<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";
mso-fareast-language:DE;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="color:black">Thanks Vlastimil</span><span lang="EN-US">,<span style="color:black"> this might be a
</span>good <span style="color:black">option for a transitional phase.</span><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I have created the feature request “KEYCLOAK-2141: The uniqueness of the email address should be configurable”. Concerning the contribution I would like to check our capacity, this might be a valid option. Therefor I
propose to shift the discussion about the contribution out of this mailing list. Let´s have a deeper discussion after you have checked the feature request.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks a lot,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Sebastian<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1A61A9"><o:p> </o:p></span></b></p>
<div style="mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal" style="border:none;padding:0cm"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1A61A9"><o:p> </o:p></span></b></p>
</div>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Vlastimil Elias [mailto:velias@redhat.com]
<br>
<b>Sent:</b> Thursday, November 26, 2015 3:02 PM<br>
<b>To:</b> Sebastian Olscher<br>
<b>Cc:</b> keycloak-user@lists.jboss.org<br>
<b>Subject:</b> Re: [keycloak-user] Email is unique within one realm<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Hi Sebastian,<br>
<br>
small hint out of Keycloak. Some email servers (eg gmail) allows you to use email addresses with unresolved part after + sign, like
</span><a href="mailto:sebastian.olscher+something@traveltainment.de"><span lang="EN-US">sebastian.olscher+something@traveltainment.de</span></a><span lang="EN-US">. Emails for this kind of address are delivered to "base" email
</span><a href="mailto:sebastian.olscher@traveltainment.de"><span lang="EN-US">sebastian.olscher@traveltainment.de</span></a><span lang="EN-US"> then. This may help you create more accounts with different emails delivered to same person.<br>
If your email server doesn't support this "dynamic" aliasing then it probably supports some "static" aliases defined by admin.<br>
<br>
</span>Vl.<br>
<br>
<b><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1A61A9"><o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Stian Thorgersen [mailto:sthorger@redhat.com]
<br>
<b>Sent:</b> Thursday, November 26, 2015 1:13 PM<br>
<b>To:</b> Sebastian Olscher<br>
<b>Cc:</b> keycloak-user@lists.jboss.org<br>
<b>Subject:</b> Re: [keycloak-user] Email is unique within one realm<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 26 November 2015 at 12:18, Sebastian Olscher <<a href="mailto:sebastian.olscher@traveltainment.de" target="_blank">sebastian.olscher@traveltainment.de</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Unfortunately this would also not solve the original issue: we are handling these accounts
like all other accounts and using standard Keycloak features which all bases on the email address. Would it be a smaller effort to handle this check on software level? You can configure the uniqueness of the email address in each realm, check this on software
level and delete the unique index in the database. Would that be manageable?</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">We can't guarantee that a email is unique without a constraint, as otherwise there's always a window where duplicates could be added. We can't remove the constraint either as the constraint applies to all realms, but further we can't change
the db schema based on configuration options on a realm.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">We would need to have a separate field in the db for non-unique email addresses. That's not really a big problem I think, but it would still be a fair bit of work to implement. We'd also need to have an option on a realm on what attribute
to use as username, options should be username/email, username or email.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">You can add a feature request, but ATM we're stretched rather thin so it would be a while until we could implement it. Unless you are willing to contribute it though? If you are then we should discuss how it should be done, and also need
to double check if there's any problems in adding it.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">“Email address unique or not?” – I have found a similar discussion and a recommendation
in the OpenId-Connect-Spezification:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">“Therefore, the only guaranteed unique identifier for a given End-User is the combination of the
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">iss</span><span lang="EN-US"> Claim and the
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">sub</span><span lang="EN-US"> Claim.
