I’m troubleshooting various issues as I get my Keycloak instance running. I finally got my client to create users via the REST API and noticed that I’m not getting any confirmation emails from Keycloak (though the ‘test connection’ email function works in the web UI). Is this expected? Under what circumstances does Keyclok send emails?
Why should Keycloak send automatically emails?
Because of which config setting do you expect this behavior?
1 Like
Wow… way to talk down to a newcomer, dasniko!
As I said in my post, I don’t know whether or not I should expect Keycloak to send emails. That’s what I’m asking. To repeat myself: “Under what circumstances does Keycloak send emails?”
The server administration guide says, “Keycloak sends emails to users to verify their email addresses, when they forget their passwords, or when an administrator needs to receive notifications about a server event. To enable Keycloak to send emails, you provide Keycloak with your SMTP server settings.”
I created a new user and didn’t get an email asking the user to confirm his email address, so I posted my question.
I also just asked questions, because I wanted to know more about your expectation, so that I can give you the best answer. With which intonation you are reading those questions, I can’t know…
Keycloak doesn’t send out mails immediately when a user is created. And also this depends if you have the email verification enabled. You can do this in two ways: In Realm Settings → Login → Verify Email or with the Required Action “Verify Email”.
Both approaches will send an email to the user, if the user is not marked as “email verified” and is just trying to login. Required actions are fired at the end of an authentication flow and must be successfully solved, before.a user is completely authenticated.
Keycloak has no thing like “invitation” which will be sent when the user has been created and tell the user “hey, you have just been created, please do… whatever you expect”
But you can use the admin API right after creating a user to send a “credential reset” email with several required actions in it.
1 Like
I also just asked questions, because I wanted to know more about your expectation, so that I can give you the best answer. With which intonation you are reading those questions, I can’t know…
So that you are aware, your initial reply comes across as condescending and aggressive from the perspective of a neutral observer.
I’m also trying to send an email verification link to a user created with the admin client. I have added VERIFY_EMAIL to the required user actions, but after creating the user, the email address verification email is not sent. I then triggered a password reset, for which the user received an email, and only once the password was reset the user receives the email to validate his email address. So if I understand correctly. Is there no other way to send the validation email directly after creating a user via the admin client? I would like to keep the wording separate for password reset and email validation. In our solution self-registration is used at minimum and most users will have an account created by an admin user for which the users should receive an invite/verification email.
1 Like
I have met the two requirements you specified but still no email is sent on creating a user. I’m using KC 23.0.1.
Reading the hint it says “Require an action when the user logs in.”. Do you have a flow where the user is sent an email on creation?
As dansiko wrote, you can tell Keycloak to send an email after user has been created.
This can be done by using
PUT /{realm}/users/{id}/execute-actions-email
But consider that actions are time limited, so it makes more sense if they are initiated by the user.
Unless you want to have a long action time.
1 Like
My team implemented user signup via Admin REST calls. Basically when our backend will create the user in KC, besides the user creation call, we will do a second API request to Keycloak to trigger reset credentials and add some actions to that operation: set first name and last name, configure MFA OTP etc. By having Keycloak SMTP configuration done correctly, we are able to receive email from Keycloak, like @dasniko pointed out.