Email validation for managed members should only fail if it does not match the domain set to a broker #29460
Assignees
Labels
action/priority-important
kind/enhancement
Categorizes a PR related to an enhancement
release/25.0.0
Comments
pedroigor
added
kind/enhancement
pedroigor
added a commit
to pedroigor/keycloak
that referenced
this issue
May 11, 2024
…match the domain set to a broker Closes keycloak#29460 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
ahus1
pushed a commit
that referenced
this issue
May 14, 2024
…match the domain set to a broker Closes #29460 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Initially, we were forcing members to use an email domain that must match one of the domains set to an organization.
As we updated the user profile validator to skip this validation for unmanaged members (e.g.: existing realm users added as a member) as per #29023, we need to also skip validations for managed members if their respective identity provider does not have a domain set.
This should also make the validation consistent with the
OrganizationAuthenticatorwhere users are not automatically redirected if the identity provider does not have a domain set.Discussion
No response
Motivation
No response
Details
No response
The text was updated successfully, but these errors were encountered: