diff --git a/src/main/java/org/gcube/idm/IdentityManagerResourceInitializer.java b/src/main/java/org/gcube/idm/IdentityManagerResourceInitializer.java
index 8c977fd..df04bf3 100644
--- a/src/main/java/org/gcube/idm/IdentityManagerResourceInitializer.java
+++ b/src/main/java/org/gcube/idm/IdentityManagerResourceInitializer.java
@@ -3,7 +3,6 @@ package org.gcube.idm;
 import javax.ws.rs.ApplicationPath;
 
 import org.gcube.idm.rest.TestRest;
-import org.gcube.idm.rest.UsersRest;
 import org.gcube.smartgears.annotations.ManagedBy;
 import org.glassfish.jersey.server.ResourceConfig;
 
@@ -15,7 +14,7 @@ import org.glassfish.jersey.server.ResourceConfig;
  // SMARTGEARS
 // legge i parametri del service da application.yaml
 
-// @ApplicationPath("/")
+@ApplicationPath("/")
 @ManagedBy(IdentityManagerdInitializator.class)
 public class IdentityManagerResourceInitializer extends ResourceConfig {
 	
diff --git a/src/main/java/org/gcube/idm/rest/TestRest.java b/src/main/java/org/gcube/idm/rest/TestRest.java
index 52cd995..64455bd 100644
--- a/src/main/java/org/gcube/idm/rest/TestRest.java
+++ b/src/main/java/org/gcube/idm/rest/TestRest.java
@@ -10,11 +10,11 @@ import com.webcohesion.enunciate.metadata.rs.ResourceGroup;
 import com.webcohesion.enunciate.metadata.rs.ResourceLabel;
 
 @Path("/test")
-@ResourceGroup("Comments APIs")
-@ResourceLabel("Comments APIs")
-// @RequestHeaders ({
-// 	  @RequestHeader( name = "Authorization", description = "Bearer token, see <a href=\"https://dev.d4science.org/how-to-access-resources\">https://dev.d4science.org/how-to-access-resources</a>")
-// })
+@ResourceGroup("test")
+@ResourceLabel("test")
+@RequestHeaders({
+        @RequestHeader( name = "Authorization", description = "Bearer token, see <a href=\"https://dev.d4science.org/how-to-access-resources\">https://dev.d4science.org/how-to-access-resources</a>")
+})
 public class TestRest {
 
 	@GET
diff --git a/src/main/java/org/gcube/idm/rest/UsersRest.java b/src/main/java/org/gcube/idm/rest/UsersRest.java
index 5833e4e..ab6f93f 100644
--- a/src/main/java/org/gcube/idm/rest/UsersRest.java
+++ b/src/main/java/org/gcube/idm/rest/UsersRest.java
@@ -1,36 +1,8 @@
 package org.gcube.idm.rest;
 
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
-
 import org.gcube.common.authorization.library.policies.Users;
-import org.gcube.common.security.Owner;
-import org.gcube.common.security.providers.SecretManagerProvider;
-import org.gcube.keycloak.KeycloakAPIFactory;
-import org.gcube.keycloak.KeycloakApiClient;
-import org.gcube.rest.ResponseBean;
-import org.gcube.smartgears.ContextProvider;
-import org.gcube.smartgears.context.application.ApplicationContext;
-import org.gcube.smartgears.security.SimpleCredentials;
-import org.gcube.smartgears.security.defaults.DefaultAuthorizationProvider;
-import org.gcube.smartgears.utils.InnerMethodName;
-import org.jboss.resteasy.spi.NotImplementedYetException;
-import org.keycloak.representations.idm.ClientRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
 import org.slf4j.LoggerFactory;
 
