This extension allows you to validate email domain used for registration in keycloak to accept only a finite list of domain.
You can use basic glob syntax
(only * and ? are supported)
The jar are deployed to Maven Central Repository here : https://repo1.maven.org/maven2/net/micedre/keycloak/keycloak-mail-whitelisting/
Simply drop the jar in the plugin directory, it will be automatically deployed by keycloak.
The plugin directory is $KEYCLOAK_HOME\standalone\deployments.
The plugin directory is $KEYCLOAK_HOME\providers.
- Go to the admin console, in authentication menu.
- Copy the registration flow
- add a new execution below "Profile Validation" and choose "Profile Validation With Email Domain Check"
- Set the execution "Required"
- Configure this new execution (otherwise, keycloak will only accept "exemple.org" domains)
- Change the registration binding to this new flow
- Configure the realm to accept registration and verify email (this is important!)
This extension provides the list of authorized patterns in the authorizedMailDomains attribute of the registration page.
This can be used like this :
<div class="${properties.kcLabelWrapperClass!}">
<label for="email" class="${properties.kcLabelClass!}">${msg("email")} (only ${authorizedMailDomains?join(", ")})</label>
</div>