Get all users in specific role


I have KeyCloak 19.0.2 and I want to get (via REST API?) all users in a specific group (or all users including all of their roles).
The problem is, that endpoint /admin/realms/MyRealm/roles/MyRoleName/users doesn’t include users with inherited (composite) roles.

My goal is to:

  • sync users from Active Directory (that are assigned in AD to different groups)
  • assign those groups as roles (i.e. AD_Role1, AD_Role2, AD_Role3)
  • assign users to “custom” roles (i.e. custom-role-1, custom-role-2)

My application should operate/validate custom roles. I need somehow to bind AD roles with custom roles (I can make it with composite roles). But one of the application requirements is to query for users from a specific role - I cannot get it to work.

1 Like

Hi! Did you ever get this to work or ever find a solution to this? I am trying to implement the same thing and am running into the same problem.