Hi Keycloak Team,

I am working on migrating an existing application to Keycloak. In the existing application, unique ‘member_ids’ are used as usernames and the ‘email’ field can be duplicate. However on logging into Keycloak, members with duplicate emails are not allowed. So I have identified two areas to work on:

Task I) Allow members with unique member ids (who may/ maynot have unique email) to login.
Task II) Disable login using email.

Solution:
So as a solution to the first task, in my CustomUserFederation, I have made the following changes:

//Code snippet 1 CustomFederationProvider implements UserFederationProvider{
. .
@Override
public UserModel getUserByUsername(RealmModel realm, String username) {
. .
if (apiCustomer.getEmailAddresses() != null && apiCustomer.getEmailAddresses().size() > 0) {
// Changed to handle duplicate emails using: Sub-addressing, so email: mailid@domain is saved as mailid+member_id@domain
userModel.setEmail( subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(), userModel.getMember_id()));
}
. .
}
}

//Code snippet 2
CustomUserModelDelegate extends UserModelDelegate {
. .
@Override
public String getEmail() {
String email = super.getEmail(); try {
// Changed to handle duplicate emails using: Sub-addressing, so while retrieving email: mailid+member_id@domain is processed as mailid@domain

email = removeSubaddress(email);
} catch (Exception e) {
...
}
return email;
}
. .
}

Now my queries are:

1.) Will my solution of sub-addressing the email resolve the first issue without any side-effects?
2.) How do I disable logging in using emails from Keycloak?

Regards,
Nidhi Rachora