7:37 p.m.
I am replacing a custom java built IdP build in Spring with Keycloak. Initially I was
hoping to leverage Realms as a way to separate users across tenants, unfortunately clients
cannot be registered across Realms (AFAIK?).
Since I am replacing a user db including some minor attribution with Keycloak, I will need
to support fetching users by tenantId. As far as I know this can only be done via user
attributes and using client templates to expose those attribute to token primary level
objects. My question is.. Is there a way to leverage the Java Client API to search for
realm users belonging to a specific tenantId?
Ideally….
List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“tenantId:<some uuid>",
<start>, <limit>);
or
List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“attribute:tenantId:<some
uuid>", <start>, <limit>);
-dana
7:43 p.m.
Users ——————SP(uncommon) ———— Company SSO —— ——
|
|
|(saml2)
|
|
Users ———————————— IdP ——— ————————— Keycloak ————— (JWT) ————> service gateway
————> clients/resources
On Dec 21, 2016, at 5:37 PM, Dana Danet
<Dana.Danet(a)Evisions.com> wrote:
I am replacing a custom java built IdP build in Spring with Keycloak. Initially I was
hoping to leverage Realms as a way to separate users across tenants, unfortunately clients
cannot be registered across Realms (AFAIK?).
Since I am replacing a user db including some minor attribution with Keycloak, I will
need to support fetching users by tenantId. As far as I know this can only be done via
user attributes and using client templates to expose those attribute to token primary
level objects. My question is.. Is there a way to leverage the Java Client API to search
for realm users belonging to a specific tenantId?
Ideally….
List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“tenantId:<some uuid>",
<start>, <limit>);
or
List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“attribute:tenantId:<some
uuid>", <start>, <limit>);
-dana
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
12:29 a.m.
No, we don't support searching by attributes at the moment. You could use
groups for tenants instead of attributes though. That'd be a better match
for what you are doing and you can look for users belonging to a group
already.
On 22 December 2016 at 02:43, Dana Danet <Dana.Danet(a)evisions.com> wrote:
Users ——————SP(uncommon) ———— Company SSO —— ——
|
|
|(saml2)
|
|
Users ———————————— IdP ——— ————————— Keycloak ————— (JWT) ————> service
gateway ————> clients/resources
> On Dec 21, 2016, at 5:37 PM, Dana Danet <Dana.Danet(a)Evisions.com> wrote:
>
> I am replacing a custom java built IdP build in Spring with Keycloak.
Initially I was hoping to leverage Realms as a way to separate users across
tenants, unfortunately clients cannot be registered across Realms (AFAIK?).
>
> Since I am replacing a user db including some minor attribution with
Keycloak, I will need to support fetching users by tenantId. As far as I
know this can only be done via user attributes and using client templates
to expose those attribute to token primary level objects. My question is..
Is there a way to leverage the Java Client API to search for realm users
belonging to a specific tenantId?
>
> Ideally….
>
>
> List<UserRepresentation> users =
keycloak.realm("iacuc").users().search(“tenantId:<some
uuid>", <start>, <limit>);
>
> or
>
> List<UserRepresentation> users = keycloak.realm("iacuc").users(
).search(“attribute:tenantId:<some uuid>", <start>, <limit>);
>
>
> -dana
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2927
days inactive
2927
days old
2 comments
2 participants
participants (2)
-
Dana Danet -
Stian Thorgersen