How do i replace user id of keycloak , which is UUID with IDP's user email address

I want email address coming from IDP to be treated as user ID in Keycloak.

Today when user signs in , Keycloak creates an user entry and populates user id with unique UUID. Thats the default behaviour. How can i override this so that Email id returned by IDP becomes the userId in the Keycloak DB.

Thanks in advance


you can’t. The UUID is the primary key for the user and application critical.
To change this you would have to rewrite a lot of the code of Keycloak.

You can however under realm -> login [tab] set the email address as the username for a user.

Why would you even want to do this? It doesn’t make sense from any point of view.

On a separate note, wouldn’t there be a performance issue using UUID string as primary keys for keycloak tables? They would eat up so much memory (32 bytes) when referred in multiple tables as foreign keys. Is this intentional and why?

I think they did this because it’s the easiest way to create a unique identifier that you can use across instances that is unidentifiable and can be used without external methods to create an unidentifiable id. Sequential id’s are always to be avoided.
I do agree on the performance side of things though and you could probably use better methods but that requires extra work.

@zonaut Thanks for your reply. But they could have used UUID in binary format which would save half the space? These primary keys will also be added as clustered indices and those indices are copied into secondary indices so more memory is lost.