Get User Federation
DescriptionRetrieve the details of requested user federation.
Request
URLURL
Path Parameters
Path Parameters
Unique id of user-federation configuration.
Authentication
Response
Response BodyResponse Body
200 OK
{
"bind_dn": "ou=users",
"bind_type": "simple",
"connection_url": "http://<ip:port>",
"edit_mode": "READ_ONLY",
"enabled": true,
"id": "c3046544-3dd4-4cc4-b3bf-0383088dd99f",
"import_enabled": true,
"name": "my-ldap-config",
"priority": 1,
"rdn_ldap_attribute": "uid",
"sync_registration": false,
"user_object_classes": "inetOrgPerson, organizationalPerson",
"username_ldap_attribute": "cn",
"users_dn": "ou=users,dc=tco,dc=com",
"uuid_ldap_attribute": "uid",
"vendor": "AD"
}
The name of attribute which is used as RDN(top attribute) of typical user DN. Usually its same as LDAP Username attribute, however its not required. For example for Active directory its common to use ‘cn’ as RDN attribute when username attribute might be ‘sAMAccountName’.
Password of LDAP admin.
DN of ldap admin which will be used by Keycloak to access LDAP server.
Name of the LDAP attribute which is used as unique object identifier for objects in LDAP.
Connection url to your ldap server.
Full DN of LDAP tree where your users are.
Name of LDAP attribute which is mapped as keycloak user name. For many LDAP server vendor it can be uid. For active directory it can be sAMAccountName" or cn. The attribute should be filed for all user records you want to import from LDAP to keycloak.
The id of user-federation configuration.
All values of LDAP Object class attribute for users in LDAP divided by comma.
The request body contains parameter to map between Keycloak and Ldap.
LDAP vendor (provider). For Active Directory use ‘AD’ and for ‘Redhat directory server’ use ‘rhds’.
Priority of provider when doing a user lookup. Lower first.
Name of the user-federation configuration
Should newly created user will be created with LDAP store. Priority effect which provider is chosen to sync new user. The setting is applied only for WRITABLE edit mode.
If true, users will imported into keycloak DB and configured by the sync policies. The values could be “true” or “false”. The default is “true”
If provider is disabled, it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again. The values could be “true” or “false”. The default is “true”
There are 3 possible values, READ_ONLY,WRITABLE and UNSYNCED. READ_ONLY is read-only ldap store. WRITABLE means data will be synced back to the LDAP on demand and UNSYNCED means user data will be imported but not synced back to LDAP. DEFAULT is “READ_ONLY”.
Type of Authentication method used during LDAP bind operation.Supported values are ‘simple’ and ’none’. Default is ‘simple’
The request body contains advanced parameter to configure user preference.
Errors
Invalid Request sent by the user
User authentication failed
Access to the requested resource/operation is forbidden
Cannot find requested resource
Internal server error