-import com.webcohesion.enunciate.metadata.rs.RequestHeader;
-import com.webcohesion.enunciate.metadata.rs.RequestHeaders;
-import com.webcohesion.enunciate.metadata.rs.ResourceGroup;
-import com.webcohesion.enunciate.metadata.rs.ResourceLabel;
-
 // @Path("2/users")
 // @ResourceGroup("Users APIs")
 // @ResourceLabel("Greetings APIs")
@@ -40,6 +12,7 @@ import com.webcohesion.enunciate.metadata.rs.ResourceLabel;
 public class UsersRest {
     private static final org.slf4j.Logger logger = LoggerFactory.getLogger(Users.class);
 
+    /* 
     // @GET
     // @Path("/get-usernames-by-role")
     // @Produces({ "application/json;charset=UTF-8", "application/vnd.api+json" })
@@ -70,7 +43,7 @@ public class UsersRest {
         return Response.status(status).entity(responseBean).build();
 
     }
-/* 
+
     private static List<UserRepresentation> searchByRole(KeycloackApiClient keycloackApiClient, String roleName) {
         logger.info("Searching by role: {}", roleName);
 
diff --git a/src/main/java/org/gcube/keycloak/KeycloakApiClient.java b/src/main/java/org/gcube/keycloak/KeycloakApiClient.java
index cdfee89..012e223 100644
--- a/src/main/java/org/gcube/keycloak/KeycloakApiClient.java
+++ b/src/main/java/org/gcube/keycloak/KeycloakApiClient.java
@@ -1,24 +1,108 @@
 package org.gcube.keycloak;
 
+import java.util.List;
+
+import org.gcube.common.authorization.library.policies.Users;
+import org.keycloak.OAuth2Constants;
 import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
+import org.keycloak.admin.client.resource.ClientResource;
+import org.keycloak.admin.client.resource.ClientsResource;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.slf4j.LoggerFactory;
 
 public class KeycloakApiClient {
+    private static final org.slf4j.Logger logger = LoggerFactory.getLogger(Users.class);
+
     public Keycloak kclient;
     public String realmName;
-    public String clientIdContext;
+    public String encodeContext;
     public String context;
 
-    public static String getClientIdContext(String context){
-		return context.replace("/", "%2F");
-	}
+    private String clientId;
+
+    public static String getClientIdContext(String context) {
+        return context.replace("/", "%2F");
+    }
+
+    public RealmResource getRealmKClient() {
+        return this.kclient.realm(this.realmName);
+    }
+
+    public static ClientRepresentation getClientReprByName(Keycloak keycloak, String realmName, String clientName) {
+        ClientsResource clients = keycloak.realm(realmName).clients();
+        return getClientReprByName(clients, clientName);
+    }
+
+    public static ClientRepresentation getClientReprByName(ClientsResource realmClient, String clientName) {
+        String clientIdContext = getClientIdContext(clientName);
+
+
+        // List<ClientRepresentation> clients_repr = realmClient.clients().findByClientId(clientIdContext);
+
+        // ClientRepresentation client = null;
+		// String id = "";
+
+        // // prende l'utlima della lista
+        // for (ClientRepresentation client_repr : clients_repr) {
+        //     logger.info("found client =" + client_repr.getClientId());
+        //     logger.info("found client id=" + client_repr.getId());
+        //     id = client_repr.getId();
+        //     return client_repr;
+        // }
+
+        //  Object clientApi = clients_repr.get(id);
+
+        return null;
+    }
+
 
