Is KeyCloak authentication using Custom User Attribute possible? - keycloak

In KeyCloak, I want to add a new attribute for User, say Phone Number or MSISDN.
MSISDN will be added as a Custom attribute for a User.
Can I use this custom attribute as username to authenticate user on Login page? If it is possible, how can this be done?
Appreciate the response!

I think you'll probably have to write your own authentication SPI or user provider SPI to achieve this.
Once you have done this, you can configure the login function to take the custom attribute as of the username.

Related

How to get Github Provider User ID in keycloak?

I configure the Github Identity Provider in my Keycloak.
And now I just allow user browser when first login and create the user account manually first by myself.
But I found I need to configure the Provider User ID for the user first.
Do you know how to get this Provider User ID?
Thanks!
I tried to set registeration first then get ID to configure. But for other new user, I don't know how to do that.

Organize and validate companies in keycloak

I want to use Keycloak for my application. Since our current data model expects a user name, password and the abbreviation of a company, I would like to know if there is a way to add an additional parameter to the login screen in Keycloak where the abbreviation of the company has to be specified. During the authentication process it should be checked whether the user belongs to this company and if so, the token which is created should contain the company's abbreviation.
So far I manged to modify the login theme like this:
Login screen
I know it is possible to add additional information to a token via client scopes and attribute mappers, but as far as I know, this is only possible for single users.
Also I'd like to know, which is the best way to administrate companies in keycloak.
Thanks in advance.

Custom username in Keycloak

I want usernames (created using an algorithm) to be automatically assigned to users and want to allow login using both this username and email address. How do I do that in Keycloak?
You can use rest api to create user. This way you can use alghoritm to generate username. Documentation is here:
https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_users_resource
In the realm settings go to Login tab and enable Login with email

Keycloak disable user after registration

I'm new to keycloak and I thought this would be super easy, but I can't find a solution. If a new user registrate, he should be disabled by default, till an admin enables the user manually. Is there a simple solution for that? Thank you in advance and best wishes!
Create an SPI for RegistrationUserCreation where on processResponse you disable the user.
Then use this registration in the login flow.
if you look at keycloak server page https://www.keycloak.org/docs/6.0/server_admin/
in 4.8. User Registration, if a user is registered, he would not be disabled by default and there is no option for that. The only thing you can do is to require a few actions from user, like changing password or require email verification. Or you can disable the user from admin.
Think about it, if a new user goes through all the process to register just to be disabled y default, what's the point of enabling registration?

How to programmatically assign particular roles at user registration in Keycloak?

When a user registers with Keycloak I want to be able to assign one of a few different roles, determined by their selections at registration, but I can't see how to achieve this - any ideas?
You can't do that out of the box with Keycloak but you could implement your own Authentification provider, take a look here https://keycloak.gitbooks.io/documentation/content/server_development/topics/auth-spi.html