[keycloak-user] User federation email verification

Bill Burke bburke at redhat.com
Wed Aug 16 23:08:40 EDT 2017 

We don't have a way to toggle email validation per user federation 
provider.  I think there are two options for you:

1) Write an LDAPStorageMapper that hardcodes verify email to true on 
import from ldap.  Plug that in and configure it
2) Turn off realm email validation.  Turn on email validation for social 
providers.  Write an extension to the Registration flow to perform email 
validation.



On 8/16/17 9:39 PM, Adam Keily wrote:
> Hi all,
>
> Using rhsso7.1. I've configured a realm to federate users from LDAP (several thousand existing corporate accounts) and allow registration of external users to the realm.
>
> The realm is configured to verify email. I only want users who register using a form or social IdP to have to verify their email though. With the realm setting 'Verify Email=On', it is prompting my LDAP users to verify their corporate email the first time they login.
>
> Is there a simple way to prevent LDAP federated users from having to verify their email address whilst still enforcing verification for registered accounts. With social IdP's I can set them to trust email but is there a way to do something similar with ldap federation users? Or would I need to build a custom user federation spi?
>
> Thanks
> Adam
>
> --
> Adam Keily
> Identity and Access Management Specialist
> Security and Architecture
> The University of Adelaide
> Phone: +61883139112
> Mobile: +61438898513
> adam.keily at adelaide.edu.au<mailto:adam.keily at adelaide.edu.au>
>
> CRICOS Provider Number 00123M
> -----------------------------------------------------------
> IMPORTANT: This message may contain confidential or legally privileged information. If you think it was sent to you by mistake, please delete all copies and advise the sender. For the purposes of the SPAM Act 2003, this email is authorised by The University of Adelaide.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list