     public KeycloakApiClient(Keycloak kclient, String realmName, String context) {
-        this.clientIdContext = getClientIdContext(context);
+        this.encodeContext = getClientIdContext(context);
         this.context = context;
         this.kclient = kclient;
         this.realmName = realmName;
+
+
         //ClientsResource clients = kclient.realm(realmName).clients().get*
         //clients.get(context);
-        
+    }
+
+    public static KeycloakApiClient getTestClient() {
+        String testServerUrl = "https://accounts.dev.d4science.org/"; // + "/auth" ???
+        String testRealmName = "d4science";
+        String testClientId = "id.d4science.org";
+        String testClientSecret = "09c26f24-3c65-4039-9fa0-e5cc4f4032cd";
+        String testContext = "/gcube/devsec/devVRE";
+
+        Keycloak keycloak = KeycloakBuilder.builder()
+                .serverUrl(testServerUrl)
+                .realm(testRealmName)
+                .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
+                .clientId(testClientId) //
+                .clientSecret(testClientSecret).build();
+
+
+                RealmResource realmclient = keycloak.realm(testRealmName);
+                ClientsResource clients = realmclient.clients();
+
+
+               
+
+             List<ClientRepresentation> ccc = keycloak.realm(testRealmName).clients().findByClientId( getClientIdContext(testContext));
+
+
+             String id = "";
+             for (ClientRepresentation client : ccc) {
+                 logger.info("found client ="+client.getClientId());
+                 logger.info("found client id="+client.getId());
+                 id =client.getId();
+             }
+
+            ClientResource c = keycloak.realm(testRealmName).clients().get(id);
+
+
+        return new KeycloakApiClient(keycloak, testRealmName, testContext);
     }
 }
diff --git a/src/main/java/org/gcube/keycloak/KeycloakUserController.java b/src/main/java/org/gcube/keycloak/KeycloakUserController.java
new file mode 100644
index 0000000..bb710e8
--- /dev/null
+++ b/src/main/java/org/gcube/keycloak/KeycloakUserController.java
@@ -0,0 +1,78 @@
+package org.gcube.keycloak;
+
+import java.util.List;
+
+import org.keycloak.admin.client.resource.ClientResource;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+
+
+/**
+ * 
+ 
+/2/users/get-profile // profilo utente corrente
+
+/2/users/get-all-usernames
+/2/users/get-all-fullnames-and-usernames
+/2/users/get-usernames-by-role
+/2/users/user-exists // https://howtodoinjava.com/devops/search-keycloak-users/
+
+// attenzione al risultato. vedere in seguito
+/2/users/get-oauth-profile  
+
+// eventualemente in seguito. da approfondire
+/2/users/get-custom-attribute
+/2/users/get-usernames-by-global-role
+
+/2/people/profile
+ * 
+ */
+public class KeycloakUserController {
+
+    // 
+    // get-usernames-by-role
+    public List<UserRepresentation> getUsersByRole(ClientResource clientApi, String roleName) {
+        return getUsersByRole(clientApi, roleName, 0, null);
+    }
+
+    public List<UserRepresentation> getUsersByRole(ClientResource clientApi, String roleName, Integer firstResult, Integer maxResults)  {
+        List<UserRepresentation> users = clientApi.roles().get(roleName).getUserMembers(firstResult, maxResults);
+        return users;
+    }
+
+    // users/get-all-usernames
+    // users/get-all-fullnames-and-usernames
+    // users/user-exists
+    public UserRepresentation getUserByUsername(RealmResource realmApi, String username) throws Exception {
+        List<UserRepresentation> users = realmApi.users().search(username);
+        if (users.size() == 0){
+            return null;
+        }
+        if (users.size() > 1){
+            throw new Exception("multiple users found for username " + username);
+        }
+        return users.get(0);
+    }
+
+    // questi saranno implementati dalle API
+
+
+    // from realm
+    // public boolean checkUserExistsRealm(RealmResource realmApi, String username) {
+    //     List<UserRepresentation> users = realmApi.users().search(username);
+    //     return users.size() > 0;
+    // }
+
+    
+    // public String getEmailByUsername(RealmResource realmApi, String username) throws Exception {
+    //     UserRepresentation user = getUserByUsername(realmApi, username);
+    //     return user.getEmail();
+    // }
+
+
+    // public String getFullnamelByUsername(RealmResource realmApi, String username) throws Exception {
+    //     UserRepresentation user = getUserByUsername(realmApi, username);
+    //     return user.getFirstName() + user.getLastName();
+    // }
+}