[keycloak-user] OIDC-IDP: dont want username to equal email

bob sheknowdas bob.skd at googlemail.com
Thu May 16 09:56:58 EDT 2019


 Hi,

I've written a custom OIDC-Provider and connected it to keycloak.
After the first login in via my provider, the user gets asked to enter a
username, email, first name and last name.

When sending no 'email' claim, the username is prefilled with what is in
the 'sub' claim.
But when sending an 'email' claim, the username is prefilled with the email.

How can I prefill the username with something else than my email, while
also sending an 'email' claim?

So far I've tried sending a 'name', a 'username' and a 'preferred_username'
claim  -  no success.

I figured out that the IdpReviewProfileAuthenticator checks for
isRegistrationEmailAsUsername().
So I've deactivated "Login with email" in my realm settings  -  no success.

Is there any way for keycloak to not use the 'email' claim for the username?

Best
Bob


More information about the keycloak-user mailing list