[keycloak-user] Obtain user from Keycloak admin API using LDAP_ID

Marek Posolda mposolda at redhat.com
Fri Mar 18 04:55:47 EDT 2016


JIRA for searching by custom attributes already exists [1]. Hopefully we 
will add to 2.X, but we can't add to 1.9.X as it's new feature.

The custom REST endpoints are planned for Keycloak 2.X for sure.

[1] https://issues.jboss.org/browse/KEYCLOAK-1902


On 17/03/16 12:32, Thomas Darimont wrote:
> Hello Edgar,
> I'd be also interesed in a way to do this.
> Currently keycloak doesn't provide a mechanism to register additional 
> rest endpoints, however one could probably introduce a way to do so.
> `org.keycloak.services.resources.KeycloakApplication.KeycloakApplication(ServletContext, 
> Dispatcher) ` seems to be the place where the major JAX-RS Resources 
> are registered.
> I think this could be extended with an SPI to easily add custom 
> Resources. This resources could then use DI or manual Lookups to 
> access the Keycloak infrastructure.
> Cheers,
> Thomas
> 2016-03-17 11:54 GMT+01:00 Edgar Vonk - Info.nl <Edgar at info.nl 
> <mailto:Edgar at info.nl>>:
>     Hi,
>     Since we use MSAD/LDAP as user store the user’s LDAP_ID in
>     Keycloak is for us the unique ID of a user and not Keycloak’s
>     internal user ID.
>     However it seems that it is not possible to retrieve users based
>     on the LDAP_ID attribute using the Keycloak admin API?
>     There is:
>     GET /admin/realms/{realm}/users/{id}
>     but this uses the internal Keycloak user ID which we cannot use
>     (if only because sometimes we wipe out the Keycloak database and
>     re-import all users from MSAD/LDAP)
>     and:
>     GET /admin/realms/{realm}/users
>     only allows searching on a very limited number of standard user
>     attributes
>     How should we go about solving this? Does it make sense to create
>     a feature request in JIRA to extend the /users API endpoint to
>     allow searching on arbitrary user attributes for example? Or is it
>     feasible to add our own endpoint to Keycloak’s REST API perhaps?
>     cheers
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160318/6c97af75/attachment.html 

More information about the keycloak-user mailing list