[keycloak-user] Disabling unique email restriction in Keycloak
Stian Thorgersen
sthorger at redhat.com
Wed May 25 01:16:52 EDT 2016
On 23 May 2016 at 18:44, Niels Bertram <nielsbne at gmail.com> wrote:
> Are you suggesting that the email field will no longer be able to be
> populated by the user if the realm is configured to use username only for
> login?
>
Yes, the email field with the unique constraint would only be used for
"login email". Then there would be an attribute or another field for
contact email.
>
> In the current form, we would still have to populate the current "email"
> field in the user model with a unique email address, which we dont have for
> our users. Or at least lets say we don't want to resort to a hack in the
> User Federation Provider and add random snippets into the email address
> using a fringe feature of the email spec.
>
Why? The email field is optional, just leave it blank. Then use an
attribute as I suggested.
>
> On Mon, May 23, 2016 at 3:27 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> We've planned to add support for having non-unique email addresses. The
>> idea would be to have an option on a realm to configure if login permits
>> username/email, username or email. The email field on users would still
>> have to have a unique constraint as removing that results in not being able
>> to guarantee email uniqueness. Instead we planned to have contact email
>> address which would be non-unique.
>>
>> You can workaround this though as it's already possible to add custom
>> attributes (to add contact email) and change the email sender so Keycloak
>> supports sending email to contact email attribute if set.
>>
>> On 23 May 2016 at 05:03, Nidhi Rachora <nidhirachora at gmail.com> wrote:
>>
>>> Hi Keycloak Team,
>>>
>>> I am working on migrating an existing application to Keycloak. In the
>>> existing application, unique ‘member_ids’ are used as usernames and the
>>> ‘email’ field can be duplicate. However on logging into Keycloak, members
>>> with duplicate emails are not allowed. So I have identified two areas to
>>> work on:
>>>
>>> Task I) Allow members with unique member ids (who may/ maynot have
>>> unique email) to login.
>>> Task II) Disable login using email.
>>>
>>> Solution:
>>> So as a solution to the first task, in my CustomUserFederation, I have
>>> made the following changes:
>>>
>>> //Code snippet 1 CustomFederationProvider implements
>>> UserFederationProvider{
>>> . .
>>> @Override
>>> public UserModel getUserByUsername(RealmModel realm, String username) {
>>> . .
>>> if (apiCustomer.getEmailAddresses() != null &&
>>> apiCustomer.getEmailAddresses().size() > 0) {
>>> // Changed to handle duplicate emails using: Sub-addressing, so email:
>>> mailid at domain is saved as mailid+member_id at domain
>>> userModel.setEmail(
>>> subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(),
>>> userModel.getMember_id()));
>>> }
>>> . .
>>> }
>>> }
>>>
>>> //Code snippet 2
>>> CustomUserModelDelegate extends UserModelDelegate {
>>> . .
>>> @Override
>>> public String getEmail() {
>>> String email = super.getEmail(); try {
>>> // Changed to handle duplicate emails using: Sub-addressing, so while
>>> retrieving email: mailid+member_id at domain is processed as mailid at domain
>>>
>>> email = removeSubaddress(email);
>>> } catch (Exception e) {
>>> ...
>>> }
>>> return email;
>>> }
>>> . .
>>> }
>>>
>>> Now my queries are:
>>>
>>> 1.) Will my solution of sub-addressing the email resolve the first issue
>>> without any side-effects?
>>> 2.) How do I disable logging in using emails from Keycloak?
>>>
>>> Regards,
>>> Nidhi Rachora
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160525/b7e6b705/attachment-0001.html
More information about the keycloak-user
mailing list