Login form: How to add domain to username if users do not enter it?


we have the following scenario:

Can I somehow configure keycloaks login form / authentication to automatically add “@ourdomain.com” if the username is entered without domain so that KC can find it in LDAP?
What would be the easiest way? Could you give me a starting point?

I have these ideas:

  • do it on the server in the form (means dealing with Java and somehow overriding UsernamePasswordForm?)
  • somehow do it in the LDAP username field mapping (can we somehow use a regex for mapping and just strip away the domain?)
  • quick and dirty: do it on the client in javascript before the login form is posted to KC

What do you think? What be the easiest way?