Skip to content

Add support for explicit user search by username and email in Admin UI#13185

Merged
pedroigor merged 1 commit intokeycloak:mainfrom
thomasdarimont:issue/GH-13184-allow-user-search-by-username
Apr 29, 2026
Merged

Add support for explicit user search by username and email in Admin UI#13185
pedroigor merged 1 commit intokeycloak:mainfrom
thomasdarimont:issue/GH-13184-allow-user-search-by-username

Conversation

@thomasdarimont
Copy link
Copy Markdown
Contributor

@thomasdarimont thomasdarimont commented Jul 18, 2022
edited
Loading

This adds support for the username:$USERNAME email:$EMAIL in the vein of id:$USERID.

Add support for user lookup by username

  • Add ability for direct user lookups by username and email to UsersResource and BruteForceUsersResource
  • Document user search by selected fields
  • Extract SEARCH_ID_PARAMETER to SearchQueryUtils

Fixes #26602

Discussion: #13184

Signed-off-by: Thomas Darimont [email protected]

@nowheresly
Copy link
Copy Markdown
Contributor

nowheresly commented Jul 25, 2022

really useful feature
+1

@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch from a4d3baf to 5103ecc Compare January 30, 2024 14:59
@thomasdarimont thomasdarimont requested review from a team as code owners January 30, 2024 14:59
@thomasdarimont thomasdarimont requested a review from a team January 30, 2024 14:59
@thomasdarimont thomasdarimont requested a review from a team as a code owner January 30, 2024 14:59
This was referenced Jan 30, 2024
Closed
Closed
Closed
Closed
@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch from 5103ecc to 663fc69 Compare January 30, 2024 20:04
@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch 2 times, most recently from adaef08 to 94e101f Compare February 1, 2024 10:12
@thomasdarimont
Copy link
Copy Markdown
Contributor Author

thomasdarimont commented Feb 1, 2024
edited
Loading

The tests work fine on my side. It seems as if the keycloak-documentation build have some issues at the moment.

@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch from 488ecce to 34fc484 Compare February 8, 2024 23:06
@ssilvert
Copy link
Copy Markdown
Contributor

ssilvert commented Feb 9, 2024

@thomasdarimont We already added user attribute searches to the UI. I take it that you are saying these searches are too inefficient?

@thomasdarimont
Copy link
Copy Markdown
Contributor Author

thomasdarimont commented Feb 14, 2024
edited
Loading

@ssilvert thanks for having a look. I think you are referring to this regarding attribute search: https://github.com/keycloak/keycloak/blob/main/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java#L97C24-L97C37
This method will internally call https://github.com/keycloak/keycloak/blob/main/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java#L733. This in turn will generate a generic search predicate: https://github.com/keycloak/keycloak/blob/main/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java#L900
This method generates something like ... username = ? OR email = ? OR lower(firstname) = ? OR lower(lastname) = ? ....,
which of course does the job but is not very efficient.

Therefore I think the proposed shortcuts for very common search operations are still because they speed-up user search via admin-ui and rest API significantly.

@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch 2 times, most recently from 75cd8fd to 2a7183c Compare February 14, 2024 21:47
@thomasdarimont thomasdarimont changed the title Allow explicit search by username for user search queries in admin-console Add support for explicit user search by username and email in Admin UI Feb 14, 2024
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Feb 14, 2024
Closed
@stianst stianst assigned pedroigor and unassigned edewit Apr 29, 2026
@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch from 2a7183c to e9f7662 Compare April 29, 2026 09:49
@thomasdarimont
Copy link
Copy Markdown
Contributor Author

thomasdarimont commented Apr 29, 2026

I rebased my branch on current main and reimplemented the support for explicit user and email lookups via username:... and email:... prefixes.
I also aligned the lookup used by UsersResource and BruteForceProtected users.

@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch from e9f7662 to 2a7183c Compare April 29, 2026 09:54
pedroigor
pedroigor requested changes Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@pedroigor pedroigor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @thomasdarimont.

Can you please update the PR:

  • Add email to getCount
  • Add tests to cover count within the test methods you are adding

Once we have that, LGTM.

@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch from 2a7183c to 0d1bd94 Compare April 29, 2026 10:22
@thomasdarimont
Copy link
Copy Markdown
Contributor Author

thomasdarimont commented Apr 29, 2026

Just pushed a rebased version

@thomasdarimont
Generalize user search prefix lookups via UserSearchPrefix enum (keyc…
dcaf4c1 
…loak#26602)

- Introduce UserSearchPrefix enum in SearchQueryUtils pairing each prefix
(id:, username:, email:) with its UserProvider lookup,
plus a splitTerms helper backed by a precompiled "\\s+" pattern
- Collapse duplicate prefix branches in UsersResource#getUsers,
UsersResource#getUsersCount and BruteForceUsersResource#searchUser
- BruteForceUsersResource: support multi-term lookups (e.g. "username:foo bar"),
aligning with UsersResource
- Tests: add searchByUsernameSearch / searchByEmailSearch covering
single-term, multi-term and whitespace-tolerant variants
- Docs: add "Search by fields" section to proc-searching-user.adoc

Fixes keycloak#26602

Signed-off-by: Thomas Darimont <[email protected]>
@thomasdarimont thomasdarimont force-pushed the issue/GH-13184-allow-user-search-by-username branch from 0d1bd94 to dcaf4c1 Compare April 29, 2026 10:32
@thomasdarimont
Copy link
Copy Markdown
Contributor Author

thomasdarimont commented Apr 29, 2026

@pedroigor I think searches for prefixes like id:, email: and username: are covered now. I added some additional checks for count(..) as you requested.

@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 29, 2026
Closed
@pedroigor pedroigor enabled auto-merge (rebase) April 29, 2026 18:10
@pedroigor pedroigor merged commit 8b357d6 into keycloak:main Apr 29, 2026
93 of 95 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pedroigor pedroigor pedroigor approved these changes

+1 more reviewer

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@pedroigor pedroigor

Labels

flaky-test team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow user search by direct lookup via username and email

6 participants

@thomasdarimont @nowheresly @pedroigor @ssilvert @edewit @stianst