<div dir="ltr"><div>Would be very helpful, indeed!</div><div><br></div><div>Additionally I'd recommend to use the recaptcha support see:</div><div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/recaptcha.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/recaptcha.html</a></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-02-24 11:53 GMT+01:00 Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 24/02/16 11:49, Marek Posolda wrote:<br>
> +1 to create JIRA for it and have it somehow available OOTB.<br>
><br>
> As you mentioned, you can already customize registration flow and add<br>
> custom validation. But ATM this doesn't apply for account updates. So if<br>
> attacker registers with some "valid" email, but then login to account<br>
> management and change email to "<a href="mailto:evil@blacklisted.com">evil@blacklisted.com</a>" the validation<br>
> won't be applied.<br>
><br>
> Also the validation won't be applied to users registered through social,<br>
> so if you have "review profile" enabled, the attacker can register with<br>
> some valid facebook account, but then change email to<br>
> "<a href="mailto:evil@blacklisted.com">evil@blacklisted.com</a>" on the ReviewProfile page. This can be catched<br>
> again by creating custom authenticator for firstBrokerLogin flow. Bad<br>
> thing is, that you need separate validator for registration and separate<br>
> for social (and still the account update is not handled)<br>
><br>
> AFAIK we have JIRA to allow easily configure set of validators for some<br>
> fields, when validator will be applied to all of 3 usecases like:<br>
> - registration<br>
> - account update<br>
> - update profile required action (applies to reviewProfile after social too)<br>
><br>
> This will allow that you for example, you can specify regex for<br>
> "birthDay" field in one place in Keycloak admin console and the same<br>
> validator for "birthDay" field will be applied in all 3 places. We can<br>
> have same type of validator for email blacklisting/whitelisting IMO.<br>
</span>Found older thread when we discuss it -<br>
<a href="http://lists.jboss.org/pipermail/keycloak-dev/2015-November/005767.html" rel="noreferrer" target="_blank">http://lists.jboss.org/pipermail/keycloak-dev/2015-November/005767.html</a> .<br>
<span class="HOEnZb"><font color="#888888"><br>
Marek<br>
</font></span><div class="HOEnZb"><div class="h5">><br>
> Marek<br>
><br>
><br>
> On 24/02/16 11:00, Vlastimil Elias wrote:<br>
>> Hi,<br>
>><br>
>> Is there this feature (i was not able to find it) in Keycloak or is it<br>
>> planned (I was not able to find it in JIRA)?<br>
>><br>
>> It is extremely useful (mainly blacklisting) in some cases. Eg.<br>
>> yesterday we fought spammers in one of our public systems. Spammers<br>
>> registered lots of new users using disposable email service and then<br>
>> used them to create spam content. We blacklisted domains used by the<br>
>> disposable email service from registration, which stopped spammers<br>
>> immediately.<br>
>> We do not use Keycloak there yet, but maybe in future. Current system we<br>
>> use has blacklisting available OOTB.<br>
>><br>
>> Registration email whitelisting may be useful if you create service for<br>
>> eg. your employees only, and want them to register there with company<br>
>> emails only.<br>
>><br>
>> I think it should be possible to add new step into "Registration" flow<br>
>> to perform this blacklisting, we can do it yourself probably, but it<br>
>> should be cool to have this very useful feature present in the Keycloak<br>
>> out of the box.<br>
>><br>
>> WDYT about this feature, can I create jira feature request for it?<br>
>><br>
>> Vlastimil<br>
>><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>