Page Comparison

...

...

...

...

This page is currently under construction.

Account locking is a security feature in Identity Server that prevents users from logging in to their account and from authenticating themselves using their IS account. A user account can be locked in one of the following ways:

...

1. Configure the Authentication.Policy.Account.Lock.Time property in the <IS_HOME>/repository/conf/identity/identity-mgt.properties file. As mentioned in the above table, the value refers to the number of minutes that the account is locked for, after which, authentication can be attempted again. 

   Code Block
   language xml
   Authentication.Policy.Account.Lock.Time=5

    

    

   Info
   If the lock time is set to 0, the account has to be unlocked by an admin user. For more information about this, see Account locking by an administrative user.

...

1. Start the IS server if you haven't already and log in to the management console using admin credentials.
2. Navigate to Claims>List on the Configure menu and select the http://wso2.org/claims claim dialect. For more information about claims, see Claim Management. 
3. Select the Account Locked claim and click Edit.
   
   
4. Select the "Supported by Default" checkbox and click Update. This is done to make the "Account Locked" status appear in the user's profile. 
5. Navigate to Users and Roles>List>Users on the Main menu and click on User Profile of the user you want to lock. 
6. If it is the first time this particular account is being locked, a textbox will appear in front of the Account Locked field as seen below. To lock the account, type true in the textbox and click Update.

...

The Identity Server can be configured to send an email notification to the user when a user account is unlocked by an admin user. Following are the required configurations.Follow the steps below to configure this. 

1. Configure the following parameters in the <IS_HOME>/repository/conf/identity/identity-mgt.properties file.

Notification.Sending.Enable=true
Notification.Expire.Time=7200
Notification.Sending.Internally.Managed=true

Detailed description of the above properties can be found at the end of this page.For more information on these properties, see this table. 

2. Navigate to the <IS_HOME>/repository/conf/axis2/axis2.xml file and uncomment the following property. Change the parameter values according to your email (see the second code block below for an example of this).  

<!--<transportSender name="mailto"

...

class="org.apache.axis2.transport.mail.MailTransportSender">

...

e.g.:

<transportSender name="mailto"
class="org.apache.axis2.transport.mail.MailTransportSender">
    <parameter name="mail.smtp.from">sampleemail@gmail.com</parameter>
    <parameter name="mail.smtp.user">sampleemail</parameter>
    <parameter name="mail.smtp.password">password</parameter>
    <parameter name="mail.smtp.host">smtp.gmail.com</parameter>
    <parameter name="mail.smtp.port">587</parameter>
    <parameter name="mail.smtp.starttls.enable">true</parameter>
    <parameter name="mail.smtp.auth">true</parameter>
</transportSender>

...

...

By default, IS stores these claim values in the JDBC datasource configured in the identity.xml file. If needed, you can configure IS to store the claim values in the userstore as well. For that, open the <IS_HOME>/repository/conf/identity/identity-mgt.properties file and change the Identity.Mgt.User.Data.Store property to the datastore you have configured. The default value org.wso2.carbon.identity.mgt.store. JDBCIdentityDataStore is the Identity datasource. Changing the store to UserStoreBasedIdentityDataStore ensures that identity claims are stored in the userstore. The following is the configuration that does this.

...