> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update a realm

> Update the configuration for the specified realm.



## OpenAPI

````yaml /api-reference/5.9/fusion-api-api-docs.json put /realm-configs/{id}
openapi: 3.0.1
info:
  title: Fusion Proxy API
  description: Manage Fusion users, roles, realms, access tokens, and API keys.
  contact:
    name: Lucidworks
    url: www.lucidworks.com
    email: support@lucidworks.com
  license:
    name: License of API
    url: https://lucidworks.com/legal/developer-license-agreement/
  version: '5.9'
servers:
  - url: https://{FUSION HOST}/api
    description: Fusion
    variables:
      FUSION HOST:
        default: FUSION_HOST
        description: Your environment host.
security: []
tags:
  - name: Realm management
    description: >-
      Endpoints for creating, configuring, and managing authentication realms
      such as LDAP, SAML, OIDC, and others.
  - name: User management
    description: >-
      Endpoints for creating, updating, deleting, and retrieving Fusion users
      and their associated metadata.
  - name: Suggestions
    description: >-
      Endpoints that provide query suggestions or autocomplete results to
      improve search experiences.
  - name: API key management
    description: >-
      Endpoints for managing API keys used to authenticate Fusion services and
      integrations.
  - name: OAuth 2.0
    description: >-
      Endpoints that support OAuth 2.0 authentication, including token issuance
      and validation.
  - name: Role management
    description: >-
      Endpoints for creating and managing user roles and their associated
      permissions within Fusion.
  - name: System status
    description: >-
      Endpoints for retrieving basic system health, configuration, and
      authentication status.
externalDocs:
  description: Lucidworks Documentation
  url: https://doc.lucidworks.com/
paths:
  /realm-configs/{id}:
    put:
      tags:
        - Realm management
      summary: Update a realm
      description: Update the configuration for the specified realm.
      operationId: updateRealm
      parameters:
        - name: id
          description: >-
            The realm ID. Note that this is not always the same as the realm
            name. Use `GET /realm-configs/default` to get the list of realm
            names with their IDs.
          example: d8e2f424-73b4-4ef9-a789-497bc56e7975
          required: true
          in: path
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              anyOf:
                - $ref: '#/components/schemas/Realm'
                - $ref: '#/components/schemas/ApiKeyRealm'
                - $ref: '#/components/schemas/JWTRealm'
                - $ref: '#/components/schemas/KerberosRealm'
                - $ref: '#/components/schemas/LDAPRealm'
                - $ref: '#/components/schemas/OidcRealm'
                - $ref: '#/components/schemas/SAMLRealm'
                - $ref: '#/components/schemas/TrustedHTTPRealm'
            example:
              realmType: ldap
              id: df32cba0-5540-4d73-b769-9f4eaca45e11
              name: dev-ldap3
              enabled: false
              config:
                autoCreateUsers: true
                host: my.fusionhost.com
                ssl: true
                port: 10636
                login:
                  bindDnTemplate: uid={},ou=users,dc=security,dc=example,dc=com
        required: true
      responses:
        '200':
          description: OK
          content:
            application/json:
              example:
                realmType: ldap
                id: df32cba0-5540-4d73-b769-9f4eaca45e11
                name: dev-ldap3
                enabled: false
                createdAt: '2025-10-31T17:06:33Z'
                updatedAt: '2025-10-31T17:35:08Z'
                config:
                  autoCreateUsers: true
                  host: my.fusionhost.com
                  ssl: true
                  port: 10636
                  ephemeralUsers: false
                  login:
                    bindDnTemplate: uid={},ou=users,dc=security,dc=example,dc=com
        '404':
          description: Realm not found
components:
  schemas:
    Realm:
      title: Native realm
      required:
        - name
        - realmType
      type: object
      properties:
        id:
          type: string
        name:
          type: string
          description: >-
            The name of the realm. This name will appear on the login screen of
            the UI, and will appear in user records to identify the realm they
            belong to.
        enabled:
          type: boolean
          description: >-
            If **true**, the realm is available for users to use with system
            authentication.
        createdAt:
          type: string
          format: date-time
          example: '2025-09-23T17:48:07Z'
        updatedAt:
          type: string
          format: date-time
          example: '2025-10-31T12:28:04Z'
        realmType:
          type: string
          description: >-
            Use the `/realm-configs` endpoint to get the list of valid realm
            types.
