Hi,
we have the following scenario:
- using LDAP as user federation
- our users are used to login with “firstname.lastname” to our other systems
- unfortunately, in our LDAP we have uid="firstname.lastname@ourdomain.com"
Can I somehow configure keycloaks login form / authentication to automatically add “@ourdomain.com” if the username is entered without domain so that KC can find it in LDAP?
What would be the easiest way? Could you give me a starting point?
I have these ideas:
- do it on the server in the form (means dealing with Java and somehow overriding UsernamePasswordForm?)
- somehow do it in the LDAP username field mapping (can we somehow use a regex for mapping and just strip away the domain?)
- quick and dirty: do it on the client in javascript before the login form is posted to KC
What do you think? What be the easiest way?
Thanks,
Jörg