Send notification for failed login

Hi guys,
Is it possible to set an option to be notified for failed login or password reset? I would like to give the user the option to receive this notification, and of course, send this notification.

1 Like

You have to enable/use the email-event-listener in your realm. Then the mails will be sent.

1 Like

I can’t receive any email. Login error event is stored but not triggered(maybe) email sent action. In addition to that the user has a verified email address and smtp test successful.
@dasniko Could you please show me the misconfiguration? How can i trace the problem?


Thanks

FYI @canyaman I tested it working on 11.0.3 and 12.0.2. Same setup (user has a verified email address and smtp test successful). Can you double check that the user you are trying to log in with has “Email Verified” = “ON”?

@xgp I think that is OK. Should I do something else to verify email address?

@canyaman That looks good. I did a test that tried to replicate your setup, and the email went through on failed login.

For your mail server, are you using some kind of debug setup that catches all emails (e.g. mailtrap), or are you expecting the email to that address to actually get delivered? Is there an error in sending the message in the logs, or does it just fail silently?

I’m using my own email address(user mail address) for testing and gmail for smtp server. I can get the test email.
From console logs, the login errors are shown but nothing about sending mail.

How can I trace keycloak email events? Is there any proper methods?
I’m using keycloak openshift operator image 12.0.1

I don’t know specifically for the keycloak openshift operator image.

Since you also have the jboss-logging event listener turned on, do you see the event in your logs? it should look like this:

12:45:19,806 WARN  [org.keycloak.events] type=LOGIN_ERROR, realmId=foo-test, clientId=account, userId=bb2d0284-dd97-485e-9296-32e760498104, ipAddress=127.0.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://localhost:8080/auth/realms/foo-test/account/login-redirect, code_id=49537647-5210-48c7-9312-714d6fe0167b, username=user1, authSessionParentId=49537647-5210-48c7-9312-714d6fe0167b, authSessionTabId=MrsPEz_HrAk

I’m wondering if the event listeners are not firing for some reason.

Also, just to clarify, you’re using the same email address for the admin account you’re using to send the test email, and the user account you’re using to test a login error? The email event listeners sends to the email address of the user trying to log in, not to an email address you have set up for an admin account. I saw that confusion come up on the mailing list, so I just wanted to reiterate.

Hi! I am getting the same error as @canyaman; no email sent on login failure event. Even a tcpdump on the server shows that there is no connection try to my mail server.

Of course email is working fine (password reset, test message…) and I see the events in the server.log file as in the GUI.

1 Like

Hi!

Same issue here with two Docker/Kubernetes installations. Could this be a problem of the docker image?

Using quay.io/keycloak/keycloak, latest version (12.0.4).

Florian

Opened an issue for this: https://issues.redhat.com/browse/KEYCLOAK-17745

Hi,

at least in my case the notifications started to work after an upgrade to KeyCloak 13.0.0 docker container (on two different installations).

Flo

1 Like