Hello,
I don’t want users to use some specific email domains to registered.
Eg, reject all registration from @domain1.com or @domain2.net.
I’m not able to find a way to achieve that.
Do you have any clue ?
Regards,
Phan
There is no built-in functionality to do that.
You can override the registration flow with your own implementation of RegistrationProfile (keycloak/RegistrationProfile.java at master · keycloak/keycloak · GitHub) and check there for your blacklisted domains.
In the Keycloak 14 release, they added a declarative user profile (Server Administration Guide) which allows you to create validators for each field. I have not yet seen documentation on how to build these validators, so maybe one of the maintainers can chime in here. However, according to the documentation, you should be able to build a validator and then associate it with a field.
1 Like
Thanks for your advice
Following up, there was just a post on the mailing list from one of the maintainers who pointed to an example validator: keycloak/LengthValidator.java at 14.0.0 · keycloak/keycloak · GitHub
Looks like there are other examples of built-in validators in the same dir: keycloak/server-spi-private/src/main/java/org/keycloak/validate/validators at 14.0.0 · keycloak/keycloak · GitHub
I haven’t tried yet, but you probably need to implement org.keycloak.validate.ValidatorFactory and org.keycloak.validate.Validator and put the class name in META-INF/services/org.keycloak.validate.ValidatorFactory. The doValidate method is the only thing that needs your custom logic to blacklist domains.
1 Like