5:20 p.m.
Hello David,
Just FYI, you can reach Keycloak developers via keycloak-dev mailing list; this one is
more like a community of independent Keycloak experts. Being a proud member thereof,
I'll put in my two cents with great pleasure :) see answers inline.
TL;DR: the feature seems interesting, but I highly doubt it will be ever made a part of
Keycloak. However, you can implement everything as a Keycloak extension (and that's
what we love about Keycloak).
On Mon, 2018-11-12 at 22:55 +0100, David Monichi wrote:
Hi,
I'm considering to create a new application and for sure I'll use
keycloak as user backend. It's really cool stuff what you guys created.
I thought about various solutions for notifications of my application
and was wondering if you guys already thought about to extend your
e-mail notification to a more general and flexible system. So that not
only keycloak e-mails will be sent over keycloak but also other
applications e-mails and even more notifications can be send over
keycloak (I'm thinking here of SMS, etc.). Therefore applications would
need to upload any kind of templates to keycloak and somehow be able to
manage them. There are 2 reasons for such a step. First of all keycloak
already provides such basic functionality to sent notifications and so
extending it could be done with lower overhead. Second, keycloak already
owns the recipient data, if applications manage users over keycloak.
I'd also add that Keycloak already integrates the Freemarker template engine, which is
used to generate emails (along with login forms and the account UI).
As additional feature of course a proper monitoring should be placed
in
such a feature, since notifications are really vital to modern applications.
Could you please elaborate what exactly you need to monitor?
We would be able to provide programming resources for such a feature
but
of course working together, specially for the design phase, with you guys.
The alternative would be to provide a different notification system and
forward keycloak e-mails to that service (actually the event to sent a
notification). Don't know if this actually is the way to go ...
My motivation for such a feature is, that a single application should be
responsible for sending notifications of any kind and not be widespread
over various applications.
Any ideas welcome ;) Eventually I overlooked something in my design ...
My experience says that features like that rarely get incorporated into mainline Keycloak;
the necessary (but not sufficient) condition is that you should be able to maintain this
feature in the future.
However, you can use Keycloak extension points (called Providers [1] in Keycloak's
terms) to implement what you want.
Here's my take on the outline of the solution:
- implement EntityProvider [2] (custom JPA entity + DB table) to store templates;
- implement RealmResourceProvider [3] (custom REST resource) for CRUD-style template
management by the applications;
- implement another one to trigger notification (and potentially track its status);
- implement the actual notification code, i.e. retrieving the template, processing it with
Freemarker and queueing it for delivery;
- most likely, you will need a persistent queue to store pending notifications. For that,
you can employ Keycloak's built-in ActiveMQ Artemis message broker;
- optionally, integrate your system with Keycloak internal events, so that the latter
could trigger your application-managed notifications.
For the reference, I'd recommend the official keycloak examples [4] and my own
BeerCloak project [5].
Good luck, and feel free to ask any questions :)
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
[1] https://www.keycloak.org/docs/latest/server_development/index.html#_provi...
[2] https://www.keycloak.org/docs/latest/server_development/index.html#_exten...
[3] https://www.keycloak.org/docs/latest/server_development/index.html#_exten...
[4] https://github.com/keycloak/keycloak/tree/master/examples/providers
[5] https://github.com/dteleguin/beercloak
Thx in advance for all your thoughts & all the best
/david
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user