I get unreliable results from Keycloak Admin REST API
/{realm}/clients/{id}/roles/{role-name}/users when users are in the hundreds.
Using a simple for loop with the keycloak-admin-client lib in java, I get a different results count from one run to another. For example, I get a different result before and after clicking 'synchronise all users' on one of the LDAP users federations...
Any idea why ?
So I went back to exporting via pgsql
SELECT username, first_name, last_name, email, cli.client_id, kr.name, r.name as realm_name, ua.value
FROM keycloak_role kr
JOIN user_role_mapping rm ON kr.id = rm.role_id
JOIN user_entity ue ON rm.user_id = ue.id
JOIN client cli ON cli.id = kr.client
JOIN realm r ON kr.realm_id=r.id
LEFT JOIN user_attribute ua ON ue.id = ua.user_id and ua.name='LDAP_ENTRY_DN'
WHERE kr.name IN ('ROLE_USER','ROLE_ADMIN') and r.name=$1
and cli.client_id IN (<list of clients>) order by username
(this question Keycloak - Get all Users mapped to roles didn't mention this problem though)