          example: native
      discriminator:
        propertyName: realmType
    ApiKeyRealm:
      title: API key realm
      required:
        - name
      type: object
      allOf:
        - $ref: '#/components/schemas/Realm'
    JWTRealm:
      title: JWT realm
      required:
        - config
        - name
      type: object
      allOf:
        - $ref: '#/components/schemas/Realm'
        - type: object
          properties:
            roleNames:
              type: array
              items:
                type: string
              description: >-
                Indicates which roles are dynamically applied to users in the
                realm.
            config:
              $ref: '#/components/schemas/JwtRealmConfig'
    KerberosRealm:
      title: Kerberos realm
      required:
        - name
      type: object
      allOf:
        - $ref: '#/components/schemas/Realm'
        - type: object
          properties:
            roleNames:
              type: array
              items:
                type: string
              description: >-
                Indicates which roles are dynamically applied to users in the
                realm.
            config:
              $ref: '#/components/schemas/KerberosConfig'
    LDAPRealm:
      title: LDAP realm
      required:
        - config
        - name
      type: object
      allOf:
        - $ref: '#/components/schemas/Realm'
        - type: object
          properties:
            config:
              $ref: '#/components/schemas/LdapRealmConfig'
            roleNames:
              type: array
              items:
                type: string
              description: >-
                Indicates which roles are dynamically applied to users in the
                realm.
    OidcRealm:
      title: OIDC realm
      required:
        - config
        - name
      type: object
      allOf:
        - $ref: '#/components/schemas/Realm'
        - type: object
          properties:
            config:
              $ref: '#/components/schemas/OidcRealmConfig'
            roleNames:
              type: array
              items:
                type: string
              description: >-
                Indicates which roles are dynamically applied to users in the
                realm.
    SAMLRealm:
      title: SAML realm
      required:
        - config
        - name
      type: object
      allOf:
        - $ref: '#/components/schemas/Realm'
        - type: object
          properties:
            roleNames:
              type: array
              items:
                type: string
              description: >-
                Indicates which roles are dynamically applied to users in the
                realm.
            config:
              $ref: '#/components/schemas/SamlConfig'
    TrustedHTTPRealm:
      title: Trusted HTTP realm
      required:
        - name
      type: object
      allOf:
        - $ref: '#/components/schemas/Realm'
        - type: object
          properties:
            roleNames:
              type: array
              items:
                type: string
              description: >-
                Indicates which roles are dynamically applied to users in the
                realm.
            config:
              $ref: '#/components/schemas/TrustedConfig'
    JwtRealmConfig:
      required:
        - jwtIssuer
      type: object
      properties:
        autoCreateUsers:
          type: boolean
          description: >-
            Enables/disables the auto-creation of Fusion user accounts after
            users successfully authenticate for the first time.
        jwtIssuer:
          type: string
        signingKey:
          type: string
        jwkSetUri:
          type: string
          description: The URL of the authorization server’s JSON Web Key Set (JWKS).
        groups:
          $ref: '#/components/schemas/JwtGroups'
        userIdAttribute:
          type: string
        ephemeralUsers:
          type: boolean
          description: >-
            Prevents ephemeral users from being created in ZooKeeper during
            login. Enabling this property negates `config.autoCreateUsers`.
    KerberosConfig:
      required:
        - keytab
        - principal
      type: object
      properties:
        autoCreateUsers:
          type: boolean
          description: >-
            Enables/disables the auto-creation of Fusion user accounts after
            users successfully authenticate for the first time.
        principal:
          type: string
        keytab:
          type: string
        nameRules:
          type: string
    LdapRealmConfig:
      required:
        - host
        - login
        - port
      type: object
      properties:
        autoCreateUsers:
          type: boolean
          description: >-
            Enables/disables the auto-creation of Fusion user accounts after
            users successfully authenticate for the first time.
        host:
          type: string
        ssl:
          type: boolean
        port:
          type: integer
          format: int32
        ephemeralUsers:
          type: boolean
          description: >-
            Prevents ephemeral users from being created in ZooKeeper during
            login. Enabling this property negates `config.autoCreateUsers`.
        login:
          $ref: '#/components/schemas/LdapLogin'
        groups:
          $ref: '#/components/schemas/LdapGroups'
        bind:
          $ref: '#/components/schemas/Bind'
    OidcRealmConfig:
      required:
        - clientId
        - code
        - jwkSetUri
        - scope
      type: object
      properties:
        autoCreateUsers:
          type: boolean
          description: >-
            Enables/disables the auto-creation of Fusion user accounts after
            users successfully authenticate for the first time.
