<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 23 May 2016 at 18:44, Niels Bertram <span dir="ltr"><<a href="mailto:nielsbne@gmail.com" target="_blank">nielsbne@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Are you suggesting that the email field will no longer be able to be populated by the user if the realm is configured to use username only for login?<br></div></div></blockquote><div><br></div><div>Yes, the email field with the unique constraint would only be used for "login email". Then there would be an attribute or another field for contact email.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div></div><div><br></div>In the current form, we would still have to populate the current "email" field in the user model with a unique email address, which we dont have for our users. Or at least lets say we don't want to resort to a hack in the User Federation Provider and add random snippets into the email address using a fringe feature of the email spec. </div></blockquote><div><br></div><div>Why? The email field is optional, just leave it blank. Then use an attribute as I suggested. <br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 23, 2016 at 3:27 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span style="font-size:12.8px">We've planned to add support for having non-unique email addresses. The idea would be to have an option on a realm to configure if login permits username/email, username or email. The email field on users would still have to have a unique constraint as removing that results in not being able to guarantee email uniqueness. Instead we planned to have contact email address which would be non-unique.</span><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">You can workaround this though as it's already possible to add custom attributes (to add contact email) and change the email sender so Keycloak supports sending email to contact email attribute if set.</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 23 May 2016 at 05:03, Nidhi Rachora <span dir="ltr"><<a href="mailto:nidhirachora@gmail.com" target="_blank">nidhirachora@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><p dir="ltr">Hi Keycloak Team,</p>
<p dir="ltr">I am working on migrating an existing application to Keycloak. In the existing application, unique ‘member_ids’ are used as usernames and the ‘email’ field can be duplicate. However on logging into Keycloak, members with duplicate emails are not allowed. So I have identified two areas to work on: </p>
<p dir="ltr">Task I) Allow members with unique member ids (who may/ maynot have unique email) to login.<br>
Task II) Disable login using email. </p>
<p dir="ltr">Solution: <br>
So as a solution to the first task, in my CustomUserFederation, I have made the following changes: </p>
<p dir="ltr">//Code snippet 1 CustomFederationProvider implements UserFederationProvider{ <br>
. . <br>
@Override <br>
public UserModel getUserByUsername(RealmModel realm, String username) { <br>
. . <br>
if (apiCustomer.getEmailAddresses() != null && apiCustomer.getEmailAddresses().size() > 0) { <br>
// Changed to handle duplicate emails using: Sub-addressing, so email: mailid@domain is saved as mailid+member_id@domain <br>
userModel.setEmail( subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(), userModel.getMember_id())); <br>
} <br>
. . <br>
} <br>
} </p>
<p dir="ltr">//Code snippet 2 <br>
CustomUserModelDelegate extends UserModelDelegate { <br>
. . <br>
@Override <br>
public String getEmail() { <br>
String email = super.getEmail(); try { <br>
// Changed to handle duplicate emails using: Sub-addressing, so while retrieving email: mailid+member_id@domain is processed as mailid@domain<br>
<br>
email = removeSubaddress(email); <br>
} catch (Exception e) {<br>
... <br>
} <br>
return email; <br>
} <br>
. . <br>
} </p>
<p dir="ltr">Now my queries are: </p>
<p dir="ltr">1.) Will my solution of sub-addressing the email resolve the first issue without any side-effects? <br>
2.) How do I disable logging in using emails from Keycloak?</p>
<p dir="ltr">Regards,<br>
Nidhi Rachora</p>
<br></div></div><span>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></span></blockquote></div><br></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>