[keycloak-user] Disabling unique email restriction in Keycloak

Nidhi Rachora nidhirachora at gmail.com
Sun May 22 23:03:55 EDT 2016


Hi Keycloak Team,

I am working on migrating an existing application to Keycloak. In the
existing application, unique ‘member_ids’ are used as usernames and the
‘email’ field can be duplicate. However on logging into Keycloak, members
with duplicate emails are not allowed. So I have identified two areas to
work on:

Task I) Allow members with unique member ids (who may/ maynot have unique
email) to login.
Task II) Disable login using email.

Solution:
So as a solution to the first task, in my CustomUserFederation, I have made
the following changes:

//Code snippet 1 CustomFederationProvider implements
UserFederationProvider{
. .
@Override
public UserModel getUserByUsername(RealmModel realm, String username) {
. .
if (apiCustomer.getEmailAddresses() != null &&
apiCustomer.getEmailAddresses().size() > 0) {
// Changed to handle duplicate emails using: Sub-addressing, so email:
mailid at domain is saved as mailid+member_id at domain
userModel.setEmail(
subaddress(apiCustomer.getEmailAddresses().get(0).getEmail(),
userModel.getMember_id()));
}
. .
}
}

//Code snippet 2
CustomUserModelDelegate extends UserModelDelegate {
. .
@Override
public String getEmail() {
String email = super.getEmail(); try {
// Changed to handle duplicate emails using: Sub-addressing, so while
retrieving email: mailid+member_id at domain is processed as mailid at domain

email = removeSubaddress(email);
} catch (Exception e) {
...
}
return email;
}
. .
}

Now my queries are:

1.) Will my solution of sub-addressing the email resolve the first issue
without any side-effects?
2.) How do I disable logging in using emails from Keycloak?

Regards,
Nidhi Rachora
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160523/9cca2332/attachment.html 


More information about the keycloak-user mailing list