[keycloak-user] Disabling unique email restriction in Keycloak
Niels Bertram
nielsbne at gmail.com
Mon May 23 12:44:37 EDT 2016
Are you suggesting that the email field will no longer be able to be
populated by the user if the realm is configured to use username only for
login?
In the current form, we would still have to populate the current "email"
field in the user model with a unique email address, which we dont have for
our users. Or at least lets say we don't want to resort to a hack in the
User Federation Provider and add random snippets into the email address
using a fringe feature of the email spec.
On Mon, May 23, 2016 at 3:27 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> We've planned to add support for having non-unique email addresses. The
> idea would be to have an option on a realm to configure if login permits
> username/email, username or email. The email field on users would still
> have to have a unique constraint as removing that results in not being able
> to guarantee email uniqueness. Instead we planned to have contact email
> address which would be non-unique.
>
> You can workaround this though as it's already possible to add custom
> attributes (to add contact email) and change the email sender so Keycloak
> supports sending email to contact email attribute if set.
>
> On 23 May 2016 at 05:03, Nidhi Rachora <nidhirachora at gmail.com> wrote:
>
>> Hi Keycloak Team,
>>
>> I am working on migrating an existing application to Keycloak. In the
>> existing application, unique ‘member_ids’ are used as usernames and the
>> ‘email’ field can be duplicate. However on logging into Keycloak, members
>> with duplicate emails are not allowed. So I have identified two areas to
>> work on:
>>
>> Task I) Allow members with unique member ids (who may/ maynot have unique
>> email) to login.
>> Task II) Disable login using email.
>>
>> Solution:
>> So as a solution to the first task, in my CustomUserFederation, I have
>> made the following changes:
>>
>> //Code snippet 1 CustomFederationProvider implements
>> UserFederationProvider{
>> . .
>> @Override
>> public UserModel getUserByUsername(RealmModel realm, String username) {
>> . .
>> if (apiCustomer.getEmailAddresses() != null &&
>> apiCustomer.getEmailAddresses().size() > 0) {
>> // Changed to handle duplicate emails using: Sub-addressing, so email:
>> mailid at domain is saved as mailid+member_id at domain
>> userModel.setEmail(
>> subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(),
>> userModel.getMember_id()));
>> }
>> . .
>> }
>> }
>>
>> //Code snippet 2
>> CustomUserModelDelegate extends UserModelDelegate {
>> . .
>> @Override
>> public String getEmail() {
>> String email = super.getEmail(); try {
>> // Changed to handle duplicate emails using: Sub-addressing, so while
>> retrieving email: mailid+member_id at domain is processed as mailid at domain
>>
>> email = removeSubaddress(email);
>> } catch (Exception e) {
>> ...
>> }
>> return email;
>> }
>> . .
>> }
>>
>> Now my queries are:
>>
>> 1.) Will my solution of sub-addressing the email resolve the first issue
>> without any side-effects?
>> 2.) How do I disable logging in using emails from Keycloak?
>>
>> Regards,
>> Nidhi Rachora
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160524/b000bad9/attachment.html
More information about the keycloak-user
mailing list