keycloak - Email claim overrides username in keycloak
问题描述
I've written a custom OIDC-Provider and connected it to keycloak. After the first login in via my provider, the user gets asked to enter a username, email, first name and last name (first-broker-login-flow).
Usually the username is prefilled with what is in the 'sub' claim. But when sending an 'email' claim, the username is prefilled with the email.
How can I prefill the username with something else than my email, while also sending an 'email' claim?
So far I've tried sending a 'name', a 'username' and a 'preferred_username' claim - no success.
I figured out that the IdpReviewProfileAuthenticator checks for isRegistrationEmailAsUsername(). So I've deactivated "Login with email" in my realm settings - no success.
Is there any way for keycloak to not use the 'email' claim for the username?
解决方案
我想出了一个解决办法。在 keycloak 中,我为我的 oidc 提供程序创建了一个“用户名模板导入器”映射器,并将模板值设置为${CLAIM.sub}
.
在我看来,这不是最好的解决方案。但它一直有效,直到我想出一个更好的方法来做到这一点......
推荐阅读
- performance - 为什么在继续使用 jdbc 插入一行后在 oracle11g 中它变得很慢
- reactjs - React JS 中循环内的条件渲染
- azure-devops - 查询以根据过滤条件仅显示相关工作项
- node.js - 为什么 async/await exec 不输出标准输出
- amazon-web-services - Aws Lambda 显示进度
- vue.js - 如何在 v-for 循环中绑定 vue js 模板中的 css 类?
- javascript - Eloquent JS 中的逻辑运算符示例说明
- performance - unity 2d,多层背景透支
- java - 如何使用流获取嵌套集合中的所有元素
- javascript - 在小于其包含元素的居中图像上叠加文本