[keycloak-user] Verify email unwanted when users authenticate via Kerberos

Marek Posolda mposolda at redhat.com
Wed Feb 28 15:11:04 EST 2018


It's not available OOTB.

There are few extension points, which you can use to achieve that. For 
example:
- Create requiredAction (maybe subclass of existing VerifyEmail 
requiredAction), which will automatically "Approve" in case that user 
was imported from LDAP (or Kerberos) provider
- Create registration form action, which will add the requiredAction to 
the user in case they were registered through the registration form. 
This assumes that "Verify Email" option on realm level is off
- Create LDAP mapper, which will automatically set emailVerified to 
users imported from LDAP (assuming that you use LDAP provider with 
KErberos support. Not plain Kerberos provider)

Marek

On 27/02/18 21:55, Ruch Grégory wrote:
> Hi all,
>
> I have configured a realm in which I have allowed user registration and Kerberos authentication. For user registration I have activated email address verification. Now my issue is that when I do the first login through Kerberos I also need to validate the email address.
>
> I configured it in the same realm because I configured a SAML client application which both self-registered and Kerberos authenticated users need to access.
>
> What I want is having self-registered users validating their email address and authenticating themselves with username/password and accessing all trusted applications with SSO. I want to have “corporate” users authenticate with Kerberos and access all trusted applications (same applications as self-registered users).
>
> Is there another/ a right way to configure keycloak to do what I would like to do? Or should it be implemented as an option in ldap/Kerberos User federation provider such as “Trust email address” which will bypass the required action “verify email”?
>
> Thank you in advance for your help,
> Regards,
> Greg
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list