Search code examples
emailkuberneteskeycloak

Use variable in Keycloak email subject

My current setup

  • Keycloak v24.0.5 installed from Bitnami
  • Kubernetes v1.30.0

Things that work

I needed to include Keycloak username in email body. For that I created my custom theme and added it to /opt/bitnami/keycloak/themes/. I used Dockerfile to make it work

FROM docker.io/bitnami/keycloak:24.0.5-debian-12-r1

USER root

COPY my-custom-theme /opt/bitnami/keycloak/themes/my-custom-theme

USER 1001

Keycloak event-update_password.ftl file modification

<#ftl output_format="plainText">
${msg("eventUpdatePasswordBody",user.getUsername(), event.date, event.ipAddress)}

Keycloak messages_en.properties file modification

eventUpdatePasswordBody=Dear {0} your password was changed on {1} from {2}. If this was not you, please contact an administrator.
eventUpdatePasswordBodyHtml=<p>Dear {0} your password was changed on {1} from {2}. If this was not you, please contact an administrator.</p>

This part is working perfectly fine since I can access username with {0} in email body.

Things that don't work

Next step for me was trying the same approach to put username in email subject with following configuration in messages_en.properties

eventUpdatePasswordSubject=Update password {0}

Apparently this method is not working in subject since I am receiving emails with title like

enter image description here

Summary

Do I miss something or such usage is not even possible with email template? In messages_en.properties file I see identityProviderLinkSubject=Link {0} which looks like valid configuration and work as expected.

Solution

  • If you look into Keycloak source code, the line that triggers the sending of the email with subject eventUpdatePasswordSubject is:

    send(toCamelCase(event.getType()) + "Subject", "event-" + event.getType().toString().toLowerCase() + ".ftl", attributes);

    Compare that line with the line that triggers identityProviderLinkSubject, which is:

    send("identityProviderLinkSubject", subjectAttrs, "identity-provider-link.ftl", attributes);

    As you can see, the line for an event email does not pass any attributes to be included into the subject line, hence it is not possible to inject any variable values into the subject line out of the box.

    You can however embark on a journey to create a provider to extend Keycloak using its SPI facility to add special handling for eventUpdatePasswordSubject. You may start your journey by referring to Keycloak Server Developer Guide and search the net for guides and samples.