        groups:
          $ref: '#/components/schemas/Groups'
        code:
          $ref: '#/components/schemas/Code'
        clientId:
          type: string
        jwkSetUri:
          type: string
          description: The URL of the authorization server’s JSON Web Key Set (JWKS).
        userIdAttribute:
          type: string
        rolesAttribute:
          type: string
        scope:
          type: array
          items:
            type: string
        ephemeralUsers:
          type: boolean
          description: >-
            Prevents ephemeral users from being created in ZooKeeper during
            login. Enabling this property negates `config.autoCreateUsers`.
        logoutUrl:
          type: string
        proxy:
          $ref: '#/components/schemas/Proxy'
    SamlConfig:
      required:
        - certificateFingerprint
        - idpUrl
        - issuer
      type: object
      properties:
        autoCreateUsers:
          type: boolean
          description: >-
            Enables/disables the auto-creation of Fusion user accounts after
            users successfully authenticate for the first time.
        idpUrl:
          type: string
        issuer:
          type: string
        appIssuer:
          type: string
        certificateFingerprint:
          type: string
        userIdAttribute:
          type: string
        redirectUrl:
          type: string
        groups:
          $ref: '#/components/schemas/SamlGroups'
        ephemeralUsers:
          type: boolean
          description: >-
            Prevents ephemeral users from being created in ZooKeeper during
            login. Enabling this property negates `config.autoCreateUsers`.
        logoutUrl:
          type: string
    TrustedConfig:
      required:
        - identityKey
      type: object
      properties:
        autoCreateUsers:
          type: boolean
          description: >-
            Enables/disables the auto-creation of Fusion user accounts after
            users successfully authenticate for the first time.
        identityKey:
          type: string
        allowedIps:
          type: array
          items:
            type: string
        trustedProxyHeaders:
          type: array
          items:
            type: string
        groups:
          $ref: '#/components/schemas/TrustedGroups'
        ephemeralUsers:
          type: boolean
          description: >-
            Prevents ephemeral users from being created in ZooKeeper during
            login. Enabling this property negates `config.autoCreateUsers`.
    JwtGroups:
      type: object
      properties:
        groupKey:
          type: string
        roleMapping:
          type: array
          items:
            type: array
            items:
              type: string
    LdapLogin:
      type: object
      properties:
        bindDnTemplate:
          type: string
        kerberos:
          $ref: '#/components/schemas/KerberosConfig'
        searchBind:
          $ref: '#/components/schemas/SearchBind'
    LdapGroups:
      required:
        - search
      type: object
      properties:
        search:
          $ref: '#/components/schemas/Search'
        roleMapping:
          type: array
          items:
            type: array
            items:
              type: string
    Bind:
      required:
        - dn
        - password
      type: object
      properties:
        dn:
          type: string
        password:
          type: string
    Groups:
      type: object
      properties:
        roleMapping:
          type: array
          items:
            type: array
            items:
              type: string
    Code:
      required:
        - authorizationUri
        - redirectUri
        - tokenUri
      type: object
      properties:
        clientSecret:
          type: string
          description: >-
            A secret value shared between the application and the authentication
            server.
        redirectUri:
          type: string
          description: The URI to which the user will be redirected to after logging in.
        authorizationUri:
          type: string
          description: The authorization server URI.
        tokenUri:
          type: string
          description: The URI to get access token from.
    Proxy:
      type: object
      properties:
        host:
          type: string
        port:
          type: integer
          format: int32
        user:
          type: string
        password:
          type: string
    SamlGroups:
      type: object
      properties:
        groupNameAttribute:
          type: string
        roleMapping:
          type: array
          items:
            type: array
            items:
              type: string
    TrustedGroups:
      required:
        - key
      type: object
      properties:
        key:
          type: string
        roleMapping:
          type: array
          items:
            type: array
            items:
              type: string
        delimiter:
          type: string
    SearchBind:
      required:
        - baseDn
        - filterTemplate
      type: object
      properties:
        baseDn:
          type: string
        filterTemplate:
          type: string
    Search:
      required:
        - baseDn
        - filterTemplate
        - groupNameAttribute
      type: object
      properties:
        baseDn:
          type: string
        groupNameAttribute:
          type: string
        filterTemplate:
          type: string
        subtree:
          type: boolean

````