Keycloak not sending email on new User Registration
I'm on a Mac, and I'm trying to get Keycloak 24.0.2 (running as a Docker container) to send emails as part of User Registration. I have Mailhog running locally and I have configured Keycloak to send emails to it, and have successfully tested that connection:
So I know Keycloak can send email to Mailhog.
In the Keycloak Realm Settings >> Login tab, I enable User Registration:
When I open my app and go to an authenticated page, it correctly redirects me to the Keycloak Login screen, and I can now see a Register link at the bottom:
So far, so good. I click "Register" and proceed to fill out the Registration form:
I click "Register" and I am correctly redirected back into my app.
In Keycloak, I see the new user registration event:
When I click into the REGISTER event, I see the new user that was created:
However, when I refresh my screen in Mailhog, I see no emails were sent. Furthermore, if I look at the Keycloak logs (vid docker logs) I see no log output, errors, etc.
Is there anything I need to do to configure Keycloak to send emails when a new user registers? Did I forget any steps at all? If not, can anyone spot where I'm going awry, or lend ideas for troubleshooting?
I got this working, after reaching out to the Keycloak team on Slack, who provided excellent support!
I had forgotten to enable Verify email under Realm Settings >> Email Settings.
So that takes care of sending emails when the user self-registers.
To get email sending working when an Admin creates a new user in the Keycloak admin console/UI, it was a bit trickier, but I got it working as well:
- Create a new user and make sure to select Verify email from the
Required user actionsdropdown - Immediately add a password (temporary or permanent, makes no difference) under the users
Credentialstab - In your client app, go to sign in as that user (with the new password you just created for them)
- The system will now send an email to that user, requiring them to verify their email before allowing them access into the app
I'm not in love with that work flow, because it requries the admin to send the user their temp/permanent password somehow prior to them logging in for the first time. But with Keycloak's REST API I believe I will find a way to use the same endpoints under the hood but to create a more UX-focused, homegrown "invite new user" feature.
- Authenticate FastAPI with clientid/clientsecret
- Keycloak 18 in Gitlab Service sometimes does not load realm (without error)
- Disabling authenticator, sessions, applications, log and my resources options from the Account Management Console in KeyCloak
- Mapping user groups to JWT in keycloak maps realm roles instead
- Is it possible to disable HTTP for a Keycloak instance in Azure Container Apps?
- Keycloak, not returning access token if update password action selected
- Keycloak-js updateToken(minValidity) needs clarifications
- "Correlation failed." after upgrading 'Microsoft.IdentityModel.JsonWebTokens' and 'System.IdentityModel.Tokens.Jwt'
- StackOverflow with Keycloak as login provider returns empty email address
- Redirect from java app in docker container to the keyCloak
- How can I know the Keycloak version?
- Export users and roles from Keycloak
- Keycloak move from 23.0 to 24.0: Account is not fully set up [invalid_grant]
- Using a Database as Provider for Keycloak Application Realm
- Keycloak Custom Registration Flow Fails with "KC-SERVICES0013: Failed authentication: java.lang.NullPointerException" Error
- Role based authorization using Keycloak and .NET core
- Globally disable https keycloak
- Use Keycloak Spring Adapter with Spring Boot 3
- KeyCloak Login leads to infinite loop
- How can I get userId after call create user api in keycloak?
- How to add custom metrics to Keycloak 22 with Quarkus and MicroMeter
- Keycloak - Assign a client scope to user with a specific role
- How to save the keycloak data when running inside docker container?
- Keycloak error on console " violating Content Security Policy directive: "frame-ancestors 'self'"
- angular-oauth2-oidc with Keycloak Auth Code Flow Access Token Request is not sent
- Getting Keycloak's public key
- Keycloak with AzureAD how to change the IDP user ID / IDP Links
- Keycloak providers' better technique of registering entity listener
- Logout from next-auth with keycloak provider not works
- RESTEASY003145: Unable to find a MessageBodyReader of content-type application/json and type class org.keycloak.representations.AccessTokenResponse