or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

attack-detection.mdauthentication-management.mdcache-management.mdclient-configuration.mdclient-management.mdclient-policies.mdclient-scopes.mdcomponents.mdgroup-management.mdidentity-providers.mdindex.mdorganization-management.mdrealm-management.mdrole-management.mdserver-info.mduser-management.mduser-storage-provider.mdutility-functions.mdwhoami.md
tile.json

user-storage-provider.mddocs/

0
# User Storage Provider
1


2
User storage provider management enables administrators to control external user storage systems, including synchronization operations, user linking, and mapper synchronization for federated user stores like LDAP and database providers.
3


4
## Capabilities
5


6
### Provider Information
7


8
Retrieve information about user storage providers.
9


10
```typescript { .api }
11
/**
12
 * Get the name and ID of a user storage provider
13
 * @param params - Parameters containing the provider ID
14
 * @returns Name response with provider ID and name
15
 */
16
name(params: { id: string }): Promise<NameResponse>;
17
```
18


19
### User Management Operations
20


21
Manage users and synchronization for external user storage.
22


23
```typescript { .api }
24
/**
25
 * Remove imported users from the provider
26
 * @param params - Parameters containing the provider ID
27
 * @returns void
28
 */
29
removeImportedUsers(params: { id: string }): Promise<void>;
30


31
/**
32
 * Synchronize users from the external storage provider
33
 * @param params - Parameters containing provider ID and optional action type
34
 * @returns Synchronization result with statistics
35
 */
36
sync(params: { id: string; action?: ActionType }): Promise<SynchronizationResultRepresentation>;
37


38
/**
39
 * Unlink users from the provider
40
 * @param params - Parameters containing the provider ID
41
 * @returns void
42
 */
43
unlinkUsers(params: { id: string }): Promise<void>;
44
```
45


46
### Mapper Synchronization
47


48
Synchronize user attribute mappers between Keycloak and external storage.
49


50
```typescript { .api }
51
/**
52
 * Synchronize user storage provider mappers
53
 * @param params - Parameters containing mapper ID, parent provider ID, and direction
54
 * @returns Synchronization result with statistics
55
 */
56
mappersSync(params: { 
57
  id: string; 
58
  parentId: string; 
59
  direction?: DirectionType 
60
}): Promise<SynchronizationResultRepresentation>;
61
```
62


63
## Usage Examples
64


65
```typescript
66
import KeycloakAdminClient from "@keycloak/keycloak-admin-client";
67


68
const kcAdminClient = new KeycloakAdminClient({
69
  baseUrl: 'http://localhost:8080',
70
  realmName: 'myrealm',
71
});
72


73
await kcAdminClient.auth({
74
  username: 'admin',
75
  password: 'admin',
76
  grantType: 'password',
77
  clientId: 'admin-cli',
78
});
79


80
// Get provider information
81
const providerInfo = await kcAdminClient.userStorageProvider.name({
82
  id: 'ldap-provider-id'
83
});
84
console.log('Provider:', providerInfo.name);
85


86
// Perform full synchronization from external storage
87
const syncResult = await kcAdminClient.userStorageProvider.sync({
88
  id: 'ldap-provider-id',
89
  action: 'triggerFullSync'
90
});
91


92
console.log('Sync results:', {
93
  added: syncResult.added,
94
  updated: syncResult.updated,
95
  removed: syncResult.removed,
96
  failed: syncResult.failed
97
});
98


99
// Synchronize only changed users
100
const changedUsersSync = await kcAdminClient.userStorageProvider.sync({
101
  id: 'ldap-provider-id',
102
  action: 'triggerChangedUsersSync'
103
});
104


105
// Synchronize mappers from Keycloak to external storage
106
const mapperSync = await kcAdminClient.userStorageProvider.mappersSync({
107
  id: 'mapper-id',
108
  parentId: 'ldap-provider-id',
109
  direction: 'keycloakToFed'
110
});
111


112
// Remove imported users (they will be re-imported on next access)
113
await kcAdminClient.userStorageProvider.removeImportedUsers({
114
  id: 'ldap-provider-id'
115
});
116


117
// Unlink users from provider
118
await kcAdminClient.userStorageProvider.unlinkUsers({
119
  id: 'ldap-provider-id'
120
});
121
```
122


123
## Types
124


125
```typescript { .api }
126
type ActionType = "triggerFullSync" | "triggerChangedUsersSync";
127
type DirectionType = "fedToKeycloak" | "keycloakToFed";
128


129
interface NameResponse {
130
  id: string;
131
  name: string;
132
}
133


134
interface SynchronizationResultRepresentation {
135
  status?: string;
136
  added?: number;
137
  updated?: number;
138
  removed?: number;
139
  failed?: number;
140
}
141
```
142


143
## Common Use Cases
144


145
**LDAP Integration**: Synchronize users from LDAP/Active Directory servers, including full synchronization and incremental updates.
146


147
**Database Federation**: Manage users stored in external databases with custom user storage providers.
148


149
**Bulk Operations**: Remove or unlink large numbers of federated users when restructuring user storage.
150


151
**Attribute Mapping**: Synchronize user attributes between Keycloak and external systems using mapper synchronization.