Get all keycloak users/usernames issue

kemoT1990TM · November 2, 2022, 3:00pm

Hello,
I ma using keycloak quarkus distribution version 17.0.1 and I need to get all users/usernames from keycloak(mariadb = no direct access to database). Is there any easy way to get all users from keycloak?
I have tried exporting them to json but I have an error:

14:57:01,798 WARN  [io.agroal.pool] (agroal-11) Datasource '<default>': Could not connect to address=(host=mariadb)(port=3306)(type=master) : (conn=213) Access denied for user 'sa'@'172.16.241.5' (using password: YES)
Current charset is US-ASCII. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
2022-11-02 14:57:01,800 WARN  [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator] (JPA Startup Thread: keycloak-default) HHH000342: Could not obtain connection to query metadata: java.sql.SQLInvalidAuthorizationSpecException: Could not connect to address=(host=mariadb)(port=3306)(type=master) : (conn=213) Access denied for user 'sa'@'172.16.241.5' (using password: YES)
Current charset is US-ASCII. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:66)
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.create(ExceptionFactory.java:197)
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1394)
        at org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:635)
        at org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:150)
        at org.mariadb.jdbc.Driver.connect(Driver.java:89)
        at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:210)
        at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:513)
        at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:494)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:75)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1126)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.sql.SQLInvalidAuthorizationSpecException: (conn=213) Access denied for user 'sa'@'172.16.241.5' (using password: YES)
Current charset is US-ASCII. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:66)
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.create(ExceptionFactory.java:192)
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.authenticationHandler(AbstractConnectProtocol.java:772)
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:558)
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1389)
        ... 11 more

There are two realms and I want to obtain users from one of them I am using command:

bin/kc.sh export --file portal.json --realm MyRealm --users realm_file

Any idea how to proceed?

annanic · November 14, 2022, 9:56pm

There are Admin REST APIs you can call. See ${product.name.full} Admin REST API. You can get users per realm. Also see KeycloakRestAPI. You will need to use a bearer token for Authorization header. To get that bearer token, see this: KeycloakRestAPI.

kemoT1990TM · November 15, 2022, 8:29pm

Should I set it up somehow or is it built in funcinality and working out of the box? I have tried that calls previously but with 404 responses from keycloak. I will try once again and see what will be the result.

annanic · November 15, 2022, 9:11pm

I am on Keycloak version 19.0.3.
I am attaching screen shots of the POSTMAN requests.
You first need to get a bearer (access) token by making a POST request to the token endpoint for the admin-cli client of the master realm:

Then copy that access token and use it as a header (Authorization Bearer token header) to make the next GET call (to get the users from your realm).

The response should be a list/array of users for that realm. (Do not forget to replace the correct values for your URL, the realm name, and request Body).

kemoT1990TM · November 16, 2022, 8:48am

Thank You that worked like a charm. I am now able to use admin-cli

Topic		Replies	Views
Keycalok user role mapping and getting user info Getting advice	0	956	March 8, 2023
UserFederation AD rest api Getting advice admin-rest	0	408	November 3, 2022
User Creation with Keycloak REST API Getting advice	2	7309	December 8, 2019
Create or list users did not work well. Responds "error": "unknown_error" Getting advice admin-rest	5	8880	May 20, 2023
Get user password in getUserByUsername method of User Storage SPI Getting advice user-federation	0	378	February 13, 2023

Get all keycloak users/usernames issue

Related topics