looorent
diff --git a/‎CHANGELOG.md‎
Lines changed: 17 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎Gemfile.lock‎
Lines changed: 1 addition & 1 deletion b/‎Gemfile.lock‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 12 additions & 1 deletion b/‎README.md‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎lib/keycloak-admin.rb‎
Lines changed: 4 additions & 0 deletions b/‎lib/keycloak-admin.rb‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎lib/keycloak-admin/client/organization_client.rb‎
Lines changed: 245 additions & 0 deletions b/‎lib/keycloak-admin/client/organization_client.rb‎
Lines changed: 245 additions & 0 deletions
diff --git a/‎lib/keycloak-admin/client/realm_client.rb‎
Lines changed: 4 additions & 0 deletions b/‎lib/keycloak-admin/client/realm_client.rb‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎lib/keycloak-admin/representation/identity_provider_representation.rb‎
Lines changed: 4 additions & 0 deletions b/‎lib/keycloak-admin/representation/identity_provider_representation.rb‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎lib/keycloak-admin/representation/member_representation.rb‎
Lines changed: 11 additions & 0 deletions b/‎lib/keycloak-admin/representation/member_representation.rb‎
Lines changed: 11 additions & 0 deletions
@@ -5,6 +5,23 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.6] - 2026-01-05
+
+* [Feature] Support for Organizations (Multi-tenancy):
+    * **Organization Management**:
+        * Supported operations: `create!`, `update`, `get`, `delete`, `list`, and `count`.
+        * Supported searching and filtering via `exact`, `query`, and `search` parameters.
+    * **Member Management**:
+        * Added ability to list organization members with pagination and filtering (`members`).
+        * Added `members_count` to retrieve the total number of members.
+        * Added `get_member`, `add_member` (by user ID), and `delete_member`.
+        * Added helper to find all organizations associated with a specific user: `associated_with_member`.
+    * **Invitations**:
+        * Added `invite_user`: Invites a new user via email/name.
+        * Added `invite_existing_user`: Invites an existing Keycloak user to the organization by ID.
+    * **Identity Provider (IdP) Linking**:
+        * Added methods to manage IdPs linked to an organization: `identity_providers`, `get_identity_provider`, `add_identity_provider`, and `delete_identity_provider`.
+
 ## [1.1.5] - 2026-01-05
 
 * [Feature] Added the ability to list credentials for a given user.
 
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    keycloak-admin (1.1.5)
+    keycloak-admin (1.1.6)
       http-cookie (~> 1.0, >= 1.0.3)
       rest-client (~> 2.0)
 
 
@@ -12,7 +12,7 @@ This gem *does not* require Rails.
 For example, using `bundle`, add this line to your Gemfile.
 
 ```ruby
-gem "keycloak-admin", "1.1.5"
+gem "keycloak-admin", "1.1.6"
 ```
 
 ## Login
@@ -135,6 +135,11 @@ All options have a default value. However, all of them can be changed in your in
 * Execute actions emails
 * Send forgot passsword mail
 * Client Authorization, create, update, get, delete Resource, Scope, Policy, Permission, Policy Enforcer
+* Get list of organizations, create/update/get/delete an organization
+* Get list of members of an organization, add/remove members
+* Invite new or existing users to an organization
+* List, add, and remove Identity Providers for an organization
+* Get list of organizations associated with a specific user
 
