Are you tired of manually sorting through your Keycloak user list to find those with specific roles assigned? Do you wish there was a way to export those users with ease? Well, you’re in luck! In this article, we’ll take you through a comprehensive guide on how to export users from Keycloak having specific roles assigned. By the end of this tutorial, you’ll be a pro at exporting users with precision and speed.
Prerequisites
Before we dive into the meat of the matter, make sure you have the following:
- A Keycloak instance set up and running
- Access to the Keycloak administrative console
- A basic understanding of Keycloak roles and users
Step 1: Access the Keycloak Administrative Console
Log in to your Keycloak administrative console using your credentials. You can do this by visiting http://your-keycloak-instance.com/auth/admin
(replace with your actual Keycloak instance URL).
Once logged in, you’ll see the Keycloak dashboard. Click on the “Users” tab on the left-hand side menu.
Step 2: Filter Users by Role
In the “Users” tab, you’ll see a list of all your Keycloak users. To filter users by role, click on the “Filter” button above the user list.
In the filter dropdown, select “Role” from the options. Then, choose the specific role you want to export users for from the “Role” dropdown. You can choose multiple roles by holding down the Ctrl key (or Command key on Mac) while selecting roles.
Click “Apply” to apply the filter. You’ll see the user list updated to show only users with the selected role(s).
Step 3: Use the Keycloak API to Export Users
Keycloak provides a robust API for interacting with its features programatically. We’ll use the API to export our filtered users. To do this, we’ll need to make a GET request to the /users
endpoint.
Here’s an example using the curl
command:
curl -X GET \ 'http://your-keycloak-instance.com/auth/admin/realms/{realm}/users?role={role}' \ -H 'Authorization: Bearer {access_token}' \ -H 'Content-Type: application/json'
Replace:
your-keycloak-instance.com
with your actual Keycloak instance URL{realm}
with your Keycloak realm name{role}
with the specific role you want to export users for{access_token}
with a valid Keycloak access token (obtained through the Keycloak API or by logging in to the administrative console)
This request will return a JSON response containing the filtered users. You can use tools like Postman or a programming language of your choice to make the API request.
Step 4: Parse the API Response
The API response will contain an array of user objects in JSON format. You’ll need to parse this response to extract the user data.
Here’s an example of what the response might look like:
[ { "id": "user-1", "username": "john.doe", "email": "[email protected]", "firstName": "John", "lastName": "Doe", "roles": ["role-1", "role-2"] }, { "id": "user-2", "username": "jane.doe", "email": "[email protected]", "firstName": "Jane", "lastName": "Doe", "roles": ["role-1"] } ]
You can use a JSON parser or a programming language to extract the user data and store it in a format of your choice (e.g., CSV, Excel, etc.).
Step 5: Export Users to a CSV File
Let’s export our parsed user data to a CSV file using Python and the csv
module.
import csv import json # Assume we have the parsed user data in a variable named 'users' with open('exported_users.csv', 'w', newline='') as csvfile: writer = csv.writer(csvfile) writer.writerow(["Username", "Email", "First Name", "Last Name", "Roles"]) for user in users: writer.writerow([ user["username"], user["email"], user["firstName"], user["lastName"], ",".join(user["roles"]) ])
This code will create a CSV file named exported_users.csv
containing the user data.
Conclusion
And that’s it! You’ve successfully exported users from Keycloak having specific roles assigned. By following these steps, you can automate the process of filtering and exporting users with ease.
Remember to replace the placeholders with your actual Keycloak instance details and role names. You can also modify the API request and parsing logic to fit your specific use case.
Tips and Variations
Using the Keycloak CLI
Instead of using the API, you can use the Keycloak CLI tool to export users. Here’s an example command:
kc users --realm {realm} --role {role} --output csv
This command will export the filtered users to a CSV file.
Exporting Users with Multiple Roles
To export users with multiple roles, you can modify the API request to include multiple role IDs in the role
parameter. For example:
curl -X GET \ 'http://your-keycloak-instance.com/auth/admin/realms/{realm}/users?role={role-1}&role={role-2}' \ -H 'Authorization: Bearer {access_token}' \ -H 'Content-Type: application/json'
This request will return users with either role-1
or role-2
assigned.
Using a GUI Tool
If you prefer a graphical user interface, you can use tools like Postman or Keycloak’s built-in export feature to export users.
Tool | Description |
---|---|
Postman | A popular API testing tool with a user-friendly interface for making API requests |
Keycloak’s built-in export feature | A built-in feature in Keycloak for exporting users, available in the “Users” tab |
We hope this guide has been helpful in showing you how to export users from Keycloak having specific roles assigned. Happy exporting!
Frequently Asked Question
Here are some common queries and their solutions related to exporting users from Keycloak having specific roles assigned.
How can I filter users by roles when exporting from Keycloak?
To filter users by roles when exporting from Keycloak, you can use the `role` query parameter in the Users API. For example, you can use the following curl command: `curl -X GET ‘http://localhost:8080/auth/admin/realms/{realm}/users?role={role-name}’`. Replace `{realm}` with your realm name and `{role-name}` with the name of the role you want to filter by.
Can I export users with multiple roles assigned in Keycloak?
Yes, you can export users with multiple roles assigned in Keycloak. You can use the `role` query parameter multiple times in the Users API. For example: `curl -X GET ‘http://localhost:8080/auth/admin/realms/{realm}/users?role={role-name-1}&role={role-name-2}’`. This will return users who have either of the specified roles.
How can I export user attributes along with their roles in Keycloak?
To export user attributes along with their roles in Keycloak, you can use the `attributes` query parameter in the Users API. For example: `curl -X GET ‘http://localhost:8080/auth/admin/realms/{realm}/users?role={role-name}&attributes=firstName,lastName,email’`. This will return users with the specified role and their corresponding attributes.
Can I export users with a specific role and group membership in Keycloak?
Yes, you can export users with a specific role and group membership in Keycloak. You can use the `group` query parameter along with the `role` query parameter in the Users API. For example: `curl -X GET ‘http://localhost:8080/auth/admin/realms/{realm}/users?role={role-name}&group={group-name}’`. This will return users who have the specified role and are members of the specified group.
What is the format of the exported user data from Keycloak?
The exported user data from Keycloak is in JSON format. You can use tools like `jq` to parse and manipulate the output. For example: `curl -X GET ‘http://localhost:8080/auth/admin/realms/{realm}/users?role={role-name}’ | jq ‘.[] | {id, username, email}’`. This will output the user data in a readable format.