Keycloak API not actually searching users for realm

Question

Trying to call the keycloak API to query users and getting mixed results. If I query the Master realm I can get all users and search for a user using username=foo but if I try and do the same thing with a different realm I can get all the users but adding the username=foo query string also results in all the users coming back, and in some cases the user I searched will be at the top of the list, other times it wont be. Furthermore I can user users/count?username=foo to get a count of 1 from Master and certain other realms but some realms (again where I can return all users) show a count of 0 for the specified user.

I've looked all over for how the permissions work and I can't find anything that's helped.

I get a token for the user in Master and want to query all the realms with that. It's an admin account. I did try adding a user in the realm and authenticating with that but when I called the API I got a 403 forbidden error.

Can someone please advise what settings might be causing this issue?

Thanks

Answer 1

There are three possible reasons.

1 short master Token expires time 2 not using admin-cli in master when get the token 3 not give a user filter in GET URI

you can extend more time during debugging

Using admin-cli and assign token variable in Postman when get the token

Add foo parameter filter by user name in GET URI

You needs to assign environment variable (I am using variable instead of array due to can't use array in URI)

this is result of assign variable

Then you can get the foo user all of realms but it is hard code (no way to using GET API call in Postman)

I tested with three realms, two has foo user, one is not.