Hello. I am trying to find how to create a custom uniqueness validator that can compare it’s own value or a combination of its own and another field against other user data.
What we are trying to accomplish is something like the uniqueness check built into Keycloak for the username or email as username field. But in this case we would like to ensure a user cannot sign up or change custom fields which already exists in our User database.
Is it possible to reach into the user database for checks like this on a custom validator?
I see examples of creating custom validators but these seem to only be checking the current input value against rules and not against already entered values by the user or users in general.
References:
You have access to the KeycloakSession from the ValidationContext.getSession() method. From there, you can access stored data using the providers. E.g. you can get access to users with validationContext.getSession().users().
Once I have a Validator like this written and I build to a JAR how does one deploy this validator to Keycloak? Is there documentation somewhere that I missed?
That is what I thought and I tried that. It shows that it loads up the custom SPIs but I don’t see them as an option in the Realm settings → User profile → Edit attribute → Add Validator drop down for attribute.
Log on start up:
2023-02-17 13:11:05 2023-02-17 21:11:05,156 WARN [org.keycloak.services] (build-26) KC-SERVICES0047: custom-phone-dob (com.github.thomasdarimont.keycloak.userprofile.validator.DOBPhoneValidator) is implementing the internal SPI validator. This SPI is internal and may change without notice
2023-02-17 13:11:05 2023-02-17 21:11:05,156 WARN [org.keycloak.services] (build-26) KC-SERVICES0047: custom-age (com.github.thomasdarimont.keycloak.userprofile.validator.AgeValidator) is implementing the internal SPI validator. This SPI is internal and may change without notice
I also had this problem with the custom validator not being present in the UI. But try adding it manually via the JSON Editor, you will notice that it is working correctly.
Yes implementing ConfiguredProvider works. Thank you @edewit
For future readers you just need to implement ConfiguredProvider and both methods getHelpText() and getConfigProperties().
Get Help Text will provide the description of the validator and Get Config Properties allows setting up the modal and information for passed in properties. It is helpful to look into Keycloak’s source code for examples such as PersonNameProhibitedCharactersValidator.java.