 ### Get an access token
 
@@ -252,6 +257,12 @@ user_id = "95985b21-d884-4bbd-b852-cb8cd365afc2"
 KeycloakAdmin.realm("a_realm").users.get_redirect_impersonation(user_id)
 ```
 
+### List all the organizations of a realm
+
+```ruby
+KeycloakAdmin.realm("a_realm").organizations.list
+```
+
 ### Exchange a configurable token
 
 *Requires your Keycloak server to have deployed the Custom REST API `configurable-token`* (https://github.com/looorent/keycloak-configurable-token-api)
 
@@ -7,6 +7,7 @@
 require_relative "keycloak-admin/client/client_role_mappings_client"
 require_relative "keycloak-admin/client/group_client"
 require_relative "keycloak-admin/client/realm_client"
+require_relative "keycloak-admin/client/organization_client"
 require_relative "keycloak-admin/client/role_client"
 require_relative "keycloak-admin/client/role_mapper_client"
 require_relative "keycloak-admin/client/token_client"
@@ -27,10 +28,13 @@
 require_relative "keycloak-admin/representation/impersonation_redirection_representation"
 require_relative "keycloak-admin/representation/impersonation_representation"
 require_relative "keycloak-admin/representation/credential_representation"
+require_relative "keycloak-admin/representation/organization_domain_representation"
+require_relative "keycloak-admin/representation/organization_representation"
 require_relative "keycloak-admin/representation/realm_representation"
 require_relative "keycloak-admin/representation/role_representation"
 require_relative "keycloak-admin/representation/federated_identity_representation"
 require_relative "keycloak-admin/representation/user_representation"
+require_relative "keycloak-admin/representation/member_representation"
 require_relative "keycloak-admin/representation/identity_provider_mapper_representation"
 require_relative "keycloak-admin/representation/identity_provider_representation"
 require_relative "keycloak-admin/representation/attack_detection_representation"
 
@@ -0,0 +1,245 @@
+module KeycloakAdmin
+  class OrganizationClient < Client
+    def initialize(configuration, realm_client)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+    end
+
+    # This endpoint does not return members
+    def list(brief_representation=true, exact=nil, first=nil, max=nil, query=nil, search=nil)
+      response = execute_http do
+        RestClient::Resource.new(organizations_url_with_parameters(brief_representation, exact, first, max, query, search), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |organization_as_hash| OrganizationRepresentation.from_hash(organization_as_hash) }
+    end
+
+    def count(exact=nil, query=nil, search=nil)
+      response = execute_http do
+        RestClient::Resource.new(count_url(exact, query, search), @configuration.rest_client_options).get(headers)
+      end
+      response.to_i
+    end
+
+    def delete(organization_id)
+      execute_http do
+        RestClient::Resource.new(organization_url(organization_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def update(organization_representation)
+      execute_http do
+        RestClient::Resource.new(organization_url(organization_representation.id), @configuration.rest_client_options).put(
+          create_payload(organization_representation), headers
+        )
+      end
+
+      get(organization_representation.id)
+    end
+
+    def create!(name, alias_name, enabled, description, redirect_url=nil, domains=[], attributes={})
+      save(build(name, alias_name, enabled, description, redirect_url, domains, attributes))
+    end
+
+    # This operation does not associate members and identity providers
+    def save(organization_representation)
+      execute_http do
+        RestClient::Resource.new(organizations_url, @configuration.rest_client_options).post(
+          create_payload(organization_representation), headers
+        )
+      end
+      true
+    end
+
+    def get(organization_id)
+      response = execute_http do
+        RestClient::Resource.new(organization_url(organization_id), @configuration.rest_client_options).get(headers)
+      end
+      OrganizationRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def identity_providers(organization_id)
+      response = execute_http do
+        RestClient::Resource.new(identity_providers_url(organization_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |idp_as_hash| IdentityProviderRepresentation.from_hash(idp_as_hash) }
+    end
+
+    def get_identity_provider(organization_id, identity_provider_alias)
+      raise ArgumentError.new("identity_provider_alias must be defined") if identity_provider_alias.nil?
+      response = execute_http do
+        RestClient::Resource.new("#{identity_providers_url(organization_id)}/#{identity_provider_alias}", @configuration.rest_client_options).get(headers)
+      end
+      IdentityProviderRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def add_identity_provider(organization_id, identity_provider_alias)
+      raise ArgumentError.new("identity_provider_alias must be defined") if identity_provider_alias.nil?
+      execute_http do
+        RestClient::Resource.new(identity_providers_url(organization_id), @configuration.rest_client_options).post(identity_provider_alias, headers)
+      end
+      true
+    end
+
+    def delete_identity_provider(organization_id, identity_provider_alias)
+      execute_http do
+        RestClient::Resource.new(identity_provider_url(organization_id, identity_provider_alias), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def members_count(organization_id)
+      response = execute_http do
+        RestClient::Resource.new(members_count_url(organization_id), @configuration.rest_client_options).get(headers)
+      end
+      response.to_i
+    end
+
+    def members(organization_id, exact=nil, first=nil, max=nil, membership_type=nil, search=nil)
+      response = execute_http do
+        RestClient::Resource.new(members_url_with_query_parameters(organization_id, exact, first, max, membership_type, search), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |member_as_hash| MemberRepresentation.from_hash(member_as_hash) }
+    end
+
+    def invite_existing_user(organization_id, user_id)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+      execute_http do
+        RestClient::Resource.new(invite_existing_user_url(organization_id), @configuration.rest_client_options).post({id: user_id}, headers.merge(content_type: "application/x-www-form-urlencoded"))
+      end
+      true
+    end
+
+    def invite_user(organization_id, email, first_name, last_name)
+      execute_http do
+        RestClient::Resource.new(invite_user_url(organization_id), @configuration.rest_client_options).post({
