I want to send an email to the registered user once the admin creates a new user saying that " the user successfully registered with the xyz email id.. " Is there any option to achieve this in keycloak 19.03 or above ?
Or Is it an out of box option in keycloak ?
Currently on initial login attempt, the newly created users can opt for forgot password and they will get a password reset link, through which them can login and verify their email. But welcome mail is possible ?
Any help is greatly appreciated !!
This is not an out of the box feature from Keycloak, but can be easily extended.
Step 1: Update your realm to record the events, show in below image.
Step 2: Extend the Event listener API from keycloak. You can find official guide here -> https://www.keycloak.org/docs/latest/server_development/#_events
Listen to user registration events and send appropriate emails.
Related
in keycloak by default verify email link will expire in 5 minutes.
Someone has created a XYZ account with this email address. If this was
you, click the link below to verify your email address
Link to e-mail address verification
This link will expire within 5 minutes.
If you didn't create this account, just ignore this message.
In template looks like this value is taken from somewhere:
https://github.com/keycloak/keycloak/blob/5c6b123aff9d004a3aa51cd3dfad4e021051fca1/themes/src/main/resources/theme/base/email/messages/messages_en.properties#L2
How to increase that value ? Can not find it in admin panel..
thanks
ok I found it
in Realm Settings -> Tokens and under
User-Initiated Action Lifespan
We have a PHP/MySQL based User Management System and are integrating it with Keycloak version 16 where we will store users credentials.
Our application does not allow users to self register. We create user accounts on the system. When we do this we do NOT specify a password because we want users to set up their own password.
The current system sends 2 separate emails in 2 different circumstances regarding passwords:
If it's a completely new user who does NOT have an existing password, we send them a link to set up a password.
If it's an existing user who already has a password, the system allows them to reset it, e.g. if they forget their password and can't login.
Keycloak seems to cater for scenario (2) because the login forms have a forgotten password link which opens a form where the user can enter their email address and receive a link which lets them do (2).
Unfortunately it doesn't deal with scenario (1) very well and that's where our problem starts. This has been asked a while ago Send password forgotten mail but it seems that Keycloak didn't support this very well in 2020 and perhaps still doesn't now.
Our "workaround" to this was that we added custom email templates and a custom page (reference: Themes on https://www.keycloak.org/docs/latest/server_development/#emails) which includes wording that caters for both scenarios, e.g. "set your password" rather than "reset your (existing) password". The result of this is that our email and form now reads appropriately for both scenarios (1) and (2).
The problem
We want to be able to send a link to the user that allows them to set their initial password to cover scenario (1).
We know that this page exists because on the login page for Keycloak there is a link to the forgotten password form that handles scenario (2). However, the form requires the user to enter their email address and submit the form. The user then receives an email from Keycloak which contains a URL to the page where they can do this. The URL has the following format:
https://example.com/auth/realms/foo/login-actions/action-token?key=...
The key= contains a ~945 character token. Going to the URL above redirects to the form where the user can reset their password. This next URL does not contain a token but a cookie has been set in the browser - by the previous URL - which makes it functional:
https://example.com/auth/realms/foo/login-actions/required-action?execution=UPDATE_PASSWORD
We can't send either of these URLs to the user because the first one (containing key=) has no API method for us to find out what it is - it's only possible to generate this by going through the "forgotten password" step during login, in the browser.
The second URL (/login-actions/required-action...) won't work either because it relies on the previous URL (containing key=) setting the cookie in the browser. If you try and go to this second URL directly (i.e. bypassing the first URL) it will error.
So neither of these URLs will work because we can't find what the first one is programmatically, and we can't use the second one without knowing the first one.
I found https://lists.jboss.org/pipermail/keycloak-user/2018-October/015910.html and the suggestion is using the Keycloak API to trigger a password reset email. This works - sending an HTTP PUT request containing 'UPDATE_PASSWORD' along with the relevant user ID sends the user an email. The request endpoint has the format PUT /{realm}/users/{id}/execute-actions-email which is documented on the link above.
Up to here all is fine - the user gets an email. However, this email does NOT contain a link that goes directly to the "reset password" page! Instead it sends them an email containing the following text:
Your administrator has just requested that you update your account by performing the following action(s): Update Password. Click on the link below to start this process.
Link to account update
When the user clicks "Link to account update" it then shows them a web page like this:
It is only when they click on the link on this page (the one that says "click here to proceed" on the screenshot) that they arrive at the form where they can reset their password.
This is a really poor user experience because the user gets sent a (badly worded) email with a link to... a page with another link! It should just take them to the password reset page directly. What's more frustrating is the fact that Keycloak is clearly capable of generating/sending the exact email we'd like in this scenario: the one which gets sent when a user manually does a password reset via their browser.
So the problem seems that Keycloak's API doesn't support this incredibly important and common use-case of a user being able to set an initial password, in a user-friendly manner.
I am adding the js script in the template to automatically click "click here to proceed". It's ugly but at least the user doesn't see the page
I have some issue with User Account Settings. (Drupal 8)
Normaly there is a possibility to change the content on every mail...but it's does not work.
If an user register to my website (from a front form) a different email is send than the one i configure here:
enter image description here
Someone ?
The Welcome (new user created by administrator) email template (as its label says) is for accounts created by admin, not for users who manually register on your site.
The email template your users are receiving is Welcome (awaiting approval) or Welcome (no approval required), depending on whether administrator approval is required or not.
Keycloak sends out duplicate emails when you hit Forgot password button right after user session expired and you want to login again.
It might be configuration issue with Keycloak but it is quite annoying so any help would be appreciated.
Keycloak client is set to public and used in combination javascript adapter on mobile app.
Steps to reproduce:
Login with your user account using public client.
Wait for your access token to expire and you will need to login again.
Go to login page and instead of login hit Forgot password button.
Enter your email and hit submit.
You get your first forgot password email.
You will be redirected to login-page-expired and on "click here" link.
You get your second password email (which shouldn't happen).
Used Keycloak version is 12.0.1.
i want to stop this functionality of Activation Email. when i tried to register an account locally, it shows activation error. i want to remove these functionality. how can i do that ?
thanks in advance.
Notice: Could not instantiate mail function.
error : " Registration failed: An error was encountered while sending the registration email. A message has been sent to the administrator of this site ".
bellow answer works as it stops activation email and register user with activated account... but still shows this notice... what should i do ???
In the Joomla backend, go to:
Users (top menu) >> User Manager >> Options
and there is a parameter called New User Account Activation. Set this to none
Hoipe this helps