The admin API does not provide and endpoint such as /users where users can be queried from all realms under the master realm.
This would be very useful in multi-tenant situations where users need to be redirected to the right login url without having to remember the realm name. One example of this is the Office365 login page. The API should be able to resolve the realm a user belongs to, to achieve this (using the master realm credentials for example).
In the current situation, this would require the following:
- List all realms
- For each realm, test if user exist
- Return matching realm
This could become very slow with a large number of realms and users.
The desired situation would be:
- Query Keycloak with username/email on /users
- Keycloak returns the realm the user is in
If there is interest in this, I would be willing to work on this.