We don't have a way to toggle email validation per user federation
provider. I think there are two options for you:
1) Write an LDAPStorageMapper that hardcodes verify email to true on
import from ldap. Plug that in and configure it
2) Turn off realm email validation. Turn on email validation for social
providers. Write an extension to the Registration flow to perform email
validation.
On 8/16/17 9:39 PM, Adam Keily wrote:
Hi all,
Using rhsso7.1. I've configured a realm to federate users from LDAP (several thousand
existing corporate accounts) and allow registration of external users to the realm.
The realm is configured to verify email. I only want users who register using a form or
social IdP to have to verify their email though. With the realm setting 'Verify
Email=On', it is prompting my LDAP users to verify their corporate email the first
time they login.
Is there a simple way to prevent LDAP federated users from having to verify their email
address whilst still enforcing verification for registered accounts. With social IdP's
I can set them to trust email but is there a way to do something similar with ldap
federation users? Or would I need to build a custom user federation spi?
Thanks
Adam
--
Adam Keily
Identity and Access Management Specialist
Security and Architecture
The University of Adelaide
Phone: +61883139112
Mobile: +61438898513
adam.keily@adelaide.edu.au<mailto:adam.keily@adelaide.edu.au>
CRICOS Provider Number 00123M
-----------------------------------------------------------
IMPORTANT: This message may contain confidential or legally privileged information. If
you think it was sent to you by mistake, please delete all copies and advise the sender.
For the purposes of the SPAM Act 2003, this email is authorised by The University of
Adelaide.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user