[keycloak-dev] Custom attributes on registration and account management

Stian Thorgersen sthorger at redhat.com
Thu Nov 5 06:03:52 EST 2015 

+1

I'd like to see the ability to define a "user profile" for the realm with
associated validators. This would also allow having a update profile
required action that could display a form if there are missing or invalid
profile information.

On 5 November 2015 at 11:46, Marek Posolda <mposolda at redhat.com> wrote:

> I wonder if we should improve handling of custom attributes in
> freemarker templates and their validation. Let's assume that I want to
> add custom attribute "birthday" and I want to add it to all screens
> where user can create/edit account. I can see those issues:
>
> - Admin will need to edit 3 separate freemarker templates (registration,
> account management, update profile page) to have this attribute
> displayed on all those places.
>
> - Missing validations. For registration screen, admin can implement his
> own validator through the Authentication SPI. But for account management
> and update profile it's currently no way to add custom validations. But
> for my "birthday" field, I usually want to have same custom validation
> applied on all 3 places
>
> - Built-in validations: Similarly like we have builtin password
> policies, we can provide some builtin validators for custom fields
> (mandatory, regex)
>
>
> I wonder if we should add the tab in admin console where people can
> specify:
>
> - Name of custom attribute and the type. Then we have some freemarker
> helper, which will render those attributes in all 3 places
> (registration, account mgmt, updateProfile). I believe something similar
> like Bill did for custom providers in admin console ( kc-provider-config
> directive) can work here too.
>
> - Define the validators applied to each field. Similarly like we have
> password/OTP policies, we can have "policies" for each custom attribute.
> We can provide "mandatory" and "regex" policy with possibility for
> people to add custom field validator implementations if they want.
>
>
> Not sure if this was already discussed before and just not implemented.
> However I think this will be useful and currently can't think of much
> reasons why it couldn't work?
>
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151105/23dc111e/attachment.html

More information about the keycloak-dev mailing list