[keycloak-user] Extend keycloak notifications

Dmitry Telegin dt at acutus.pro
Mon Nov 12 18:20:27 EST 2018 

Hello David,

Just FYI, you can reach Keycloak developers via keycloak-dev mailing list; this one is more like a community of independent Keycloak experts. Being a proud member thereof, I'll put in my two cents with great pleasure :) see answers inline.

TL;DR: the feature seems interesting, but I highly doubt it will be ever made a part of Keycloak. However, you can implement everything as a Keycloak extension (and that's what we love about Keycloak).

On Mon, 2018-11-12 at 22:55 +0100, David Monichi wrote:
> Hi,
> 
> I'm considering to create a new application and for sure I'll use 
> keycloak as user backend. It's really cool stuff what you guys created.
> 
> I thought about various solutions for notifications of my application 
> and was wondering if you guys already thought about to extend your 
> e-mail notification to a more general and flexible system. So that not 
> only keycloak e-mails will be sent over keycloak but also other 
> applications e-mails and even more notifications can be send over 
> keycloak (I'm thinking here of SMS, etc.). Therefore applications would 
> need to upload any kind of templates to keycloak and somehow be able to 
> manage them. There are 2 reasons for such a step. First of all keycloak 
> already provides such basic functionality to sent notifications and so 
> extending it could be done with lower overhead. Second, keycloak already 
> owns the recipient data, if applications manage users over keycloak.

I'd also add that Keycloak already integrates the Freemarker template engine, which is used to generate emails (along with login forms and the account UI).

> As additional feature of course a proper monitoring should be placed in 
> such a feature, since notifications are really vital to modern applications.

Could you please elaborate what exactly you need to monitor?

> We would be able to provide programming resources for such a feature but 
> of course working together, specially for the design phase, with you guys.
> 
> The alternative would be to provide a different notification system and 
> forward keycloak e-mails to that service (actually the event to sent a 
> notification). Don't know if this actually is the way to go ...
> 
> 
> My motivation for such a feature is, that a single application should be 
> responsible for sending notifications of any kind and not be widespread 
> over various applications.
> 
> Any ideas welcome ;) Eventually I overlooked something in my design ...

My experience says that features like that rarely get incorporated into mainline Keycloak; the necessary (but not sufficient) condition is that you should be able to maintain this feature in the future.

However, you can use Keycloak extension points (called Providers [1] in Keycloak's terms) to implement what you want.

Here's my take on the outline of the solution:
- implement EntityProvider [2] (custom JPA entity + DB table) to store templates;
- implement RealmResourceProvider [3] (custom REST resource) for CRUD-style template management by the applications;
- implement another one to trigger notification (and potentially track its status);
- implement the actual notification code, i.e. retrieving the template, processing it with Freemarker and queueing it for delivery;
- most likely, you will need a persistent queue to store pending notifications. For that, you can employ Keycloak's built-in ActiveMQ Artemis message broker;
- optionally, integrate your system with Keycloak internal events, so that the latter could trigger your application-managed notifications.

For the reference, I'd recommend the official keycloak examples [4] and my own BeerCloak project [5].

Good luck, and feel free to ask any questions :)

Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

[1] https://www.keycloak.org/docs/latest/server_development/index.html#_providers
[2] https://www.keycloak.org/docs/latest/server_development/index.html#_extensions_jpa
[3] https://www.keycloak.org/docs/latest/server_development/index.html#_extensions_rest
[4] https://github.com/keycloak/keycloak/tree/master/examples/providers
[5] https://github.com/dteleguin/beercloak

> 
> 
> Thx in advance for all your thoughts & all the best
> 
> /david
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list