[keycloak-user] Uniqueness of user properties
Stian Thorgersen
sthorger at redhat.com
Tue Apr 12 03:03:15 EDT 2016
On 12 April 2016 at 08:58, Guus der Kinderen <guus.der.kinderen at gmail.com>
wrote:
> Hmm... that rename route is disabled by default though?
>
Yes
>
> Also, when deleting a user, are we guaranteed that all user artifacts are
> removed? I'd hate to see another user (years later) have access to things
> simply because he picked a previously used name. Then again, most artifacts
> (if not all) will probably be linked through the ID, not username.
>
Everything in Keycloak is linked through ID, not username. Obviously you
may use username in your app rather than ID, in which case that may be a
problem in your app. In that case you should probably disable a
decommissioned user rather than disable or change your app.
>
> On 12 April 2016 at 06:32, Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> There's an option to enable users to change their username. Enabling that
>> could result in a user renaming the username, then another user taking the
>> same username. There's also the situation where a user with a specific
>> username is deleted, then another user is created with the same username
>> (maybe years after).
>>
>> On 12 April 2016 at 01:31, Guus der Kinderen <guus.der.kinderen at gmail.com
>> > wrote:
>>
>>> Thanks for the feedback, Niels,
>>>
>>> I am primarily concerned about the email address, but as another
>>> attribute than the username is used to identify things, I thought I'd make
>>> sure and include that in the question too.
>>>
>>> At some point, my customer will probably want non-unique email
>>> addresses. It's good to know it's at least on the roadmap.
>>>
>>> Regards,
>>>
>>> Guus
>>>
>>> On 12 April 2016 at 00:50, Niels Bertram <nielsbne at gmail.com> wrote:
>>>
>>>> Hi Guus,
>>>>
>>>> I can't see how you could manage non-uniqueness of the username as you
>>>> will need at least one user side unique identifier to drive forget password
>>>> flow. But the option to have email non-unique has been discussed a while
>>>> back in the user forum and there is this open Jira
>>>> https://issues.jboss.org/browse/KEYCLOAK-2141.
>>>>
>>>> We have been looking at non-unique emails and essentially one will have
>>>> to remove the functionality of using email as a form of login from the
>>>> login flow leaving the user to only be able to use their assigned or
>>>> selected username as option. We have been trying to "hack" the codebase a
>>>> bit but have not been too successful in getting keycloak to work properly
>>>> with non-unique emails :( ...
>>>>
>>>> Cheers,
>>>> Niels
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Apr 12, 2016 at 3:08 AM, Guus der Kinderen <
>>>> guus.der.kinderen at gmail.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> Keycloak uses a UUID value to identify a uses. Basic questions:
>>>>> through some form of configuration:
>>>>>
>>>>> - Can more than two users exist that have an identical username?
>>>>> - Can more than two users exist that have an identical email
>>>>> address?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Guus
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160412/26231a02/attachment.html
More information about the keycloak-user
mailing list