Re: [keycloak-user] Password update confirmation received twice

[Alexander Schwartz]

Hi Alexander,

This sounds like a bug. Please create a GitHub issue for that, and also specify the version you used, and all steps to reproduce it. It would be interest if this happens only after localization was enabled.

Best,

Alexander

On Mon, Feb 24, 2025 at 2:57 PM Alexander Chriztopher <alexander....@gmail.com> wrote:

Hi,

My realm is configured with a french locale and so is my user. After asking for a password reset a get one email with the link to change my password (so far so good). Now after changing the password successfully i get sent 2 emails : one in french and one in english that basically say the same thing. This is the english message contents : Your password credential was changed on (the date) from (the ip). If this was not you, please contact an administrator.

Does anyone know why i get all the emails in french (expected behaviour) but only for this one i get an additional mail in english ?

Thanks for any help on this.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/keycloak-user/ff5cbd44-15c3-486f-8b38-8989c0dd4e5en%40googlegroups.com.

--

Alexander Schwartz, RHCE

He/Him

Principal Software Engineer, Keycloak Maintainer

Red Hat - Germany remote

asch...@redhat.com   

Red Hat GmbH, Registered seat: Werner von Siemens Ring 12, D-85630 Grasbrunn, Germany 
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross

[Alexander Chriztopher]

Hi Alexander and thanks for you reply.

Actually i found the reason.

It is because the new credential update events are running along the old ones hence the duplicate notification. The solution to this is to tell Keycloak to ignore the old event by setting the option : --spi-events-listener-email-exclude-events=UPDATE_PASSWORD (for anyone using the delete events, i think it will also need to be set to be excluded).

The other point was that i was receiving the duplicate email in English and not in French. I found out that it was because there was no messages keys for the new events in French and as soon as i set them it worked like a charm. I unfortunately had to give up on telling my users which credential type was updated with the time and the IP address as the credential type is not translated yet from English to other languages. Found this issue but it was closed unfortunately : https://github.com/keycloak/keycloak/issues/32685. By the way when i just got rid of the credential type and tried to keep the date and IP i got weird things happening with the display of the placeholder for the IP like this : {2} which led me to remove them all (it needs the 3 placeholders or nothing).

Thanks guys for the work you are doing on Keycloak.

[Vitalii Ishchenko]

It seems that this is still an issue

UPDATE_PASSWORD, REMOVE_TOTP and UPDATE_TOTP events are marked as deprecated and the UPDATE_CREDENTIAL, REMOVE_CREDENTIAL are their counterparts

but deprecated events are still present in default list for EmailEventListenerProviderFactory as well as the new.

Any reason why are they are still in the default list?