We're trying to build a user management system in order to be able to batch edit Keycloak's users.
There are some cases where we need to get all users at once, and in most cases, each time we perform that action our backend receives a different number of users from Keycloak.
e.g.: We have a test environment with 30.000 users, and Keycloak always returns an inconsistent random number of users close to 15.000.
Our backend communicates with Keycloak by a dedicated service account. Its realm resource is created once, using the following configuration:
keycloakServiceRealm = KeycloakBuilder.builder()
.serverUrl(keycloakServerUrl)
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
.realm(keycloakRealm)
.clientId(keycloakServiceClient)
.username(keycloakServiceUsername)
.clientSecret(keycloakServiceSecret)
.resteasyClient(
new ResteasyClientBuilderImpl().connectionPoolSize(10).build())
.build()
.realm(keycloakRealm);
An example of the code that fetches the users from Keycloak is the following:
keycloakService.getKeycloakServiceRealm().users()
.searchByAttributes(0, max, null, false, filter);
and:
keycloakService.getKeycloakServiceRealm().users().list(0, max);
Where max is the total number of users as returned by:
keycloakService.getKeycloakServiceRealm().users().count();
We're currently using Keycloak 21.1.1 running on Docker. Our backend communicates with Keycloak using keycloak-admin-client 21.1.1.
I'd like to know if this is a known issue with Keycloak and/or if someone has faced the same issue and has implemented a solution or workaround.
P.S.: A valid workaround could be to fetch users in batches (e.g.: 1000 per request in a loop) but we'd like to avoid performing extra requests to Keycloak if another valid solution exists.