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">All other Claims carry no such guarantees across different issuers in terms of stability over time or uniqueness across users, and Issuers are permitted to apply
local restrictions and policies. For instance, an Issuer MAY re-use an </span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">email</span><span lang="EN-US"> Claim Value across different End-Users at different points in time, and the
claimed </span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">email</span><span lang="EN-US"> address for a given End-User MAY change over time. Therefore, other Claims such as
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">email</span><span lang="EN-US">,
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">phone_number</span><span lang="EN-US">, and
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">preferred_username</span><span lang="EN-US"> and MUST NOT be used as unique identifiers for the End-User. “ [OpenId-Connect Core Spzification 1.0 – 5.7 Calim
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Stability and Uniqueness]</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So, at this point, we have a local restriction of Keycloak which says that the email
claim has to be unique. This is absolutely compliant but as the example exactly describes the email case, I think others were also dealing with this topic. Because of this, the spezification recommends to make the email address not unique. What do you think,
would that be an option for a new feature?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Stian
Thorgersen [mailto:<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>]
<br>
<b>Sent:</b> Thursday, November 26, 2015 8:58 AM</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><br>
<b>To:</b> Sebastian Olscher<br>
<b>Cc:</b> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> Re: [keycloak-user] Email is unique within one realm<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I meant that you'd use the attribute option only for the "server accounts" where it's not the email of the user, but a contact email. For regular users you'd continue using the
email field. Would that work? You can even write a custom protocol mapper that takes either and adds it to the same claim in the token.<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The email field has a unique constraint in the database and that's not something we can enable/disable with a realm option. I think we'd have to add an additional field or store
the email as an attribute. Could be a bit messy and quite a bit of work to do.<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On 26 November 2015 at 08:29, Sebastian Olscher <<a href="mailto:sebastian.olscher@traveltainment.de" target="_blank">sebastian.olscher@traveltainment.de</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Unfortunately this is not easily possible because we want to use out-of-the-box features
such as „update profile email”, „reset password email” and others, where Keycloak uses the email address of the account.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As I understood the reason why the email address was designed as unique is that it could
be also used as the username. Would it be possible to implement this as a feature within the realm config? You can configure if you want to allow the usage of the email address as the username. If not, the email address has not to be unique. For us, this would
make totally sense and helps us to fulfill the requirement. Would that be possible if there are no other preventing side effects?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Stian Thorgersen [mailto:<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, November 25, 2015 8:31 PM</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
<b>To:</b> Sebastian Olscher<br>
<b>Cc:</b> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> Re: [keycloak-user] Email is unique within one realm<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">In that case could you just set the contact email address as an attribute instead? The email field has to be unique has it can be in place of username. You could even use protocol
mappers to map either email or the attribute to the same claim in the token.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On 25 November 2015 at 15:57, Sebastian Olscher <<a href="mailto:sebastian.olscher@traveltainment.de" target="_blank">sebastian.olscher@traveltainment.de</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This receives importance if we are talking about users which will be used by a system
and not a human person. These users may have the same responsible contact person as there is a system using this account and no real human. The contact person is identified by the email address. Our own specific information will be designed as user attributes.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">For example:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Username: sys_customer1</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Email address:
</span><span lang="EN-US"><a href="mailto:sebastian.olscher@traveltainment.de" target="_blank">sebastian.olscher@traveltainment.de</a>
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(Email address of the contact person who is responsible for this user)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">User attribute: Key=customer, Value=customer1</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Username: sys_customer2</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Email address:
</span><span lang="EN-US"><a href="mailto:sebastian.olscher@traveltainment.de" target="_blank">sebastian.olscher@traveltainment.de</a>
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(Email address of the contact person who is responsible for this user)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">User attribute: Key=customer, Value=customer2</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Stian
Thorgersen [mailto:<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, November 25, 2015 3:04 PM<br>
<b>To:</b> Sebastian Olscher<br>
<b>Cc:</b> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> Re: [keycloak-user] Email is unique within one realm</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">That's not possible at the moment. Out of curiosity why would you have two different accounts for the same person?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On 25 November 2015 at 15:01, Sebastian Olscher <<a href="mailto:sebastian.olscher@traveltainment.de" target="_blank">sebastian.olscher@traveltainment.de</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hello,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">the email address is unique within one realm. Is there a possibility to fulfill the requirement to have different user (different usernames) for different applications
within one realm which were managed and used by the same person/entity?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"><br>
For example:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Username: I_Am_An_Admin</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Email:
<a href="mailto:user@traveltainment.de" target="_blank">user@traveltainment.de</a></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">(gets roles for every client within the realm)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Username: I_Am_A_Normal_User</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Email:
<a href="mailto:user@traveltainment.de" target="_blank">user@traveltainment.de</a></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">(get roles from only one client within the realm)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Is this unambiguity of the email address configurable?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Sebastian</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>