Export all users from KeyCloak

java redhat keycloak keycloak-services redhat-sso
Michel picture Michel · Feb 22, 2018 · Viewed 10.8k times · Source

I have a specific use case in which we want to ask Keycloak for all the users and the groups and roles for each user, on a daily basis. For reconciliation purposes with other internal systems.

Currently we are using the provided Keycloak endpoints in the UsersResource for this. But we see that performance slows down after each call to a point we can't use this solution anymore. There are more then 30K users in the realm.

We've also seen that Keycloak can export the database, but only on system boot (I guess for migration purposes). Given that we want to extract all the users on a daily basis we cannot use this.

Are there some known functionalities or workarounds?

Answer

Gernot Grames picture Gernot Grames · Feb 5, 2020

I have done it with an parallel starting container via docker, which connects to the existing keycloak db.

Please use the same Version of the container keycloak as the real keacloak has. Because of db schema differences between versions.

EXPORT

docker run --rm\
    --name keycloak_exporter\
    -v /tmp:/tmp/keycloak-export:Z\
    -e POSTGRES_DATABASE=keycloak\
    -e POSTGRES_PASSWORD=PASSOWRD_PLEASE\
    -e POSTGRES_USER=keycloak\
    -e DB_VENDOR=POSTGRES\
    -e POSTGRES_PORT_5432_TCP_ADDR=postgresql.local\
    jboss/keycloak:3.4.3.Final\
    -Dkeycloak.migration.action=export\
    -Dkeycloak.migration.provider=dir\
    -Dkeycloak.migration.dir=/tmp/keycloak-export\
    -Dkeycloak.migration.usersExportStrategy=SAME_FILE\
    -Dkeycloak.migration.realmName=therealm

IMPORT

docker run --rm\
    --name keycloak_importer\
    -v /tmp:/tmp/keycloak-import:Z\
    -e POSTGRES_DATABASE=keycloak_dest\
    -e POSTGRES_PASSWORD=PASSOWRD_DEST_PLEASE\
    -e POSTGRES_USER=keycloak\
    -e DB_VENDOR=POSTGRES\
    -e POSTGRES_PORT_5432_TCP_ADDR=postgresql2.local\
    jboss/keycloak:3.4.3.Final\
    -Dkeycloak.migration.action=import\
    -Dkeycloak.migration.provider=dir\
    -Dkeycloak.migration.dir=/tmp/keycloak-import\
    -Dkeycloak.migration.strategy=IGNORE_EXISTING\
    -Dkeycloak.migration.usersExportStrategy=SAME_FILE\
    -Dkeycloak.migration.realmName=therealm

Possible config options: https://github.com/keycloak/keycloak-documentation/blob/master/server_admin/topics/export-import.adoc

Related questions

jps not working

I have installed java-1.6.0-openjdk-devel. $java -version java version "1.6.0_24" OpenJDK Runtime Environment (IcedTea6 1.11.3) (rhel-1.48.1.11.3.el6_2-x86_64) OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) when typing jps into command prompt $jps -bash: jps: command not found I do not believe …

Read More
Will Java compiled in windows work in Linux?

My Java program is in working order when i use it under Windows(Eclipse and Bluej). I compress it to a Jar and send it to my red hat and bang. nothing works. It breaks on the weirdest things, such …

Read More
Upgrade RHEL from 7.3 to 7.4: ArrayIndexOutOfBoundsException in sun.font.CompositeStrike.getStrikeForSlot

We just upgraded a server from RHEL v7.3 to v7.4. This simple program works in RHEL v7.3 and fails in v7.4 public class TestJava { public static void main(String[] args) { Font font = new Font("SansSerif", Font.PLAIN, 12); FontRenderContext frc = new …

Read More