How to Export users from keycloak having specific roles assigned: A Step-by-Step Guide

Are you tired of manually sorting through your Keycloak user list to find those with specific roles assigned? Do you wish there was a way to export those users with ease? Well, you’re in luck! In this article, we’ll take you through a comprehensive guide on how to export users from Keycloak having specific roles assigned. By the end of this tutorial, you’ll be a pro at exporting users with precision and speed.

Prerequisites

Before we dive into the meat of the matter, make sure you have the following:

• A Keycloak instance set up and running
• Access to the Keycloak administrative console
• A basic understanding of Keycloak roles and users

Step 1: Access the Keycloak Administrative Console

Log in to your Keycloak administrative console using your credentials. You can do this by visiting http://your-keycloak-instance.com/auth/admin (replace with your actual Keycloak instance URL).

Once logged in, you’ll see the Keycloak dashboard. Click on the “Users” tab on the left-hand side menu.

Step 2: Filter Users by Role

In the “Users” tab, you’ll see a list of all your Keycloak users. To filter users by role, click on the “Filter” button above the user list.

In the filter dropdown, select “Role” from the options. Then, choose the specific role you want to export users for from the “Role” dropdown. You can choose multiple roles by holding down the Ctrl key (or Command key on Mac) while selecting roles.

Click “Apply” to apply the filter. You’ll see the user list updated to show only users with the selected role(s).

Step 3: Use the Keycloak API to Export Users

Keycloak provides a robust API for interacting with its features programatically. We’ll use the API to export our filtered users. To do this, we’ll need to make a GET request to the /users endpoint.

Here’s an example using the curl command:

curl -X GET \
  'http://your-keycloak-instance.com/auth/admin/realms/{realm}/users?role={role}' \
  -H 'Authorization: Bearer {access_token}' \
  -H 'Content-Type: application/json'

Replace:

• your-keycloak-instance.com with your actual Keycloak instance URL
• {realm} with your Keycloak realm name
• {role} with the specific role you want to export users for
• {access_token} with a valid Keycloak access token (obtained through the Keycloak API or by logging in to the administrative console)

This request will return a JSON response containing the filtered users. You can use tools like Postman or a programming language of your choice to make the API request.

Step 4: Parse the API Response

The API response will contain an array of user objects in JSON format. You’ll need to parse this response to extract the user data.

Here’s an example of what the response might look like:

[
  {
    "id": "user-1",
    "username": "john.doe",
    "email": "[email protected]",
    "firstName": "John",
    "lastName": "Doe",
    "roles": ["role-1", "role-2"]
  },
  {
    "id": "user-2",
    "username": "jane.doe",
    "email": "[email protected]",
    "firstName": "Jane",
    "lastName": "Doe",
    "roles": ["role-1"]
  }
]

You can use a JSON parser or a programming language to extract the user data and store it in a format of your choice (e.g., CSV, Excel, etc.).

Step 5: Export Users to a CSV File

Let’s export our parsed user data to a CSV file using Python and the csv module.

import csv
import json

# Assume we have the parsed user data in a variable named 'users'

with open('exported_users.csv', 'w', newline='') as csvfile:
    writer = csv.writer(csvfile)
    writer.writerow(["Username", "Email", "First Name", "Last Name", "Roles"])

    for user in users:
        writer.writerow([
            user["username"],
            user["email"],
            user["firstName"],
            user["lastName"],
            ",".join(user["roles"])
        ])

This code will create a CSV file named exported_users.csv containing the user data.

Conclusion

And that’s it! You’ve successfully exported users from Keycloak having specific roles assigned. By following these steps, you can automate the process of filtering and exporting users with ease.

Remember to replace the placeholders with your actual Keycloak instance details and role names. You can also modify the API request and parsing logic to fit your specific use case.

Tips and Variations

Using the Keycloak CLI

Instead of using the API, you can use the Keycloak CLI tool to export users. Here’s an example command:

kc users --realm {realm} --role {role} --output csv

This command will export the filtered users to a CSV file.

Exporting Users with Multiple Roles

To export users with multiple roles, you can modify the API request to include multiple role IDs in the role parameter. For example:

curl -X GET \
  'http://your-keycloak-instance.com/auth/admin/realms/{realm}/users?role={role-1}&role={role-2}' \
  -H 'Authorization: Bearer {access_token}' \
  -H 'Content-Type: application/json'

This request will return users with either role-1 or role-2 assigned.

Using a GUI Tool

If you prefer a graphical user interface, you can use tools like Postman or Keycloak’s built-in export feature to export users.

Tool	Description
Postman	A popular API testing tool with a user-friendly interface for making API requests
Keycloak’s built-in export feature	A built-in feature in Keycloak for exporting users, available in the “Users” tab

We hope this guide has been helpful in showing you how to export users from Keycloak having specific roles assigned. Happy exporting!

Frequently Asked Question

Here are some common queries and their solutions related to exporting users from Keycloak having specific roles assigned.