Setting mail server in wso2 identity server 5.3

I am getting crazy in setting email server for password recovery.

I have followed password recovery guide 1. When I try to recover the password the GUI informs me that the email has been sent correctly but on the logs I find the following exception:

[2017-03-08 09:24:42,913] ERROR -  Event dropped at Output Adapter 'EmailPublish
er' for tenant id '-1234', Error in message format, null {org.wso2.carbon.event.
output.adapter.email.EmailEventAdapter}
javax.mail.AuthenticationFailedException
        at javax.mail.Service.connect(Service.java:306)
        at javax.mail.Service.connect(Service.java:156)
        at javax.mail.Service.connect(Service.java:105)
        at javax.mail.Transport.send0(Transport.java:168)
        at javax.mail.Transport.send(Transport.java:98)
        at org.wso2.carbon.event.output.adapter.email.EmailEventAdapter$EmailSen
der.run(EmailEventAdapter.java:306)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:51
1)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:617)
        at java.lang.Thread.run(Thread.java:745)

I have done many temptatives. I have included in wso2is-5.3.0\repository\conf\axis2.xml a configuration for gmail. Then I have tried with a configuration for our enterpise server. Finally I wrote a java program to check eventual network configuration problems and I was able to send email both with gmail and with our internal email server. Please find here the two configurations that I tried: GMAIL

 <transportSender name="mailto"
                     class="org.apache.axis2.transport.mail.MailTransportSender">
        <parameter name="mail.smtp.from">********@gmail.com</parameter>
        <parameter name="mail.smtp.user">********</parameter>
        <parameter name="mail.smtp.password">********</parameter>
        <parameter name="mail.smtp.host">smtp.gmail.com</parameter>
        <parameter name="mail.smtp.port">587</parameter>
        <parameter name="mail.smtp.starttls.enable">true</parameter>
        <parameter name="mail.smtp.auth">true</parameter>
</transportSender>

I have already set in gmail the security setting related to accept "less secure clients" and I am able to exploit the gmail account with another framework (jasper report).

Enterprise Email Server

<transportSender name="mailto"
                     class="org.apache.axis2.transport.mail.MailTransportSender">
        <parameter name="mail.smtp.from">*********</parameter>
        <parameter name="mail.smtp.user">********</parameter>
        <parameter name="mail.smtp.password">*********</parameter>
        <parameter name="mail.smtp.host">mailer.******.it</parameter>
        <parameter name="mail.smtp.port">25</parameter>
        <parameter name="mail.smtp.starttls.enable">false</parameter>
        <parameter name="mail.smtp.auth">true</parameter>
    </transportSender>

Thanks in advance.. - Giovanni (A poor developer :-))


In order to enable WSO2IS to send recovery password email in response to the the user actions on the dashboard ("forgot password" link on the login page) the file to edit with the mail server parameter is output-event-adapters.xml inside the repository/conf folder.

Configuring Email OTP - Identity Server 5.3.0, The configuration differs based on the type of notifications you want to send to mail.smtp.port - The SMTP server port to connect to, if the connect() to confirm user registrations or notification for password reset WSO2 IS. Follow the steps given below to update the user's email address. Return to the WSO2 Identity Server Management Console home screen. Click List under Add under Main > Identity > Users and Roles. Click Users. Click User Profile under Admin. Update the email address. Click Update. [Back to Top] Configure the user claims


IIRC I solved same issue by adding same mail config to axis2_client.xml as well inside same section. Hope that helps. :)

Enabling Notifications for User Operations, Adding an email template type. Log in to the WSO2 Identity Server management console. Navigate to the Main  Note that localhost is the server the default WSO2 Identity Server host and 9443 is the default SSL port. In o rder to access the admin services you need have the values in step 5 and 6. Since playground application is accessing the admin service OAuth2TokenValidationService, you should have the correct serverUrl,username and password as


From WSO2 Identity Server 5.3.0 onwards, In order to send emails, We need to update the output-event-adapters.xml file located in wso2is-5.3.0/repository/conf directory as below. Once you update it and when you have configured the Gmail account to accept less secure clients, It should work

<adapterConfig type="email">
    <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
    based authentication rather username/password authentication -->
    <property key="mail.smtp.from">abcd@gmail.com</property>
    <property key="mail.smtp.user">abcd</property>
    <property key="mail.smtp.password">xxxx</property>
    <property key="mail.smtp.host">smtp.gmail.com</property>
    <property key="mail.smtp.port">587</property>
    <property key="mail.smtp.starttls.enable">true</property>
    <property key="mail.smtp.auth">true</property>
    <!-- Thread Pool Related Properties -->
    <property key="minThread">8</property>
    <property key="maxThread">100</property>
    <property key="keepAliveTimeInMillis">20000</property>
    <property key="jobQueueSize">10000</property>
</adapterConfig>

Customizing Automated Emails - Identity Server 5.3.0, So, before using the email username we need to configure the WSO2 products to differentiate between the '@' symbol in the user's emails and  Configuring the Email Sending Module¶. This document explains the steps to configure WSO2 Identity Server to send emails during multiple email related identity and access management tasks such as email OTP, email notifications, account recovery.


