[keycloak-user] Email is unique within one realm

Stian Thorgersen sthorger at redhat.com
Thu Nov 26 02:58:14 EST 2015


I meant that you'd use the attribute option only for the "server accounts"
where it's not the email of the user, but a contact email. For regular
users you'd continue using the email field. Would that work? You can even
write a custom protocol mapper that takes either and adds it to the same
claim in the token.

The email field has a unique constraint in the database and that's not
something we can enable/disable with a realm option. I think we'd have to
add an additional field or store the email as an attribute. Could be a bit
messy and quite a bit of work to do.

On 26 November 2015 at 08:29, Sebastian Olscher <
sebastian.olscher at traveltainment.de> wrote:

> Unfortunately this is not easily possible because we want to use
> out-of-the-box features such as „update profile email”, „reset password
> email” and others, where Keycloak uses the email address of the account.
>
>
>
> As I understood the reason why the email address was designed as unique is
> that it could be also used as the username. Would it be possible to
> implement this as a feature within the realm config? You can configure if
> you want to allow the usage of the email address as the username. If not,
> the email address has not to be unique. For us, this would make totally
> sense and helps us to fulfill the requirement. Would that be possible if
> there are no other preventing side effects?
>
>
>
> *From:* Stian Thorgersen [mailto:sthorger at redhat.com]
> *Sent:* Wednesday, November 25, 2015 8:31 PM
>
> *To:* Sebastian Olscher
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Email is unique within one realm
>
>
>
> In that case could you just set the contact email address as an attribute
> instead? The email field has to be unique has it can be in place of
> username. You could even use protocol mappers to map either email or the
> attribute to the same claim in the token.
>
>
>
> On 25 November 2015 at 15:57, Sebastian Olscher <
> sebastian.olscher at traveltainment.de> wrote:
>
> This receives importance if we are talking about users which will be used
> by a system and not a human person. These users may have the same
> responsible contact person as there is a system using this account and no
> real human. The contact person is identified by the email address. Our own
> specific information will be designed as user attributes.
>
>
>
> For example:
>
>
>
> Username: sys_customer1
>
> Email address: sebastian.olscher at traveltainment.de (Email address of the
> contact person who is responsible for this user)
>
> User attribute: Key=customer, Value=customer1
>
>
>
> Username: sys_customer2
>
> Email address: sebastian.olscher at traveltainment.de (Email address of the
> contact person who is responsible for this user)
>
> User attribute: Key=customer, Value=customer2
>
>
>
> *From:* Stian Thorgersen [mailto:sthorger at redhat.com]
> *Sent:* Wednesday, November 25, 2015 3:04 PM
> *To:* Sebastian Olscher
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Email is unique within one realm
>
>
>
> That's not possible at the moment. Out of curiosity why would you have two
> different accounts for the same person?
>
>
>
> On 25 November 2015 at 15:01, Sebastian Olscher <
> sebastian.olscher at traveltainment.de> wrote:
>
> Hello,
>
>
>
> the email address is unique within one realm. Is there a possibility to
> fulfill the requirement to have different user (different usernames) for
> different applications within one realm which were managed and used by the
> same person/entity?
>
>
> For example:
>
>
>
> Username: I_Am_An_Admin
>
> Email: user at traveltainment.de
>
> (gets roles for every client within the realm)
>
>
>
> Username: I_Am_A_Normal_User
>
> Email: user at traveltainment.de
>
> (get roles from only one client within the realm)
>
>
>
> Is this unambiguity of the email address configurable?
>
>
>
> Thanks,
>
> Sebastian
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151126/5e2683ff/attachment-0001.html 


More information about the keycloak-user mailing list