Tenant Wise Configurations of Email Sender for email notifications In WSO2 Identity Server 5.7
The notification email sending related details such as sender, SMTP server details are currently configured in
<IS_HOME>/repository/conf/output-event-adapters.xml[1]
This includes configurations such as
mail.smtp.from -Provide the email address of the SMTP account.
Example: abcd@gmail.com
mail.smtp.user-Provide the username of the SMTP account.
Example: abcd
mail.smtp.password-Provide the password of the SMTP account.
Let say you have several organizations and each organization is considered as a tenant in the Identity Server domain. Each organization or the tenant will have its own user stores and users. These users will receive notifications from the identity server. But these notifications should have the from email address as the email address that specifies the tenant that they belong to. In this kind of scenario, out of the box, we cannot achieve this in Identity Server.
to achieve this global configuration in output-event-adapters.xml should be able to customizable at the tenant level. So that the tenants can send out emails providing their own email addresses as the email properties. Which means tenants should have the capability to handle the connection with an SMTP server using its own tenant wise configuration.
As currently, these features are not available you can use the following method to achieve this.
I have extended the EmailEventAdapterFactory which is responsible for creating the adapters that create connections. These connections and adapters are created as tenant wisely. You can find a detailed description of architecture in [8][9].
In the adapter factory when creating the adapter you can specify what are the adapter configurations that need to be given for this adapter. These configurations will be used in the adapter for creating the SMTP connections.
Here you can see that [7]. When creating the adapter you can specify what configuration each tenant should use to create its adapter. This is given as a propertiesMap. It will override the output-event-adapter.xml global configurations.
After hardcoding the required configurations you can build the jar file using
mvn clean install
Please use the repository attached here.[9] This built jar file will be used in the step 3 below.
Follow the following steps to achieve this.
- Download WSO2 IS-5.7.0 From [2] or [3]
- Get the jar file created at the beginning using the repo.
- Put the above-downloaded jar file to {IS-HOME}/repository/components/dropins
- Download the jar file attached in [5].
- Apply the above-downloaded jar file as a patch to the identity server.[6]
- Open {IS-HOME}/repository/conf/output-event-adapters.xml
- Add following under <outputEventAdaptersConfig>
<adapterConfig type=”email1">
<! — Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
based authentication rather username/password authentication →
<property key=”mail.smtp.from”>iamwso2@gmail.com</property>
<property key=”mail.smtp.user”>iamwso2</property>
<property key=”mail.smtp.password”>iamwso2</property>
<property key=”mail.smtp.host”>smtp.gmail.com</property>
<property key=”mail.smtp.port”>587</property>
<property key=”mail.smtp.starttls.enable”>true</property>
<property key=”mail.smtp.auth”>true</property>
<! — Thread Pool Related Properties →
<property key=”minThread”>8</property>
<property key=”maxThread”>100</property>
<property key=”keepAliveTimeInMillis”>20000</property>
<property key=”jobQueueSize”>10000</property>
</adapterConfig>
<adapterConfig type=”email”>
<! — Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
based authentication rather username/password authentication →
<property key=”mail.smtp.from”>iamwso2is@gmail.com</property>
<property key=”mail.smtp.user”>iamwso2is</property>
<property key=”mail.smtp.password”>iamwso2</property>
<property key=”mail.smtp.host”>smtp.gmail.com</property>
<property key=”mail.smtp.port”>587</property>
<property key=”mail.smtp.starttls.enable”>true</property>
<property key=”mail.smtp.auth”>true</property>
<! — Thread Pool Related Properties →
<property key=”minThread”>8</property>
<property key=”maxThread”>100</property>
<property key=”keepAliveTimeInMillis”>20000</property>
<property key=”jobQueueSize”>10000</property>
</adapterConfig>
8. Use the Relevant SMTP server configurations as per your requirement. <adapterConfig type=”email1"> will be defining the global configurations that has mentioned earlier. You can provide anything for <adapterConfig type=”email”> as those configurations will not be used by the code by there must be an adapter config type named email.
9. In {ISHOME}/repository/deployment/server/eventpublishers/EventPublisher.xml , Change
<to eventAdapterType=”email”>
To
<to eventAdapterType=”email1">
10. In {IS-HOME}/repository/tenants/{tenant id}/eventpublishers/EventPublisher.xml
Change
<to eventAdapterType=”email”>
To
<to eventAdapterType=”email1">
11. Configure any email based notification for a tenant.[1]
12. Try a notification sending flow and check whether email is sent from the correct sender hardcorded.
Hope this helps. I have tested this solution for IS-5.7. This might be also compatible with IS-5.8. If not please check with the dependecies I have added in the pom file[9]. Please let me know if there are any concerns in the comments section.
[1].https://docs.wso2.com/display/IS50/Creating+Users+using+the+Ask+Password+Option
[2]. https://wso2.com/identity-and-access-management/previous-releases/
[3].https://github.com/wso2/product-is/releases
[4].https://drive.google.com/file/d/1S_XGAa8B44Irf8xyPEs6MhnVSs-Q3Sw_/view?usp=sharing
[5].https://drive.google.com/file/d/1rIHJhemnq2XmJcepRCLXRmY7ebjP5sMB/view?usp=sharing
[6].https://docs.wso2.com/display/ADMIN44x/WSO2+Patch+Application+Process
[8]. http://mail.wso2.org/mailarchive/architecture/2019-September/032587.html
[9]. http://mail.wso2.org/mailarchive/architecture/2019-September/032588.html
[9]. https://github.com/Buddhimah/multitenant-event-output-adapter-email
