Professional Documents
Culture Documents
WSO2 IS Configurations
1. Open the deployment.toml file in the <IS_HOME>/repository/conf directory
[event.default_listener.identity_mgt]
priority= "50"
enable = false
[event.default_listener.governance_identity_mgt]
priority= "95"
enable = true
[event.default_listener.governance_identity_store]
priority= "97"
enable = true
3. Configure the following email settings in the deployment.toml file. Refer this for
more information.
[output_adapter.email]
from_address= ""
username= ""
password= ""
hostname= "smtp.gmail.com"
port= 587
enable_start_tls= true
enable_authentication= true
5. Log into the management console, and give admin as both the username and the
password.
6. Create a user.
● On the Main tab click on Identity -> Users and Roles -> Add.
username= tom
password= tom123
Setting up
1. Click on Main > Identity > Identity Providers > Resident > Account
Management > Account Recovery.
3. Click Update.
Try It
1. Go to my account. Click forgot password.
2. Enter the user's username and select Recover with Email. Click Submit.
3. An email notification is sent to the user's email address. Click on the Reset
Password button in the email.
Setting up:
1. Click on Main > Identity > Identity Providers > Resident > Account
Management > Account Recovery.
4. Click Update
5. Sign in to my account as Tom.
9. Click save.
Try It:
1. Go to my account.
6. Once you enter the correct answers, you will be prompted with the reset
password form.
7. Enter the new password and confirm it.
8. Click Submit and you will receive a message on successfully resetting it.
Username Recovery
Introduction:
When a user forgets his username, there should be a way to recover his username.
WSO2 Identity Server helps to recover the username via email.
Setting up:
2. Expand the Account Management tab, then the Account Recovery tab.
4. Click Update.
Try It:
1. Go to my account.
3. Enter the required fields (Default tenant domain is carbon.super) and click
Submit.
4. An email notification will be sent to the user's email address with the recovered
username. We can customize the email template as well.
Account Locking and Disabling
Introduction
Account locking and disabling are some security features in WSO2 Identity Server. The
account locking feature is used to temporarily block a user from logging in, and Account
disabling is a more of a long-term security measure, which disables the account for a
significant amount of time.
4. Click update.
5. Go to Main > Identity > Claims > List and select the http://wso2.org/claims
claim dialect.
2. Go to the user you want to lock and click on the User Profile.
3. Update the mandatory requirements such as first name, last name, and email.
1. Go to Main > Identity > Identity Providers > Resident > Login Attempts
Security.
3. Specify Maximum failed login attempts and account unlock time as follows.
4. Click Update.
Try It:
1. Go to my account, and try to login giving wrong passwords more than 3 times.
2. Now try to login using actual credentials. Now your login attempt will fail.
3. An email that informs about the account locking is sent to the given email
address.
4. Wait for 15 minutes and try to log in again with the correct credentials. The
WSO2 Identity Server Dashboard home screen appears.
Account Disabling
Setting up:
1. Go to Main > Identity > Identity Providers > Resident > Account
Management.
4. Click Update.
5. Go to Main > Identity > Claims > List and select the http://wso2.org/claims
claim dialect.
Try It:
1. Create a user.
2. Navigate to Main > Identity > Users and Roles > Lists > Users. Now all the
users will be listed.
3. Go to the user you want to lock and click on the User Profile.
4. Update the mandatory requirements such as first name, last name, and email.
6. Click update.
Password Patterns
Introduction
Password Patterns Policy helps to customize the pattern of users’ passwords. Using
this feature, organizations can enforce the users about the minimum length, maximum
length, and regex patterns of passwords.
Setting up:
1. Go to Main > Identity > Identity Providers > Resident.
3. Select Validate passwords based on a policy pattern checkbox and edit the
features such as minimum length, maximum length, regex format, and error
message.
4. Click on the update button.
Try It:
1. Access the WSO2 Identity Server dashboard using the following link: my account
3. Enter the user's username, select Recover with Email, and then click Submit.
4. An email notification is sent to the user's email address. Click on the Reset
Password button given on the email.
5. Enter a password which violates the password patterns specified. It will give the
error specified.
Password History
Introduction
This feature helps to prevent the users from configuring the passwords that were used
in the recent past. For example, if you configure a count of 2 passwords, users will be
prevented from reusing their last 2 passwords as the current password.
Setting up:
1. Go to Main > Identity > Identity Providers > Resident.
3. Click on Validate password history and you can configure Password History
validation to count the features you require here.
Try It:
1. Create a user using the management console. Ensure that the user has login
permissions.
2. Edit the user profile and enter an email address for the user. The email
notification for password recovery is sent to the email address given.
3. Access the WSO2 Identity Server dashboard using the following link: my account
5. Enter the user's username, select Recover with Email, and then click Submit.
6. An email notification is sent to the user's email address. Click on the Reset
Password button given on the email.
7. Enter the old password again as the new password and click Submit. You will
be asked to use a different password as it was used previously.