diff --git a/app/models/user.rb b/app/models/user.rb
index 79eeb1f5..66bd7893 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -7,6 +7,12 @@ class User < ActiveRecord::Base
   include Sufia::User
   include Sufia::UserUsageStats
 
+  before_validation :generate_password, :on => :create
+
+  def generate_password
+    self.password = SecureRandom.urlsafe_base64(12)
+  end
+
   # Use the http header as auth.  This app will be behind a reverse proxy
   #   that will take care of the authentication.
   Devise.add_module(:http_header_authenticatable,
diff --git a/app/views/contact_form/new.html.erb b/app/views/contact_form/new.html.erb
index c5afe3ee..577d9ec3 100644
--- a/app/views/contact_form/new.html.erb
+++ b/app/views/contact_form/new.html.erb
@@ -5,7 +5,7 @@
 
 <% if user_signed_in? %>
   <% nm = '' %>
-  <% em = current_user.name + "@umich.edu" %>
+  <% em = current_user.user_key %>
 <% else %>
   <% nm = '' %>
   <% em = '' %>
@@ -41,4 +41,4 @@
       <% end %>
 
   </div>
-</div>
\ No newline at end of file
+</div>
diff --git a/lib/devise/behaviors/http_header_authenticatable_behavior.rb b/lib/devise/behaviors/http_header_authenticatable_behavior.rb
index 3b3addc8..616a501a 100644
--- a/lib/devise/behaviors/http_header_authenticatable_behavior.rb
+++ b/lib/devise/behaviors/http_header_authenticatable_behavior.rb
@@ -10,9 +10,10 @@ def valid_user?(headers)
 
     protected
 
+    # Remote user is coming back from cosign as uniquename.
+    # Append @umich.edu to this value to satisfy user model validations
     def remote_user(headers)
-      return headers['HTTP_X_REMOTE_USER'] if headers['HTTP_X_REMOTE_USER']
-      return headers['HTTP_REMOTE_USER'] if headers['HTTP_REMOTE_USER'] && Rails.env.development?
+      return "#{headers['HTTP_X_REMOTE_USER']}@umich.edu" if headers['HTTP_X_REMOTE_USER']
       return nil
     end