Validation of RegistrationEmailAsUsername attribute #438
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… RegistrationAllowed
mrparkers
approved these changes
Dec 9, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background:
I want to have a realm, where
usernameandemailattributes have same value, registration is disabled and user is allowed to manage own email address. To achieve this configuration keycloak can be configured as followsAs a result, keycloak's account management page will allow user to manage own email address (but not username), and username will be updated automatically by keycloak upon change.
This configuration is of course not very intuitive, because
RegistrationEmailAsUsernameattribute should make sense only when registration is enabled, but in fact keycloak behaves just as described above. In order to achieve this from GUI,RegistrationAllowedcan be temporary enabled / disabled, which will allow settingRegistrationEmailAsUsernameto true.Current implementation of the provider does not allow setting
RegistrationEmailAsUsernameto true whenRegistrationAllowedis false, resulting invalidation error: RegistrationEmailAsUsername cannot be true if RegistrationAllowed is false. This change removes that condition.