I’m aware that you can extend Keycloak to expose a search user by custom attributes by using the method org.keycloak.storage.user.UserQueryProvider#searchForUserByUserAttributeStream
I can’t find similar methods for Groups and Roles; how can I search for Groups and Roles with their attributes.
For some added context, we are switch from our own homegrown auth solution and we would like to keep the primary keys when we migrate to Keycloak, since we can’t set our own primary keys in Keycloak, I thought the next best thing is to add the legacy primary keys as attributes in the Users, Groups and Roles entities. That way we can link up our application with Keycloak with these keys.
@xgp
Thanks so much for the reply. I have some problem with the group attribute search.
I am on Keycloak 21.0.2. I create a group named “ParentGroup” with a child group of “ChildGroup”. Also “ParentGroup” has an attribute of “TestAttr” : “12345”.
User “MyUser” is a member of “ChildGroup”. I also add a mapper to retrieve the TestAttrattribute in the access token. I get the TestAttr in the access token. By the definition of subgroups, MyUser has to have TestAttr.
Now I want to get all the users having TestAttr with the value of “12345”.
I used the below RestAPI request but Null array returned: