We've planned to add support for having non-unique email addresses. The idea would be to have an option on a realm to configure if login permits username/email, username or email. The email field on users would still have to have a unique constraint as removing that results in not being able to guarantee email uniqueness. Instead we planned to have contact email address which would be non-unique. You can workaround this though as it's already possible to add custom attributes (to add contact email) and change the email sender so Keycloak supports sending email to contact email attribute if set. On 23 May 2016 at 05:03, Nidhi Rachora <nidhirachora(a)gmail.com&gt; wrote: > Hi Keycloak Team, > > I am working on migrating an existing application to Keycloak. In the > existing application, unique ‘member_ids’ are used as usernames and the > ‘email’ field can be duplicate. However on logging into Keycloak, members > with duplicate emails are not allowed. So I have identified two areas to > work on: > > Task I) Allow members with unique member ids (who may/ maynot have unique > email) to login. > Task II) Disable login using email. > > Solution: > So as a solution to the first task, in my CustomUserFederation, I have > made the following changes: > > //Code snippet 1 CustomFederationProvider implements > UserFederationProvider{ > . . > @Override > public UserModel getUserByUsername(RealmModel realm, String username) { > . . > if (apiCustomer.getEmailAddresses() != null && > apiCustomer.getEmailAddresses().size() > 0) { > // Changed to handle duplicate emails using: Sub-addressing, so email: > mailid@domain is saved as mailid+member_id@domain > userModel.setEmail( > subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(), > userModel.getMember_id())); > } > . . > } > } > > //Code snippet 2 > CustomUserModelDelegate extends UserModelDelegate { > . . > @Override > public String getEmail() { > String email = super.getEmail(); try { > // Changed to handle duplicate emails using: Sub-addressing, so while > retrieving email: mailid+member_id@domain is processed as mailid@domain > > email = removeSubaddress(email); > } catch (Exception e) { > ... > } > return email; > } > . . > } > > Now my queries are: > > 1.) Will my solution of sub-addressing the email resolve the first issue > without any side-effects? > 2.) How do I disable logging in using emails from Keycloak? > > Regards, > Nidhi Rachora > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

On 23 May 2016 at 18:44, Niels Bertram <nielsbne(a)gmail.com&gt; wrote: > Are you suggesting that the email field will no longer be able to be > populated by the user if the realm is configured to use username only for > login? > Yes, the email field with the unique constraint would only be used for "login email". Then there would be an attribute or another field for contact email. > > In the current form, we would still have to populate the current "email" > field in the user model with a unique email address, which we dont have > for > our users. Or at least lets say we don't want to resort to a hack in the > User Federation Provider and add random snippets into the email address > using a fringe feature of the email spec. > Why? The email field is optional, just leave it blank. Then use an attribute as I suggested. > > On Mon, May 23, 2016 at 3:27 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; > wrote: > >> We've planned to add support for having non-unique email addresses. The >> idea would be to have an option on a realm to configure if login permits >> username/email, username or email. The email field on users would still >> have to have a unique constraint as removing that results in not being >> able >> to guarantee email uniqueness. Instead we planned to have contact email >> address which would be non-unique. >> >> You can workaround this though as it's already possible to add custom >> attributes (to add contact email) and change the email sender so >> Keycloak >> supports sending email to contact email attribute if set. >> >> On 23 May 2016 at 05:03, Nidhi Rachora <nidhirachora(a)gmail.com&gt; wrote: >> >>> Hi Keycloak Team, >>> >>> I am working on migrating an existing application to Keycloak. In the >>> existing application, unique ‘member_ids’ are used as usernames and the >>> ‘email’ field can be duplicate. However on logging into Keycloak, >>> members >>> with duplicate emails are not allowed. So I have identified two areas >>> to >>> work on: >>> >>> Task I) Allow members with unique member ids (who may/ maynot have >>> unique email) to login. >>> Task II) Disable login using email. >>> >>> Solution: >>> So as a solution to the first task, in my CustomUserFederation, I have >>> made the following changes: >>> >>> //Code snippet 1 CustomFederationProvider implements >>> UserFederationProvider{ >>> . . >>> @Override >>> public UserModel getUserByUsername(RealmModel realm, String username) { >>> . . >>> if (apiCustomer.getEmailAddresses() != null && >>> apiCustomer.getEmailAddresses().size() > 0) { >>> // Changed to handle duplicate emails using: Sub-addressing, so email: >>> mailid@domain is saved as mailid+member_id@domain >>> userModel.setEmail( >>> subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(), >>> userModel.getMember_id())); >>> } >>> . . >>> } >>> } >>> >>> //Code snippet 2 >>> CustomUserModelDelegate extends UserModelDelegate { >>> . . >>> @Override >>> public String getEmail() { >>> String email = super.getEmail(); try { >>> // Changed to handle duplicate emails using: Sub-addressing, so while >>> retrieving email: mailid+member_id@domain is processed as mailid@domain >>> >>> email = removeSubaddress(email); >>> } catch (Exception e) { >>> ... >>> } >>> return email; >>> } >>> . . >>> } >>> >>> Now my queries are: >>> >>> 1.) Will my solution of sub-addressing the email resolve the first >>> issue >>> without any side-effects? >>> 2.) How do I disable logging in using emails from Keycloak? >>> >>> Regards, >>> Nidhi Rachora >>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >