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user