We are experimenting with making the authorizableId and principalName the "username" and keeping the e-mail on the profile. Then, we'd maybe need to create some kind of custom auth handler that will translate the e-mail address to a username and log in. We made a servlet that will do just that and u...