Patch User Federation

Patch User Federation

Partially Update the requested user federation configuration. This request doesn't requires full object for update, individual object params can be updated.

Request
URI
PATCH
https://{api_host}/tcsa.host.com/tcsa/api/auth-management/v1/user-federations/{id}
COPY
Path Parameters
string
id
Required

User provider federation configuration id.


Request Body
UserFederationPatchRequest of type(s) application/json
Optional
{
    "name": "my-ldap-config",
    "enabled": true,
    "priority": 1,
    "import_enabled": true,
    "edit_mode": "READ_ONLY",
    "sync_registration": false,
    "vendor": "AD",
    "username_ldap_attribute": "cn",
    "rdn_ldap_attribute": "uid",
    "uuid_ldap_attribute": "uid",
    "user_object_classes": "inetOrgPerson, organizationalPerson",
    "connection_url": "http://<ip:port>",
    "users_dn": "ou=users,dc=tco,dc=com",
    "bind_type": "simple",
    "bind_dn": "ou=users",
    "bind_credential": "string",
    "advanced": {
        "start_tls": true
    },
    "mapper": [
        {
            "id": "c36fcf2c-ce24-4bae-beda-8161d4eb2883",
            "ldap_attribute": "cn",
            "name": "my-mapper"
        }
    ]
}
string
name
Optional

Name of the user-federation configuration

boolean
enabled
Optional

If provider is disabled, it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again. The values could be "true" or "false". The default is "true"

integer
priority
Optional

Priority of provider when doing a user lookup. Lower first.

boolean
import_enabled
Optional

If true, users will imported into keycloak DB and configured by the sync policies. The values could be "true" or "false". The default is "true"

string
edit_mode
Optional

There are 3 possible values, READ_ONLY,WRITABLE and UNSYNCED. READ_ONLY is read-only ldap store. WRITABLE means data will be synced back to the LDAP on demand and UNSYNCED means user data will be imported but not synced back to LDAP. DEFAULT is "READ_ONLY".

boolean
sync_registration
Optional

Should newly created user will be created with LDAP store. Priority effect which provider is chosen to sync new user. The setting is applied only for WRITABLE edit mode.

string
vendor
Optional

LDAP vendor (provider). For Active Directory use 'AD' and for 'Redhat directory server' use 'rhds'.

string
username_ldap_attribute
Optional

Name of LDAP attribute which is mapped as keycloak user name. For many LDAP server vendor it can be uid. For active directory it can be sAMAccountName" or cn. The attribute should be filed for all user records you want to import from LDAP to keycloak.

string
rdn_ldap_attribute
Optional

The name of attribute which is used as RDN(top attribute) of typical user DN. Usually its same as LDAP Username attribute, however its not required. For example for Active directory its common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.

string
uuid_ldap_attribute
Optional

Name of the LDAP attribute which is used as unique object identifier for objects in LDAP.

string
user_object_classes
Optional

All values of LDAP Object class attribute for users in LDAP divided by comma.

string
connection_url
Optional

Connection url to your ldap server.

string
users_dn
Optional

Full DN of LDAP tree where your users are.

string
bind_type
Optional

Type of Authentication method used during LDAP bind operation.Supported values are 'simple' and 'none'. Default is 'simple'

string
bind_dn
Optional

DN of ldap admin which will be used by Keycloak to access LDAP server.

string
bind_credential
Optional

Password of LDAP admin.

advanced
Optional

The request body contains advanced parameter to configure user preference.

mapper
Optional

mapper

Authentication
This operation uses the following authentication methods.
Responses
204

No content

Operation doesn't return any data structure

400

Invalid Request sent by the user

Operation doesn't return any data structure

401

User authentication failed

Operation doesn't return any data structure

403

Access to the requested resource/operation is forbidden

Operation doesn't return any data structure

404

Cannot find requested resource

Operation doesn't return any data structure

500

Internal server error

Operation doesn't return any data structure