[keycloak-user] Obtain user from Keycloak admin API using LDAP_ID

Stian Thorgersen sthorger at redhat.com
Fri Mar 18 07:58:26 EDT 2016 

Rather than continue adding to the current rest endpoints I'd rather add a
v2 of the endpoints so we are more free to refactor and improve the
endpoints. The current endpoints was created for admin console so usability
wasn't ever a focus.
On 18 Mar 2016 09:57, "Marek Posolda" <mposolda at redhat.com> wrote:

> Hello,
>
> JIRA for searching by custom attributes already exists [1]. Hopefully we
> will add to 2.X, but we can't add to 1.9.X as it's new feature.
>
> The custom REST endpoints are planned for Keycloak 2.X for sure.
>
> [1] https://issues.jboss.org/browse/KEYCLOAK-1902
>
> Marek
>
> On 17/03/16 12:32, Thomas Darimont wrote:
>
> Hello Edgar,
>
> I'd be also interesed in a way to do this.
>
> Currently keycloak doesn't provide a mechanism to register additional rest
> endpoints, however one could probably introduce a way to do so.
> `org.keycloak.services.resources.KeycloakApplication.KeycloakApplication(ServletContext,
> Dispatcher) ` seems to be the place where the major JAX-RS Resources are
> registered.
>
> I think this could be extended with an SPI to easily add custom Resources.
> This resources could then use DI or manual Lookups to access the Keycloak
> infrastructure.
>
> Cheers,
> Thomas
>
> 2016-03-17 11:54 GMT+01:00 Edgar Vonk - Info.nl <Edgar at info.nl>:
>
>> Hi,
>>
>> Since we use MSAD/LDAP as user store the user’s LDAP_ID in Keycloak is
>> for us the unique ID of a user and not Keycloak’s internal user ID.
>>
>> However it seems that it is not possible to retrieve users based on the
>> LDAP_ID attribute using the Keycloak admin API?
>>
>> There is:
>>
>> GET /admin/realms/{realm}/users/{id}
>>
>> but this uses the internal Keycloak user ID which we cannot use (if only
>> because sometimes we wipe out the Keycloak database and re-import all users
>> from MSAD/LDAP)
>>
>> and:
>>
>> GET /admin/realms/{realm}/users
>>
>> only allows searching on a very limited number of standard user attributes
>>
>>
>> How should we go about solving this? Does it make sense to create a
>> feature request in JIRA to extend the /users API endpoint to allow
>> searching on arbitrary user attributes for example? Or is it feasible to
>> add our own endpoint to Keycloak’s REST API perhaps?
>>
>> cheers
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160318/ea44caa4/attachment-0001.html

More information about the keycloak-user mailing list