[keycloak-user] Problem while getting users
Dmitry Telegin
dt at acutus.pro
Tue Jul 31 01:30:54 EDT 2018
Hi Cedric,
Indeed, the roles/{role-name}/users endpoint returns assigned roles only. OTOH, for a single user it is possible to retrieve the list of effective roles, which is computed.
You can file an improvement request at JIRA, but I'm not sure if it will be accepted. To implement it in an efficient way, effective roles should be cached in the DB, that means significant changes to the codebase.
Meanwhile, you can implement this piece of functionality as an extension to Keycloak. Let me know if that is interesting for you, so I'd elaborate.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Mon, 2018-07-23 at 18:36 +0200, Cedric Vidaillac wrote:
> Hi all,
>
> I'm trying things with the admin CLI, I want to get all users that have a
> specified role,
>
> So I'm using this :
>
> GET /{realm}/clients/{id}/roles/{role-name}/users
>
> Then, we decided it was really easier to manage users by assigning them to
> a default group, then assigning roles to my default group... than assigning
> roles for each users everytime...
>
> So when I lookup any user now, on the "role mapping" tab, I can see the
> desired role on the "*Effective Roles*" column, good.
>
> However, the API above only return users which have the role in the "Assigned
> Roles", even though my user have the role through the group.
>
> So I this normal or is it a bug ?
> As the goal of the API is to " Return List of Users that have the specified
> role name" I'd say it's a bug, but maybe I'm not seeing clear.
>
> Thanks for reading.
>
> Cedric.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list