[keycloak-dev] E-Mail handling in Keycloak

Thomas Darimont thomas.darimont at googlemail.com
Thu Jan 5 05:46:36 EST 2017


Okay, PR is on the way for "display name" support and ReplyoTo Email
address.

The EnvelopeFrom example was just to show you the possibilities. For a
start one could just allow to specify a fixed
realm-specific bounce address. Will send a PR for that as well.

Cheers,
Thomas

2017-01-05 11:31 GMT+01:00 Stian Thorgersen <sthorger at redhat.com>:

> The from and replyTo makes sense, but not sure the envelopeFrom makes
> sense. I'm sure it works for you, but it sounds very specific to your use
> case and not something that would be generic enough to include out of the
> box.
>
> On 5 January 2017 at 10:30, Thomas Darimont <thomas.darimont at googlemail.
> com> wrote:
>
>> I did look for a JIRA Issue but couldn't find one.
>> There was one issue about being able to set custom smtp-headers:
>> https://issues.jboss.org/browse/KEYCLOAK-3605
>>
>> @1) yes I'll send a PR ;-)
>>
>> @2) The idea is to add a user specific bounce address to every email sent
>> out by keycloak.
>> So if an admin sends an email to a user with a non-existing email one
>> would get a bounce from the particular email-provider.
>> After some time the e-mail provider will sent a bounce mail to the
>> address that was mentioned in the
>> MAIL FROM, or to be more specific in the smtp.mailfrom SMTP-header header.
>>
>> Those emails can now be collected in a central inbox. The e-mails contain
>> the previously set
>> bounce email address with some additional information like service,
>> realm, userId, e.g.:
>> smtp.mailfrom=bounces+sso_acme-test_0b21aecc-4145-464f-86fa-
>> 719559b08869 at example.org
>>
>> This information can now be used to lookup the user with the bad email
>> address and flag the user
>> or even require the user to enter a new e-mail.
>>
>> One could also use a similar trick to encode some additional information
>> like (user realm, user-d) into the
>> custom reply-to address.
>> Based on a generic Help Desk address like helpdesk at example.org one could
>> generate a user specific address like:
>> helpdesk+sso_realm-name_user-id at example.org
>>
>> A CRM application could now lookup the user by it's user-id to add
>> additional information to the helpdesk ticket.
>>
>> The following Java program demonstrates the usage of JavMail with SMTP
>> Envelope From.
>> See the attached image for how this will look for the end-user in gmail.
>>
>> import java.util.Properties;
>>
>> import javax.mail.Message.RecipientType;
>> import javax.mail.Session;
>> import javax.mail.Transport;
>> import javax.mail.internet.InternetAddress;
>>
>> import com.sun.mail.smtp.SMTPMessage;
>>
>> public class JavaMailSmtpBounceExample {
>>
>>     public static void main(String[] args) throws Exception {
>>
>>         Properties properties = new Properties();
>>         properties.put("mail.smtp.auth", "false");
>>         properties.put("mail.smtp.host", "smtp4server");
>>         properties.put("mail.smtp.port", "25");
>>
>>         Session session = Session.getInstance(properties);
>>         SMTPMessage smtpMessage = new SMTPMessage(session);
>>         smtpMessage.setContent("Hello World", "text/plain");
>>         smtpMessage.setSubject("Test Mail " + System.currentTimeMillis());
>>
>>         String userDisplayName = "Thomas Darimont";
>>         String userId = "0b21aecc-4145-464f-86fa-719559b08869";
>>         String userEmail = "thomas.darimont at gmail.com";
>>
>>         String realmDisplayName = "acme SSO (test)";
>>         String realmName = "acme-test";
>>         String replyToDisplayName = "Help Desk";
>>         String replyToEmailLocalPart = "helpdesk";
>>         String realmFromEmailLocalPart = "no-reply";
>>         String serviceDomain = "example.org";
>>
>>         String to = String.format("\"%s\"<%s>", userDisplayName,
>> userEmail);
>>         String from = String.format("\"%s\"<%s@%s>", realmDisplayName,
>> realmFromEmailLocalPart,
>>                 serviceDomain);
>>         String envelopeFrom = String.format("bounces+sso_%s_%s@%s",
>> realmName, userId,
>>                 serviceDomain);
>>         String replyTo = String.format("\"%s\"<%s@%s>",
>> replyToDisplayName,
>>                 replyToEmailLocalPart, serviceDomain);
>>
>>         System.out.printf("to: %s%n", to);
>>         System.out.printf("from: %s%n", from);
>>         System.out.printf("envelopeFrom: %s%n", envelopeFrom);
>>         System.out.printf("replyTo: %s%n", replyTo);
>>
>>         smtpMessage.addRecipient(RecipientType.TO,
>> InternetAddress.parse(to)[0]);
>>         smtpMessage.setReplyTo(InternetAddress.parse(replyTo));
>>         smtpMessage.setFrom(InternetAddress.parse(from)[0]);
>>         smtpMessage.setEnvelopeFrom(envelopeFrom);
>>
>>         Transport.send(smtpMessage);
>>     }
>> }
>>
>> Output:
>>
>> to: "Thomas Darimont"<thomas.darimont at gmail.com>
>> from: "acme SSO (test)"<no-reply at example.org>
>> envelopeFrom: bounces+sso_acme-test_0b21aecc-4145-464f-86fa-719559b08869@
>> example.org
>> replyTo: "Help Desk"<helpdesk at example.org>
>>
>> The email
>> smtp.mailfrom=bounces+sso_acme-test_0b21aecc-4145-464f-86fa-
>> 719559b08869 at example.org
>>
>>
>>
>>
>>
>>
>> 2017-01-05 9:44 GMT+01:00 Stian Thorgersen <sthorger at redhat.com>:
>>
>>>
>>>
>>> On 5 January 2017 at 09:21, Thomas Darimont <
>>> thomas.darimont at googlemail.com> wrote:
>>>
>>>> Hello group,
>>>>
>>>> currently Keycloak allows to configure the "from" address per realm
>>>> which
>>>> all emails sent from that particular realm use.
>>>>
>>>> Often a generic address like no-reply at mycorp.com or a realm specific
>>>> address like
>>>> no-reply-myrealm at mycorp.com is used as "from" address.
>>>>
>>>> It would be nice if one would have more options here like:
>>>>
>>>> 1) Use the realm name or a custom string as the display name for the
>>>> "from"
>>>> Address
>>>>    Display Name<actual-address at mycorp.com>
>>>>    e.g.: "MyCorp SSO"<no-reply at mycorp.com>
>>>>            "MyCorp Helpdesk"<helpdesk at mycorp.com>
>>>>
>>>
>>> We had someone request that in the past and I think there's a issue
>>> already open for it. If not then you can create one. Would it come with a
>>> PR ;)?
>>>
>>>
>>>>
>>>> 2) Allow to specify a Bounce Address (MAIL FROM) with some place-holders
>>>> (user-id, realm-id)
>>>>    e.g.: sso-bounces+${realm-id}_${user-id}@mycorp.com
>>>>   This is especially useful when integrating with legacy user stores
>>>> with
>>>> unreliable e-mail addresses.
>>>>
>>>
>>> Can you explain this a bit more as I don't understand this
>>>
>>>
>>>>
>>>> Shall I create JIRA issues for that?
>>>>
>>>> Cheers,
>>>> Thomas
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>>>
>>
>


More information about the keycloak-dev mailing list