<div dir="ltr"><span style="font-size:12.8px">We've planned to add support for having non-unique email addresses. The idea would be to have an option on a realm to configure if login permits username/email, username or email. The email field on users would still have to have a unique constraint as removing that results in not being able to guarantee email uniqueness. Instead we planned to have contact email address which would be non-unique.</span><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">You can workaround this though as it's already possible to add custom attributes (to add contact email) and change the email sender so Keycloak supports sending email to contact email attribute if set.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 23 May 2016 at 05:03, Nidhi Rachora <span dir="ltr"><<a href="mailto:nidhirachora@gmail.com" target="_blank">nidhirachora@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Hi Keycloak Team,</p>
<p dir="ltr">I am working on migrating an existing application to Keycloak. In the existing application, unique ‘member_ids’ are used as usernames and the ‘email’ field can be duplicate. However on logging into Keycloak, members with duplicate emails are not allowed. So I have identified two areas to work on: </p>
<p dir="ltr">Task I) Allow members with unique member ids (who may/ maynot have unique email) to login.<br>
Task II) Disable login using email. </p>
<p dir="ltr">Solution: <br>
So as a solution to the first task, in my CustomUserFederation, I have made the following changes: </p>
<p dir="ltr">//Code snippet 1 CustomFederationProvider implements UserFederationProvider{ <br>
        .         .         <br>
@Override         <br>
public UserModel getUserByUsername(RealmModel realm, String username) {                 <br>
.                 .                 <br>
if (apiCustomer.getEmailAddresses() != null && apiCustomer.getEmailAddresses().size() > 0) {                         <br>
// Changed to handle duplicate emails using: Sub-addressing, so email: mailid@domain is saved as mailid+member_id@domain                         <br>
userModel.setEmail( subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(), userModel.getMember_id()));                 <br>
}                 <br>
.                 .         <br>
} <br>
} </p>
<p dir="ltr">//Code snippet 2 <br>
CustomUserModelDelegate extends UserModelDelegate {         <br>
.         .         <br>
@Override         <br>
public String getEmail() {                 <br>
String email = super.getEmail();                 try {                         <br>
// Changed to handle duplicate emails using: Sub-addressing, so while retrieving email: mailid+member_id@domain is processed as mailid@domain<br>
        <br>
email = removeSubaddress(email);                 <br>
} catch (Exception e) {<br>
                        ...                 <br>
}                 <br>
return email;         <br>
}         <br>
.         . <br>
} </p>
<p dir="ltr">Now my queries are: </p>
<p dir="ltr">1.) Will my solution of sub-addressing the email resolve the first issue without any side-effects? <br>
2.) How do I disable logging in using emails from Keycloak?</p>
<p dir="ltr">Regards,<br>
Nidhi Rachora</p>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>