Keycloak 'Forgot Password' action is using the user's email when setup with SES

Keycloak is using the user.emailAddress for the sender and not the configured sender.

I am running the Keycloak docker image (11.0) and have configured it to send email using an AWS SES SMTP user. When i tested the connection, using the gui, i was given the error from SES about email address is not verified. I went into SES and verified it, but at this point it is already an issue. I moved forward to test/repeat it for a user i had already created with a Forgot Password action.

This is the log result: (edited down)
00:05:38,634 WARN [org.keycloak.events] (default task-8) type=SEND_RESET_PASSWORD_ERROR, realmId=xxx, clientId=xxxx, userId=c250ddb5-bcc8-47ca-91d9-9fb8eecd448d, ipAddress=xxxx, error=email_send_failed, auth_method=openid-connect, auth_type=code, redirect_uri=xxx, code_id=a333b9ef-376f-4355-b378-91e4b515d734, username=josh.schumacher@gmail.com, authSessionParentId=a333b9ef-376f-4355-b378-91e4b515d734, authSessionTabId=nk6RT2D2vc4
00:05:38,634 ERROR [org.keycloak.services] (default task-8) KC-SERVICES0026: Failed to send password reset email: org.keycloak.email.EmailException: com.sun.mail.smtp.SMTPSendFailedException: 554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-2: josh.schumacher@gmail.com

at org.keycloak.keycloak-services@11.0.0//org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:153)

[…]

So, SES is getting the smtp message from Keycloak, but the sender is the TO address and KC isn’t using the configured from address that i’ve setup using the admin console.

Any thoughts on solving this?

Hello, have you managed to solve it? We have the same exact bug

I don’t think this is a Keycloak problem. Try: