[keycloak-user] Disabling unique email restriction in Keycloak

Thu May 26 04:41:42 EDT 2016

Thank you, that solved the issue.

On 5/25/16, Stian Thorgersen <sthorger at redhat.com> wrote:
> On 23 May 2016 at 18:44, Niels Bertram <nielsbne at gmail.com> wrote:
>
>> Are you suggesting that the email field will no longer be able to be
>> populated by the user if the realm is configured to use username only for
>> login?
>>
>
> Yes, the email field with the unique constraint would only be used for
> "login email". Then there would be an attribute or another field for
> contact email.
>
>
>>
>> In the current form, we would still have to populate the current "email"
>> field in the user model with a unique email address, which we dont have
>> for
>> our users. Or at least lets say we don't want to resort to a hack in the
>> User Federation Provider and add random snippets into the email address
>> using a fringe feature of the email spec.
>>
>
> Why? The email field is optional, just leave it blank. Then use an
> attribute as I suggested.
>
>
>>
>> On Mon, May 23, 2016 at 3:27 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> We've planned to add support for having non-unique email addresses. The
>>> idea would be to have an option on a realm to configure if login permits
>>> username/email, username or email. The email field on users would still
>>> have to have a unique constraint as removing that results in not being
>>> able
>>> to guarantee email uniqueness. Instead we planned to have contact email
>>> address which would be non-unique.
>>>
>>> You can workaround this though as it's already possible to add custom
>>> attributes (to add contact email) and change the email sender so
>>> Keycloak
>>> supports sending email to contact email attribute if set.
>>>
>>> On 23 May 2016 at 05:03, Nidhi Rachora <nidhirachora at gmail.com> wrote:
>>>
>>>> Hi Keycloak Team,
>>>>
>>>> I am working on migrating an existing application to Keycloak. In the
>>>> existing application, unique ‘member_ids’ are used as usernames and the
>>>> ‘email’ field can be duplicate. However on logging into Keycloak,
>>>> members
>>>> with duplicate emails are not allowed. So I have identified two areas
>>>> to
>>>> work on:
>>>>
>>>> Task I) Allow members with unique member ids (who may/ maynot have
>>>> unique email) to login.
>>>> Task II) Disable login using email.
>>>>
>>>> Solution:
>>>> So as a solution to the first task, in my CustomUserFederation, I have
>>>> made the following changes:
>>>>
>>>> //Code snippet 1 CustomFederationProvider implements
>>>> UserFederationProvider{
>>>> . .
>>>> @Override
>>>> public UserModel getUserByUsername(RealmModel realm, String username) {
>>>> . .
>>>> if (apiCustomer.getEmailAddresses() != null &&
>>>> apiCustomer.getEmailAddresses().size() > 0) {
>>>> // Changed to handle duplicate emails using: Sub-addressing, so email:
>>>> mailid at domain is saved as mailid+member_id at domain
>>>> userModel.setEmail(
>>>> subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(),
>>>> userModel.getMember_id()));
>>>> }
>>>> . .
>>>> }
>>>> }
>>>>
>>>> //Code snippet 2
>>>> CustomUserModelDelegate extends UserModelDelegate {
>>>> . .
>>>> @Override
>>>> public String getEmail() {
>>>> String email = super.getEmail(); try {
>>>> // Changed to handle duplicate emails using: Sub-addressing, so while
>>>> retrieving email: mailid+member_id at domain is processed as mailid at domain
>>>>
>>>> email = removeSubaddress(email);
>>>> } catch (Exception e) {
>>>> ...
>>>> }
>>>> return email;
>>>> }
>>>> . .
>>>> }
>>>>
>>>> Now my queries are:
>>>>
>>>> 1.) Will my solution of sub-addressing the email resolve the first
>>>> issue
>>>> without any side-effects?
>>>> 2.) How do I disable logging in using emails from Keycloak?
>>>>
>>>> Regards,
>>>> Nidhi Rachora
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>