Rather than continue adding to the current rest endpoints I'd rather add a v2 of the endpoints so we are more free to refactor and improve the endpoints. The current endpoints was created for admin console so usability wasn't ever a focus.

On 18 Mar 2016 09:57, "Marek Posolda" <mposolda@redhat.com> wrote:
Hello,

JIRA for searching by custom attributes already exists [1]. Hopefully we will add to 2.X, but we can't add to 1.9.X as it's new feature.

The custom REST endpoints are planned for Keycloak 2.X for sure.

[1] https://issues.jboss.org/browse/KEYCLOAK-1902

Marek

On 17/03/16 12:32, Thomas Darimont wrote:
Hello Edgar,

I'd be also interesed in a way to do this.

Currently keycloak doesn't provide a mechanism to register additional rest endpoints, however one could probably introduce a way to do so.
`org.keycloak.services.resources.KeycloakApplication.KeycloakApplication(ServletContext, Dispatcher) ` seems to be the place where the major JAX-RS Resources are registered.

I think this could be extended with an SPI to easily add custom Resources. This resources could then use DI or manual Lookups to access the Keycloak infrastructure.

Cheers,
Thomas

2016-03-17 11:54 GMT+01:00 Edgar Vonk - Info.nl <Edgar@info.nl>:
Hi,

Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is for us the unique ID of a user and not Keycloak’s internal user ID.

However it seems that it is not possible to retrieve users based on the LDAP_ID attribute using the Keycloak admin API?

There is:

GET /admin/realms/{realm}/users/{id}

but this uses the internal Keycloak user ID which we cannot use (if only because sometimes we wipe out the Keycloak database and re-import all users from MSAD/LDAP)

and:

GET /admin/realms/{realm}/users

only allows searching on a very limited number of standard user attributes


How should we go about solving this? Does it make sense to create a feature request in JIRA to extend the /users API endpoint to allow searching on arbitrary user attributes for example? Or is it feasible to add our own endpoint to Keycloak’s REST API perhaps?

cheers


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user