1

I am using keycloak-admin-client 13.0.0 in my Spring Boot Application. I can get all the users from KeyCloak. But I want to get users by attributes like mobile or em_no or dept.

User attribute:

key - value
mobile - 9876543210
em_no - 12334
dept - IT

enter image description here

AVMathi
  • 71
  • 8
  • Does this answer your question? [How to get users by custom attributes in keycloak?](https://stackoverflow.com/questions/54667407/how-to-get-users-by-custom-attributes-in-keycloak) – Evil_skunk May 30 '21 at 12:47
  • Implementing a custom RealmResourceProvider should resolve your problem and is explained in link provided by @Evil_skunk – Ghokun Jun 02 '21 at 16:02

1 Answers1

0

I'm afraid that searching by attribute value would require fullscan over user entities and would be not very efficient if you will have huge number of users. Consider this feature apart from keycloak. How would you implement search by phone in standalone relational DB schema? I guess you would add index on this field. In this case you can add custom table to keycloak schema that will provide phone -> user mapping. See here (https://www.keycloak.org/docs/latest/server_development/#_extensions_jpa)

Considering dept attribute i would recommend to switch from attribute to groups. So you will have set of departments groups (IT,ACCOUNTING, ..) and join user to appropriate group. Then you can easily query members of desired group.

Similar approach works for roles. E.g. if you have finite numbers of values you can define them as roles and grant appropriate role to user instead of attaching this value as attribute. Querying by granted role also available right out of the box.

Note that there are available a lot of different OIDC mappers that will help you to add described mappings (no matter is this a attribute, group or role) to access token structure.

solveMe
  • 1,866
  • 1
  • 18
  • 20