[keycloak-user] Disabling unique email restriction in Keycloak

Stian Thorgersen sthorger at redhat.com
Mon May 23 01:27:42 EDT 2016 

We've planned to add support for having non-unique email addresses. The
idea would be to have an option on a realm to configure if login permits
username/email, username or email. The email field on users would still
have to have a unique constraint as removing that results in not being able
to guarantee email uniqueness. Instead we planned to have contact email
address which would be non-unique.

You can workaround this though as it's already possible to add custom
attributes (to add contact email) and change the email sender so Keycloak
supports sending email to contact email attribute if set.

On 23 May 2016 at 05:03, Nidhi Rachora <nidhirachora at gmail.com> wrote:

> Hi Keycloak Team,
>
> I am working on migrating an existing application to Keycloak. In the
> existing application, unique ‘member_ids’ are used as usernames and the
> ‘email’ field can be duplicate. However on logging into Keycloak, members
> with duplicate emails are not allowed. So I have identified two areas to
> work on:
>
> Task I) Allow members with unique member ids (who may/ maynot have unique
> email) to login.
> Task II) Disable login using email.
>
> Solution:
> So as a solution to the first task, in my CustomUserFederation, I have
> made the following changes:
>
> //Code snippet 1 CustomFederationProvider implements
> UserFederationProvider{
> . .
> @Override
> public UserModel getUserByUsername(RealmModel realm, String username) {
> . .
> if (apiCustomer.getEmailAddresses() != null &&
> apiCustomer.getEmailAddresses().size() > 0) {
> // Changed to handle duplicate emails using: Sub-addressing, so email:
> mailid at domain is saved as mailid+member_id at domain
> userModel.setEmail(
> subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(),
> userModel.getMember_id()));
> }
> . .
> }
> }
>
> //Code snippet 2
> CustomUserModelDelegate extends UserModelDelegate {
> . .
> @Override
> public String getEmail() {
> String email = super.getEmail(); try {
> // Changed to handle duplicate emails using: Sub-addressing, so while
> retrieving email: mailid+member_id at domain is processed as mailid at domain
>
> email = removeSubaddress(email);
> } catch (Exception e) {
> ...
> }
> return email;
> }
> . .
> }
>
> Now my queries are:
>
> 1.) Will my solution of sub-addressing the email resolve the first issue
> without any side-effects?
> 2.) How do I disable logging in using emails from Keycloak?
>
> Regards,
> Nidhi Rachora
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160523/a9c84adb/attachment-0001.html

More information about the keycloak-user mailing list