diff --git a/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java b/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
index 82eb005772cf996e7bb14cf86f6108aac5927695..a6c56c18c4126ed07665587dd5df798aff6f5c6d 100644
--- a/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
+++ b/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
@@ -58,6 +58,8 @@ class KeycloakUserRemoteService {
 	static final String SECRET_PASSWORD_FIELD = "password";
 	static final String SECRET_NAME_FIELD = "name";
 
+	private static final String USER_NAME_VALIDITY_REGEX = "[^a-zA-Z0-9]";
+
 	@Autowired
 	private Keycloak keycloak;
 	@Autowired
@@ -153,8 +155,10 @@ class KeycloakUserRemoteService {
 	}
 
 	private String generateRandomPasswordForKeycloak() {
+		log.log(Level.INFO, "Generate password...");
 		var upperCaseCharacter = RandomStringUtils.random(1).toUpperCase();
 		var randomString = RandomStringUtils.random(7);
+		log.log(Level.INFO, "Password generated: " + (upperCaseCharacter + randomString));
 		return upperCaseCharacter + randomString;
 	}
 
@@ -169,7 +173,11 @@ class KeycloakUserRemoteService {
 	}
 
 	private String buildCredentialSecretName(KeycloakUserSpecUser userSpec) {
-		return userSpec.getUsername().toLowerCase() + "-credentials";
+		return clarifyName(userSpec.getUsername().toLowerCase()) + "-credentials";
+	}
+
+	String clarifyName(String userName) {
+		return userName.replaceAll(USER_NAME_VALIDITY_REGEX, StringUtils.EMPTY);
 	}
 
 	private String getPasswordFromSecret(Resource<Secret> secret) {
diff --git a/src/main/java/de/ozgcloud/operator/keycloak/user/KubernetesRemoteService.java b/src/main/java/de/ozgcloud/operator/keycloak/user/KubernetesRemoteService.java
index 16809d1165ea70d78c1680e8f8d0f62f4adf00d6..25152788c269579086a747798e4ae0f3b08bebaf 100644
--- a/src/main/java/de/ozgcloud/operator/keycloak/user/KubernetesRemoteService.java
+++ b/src/main/java/de/ozgcloud/operator/keycloak/user/KubernetesRemoteService.java
@@ -18,7 +18,7 @@ class KubernetesRemoteService {
 	private KubernetesClient kubernetesClient;
 
 	public Resource<Secret> getSecret(String namespace, String name) {
-		log.log(Level.INFO, "Get " + name + "secret from " + namespace + " namespace.");
+		log.log(Level.INFO, "Get " + name + " secret from " + namespace + " namespace.");
 		return kubernetesClient.secrets().inNamespace(namespace).withName(name);
 	}
 
diff --git a/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteServiceTest.java b/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteServiceTest.java
index c7979cd0a6e41e62ff66ac1395afa41d5b028f1d..12b7fce2824570adf3867e619ca50c981d620fce 100644
--- a/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteServiceTest.java
+++ b/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteServiceTest.java
@@ -40,6 +40,8 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.resource.ClientsResource;
 import org.keycloak.admin.client.resource.RealmResource;
@@ -468,5 +470,25 @@ class KeycloakUserRemoteServiceTest {
 
 			verify(kubernetesRemoteService).getSecret(NAMESPACE, KeycloakUserSpecUserTestFactory.USERNAME + "-credentials");
 		}
+
+		@Test
+		void shouldClarifyUserName() {
+			userRemoteService.getUserSecret(OzgKeycloakUserSpecTestFactory.create(), NAMESPACE);
+
+			verify(userRemoteService).clarifyName(OzgKeycloakUserSpecTestFactory.KEYCLOAK_USER.getUsername().toLowerCase());
+		}
+	}
+
+	@DisplayName("Clarify name")
+	@Nested
+	class TestClarifyName {
+
+		@ValueSource(strings = { "_user_name_", ".user.name.", "-user-name-" })
+		@ParameterizedTest
+		void shouldReplaceForbiddenCharacter(String userName) {
+			var clarifiedName = userRemoteService.clarifyName(userName);
+
+			assertThat(clarifiedName).isEqualTo("username");
+		}
 	}
 }
\ No newline at end of file