In webfaction with this configuration it works, using the smtp of webfaction:

conf/axis2/axis2.xml

<transportSender name="mailto"
                 class="org.apache.axis2.transport.mail.MailTransportSender">
    <parameter name="mail.from">xxxx@xxx.com</parameter>
    <parameter name="mail.smtp.from">xxxx@xxx.com</parameter>
    <parameter name="mail.smtp.submitter">xxxx@xxx.com</parameter>
    <parameter name="mail.transport.protocol">smtp</parameter>
    <parameter name="mail.smtp.user">yyyy</parameter>
    <parameter name="password">zzzzzz</parameter>
    <parameter name="mail.smtp.host">smtp.webfaction.com</parameter>

    <parameter name="mail.smtp.port">25</parameter>
    <parameter name="mail.smtp.auth">true</parameter>
</transportSender>

conf/output-event-adapters.xml

<adapterConfig type="email">
    <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
    based authentication rather username/password authentication -->
    <property key="mail.from">xxxx@xxx.com</property>
    <property key="mail.smtp.from">xxxx@xxx.com</property>
    <property key="mail.smtp.submitter">xxxx@xxx.com</property>
    <property key="mail.smtp.user">yyyy</property>
    <property key="mail.smtp.password">zzzzz</property>
    <property key="mail.smtp.host">smtp.webfaction.com</property>
    <property key="mail.smtp.port">25</property>
    <property key="mail.smtp.auth">true</property>
    <property key="mail.transport.protocol">smtp</property>
    <!-- Thread Pool Related Properties -->
    <property key="minThread">8</property>
    <property key="maxThread">100</property>
    <property key="keepAliveTimeInMillis">20000</property>
    <property key="jobQueueSize">10000</property>
</adapterConfig>

Using Email Address as the Username, Optionally, you can configure the WSO2 IS to send an email to the user's email address when  See the section on monitoring the WSO2 Identity Server in the WSO2 Identity Server guide for more information on how to use the statistics feature. Monitoring using WSO2 metrics WSO2 IS 5.3.0 is shipped with JVM Metrics, which allows you to monitor statistics of your server using Java Metrics.


I solved this issue by

  1. Turn on less secure app to use Gmail in Gmail accout
  2. make sure the user name and from address you use for SMTP config in WSO2IS is same 1:e.,

    <parameter name="mail.smtp.from">xyz@gmail.com</parameter>

    <parameter name="mail.smtp.user">xyz@gmail.com</parameter>

User Account Locking and Account Disabling, The WSO2 Identity Server supports self-registration and allows a user to register their own Configure the following email settings in the  Configuring the Office365 App. Log on to the Microsoft Azure Management portal with your existing Azure credentials. Select the Active Directory node, then select the Directory tab and, at the bottom of the screen, select New . On the New menu, select Active Directory > Directory > Custom Create .


Self Sign Up and Account Confirmation, Therefore, you need to configure your account to disable this restriction, as WSO2 IS acts as a third-party application when sending emails to  Follow the steps below to configure WSO2 Identity Server to enable password reset via email notifications. Open the deployment.toml file in the <IS_HOME>/repository/conf directory. Check whether the following listener configs are in place.


Creating Users Using the Ask Password Option, The WSO2 Identity Server allows you to set up account suspension to lock Comment mail.smtp.user and mail.smtp.password properties to  Extract the archive file to a dedicated directory for the Identity Server, which will hereafter be referred to as <IS_HOME>. Set the CARBON_HOME environment variable by pointing it to the directory where you download WSO2 Identity Server into.


User Account Suspension - Identity Server 5.3.0, Since moving to WSO2 Identity Server 5.3.0 onwards, a lot of things has changed​. Using the Axis2 layer to configure email support became a  WSO2 Identity Server requires an Oracle JDK 11 or JDK 8 compliant JDK. This will run on most common platforms that support Java 11 or Java 8..; All WSO2 Carbon-based products are generally compatible with most common DBMSs.