+          email: email,
+          firstName: first_name,
+          lastName: last_name
+        }, headers.merge(content_type: "application/x-www-form-urlencoded"))
+      end
+      true
+    end
+
+    def add_member(organization_id, user_id)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+      execute_http do
+        RestClient::Resource.new(members_url(organization_id), @configuration.rest_client_options).post(user_id, headers)
+      end
+      true
+    end
+
+    def delete_member(organization_id, member_id)
+      execute_http do
+        RestClient::Resource.new(member_url(organization_id, member_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def get_member(organization_id, member_id)
+      response = execute_http do
+        RestClient::Resource.new(member_url(organization_id, member_id), @configuration.rest_client_options).get(headers)
+      end
+      MemberRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def associated_with_member(member_id, brief_representation=true)
+      response = execute_http do
+        RestClient::Resource.new(associated_with_member_url(member_id, brief_representation), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |organization_as_hash| OrganizationRepresentation.from_hash(organization_as_hash) }
+    end
+
+    def organizations_url
+      "#{@realm_client.realm_admin_url}/organizations"
+    end
+
+    def organization_url(organization_id)
+      raise ArgumentError.new("organization_id must be defined") if organization_id.nil?
+      "#{organizations_url}/#{organization_id}"
+    end
+
+    def identity_providers_url(organization_id)
+      "#{organization_url(organization_id)}/identity-providers"
+    end
+
+    def identity_provider_url(organization_id, identity_provider_alias)
+      raise ArgumentError.new("identity_provider_alias must be defined") if identity_provider_alias.nil?
+      "#{identity_providers_url(organization_id)}/#{identity_provider_alias}"
+    end
+
+    def count_url(exact, query, search)
+      query_parameters = {exact: exact, q: query, search: search}.compact.to_a.map { |e| "#{e[0]}=#{e[1]}" }.join("&")
+      "#{organizations_url}/count?#{query_parameters}"
+    end
+
+    def organizations_url_with_parameters(brief_representation, exact, first, max, query, search)
+      query_parameters = {
+        briefRepresentation: brief_representation,
+        exact: exact,
+        first: first,
+        max: max,
+        q: query,
+        search: search
+      }.compact.to_a.map { |e| "#{e[0]}=#{e[1]}" }.join("&")
+      "#{organizations_url}?#{query_parameters}"
+    end
+
+    def associated_with_member_url(member_id, brief_representation=true)
+      "#{organizations_url}/members/#{member_id}/organizations?briefRepresentation=#{brief_representation}"
+    end
+
+    def members_count_url(organization_id)
+      "#{organization_url(organization_id)}/members/count"
+    end
+
+    def member_url(organization_id, member_id)
+      raise ArgumentError.new("member_id must be defined") if member_id.nil?
+      "#{organization_url(organization_id)}/members/#{member_id}"
+    end
+
+    def invite_existing_user_url(organization_id)
+      "#{organization_url(organization_id)}/members/invite-existing-user"
+    end
+
+    def invite_user_url(organization_id)
+      "#{organization_url(organization_id)}/members/invite-user"
+    end
+
+    def members_url(organization_id)
+      "#{organization_url(organization_id)}/members"
+    end
+
+    def members_url_with_query_parameters(organization_id, exact, first, max, membership_type, search)
+      query_parameters = {
+        exact: exact,
+        first: first,
+        max: max,
+        membershipType: membership_type,
+        search: search
+      }.compact.to_a.map { |e| "#{e[0]}=#{e[1]}" }.join("&")
+      "#{organization_url(organization_id)}/members?#{query_parameters}"
+    end
+
+    def build(name, alias_name, enabled, description, redirect_url=nil, domains=[], attributes={})
+      unless domains.is_a?(Array)
+        raise ArgumentError.new("domains must be an Array, got #{new_domains.class}")
+      end
+
+      unless domains.all? { |domain| domain.is_a?(KeycloakAdmin::OrganizationDomainRepresentation) }
+        raise ArgumentError.new("All items in domains must be of type OrganizationDomainRepresentation")
+      end
+
+      organization              = OrganizationRepresentation.new
+      organization.name         = name
+      organization.alias        = alias_name
+      organization.enabled      = enabled
+      organization.description  = description
+      organization.redirect_url = redirect_url
+      organization.domains      = domains
+      organization.attributes   = attributes
+      organization
+    end
+  end
+end
@@ -95,6 +95,10 @@ def identity_providers
       IdentityProviderClient.new(@configuration, self)
     end
 
+    def organizations
+      OrganizationClient.new(@configuration, self)
+    end
+
     def user(user_id)
       UserResource.new(@configuration, self, user_id)
     end
 
@@ -11,6 +11,7 @@ class IdentityProviderRepresentation < Representation
                   :add_read_token_role_on_create,
                   :authenticate_by_default,
                   :link_only,
+                  :organization_id,
                   :first_broker_login_flow_alias,
                   :config
 
@@ -30,6 +31,7 @@ def self.from_hash(hash)
           hash["addReadTokenRoleOnCreate"],
           hash["authenticateByDefault"],
           hash["linkOnly"],
+          hash["organizationId"],
           hash["firstBrokerLoginFlowAlias"],
           hash["config"]
         )
@@ -47,6 +49,7 @@ def initialize(alias_name,
                    add_read_token_role_on_create,
                    authenticate_by_default,
                    link_only,
+                   organization_id,
                    first_broker_login_flow_alias,
                    config)
       @alias                           = alias_name
@@ -60,6 +63,7 @@ def initialize(alias_name,
       @add_read_token_role_on_create   = add_read_token_role_on_create
       @authenticate_by_default         = authenticate_by_default
       @link_only                       = link_only
+      @organization_id                 = organization_id
       @first_broker_login_flow_alias   = first_broker_login_flow_alias
       @config                          = config || {}
     end
 
@@ -0,0 +1,11 @@
+module KeycloakAdmin
+  class MemberRepresentation < UserRepresentation
+    attr_accessor :membership_type
+
+    def self.from_hash(hash)
+      member                 = super(hash)
+      member.membership_type = hash["membershipType"]
+      member
+    end
+  end
+end