Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-3913

Email Not Persisted During Registration When "Email as Username" is Enabled and User Edit Permission is Disabled [GHI#43718]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      user-profile

      Describe the bug

      When Email as Username is enabled in the realm login settings and the user edit permission for the email attribute is disabled in the user profile settings, a critical bug occurs during the registration flow that results in data inconsistency and locks users out of profile updates.
      During registration, the email field is correctly displayed and editable (functioning as the username input). However, upon account creation, only the username attribute is persisted with the email value. The email attribute itself remains empty. This creates a state where the email is both required (as it serves as the username) and missing, while simultaneously being non-editable by the user due to the permission settings.

      Version

      26.4

      Regression

      [ ] The issue is a regression

      Expected behavior

      The email value entered during registration should be persisted to both the username field and the email attribute when the Email as username setting is turned on, regardless of the user permissions.

      Actual behavior

      • The email attribute remains empty in the user profile.
      • The username attribute is correctly populated with the email value entered during registration.
      • Upon accessing the Account Console, users see an incomplete profile with a missing required email field
      • When attempting to update their profile or perform actions requiring profile validation, users are prompted to fill in the required email attribute.
      • Because the email attribute is configured as non-editable for users, the form cannot be submitted.
      • Users are effectively locked out of all profile update functionality and any actions that trigger profile validation.

      How to Reproduce?

      1. Navigate to Realm Settings → Login and enable:

      - **Email as Username**
- **User Registration**

      3. Navigate to Realm Settings → User Profile, select the email attribute configuration, and disable the Edit permission for users
      4. Access the public registration form as an unauthenticated user
      5. Register a new account

      Anything else?

      No response

              Unassigned Unassigned
              pvlha Pavel Vlha
              Keycloak Core IAM
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: