
Why I can not reach this keycloak rest api end point?

I am trying to retrieve users list based on their roles. I have this role: ROLE_ADMIN. I would like to retrieve every user that have this role.

I try it with this endpoint:

but it sends me back this:

{ "error": "RESTEASY003210: Could not find resource for full path:" }

I found the endpoint here: under "Return List of Users that have the specified role name".

I can reach these end points for example:

What did I miss? What makes this to not work?

Thanks in advance.


  • Update: The /auth path was removed starting with Keycloak 17 Quarkus distribution. So you might need to remove the /auth from the endpoint calls presented on this answer.

    To get the users associate with a given Realm role you need to call the endpoint:

    GET <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>/roles/<ROLE_NAME>/users

    to get the users associate with a given Client role you need to call this endpoint:

    GET <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>/clients/<CLIENT_ID>/roles/<ROLE_NAME>/users

    where <CLIENT_ID> is the ID from the client to which the <ROLE_NAME> belongs to.

    Finally, to get the client ID, you can call this endpoint:

    GET <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>/clients?clientId=<ID_OF_CLIENT>

    Note that the client ID is the unique ID generated by Keycloak, whereas <ID_OF_CLIENT> is the Client ID that you have given to your Keycloak client.