How to search keycloak users by employeeNumber or by custom attributes?

1
votes

I wanted to search keycloak user using employeeNumber. I tried checking keycloak documentation but didn't find any API which will search based on employeeNumber/custom attributes. I m using below API to search the users with admin access.

http://localhost:8080/auth/admin/realms/Demo-Realm/users/?firstName=akshay

also tried with

http://localhost:8080/auth/admin/realms/Demo-Realm/users/?search=akshay

1
keycloak

1 Answers

1
votes

Out of the box, you can do from the Keycloak Admin API for the endpoint:

GET /{realm}/users

one can read that :

Get users Returns a list of users, filtered according to query parameters

those (optional) query parameters being:

  • briefRepresentation (boolean);
  • email (string);
  • first (string);
  • firstName (string);
  • lastName (string);
  • max (Maximum results size (defaults to 100)) (integer);
  • search (A String contained in username, first or last name, or email);
  • username (string).

As you can see you cannot search for custom attributes. A not so great solution is to get all the users (max=-1), and filter afterwards by the custom attribute.

The other option is to extend Keycloak functionality by adding your own custom Service Provider Interfaces (SPI) and adding your custom endpoint. There you can take advantage of the searchForUserByUserAttribute method from the UserQueryProvider interface.