12:13 a.m.
If user#1 has the username 'user(a)host.com' with no email, and user#2 has
the email 'user(a)host.com', user#1 would not be able to login.
In this case user#1 would have to contact the admin who would have to
change the username or add an email.
This issue was reported a while back by our QE [1], but AFAIK no actual
users have run into this problem and it seems unlikely that it'll be a real
problem.
I'm leaning towards just closing this issue as won't fix.
Best ideas I have for solving is:
1. Make sure username can't match email of another user. Not sure how we
could do this as I'm pretty sure that couldn't be done with SQL.
2. Add a code check for for the above. It won't be guaranteed, but maybe
good enough?
3. Add option to set if realm should allow login by "Username and email",
"Username only" or "Email only". For the "Username and
email" option we
should document the fact that this issue can happen and that email always
wins.
[1] https://issues.jboss.org/browse/KEYCLOAK-4466
6:20 a.m.
New subject: Can't login with email as username if another user has same email
I could also imagine enforcing in the server that whenever a user has an email as the
username, it is always identical to the email address.
However, that change might be problematic considering all the existing data...
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Engineering and Support (INST/ESY1)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY |
www.bosch-si.com
Tel. +49 30 726112-485 | Fax +49 30 726112-100 | Sebastian.Schuster(a)bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.-Ing. Rainer
Kallenbach, Michael Hahn
-----Original Message-----
From: keycloak-dev-bounces(a)lists.jboss.org [mailto:keycloak-dev-bounces@lists.jboss.org]
On Behalf Of Stian Thorgersen
Sent: Freitag, 10. November 2017 07:14
To: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Subject: [keycloak-dev] Can't login with email as username if another user has same
email
If user#1 has the username 'user(a)host.com' with no email, and user#2 has the email
'user(a)host.com', user#1 would not be able to login.
In this case user#1 would have to contact the admin who would have to change the username
or add an email.
This issue was reported a while back by our QE [1], but AFAIK no actual users have run
into this problem and it seems unlikely that it'll be a real problem.
I'm leaning towards just closing this issue as won't fix.
Best ideas I have for solving is:
1. Make sure username can't match email of another user. Not sure how we could do this
as I'm pretty sure that couldn't be done with SQL.
2. Add a code check for for the above. It won't be guaranteed, but maybe good enough?
3. Add option to set if realm should allow login by "Username and email",
"Username only" or "Email only". For the "Username and
email" option we should document the fact that this issue can happen and that email
always wins.
[1] https://issues.jboss.org/browse/KEYCLOAK-4466
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
9:37 a.m.
That might be a good option. We could potentially do that only for new
users and leave existing users untouched during migration.
On 10 November 2017 at 13:20, Schuster Sebastian (INST/ESY1) <
Sebastian.Schuster(a)bosch-si.com> wrote:
I could also imagine enforcing in the server that whenever a user has
an
email as the username, it is always identical to the email address.
However, that change might be problematic considering all the existing
data...
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Engineering and Support (INST/ESY1)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
GERMANY | www.bosch-si.com
Tel. +49 30 726112-485 | Fax +49 30 726112-100 |
Sebastian.Schuster(a)bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung:
Dr.-Ing. Rainer Kallenbach, Michael Hahn
-----Original Message-----
From: keycloak-dev-bounces(a)lists.jboss.org [mailto:keycloak-dev-bounces@
lists.jboss.org] On Behalf Of Stian Thorgersen
Sent: Freitag, 10. November 2017 07:14
To: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Subject: [keycloak-dev] Can't login with email as username if another user
has same email
If user#1 has the username 'user(a)host.com' with no email, and user#2 has
the email 'user(a)host.com', user#1 would not be able to login.
In this case user#1 would have to contact the admin who would have to
change the username or add an email.
This issue was reported a while back by our QE [1], but AFAIK no actual
users have run into this problem and it seems unlikely that it'll be a real
problem.
I'm leaning towards just closing this issue as won't fix.
Best ideas I have for solving is:
1. Make sure username can't match email of another user. Not sure how we
could do this as I'm pretty sure that couldn't be done with SQL.
2. Add a code check for for the above. It won't be guaranteed, but maybe
good enough?
3. Add option to set if realm should allow login by "Username and email",
"Username only" or "Email only". For the "Username and
email" option we
should document the fact that this issue can happen and that email always
wins.
[1] https://issues.jboss.org/browse/KEYCLOAK-4466
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2601
days inactive
2604
days old
2 comments
2 participants
participants (2)
-
Schuster Sebastian (INST/ESY1) -
Stian Thorgersen